AWS Security ChangesHomeSearch

AWS eks documentation change

Service: eks · 2025-04-18 · Documentation low

File: eks/latest/userguide/eks-ami-versions-windows.md

Summary

Removed all Kubernetes 1.24 AMI version tables and associated release notes from multiple sections, including references to CVE patches (CVE-2024-5321, CVE-2023-5528, CVE-2023-3676, CVE-2023-3893, CVE-2023-3955)

Security assessment

While the removed content included historical references to security patches, the change itself represents documentation cleanup/removal rather than addressing a new security issue. No evidence suggests this deletion fixes an active vulnerability or exposes new risks.

Diff

diff --git a/eks/latest/userguide/eks-ami-versions-windows.md b/eks/latest/userguide/eks-ami-versions-windows.md
index 270163ba9..26dabb605 100644
--- a//eks/latest/userguide/eks-ami-versions-windows.md
+++ b//eks/latest/userguide/eks-ami-versions-windows.md
@@ -229,37 +228,0 @@ AMI version | kubelet version | containerd version | csi-proxy version | Release
-**Kubernetes version 1.24**
-    
-
-AMI version | kubelet version | containerd version | csi-proxy version | Release notes  
----|---|---|---|---  
-`1.24-2025-01-15` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.12.11` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.11.12` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.10.08` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.09.10` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.08.13` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.07.10` |  `1.24.17` |  `1.7.11` |  `1.1.2` |  Includes patches for `CVE-2024-5321`.  
-`1.24-2024.06.17` |  `1.24.17` |  `1.7.11` |  `1.1.2` |  Upgraded `containerd` to `1.7.11`.  
-`1.24-2024.05.14` |  `1.24.17` |  `1.6.28` |  `1.1.2` |  Upgraded `containerd` to `1.6.28`.  
-`1.24-2024.04.09` |  `1.24.17` |  `1.6.25` |  `1.1.2` |  Upgraded `containerd` to `1.6.25`. Rebuilt CNI and `csi-proxy` using `golang 1.22.1`.  
-`1.24-2024.03.12` |  `1.24.17` |  `1.6.18` |  `1.1.2` |   
-`1.24-2024.02.13` |  `1.24.17` |  `1.6.18` |  `1.1.2` |   
-`1.24-2024.01.11` |  `1.24.17` |  `1.6.18` |  `1.1.2` |  Excluded Standalone Windows Update [KB5034439](https://support.microsoft.com/en-au/topic/kb5034439-windows-recovery-environment-update-for-azure-stack-hci-version-22h2-and-windows-server-2022-january-9-2024-6f9d26e6-784c-4503-a3c6-0beedda443ca) on Windows Server 2022 Core AMIs. The KB applies only to Windows installations with a separate WinRE partition, which aren’t included with any of our Amazon EKS Optimized Windows AMIs.  
-`1.24-2023.12.12` |  `1.24.17` |  `1.6.18` |  `1.1.2` |   
-`1.24-2023.11.14` |  `1.24.17` |  `1.6.18` |  `1.1.2` |  Includes patches for `CVE-2023-5528`.  
-`1.24-2023.10.19` |  `1.24.17` |  `1.6.18` |  `1.1.2` |  Upgraded `containerd` to `1.6.18`. Upgraded `kubelet` to `1.24.17`. Added new [bootstrap script environment variables](./eks-optimized-windows-ami.html#bootstrap-script-configuration-parameters) (`SERVICE_IPV4_CIDR` and `EXCLUDED_SNAT_CIDRS`).  
-`1.24-2023.09.12` |  `1.24.16` |  `1.6.6` |  `1.1.2` |  Upgraded the Amazon VPC CNI plugin to use the Kubernetes connector binary, which gets the Pod IP address from the Kubernetes API server. Merged [pull request #100](https://github.com/aws/amazon-vpc-cni-plugins/pull/100).  
