AWS eks documentation change
Summary
Removed all Kubernetes 1.24 AMI version tables and associated release notes from multiple sections, including references to CVE patches (CVE-2024-5321, CVE-2023-5528, CVE-2023-3676, CVE-2023-3893, CVE-2023-3955)
Security assessment
While the removed content included historical references to security patches, the change itself represents documentation cleanup/removal rather than addressing a new security issue. No evidence suggests this deletion fixes an active vulnerability or exposes new risks.
Diff
diff --git a/eks/latest/userguide/eks-ami-versions-windows.md b/eks/latest/userguide/eks-ami-versions-windows.md index 270163ba9..26dabb605 100644 --- a//eks/latest/userguide/eks-ami-versions-windows.md +++ b//eks/latest/userguide/eks-ami-versions-windows.md @@ -229,37 +228,0 @@ AMI version | kubelet version | containerd version | csi-proxy version | Release -**Kubernetes version 1.24** - - -AMI version | kubelet version | containerd version | csi-proxy version | Release notes ----|---|---|---|--- -`1.24-2025-01-15` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.12.11` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.11.12` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.10.08` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.09.10` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.08.13` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.07.10` | `1.24.17` | `1.7.11` | `1.1.2` | Includes patches for `CVE-2024-5321`. -`1.24-2024.06.17` | `1.24.17` | `1.7.11` | `1.1.2` | Upgraded `containerd` to `1.7.11`. -`1.24-2024.05.14` | `1.24.17` | `1.6.28` | `1.1.2` | Upgraded `containerd` to `1.6.28`. -`1.24-2024.04.09` | `1.24.17` | `1.6.25` | `1.1.2` | Upgraded `containerd` to `1.6.25`. Rebuilt CNI and `csi-proxy` using `golang 1.22.1`. -`1.24-2024.03.12` | `1.24.17` | `1.6.18` | `1.1.2` | -`1.24-2024.02.13` | `1.24.17` | `1.6.18` | `1.1.2` | -`1.24-2024.01.11` | `1.24.17` | `1.6.18` | `1.1.2` | Excluded Standalone Windows Update [KB5034439](https://support.microsoft.com/en-au/topic/kb5034439-windows-recovery-environment-update-for-azure-stack-hci-version-22h2-and-windows-server-2022-january-9-2024-6f9d26e6-784c-4503-a3c6-0beedda443ca) on Windows Server 2022 Core AMIs. The KB applies only to Windows installations with a separate WinRE partition, which aren’t included with any of our Amazon EKS Optimized Windows AMIs. -`1.24-2023.12.12` | `1.24.17` | `1.6.18` | `1.1.2` | -`1.24-2023.11.14` | `1.24.17` | `1.6.18` | `1.1.2` | Includes patches for `CVE-2023-5528`. -`1.24-2023.10.19` | `1.24.17` | `1.6.18` | `1.1.2` | Upgraded `containerd` to `1.6.18`. Upgraded `kubelet` to `1.24.17`. Added new [bootstrap script environment variables](./eks-optimized-windows-ami.html#bootstrap-script-configuration-parameters) (`SERVICE_IPV4_CIDR` and `EXCLUDED_SNAT_CIDRS`). -`1.24-2023.09.12` | `1.24.16` | `1.6.6` | `1.1.2` | Upgraded the Amazon VPC CNI plugin to use the Kubernetes connector binary, which gets the Pod IP address from the Kubernetes API server. Merged [pull request #100](https://github.com/aws/amazon-vpc-cni-plugins/pull/100). -`1.24-2023.08.17` | `1.24.16` | `1.6.6` | `1.1.2` | Includes