CCE Patch Release Notes

Version 1.32

**Table 1** Release notes for the v1.32 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.32.9-r12	v1.32.9	None	None	Fixed some security issues.
v1.32.9-r10	v1.32.9	HTTPS is supported for Service/ingress health checks.	When purchasing a CCE node, you can reduce the system disk size to 20 GB.	Fixed some security issues.
v1.32.9-r0	v1.32.9	CCE supports pod identities, which provide secure, dynamic identity credentials for pods. Services and Ingresses support QUIC listeners.	In CCE Turbo clusters, you can specify the enterprise project and resource tags of an EIP when the EIP is automatically bound to a pod.	Fixed some security issues.
v1.32.5-r0	v1.32.5	AK/SK automatic updates are supported for OBS buckets.	None	Fixed some security issues.
v1.32.1-r0	v1.32.1	CCE clusters v1.32 are released for the first time. For more information, see Kubernetes 1.32 Release Notes. Service pod scheduling can be deferred until node post-installation scripts complete. DataPlane V2 is available for newly created CCE clusters that use the VPC networks. After DataPlane V2 is enabled, you can configure network policies for these clusters. AK/SK automatic updates are supported for parallel file systems of OBS. The X-Real-IP field in HTTP/HTTPS request headers can be rewritten for both LoadBalancer Services and ingresses. During the creation of a LoadBalancer Service, you can configure specific IP addresses for the ELB backend. AppArmor can be used to restrict container access to resources.	Streaming encoding is supported, significantly reducing memory pressure on control plane nodes caused by LIST requests. The cce-pause container image can be protected against accidental deletion. The system labels used by the NodeLocal DNSCache add-on can be protected against accidental deletion.	None

Version 1.31

**Table 2** Release notes for the v1.31 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.31.14-r12	v1.31.14	None	None	Fixed some security issues.
v1.31.14-r10	v1.31.14	HTTPS is supported for Service/ingress health checks.	When purchasing a CCE node, you can reduce the system disk size to 20 GB.	Fixed some security issues.
v1.31.14-r0	v1.31.14	CCE supports pod identities, which provide secure, dynamic identity credentials for pods. Services and Ingresses support QUIC listeners.	In CCE Turbo clusters, you can specify the enterprise project and resource tags of an EIP when the EIP is automatically bound to a pod.	Fixed some security issues.
v1.31.6-r10	v1.31.6	AK/SK automatic updates are supported for OBS buckets.	None	Fixed some security issues.
v1.31.4-r0	v1.31.4	Yearly/Monthly nodes added during a node pool scale-out can be automatically paid. Nodes added during a node pool scale-out can be automatically bound with EIPs. ELB ingresses allow you to specify backend server groups for forwarding.	None	Fixed some security issues.
v1.31.1-r0	v1.31.1	CCE clusters v1.31 are released for the first time. For more information, see Kubernetes 1.31 Release Notes. LoadBalancer ingresses support more advanced forwarding actions and return fixed responses. DataPlane V2 is available for CCE Turbo clusters. After DataPlane V2 is enabled, you can configure network policies for these clusters.	During a cluster upgrade, you can scale out the nodes in the cluster. You can choose multiple blocklists or trustlists to manage access to a LoadBalancer ingress.	None

Version 1.30

**Table 3** Release notes for the v1.30 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.30.14-r52	v1.30.14	None	None	Fixed some security issues.
v1.30.14-r50	v1.30.14	HTTPS is supported for Service/ingress health checks.	When purchasing a CCE node, you can reduce the system disk size to 20 GB.	Fixed some security issues.
v1.30.14-r40	v1.30.14	CCE supports pod identities, which provide secure, dynamic identity credentials for pods. Services and Ingresses support QUIC listeners.	In CCE Turbo clusters, you can specify the enterprise project and resource tags of an EIP when the EIP is automatically bound to a pod.	Fixed some security issues.
v1.30.10-r10	v1.30.10	AK/SK automatic updates are supported for OBS buckets.	None	Fixed some security issues.
v1.30.6-r10	v1.30.6	Yearly/Monthly nodes added during a node pool scale-out can be automatically paid. Nodes added during a node pool scale-out can be automatically bound with EIPs. ELB ingresses allow you to specify backend server groups for forwarding.	None	Fixed some security issues.
v1.30.4-r0	v1.30.4	LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies. LoadBalancer ingresses support cross-origin access.	You can change a node password when updating its node pool. A node can be attached with no data disks. When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests. The default image address can be specified for Docker node pools.	Fixed some security issues.
v1.30.1-r2	v1.30.2	None	Enhanced system stability.	Fixed some security issues.
v1.30.1-r0	v1.30.2	CCE clusters v1.30 are released for the first time. For more information, see Kubernetes 1.30 Release Notes. When you delete a cluster, CCE allows you to select which log groups to delete. When a node is created using a private image, the image password can be retained. CCE supports GPU rendering.	CCE supports ELB listeners on any port.	Fixed some security issues.

