Skip to content

Releases: k3s-io/containerd

containerd 1.5.10

02 Mar 20:15
v1.5.10
2a1d4db
Compare
Choose a tag to compare

Welcome to the v1.5.10 release of containerd!

The tenth patch release for containerd 1.5 includes a fix for
CVE-2022-23648
and other issues.

Notable Updates

  • Use fs.RootPath when mounting volumes (GHSA-crp2-qrr5-8pq7)
  • Return init pid when clean dead shim in runc.v1/v2 shims (#6570)
  • Handle sigint/sigterm in shimv2 (#6509)
  • Use readonly mount to read user/group info (#6503)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Wei Fu
  • Sebastiaan van Stijn
  • Phil Estes
  • Alexander Minbaev
  • Brian Goff
  • Daniel Canter
  • David Porter
  • Kazuyoshi Kato
  • Maksym Pavlenko
  • ruiwen-zhao

Changes

22 commits

  • [release/1.5] Prepare release notes for v1.5.10 (#6606)
    • Prepare release notes for v1.5.10
  • Github Security Advisory GHSA-crp2-qrr5-8pq7
    • Use fs.RootPath when mounting volumes
  • [release/1.5] runc.v1/v2: return init pid when clean dead shim (#6570)
    • runc.v1/v2: return init pid when clean dead shim
  • [release/1.5] Update Go to 1.16.14 (#6556)
    • [release/1.5] Update Go to 1.16.14
  • Wait for containerd installation in GCE scripts [1.5 backport] (#6552)
    • Wait for containerd installation in GCE scripts
  • [release/1.5] shimv2: handle sigint/sigterm (#6509)
    • shimv2: handle sigint/sigterm
  • [release/1.5] Update Go to 1.16.13 (#6526)
    • [release/1.5] Update Go to 1.16.13
  • [release/1.5 backport] GHA fixes, update GolangCI-Lint v1.42.0, and go-mdman v2.0.1 (#6511)
    • script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0
    • Fix Linux CI Linter using go 1.15.14
    • Update cpuguy83/go-md2man binary to v2.0.1
  • [release/1.5] oci: use readonly mount to read user/group info (#6503)
    • oci: use readonly mount to read user/group info
  • [release/1.5] add-list-stat: return container list if filter is nil (#6466)
    • add-list-stat: return container list if filter is nil

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.5.9

containerd 1.4.13

08 Mar 20:49
v1.4.13
9cc6152
Compare
Choose a tag to compare

Welcome to the v1.4.13 release of containerd!

The thirteenth patch release for containerd 1.4 is a security release to address
CVE-2022-23648.

Notable Updates

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Sebastiaan van Stijn
  • Phil Estes
  • Akihiro Suda
  • David Porter
  • Kazuyoshi Kato
  • Michael Crosby

Changes

17 commits

  • Github Security Advisory GHSA-crp2-qrr5-8pq7
    • Prepare release notes for v1.4.13
    • Use fs.RootPath when mounting volumes
  • [release/1.4] backport: Wait for containerd installation in GCE scripts (#6553)
    • Wait for containerd installation in GCE scripts
  • [release/1.4] Update Go to 1.16.14 (#6527)
    • Do not use go get to install executables
    • [release/1.4] update Go to 1.16.14
    • [release/1.4] Update Go to 1.16.13
  • [release/1.4] vendor: github.com/opencontainers/image-spec v1.0.2 (#6265)
    • [release/1.4] vendor: github.com/opencontainers/image-spec v1.0.2
  • [release/1.4] Update Go to 1.16.12 (#6368)
    • [release/1.4] Update Go to 1.16.12
  • [release/1.4] update runc binary to v1.0.3 (#6344)
    • update runc binary to v1.0.3
  • [release/1.4] Update Go to 1.16.11 (#6335)
    • [release/1.4] Update Go to 1.16.11

Changes from containerd/cri

4 commits

  • [release/1.4] Use fs.RootPath when mounting volumes (#1655)
    • Use fs.RootPath when mounting volumes
  • [release/1.4] update Go 1.15.14 (to match containerd) (#1645)
    • [release/1.4] update Go 1.15.14 (to match containerd)

Dependency Changes

  • github.com/containerd/cri 3b02bec16031 -> 8f1a8a1fb9eb
  • github.com/opencontainers/image-spec v1.0.1 -> v1.0.2

Previous release can be found at v1.4.12

containerd 1.5.9

06 Jan 00:47
v1.5.9
1407cab
Compare
Choose a tag to compare

Welcome to the v1.5.9 release of containerd!

