Predix Edge OS Release Notes 2.2.1

Security Issue

This is an out of band maintenance release for a security issue that exists in components of Predix Edge OS, versions 2.2.0 and prior. It is recommended you apply this fix as soon as possible, especially if you are running Predix Edge in a production environment.

Affected versions:
  • Predix Edge Virtual Machine (Developer and Production) 2.0.0, 2.0.1, 2.1.0, 2.2.0.
  • Predix Edge RaspberryPi 2.1.0.
  • Any custom Predix Edge image with a meta-edge-base version 2.2.0 or prior.
  • Any custom Predix Edge image that still uses meta-edgeos (any version).
Solutions:
  • Predix Edge Virtual Machine: Apply the update to Predix Edge 2.2.1 or start from a fresh 2.2.1 VM.
  • Predix Edge Custom Images: Rebuild with the latest meta layers (develop or release branches).
  • No fix currently available for prebuilt Predix Edge RaspberryPi images.
  • No changes required from Predix Edge application teams beyond updating their platforms.

Upgrade Path

When upgrading Predix Edge OS, you cannot skip over a version; you must install each version incrementally. (I.e., if you are running version 2.0.0, you must first install 2.1.0 and then 2.2.1.)

New Features

This release contains the following new features:
General
The meta-edge-base layer includes a patch for CVE-2019-8912, which is a Linux kernel security issue with a critical Common Vulnerability Scoring System (CVSS) rating of 9.8 (out of 10).
OVA
The production and developer OVA images have been updated to include the fix for CVE-2019-8912.

Known Issues

This release has the following known issues:
General
  • Large container deployments may time out if running QEMU without KVM enabled.
  • The only supported virtual disk controller for VMware VMs is IDE; SCSI and SATA are not currently supported.
  • Changes to the system proxy are not propagated into deployed applications. If changing the system proxy settings after deploying applications, the applications need to be stopped and restarted for proxy settings to be propagated into the application.
  • In some cases, a command will fail to execute and the Docker logs will indicate there is a runc issue. When this occurs, resend the command.
OVA
  • When using VMware Fusion 10, switching networks in the host system may cause Predix Edge OS VMs to change their IP address (e.g. 192.168.0.5 to 192.168.0.6).
Raspberry Pi 3 B+
  • Use Predix Edge OS release 2.1.0 for Raspberry Pi 3 B+.
  • Once an imaged SDcard has been used to boot a specific Raspberry Pi board, it cannot be used to boot another board. The MAC address and model are written to the SDcard on first boot; from that point on, the SDcard is unique to that board.
    • E.g., you would encounter this issue if you booted a device, then removed and duplicated that SDcard. Devices running both the original, and all the duplicates, would come up with the same address.