Skip to content

Releases: k3s-io/containerd

containerd 1.7.23

06 Nov 01:39
v1.7.23
57f17b0
Compare
Choose a tag to compare

Welcome to the v1.7.23 release of containerd!

The twenty-third patch release for containerd 1.7 contains various fixes
and updates.

Highlights

  • Add errdefs aliases (#10792)
  • Allow proxy plugins to have capabilities (#10731)
  • Revert errdefs package migration (#10712)

Container Runtime Interface (CRI)

  • Add check for CNI plugins before tearing down pod network (#10767)

Image Distribution

  • Fix the race condition during GC of snapshots when client retries (#10763)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Austin Vazquez
  • Phil Estes
  • Akihiro Suda
  • Samuel Karp
  • Maksym Pavlenko
  • Kern Walster
  • Kir Kolyshkin
  • Saket Jajoo
  • Sameer
  • Wei Fu
  • Zou Nengren
  • bo.jiang

Changes

37 commits

  • Prepare release notes for v1.7.23 (#10802)
    • 921f554af Prepare release notes for v1.7.23
  • Revert "update runc binary to 1.1.15" (#10826)
    • 8f16d6588 Revert "update runc binary to 1.1.15"
  • Switch from actuated.dev to GH Action runners for arm64 (#10822)
    • 41e8f24cd Switch from actuated.dev to GH Action runners for arm64
    • dd811f224 Update github actions ci to run on forks
  • bump golangci/golangci-lint-action from 4 to 6 (#10813)
    • 284484af4 bump golangci/golangci-lint-action from 4 to 6
  • update to go1.23.2,go1.22.8 (#10808)
  • prow: allow ENABLE_CRI_SANDBOXES to be configured (#10801)
    • ae11176fa prow: allow ENABLE_CRI_SANDBOXES to be configured
  • TestNewBinaryIOCleanup: fix a comment, minor rewrite (#10776)
    • 7fd794a7c TestNewBinaryIOCleanup: fix a comment, minor rewrite
  • Add errdefs aliases (#10792)
  • Update runc binary to 1.1.15 (#10794)
  • Update runner images to macOS13 (#10783)
  • Allow proxy plugins to have capabilities (#10731)
    • 950740390 Allow proxy plugins to have capabilities
  • Bump crun to 1.16.1 (#10774)
  • Fix the race condition during GC of snapshots when client retries (#10763)
    • cb5e6a01a Fix the race condition during GC of snapshots when client retries
  • Add check for CNI plugins before tearing down pod network (#10767)
    • 278bd0f72 [release/1.7] Add check for CNI plugins before tearing down pod network
  • Revert errdefs package migration (#10712)
    • 18403239e Synchronize 1.7 error package with errdefs
    • d8d27205b Revert "migrate errdefs package to github.com/containerd/errdefs module"
    • e82d201b3 Revert "replace uses of github.com/containerd/containerd/errdefs"
    • 51939238f Revert "errdefs: denote deprecation as a godoc comment"
    • ae80077e8 Revert "golangci-lint: enable depguard for packages that moved"
    • 32675f983 Revert "remove imports of errdefs package"

Changes from containerd/errdefs

29 commits

Dependen...

Read more

containerd 1.7.22

10 Oct 21:15
v1.7.22
7f7fdf5
Compare
Choose a tag to compare

Welcome to the v1.7.22 release of containerd!

The twenty-second patch release for containerd 1.7 contains various fixes
and updates.

Highlights

Build and Release Toolchain

  • Update to go1.22.7, go1.23.1 (#10679)

Container Runtime Interface (CRI)

  • Cumulative stats can't decrease (#10670)

Runtime

  • Fix bug where init exits were being dropped (#10675)
  • Update runc binary to 1.1.14 (#10668)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Samuel Karp
  • James Sturtevant
  • Laura Brehm
  • Maksym Pavlenko
  • Akhil Mohan
  • Akihiro Suda
  • Cory Snider
  • Derek McGowan
  • Sebastiaan van Stijn

Changes

16 commits

  • Prepare release notes for v1.7.22 (#10684)
    • 43174ee6a Prepare release notes for v1.7.22
  • integration: regression test for issue 10589 (#10682)
    • 0c4ba21d8 integration: regression test for issue 10589
    • 1cc2cfa4b fifosync: cross-process synchronization
  • Fix bug where init exits were being dropped (#10675)
    • f338717ed runc-shim: handle pending execs as running
    • 686c69490 runc-shim: refuse to start execs after init exits
    • 760935e52 runc-shim: remove misleading comment
  • Update to go1.22.7, go1.23.1 (#10679)
  • Cumulative stats can't decrease (#10670)
  • Update runc binary to 1.1.14 (#10668)

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.7.21

containerd 1.7.21

03 Sep 23:26
v1.7.21
4727319
Compare
Choose a tag to compare

Welcome to the v1.7.21 release of containerd!