The ninth patch release for containerd 1.5 is a security release to fix CVE-2021-43816.

Notable Updates

  • Fix unprivileged pod using 'hostPath' bypassing SELinux labels (GHSA-mvff-h3cj-wj9c)
  • Fix setting the "container_kvm_t" SELinux label (#6381)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Sebastiaan van Stijn
  • Michael Crosby
  • Phil Estes
  • Akihiro Suda
  • Fabiano Fidêncio
  • Samuel Karp
  • Wei Fu

Changes

13 commits

  • Github Security Advisory GHSA-mvff-h3cj-wj9c
    • e4b62aaa5 Prepare release notes for v1.5.9
    • a41213fed only relabel cri managed host mounts
  • [release/1.5] seutil: Fix setting the "container_kvm_t" label (#6381)
    • da5749b67 seutil: Fix setting the "container_kvm_t" label
  • [release/1.5] Update Go to 1.16.12 (#6367)
    • 8c24a6199 [release/1.5] Update Go to 1.16.12
  • [release/1.5] go.mod github.com/opencontainers/image-spec v1.0.2 (#6264)
    • 7ab52528b [release/1.5] go.mod github.com/opencontainers/image-spec v1.0.2
  • [release/1.5] update runc binary to v1.0.3 (#6343)
  • [release/1.5] Update Go to 1.16.11 (#6334)
    • 3ff8be2d9 [release/1.5] Update Go to 1.16.11

Dependency Changes

  • github.com/opencontainers/image-spec v1.0.1 -> v1.0.2

Previous release can be found at v1.5.8

containerd 1.5.8

18 Nov 20:10
v1.5.8
1e5ef94
Compare
Choose a tag to compare

Welcome to the v1.5.8 release of containerd!

The eighth patch release for containerd 1.5 contains a mitigation for CVE-2021-41190
as well as several fixes and updates.

Notable Updates

  • Handle ambiguous OCI manifest parsing (GHSA-5j5w-g665-5m35)
  • Filter selinux xattr for image volumes in CRI plugin (#5104)
  • Use DeactiveLayer to unlock layers that cannot be renamed in Windows snapshotter (#5422)
  • Fix pull failure on unexpected EOF (#5921)
  • Close task IO before waiting on delete (#5974)
  • Log a warning for ignored invalid image labels rather than erroring (#6124)
  • Update pull to handle of non-https urls in descriptors (#6221)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Phil Estes
  • Sebastiaan van Stijn
  • Derek McGowan
  • Kazuyoshi Kato
  • Wei Fu
  • Akihiro Suda
  • Daniel Canter
  • Kevin Parsons
  • Kohei Tokunaga
  • Samuel Karp
  • Claudiu Belu
  • Jacob Blain Christen
  • Maksym Pavlenko
  • Mike Brown
  • Paul "TBBle" Hampson
  • Sambhav Kothari
  • zounengren

