conmon security update

conmon
[2.1.3-8]

• address CVE-2023-39326
  [2.1.3-7]
• Resolve CVE-2023-39325
  [2.1.3-6]
• Add ol8_baseos_latest, and ol9_baseos_latest, to Jenkinsfile
  [2.1.3-5]
• Add systemd-devel as build requirement
  [2.1.3-4]
• Add support ARM build
  [2.1.3.3]
• Add OL9 support
  [2.1.3.2]
• Update inline with Linux team building conmon for all but OL7.
  [2.1.3-1]
• Added build scripts
  cri-o
  [1.25.5-1]
• Added Oracle Specifile Files for cri-o
  cri-tools
  [1.25.0-3]
• Resolve CVE-2023-39326
  [1.25.0-2]
• Resolve CVE-2023-39325
  [1.25.0-1]
• Added Oracle Specific Build Files for cri-tools
  flannel-cni-plugin
  [1.0.1-4]
• Resolve CVE-2023-39326
  [1.0.1-3]
• Resolve CVE-2023-44487 and CVE-2023-39325
  [1.0.1-2]
• Add support for Oracle Linux 9
  [1.0.1-1]
• Added Oracle specific build files for Flannel CNI Plugins
  helm
  [3.11.1-3]
• address CVE-2023-39326
  [3.11.1-2]
• address CVE-2023-44487 and CVE-2023-39325
  [3.11.1-1]
• Added Oracle Specific build Files
  istio
  [1.16.7-3]
• Updated Golang to 1.20.12 to address CVE CVE-2023-39326
  [1.16.7-1]
• Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944.
  kata
  [1.12.1-17]
• Include OL9 for kernel-uek-container (currently in UEKR7_developer_preview)
  [1.12.1-16]
• Rebuild with golang 1.20.12
  [1.12.1-15]
• Updated for kubernetes 1.27 and 1.28
  [1.12.1-14]
• Updated to address CVE-2023-44487 and CVE-2023-39325
  [1.12.1-13]
• Rebuild kata to fix timestamp issue
  [1.12.1-12]
• Add support for ARM build
  [1.12.1-11]
• Add OL9 support
  [1.12.1-10]
• Updated kata-runtime version to work with more versions of kvm_utils
  [1.21.1-9]
• updated cri-o and cri-tools versions to support olcne-1.6.0
  [1.12.1-7]
• Updated kernel_uek_max and kernel_uek_container_max to 5.16 to support UEKR7 host and guest kernel.
  Note: installed kernel < 5.16.
  [1.12.1-6]
• updated cri-o and cri-tools versions to support olcne-1.5.0
  [1.12.1-5]
• updated cri-o and cri-tools versions to support kubernetes-1.23
  [1.12.1-4]
• update kata-image versions
• update kernel-uek-container version to kernel-uek-container-5.4.17-2136.306.1.3
  [1.21.1-3]
• Support k8s 1.21.6
• updated kernel-uek-container version
• updated kata-image versions
• added buildhost variable
  [1.12.1-2]
• Golang 1.15.9
  [1.12.1-1]
• Updated to kata 1.12.1
• Updated guest kernel (kernel-uek-container) minimum version to UEK6U2 (5.4.17-2102.200.7)
  kata-agent
  [1.12.1-11]
• Rebuild with -11 tag
  [1.12.1-10]
• Updated Golang to 1.20.12 to address CVE CVE-2023-39326
  [1.12.1-9]
• Updated to address CVE-2023-44487 and CVE-2023-39325
  [1.12.1-8]
• Remove build_date global variable in kata-image specfile
  [1.12.1-7]
• Add support for ARM build
  [1.12.1-6]
• Add OL9 support
  [1.12.1-4]
• Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper
  [1.12.1-3]
• updated golang version
• added buildhost variable
  [1.12.1-2]
• Golang 1.15.9
  [1.12.1-1]
• Added Oracle Specific Build Files for kata-agent
  kata-image
  [1.12.1-11]
• Rebuild with -11 tag
  [1.12.1-10]
• Updated Golang to 1.20.12 to address CVE CVE-2023-39326
  [1.12.1-9]
• Updated to address CVE-2023-44487 and CVE-2023-39325
  [1.12.1-8]
• Remove build_date global variable in specfile
  [1.12.1-7]
• Add support for ARM build
  [1.12.1-6]
• Restore OL7 and bump release
  [1.12.1-5]
• Add support for Oracle Linux 9
  [1.12.1-4]
• build for kata-agent-1.12.1-4
  [1.12.1-3]
• updated golang version
• added buildhost variable
  [1.12.1-2]
• Golang 1.15.9
  [1.12.1-1]
• Added Oracle Specific Build Files for kata-image
  kata-ksm-throttler
  [1.12.1-11]
• Rebuild with -11 tag
  [1.12.1-10]
• Updated Golang to 1.20.12 to address CVE CVE-2023-39326
  [1.12.1-9]
• Updated to address CVE-2023-44487 and CVE-2023-39325
  [1.12.1-8]
• Bump release inline with other kata packages for fixing timestamp issue
  [1.12.1-7]
• Add support for ARM build
  [1.12.1-6]
• Bump releaase inline with others for reversion of removal of OL7.