The twenty-first patch release for containerd 1.7 contains various fixes
and updates.

Highlights

  • Regenerate introspection UUID if state is empty (#10510)
  • Set stderr to empty string when using terminal on Windows (#10499)

Build and Release Toolchain

  • Move builds to Go 1.22 and add support for testing with 1.23 (#10596)

Container Runtime Interface (CRI)

  • Borrow latest wsstream from k8s v1.31.x to 1.7 (#10575)
  • Ensure the CRIAPIV1Alpha2 warning's lastOccurrence is accurate (#10571)
  • Make StopContainer idempotent (#10528)
  • Make StopPodSandbox idempotent (#10527)

Go client

  • Fix failed force deletion for tasks with PID 0 (#10523)

Runtime

  • Fix packaged runc reporting incorrect version (#10559)
  • Ensure /run/containerd gets created with correct perms (#10534)

Deprecations

  • Ensure the CRIAPIV1Alpha2 warning's lastOccurrence is accurate (#10571)
  • Update warnings for deprecated CRI config fields (#10512)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Davanum Srinivas
  • Samuel Karp
  • Sebastiaan van Stijn
  • Phil Estes
  • Maksym Pavlenko
  • Akhil Mohan
  • Chris Henzie
  • Derek McGowan
  • Kazuyoshi Kato
  • Sascha Grunert
  • Akihiro Suda
  • Erikson Tung
  • Iceber Gu
  • Mauri de Souza Meneguzzo
  • Mike Brown
  • Shengjing Zhu
  • TinaMor
  • rongfu.leng

Changes

45 commits

  • Prepare release notes for v1.7.21 (#10632)
    • 975f279ee Prepare release notes for v1.7.21
  • go.mod: keep minimum go version at go1.21 (#10633)
    • d63bd8464 go.mod: keep minimum go version at go1.21
  • Move builds to Go 1.22 and add support for testing with 1.23 (#10596)
  • Fix TestNewBinaryIOCleanup on Go 1.23 and Linux 5.4 (#10590)
    • 09ca004de Fix TestNewBinaryIOCleanup on Go 1.23 and Linux 5.4
  • Borrow latest wsstream from k8s v1.31.x to 1.7 (#10575)
    • 9269d97b1 hide wsstream under internal/ to prevent external use
    • 59815fa44 golangci-lint should only look for problems in new code
    • 1c431dc6f Run go mod tidy
    • 226f93d92 Add copyright headers
    • 6f3252733 switch over references to the new package
    • 0a85d476a Fix up some constant references
    • 82bfa44d0 Copy over wsstream from k8s v1.31.0-rc.1 release
  • Ensure the CRIAPIV1Alpha2 warning's lastOccurrence is accurate (#10571)
    • 52b79f337 Update CRIAPIV1Alpha2 warning lastOccurrence every call
  • pkg/userns: deprecate and migrate to github.com/moby/sys/userns (#10564)
    • dce0b5a6d migrate to github.com/moby/sys/userns
    • 65f7d0740 pkg/userns: deprecate and migrate to github.com/moby/sys/user/userns
    • f21675c27 vendor: github.com/moby/sys/user v0.2.0
  • update to go1.21.13 / go1.22.6 (#10570)
  • Fix TestNewBinaryIOCleanup failing with gotip (#10554)
    • 3ff82ba0f Fix TestNewBinaryIOCleanup failing with gotip
  • Fix packaged runc reporting incorrect version (#10559)
    • d51143f6f script/setup/install-runc: fix runc using incorrect version
  • update auths code comment (#10536)
  • Ensure /run/containerd gets created with correct perms (#10534)
    • 16c5fc768 Ensure /run/containerd is created with correct perms
  • Make StopContainer idempotent (#10528)
    • 6da4e40b2 Make StopContainer RPC idempotent
  • Make StopPodSandbox idempotent (#10527)
    • b3b6f1507 Make StopPodSandbox RPC idempotent
  • Fix failed force deletion for tasks with PID 0 (#10523)
    • 0db46f664 client: fix tasks with PID 0 cannot be forced to delete
  • Update warnings for deprecated CRI config fields (#10512)
    • 9afb8dcdf deprecation: update warnings for CRI config fields
  • Regenerate introspection UUID if state is empty (#10510)
    • b140792e4 introspection: regenerate UUID if state is empty
  • Set stderr to empty string when using terminal on Windows (#10499)
    • f9beac3db Set stderr to empty string when using terminal on Windows.

