1.34 version change log
View information of version changes for major, minor, and patch updates that are available for your IBM Cloud® Kubernetes Service clusters that run this version. Changes include updates to Kubernetes and IBM Cloud Provider components.
Overview
In Kubernetes, most new beta features are disabled by default. Alpha features, which are subject to change, are disabled in all versions. For more information, see the Default service settings for Kubernetes components and the feature gates for each version.
For more information about major, minor, and patch versions and preparation actions between minor versions, see Kubernetes versions.
Check the Security Bulletins on IBM Cloud Status for security vulnerabilities that affect IBM Cloud Kubernetes Service. You can filter the results to view only Kubernetes Cluster security bulletins that are relevant to IBM Cloud Kubernetes Service. Change log entries that address other security vulnerabilities but don't also refer to an IBM security bulletin are for vulnerabilities that are not known to affect IBM Cloud Kubernetes Service in normal usage. If you run privileged containers, run commands on the workers, or execute untrusted code, then you might be at risk.
Some change logs are for worker node fix packs, and apply only to worker nodes. You must apply these patches to ensure security compliance for your worker nodes. These worker node fix packs can be at a higher version than the master because some build fix packs are specific to worker nodes. Other change logs are for master fix packs, and apply only to the cluster master. Master fix packs might not be automatically applied. You can choose to apply them manually. For more information about patch types, see Update types.
Version 1.34
Worker node fix pack 1.34.2_1535, released 16 December 2025
The following table shows the components included in the worker node fix pack 1.34.2_1535. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
| Component | Version | Description |
|---|---|---|
| UBUNTU 24 | 6.8.0-88-generic | Resolves the following CVEs: CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11839, CVE-2025-11840, CVE-2025-37958, CVE-2025-38666, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018, CVE-2025-64505, CVE-2025-64506, CVE-2025-64720, CVE-2025-65018, CVE-2025-66418, CVE-2025-66471, and CVE-2025-6966. |
| Kubernetes | 1.34.2 | For more information, see the change logs. |
| containerd | 2.2.0 | For more information, see the change logs. |
| HAProxy | 03b74b82b63cd53403b6b587b84233c93edef18d | N/A |
| GPU Device Plug-in and Installer | 1b40f92bf929456042c1f42ba54fa73cdaafb653 | Resolves the following CVEs: CVE-2025-8058. |
Change log for Master fix pack 1.34.2_1534, released 10 December 2025
The following table shows the changes that are in the master fix pack 1.34.2_1534. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Calico | v3.29.6 | v3.29.7 | See the Calico release notes. |
| Cluster health image | v1.6.10 | v1.6.13 | New version contains updates and security fixes. |
| etcd | v3.5.24 | v3.5.25 | See the etcd release notes. |
| IBM Cloud Controller Manager | v1.34.1-6 | v1.34.2-3 | New version contains updates and security fixes. |
| Key Management Service provider | v2.10.18 | 2.10.19 | New version contains updates and security fixes. |
| Konnectivity agent and server | v0.33.0 | v0.34.0 | See the Konnectivity release notes. |
| Kubernetes | v1.34.1 | v1.34.2 | See the Kubernetes release notes. |
| Portieris admission controller | v0.13.31 | v0.13.33 | See the Portieris admission controller release notes. |
| Tigera Operator | v1.36.14 | v1.36.16 | See the Tigera Operator release notes. |
Worker node fix pack 1.34.1_1531, released 03 December 2025
The following table shows the components included in the worker node fix pack 1.34.1_1531. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
| Component | Version | Description |
|---|---|---|
| UBUNTU 24 | 6.8.0-87-generic | Resolves the following CVEs: CVE-2025-37838, CVE-2025-38118, CVE-2025-38352, CVE-2025-40300, CVE-2025-6075, and CVE-2025-8291. |
| Kubernetes | 1.34.1 | For more information, see the change logs. |
| containerd | 2.2.0 | For more information, see the change logs. |
| HAProxy | 03b74b82b63cd53403b6b587b84233c93edef18d | Resolves the following CVEs: CVE-2025-59375, CVE-2025-5372, CVE-2024-28757, and CVE-2022-23990. |
| GPU Device Plug-in and Installer | 184bbc2d05e029bb5b0c3c18798c10697e950967 | Resolves the following CVEs: CVE-2025-59375. |
Worker node fix pack 1.34.1_1530, released 17 November 2025
The following table shows the components included in the worker node fix pack 1.34.1_1530. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
| Component | Version | Description |
|---|---|---|
| UBUNTU_24_04 | 6.8.0-86-generic | CIS benchmark compliance 2.2.4, 2.3.2.1, 5.1.1Resolves the following CVEs: CVE-2024-53008, and CVE-2025-32464. |
| Kubernetes | 1.34.1 | For more information, see the change logs. |
| containerd | 2.1.5 | For more information, see the change logs. |
| HAProxy | fbe9b8146f23bbd12b2566a79fa897d5981e7273 | N/A |
| GPU Device Plug-in and Installer | 1e3d028d8b22980ae70339db3b7f41575fe5ee5f | Resolves the following CVEs: CVE-2025-5318. |