  [1.12.1-5]
• Add support for Oracle Linux 9
  [1.12.1-4]
• Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper
  [1.12.1-3]
• updated golang version
• added buildhost variable
  [1.12.1-2]
• Golang 1.15.9
  [1.12.1-1]
• Added Oracle Specific Build Files for kata-ksm-throttler
  kata-proxy
  [1.12.1-11]
• Rebuild with -11 tag
  [1.12.1-10]
• Updated Golang to 1.20.12 to address CVE CVE-2023-39326
  [1.12.1-9]
• Updated to address CVE-2023-44487 and CVE-2023-39325
  [1.12.1-8]
• Bump release inline with other kata packages for fixing timestamp issue
  [1.12.1-7]
• Add support for ARM build
  [1.12.1-6]
• Revert OL7 removal
  [1.12.1-5]
• Add support for Oracle Linux 9
  [1.12.1-4]
• Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper
  [1.12.1-3]
• updated golang version
• added buildhost variable
  [1.12.1-2]
• Golang 1.15.9
  [1.12.1-1]
• Added Oracle Specific Build Files for kata-proxy
  kata-runtime
  [1.12.1-11]
• Rebuild with -11 tag
  [1.12.1-10]
• Updated Golang to 1.20.12 to address CVE CVE-2023-39326
  [1.12.1-9]
• Updated to address CVE-2023-44487 and CVE-2023-39325
  [1.12.1-8]
• Bump release inline with other kata packages for fixing timestamp issue
  [1.12.1-7]
• Add support for ARM build
  [1.12.1-6]
• Add OL9 support
  [1.12.1-5]
• Updated qemu-kvm machine options to work with more versions of kvm_utils
  [1.12.1-4]
• Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper
  [1.12.1-3]
• updated golang version
• added buildhost variable
  [1.12.1-2]
• Golang 1.15.9
  [1.12.1-1]
• Added Oracle Specific Files For kata-runtime
  kata-shim
  [1.12.1-11]
• Rebuild with -11 tag
  [1.12.1-10]
• Updated Golang to 1.20.12 to address CVE CVE-2023-39326
  [1.12.1-9]
• Updated to address CVE-2023-44487 and CVE-2023-39325
  [1.12.1-8]
• Bump release inline with other kata packages for fixing timestamp issue
  [1.12.1-7]
• Add support for ARM build
  [1.12.1-6]
• Bump releaase inline with others for reversion of removal of OL7.
  [1.12.1-5]
• Add support for Oracle Linux 9
  [1.12.1-4]
• Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper
  [1.12.1-3]
• updated golang version
• added buildhost variable
  [1.12.1-2]
• Golang 1.15.9
  [1.12.1-1]
• Added Oracle Specific Build Files for kata-shim
  kubernetes
  [1.25.15-2]
• Address CVE-2023-39326 by upgrading golang to 1.20.12
  [1.25.15-1]
• Added Oracle specific build files for Kubernetes
  kubernetes-cni
  [1.0.1-4]
• address CVE-2023-39326
  [1.0.1-3]
• Resolve CVE-2023-44487 and CVE-2023-39325
  [1.0.1-2]
• Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper
  [1.0.1-1]
• Added Oracle specific build files for Kubernetes CNI
  kubernetes-cni-plugins
  [1.0.1-5]
• address CVE-2023-39326
  [1.0.1-3]
• Resolve CVE-2023-44487 and CVE-2023-39325
  [1.0.1-3]
• Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper
  [1.0.1-2]
• Add flannel-cni-plugins as a dependency
  [1.0.1-1]
• Added Oracle specific build files for Kubernetes CNI Plugins
  olcne
  [1.6.6-3]
• Fixed pod-network:calico update
  [1.6.6-2]
• Added conmon resource to kubernetes module
  [1.6.6-1]
• Rebuilt modules, and components, with golang 1.20.12 to address CVE-2023-39326
• Updated CRI-O to v1.25.5
  [1.6.5-9]
• Mark container-registry as updatable
  [1.6.5-9]
• update metallb 0.12.1 to address CVE-2023-44487 and CVE-2023-39325
  [1.6.5-8]
• Update externalip-webhook 1.0.0-3 to address CVE-2023-44487, CVE-2023-39325
  [1.6.5-7]
• Update multus-cni 3.9.3 to address CVE-2023-44487 and CVE-2023-39325
  [ - 1.6.5-6]
• Update rook-1.10.9 to address CVE-2023-44487, CVE-2023-39325
  [1.6.5-5]
• Update Istio, Grafana, Prometheus, and Kubernetes-dashboard to address CVE’s
• CVE-2023-44487
• CVE-2023-39325
  [1.6.5-4]
• Update kubernetes and components to address golang CVE-2023-44487, CVE-2023-39325
  [1.6.5-3]
• update configmap-registry to 1.28.0 to address CVE-2023-44487 and CVE-2023-39325
  [1.6.5-2]
