Releases: k3s-io/containerd
containerd 1.5.10
Welcome to the v1.5.10 release of containerd!
The tenth patch release for containerd 1.5 includes a fix for
CVE-2022-23648
and other issues.
Notable Updates
- Use fs.RootPath when mounting volumes (GHSA-crp2-qrr5-8pq7)
- Return init pid when clean dead shim in runc.v1/v2 shims (#6570)
- Handle sigint/sigterm in shimv2 (#6509)
- Use readonly mount to read user/group info (#6503)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Derek McGowan
- Wei Fu
- Sebastiaan van Stijn
- Phil Estes
- Alexander Minbaev
- Brian Goff
- Daniel Canter
- David Porter
- Kazuyoshi Kato
- Maksym Pavlenko
- ruiwen-zhao
Changes
22 commits
- [release/1.5] Prepare release notes for v1.5.10 (#6606)
- Prepare release notes for v1.5.10
- Github Security Advisory GHSA-crp2-qrr5-8pq7
- Use fs.RootPath when mounting volumes
- [release/1.5] runc.v1/v2: return init pid when clean dead shim (#6570)
- runc.v1/v2: return init pid when clean dead shim
- [release/1.5] Update Go to 1.16.14 (#6556)
- [release/1.5] Update Go to 1.16.14
- Wait for containerd installation in GCE scripts [1.5 backport] (#6552)
- Wait for containerd installation in GCE scripts
- [release/1.5] shimv2: handle sigint/sigterm (#6509)
- shimv2: handle sigint/sigterm
- [release/1.5] Update Go to 1.16.13 (#6526)
- [release/1.5] Update Go to 1.16.13
- [release/1.5 backport] GHA fixes, update GolangCI-Lint v1.42.0, and go-mdman v2.0.1 (#6511)
- script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0
- Fix Linux CI Linter using go 1.15.14
- Update cpuguy83/go-md2man binary to v2.0.1
- [release/1.5] oci: use readonly mount to read user/group info (#6503)
- oci: use readonly mount to read user/group info
- [release/1.5] add-list-stat: return container list if filter is nil (#6466)
- add-list-stat: return container list if filter is nil
Dependency Changes
This release has no dependency changes
Previous release can be found at v1.5.9
containerd 1.4.13
Welcome to the v1.4.13 release of containerd!
The thirteenth patch release for containerd 1.4 is a security release to address
CVE-2022-23648.
Notable Updates
- Use fs.RootPath when mounting volumes (GHSA-crp2-qrr5-8pq7)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Derek McGowan
- Sebastiaan van Stijn
- Phil Estes
- Akihiro Suda
- David Porter
- Kazuyoshi Kato
- Michael Crosby
Changes
17 commits
- Github Security Advisory GHSA-crp2-qrr5-8pq7
- Prepare release notes for v1.4.13
- Use fs.RootPath when mounting volumes
- [release/1.4] backport: Wait for containerd installation in GCE scripts (#6553)
- Wait for containerd installation in GCE scripts
- [release/1.4] Update Go to 1.16.14 (#6527)
- Do not use
go get
to install executables - [release/1.4] update Go to 1.16.14
- [release/1.4] Update Go to 1.16.13
- Do not use
- [release/1.4] vendor: github.com/opencontainers/image-spec v1.0.2 (#6265)
- [release/1.4] vendor: github.com/opencontainers/image-spec v1.0.2
- [release/1.4] Update Go to 1.16.12 (#6368)
- [release/1.4] Update Go to 1.16.12
- [release/1.4] update runc binary to v1.0.3 (#6344)
- update runc binary to v1.0.3
- [release/1.4] Update Go to 1.16.11 (#6335)
- [release/1.4] Update Go to 1.16.11
Changes from containerd/cri
4 commits
Dependency Changes
- github.com/containerd/cri 3b02bec16031 -> 8f1a8a1fb9eb
- github.com/opencontainers/image-spec v1.0.1 -> v1.0.2
Previous release can be found at v1.4.12
containerd 1.5.9
Welcome to the v1.5.9 release of containerd!
The ninth patch release for containerd 1.5 is a security release to fix CVE-2021-43816.