Version 1.29

**Table 4** Release notes for the v1.29 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.29.15-r52	v1.29.15	None	None	Fixed some security issues.
v1.29.15-r50	v1.29.15	HTTPS is supported for Service/ingress health checks.	When purchasing a CCE node, you can reduce the system disk size to 20 GB.	Fixed some security issues.
v1.29.15-r40	v1.29.15	CCE supports pod identities, which provide secure, dynamic identity credentials for pods. Services and Ingresses support QUIC listeners.	In CCE Turbo clusters, you can specify the enterprise project and resource tags of an EIP when the EIP is automatically bound to a pod.	Fixed some security issues.
v1.29.13-r10	v1.29.13	AK/SK automatic updates are supported for OBS buckets.	None	Fixed some security issues.
v1.29.10-r10	v1.29.10	Yearly/Monthly nodes added during a node pool scale-out can be automatically paid. Nodes added during a node pool scale-out can be automatically bound with EIPs. ELB ingresses allow you to specify backend server groups for forwarding.	None	Fixed some security issues.
v1.29.8-r0	v1.29.8	LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.	You can change a node password when updating its node pool. A node can be attached with no data disks. When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests. The default image address can be specified for Docker node pools.	Fixed some security issues.
v1.29.2-r4	v1.29.3	None	The stability of ELB has been improved during upgrades that span across multiple versions.	Fixed some security issues.
v1.29.2-r0	v1.29.3	CCE ingresses support traffic distribution based on custom HTTP headers. Scaling priority policies can be configured for third-party workloads. You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters. You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.	An in-progress node drainage can be canceled. When updating a node pool, you can change its agency name, prefix, and suffix. Kubernetes labels and taints of a node are retained after the node is reset. Both the Kubernetes service account token volume projection and the load scaling controller can be configured.	Fixed some security issues.
v1.29.1-r0	v1.29.1	CCE clusters v1.29 are released for the first time. For more information, see Kubernetes 1.29 Release Notes.	None	None

Version 1.28

**Table 5** Release notes for the v1.28 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.28.15-r92	v1.28.15	None	None	Fixed some security issues.
v1.28.15-r90	v1.28.15	HTTPS is supported for Service/ingress health checks.	When purchasing a CCE node, you can reduce the system disk size to 20 GB.	Fixed some security issues.
v1.28.15-r80	v1.28.15	CCE supports pod identities, which provide secure, dynamic identity credentials for pods. Services and Ingresses support QUIC listeners.	In CCE Turbo clusters, you can specify the enterprise project and resource tags of an EIP when the EIP is automatically bound to a pod.	Fixed some security issues.
v1.28.15-r30	v1.28.15	AK/SK automatic updates are supported for OBS buckets.	None	Fixed some security issues.
v1.28.15-r10	v1.28.15	Yearly/Monthly nodes added during a node pool scale-out can be automatically paid. Nodes added during a node pool scale-out can be automatically bound with EIPs. ELB ingresses allow you to specify backend server groups for forwarding.	None	Fixed some security issues.
v1.28.13-r0	v1.28.13	LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.	You can change a node password when updating its node pool. A node can be attached with no data disks. When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests. The default image address can be specified for Docker node pools.	Fixed some security issues.
v1.28.6-r4	v1.28.8	None	The stability of ELB has been improved during upgrades that span across multiple versions.	Fixed some security issues.
v1.28.6-r0	v1.28.8	CCE ingresses support traffic distribution based on custom HTTP headers. Scaling priority policies can be configured for third-party workloads. You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters. You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.	An in-progress node drainage can be canceled. When updating a node pool, you can change its agency name, prefix, and suffix. Kubernetes labels and taints of a node are retained after the node is reset. Both the Kubernetes service account token volume projection and the load scaling controller can be configured.	Fixed some security issues.
v1.28.4-r0	v1.28.5	Docker can be selected when you create a node.	The configurations of frequently used cluster parameters and node pool parameters are publicly available.	Fixed some security issues.
v1.28.3-r0	v1.28.3	LoadBalancer Services and ingresses allow you to: Configure SNI. Enable HTTP/2. Configure idle timeout, request timeout, and response timeout.	None	Fixed some security issues.
v1.28.2-r0	v1.28.3	You can configure an ELB blocklist/trustlist for access control when creating a Service or ingress.	None	Fixed some security issues.
v1.28.1-r4	v1.28.3	None	None	Fixed CVE-2024-21626 issues.
v1.28.1-r0	v1.28.3	CCE clusters v1.28 are released for the first time. For more information, see Kubernetes 1.28 Release Notes. The prefix and suffix of a node name can be customized in node pools. In CCE Turbo clusters, you can create workload pod networks and specify pod subnets. LoadBalancer ingresses support gRPC. LoadBalancer Services allow you to specify a private IP address for a load balancer in YAML during creation.	Accelerated the startup speed for creating a large number of secure containers in a CCE Turbo cluster. Improved the stability when secure containers are repeatedly created or deleted in a CCE Turbo cluster.	None