• Update kubevirt 0.58.0 to address CVE-2023-44487 and CVE-2023-39325
  [1.6.5-1]
• Update calico image versions to address golang CVE-2023-44487, CVE-2023-39325
  [1.6.4-1]
• Fix GetNodeByAddr string comparison
• hostnames case insensitve comparison
  [1.6.3-1]
• Add Istio-1.16.7 to address CVE’s
• CVE-2023-35941
• CVE-2023-35942
• CVE-2023-35943
• CVE-2023-35944
  [1.6.2-1]
• CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11
• Add all modules to registry-image-helper
• update yq to 4.x
  [1.6.1-9]
• Updated the CVE ID’s in Istio-1.16.4 changelog entry
  [1.6.1-8]
• Update Istio config to include 1.15.7 to support upgrade from 1.5.x to 1.6.x
  [1.6.1-7]
• Bugfix:Append a slash in oci-instance-metada query url
  [1.6.1-6]
• Fixed helm installation in OLCNE upgrade
  [1.6.1-5]
• Deprecate oci-private-key
  in favour of oci-private-key-file
• Updated olcne_version argument in olcnectl provision to support
  [1.6.1-4]
• Update Istio version to 1.16.4 to address CVE’s
• CVE-2023-27496
• CVE-2023-27488
• CVE-2023-27493
• CVE-2023-27492
• CVE-2023-27491
• CVE-2023-27487
  [1.6.1-3]
• Resolved the issue to install multiple network cards using multus
  [1.6.1-2]
• Update kubelet for upstream runc misc cgroups patch
  [1.6.1-1]
• Fix the bug olcnectl provision fails if ol8_developer does not exist
  [1.6.0-4]
• Removed PodSecurityPolicy from the Grafana Helm chart due to the removal of the API in Kubernetes 1.25
• Fixed an issue where creating an instance of the Istio module without Helm already installed would fail
  [1.6.0-3]
• Move template to olcne-api-server and provide default calico config
  [1.6.0-2]
• Update KubeVirt version to 0.58.0
  [1.6.0-1]
• Update Kubernetes version to 1.25.7
• Update Helm version to 3.11.1
• Update Istio version to 1.16.2
• Add Calico CNI 3.25
• Add Multus CNI 3.9.3
• Technical preview for KubeVirt 0.52.0
• Technical preview for Rook 1.10.9
• Add subcommand to olcnectl that lists version information for modules
• Add support for --control-plane-nodes argument to the Kubernetes module for specifying control plane nodes
• olcnectl provision can now update existing module instances
• Deprecate Helm module in favor of automatically installing Helm with Kubernetes
• Deprecate --master-nodes argument to the Kubernetes module
• Deprecate Kata container runtime
• Deprecate Flannel CNI
• Deprecate GlusterFS CSI Driver
  [1.5.11-1]
• Expose metrics endpoints for kube-system services
• Support installation with or without firewalld running
• Open port 9100 on nodes when installing Kubernetes module
• Make disable swap persist after reboot of control plane node
  [1.5.10-2]
• Update istio to 1.15.3 to address Istio CVE-2022-392787
  [1.5.9-1]
• Fix a regression during provisioning where arguments for the externalip restriction webhook are handled incorrectly
  [1.5.8-4]
• Fix 1.21 kubernetes version to align with last upstream release
  [1.5.8-3]
• Increase timeout value for update module
  [1.5.8-2]
• Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24
• Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23
• Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.22
• Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21
  [1.5.8-1]
• Improve error reporting and logging when using olcnectl provision
• Environment creation is now idempotent
  [1.5.7-6]
• Unpinned podman for OL7
  [1.5.7-5]
• Updated the kubernetes-dashboard version to v2.5.1 in the registry-image-helper.sh script for kubernetes-1.24.5
  [1.5.7-4]
• Upgraded helm-3.7.1 to 3.9.4
  [1.5.7-3]
• Resolved kubernetes-1.22.14 upgrade issue
  [1.5.7-1]
• Upgrade Kubernetes to 1.24.5
• Upgrade Istio to 1.14.3
• Update OCI-CCM to 1.24.0 for kubernetes 1.24
• Update kubernetes-dashboard to v2.5.1
• Added support for custom profiles to the Istio module
• Added support for multiple instances of the Istio module with independent profiles
