v13.3.0

OS Changes

• Reserve EKS add-on ports (#864) - Thanks @Shreyank031!

Build Changes

• Update Bottlerocket SDK to v0.72.0 (#872)

v13.2.0

OS Changes

• Ensure system services start after tmp.mount (#863)
• Remove aws-lc-rs dependency from shibaken (#851)
• Send whippet STDERR to both the journal and the console (#859)
• Override GODEBUG fips140 mode for notation verifier (#853)
• Update Rust dependencies for first-party sources (#865, #866)

Third Party Package Updates

• Update nvidia-container-toolkit patches (#842)
• Update ecr-credential-helper to v0.12.0 (#846)
• Update runc to v1.3.4 (#854)
• Update amazon-ecs-cni-plugins patches (#855)
• Update glibc to v2.43, libbpf to v1.6.3, procps to v4.0.6, open-vm-tools to v13.0.10, libnetfilter_conntrack to v1.1.1, conntrack-tools to v1.4.9, coreutils to v9.10, hwloc to v2.13.0, and update libcrypto, libelf, libxcrypt patches (#865)
• Update aws-signing-helper to v1.7.3, soci-snapshotter to v0.12.1 (#850)

Build Changes

• Update Twoliter to 0.17.0 (#845)
• Add minimal debuginfo to release builds (#851)
• Build glibc with minimal debuginfo so that its symbols are available in profilers (#851)
• Update Bottlerocket SDK to v0.71.0 (#861)

Orchestrator Changes

Kubernetes

• Add kubelet-env-nvidia template for kubernetes-1.35 (#860)
• Update to latest versions of kubernetes packages (1.29-1.35) (#850)

v13.1.2

OS Changes

Third Party Package Updates

• Update amazon-ecs-cni-plugins (#855)

v13.1.1

OS Changes

Third Party Package Updates

• Update amazon-ecs-cni-plugins (#843)

v13.1.0

OS Changes

• Suppress IPv6 on interfaces with no IPv6 intent in net.toml (#826)
• Add support to render settings.container-registry into containerd supported hosts.toml (#819)
• Expand image verifier support with a new helper to render trust policies for all image verifier plugins (#820)
• Add cri-tools, erofs-utils, perf packages (#818)
• Fix ephemeral storage handling in apiserver (#822)
• Stop rendering max_concurrent_downloads in containerd CRI image plugin config (#838)
• Increase vm.max_map_count to 1048576 (#835)
• Update Rust dependencies for first-party sources (#837)

Third Party Package Updates

• Update libnvidia-container, nvidia-container-toolkit, nvidia-k8s-device-plugin (#834)

Build Changes

• Bump bottlerocket-settings-models to 0.21.0 (#841)

v13.0.0

OS Changes

• Downgrade apiserver dependencies to Wants (#823)
• Drop containerd-2.0, libexpat packages and dbus-broker launcher capability in favor of whippet (#811)
• Remove routel shell script from iproute (#817)
• Add requires to libbpf devel package (#817)
• Use macro for systemd-257 generators (#817)
• Remove separate FIPS binaries from Go packages in favor of Go built-in FIPS support (#813)
• Add URI resolver support to apiclient apply and apiclient network configure (#554)
  • s3:// - S3 bucket objects
  • secretsmanager:// - AWS Secrets Manager secrets
  • ssm:// - AWS SSM Parameter Store parameters
  • arn:aws:secretsmanager: and arn:aws:ssm: - cross-region access via full ARN
  • base64: - inline encoded content
  • Default timeouts added for HTTP/HTTPS requests

Third Party Package Updates

• Update ecs-agent to 1.101.2 with matching amazon-vpc-cni-plugins (#816)
• Update amazon-ecs-cni-plugins to 2026.01.0 (#815)
• Update amazon-ssm-agent, aws-otel-collector, libcryptsetup, libdevmapper, libncurses, libnl, libz, libglib, mdadm, strace, util-linux, xfsprogs (#824)

Orchestrator Changes

Kubernetes

• Update latest versions of kubernetes packages (1.29-1.34) (#824)
• Remove hugepages from reservedMemory in kubelet config (1.29-1.35) (#821)
• Update eni-max-pods mapping (#810, #825)
• Update SELinux policy to allow container communication with MPS daemon (#831)

ECS

• Update ecs-agent to 1.101.2 (#816)

v12.3.0

OS Changes

• Replace amazon-ecr-containerd-resolver with Docker resolver in host-ctr (#760)
• Add MPS control daemon support to nvidia-k8s-device-plugin (#789)
• Add trn3 device ids to pciclient (#800)
• Switch to using Go built-in runtime FIPS support (#783)

Third Party Package Updates

• Update docker-cli-29, docker-engine-29 (#785)
• Patch containerd-2.1 to update GRPC (#801)
• Update libnvme, xfsprogs, nvme-cli, makedumpfile, keyutils, e2fsprogs (#794)
• Update readline, libxcrypt, liburcu, libcap (#795)
• Update ecr-credential-helper (#796)

Build Changes

• Bump bottlerocket-settings-models to 0.20.0 (#803)
• Update bottlerocket-sdk to v0.70.0 (#783)

Orchestrator Changes

Kubernetes

• Add latest instance types to eni-max-pods mapping (#805)

v12.2.0

Build Changes

• Update twoliter to v0.16.0 (#793)

Orchestrator Changes

Kubernetes

• Update kubernetes-1.35 package with official sources (#792)

• Update to latest versions of kubernetes packages (#784)

v12.1.0

OS Changes

• Add audit-rules subpackage to libaudit and journald-audit subpackage to systemd (#781)
• Add rocm-container-toolkit package for AMD GPU support (#778)
• Override SBOM generation for Rust packages (#787)

Third Party Package Updates

• Update cni-plugins to v1.9.0 (#774)
• Update rocm-k8s-device-plugin to v1.31.0.9 (#788)

Build Changes

• Update twoliter to v0.15.1 (#779)

Orchestrator Changes

Kubernetes

• Add multi-user.target drop-in for kubelet restarts across all versions (#773)
• Add kubernetes-1.35 package with beta source and ecr-credential-provider-1.35 package with official source (#777)
• Add latest instance types to eni-max-pods mapping (#776, #782)

Documentation

• Remove OCI consideration from BUILDING.md (#615)

v12.0.1

OS Changes

Third Party Package Updates

• Revert updates to libnvidia-container, nvidia-container-toolkit, and nvidia-k8s-device-plugin (#775)