Dependency Changes

  • github.com/moby/sys/userns v0.1.0 new

Previous release can be found at v1.7.20

containerd 1.7.17

17 May 18:46
v1.7.17
3a4de45
Compare
Choose a tag to compare

Welcome to the v1.7.17 release of containerd!

The seventeenth patch release for containerd 1.7 contains various fixes and updates.

Highlights

  • Use LOOP_CONFIGURE when creating loop devices (#10209)
  • Update unpacker to fetch all provided content (#10233)
  • Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts (#10210)
  • Update metadata snapshotter to lease on already exists (#10198)
  • Handle unsupported config versions (#10165)
  • Fix deadlock when writing to pipe blocks (containerd/ttrpc#168)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Stefan Berger
  • Derek McGowan
  • Austin Vazquez
  • Alexandru Matei
  • Maksym Pavlenko
  • Akihiro Suda
  • Bryant Biggs
  • Kevin Parsons
  • Kirtana Ashok
  • Phil Estes
  • Kazuyoshi Kato
  • Kohei Tokunaga
  • Swagat Bora

Changes

43 commits

Changes from containerd/imgcrypt

53 commits

  • CHANGES: Updated CHANGES document for 1.1.8 release (containerd/imgcrypt#122)
    • 956b4d3 CHANGES: Updated CHANGES document for 1.1.8 release
  • Synchronize enc-ctr with upstream ctr from containerd v1.6.23 and use containerd v1.6.23 in dependency (containerd/imgcrypt#120)
    • 9e8e1c1 ctr: Sync code with containerd v1.6.23 ctr
    • 7d2cca5 build(deps): bump containerd from 1.6.20 to 1.6.23
  • Synchronize enc-ctr with upstream ctr from containerd v1.6.20 (containerd/imgcrypt#119)
    • 0f2559e ctr: Sync code with containerd v1.6.20 ctr
    • c48dd78 cmd: Copy IntToInt32Array into img package and use it
  • Update to ocicrypt 1.1.8 and minimum go 1.20 (containerd/imgcrypt#118)
    • 6d48a4e build(deps): bump ocicrypt from 1.1.7 to 1.1.8
    • 1bc94a2 github: Use golangci-lint v1.54.1 and adjust config file
    • 9065f1d github: Test with go 1.21 and go 1.20
    • 74986f3 go.mod: Require go 1.20
  • build(deps): bump google.golang.org/grpc from 1.47.0 to 1.53.0 (containerd/imgcrypt#117)
    • a2a8273 build(deps): bump google.golang.org/grpc from 1.47.0 to 1.53.0
  • test: Test creating and running of container with key file missing (containerd/imgcrypt#116)
    • 286470a test: Test creating and running of container with key file missing
  • Fix some issues in the test script (containerd/imgcrypt#115)
Read more

containerd 1.7.16

17 May 18:44
v1.7.16
8303183
Compare
Choose a tag to compare

Welcome to the v1.7.16 release of containerd!

The sixteenth patch release for containerd 1.7 contains various fixes and updates.