patches for `CVE-2023-3676`, `CVE-2023-3893`, and `CVE-2023-3955`. -`1.24-2023.08.08` | `1.24.13` | `1.6.6` | `1.1.1` | -`1.24-2023.07.11` | `1.24.13` | `1.6.6` | `1.1.1` | -`1.24-2023.06.20` | `1.24.13` | `1.6.6` | `1.1.1` | Resolved issue that was causing the DNS suffix search list to be incorrectly populated. -`1.24-2023.06.14` | `1.24.13` | `1.6.6` | `1.1.1` | Upgraded Kubernetes to `1.24.13`. Added support for host port mapping in CNI. Merged [pull request #93](https://github.com/aws/amazon-vpc-cni-plugins/pull/93). -`1.24-2023.05.09` | `1.24.7` | `1.6.6` | `1.1.1` | Fixed a bug causing network connectivity [issue #1126](https://github.com/aws/containers-roadmap/issues/1126) on pods after node restart. Introduced a new [bootstrap script configuration parameter](./eks-optimized-windows-ami.html#bootstrap-script-configuration-parameters) (`ExcludedSnatCIDRs`). -`1.24-2023.04.11` | `1.24.7` | `1.6.6` | `1.1.1` | Added recovery mechanism for `kubelet` and `kube-proxy` on service crash. -`1.24-2023.03.27` | `1.24.7` | `1.6.6` | `1.1.1` | Installed a [domainless gMSA plugin](https://aws.amazon.com/blogs/containers/domainless-windows-authentication-for-amazon-eks-windows-pods) to facilitate gMSA authentication for Windows containers on Amazon EKS. -`1.24-2023.03.20` | `1.24.7` | `1.6.6` | `1.1.1` | Kubernetes version downgraded to `1.24.7` because `1.24.10` has a reported issue in `kube-proxy`. -`1.24-2023.02.14` | `1.24.10` | `1.6.6` | `1.1.1` | -`1.24-2023.01.23` | `1.24.7` | `1.6.6` | `1.1.1` | -`1.24-2023.01.11` | `1.24.7` | `1.6.6` | `1.1.1` | -`1.24-2022.12.13` | `1.24.7` | `1.6.6` | `1.1.1` | -`1.24-2022.10.11` | `1.24.7` | `1.6.6` | `1.1.1` | - @@ -465,37 +427,0 @@ AMI version | kubelet version | containerd version | csi-proxy version | Release -**Kubernetes version 1.24** - - -AMI version | kubelet version | containerd version | csi-proxy version | Release notes ----|---|---|---|--- -`1.24-2025-01-15` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.12.11` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.11.12` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.10.08` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.09.10` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.08.13` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.07.10` | `1.24.17` | `1.7.11` | `1.1.2` | Includes patches for `CVE-2024-5321`. -`1.24-2024.06.17` | `1.24.17` | `1.7.11` | `1.1.2` | Upgraded `containerd` to `1.7.11`. -`1.24-2024.05.14` | `1.24.17` | `1.6.28` | `1.1.2` | Upgraded `containerd` to `1.6.28`. -`1.24-2024.04.09` | `1.24.17` | `1.6.25` | `1.1.2` | Upgraded `containerd` to `1.6.25`. Rebuilt CNI and `csi-proxy` using `golang 1.22.1`. -`1.24-2024.03.12` | `1.24.17` | `1.6.18` | `1.1.2` | -`1.24-2024.02.13` | `1.24.17` | `1.6.18` | `1.1.2` | -`1.24-2024.01.09` | `1.24.17` | `1.6.18` | `1.1.2` | -`1.24-2023.12.12` | `1.24.17` | `1.6.18` | `1.1.2` | -`1.24-2023.11.14` | `1.24.17` | `1.6.18` | `1.1.2` | Includes patches for `CVE-2023-5528`. -`1.24-2023.10.19` | `1.24.17` | `1.6.18` | `1.1.2` | Upgraded `containerd` to `1.6.18`. Upgraded `kubelet` to `1.24.17`. Added new [bootstrap script environment variables](./eks-optimized-windows-ami.html#bootstrap-script-configuration-parameters) (`SERVICE_IPV4_CIDR` and `EXCLUDED_SNAT_CIDRS`). -`1.24-2023.09.12` | `1.24.16` | `1.6.6` | `1.1.2` | Upgraded the Amazon VPC CNI plugin to use the Kubernetes connector binary, which gets the Pod IP address from the Kubernetes API server. Merged [pull request #100](https://github.com/aws/amazon-vpc-cni-plugins/pull/100). -`1.24-2023.08.17` | `1.24.16` | `1.6.6` | `1.1.2` | Includes patches for `CVE-2023-3676`, `CVE-2023-3893`, and `CVE-2023-3955`. -`1.24-2023.08.08` | `1.24.13` | `1.6.6` | `1.1.1` | -`1.24-2023.07.11` | `1.24.13` | `1.6.6` | `1.1.1` | -`1.24-2023.06.20` | `1.24.13` | `1.6.6` | `1.1.1` | Resolved issue that was causing the DNS suffix search list to be incorrectly populated. -`1.24-2023.06.14` | `1.24.13` | `1.6.6` | `1.1.1` | Upgraded Kubernetes to `1.24.13`. Added support for host port mapping in CNI. Merged [pull request #93](https://github.com/aws/amazon-vpc-cni-plugins/pull/93). -`1.24-2023.05.09` | `1.24.7` | `1.6.6` | `1.1.1` | Fixed a bug causing network connectivity [issue #1126](https://github.com/aws/containers-roadmap/issues/1126) on pods after node restart. Introduced a new [bootstrap script configuration parameter](./eks-optimized-windows-ami.html#bootstrap-script-configuration-parameters) (`ExcludedSnatCIDRs`). -`1.24-2023.04.11` | `1.24.7` | `1.6.6` | `1.1.1` | Added recovery mechanism for `kubelet` and `kube-proxy` on service crash. -`1.24-2023.03.27` | `1.24.7` | `1.6.6` | `1.1.1` | Installed a [domainless gMSA plugin](https://aws.amazon.com/blogs/containers/domainless-windows-authentication-for-amazon-eks-windows-pods) to facilitate gMSA authentication for Windows containers on Amazon EKS. -`1.24-2023.03.20` | `1.24.7` | `1.6.6` | `1.1.1` | Kubernetes version downgraded to `1.24.7` because `1.24.10` has a reported issue in `kube-proxy`. -`1.24-2023.02.14` | `1.24.10` | `1.6.6` | `1.1.1` | -`1.24-2023.01.23` | `1.24.7` | `1.6.6` | `1.1.1` | -`1.24-2023.01.11` | `1.24.7` | `1.6.6` | `1.1.1` | -`1.24-2022.12.14` | `1.24.7` | `1.6.6` | `1.1.1` | -`1.24-2022.10.11` | `1.24.7` | `1.6.6` | `1.1.1` | - @@ -701,37 +626,0 @@ AMI version | kubelet version | containerd version | csi-proxy version | Release -**Kubernetes version 1.24** - - -AMI version | kubelet version | containerd version | csi-proxy version | Release notes ----|---|---|---|--- -`1.24-2025-01-15` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.12.11` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.11.12` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.10.08` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.09.10` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.08.13` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.07.10` | `1.24.17` | `1.7.11` | `1.1.2` | Includes patches for `CVE-2024-5321`. -`1.24-2024.06.17` | `1.24.17` | `1.7.11` | `1.1.2` | Upgraded `containerd` to `1.7.11`. -`1.24-2024.05.14` | `1.24.17` | `1.6.28` | `1.1.2` | Upgraded `containerd` to `1.6.28`. -`1.24-2024.04.09` | `1.24.17` | `1.6.25` | `1.1.2` | Upgraded `containerd` to `1.6.25`. Rebuilt CNI and `csi-proxy` using `golang 1.22.1`. -`1.24-2024.03.13` | `1.24.17` | `1.6.18` | `1.1.2` | -`1.24-2024.02.13` | `1.24.17` | `1.6.18` | `1.1.2` | -`1.24-2024.01.09` | `1.24.17` | `1.6.18` | `1.1.2` | -`1.24-2023.12.12` | `1.24.17` | `1.6.18` | `1.1.2` | -`1.24-2023.11.14` | `1.24.17` | `1.6.18` | `1.1.2` | Includes patches for `CVE-2023-5528`. -`1.24-2023.10.19` | `1.24.17` | `1.6.18` | `1.1.2` | Upgraded `containerd` to `1.6.18`. Upgraded `kubelet` to `1.24.17`. Added new [bootstrap script environment variables](./eks-optimized-windows-ami.html#bootstrap-script-configuration-parameters) (`SERVICE_IPV4_CIDR` and `EXCLUDED_SNAT_CIDRS`). -`1.24-2023.09.12` | `1.24.16` | `1.6.6` | `1.1.2` | Upgraded the Amazon VPC CNI plugin to use the Kubernetes connector binary, which gets the Pod IP address from the Kubernetes API server. Merged [pull request #100](https://github.com/aws/amazon-vpc-cni-plugins/pull/100). -`1.24-2023.08.17` | `1.24.16` | `1.6.6` | `1.1.2` | Includes patches for `CVE-2023-3676`, `CVE-2023-3893`, and `CVE-2023-3955`. -`1.24-2023.08.08` | `1.24.13` | `1.6.6` | `1.1.1` | -`1.24-2023.07.11` | `1.24.13` | `1.6.6` | `1.1.1` | -`1.24-2023.06.20` | `1.24.13` | `1.6.6` | `1.1.1` | Resolved issue that was causing the DNS suffix search list to be incorrectly populated. -`1.24-2023.06.14` | `1.24.13` | `1.6.6` | `1.1.1` | Upgraded Kubernetes to `1.24.13`. Added support for host port mapping in CNI. Merged [pull request #93](https://github.com/aws/amazon-vpc-cni-plugins/pull/93). -`1.24-2023.05.09` | `1.24.7` | `1.6.6` | `1.1.1` | Fixed a bug causing network connectivity [issue #1126](https://github.com/aws/containers-roadmap/issues/1126) on pods after node restart. Introduced a new [bootstrap script configuration parameter](./eks-optimized-windows-ami.html#bootstrap-script-configuration-parameters) (`ExcludedSnatCIDRs`). -`1.24-2023.04.11` | `1.24.7` | `1.6.6` | `1.1.1` | Added recovery mechanism for `kubelet` and `kube-proxy` on service crash. -`1.24-2023.03.27` | `1.24.7` | `1.6.6` | `1.1.1` | Installed a [domainless gMSA plugin](https://aws.amazon.com/blogs/containers/domainless-windows-authentication-for-amazon-eks-windows-pods) to facilitate gMSA authentication for Windows containers on Amazon EKS. -`1.24-2023.03.20` | `1.24.7` | `1.6.6` | `1.1.1` | Kubernetes version downgraded to `1.24.7` because `1.24.10` has a reported issue in `kube-proxy`. -`1.24-2023.02.14` | `1.24.10` | `1.6.6` | `1.1.1` | -`1.24-2023.01.23` | `1.24.7` | `1.6.6` | `1.1.1` | -`1.24-2023.01.11` | `1.24.7` | `1.6.6` | `1.1.1` | -`1.24-2022.12.13` | `1.24.7` | `1.6.6` | `1.1.1` | -`1.24-2022.11.08` | `1.24.7` | `1.6.6` | `1.1.1` | - @@ -937,37 +825,0 @@ AMI version | kubelet version | containerd version | csi-proxy version | Release -**Kubernetes version 1.24** - - -AMI version | kubelet version | containerd version | csi-proxy version | Release notes ----|---|---|---|--- -`1.24-2025-01-15` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.12.11` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.11.12` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.10.08` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.09.10` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.08.13` | `1.24.17` | `1.7.14` | `1.1.3` | -`1.24-2024.07.10` | `1.24.17` | `1.7.11` | `1.1.2` | Includes