• Implemented automation within olcnectl for provisioning of Platform components
  and modules for existing compute resources
  [1.5.6-1]
• Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14
• Resolve Kubernetes CVE-2022-3172 for version 1.21
• Resolve Kubernetes CVE-2022-3172 for version 1.22
• Resolve Kubernetes CVE-2022-3172 for version 1.23
  [1.5.5-1]
• Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045
  [1.5.4-3]
• Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over
  [1.5.4-2]
• Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227
  [1.5.4-1]
• Upgrade Kubernetes to 1.23.7
  [1.5.3-1]
• Address qemu CVE-2022-26353, CVE-2021-3748
  [1.5.2-1]
• Excluded unnecessary directories from k8s backup files
  [1.5.1-1]
• Fixed the bug in fetching node metadata for non-cloud nodes
  [1.5.0-2]
• Upgrade Helm to 3.7.1-2
  [1.5.0-2]
• fix null pointer exception in systemd service state validation
  [1.5.0-1]
• Introduce support for compact Kubernetes clusters
• Introduce MetalLB
• Introduce Oracle Cloud Infrastructure Cloud Controller Manager
• Improved log messages in Platform API Server and Platform Agent
• Upgrade Kubernetes to 1.22.8
• Upgrade Istio to 1.13.2
• Renamed the oci-csi module to oci-ccm
  [1.5.0-20.alpha]
• Update istio-1.13.2 grafana to 7.5.15
  [1.5.0-14.alpha]
• Metallb fix
  [1.5.0-11.alpha]
• Remove module directories when olcne rpm is uninstalled
  [1.5.0-10.alpha]
• OCI CCM 0.13.0
  [1.5.0-9.alpha]
• Reworked log messages
  [1.5.0-8.alpha]
• Update Istio to 1.13.2(prometheus-2.31.1, grafana-8.4.6)
  [1.5.0-7.alpha]
• Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15)
  [1.5.0-6.alpha]
• Update to k8s 1.22 with golang 1.17
  [1.5.0-5.alpha]
• Update internal docs for oci-ccm module
  [1.5.0-4.alpha]
• Extend oci-ccm module to support load balancer
  [1.5.0-3.alpha]
• Firewall pre-req
  [1.5.0-2.alpha]
• Ensure that config map settings needed by metallb is preserved during k8s upgrade
  [1.5.0-1.alpha]
• Metallb module
  [1.4.1-14]
• Added 1.4 extra images to registry-image-helper.sh script
  [1.4.1-13]
• Update sudoers file and changed its permissions to ‘0440’
  [1.4.1-12]
• Update olcne-kubernetes.md file for ‘compact’ flag
  [1.4.1-11]
• Ensure that the order of items in an upgraded config file is stable with respect to the original file
  [1.4.1-10]
• Ensure that old olcnectl config files are upgraded
  [1.4.1-9]
• Rename oci-csi module to oci-ccm and add support for oci-ccm loadbalancer creation
  [1.4.1-8]
• Make ‘compact’ flag updatable
  [1.4.1-7]
• Introduce ‘compact’ that enables control-plane nodes to run any workloads
  [1.4.1-6]
• Ability to label 1 or more kubernetes nodes
  [1.4.1-5]
• Fixed a bug where specifying a port in the container-registry argument
  to the Kubernetes module would result in pods not being able to start.
  [1.4.1-4]
• Update helm to 3.7.1
  [1.4.1-3]
• Update versions to Istio-1.12.2, prometheus-2.31.1 and grafana-7.5.11
  [1.4.1-2]
• Allow loadbalancer to be configured regardless of security list mode
  [1.4.0-4]
• Fix bug in initialising certs manager when environment name not mentioned
  [1.4.0-3]
• Fix bug in fetching report for multi-environment
  [1.4.0-2]
• Pause image is 3.4.1
  [1.4.0-1]
• CSI plugin
• Reports feature
• Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade
• Istio-1.9.4 to Istio-1.11.4 upgrade
• Component upgrades
• Config file feature
  [1.3.0-13]
• Fix iptables issue when running on OL7 host using OL8 image
  [1.3.0-12]
• Address CVE’s ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007
  [1.3.0-11]
• Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282]
  [1.3.0-10]
• Fixed missing double semicolon in registry image helper
  [1.3.0-9]
  yq
  [4.34.1-4]
• Update Golang to 1.20.12 to address CVE-2023-39326
  [4.34.1-3]
• address CVE-2023-44487 and CVE-2023-3932A
  [4.34.1-2]
• Add support for ARM build
  [4.34.1-1]
• Added Oracle specific build files