Earlier Versions

The following describes earlier cluster versions.

Version 1.27

**Table 6** Release notes for the v1.27 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.27.16-r40	v1.27.16	AK/SK automatic updates are supported for OBS buckets.	None	Fixed some security issues.
v1.27.16-r20	v1.27.16	Yearly/Monthly nodes added during a node pool scale-out can be automatically paid. Nodes added during a node pool scale-out can be automatically bound with EIPs. ELB ingresses allow you to specify backend server groups for forwarding.	None	Fixed some security issues.
v1.27.16-r0	v1.27.16	LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.	You can change a node password when updating its node pool. A node can be attached with no data disks. When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests. The default image address can be specified for Docker node pools.	Fixed some security issues.
v1.27.8-r4	v1.27.12	None	The stability of ELB has been improved during upgrades that span across multiple versions.	Fixed some security issues.
v1.27.8-r0	v1.27.12	CCE ingresses support traffic distribution based on custom HTTP headers. Scaling priority policies can be configured for third-party workloads. You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters. You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.	An in-progress node drainage can be canceled. When updating a node pool, you can change its agency name, prefix, and suffix. Kubernetes labels and taints of a node are retained after the node is reset. Both the Kubernetes service account token volume projection and the load scaling controller can be configured.	Fixed some security issues.
v1.27.6-r0	v1.27.9	Docker can be selected when you create a node.	The configurations of frequently used cluster parameters and node pool parameters are publicly available.	Fixed some security issues.
v1.27.3-r4	v1.27.4	None	None	Fixed CVE-2024-21626 issues.
v1.27.2-r0	v1.27.2	Volcano supports node pool affinity scheduling. Volcano supports workload rescheduling.	None	Fixed some security issues.
v1.27.1-r10	v1.27.2	None	Optimized the events generated during node pool scaling.	Fixed some security issues.
v1.27.1-r0	v1.27.2	CCE clusters v1.27 are released for the first time. For more information, see Kubernetes 1.27 Release Notes. Both soft eviction and hard eviction are supported in node pool configurations.	None	None

Version 1.25

In CCE clusters v1.25, containerd is the default runtime for nodes, except for nodes running EulerOS 2.5. In addition, clusters v1.25 or later no longer support EulerOS 2.5.