Highlights

  • Update AppArmor template to allow confined runc to kill containers (#10129)
  • Fix config import relative path glob (#9834)
  • Update AppArmor template to better support rootlesskit (#10116)
  • Update HTTP fallback to better account for TLS timeout and previous attempts (#10112)
  • Add support for HPC port forwarding (#10008)
  • Prevent GC from schedule itself with 0 period. (#10102)
  • Fix issue with using invalid token to retry fetching layer (#10065)
  • Automatically decompress archives for transfer service import (#9989)
  • Fix HTTPFallback fails when pushing manifest (#10044)
  • Add support for configuring otel from env and config deprecation notice (#9992)
  • Fix deadlock during NRI plugin registration (containerd/nri#79)

Build and Release Toolchain

  • Update Go to 1.21.9 and 1.22.2 with net/http security fix (#10115)

Container Runtime Interface (CRI)

  • Fix CRI snapshotter root path when not under containerd root (#10096)
  • Fix network creation failure from CreatedAt time as 269 years ago (#10122)
  • Include userns info in PodSandboxStatus (#9865)
  • Fix default working directory Windows HostProcess containers (#10071)
  • Fix ListPodSandboxStats to skip sandboxes with missing tasks (#10042)

Deprecations

  • Add support for configuring otel from env and config deprecation notice (#9992)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Samuel Karp
  • Wei Fu
  • Danny Canter
  • Kazuyoshi Kato
  • Kirtana Ashok
  • Maksym Pavlenko
  • Phil Estes
  • Sebastiaan van Stijn
  • Brian Goff
  • Rodrigo Campos
  • Akihiro Suda
  • Angelos Kolaitis
  • Bin Tang
  • David Porter
  • Edgar Lee
  • Evan Lezar
  • Kirill A. Korinsky
  • Kohei Tokunaga
  • Maksim An
  • Paweł Gronowski
  • Tomáš Virtus
  • 张钰10307750
  • 沈陵

Changes

50 commits

  • Add release notes for v1.7.16 (#10124)
  • Update AppArmor template to allow confined runc to kill containers (#10129)
    • 18a2c36fa apparmor: Allow confined runc to kill containers
  • Fix config import relative path glob (#9834)
    • 62e9535f2 Fix config import relative path glob
  • Fix CRI snapshotter root path when not under containerd root (#10096)
    • a8ebceb97 CRI: "Fix" imageFSPath behavior
    • bd423bf84 Snapshotters: Export the root path
    • 8fb6bfa71 Add exports to proxy plugin config
    • 8916e2cf9 Add platform config to proxy plugins
  • Fix network creation failure from CreatedAt time as 269 years ago (#10122)
    • 293f5151d pod: CreatedAt time will be 269 years ago while creating cri network failed.
  • Update AppArmor template to better support rootlesskit (#10116)
    • af19e746e apparmor: add signal (receive) peer=/usr/local/bin/rootlesskit,
  • Update Go to 1.21.9 and 1.22.2 with net/http security fix (#10115)
  • Update HTTP fallback to better account for TLS timeout and previous attempts (#10112)
    • 794b0c723 Add deprecated HTTPFallback for package compatibility
    • 51c649d9d Update HTTPFallback to handle tls handshake timeout
    • aa14890ed Remove empty default tls configuration in ctr
  • Add support for HPC port forwarding (#10008)
    • 3df5d4445 Add support for HPC port forwarding
  • Prevent GC from schedule itself with 0 period. (#10102)
    • 5c15bf406 Prevent GC from schedule itself with 0 period.
  • Include userns info in PodSandboxStatus (#9865)
    • b57dc9fd3 cri/server: Add userns tests in PodSandboxStatus
    • 6e809ef13 cri: Expose userns in PodSandboxStatus rpc
  • mod: bump github.com/containerd/[email protected] (#10097)
  • Fix issue with using invalid token to retry fetching layer (#10065)
    • f61de0864 fix bug that using invalid token to retry fetching layer
  • Bump tags.cncf.io/container-device-interface to v0.7.2 (#10077)
    • 7a2f49f70 Bump tags.cncf.io/container-device-interface to v0.7.2
  • Fix default working directory Windows HostProcess containers (#10071)
    • 989f1ec54 fix default working directory hostProcess
  • Fix unexpected order of mounts since go 1.19 (#10063)
    • 9f774e438 fix(cri): fix unexpected order of mounts since go 1.19
  • Automatically decompress archives for transfer service import (#9989)
    • 2aec52493 Automatically decompress archives for transfer service import
  • Use different containerd sock address in tests (#10056)
    • 8c76e7948 Use different containerd sock address in tests
  • Fix HTTPFallback fails when pushing manifest (#10044)
    • 18f4ad5ee remote: Fix HTTPFallback fails when pushing manifest
  • Add support for configuring otel from env and config deprecation notice (#9992)
  • Fix ListPodSandboxStats to skip sandboxes with missing tasks (#10042)
    • 90c309fe2 Add IsNotFound case to ListPodSandboxStats

Changes from containerd/nri

5 commits<...
Read more

containerd 1.7.11

10 Dec 08:06
v1.7.11
64b8a81
Compare
Choose a tag to compare

Welcome to the v1.7.11 release of containerd!