patches for `CVE-2024-5321`. -`1.24-2024.06.17` | `1.24.17` | `1.7.11` | `1.1.2` | Upgraded `containerd` to `1.7.11`. -`1.24-2024.05.14` | `1.24.17` | `1.6.28` | `1.1.2` | Upgraded `containerd` to `1.6.28`. -`1.24-2024.04.09` | `1.24.17` | `1.6.25` | `1.1.2` | Upgraded `containerd` to `1.6.25`. Rebuilt CNI and `csi-proxy` using `golang 1.22.1`. -`1.24-2024.03.13` | `1.24.17` | `1.6.18` | `1.1.2` | -`1.24-2024.02.13` | `1.24.17` | `1.6.18` | `1.1.2` | -`1.24-2024.01.09` | `1.24.17` | `1.6.18` | `1.1.2` | -`1.24-2023.12.12` | `1.24.17` | `1.6.18` | `1.1.2` | -`1.24-2023.11.14` | `1.24.17` | `1.6.18` | `1.1.2` | Includes patches for `CVE-2023-5528`. -`1.24-2023.10.19` | `1.24.17` | `1.6.18` | `1.1.2` | Upgraded `containerd` to `1.6.18`. Upgraded `kubelet` to `1.24.17`. Added new [bootstrap script environment variables](./eks-optimized-windows-ami.html#bootstrap-script-configuration-parameters) (`SERVICE_IPV4_CIDR` and `EXCLUDED_SNAT_CIDRS`). -`1.24-2023.09.12` | `1.24.16` | `1.6.6` | `1.1.2` | Upgraded the Amazon VPC CNI plugin to use the Kubernetes connector binary, which gets the Pod IP address from the Kubernetes API server. Merged [pull request #100](https://github.com/aws/amazon-vpc-cni-plugins/pull/100). -`1.24-2023.08.17` | `1.24.16` | `1.6.6` | `1.1.2` | Includes patches for `CVE-2023-3676`, `CVE-2023-3893`, and `CVE-2023-3955`. -`1.24-2023.08.08` | `1.24.13` | `1.6.6` | `1.1.1` | -`1.24-2023.07.11` | `1.24.13` | `1.6.6` | `1.1.1` | -`1.24-2023.06.21` | `1.24.13` | `1.6.6` | `1.1.1` | Resolved issue that was causing the DNS suffix search list to be incorrectly populated. -`1.24-2023.06.14` | `1.24.13` | `1.6.6` | `1.1.1` | Upgraded Kubernetes to `1.24.13`. Added support for host port mapping in CNI. Merged [pull request #93](https://github.com/aws/amazon-vpc-cni-plugins/pull/93). -`1.24-2023.05.09` | `1.24.7` | `1.6.6` | `1.1.1` | Fixed a bug causing network connectivity [issue #1126](https://github.com/aws/containers-roadmap/issues/1126) on pods after node restart. Introduced a new [bootstrap script configuration parameter](./eks-optimized-windows-ami.html#bootstrap-script-configuration-parameters) (`ExcludedSnatCIDRs`). -`1.24-2023.04.11` | `1.24.7` | `1.6.6` | `1.1.1` | Added recovery mechanism for `kubelet` and `kube-proxy` on service crash. -`1.24-2023.03.27` | `1.24.7` | `1.6.6` | `1.1.1` | Installed a [domainless gMSA plugin](https://aws.amazon.com/blogs/containers/domainless-windows-authentication-for-amazon-eks-windows-pods) to facilitate gMSA authentication for Windows containers on Amazon EKS. -`1.24-2023.03.20` | `1.24.7` | `1.6.6` | `1.1.1` | Kubernetes version downgraded to `1.24.7` because `1.24.10` has a reported issue in `kube-proxy`. -`1.24-2023.02.14` | `1.24.10` | `1.6.6` | `1.1.1` | -`1.24-2023.01.23` | `1.24.7` | `1.6.6` | `1.1.1` | -`1.24-2023.01.11` | `1.24.7` | `1.6.6` | `1.1.1` | -`1.24-2022.12.14` | `1.24.7` | `1.6.6` | `1.1.1` | -`1.24-2022.10.12` | `1.24.7` | `1.6.6` | `1.1.1` | -