-`1.24-2023.08.17` |  `1.24.16` |  `1.6.6` |  `1.1.2` |  Includes patches for `CVE-2023-3676`, `CVE-2023-3893`, and `CVE-2023-3955`.  
-`1.24-2023.08.08` |  `1.24.13` |  `1.6.6` |  `1.1.1` |   
-`1.24-2023.07.11` |  `1.24.13` |  `1.6.6` |  `1.1.1` |   
-`1.24-2023.06.20` |  `1.24.13` |  `1.6.6` |  `1.1.1` |  Resolved issue that was causing the DNS suffix search list to be incorrectly populated.  
-`1.24-2023.06.14` |  `1.24.13` |  `1.6.6` |  `1.1.1` |  Upgraded Kubernetes to `1.24.13`. Added support for host port mapping in CNI. Merged [pull request #93](https://github.com/aws/amazon-vpc-cni-plugins/pull/93).  
-`1.24-2023.05.09` |  `1.24.7` |  `1.6.6` |  `1.1.1` |  Fixed a bug causing network connectivity [issue #1126](https://github.com/aws/containers-roadmap/issues/1126) on pods after node restart. Introduced a new [bootstrap script configuration parameter](./eks-optimized-windows-ami.html#bootstrap-script-configuration-parameters) (`ExcludedSnatCIDRs`).  
-`1.24-2023.04.11` |  `1.24.7` |  `1.6.6` |  `1.1.1` |  Added recovery mechanism for `kubelet` and `kube-proxy` on service crash.  
-`1.24-2023.03.27` |  `1.24.7` |  `1.6.6` |  `1.1.1` |  Installed a [domainless gMSA plugin](https://aws.amazon.com/blogs/containers/domainless-windows-authentication-for-amazon-eks-windows-pods) to facilitate gMSA authentication for Windows containers on Amazon EKS.  
-`1.24-2023.03.20` |  `1.24.7` |  `1.6.6` |  `1.1.1` |  Kubernetes version downgraded to `1.24.7` because `1.24.10` has a reported issue in `kube-proxy`.  
-`1.24-2023.02.14` |  `1.24.10` |  `1.6.6` |  `1.1.1` |   
-`1.24-2023.01.23` |  `1.24.7` |  `1.6.6` |  `1.1.1` |   
-`1.24-2023.01.11` |  `1.24.7` |  `1.6.6` |  `1.1.1` |   
-`1.24-2022.12.13` |  `1.24.7` |  `1.6.6` |  `1.1.1` |   
-`1.24-2022.10.11` |  `1.24.7` |  `1.6.6` |  `1.1.1` |   
-  
@@ -465,37 +427,0 @@ AMI version | kubelet version | containerd version | csi-proxy version | Release
-**Kubernetes version 1.24**
-    
-
-AMI version | kubelet version | containerd version | csi-proxy version | Release notes  
----|---|---|---|---  
-`1.24-2025-01-15` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.12.11` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.11.12` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.10.08` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.09.10` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.08.13` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.07.10` |  `1.24.17` |  `1.7.11` |  `1.1.2` |  Includes patches for `CVE-2024-5321`.  
-`1.24-2024.06.17` |  `1.24.17` |  `1.7.11` |  `1.1.2` |  Upgraded `containerd` to `1.7.11`.  
-`1.24-2024.05.14` |  `1.24.17` |  `1.6.28` |  `1.1.2` |  Upgraded `containerd` to `1.6.28`.  
-`1.24-2024.04.09` |  `1.24.17` |  `1.6.25` |  `1.1.2` |  Upgraded `containerd` to `1.6.25`. Rebuilt CNI and `csi-proxy` using `golang 1.22.1`.  
-`1.24-2024.03.12` |  `1.24.17` |  `1.6.18` |  `1.1.2` |   
-`1.24-2024.02.13` |  `1.24.17` |  `1.6.18` |  `1.1.2` |   
-`1.24-2024.01.09` |  `1.24.17` |  `1.6.18` |  `1.1.2` |   
-`1.24-2023.12.12` |  `1.24.17` |  `1.6.18` |  `1.1.2` |   
-`1.24-2023.11.14` |  `1.24.17` |  `1.6.18` |  `1.1.2` |  Includes patches for `CVE-2023-5528`.  