Changes

29 commits

  • [release/1.5] Prepare release notes for v1.5.8 (#6260)
  • [release/1.5] mailmap: Add Kevin Parsons (#6261)
  • Merge Github Security Advisory GHSA-5j5w-g665-5m35
    • 15d8c03e3 schema1: reject ambiguous documents
    • 833407fbf images: validate document type before unmarshal
  • [release/1.5] Fix containerd fails to pull OCI image with non-http(s):// urls (#6238)
    • 01428ec40 Fix containerd fails to pull OCI image with non-http(s):// urls
  • [release/1.5] go.mod: Bump hcsshim to v0.8.23 (#6231)
    • 2bd3f18d9 [release/1.5] go.mod: Bump hcsshim to v0.8.23
  • [release/1.5] go.mod: Bump ttrpc to 1.1.0 (#6229)
    • 047ea15d2 [release/1.5] go.mod: Bump ttrpc to 1.1.0
  • [release/1.5] update Go to 1.16.10 (#6210)
    • 7b20299bc [release/1.5] update Go to 1.16.10
    • 641976bea [release/1.5] update Go to 1.16.9
  • [release/1.5] Output a warning for label image labels instead of erroring (#6187)
    • b988fc918 Output a warning for label image labels instead of erroring
  • [release/1.5] task delete: Closes task IO before waiting (#6129)
    • bf02a8330 task delete: Closes task IO before waiting
  • [release/1.5] Update test timeout based on recent cancellations (#6134)
    • 3109820f5 Update test timeout based on recent cancellations
  • [release/1.5] Use deactivatelayer to recover layers that we cannot rename (#6133)
    • 16762f3e5 Fix spelling mistake in Windows snapshotter
    • 6094bc770 Use DeactivateLayer to recover layers that we cannot rename
  • [release/1.5] Fix pull fails on unexpected EOF (#6117)
  • [release/1.5 backport] cri: filter selinux xattr for image volumes (#5104)
    • c0534c168 [release/1.5 backport] cri: filter selinux xattr for image volumes

Changes from containerd/ttrpc

34 commits

  • Add protoc-gen-go-ttrpc (#96)
  • client: Handle sending/receiving in separate goroutines (#94)
    • 4f0aeb5 client: Handle sending/receiving in separate goroutines
  • Run Protobuild in GitHub Actions (#95)
    • e621cd1 Run Protobuild in GitHub Actions
    • 35cd240 Re-generate example.pb.go
  • replace pkg/errors (#93)
    • 81faa3e replace pkg/errors from vendor
  • Rename branch from master to main (#86)
    • a143311 Rename branch from master to main
  • Make "go test" and "go build" work on macOS (#85)
    • 2368990 Make the example command buildable on macOS
    • 616d54c Run GitHub Actions on macOS
    • a4b18e0 Make "go test" work on macOS
  • Return Unimplemented when services or methods are not implemented (#83)
    • fede9db Return Unimplemented when services or methods are not implemented
  • Remove "Very new" and checked TODO items (#84)
    • dcc7d39 Remove "Very new" and checked TODO items
  • removing glide from ignore (#82)
    • 2776d3f removing glide from ignore
  • go.mod: update dependencies (#79)
    • 849845f go.mod: github.com/prometheus/procfs v0.6.0
    • 3ea5780 go.mod: google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
    • 4640e27 go.mod: google.golang.org/grpc v1.27.1
    • 7c78be3 go.mod: github.com/gogo/protobuf v1.3.2
  • remove travis, add codecov badge (#78)
  • Use GitHub Actions for CI (#77)
    • 5bab91b Use GitHub Actions for CI
  • go.mod: sirupsen/logrus v1.7.0 (#76)

Dependency Changes

  • github.com/Microsoft/hcsshim v0.8.21 -> v0.8.23
  • github.com/containerd/ttrpc v...
Read more

containerd 1.4.12

18 Nov 20:19
v1.4.12
7b11cfa
Compare
Choose a tag to compare

Welcome to the v1.4.12 release of containerd!

The twelfth patch release for containerd 1.4 contains a few minor bug fixes
and an update to mitigate CVE-2021-41190.

Notable Updates

  • Handle ambiguous OCI manifest parsing (GHSA-5j5w-g665-5m35)
  • Update pull to try next mirror for non-404 errors (#5275)
  • Update pull to handle of non-https urls in descriptors (#6221)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Maksym Pavlenko
  • Samuel Karp
  • Sebastiaan van Stijn
  • Kohei Tokunaga
  • Phil Estes
  • Sebastian Hasler

Changes

13 commits

  • [release/1.4] Prepare release notes for v1.4.12 (#6259)
    • 540b70454 Prepare release notes for v1.4.12
  • Merge Github Security Advisory GHSA-5j5w-g665-5m35
    • eb875416e schema1: reject ambiguous documents
    • 53e0c8c35 images: validate document type before unmarshal
  • [release/1.4] Try next mirror in case of non-404 errors, too (#6244)
    • 9b538c7c7 Try next mirror in case of non-404 errors, too
  • [release/1.4] Fix containerd fails to pull OCI image with non-http(s):// urls (#6239)
    • e9f59a95e Fix containerd fails to pull OCI image with non-http(s):// urls
  • [release/1.4] update Go to 1.16.10 (#6212)
    • 16921116b [release/1.4] update Go to 1.16.10
  • [release/1.4] update Go to 1.16.9 (#6103)
    • b742b36fb [release/1.4] update Go to 1.16.9

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.4.11

containerd 1.5.7

04 Oct 17:54
v1.5.7
8686ede
Compare
Choose a tag to compare

Welcome to the v1.5.7 release of containerd!