The eleventh patch release for containerd 1.7 contains various fixes and updates including
one security issue.

Notable Updates

  • Fix Windows default path overwrite issue (#9440)
  • Update push to always inherit distribution sources from parent (#9452)
  • Update shim to use net dial for gRPC shim sockets (#9458)
  • Fix otel version incompatibility (#9483)
  • Fix Windows snapshotter blocking snapshot GC on remove failure (#9482)
  • Mask /sys/devices/virtual/powercap path in runtime spec and deny in default apparmor profile (GHSA-7ww5-4wqc-m92c)

Deprecation Warnings

  • Emit deprecation warning for AUFS snapshotter (#9436)
  • Emit deprecation warning for v1 runtime (#9450)
  • Emit deprecation warning for deprecated CRI configs (#9469)
  • Emit deprecation warning for CRI v1alpha1 usage (#9479)
  • Emit deprecation warning for CRIU config in CRI (#9481)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Samuel Karp
  • Derek McGowan
  • Phil Estes
  • Bjorn Neergaard
  • Danny Canter
  • Sebastiaan van Stijn
  • ruiwen-zhao
  • Akihiro Suda
  • Amit Barve
  • Charity Kathure
  • Maksym Pavlenko
  • Milas Bowman
  • Paweł Gronowski
  • Wei Fu

Changes

39 commits

  • [release/1.7] Prepare release notes for v1.7.11 (#9491)
    • dfae68bc3 Prepare release notes for v1.7.11
  • [release/1.7] update to go1.20.12, test go1.21.5 (#9352)
    • 0d314401d update to go1.20.12, test go1.21.5
    • 1ec1ae2c6 update to go1.20.11, test go1.21.4
  • Github Security Advisory GHSA-7ww5-4wqc-m92c
    • cb804da21 contrib/apparmor: deny /sys/devices/virtual/powercap
    • 40162a576 oci/spec: deny /sys/devices/virtual/powercap
  • [release/1.7] Don't block snapshot garbage collection on Remove failures (#9482)
    • ed7c6895b Don't block snapshot garbage collection on Remove failures
  • [release/1.7] Add warning for CRIU config usage (#9481)
    • 1fdefdd22 Add warning for CRIU config usage
  • [release/1.7] Fix otel version incompatibility (#9483)
    • f8f659e66 Add HTTP client update function to tracing library
    • 807ddd658 fix(tracing): use latest version of semconv
  • [release/1.7] Add cri-api v1alpha2 usage warning to all api calls (#9479)
    • dc45bc838 Add cri-api v1alpha2 usage warning to all api calls
  • [release/1.7] cri: add deprecation warnings for deprecated CRI configs (#9469)
    • 9d1bad62e deprecation: fix missing spaces in warnings
    • 51a604c07 cri: add deprecation warning for runtime_root
    • 8040e74bf cri: add deprecation warning for rutnime_engine
    • 99adc40eb cri: add deprecation warning for default_runtime
    • afef7ec64 cri: add warning for untrusted_workload_runtime
    • 6220dc190 cri: add warning for old form of systemd_cgroup
  • [release/1.7] runtime/v2: net.Dial gRPC shim sockets before trying grpc (#9458)
    • 80f96cd18 runtime/v2: net.Dial gRPC shim sockets before trying grpc
  • [release/1.7] tasks: emit warning for v1 runtime and runc v1 runtime (#9450)
    • f471bb2b8 tasks: emit warning for runc v1 runtime
    • 329e1d487 tasks: emit warning for v1 runtime
  • [release/1.7] push: always inherit distribution sources from parent (#9452)
    • 4464fde12 push: always inherit distribution sources from parent
  • [release/1.7] Update tar tests to run on Darwin (#9451)
    • 7e069ee25 Update tar tests to run on Darwin
  • [release/1.7] ctr: Add sandbox flag to ctr run (#9449)
  • [release/1.7] Windows default path overwrite fix (#9440)
    • 31fe03764 Fix windows default path overwrite issue
  • [release/1.7] snapshots: emit deprecation warning for aufs (#9436)
    • 625b35e4b snapshots: emit deprecation warning for aufs

Dependency Changes

  • github.com/felixge/httpsnoop v1.0.3 new
  • go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 new

Previous release can be found at v1.7.10

containerd 1.7.10

08 Dec 21:34
v1.7.10
4e1fe74
Compare
Choose a tag to compare

Welcome to the v1.7.10 release of containerd!