-`1.24-2023.10.19` |  `1.24.17` |  `1.6.18` |  `1.1.2` |  Upgraded `containerd` to `1.6.18`. Upgraded `kubelet` to `1.24.17`. Added new [bootstrap script environment variables](./eks-optimized-windows-ami.html#bootstrap-script-configuration-parameters) (`SERVICE_IPV4_CIDR` and `EXCLUDED_SNAT_CIDRS`).  
-`1.24-2023.09.12` |  `1.24.16` |  `1.6.6` |  `1.1.2` |  Upgraded the Amazon VPC CNI plugin to use the Kubernetes connector binary, which gets the Pod IP address from the Kubernetes API server. Merged [pull request #100](https://github.com/aws/amazon-vpc-cni-plugins/pull/100).  
-`1.24-2023.08.17` |  `1.24.16` |  `1.6.6` |  `1.1.2` |  Includes patches for `CVE-2023-3676`, `CVE-2023-3893`, and `CVE-2023-3955`.  
-`1.24-2023.08.08` |  `1.24.13` |  `1.6.6` |  `1.1.1` |   
-`1.24-2023.07.11` |  `1.24.13` |  `1.6.6` |  `1.1.1` |   
-`1.24-2023.06.20` |  `1.24.13` |  `1.6.6` |  `1.1.1` |  Resolved issue that was causing the DNS suffix search list to be incorrectly populated.  
-`1.24-2023.06.14` |  `1.24.13` |  `1.6.6` |  `1.1.1` |  Upgraded Kubernetes to `1.24.13`. Added support for host port mapping in CNI. Merged [pull request #93](https://github.com/aws/amazon-vpc-cni-plugins/pull/93).  
-`1.24-2023.05.09` |  `1.24.7` |  `1.6.6` |  `1.1.1` |  Fixed a bug causing network connectivity [issue #1126](https://github.com/aws/containers-roadmap/issues/1126) on pods after node restart. Introduced a new [bootstrap script configuration parameter](./eks-optimized-windows-ami.html#bootstrap-script-configuration-parameters) (`ExcludedSnatCIDRs`).  
-`1.24-2023.04.11` |  `1.24.7` |  `1.6.6` |  `1.1.1` |  Added recovery mechanism for `kubelet` and `kube-proxy` on service crash.  
-`1.24-2023.03.27` |  `1.24.7` |  `1.6.6` |  `1.1.1` |  Installed a [domainless gMSA plugin](https://aws.amazon.com/blogs/containers/domainless-windows-authentication-for-amazon-eks-windows-pods) to facilitate gMSA authentication for Windows containers on Amazon EKS.  
-`1.24-2023.03.20` |  `1.24.7` |  `1.6.6` |  `1.1.1` |  Kubernetes version downgraded to `1.24.7` because `1.24.10` has a reported issue in `kube-proxy`.  
-`1.24-2023.02.14` |  `1.24.10` |  `1.6.6` |  `1.1.1` |   
-`1.24-2023.01.23` |  `1.24.7` |  `1.6.6` |  `1.1.1` |   
-`1.24-2023.01.11` |  `1.24.7` |  `1.6.6` |  `1.1.1` |   
-`1.24-2022.12.14` |  `1.24.7` |  `1.6.6` |  `1.1.1` |   
-`1.24-2022.10.11` |  `1.24.7` |  `1.6.6` |  `1.1.1` |   
-  
@@ -701,37 +626,0 @@ AMI version | kubelet version | containerd version | csi-proxy version | Release
-**Kubernetes version 1.24**
-    
-
-AMI version | kubelet version | containerd version | csi-proxy version | Release notes  
----|---|---|---|---  
-`1.24-2025-01-15` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.12.11` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.11.12` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.10.08` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.09.10` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.08.13` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.07.10` |  `1.24.17` |  `1.7.11` |  `1.1.2` |  Includes patches for `CVE-2024-5321`.  
-`1.24-2024.06.17` |  `1.24.17` |  `1.7.11` |  `1.1.2` |  Upgraded `containerd` to `1.7.11`.  
-`1.24-2024.05.14` |  `1.24.17` |  `1.6.28` |  `1.1.2` |  Upgraded `containerd` to `1.6.28`.  