Notable Updates
- Fix unprivileged pod using 'hostPath' bypassing SELinux labels (GHSA-mvff-h3cj-wj9c)
- Fix setting the "container_kvm_t" SELinux label (#6381)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Derek McGowan
- Sebastiaan van Stijn
- Michael Crosby
- Phil Estes
- Akihiro Suda
- Fabiano Fidêncio
- Samuel Karp
- Wei Fu
Changes
13 commits
- Github Security Advisory GHSA-mvff-h3cj-wj9c
- [release/1.5] seutil: Fix setting the "container_kvm_t" label (#6381)
da5749b67
seutil: Fix setting the "container_kvm_t" label
- [release/1.5] Update Go to 1.16.12 (#6367)
8c24a6199
[release/1.5] Update Go to 1.16.12
- [release/1.5] go.mod github.com/opencontainers/image-spec v1.0.2 (#6264)
7ab52528b
[release/1.5] go.mod github.com/opencontainers/image-spec v1.0.2
- [release/1.5] update runc binary to v1.0.3 (#6343)
16b5aa2c8
update runc binary to v1.0.3
- [release/1.5] Update Go to 1.16.11 (#6334)
3ff8be2d9
[release/1.5] Update Go to 1.16.11
Dependency Changes
- github.com/opencontainers/image-spec v1.0.1 -> v1.0.2
Previous release can be found at v1.5.8
containerd 1.5.8
Welcome to the v1.5.8 release of containerd!
The eighth patch release for containerd 1.5 contains a mitigation for CVE-2021-41190
as well as several fixes and updates.
Notable Updates
- Handle ambiguous OCI manifest parsing (GHSA-5j5w-g665-5m35)
- Filter selinux xattr for image volumes in CRI plugin (#5104)
- Use DeactiveLayer to unlock layers that cannot be renamed in Windows snapshotter (#5422)
- Fix pull failure on unexpected EOF (#5921)
- Close task IO before waiting on delete (#5974)
- Log a warning for ignored invalid image labels rather than erroring (#6124)
- Update pull to handle of non-https urls in descriptors (#6221)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Phil Estes
- Sebastiaan van Stijn
- Derek McGowan
- Kazuyoshi Kato
- Wei Fu
- Akihiro Suda
- Daniel Canter
- Kevin Parsons
- Kohei Tokunaga
- Samuel Karp
- Claudiu Belu
- Jacob Blain Christen
- Maksym Pavlenko
- Mike Brown
- Paul "TBBle" Hampson
- Sambhav Kothari
- zounengren
Changes
29 commits
- [release/1.5] Prepare release notes for v1.5.8 (#6260)
2385fd14d
Prepare release notes for v1.5.8
- [release/1.5] mailmap: Add Kevin Parsons (#6261)
ef071b07b
mailmap: Add Kevin Parsons
- Merge Github Security Advisory GHSA-5j5w-g665-5m35
- [release/1.5] Fix containerd fails to pull OCI image with non-
http(s)://
urls (#6238)01428ec40
Fix containerd fails to pull OCI image with non-http(s)://
urls
- [release/1.5] go.mod: Bump hcsshim to v0.8.23 (#6231)
2bd3f18d9
[release/1.5] go.mod: Bump hcsshim to v0.8.23
- [release/1.5] go.mod: Bump ttrpc to 1.1.0 (#6229)
047ea15d2
[release/1.5] go.mod: Bump ttrpc to 1.1.0
- [release/1.5] update Go to 1.16.10 (#6210)
- [release/1.5] Output a warning for label image labels instead of erroring (#6187)
b988fc918
Output a warning for label image labels instead of erroring
- [release/1.5] task delete: Closes task IO before waiting (#6129)
bf02a8330
task delete: Closes task IO before waiting
- [release/1.5] Update test timeout based on recent cancellations (#6134)
3109820f5
Update test timeout based on recent cancellations
- [release/1.5] Use deactivatelayer to recover layers that we cannot rename (#6133)
- [release/1.5] Fix pull fails on unexpected EOF (#6117)
aa7c9d9da
Fix pull fails on unexpected EOF
- [release/1.5 backport] cri: filter selinux xattr for image volumes (#5104)
c0534c168
[release/1.5 backport] cri: filter selinux xattr for image volumes
Changes from containerd/ttrpc
34 commits
- Add protoc-gen-go-ttrpc (#96)
6eabacc
Add protoc-gen-go-ttrpc
- client: Handle sending/receiving in separate goroutines (#94)
4f0aeb5
client: Handle sending/receiving in separate goroutines
- Run Protobuild in GitHub Actions (#95)
- replace pkg/errors (#93)
81faa3e
replace pkg/errors from vendor
- Rename branch from master to main (#86)
a143311
Rename branch from master to main
- Make "go test" and "go build" work on macOS (#85)
- Return Unimplemented when services or methods are not implemented (#83)
fede9db
Return Unimplemented when services or methods are not implemented
- Remove "Very new" and checked TODO items (#84)
dcc7d39
Remove "Very new" and checked TODO items
- removing glide from ignore (#82)
2776d3f
removing glide from ignore
- go.mod: update dependencies (#79)
- remove travis, add codecov badge (#78)
- Use GitHub Actions for CI (#77)
5bab91b
Use GitHub Actions for CI
- go.mod: sirupsen/logrus v1.7.0 (#76)
Dependency Changes
- github.com/Microsoft/hcsshim v0.8.21 -> v0.8.23
- github.com/containerd/ttrpc v...
containerd 1.4.12
Welcome to the v1.4.12 release of containerd!
