1.23.1

These release notes cover new features and changes in Anbox Cloud 1.23.1.

Anbox Cloud 1.23.1 is a patch release. To understand minor and patch releases, see Release notes.

Please see Component versions for a list of updated components.

Requirements

See the Requirements for details on general and deployment specific requirements to run Anbox Cloud.

New features & improvements

Anbox Cloud Appliance

• You can now set the following appliance network configuration using anbox-cloud-appliance config set:

  • The network’s public IP address (network.public_address)

  • The network’s DNS name (network.location).

• You can now configure the CORS settings for those API endpoints that the appliance reverse proxy passes to the Anbox Stream Gateway. You can set the following using the anbox-cloud-appliance config set command:

  • The HTTP origin (core.https_allowed_origin)

  • List of allowed HTTP headers (core.https_allowed_headers)

  • List of allowed HTTP methods (core.https_allowed_methods)

• You can skip setting up coturn when initialising the appliance and can configure a custom STUN server.

• The prepare-node-script command is extended to support systems with an already installed NVIDIA driver.

• You can now set up a custom identity provider for the dashboard by configuring an OpenID Connect provider through the preseed configuration when initialising the appliance.

Streaming

• With the 1.23.0 release, the functionalities of the Instances page and the Sessions page on the web dashboard were merged. For debugging purposes, viewing a list of available sessions can be really useful. With the 1.23.1 release, you can list all available sessions using the anbox-stream-gateway sessions list command.

• You can dynamically change the display density when joining an existing streaming session.

VHAL

• Starting with 1.23.0, the VNDK version required for building a custom VHAL is 34.

Android vendor image

• WiFi support for all Android versions.

Other

• Android security updates for September 2024 (see Android Security Bulletin - September 2024 for more information).

• The Android WebView has been updated to 128.0.6613.127.

Known issues

• Since version 1.23.0, the Anbox WebRTC Data Proxy service starts on demand rather than at container startup. However, its startup time may take longer than expected, which can negatively impact the out-of-band data exchange between the WebRTC server and client. This issue can be worked around by applying the following tweak in a pre-start hook.

  #!/bin/sh -ex
  if  [ "$CONTAINER_TYPE" = "regular" ]; then
    exit 0
  fi
  
  DROP_IN_DIR=/etc/systemd/system/anbox-webrtc-data-proxy.service.d/
  sudo mkdir -p "${DROP_IN_DIR}"
  sudo tee "${DROP_IN_DIR}/override.conf" > /dev/null <<EOF
  [Install]
  WantedBy=multi-user.target
  EOF
  
  sudo systemctl daemon-reload
  sudo systemctl enable anbox-webrtc-data-proxy
  

• Launching a VM image with default size fails with the following error:

  $ amc launch -r --vm jammy:android13:arm64
  Error: Failed creating instance from image: Source image size (16106127360) exceeds specified volume size (15000010752)
  

  To work around this issue, specify a disk size when launching the image:

  $ amc launch -r --vm jammy:android13:arm64 --disk-size 20GB
  

CVEs

CVE-2024-8287 was found and fixed in the Anbox Cloud 1.23.1 release.

The Anbox Cloud 1.23.1 release includes fixes from the respective upstreams for the following CVEs:

CVE	Affected Components
CVE-2024-4067	Anbox Cloud dashboard, Anbox Cloud Appliance
CVE-2024-39338	Anbox Cloud dashboard, Anbox Cloud Appliance
CVE-2024-32896	AOSP 12/13/14 image, AAOS 13 image
CVE-2024-40650	AOSP 12/13/14 image, AAOS 13 image
CVE-2024-40652	AOSP 12/13/14 image, AAOS 13 image
CVE-2024-40654	AOSP 12/13/14 image, AAOS 13 image
CVE-2024-40655	AOSP 12/13/14 image, AAOS 13 image
CVE-2024-40656	AOSP 12/13/14 image, AAOS 13 image
CVE-2024-40657	AOSP 12/13/14 image, AAOS 13 image
CVE-2024-40658	AOSP 12/13/14 image, AAOS 13 image
CVE-2024-40659	AOSP 14 image
CVE-2024-40662	AOSP 12/13/14 image, AAOS 13 image

Bug fixes

• LP 2080334 Peer connection fails with the following error: InvalidStateError: remote description is not set.

• LP 2080329 After deploying the new epoch=1 version of the appliance behind a NAT, services are not publicly accessible even when configured for public access.

• LP 2077999 For most of the WebRTC signaling messages exchanged between client and Anbox, the first discover message takes ~2s to receive a response.

• LP 2077944 A session that enters into an error status cannot be revived again even when the associated instance is started again.

• LP 2077188 When using the Anbox Cloud Appliance, the dashboard UI displays a Something unexpected has gone wrong error after 5 seconds.

• LP 2077116 The new version of the Anbox Cloud Appliance (epoch=1) is missing required firewall rules on Oracle Cloud deployments.

• LP 2076893 Instances without GPU encoding fail to start.

• LP 2076593 In regular Anbox Cloud deployments, when trying to register the web dashboard, the dashboard displays an error that it is missing information to connect to either the Anbox Management Service (AMS) or the Anbox Stream Gateway. This error is caused due the dashboard charm failing to generate the certificate and key.

• LP 2076894 The new epoch=1 version of the appliance uses a node preparation script which does not detect the history of enabling Anbox Cloud on Ubuntu Pro, irrespective of the Ubuntu release.

• LP 2077898 Screen resolution selector for AAOS doesn’t show predefined resolutions when creating a new instance for the first time (no instances or applications exist).

• Private bugs:

  • LP 2076494

  • LP 2071806

  • LP 2071925

  • LP 2075494

Upgrade instructions

See How to upgrade Anbox Cloud and How to upgrade the Anbox Cloud Appliance for instructions on how to update your Anbox Cloud deployment to the 1.23.1 release.