-`1.24-2024.04.09` |  `1.24.17` |  `1.6.25` |  `1.1.2` |  Upgraded `containerd` to `1.6.25`. Rebuilt CNI and `csi-proxy` using `golang 1.22.1`.  
-`1.24-2024.03.13` |  `1.24.17` |  `1.6.18` |  `1.1.2` |   
-`1.24-2024.02.13` |  `1.24.17` |  `1.6.18` |  `1.1.2` |   
-`1.24-2024.01.09` |  `1.24.17` |  `1.6.18` |  `1.1.2` |   
-`1.24-2023.12.12` |  `1.24.17` |  `1.6.18` |  `1.1.2` |   
-`1.24-2023.11.14` |  `1.24.17` |  `1.6.18` |  `1.1.2` |  Includes patches for `CVE-2023-5528`.  
-`1.24-2023.10.19` |  `1.24.17` |  `1.6.18` |  `1.1.2` |  Upgraded `containerd` to `1.6.18`. Upgraded `kubelet` to `1.24.17`. Added new [bootstrap script environment variables](./eks-optimized-windows-ami.html#bootstrap-script-configuration-parameters) (`SERVICE_IPV4_CIDR` and `EXCLUDED_SNAT_CIDRS`).  
-`1.24-2023.09.12` |  `1.24.16` |  `1.6.6` |  `1.1.2` |  Upgraded the Amazon VPC CNI plugin to use the Kubernetes connector binary, which gets the Pod IP address from the Kubernetes API server. Merged [pull request #100](https://github.com/aws/amazon-vpc-cni-plugins/pull/100).  
-`1.24-2023.08.17` |  `1.24.16` |  `1.6.6` |  `1.1.2` |  Includes patches for `CVE-2023-3676`, `CVE-2023-3893`, and `CVE-2023-3955`.  
-`1.24-2023.08.08` |  `1.24.13` |  `1.6.6` |  `1.1.1` |   
-`1.24-2023.07.11` |  `1.24.13` |  `1.6.6` |  `1.1.1` |   
-`1.24-2023.06.20` |  `1.24.13` |  `1.6.6` |  `1.1.1` |  Resolved issue that was causing the DNS suffix search list to be incorrectly populated.  
-`1.24-2023.06.14` |  `1.24.13` |  `1.6.6` |  `1.1.1` |  Upgraded Kubernetes to `1.24.13`. Added support for host port mapping in CNI. Merged [pull request #93](https://github.com/aws/amazon-vpc-cni-plugins/pull/93).  
-`1.24-2023.05.09` |  `1.24.7` |  `1.6.6` |  `1.1.1` |  Fixed a bug causing network connectivity [issue #1126](https://github.com/aws/containers-roadmap/issues/1126) on pods after node restart. Introduced a new [bootstrap script configuration parameter](./eks-optimized-windows-ami.html#bootstrap-script-configuration-parameters) (`ExcludedSnatCIDRs`).  
-`1.24-2023.04.11` |  `1.24.7` |  `1.6.6` |  `1.1.1` |  Added recovery mechanism for `kubelet` and `kube-proxy` on service crash.  
-`1.24-2023.03.27` |  `1.24.7` |  `1.6.6` |  `1.1.1` |  Installed a [domainless gMSA plugin](https://aws.amazon.com/blogs/containers/domainless-windows-authentication-for-amazon-eks-windows-pods) to facilitate gMSA authentication for Windows containers on Amazon EKS.  
-`1.24-2023.03.20` |  `1.24.7` |  `1.6.6` |  `1.1.1` |  Kubernetes version downgraded to `1.24.7` because `1.24.10` has a reported issue in `kube-proxy`.  
-`1.24-2023.02.14` |  `1.24.10` |  `1.6.6` |  `1.1.1` |   
-`1.24-2023.01.23` |  `1.24.7` |  `1.6.6` |  `1.1.1` |   
-`1.24-2023.01.11` |  `1.24.7` |  `1.6.6` |  `1.1.1` |   
-`1.24-2022.12.13` |  `1.24.7` |  `1.6.6` |  `1.1.1` |   
-`1.24-2022.11.08` |  `1.24.7` |  `1.6.6` |  `1.1.1` |   
-  
@@ -937,37 +825,0 @@ AMI version | kubelet version | containerd version | csi-proxy version | Release
-**Kubernetes version 1.24**
-    
-
-AMI version | kubelet version | containerd version | csi-proxy version | Release notes  
----|---|---|---|---  
-`1.24-2025-01-15` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.12.11` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.11.12` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.10.08` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.09.10` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.08.13` |  `1.24.17` |  `1.7.14` |  `1.1.3` |   
