Anbox Cloud 1.23.1 has been released

1.23.1

The Anbox Cloud team is pleased to announce the release of Anbox Cloud 1.23.0.

Please see component versions for a list of updated components.

New features & improvements

Anbox Cloud Appliance

  • You can now set the following appliance network configuration using anbox-cloud-appliance config set:
    • The network’s public IP address (network.public_address)
    • The network’s DNS name (network.location).
  • You can now configure the CORS settings for those API endpoints that the appliance reverse proxy passes to the Anbox Stream Gateway. You can set the following using the anbox-cloud-appliance config set command:
    • The HTTP origin (core.https_allowed_origin)
    • List of allowed HTTP headers (core.https_allowed_headers)
    • List of allowed HTTP methods (core.https_allowed_methods)
  • You can skip setting up coturn when initialising the appliance and can configure a custom STUN server.
  • The prepare-node-script command is extended to support systems with an already installed NVIDIA driver.
  • You can now set up a custom identity provider for the dashboard by configuring an OpenID Connect provider through the preseed configuration when initialising the appliance.

Streaming

  • With the 1.23.0 release, the functionalities of the Instances page and the Sessions page on the web dashboard were merged. For debugging purposes, viewing a list of available sessions can be really useful. With the 1.23.1 release, you can list all available sessions using the anbox-stream-gateway sessions list command.
  • You can dynamically change the display density when joining an existing streaming session.

VHAL

  • Starting with 1.23.0, the VNDK version required for building a custom VHAL is 34.

Android vendor image

  • WiFi support for all Android versions.

Other

Known issues

  • Since version 1.23.0, the Anbox WebRTC Data Proxy service starts on demand rather than at container startup. However, its startup time may take longer than expected, which can negatively impact the out-of-band data exchange between the WebRTC server and client. This issue can be worked around by applying the following tweak in a pre-start hook.

    #!/bin/sh -ex
    if  [ "$CONTAINER_TYPE" = "regular" ]; then
      exit 0
    fi
    
    DROP_IN_DIR=/etc/systemd/system/anbox-webrtc-data-proxy.service.d/
    sudo mkdir -p "${DROP_IN_DIR}"
    sudo tee "${DROP_IN_DIR}/override.conf" > /dev/null <<EOF
    [Install]
    WantedBy=multi-user.target
    EOF
    
    sudo systemctl daemon-reload
    sudo systemctl enable anbox-webrtc-data-proxy
    
  • Launching a VM image with default size fails with the following error:

    $ amc launch -r --vm jammy:android13:arm64
    Error: Failed creating instance from image: Source image size (16106127360) exceeds specified volume size (15000010752)
    

    To work around this issue, specify a disk size when launching the image:

    $ amc launch -r --vm jammy:android13:arm64 --disk-size 20GB
    

CVEs

CVE-2024-8287 was found and fixed in the Anbox Cloud 1.23.1 release.

The Anbox Cloud 1.23.1 release includes fixes from the respective upstreams for the following CVEs:

CVE Affected Components
CVE-2024-4067 Anbox Cloud dashboard,
Anbox Cloud Appliance
CVE-2024-39338 Anbox Cloud dashboard,
Anbox Cloud Appliance
CVE-2024-32896 AOSP 12/13/14 image,
AAOS 13 image
CVE-2024-40650 AOSP 12/13/14 image,
AAOS 13 image
CVE-2024-40652 AOSP 12/13/14 image,
AAOS 13 image
CVE-2024-40654 AOSP 12/13/14 image,
AAOS 13 image
CVE-2024-40655 AOSP 12/13/14 image,
AAOS 13 image
CVE-2024-40656 AOSP 12/13/14 image,
AAOS 13 image
CVE-2024-40657 AOSP 12/13/14 image,
AAOS 13 image
CVE-2024-40658 AOSP 12/13/14 image,
AAOS 13 image
CVE-2024-40659 AOSP 14 image
CVE-2024-40662 AOSP 12/13/14 image,
AAOS 13 image

Bug fixes

  • LP 2080334 Peer connection fails with the following error: InvalidStateError: remote description is not set.
  • LP 2080329 After deploying the new epoch=1 version of the appliance behind a NAT, services are not publicly accessible even when configured for public access.
  • LP 2077999 For most of the WebRTC signaling messages exchanged between client and Anbox, the first discover message takes ~2s to receive a response.
  • LP 2077944 A session that enters into an error status cannot be revived again even when the associated instance is started again.
  • LP 2077188 When using the Anbox Cloud Appliance, the dashboard UI displays a Something unexpected has gone wrong error after 5 seconds.
  • LP 2077116 The new version of the Anbox Cloud Appliance (epoch=1) is missing required firewall rules on Oracle Cloud deployments.
  • LP 2076893 Instances without GPU encoding fail to start.
  • LP 2076593 In regular Anbox Cloud deployments, when trying to register the web dashboard, the dashboard displays an error that it is missing information to connect to either the Anbox Management Service (AMS) or the Anbox Stream Gateway. This error is caused due the dashboard charm failing to generate the certificate and key.
  • LP 2076894 The new epoch=1 version of the appliance uses a node preparation script which does not detect the history of enabling Anbox Cloud on Ubuntu Pro, irrespective of the Ubuntu release.
  • LP 2077898 Screen resolution selector for AAOS doesn’t show predefined resolutions when creating a new instance for the first time (no instances or applications exist).
  • Private bugs:

Upgrade instructions

See Upgrade Anbox Cloud or Upgrade the Anbox Cloud Appliance for instructions on how to update your Anbox Cloud deployment to the 1.23.1 release.