The twelfth patch release for containerd 1.4 contains a few minor bug fixes
and an update to mitigate CVE-2021-41190.
Notable Updates
- Handle ambiguous OCI manifest parsing (GHSA-5j5w-g665-5m35)
- Update pull to try next mirror for non-404 errors (#5275)
- Update pull to handle of non-https urls in descriptors (#6221)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Derek McGowan
- Maksym Pavlenko
- Samuel Karp
- Sebastiaan van Stijn
- Kohei Tokunaga
- Phil Estes
- Sebastian Hasler
Changes
13 commits
- [release/1.4] Prepare release notes for v1.4.12 (#6259)
540b70454
Prepare release notes for v1.4.12
- Merge Github Security Advisory GHSA-5j5w-g665-5m35
- [release/1.4] Try next mirror in case of non-404 errors, too (#6244)
9b538c7c7
Try next mirror in case of non-404 errors, too
- [release/1.4] Fix containerd fails to pull OCI image with non-
http(s)://
urls (#6239)e9f59a95e
Fix containerd fails to pull OCI image with non-http(s)://
urls
- [release/1.4] update Go to 1.16.10 (#6212)
16921116b
[release/1.4] update Go to 1.16.10
- [release/1.4] update Go to 1.16.9 (#6103)
b742b36fb
[release/1.4] update Go to 1.16.9
Dependency Changes
This release has no dependency changes
Previous release can be found at v1.4.11
containerd 1.5.7
Welcome to the v1.5.7 release of containerd!
The seventh patch release for containerd 1.5 is a security release to fix CVE-2021-41103.
Notable Updates
- Fix insufficiently restricted permissions on container root and plugin directories GHSA-c2h3-6mxw-7mvq
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Derek McGowan
- Samuel Karp
Changes
5 commits
Dependency Changes
This release has no dependency changes
Previous release can be found at v1.5.6
containerd 1.4.11
Welcome to the v1.4.11 release of containerd!
The eleventh patch release for containerd 1.4 is a security release to fix CVE-2021-41103.
Notable Updates
- Fix insufficiently restricted permissions on container root and plugin directories GHSA-c2h3-6mxw-7mvq
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Derek McGowan
- Samuel Karp
- Phil Estes
Changes
7 commits
5b46e404f
Merge pull request from GHSA-c2h3-6mxw-7mvqadc279b83
Prepare release notes for v1.4.110b1bde385
btrfs: reduce permissions on plugin directories38532c6ed
v1 runtime: reduce permissions for bundle dir403846c95
v2 runtime: reduce permissions for bundle dir8a3cfaf33
Merge pull request #6075 from dmcgowan/1.4-update-test-images3cd12c7d4
Update test images to use Github package registry
Dependency Changes
This release has no dependency changes
Previous release can be found at v1.4.10
containerd 1.5.6
Welcome to the v1.5.6 release of containerd!
The sixth patch release for containerd 1.5 contains minor fixes and updates
including an updated runc and hcsshim.
Notable Updates
- Install apparmor parser for arm64 and update seccomp to 2.5.1 #5763
- Update runc binary to 1.0.2 #5899
- Update hcsshim to v0.8.21 to fix layer issue on Windows Server 2019 #5942
- Add support for 'clone3' syscall to fix issue with certain images when seccomp is enabled #5982
- Add image config labels in CRI container creation #6012
- Fix panic in metadata content writer on copy error #6043
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Derek McGowan
- Akihiro Suda
- Wei Fu
- Phil Estes
- Alexandre Peixoto Ferreira
- Daniel Canter
- Sebastiaan van Stijn
- Davanum Srinivas
- Gunju Kim
- Jayme Howard
- Kohei Tokunaga
- Mike Brown
- wanglei
- zhanglei
Changes
38 commits
1a1b383ad
Merge pull request #6068 from dmcgowan/prepare-1.5.6bc8fdf832
Update release notes and mailmap77dafa20c
Prepare release notes for v1.5.6063195739
Merge pull request #6045 from dmcgowan/1.5-fix-metadata-content-panica4b51d119
Fix panic in metadata content writer on copy error4de759ab5
Merge pull request #6041 from dmcgowan/backport-1.5-use-ghcr-test-images147705920
Use github images for integration tests3f4f6bca9
Merge pull request #5981 from scuzhanglei/release-1.5-privileged-device980646e3c