**Table 7** Release notes for the v1.25 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.25.16-r40	v1.25.16	AK/SK automatic updates are supported for OBS buckets.	None	Fixed some security issues.
v1.25.16-r20	v1.25.16	Yearly/Monthly nodes added during a node pool scale-out can be automatically paid. Nodes added during a node pool scale-out can be automatically bound with EIPs. ELB ingresses allow you to specify backend server groups for forwarding.	None	Fixed some security issues.
v1.25.16-r0	v1.25.16	LoadBalancer ingresses can forward requests based on parameters such as HTTP request methods, HTTP request headers, query strings, CIDR blocks, and cookies.	You can change a node password when updating its node pool. A node can be attached with no data disks. When updating a LoadBalancer ingress, you can modify the configuration of redirecting HTTP requests to HTTPS requests. The default image address can be specified for Docker node pools.	Fixed some security issues.
v1.25.11-r4	v1.25.16	None	The stability of ELB has been improved during upgrades that span across multiple versions.	Fixed some security issues.
v1.25.11-r0	v1.25.16	CCE ingresses support traffic distribution based on custom HTTP headers. Scaling priority policies can be configured for third-party workloads. You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters. You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.	An in-progress node drainage can be canceled. When updating a node pool, you can change its agency name, prefix, and suffix. Kubernetes labels and taints of a node are retained after the node is reset. Both the Kubernetes service account token volume projection and the load scaling controller can be configured.	Fixed some security issues.
v1.25.9-r0	v1.25.16	None	The configurations of frequently used cluster parameters and node pool parameters are publicly available.	Fixed some security issues.
v1.25.6-r4	v1.25.10	None	None	Fixed CVE-2024-21626 issues.
v1.25.5-r0	v1.25.5	Volcano supports node pool affinity scheduling. Volcano supports workload rescheduling.	None	Fixed some security issues.
v1.25.4-r10	v1.25.5	None	Optimized the events generated during node pool scaling.	Fixed some security issues.
v1.25.4-r0	v1.25.5	Both soft eviction and hard eviction are supported in node pool configurations. TMS tags can be added to automatically created EVS disks to facilitate cost management.	None	Fixed some security issues.
v1.25.3-r10	v1.25.5	The timeout interval can be configured for a load balancer.	High-frequency parameters of kube-apiserver are configurable.	Fixed some security issues.
v1.25.3-r0	v1.25.5	None	Enhanced network stability of CCE Turbo clusters when their specifications are modified.	Fixed some security issues.
v1.25.1-r0	v1.25.5	CCE clusters v1.25 are released for the first time. For more information, see Kubernetes 1.25 Release Notes.	None	None

Version 1.23

**Table 8** Release notes for the v1.23 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.23.18-r16	v1.23.18	None	None	Fixed some security issues.
v1.23.16-r4	v1.23.17	None	The stability of ELB has been improved during upgrades that span across multiple versions.	Fixed some security issues.
v1.23.16-r0	v1.23.17	CCE ingresses support traffic distribution based on custom HTTP headers. Scaling priority policies can be configured for third-party workloads. You can configure a security group for a pod using annotations. This feature is only available for CCE Turbo clusters. You can bind an existing EIP to a pod. This feature is only available for CCE Turbo clusters.	An in-progress node drainage can be canceled. When updating a node pool, you can change its agency name, prefix, and suffix. Kubernetes labels and taints of a node are retained after the node is reset. Both the Kubernetes service account token volume projection and the load scaling controller can be configured.	Fixed some security issues.
v1.23.14-r0	v1.23.17	None	The configurations of frequently used cluster parameters and node pool parameters are publicly available.	Fixed some security issues.
v1.23.11-r4	v1.23.17	None	None	Fixed CVE-2024-21626 issues.
v1.23.10-r0	v1.23.11	Volcano supports node pool affinity scheduling. Volcano supports workload rescheduling.	None	Fixed some security issues.
v1.23.9-r10	v1.23.11	None	Optimized the events generated during node pool scaling.	Fixed some security issues.
v1.23.9-r0	v1.23.11	Both soft eviction and hard eviction are supported in node pool configurations. TMS tags can be added to automatically created EVS disks to facilitate cost management.	None	Fixed some security issues.
v1.23.8-r10	v1.23.11	The timeout interval can be configured for a load balancer.	High-frequency parameters of kube-apiserver are configurable.	Fixed some security issues.
v1.23.8-r0	v1.23.11	None	Enhanced Docker reliability during upgrades. Optimized node time synchronization.	Fixed some security issues.
v1.23.5-r0	v1.23.11	Fault detection and isolation are supported on GPU nodes. Security groups can be customized by cluster. CCE Turbo clusters support network interface pre-binding by node. containerd is supported.	Upgraded the etcd version of the master node to the Kubernetes version 3.5.6. Optimized scheduling so that pods are evenly distributed across AZs after pods are scaled in. Optimized the memory usage of kube-apiserver when CRDs are frequently updated.	Fixed some security issues and the following CVE vulnerabilities: CVE-2022-3294 CVE-2022-3162 CVE-2022-3172 CVE-2021-25749
v1.23.1-r0	v1.23.4	CCE clusters v1.23 are released for the first time. For more information, see Kubernetes 1.23 Release Notes.	None	None

