v1.31.X

Upgrade Notice

Before upgrading from earlier releases, be sure to read the Kubernetes Urgent Upgrade Notes.

Version	Release date	Kubernetes	Kine	SQLite	Etcd	Containerd	Runc	Flannel	Metrics-server	Traefik	CoreDNS	Helm-controller	Local-path-provisioner
v1.31.11+k3s1	Jul 26 2025	v1.31.11	v0.13.17	3.49.1	v3.5.21-k3s1	v2.0.5-k3s2.32	v1.2.6	v0.27.0	v0.7.2	v2.11.24	v1.12.1	v0.16.13	v0.0.31
v1.31.10+k3s1	Jun 30 2025	v1.31.10	v0.13.15	3.49.1	v3.5.21-k3s1	v2.0.5-k3s1.32	v1.2.6	v0.27.0	v0.7.2	v2.11.24	v1.12.1	v0.16.11	v0.0.31
v1.31.9+k3s1	May 23 2025	v1.31.9	v0.13.15	3.49.1	v3.5.21-k3s1	v2.0.5-k3s1.32	v1.2.6	v0.26.7	v0.7.2	v2.11.24	v1.12.1	v0.16.10	v0.0.31
v1.31.8k3s1	May 01 2025	v1.31.8	v0.13.14	3.46.1	v3.5.21-k3s1	v2.0.4-k3s2	v1.2.5	v0.26.7	v0.7.2	v2.11.24	v1.12.1	v0.16.10	v0.0.31
v1.31.7k3s1	Mar 25 2025	v1.31.7	v0.13.9	3.46.1	v3.5.19-k3s1.30	v2.0.4-k3s2	v1.2.5	v0.25.7	v0.7.2	v2.11.20	v1.12.0	v0.16.6	v0.0.31
v1.31.6+k3s1	Feb 27 2025	v1.31.6	v0.13.9	3.46.1	v3.5.18-k3s1	v2.0.2-k3s2	v1.2.4-k3s2	v0.25.7	v0.7.2	v2.11.20	v1.12.0	v0.16.6	v0.0.31
v1.31.5+k3s1	Jan 28 2025	v1.31.5	v0.13.5	3.46.1	v3.5.16-k3s1	v1.7.23-k3s2	v1.2.4-k3s1	v0.25.7	v0.7.2	v2.11.18	v1.12.0	v0.16.5	v0.0.30
v1.31.4+k3s1	Dec 18 2024	v1.31.4	v0.13.5	3.46.1	v3.5.16-k3s1	v1.7.23-k3s2	v1.2.1	v0.25.7	v0.7.2	v2.11.10	v1.12.0	v0.16.5	v0.0.30
v1.31.3+k3s1	Dec 04 2024	v1.31.3	v0.13.5	3.46.1	v3.5.16-k3s1	v1.7.23-k3s2	v1.2.1	v0.25.7	v0.7.2	v2.11.10	v1.11.3	v0.16.5	v0.0.30
v1.31.2+k3s1	Oct 26 2024	v1.31.2	v0.13.2	3.46.1	v3.5.13-k3s1	v1.7.22-k3s1	v1.1.14	v0.25.6	v0.7.2	v2.11.10	v1.11.3	v0.16.5	v0.0.30
v1.31.1+k3s1	Sep 19 2024	v1.31.1	v0.12.0	3.44.0	v3.5.13-k3s1	v1.7.21-k3s2	v1.1.14	v0.25.6	v0.7.2	v2.11.8	v1.11.3	v0.16.4	v0.0.28
v1.31.0+k3s1	Sep 02 2024	v1.31.0	v0.12.0	3.44.0	v3.5.13-k3s1	v1.7.20-k3s1	v1.1.12	v0.25.4	v0.7.0	v2.10.7	v1.10.1	v0.16.3	v0.0.28

Version

Release date

Kubernetes

Kine

SQLite

Etcd

Containerd

Runc

Flannel

Metrics-server

Traefik

CoreDNS

Helm-controller

Local-path-provisioner

Jul 26 2025

Jun 30 2025

May 23 2025

May 01 2025

Mar 25 2025

Feb 27 2025

Jan 28 2025

Dec 18 2024

Dec 04 2024

Oct 26 2024

Sep 19 2024

Sep 02 2024

Release v1.31.11+k3s1

This release updates Kubernetes to v1.31.11, and fixes a number of issues.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.31.10+k3s1:

Add usage description for etcd-snapshot (#12572)
Refac shell completion to a better command structure (#12604)
- K3s completion shell command will now be separate to specific subcommands for bash and zsh
GHA + Testing Backports (#12610)
Backports for 2025-07 (#12642)
Update to v1.31.11-k3s1 (#12650)

Release v1.31.10+k3s1

This release updates Kubernetes to v1.31.10, and fixes a number of issues.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.31.9+k3s1:

GHCR image release (#12461)
Backports for 2025-06 (#12498)
Bump helm-controller (#12520)
Update network components (#12515)
Update to v1.31.10-k3s1 and Go 1.23.10 (#12531)

Release v1.31.9+k3s1

This release updates Kubernetes to v1.31.9, and fixes a number of issues.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.31.8+k3s1:

Testing backports for 2025 May (#12234)
Backports for May (#12317)
Backports for 2025-05 (#12328)
Fix authorization-config/authentication-config handling (#12346)
Fix secretsencrypt race conditions (#12357)
Update to v1.31.9-k3s1 and Go 1.23.8 (#12363)
Fix startup e2e test (#12371)

Release v1.31.8+k3s1

This release updates Kubernetes to v1.31.8, and fixes a number of issues.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.31.7+k3s1:

Migrate to UrfaveCLI v2 (#12030)
Improve readiness polling on node startup (#12037)
Fix issue caused by default authorization-mode apiserver arg (#12044)
Cleanup anonymous and named volumes for docker tests (#12069) (#12076)
Add support for secretbox encryption provider with the k3s secrets-encrypt command (#12066)
- Users can now configure secrets encryption to use secretbox provider by setting the secrets-encryption-provider flag.
Add error in certificate check (#12097)
Backports for 2025-04 (#12105)
Bump kine for nats-server/v2 CVE-2025-30215 (#12142)
Drone Test Split and Reduction (#12150)
More backports for 2025-04 (#12168)
Fix handler panic when bootstrapper returns empty peer list (#12179)
Bump traefik to v2.11.24 (#12190)
Update to v1.31.8-k3s1 and Go 1.23.6 (#12207)

Release v1.31.7k3s1

This release updates Kubernetes to v1.31.7, and fixes a number of issues.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.31.6k3s1:

Revert “Add ability to pass configuration options to flannel backend” (#11868)
Backport Docker E2E testing PRs for 2025 March (#11887)
Backports for 2025-03 (#11920)
Bump klipper-lb to v0.4.13 (#11927)
Fix syncing empty list of apiserver addresses during initial startup (#11954)
Update to v1.31.7-k3s1 (#11958)
Fix skew test for release candidates (#11990)
Bump to containerd v2.0.4 (#12004)
Fix upgrade test container version (#11999)

Release v1.31.6+k3s1

This release updates Kubernetes to v1.31.6, and fixes a number of issues.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.31.5+k3s1:

Correct the k3s token command help (#11685)
Jan 2025 Testing Overhaul, E2E to Docker Migration, (#11724)
Backports for 2025-02 (#11732)
- Align the CLI-reported default --etcd-snapshot-dir value with the actual one (server, etcd-snapshot commands).
- Disable s3 transport transparent compression/decompression
- Etcd snapshot backup/restore now supports loading s3 credentials from an AWS SDK shared credentials file.
- Bump klipper-helm to v0.9.4
- Bump klipper-lb to v0.4.10
- Bump spegel to v0.0.30
- Bump local-path-provisioner to v0.0.31
- Bump kine to v0.13.8
- Bump etcd to v3.5.18
- Bump traefik to 2.11.20
- Containerd has been bumped to version 2.0.
- The containerd config templates for linux and windows have been consolidated and are no longer os-specific.
- Containerd 2.0 uses a new config file schema. If you are using a custom containerd config template, you should migrate your template to config-v3.toml.tmpl to switch to the new version. See the upstream documentation for more information.
Bump traefik to v2.11.20 (#11763)
Update to v1.31.6-k3s1 and Go 1.22.12 (#11787)
Render CNI dir config whenever vars are set (#11820)
Bump containerd for go-cni deadlock fix (#11834)

Release v1.31.5+k3s1

This release updates Kubernetes to v1.31.5, and fixes a number of issues.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.31.4+k3s1:

Add guardrail for etcd-snapshot (#11393)
Backports for 2025-01 (#11566)
Add auto import images for containerd image store (#11562)
2025 January Backports (#11588)
Load kernel modules for nft in agent setup (#11596)
Fix local password validation when bind-address is set (#11611)
Update to v1.31.5-k3s1 and Go 1.22.10 (#11621)
Remove local restriction for deferred node password validation (#11649)

Release v1.31.4+k3s1

This release updates Kubernetes to v1.31.4, and fixes a number of issues.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.31.3+k3s1:

Fix secrets-encrypt reencrypt timeout error (#11442)
Remove experimental from embedded-registry flag (#11444)
Rework loadbalancer server selection logic (#11457)
- The embedded client loadbalancer that handles connectivity to control-plane elements has been extensively reworked for improved performance, reliability, and observability.
Update coredns to 1.12.0 (#11454)
Add node-internal-dns/node-external-dns address pass-through support … (#11464)
Update to v1.31.4-k3s1 and Go 1.22.9 (#11462)

Release v1.31.3+k3s1

This release updates Kubernetes to v1.31.3, and fixes a number of issues.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.31.2+k3s1:

Backport E2E GHA fixes (#11230)
Backports for 2024-11 (#11261)
Update flannel and base cni plugins version (#11247)
Bump to latest k3s-root version in scripts/version.sh (#11302)
More backports for 2024-11 (#11307)
Fix issue with loadbalancer failover to default server (#11324)
Update Kubernetes to v1.31.3-k3s1 (#11372)
Bump containerd to -k3s2 to fix rewrites (#11403)