Merge pull request #6024 from estesp/cp-6012514137aa0
cri: add devices for privileged container6bfd09f7c
Enable image config labels in ctr and CRI container creation00e5fbe2a
Merge pull request #6013 from AkihiroSuda/cherrypick-5982-1.52726be136
Merge pull request #5983 from AkihiroSuda/runc-v1.0.2-1579e05529e
Merge pull request #5999 from dmcgowan/1.5-fix-unexpected-eof-handling923088852
seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)4133c775c
go.mod: update runc to v1.0.2011fb4c0b
update runc binary to v1.0.278a5a2c16
Merge pull request #6008 from thaJeztah/1.5_update_go210d3bc15
Fix content copy to not ignore unexpected EOFa863339c5
[release/1.5] update Go to 1.16.8217ab73b1
Merge pull request #6007 from AkihiroSuda/cherrypick-5987-1.5f3d46f828
CI: Switch to available latest images36d09a433
Merge pull request #5941 from alexandref75/release/1.5f40ee0785
Merge pull request #5942 from dcantah/15-hcsshim-backportc7ed09d55
Adding testing of two devices in a directory0ca2e2751
Fix dir support for devices V3 (containerd#4847)0fd19511e
go.mod: Update hcsshim to v0.8.2169e5db821
Merge pull request #5893 from gjkim42/cherry-pick-of-#587827e164648
Allow expanded DNS configuration337ede532
Merge pull request #5894 from estesp/cp-56258cfab161f
CI: Switch to available latest images25ad9449c
Merge pull request #5763 from thaJeztah/1.5_backport_install_apparmor_parser_for_arm64_env84cfadfa4
Merge pull request #5843 from thaJeztah/1.5_backport_update_go_116b9d5cff5d
Update Go to 1.16.78b22de9e4
Merge pull request #5816 from estesp/cp-5809fe195c343
mergo: Upgrade to 0.3.12 to fix paniceb4ba99fe
Install apparmor parser for arm64 environment0bc1e1d8a
update seccomp version
Dependency Changes
- github.com/Microsoft/hcsshim v0.8.18 -> v0.8.21
- github.com/imdario/mergo v0.3.11 -> v0.3.12
- github.com/opencontainers/runc v1.0.1 -> v1.0.2
Previous release can be found at v1.5.5
containerd 1.4.10
Welcome to the v1.4.10 release of containerd!
The tenth patch release for containerd 1.4 contains minor fixes and updates
including an updated runc and hcsshim.
Notable Updates
- Update runc to v1.0.2 #5899
- Update hcsshim to v0.8.21 #5957
- Support "clone3" in default seccomp profile #5982
- Fix panic in metadata content writer on copy error #6043
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Sebastiaan van Stijn
- Akihiro Suda
- Phil Estes
- Derek McGowan
- Daniel Canter
- Jintao Zhang
- Michael Crosby
- Wei Fu
Changes
26 commits
8848fdb7c
Merge pull request #6062 from dmcgowan/prepare-1.4.1087d81c4f2
Update release notes for v1.4.1016c175576
Prepare release notes for v1.4.10f8a9b3b61
Merge pull request #6010 from thaJeztah/1.4_update_golang_1.169b712ec73
Merge pull request #6044 from dmcgowan/1.4-fix-metadata-content-panic6dddee4c8
Fix panic in metadata content writer on copy error780289586
Merge pull request #6014 from AkihiroSuda/cherrypick-5982-1.4668960dd3
seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)bfe529e43
[release/1.4] update Go to 1.16.846f70c5d8
Update Go to 1.16.76b98d33b8
Update Go to 1.16.68cc99a88d
Update Go to 1.16.4c1a8d3b4f
Update Go to 1.16.380cbe4160
Update to Go 1.16.2ef6ce6c0c
Update to Go 1.16.1c9f216407
[release/1.4] disable go modules where neededb9cc6ec62
Revert "[release/1.4] update Go to 1.15.11"8d271b339
Revert "[release/1.4] Update Go to 1.15.13"afaa37975
Revert "Update Go to 1.15.14"4ce1ce6f7
Revert "[release/1.4] Update Go to 1.15.15"f961e7b3c
Merge pull request #5984 from AkihiroSuda/runc-v1.0.2-14b9d8ae17f
update runc binary to v1.0.2e25371f79
Merge pull request #5957 from dcantah/hcsshim-backport-1.4a503d4c11
[release/1.4] go.mod: Update hcsshim to v0.8.21d30f83879
Merge pull request #5841 from thaJeztah/1.4_update_golang2009fa71e
[release/1.4] Update Go to 1.15.15
Dependency Changes
- github.com/Microsoft/hcsshim v0.8.16 -> v0.8.21
Previous release can be found at v1.4.9
v1.4.9-k3s1
v1.4.9-k3s1