The seventh patch release for containerd 1.5 is a security release to fix CVE-2021-41103.

Notable Updates

  • Fix insufficiently restricted permissions on container root and plugin directories GHSA-c2h3-6mxw-7mvq

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Samuel Karp

Changes

5 commits

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.5.6

containerd 1.4.11

04 Oct 17:24
v1.4.11
5b46e40
Compare
Choose a tag to compare

Welcome to the v1.4.11 release of containerd!

The eleventh patch release for containerd 1.4 is a security release to fix CVE-2021-41103.

Notable Updates

  • Fix insufficiently restricted permissions on container root and plugin directories GHSA-c2h3-6mxw-7mvq

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Samuel Karp
  • Phil Estes

Changes

7 commits

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.4.10

containerd 1.5.6

04 Oct 17:54
v1.5.6
1a1b383
Compare
Choose a tag to compare

Welcome to the v1.5.6 release of containerd!

The sixth patch release for containerd 1.5 contains minor fixes and updates
including an updated runc and hcsshim.

Notable Updates

  • Install apparmor parser for arm64 and update seccomp to 2.5.1 #5763
  • Update runc binary to 1.0.2 #5899
  • Update hcsshim to v0.8.21 to fix layer issue on Windows Server 2019 #5942
  • Add support for 'clone3' syscall to fix issue with certain images when seccomp is enabled #5982
  • Add image config labels in CRI container creation #6012
  • Fix panic in metadata content writer on copy error #6043

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Akihiro Suda
  • Wei Fu
  • Phil Estes
  • Alexandre Peixoto Ferreira
  • Daniel Canter
  • Sebastiaan van Stijn
  • Davanum Srinivas
  • Gunju Kim
  • Jayme Howard
  • Kohei Tokunaga
  • Mike Brown
  • wanglei
  • zhanglei

Changes

38 commits

  • 1a1b383ad Merge pull request #6068 from dmcgowan/prepare-1.5.6
  • bc8fdf832 Update release notes and mailmap
  • 77dafa20c Prepare release notes for v1.5.6
  • 063195739 Merge pull request #6045 from dmcgowan/1.5-fix-metadata-content-panic
  • a4b51d119 Fix panic in metadata content writer on copy error
  • 4de759ab5 Merge pull request #6041 from dmcgowan/backport-1.5-use-ghcr-test-images
  • 147705920 Use github images for integration tests
  • 3f4f6bca9 Merge pull request #5981 from scuzhanglei/release-1.5-privileged-device
  • 980646e3c Merge pull request #6024 from estesp/cp-6012
  • 514137aa0 cri: add devices for privileged container
  • 6bfd09f7c Enable image config labels in ctr and CRI container creation
  • 00e5fbe2a Merge pull request #6013 from AkihiroSuda/cherrypick-5982-1.5
  • 2726be136 Merge pull request #5983 from AkihiroSuda/runc-v1.0.2-15
  • 79e05529e Merge pull request #5999 from dmcgowan/1.5-fix-unexpected-eof-handling
  • 923088852 seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)
  • 4133c775c go.mod: update runc to v1.0.2
  • 011fb4c0b update runc binary to v1.0.2
  • 78a5a2c16 Merge pull request #6008 from thaJeztah/1.5_update_go
  • 210d3bc15 Fix content copy to not ignore unexpected EOF
  • a863339c5 [release/1.5] update Go to 1.16.8
  • 217ab73b1 Merge pull request #6007 from AkihiroSuda/cherrypick-5987-1.5
  • f3d46f828 CI: Switch to available latest images
  • 36d09a433 Merge pull request #5941 from alexandref75/release/1.5
  • f40ee0785 Merge pull request #5942 from dcantah/15-hcsshim-backport
  • c7ed09d55 Adding testing of two devices in a directory
  • 0ca2e2751 Fix dir support for devices V3 (containerd#4847)
  • 0fd19511e go.mod: Update hcsshim to v0.8.21
  • 69e5db821 Merge pull request #5893 from gjkim42/cherry-pick-of-#5878
  • 27e164648 Allow expanded DNS configuration
  • 337ede532 Merge pull request #5894 from estesp/cp-5625
  • 8cfab161f CI: Switch to available latest images
  • 25ad9449c Merge pull request #5763 from thaJeztah/1.5_backport_install_apparmor_parser_for_arm64_env
  • 84cfadfa4 Merge pull request #5843 from thaJeztah/1.5_backport_update_go_116
  • b9d5cff5d Update Go to 1.16.7
  • 8b22de9e4 Merge pull request #5816 from estesp/cp-5809
  • fe195c343 mergo: Upgrade to 0.3.12 to fix panic
  • eb4ba99fe Install apparmor parser for arm64 environment
  • 0bc1e1d8a update seccomp version