The tenth patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

  • Enhance container image unpack client logs (#9379)
  • cri: fix using the pinned label to pin image (#9381)
  • fix: ImagePull should close http connection if there is no available data to read. (#9409)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Wei Fu
  • Iceber Gu
  • Austin Vazquez
  • Derek McGowan
  • Phil Estes
  • Samuel Karp
  • ruiwen-zhao

Changes

11 commits

  • Add release notes for v1.7.10 (#9426)
  • [release/1.7] fix: ImagePull should close http connection if there is no available data to read. (#9409)
  • [release/1.7] cri: fix using the pinned label to pin image (#9381)
    • a2b16d7f9 cri: fix update of pinned label for images
    • 8dc861844 cri: fix using the pinned label to pin image
  • [release/1.7] Enhance container image unpack client logs (#9379)
    • 5930a3750 Enhance container image unpack client logs

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.7.9

containerd 1.7.9

29 Nov 00:47
v1.7.9
4f03e10
Compare
Choose a tag to compare

Welcome to the v1.7.9 release of containerd!

The ninth patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

  • update runc binary to v1.1.10:: (#9359)
  • vendor: upgrade OpenTelemetry to v1.19.0 / v0.45.0 (#9301)
  • Expose usage of cri-api v1alpha2 (#9336)
  • integration: deflake TestIssue9103 (#9354)
  • fix: shimv1 leak issue (#9344)
  • cri: add deprecation warnings for mirrors, auths, and configs (#9327)
  • Update hcsshim tag to v0.11.4 (#9326)
  • Expose usage of deprecated features (#9315)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Samuel Karp
  • Kazuyoshi Kato
  • Wei Fu
  • Kirtana Ashok
  • Derek McGowan
  • Milas Bowman
  • Sebastiaan van Stijn
  • ruiwen-zhao

Changes

28 commits

  • [release/1.7] Add release notes for v1.7.9 (#9333)
  • [release/1.7 backport] update runc binary to v1.1.10 (#9359)
  • [release/1.7] vendor: upgrade OpenTelemetry to v1.19.0 / v0.45.0 (#9301)
    • bd9428ff7 vendor: upgrade OpenTelemetry to v1.19.0 / v0.45.0
  • [release/1.7] Expose usage of cri-api v1alpha2 (#9336)
  • [release/1.7] integration: deflake TestIssue9103 (#9354)
    • 5dbc258a8 integration: deflake TestIssue9103
  • [release/1.7] fix: shimv1 leak issue (#9344)
  • [release/1.7] cri: add deprecation warnings for mirrors, auths, and configs (#9327)
    • 152c57e91 cri: add deprecation warning for configs
    • 689a1036d cri: add deprecation warning for auths
    • 8c38975bf cri: add deprecation warning for mirrors
    • 1fbce40c4 cri: add ability to emit deprecation warnings
  • [release/1.7] Update hcsshim tag to v0.11.4 (#9326)
  • [release/1.7] Expose usage of deprecated features (#9315)
    • 60d48ffea ctr: new deprecations command
    • 74a06671a plugin: record deprecation for dynamic plugins
    • fa5f3c91a server: add ability to record config deprecations
    • f7880e7f0 pull: record deprecation warning for schema 1
    • 1dd2f2c02 introspection: add support for deprecations
    • aaf000c18 api/introspection: deprecation warnings in server
    • 9b7ceee54 warning: new service for deprecations
    • b708f8bfa deprecation: new package for deprecations

Dependency Changes

  • github.com/Microsoft/hcsshim v0.11.1 -> v0.11.4
  • github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
  • github.com/go-logr/logr v1.2.3 -> v1.2.4
  • github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 -> v2.16.0
  • go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.40.0 -> v0.45.0
  • go.opentelemetry.io/otel v1.14.0 -> v1.19.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0 -> v1.19.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0 -> v1.19.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.14.0 -> v1.19.0
  • go.opentelemetry.io/otel/metric v0.37.0 -> v1.19.0
  • go.opentelemetry.io/otel/sdk v1.14.0 -> v1.19.0
  • go.opentelemetry.io/otel/trace v1.14.0 -> v1.19.0
  • go.opentelemetry.io/proto/otlp v0.19.0 -> v1.0.0

Previous release can be found at v1.7.8

containerd 1.7.8

29 Nov 00:47
v1.7.8
8e4b0bd
Compare
Choose a tag to compare

Welcome to the v1.7.8 release of containerd!