-`1.24-2024.07.10` |  `1.24.17` |  `1.7.11` |  `1.1.2` |  Includes patches for `CVE-2024-5321`.  
-`1.24-2024.06.17` |  `1.24.17` |  `1.7.11` |  `1.1.2` |  Upgraded `containerd` to `1.7.11`.  
-`1.24-2024.05.14` |  `1.24.17` |  `1.6.28` |  `1.1.2` |  Upgraded `containerd` to `1.6.28`.  
-`1.24-2024.04.09` |  `1.24.17` |  `1.6.25` |  `1.1.2` |  Upgraded `containerd` to `1.6.25`. Rebuilt CNI and `csi-proxy` using `golang 1.22.1`.  
-`1.24-2024.03.13` |  `1.24.17` |  `1.6.18` |  `1.1.2` |   
-`1.24-2024.02.13` |  `1.24.17` |  `1.6.18` |  `1.1.2` |   
-`1.24-2024.01.09` |  `1.24.17` |  `1.6.18` |  `1.1.2` |   
-`1.24-2023.12.12` |  `1.24.17` |  `1.6.18` |  `1.1.2` |   
-`1.24-2023.11.14` |  `1.24.17` |  `1.6.18` |  `1.1.2` |  Includes patches for `CVE-2023-5528`.  
-`1.24-2023.10.19` |  `1.24.17` |  `1.6.18` |  `1.1.2` |  Upgraded `containerd` to `1.6.18`. Upgraded `kubelet` to `1.24.17`. Added new [bootstrap script environment variables](./eks-optimized-windows-ami.html#bootstrap-script-configuration-parameters) (`SERVICE_IPV4_CIDR` and `EXCLUDED_SNAT_CIDRS`).  
-`1.24-2023.09.12` |  `1.24.16` |  `1.6.6` |  `1.1.2` |  Upgraded the Amazon VPC CNI plugin to use the Kubernetes connector binary, which gets the Pod IP address from the Kubernetes API server. Merged [pull request #100](https://github.com/aws/amazon-vpc-cni-plugins/pull/100).  
-`1.24-2023.08.17` |  `1.24.16` |  `1.6.6` |  `1.1.2` |  Includes patches for `CVE-2023-3676`, `CVE-2023-3893`, and `CVE-2023-3955`.  
-`1.24-2023.08.08` |  `1.24.13` |  `1.6.6` |  `1.1.1` |   
-`1.24-2023.07.11` |  `1.24.13` |  `1.6.6` |  `1.1.1` |   
-`1.24-2023.06.21` |  `1.24.13` |  `1.6.6` |  `1.1.1` |  Resolved issue that was causing the DNS suffix search list to be incorrectly populated.  
-`1.24-2023.06.14` |  `1.24.13` |  `1.6.6` |  `1.1.1` |  Upgraded Kubernetes to `1.24.13`. Added support for host port mapping in CNI. Merged [pull request #93](https://github.com/aws/amazon-vpc-cni-plugins/pull/93).  
-`1.24-2023.05.09` |  `1.24.7` |  `1.6.6` |  `1.1.1` |  Fixed a bug causing network connectivity [issue #1126](https://github.com/aws/containers-roadmap/issues/1126) on pods after node restart. Introduced a new [bootstrap script configuration parameter](./eks-optimized-windows-ami.html#bootstrap-script-configuration-parameters) (`ExcludedSnatCIDRs`).  
-`1.24-2023.04.11` |  `1.24.7` |  `1.6.6` |  `1.1.1` |  Added recovery mechanism for `kubelet` and `kube-proxy` on service crash.  
-`1.24-2023.03.27` |  `1.24.7` |  `1.6.6` |  `1.1.1` |  Installed a [domainless gMSA plugin](https://aws.amazon.com/blogs/containers/domainless-windows-authentication-for-amazon-eks-windows-pods) to facilitate gMSA authentication for Windows containers on Amazon EKS.  
-`1.24-2023.03.20` |  `1.24.7` |  `1.6.6` |  `1.1.1` |  Kubernetes version downgraded to `1.24.7` because `1.24.10` has a reported issue in `kube-proxy`.  
-`1.24-2023.02.14` |  `1.24.10` |  `1.6.6` |  `1.1.1` |   
-`1.24-2023.01.23` |  `1.24.7` |  `1.6.6` |  `1.1.1` |   
-`1.24-2023.01.11` |  `1.24.7` |  `1.6.6` |  `1.1.1` |   
-`1.24-2022.12.14` |  `1.24.7` |  `1.6.6` |  `1.1.1` |   
-`1.24-2022.10.12` |  `1.24.7` |  `1.6.6` |  `1.1.1` |   
-