Dependency Changes

  • github.com/Microsoft/hcsshim v0.8.18 -> v0.8.21
  • github.com/imdario/mergo v0.3.11 -> v0.3.12
  • github.com/opencontainers/runc v1.0.1 -> v1.0.2

Previous release can be found at v1.5.5

containerd 1.4.10

04 Oct 17:25
v1.4.10
8848fdb
Compare
Choose a tag to compare

Welcome to the v1.4.10 release of containerd!

The tenth patch release for containerd 1.4 contains minor fixes and updates
including an updated runc and hcsshim.

Notable Updates

  • Update runc to v1.0.2 #5899
  • Update hcsshim to v0.8.21 #5957
  • Support "clone3" in default seccomp profile #5982
  • Fix panic in metadata content writer on copy error #6043

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Sebastiaan van Stijn
  • Akihiro Suda
  • Phil Estes
  • Derek McGowan
  • Daniel Canter
  • Jintao Zhang
  • Michael Crosby
  • Wei Fu

Changes

26 commits

  • 8848fdb7c Merge pull request #6062 from dmcgowan/prepare-1.4.10
  • 87d81c4f2 Update release notes for v1.4.10
  • 16c175576 Prepare release notes for v1.4.10
  • f8a9b3b61 Merge pull request #6010 from thaJeztah/1.4_update_golang_1.16
  • 9b712ec73 Merge pull request #6044 from dmcgowan/1.4-fix-metadata-content-panic
  • 6dddee4c8 Fix panic in metadata content writer on copy error
  • 780289586 Merge pull request #6014 from AkihiroSuda/cherrypick-5982-1.4
  • 668960dd3 seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)
  • bfe529e43 [release/1.4] update Go to 1.16.8
  • 46f70c5d8 Update Go to 1.16.7
  • 6b98d33b8 Update Go to 1.16.6
  • 8cc99a88d Update Go to 1.16.4
  • c1a8d3b4f Update Go to 1.16.3
  • 80cbe4160 Update to Go 1.16.2
  • ef6ce6c0c Update to Go 1.16.1
  • c9f216407 [release/1.4] disable go modules where needed
  • b9cc6ec62 Revert "[release/1.4] update Go to 1.15.11"
  • 8d271b339 Revert "[release/1.4] Update Go to 1.15.13"
  • afaa37975 Revert "Update Go to 1.15.14"
  • 4ce1ce6f7 Revert "[release/1.4] Update Go to 1.15.15"
  • f961e7b3c Merge pull request #5984 from AkihiroSuda/runc-v1.0.2-14
  • b9d8ae17f update runc binary to v1.0.2
  • e25371f79 Merge pull request #5957 from dcantah/hcsshim-backport-1.4
  • a503d4c11 [release/1.4] go.mod: Update hcsshim to v0.8.21
  • d30f83879 Merge pull request #5841 from thaJeztah/1.4_update_golang
  • 2009fa71e [release/1.4] Update Go to 1.15.15

Dependency Changes

  • github.com/Microsoft/hcsshim v0.8.16 -> v0.8.21

Previous release can be found at v1.4.9

v1.4.9-k3s1

13 Aug 20:27
Compare
Choose a tag to compare

v1.4.9-k3s1