The eighth patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

  • Fix ambiguous TLS fallback (#9299)
  • Update Go to 1.20.10 (#9265)
  • Add a new image label on converted schema 1 images (#9252)
  • Fix handling for missing basic auth credentials (#9235)
  • Fix potential deadlock in create handler for containerd-shim-runc-v2 (#9209)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Sebastiaan van Stijn
  • Derek McGowan
  • Phil Estes
  • Chen Yiyang
  • Wei Fu
  • Akihiro Suda
  • Maksym Pavlenko
  • Marat Radchenko
  • Milas Bowman
  • Qiutong Song
  • Samuel Karp

Changes

27 commits

  • [release/1.7] Prepare release notes for v1.7.8 (#9278)
  • [release/1.7] Fix ambiguous tls fallback (#9299)
    • 68abc543b Check scheme and host of request on push redirect
    • 35c7634e3 Avoid TLS fallback when protocol is not ambiguous
  • [release/1.7] vendor: google.golang.org/grpc v1.58.3 (#9281)
  • [release/1.7 backport] vendor: golang.org/x/net v0.17.0 (#9276)
  • [release/1.7] vendor: google.golang.org/grpc v1.56.3 (#9248)
    • 26736d6e1 vendor: google.golang.org/grpc v1.56.3
    • 54a69a6e4 vendor: golang.org/x/oauth2 v0.7.0
    • ac15a7f5b vendor: google.golang.org/protobuf v1.30.0
  • [release/1.7] update to go1.20.10, test go1.21.3 (#9265)
    • 2479c3321 [release/1.7] update to go1.20.10, test go1.21.3
    • 11f40e9d8 [release/1.7] update to go1.20.9, test go1.21.2
  • [release/1.7] Add a new image label if it is docker schema 1 (#9252)
    • cac1bab79 Add a new image label if it is docker schema 1
  • [release/1.7] remotes: add handling for missing basic auth credentials (#9235)
    • 6cd2cc4a8 remotes: add handling for missing basic auth credentials
  • [release/1.7 backport] containerd-shim-runc-v2: avoid potential deadlock in create handler (#9209)
    • d0a1fedb5 *: add runc-fp as runc wrapper to inject failpoint
    • 04491240a containerd-shim-runc-v2: avoid potential deadlock in create handler
    • 6982a0df5 containerd-shim-runc-v2: remove unnecessary s.getContainer()
    • 0e2320398 Uncopypaste parsing of OCI Bundle spec file

Dependency Changes

  • golang.org/x/crypto v0.11.0 -> v0.14.0
  • golang.org/x/mod v0.9.0 -> v0.11.0
  • golang.org/x/net v0.13.0 -> v0.17.0
  • golang.org/x/oauth2 v0.4.0 -> v0.10.0
  • golang.org/x/sync v0.1.0 -> v0.3.0
  • golang.org/x/sys v0.10.0 -> v0.13.0
  • golang.org/x/term v0.10.0 -> v0.13.0
  • golang.org/x/text v0.11.0 -> v0.13.0
  • golang.org/x/tools v0.7.0 -> v0.10.0
  • google.golang.org/genproto 7f2fa6fef1f4 -> 782d3b101e98
  • google.golang.org/genproto/googleapis/api 782d3b101e98 new
  • google.golang.org/genproto/googleapis/rpc 782d3b101e98 new
  • google.golang.org/grpc v1.53.0 -> v1.58.3
  • google.golang.org/protobuf v1.29.1 -> v1.31.0

Previous release can be found at v1.7.7

containerd 1.7.7

10 Oct 23:23
v1.7.7
8c08766
Compare
Choose a tag to compare

Welcome to the v1.7.7 release of containerd!

