1.23.1
The Anbox Cloud team is pleased to announce the release of Anbox Cloud 1.23.0.
Please see component versions for a list of updated components.
New features & improvements
Anbox Cloud Appliance
- You can now set the following appliance network configuration using
anbox-cloud-appliance config set
:- The network’s public IP address (
network.public_address
) - The network’s DNS name (
network.location
).
- The network’s public IP address (
- You can now configure the CORS settings for those API endpoints that the appliance reverse proxy passes to the Anbox Stream Gateway. You can set the following using the
anbox-cloud-appliance config set
command:- The HTTP origin (
core.https_allowed_origin
) - List of allowed HTTP headers (
core.https_allowed_headers
) - List of allowed HTTP methods (
core.https_allowed_methods
)
- The HTTP origin (
- You can skip setting up coturn when initialising the appliance and can configure a custom STUN server.
- The
prepare-node-script
command is extended to support systems with an already installed NVIDIA driver. - You can now set up a custom identity provider for the dashboard by configuring an OpenID Connect provider through the preseed configuration when initialising the appliance.
Streaming
- With the 1.23.0 release, the functionalities of the Instances page and the Sessions page on the web dashboard were merged. For debugging purposes, viewing a list of available sessions can be really useful. With the 1.23.1 release, you can list all available sessions using the
anbox-stream-gateway sessions list
command. - You can dynamically change the display density when joining an existing streaming session.
VHAL
- Starting with 1.23.0, the VNDK version required for building a custom VHAL is 34.
Android vendor image
- WiFi support for all Android versions.
Other
- Android security updates for September 2024 (see Android Security Bulletin - September 2024 for more information).
- The Android WebView has been updated to 128.0.6613.127.
Known issues
-
Since version 1.23.0, the Anbox WebRTC Data Proxy service starts on demand rather than at container startup. However, its startup time may take longer than expected, which can negatively impact the out-of-band data exchange between the WebRTC server and client. This issue can be worked around by applying the following tweak in a pre-start hook.
#!/bin/sh -ex if [ "$CONTAINER_TYPE" = "regular" ]; then exit 0 fi DROP_IN_DIR=/etc/systemd/system/anbox-webrtc-data-proxy.service.d/ sudo mkdir -p "${DROP_IN_DIR}" sudo tee "${DROP_IN_DIR}/override.conf" > /dev/null <<EOF [Install] WantedBy=multi-user.target EOF sudo systemctl daemon-reload sudo systemctl enable anbox-webrtc-data-proxy
-
Launching a VM image with default size fails with the following error:
$ amc launch -r --vm jammy:android13:arm64 Error: Failed creating instance from image: Source image size (16106127360) exceeds specified volume size (15000010752)
To work around this issue, specify a disk size when launching the image:
$ amc launch -r --vm jammy:android13:arm64 --disk-size 20GB
CVEs
CVE-2024-8287 was found and fixed in the Anbox Cloud 1.23.1 release.
The Anbox Cloud 1.23.1 release includes fixes from the respective upstreams for the following CVEs:
CVE | Affected Components |
---|---|
CVE-2024-4067 | Anbox Cloud dashboard, Anbox Cloud Appliance |
CVE-2024-39338 | Anbox Cloud dashboard, Anbox Cloud Appliance |
CVE-2024-32896 | AOSP 12/13/14 image, AAOS 13 image |
CVE-2024-40650 | AOSP 12/13/14 image, AAOS 13 image |
CVE-2024-40652 | AOSP 12/13/14 image, AAOS 13 image |
CVE-2024-40654 | AOSP 12/13/14 image, AAOS 13 image |
CVE-2024-40655 | AOSP 12/13/14 image, AAOS 13 image |
CVE-2024-40656 | AOSP 12/13/14 image, AAOS 13 image |
CVE-2024-40657 | AOSP 12/13/14 image, AAOS 13 image |
CVE-2024-40658 | AOSP 12/13/14 image, AAOS 13 image |
CVE-2024-40659 | AOSP 14 image |
CVE-2024-40662 | AOSP 12/13/14 image, AAOS 13 image |
Bug fixes
- LP 2080334 Peer connection fails with the following error:
InvalidStateError: remote description is not set
. - LP 2080329 After deploying the new epoch=1 version of the appliance behind a NAT, services are not publicly accessible even when configured for public access.
- LP 2077999 For most of the WebRTC signaling messages exchanged between client and Anbox, the first discover message takes ~2s to receive a response.
- LP 2077944 A session that enters into an error status cannot be revived again even when the associated instance is started again.
- LP 2077188 When using the Anbox Cloud Appliance, the dashboard UI displays a
Something unexpected has gone wrong
error after 5 seconds. - LP 2077116 The new version of the Anbox Cloud Appliance (epoch=1) is missing required firewall rules on Oracle Cloud deployments.
- LP 2076893 Instances without GPU encoding fail to start.
- LP 2076593 In regular Anbox Cloud deployments, when trying to register the web dashboard, the dashboard displays an error that it is missing information to connect to either the Anbox Management Service (AMS) or the Anbox Stream Gateway. This error is caused due the dashboard charm failing to generate the certificate and key.
- LP 2076894 The new epoch=1 version of the appliance uses a node preparation script which does not detect the history of enabling Anbox Cloud on Ubuntu Pro, irrespective of the Ubuntu release.
- LP 2077898 Screen resolution selector for AAOS doesn’t show predefined resolutions when creating a new instance for the first time (no instances or applications exist).
- Private bugs:
Upgrade instructions
See Upgrade Anbox Cloud or Upgrade the Anbox Cloud Appliance for instructions on how to update your Anbox Cloud deployment to the 1.23.1 release.