Version 1.21

**Table 9** Release notes for the v1.21 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
v1.21.15-r0	v1.21.14	None	The configurations of frequently used cluster parameters and node pool parameters are publicly available.	Fixed some security issues.
v1.21.14-r0	v1.21.14	A PVC can be used to dynamically create and mount an SFS Turbo subdirectory.	None	Fixed some security issues.
v1.21.12-r4	v1.21.14	None	None	Fixed CVE-2024-21626 issues.
v1.21.11-r20	v1.21.14	Volcano supports node pool affinity scheduling. Volcano supports workload rescheduling.	None	Fixed some security issues.
v1.21.11-r10	v1.21.14	None	Optimized the events generated during node pool scaling.	Fixed some security issues.
v1.21.11-r0	v1.21.14	Both soft eviction and hard eviction are supported in node pool configurations. TMS tags can be added to automatically created EVS disks to facilitate cost management.	None	Fixed some security issues.
v1.21.10-r10	v1.21.14	The timeout interval can be configured for a load balancer.	High-frequency parameters of kube-apiserver are configurable.	Fixed some security issues.
v1.21.10-r0	v1.21.14	None	Enhanced Docker reliability during upgrades. Optimized node time synchronization. Enhanced the stability of the Docker runtime for pulling images after nodes are restarted.	Fixed some security issues.
v1.21.7-r0	v1.21.14	Fault detection and isolation are supported on GPU nodes. Security groups can be customized by cluster. CCE Turbo clusters support network interface pre-binding by node. Control plane logs can be collected.	Improved the stability of LoadBalancer Services/ingresses with a large number of connections.	Fixed some security issues and the following CVE vulnerabilities: CVE-2022-3294 CVE-2022-3162 CVE-2022-3172
v1.21.1-r0	v1.21.7	CCE clusters v1.21 are released for the first time. For more information, see Kubernetes 1.21 Release Notes.	None	None

Version 1.19

**Table 10** Release notes for the v1.19 patch
CCE Cluster Patch Version	Kubernetes Version	Feature Updates	Optimization	Vulnerability Fixing
1.19.16-r84	v1.19.16	None	None	Fixed CVE-2024-21626 issues.
v1.19.16-r60	v1.19.16	Volcano supports node pool affinity scheduling. Volcano supports workload rescheduling.	None	Fixed some security issues.
v1.19.16-r50	v1.19.16	None	Optimized the events generated during node pool scaling.	Fixed some security issues.
v1.19.16-r40	v1.19.16	Both soft eviction and hard eviction are supported in node pool configurations. TMS tags can be added to automatically created EVS disks to facilitate cost management.	None	Fixed some security issues.
v1.19.16-r30	v1.19.16	The timeout interval can be configured for a load balancer.	High-frequency parameters of kube-apiserver are configurable.	Fixed some security issues.
v1.19.16-r20	v1.19.16	None	Cloud Native Network 2.0 allows you to specify subnets for a namespace. Enhanced the stability of the Docker runtime for pulling images after nodes are restarted. Optimized the performance of CCE Turbo clusters in allocating network interfaces if not all network interfaces are pre-bound.	Fixed some security issues.
v1.19.16-r4	v1.19.16	Containers support SFS 3.0 for storage. Fault detection and isolation are supported on GPU nodes. Security groups can be customized by cluster. CCE Turbo clusters support network interface pre-binding by node.	Scheduling is optimized on taint nodes. Enhanced the long-term running stability of containerd when cores are bound. Improved the stability of LoadBalancer Services/ingresses with a large number of connections. Optimized the memory usage of kube-apiserver when CRDs are frequently updated.	Fixed some security issues and the following CVE vulnerabilities: CVE-2022-3294 CVE-2022-3162 CVE-2022-3172
v1.19.16-r0	v1.19.16	None	Enhanced the stability in updating LoadBalancer Services when workloads are upgraded and nodes are scaled in or out.	Fixed some security issues and the following CVE vulnerabilities: CVE-2021-25741 CVE-2021-25737
v1.19.10-r0	v1.19.10	CCE clusters v1.19 are released for the first time. For more information, see Kubernetes 1.19 Release Notes.	None	None

Parent Topic: Cluster Versions

Previous topic: Kubernetes 1.9 (EOM) and Earlier Versions Release Notes

Next topic: OS Images

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.