The seventh patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

  • Require plugins to succeed after registering readiness (#9165)
  • Handle unexpected shim kill events (#9132)
  • Build binaries with Go 1.21.1 (#9167)
  • cri: Stop recommending disable_cgroup (#9168)
  • remotes/docker: Fix MountedFrom prefixed with target repository (#9193)
  • remotes: always try to establish tls connection when tls configured (#9188)
  • NRI: Add support for rlimits (#48)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Samuel Karp
  • Krisztian Litkey
  • Wei Fu
  • Phil Estes
  • Sebastiaan van Stijn
  • Iceber Gu
  • Mike Brown
  • Akihiro Suda
  • Paweł Gronowski
  • Steve Griffith
  • Aditya Ramani
  • Austin Vazquez
  • Danny Canter
  • James Sturtevant
  • Kern Walster
  • ZP-AlwaysWin

Changes

31 commits

  • [release/1.7] Prepare release notes for v1.7.7 (#9194)
  • [release/1.7] Allow for images with artifacts to pull (#9149)
    • 6ca0aebf0 Allow for images with artifacts to pull
  • [release 1.7] remotes/docker: Fix MountedFrom prefixed with target repository (#9193)
    • 7df492a95 remotes/docker: Fix MountedFrom prefixed with target repository
  • [release/1.7] Update x/net to 0.13 (#9134)
  • [release/1.7] remotes: always try to establish tls connection when tls configured (#9188)
    • 7779ce64e remotes: always try to establish tls connection when tls configured
  • [release/1.7] cri: stop recommending disable_cgroup (#9168)
    • 6013b5e03 cri: stop recommending disable_cgroup
  • [release/1.7] Require plugins to succeed after registering readiness (#9165)
    • a83c66813 Require plugins to succeed after registering readiness
    • 171d76849 cri: call RegisterReadiness after NewCRIService
  • [release/1.7] Handle unexpected shim kill events (#9132)
    • 3d27bc738 Handle unexpected shim kill events
  • [release/1.7] Build binaries with 1.21.1 (#9167)
  • [release/1.7] vendor: github.com/Microsoft/hcsshim v0.11.1 (#9127)
    • 5756f6064 [release/1.7] vendor: github.com/Microsoft/hcsshim v0.11.1
  • [release/1.7 backport] alias log package to github.com/containerd/log v0.1.0 (#9106)
    • 09633b539 deprecate logs package, but disable linter (for transitioning)
    • cb201519f alias log package to github.com/containerd/log v0.1.0
    • a5024e6dd vendor: github.com/stretchr/testify v1.8.4
    • 7bd976af3 vendor: github.com/sirupsen/logrus v1.9.3
  • [release/1.7] remotes/docker: Add MountedFrom and Exists push status (#9097)
    • 8cd2d33c2 [release/1.7] remotes/docker: Add MountedFrom and Exists push status
  • [release/1.7] vendor: update github.com/containerd/[email protected] (#9099)

Changes from containerd/log

9 commits

Changes from containerd/nri

35 commits

  • releases: update note about 0.4.0 (#50)
    • 5f13915 releases: update note about 0.4.0
  • Add support for rlimits (#48)
    • 5ecea04 ulimit-adjuster: add validation for hard limits
    • db3de10 test: exclude ulimit-adjuster from ginkgo
    • f0deb59 ulimit-adjuster: new sample plugin
    • d2dd708 Add support for rlimits
    • efaf36e api: add POSIXRlimit type
  • .github: add test build to CI workflow. (#47)
    • 3f092c2 .github: add test build to CI workflow.
  • stub: pass context to plugins, pass updated resources to UpdateContainers. (#40)
    • 01d5f14 Add a note about NRI API stability and release notes.
    • ea9976d adaptation: add UpdateContainer tests.
    • d042d24 stub: fix plugin UpdateContainerInterface.
    • f5d0f51 plugins: update plugins for stub changes.
    • b4bd301 adaptation: update tests with stub changes.
    • 9d86150 stub: pass context to plugin event handlers.
  • Updated the OCI Hook Injector README to resovle broken links to the p… (#34)
    • 5eee915 removed link
    • c783fc7 Resolves broken podman links and adds details to help better guide people in testing.
  • Fix ParseEventMask to produce proper masks for 'pod' and 'container' shorthand event notations. (#39)
    • da291a6 Fix ParseEventMask to produce proper masks
  • fix the NRI_PLUGIN_NAME env value when launching a pre...
Read more