Release v1.31.2+k3s1

This release updates Kubernetes to v1.31.2, and fixes a number of issues.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.31.1+k3s1:

Add int test for flannel-ipv6masq (#10904)
Bump Wharfie to v0.6.7 (#10974)
Add user path to runtimes search (#11002)
Add e2e test for advanced fields in services (#11023)
Launch private registry with init (#11048)
Backports for 2024-10 (#11054)
Allow additional Rootless CopyUpDirs through K3S_ROOTLESS_COPYUPDIRS (#11041)
Bump containerd to v1.7.22 (#11072)
Simplify svclb ds (#11079)
Add the nvidia runtime cdi (#11093)
Revert "Make svclb as simple as possible" (#11118)
Fixes "file exists" error from CNI bins when upgrading k3s (#11125)
Update Kubernetes to v1.31.2 (#11155)

Release v1.31.1+k3s1

This release updates Kubernetes to v1.31.1, and fixes a number of issues. For more details on what’s new, see the Kubernetes release notes.

Changes since v1.31.0+k3s1:

Testing And Secrets-Encryption Backports for 2024-09 (#10802)
- Remove secrets encryption controller
- Cover edge case when on new minor release for E2E upgrade test
Update CNI plugins version (#10817)
Backports for 2024-09 (#10842)
Fix hosts.toml header var (#10871)
Update Kubernetes to v1.31.1 (#10895)
Update Kubernetes to v1.31.1-k3s3 (#10910)

Release v1.31.0+k3s1

This release is K3S’s first in the v1.31 line. This release updates Kubernetes to v1.31.0.

For more details on what’s new, see the Kubernetes release notes.

Changes since v1.30.4+k3s1:

Move test-compat docker test to GHA (#10414)
Check for bad token permissions when install via PR (#10387)
Bump k3s-root to v0.14.0 (#10466)
- The k3s bundled userspace has been bumped to a release based on buildroot 2024.02.3, addressing several CVEs in busybox and coreutils.
Fix INSTALL_K3S_PR support (#10472)
Add data-dir to uninstall and killall scripts (#10473)
Bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 (#10400)
Bump golang:alpine image version (#10359)
Bump Local Path Provisioner version (#10394)
Ensure remotedialer kubelet connections use kubelet bind address (#10480)
- Fixed an issue where setting the --bind-address flag to a non-loopback or wildcard address would prevent kubectl logs from working properly.
Bump Trivy version (#10339)
Add etcd s3 config secret implementation (#10340)
- A proxy can now be configured for use when uploading etcd snapshots to a s3-compatible storage service. This overrides any proxy settings passed via environment variables.
- Credentials and endpoint configuration for storing etcd snapshots on a s3-compatible storage service can now be read from a Secret, instead of passing them via the CLI or config file. See https://github.com/k3s-io/k3s/blob/master/docs/adrs/etcd-s3-secret.md for more information.
For E2E upgrade test, automatically determine the channel to use (#10461)
Bump kine to v0.11.11 (#10494)
Fix loadbalancer reentrant rlock (#10511)
- Fixed an issue that could cause the agent loadbalancer to deadlock when the currently in-use server goes down.
Don’t use server value from config file for etcd-snapshot commands (#10514)
- The --server and --token flags for the k3s etcd-snapshot command have been renamed to --etcd-server and --etcd-token, to avoid unintentionally running snapshot management commands against a remote node when the cluster join address or token are present in a config file.
Use pagination when listing large numbers of resources (#10527)
Fix multiple issues with servicelb (#10552)
- Fixed issue that caused ServiceLB to fail to create a daemonset for services with long names
- Fixed issue that caused ServiceLB pods to crashloop on nodes with ipv6 disabled at the kernel level
Enhance E2E Hardened option (#10558)
Allow Pprof and Superisor metrics in standalone mode (#10576)
Use higher QPS for secrets reencryption (#10571)
Fix issues loading data-dir value from env vars or dropin config files (#10591)
Remove deprecated use of wait. functions (#10546)
Wire lasso metrics up to metrics endpoint (#10528)
Update stable channel to v1.30.3+k3s1 (#10647)
Bump docker/docker to v25.0.6 (#10642)
Add a change for killall to not unmount server and agent directory (#10403)
Allow edge case OS rpm installs (#10680)
Bump containerd to v1.7.20 (#10659)
Update to newer OS images for install testing (#10681)
Bump helm-controller to v0.16.3 to drop Helm v2 support (#10628)
Add toleration support to ServiceLB DaemonSet (#10687)
- - New Feature: Users can now define Kubernetes tolerations for ServiceLB DaemonSet directly in the svccontroller.k3s.cattle.io/tolerations annotation on services.
Fix: Add $SUDO prefix to transactional-update commands in install script (#10531)
Update to v1.30.3-k3s1 and Go 1.22.5 (#10707)
Fix caching name for e2e vagrant box (#10695)
Fix k3s-killall.sh support for custom data dir (#10709)
Adding MariaDB to README.md (#10717)
Bump Trivy version (#10670)
V1.31.0-k3s1 (#10715)
Update kubernetes to v1.31.0-k3s3 (#10780)