Tags: TommyLike/containerd
Tags
containerd 1.6.7 Welcome to the v1.6.7 release of containerd! The seventh patch release for containerd 1.6 contains various fixes, includes a new version of runc and adds support for ppc64le and riscv64 (requires unreleased runc 1.2) builds. ### Notable Updates * **Update runc to v1.1.3** ([containerd#7036](containerd#7036)) * **Seccomp: Allow clock_settime64 with CAP_SYS_TIME** ([containerd#7172](containerd#7172)) * **Fix WWW-Authenticate parsing** ([containerd#7131](containerd#7131)) * **Support RISC-V 64 and ppc64le builds** ([containerd#7170](containerd#7170)) * **Windows: Update hcsshim to v0.9.4 to fix regression with HostProcess stats** ([containerd#7200](containerd#7200)) * **Windows: Fix shim logs going to panic.log file** ([containerd#7242](containerd#7242)) * **Allow ptrace(2) by default for kernels >= 4.8** ([containerd#7171](containerd#7171)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Phil Estes * Daniel Canter * Derek McGowan * Akihiro Suda * Kazuyoshi Kato * Mike Brown * Sebastiaan van Stijn * Wei Fu * Baoshuo * Gabriel Adrian Samfira * Henry Wang * Iceber Gu * Marvin Giessing ### Changes <details><summary>40 commits</summary> <p> * [release/1.6] Update release build timeout ([containerd#7250](containerd#7250)) * [`eccb82f6d`](containerd@eccb82f) Update release build timeout to 20 minutes * Prepare releases notes for 1.6.7 ([containerd#7225](containerd#7225)) * [`6a854d4b5`](containerd@6a854d4) Update mailmap * [`61612e1a2`](containerd@61612e1) Prepare release notes for 1.6.7 * [release/1.6] Update golang to 1.17.13 ([containerd#7244](containerd#7244)) * [`d199ee462`](containerd@d199ee4) Update golang to 1.17.13 * [release/1.6] Backport: Change os.Stderr reassign for Windows service ([containerd#7242](containerd#7242)) * [`0578d20c5`](containerd@0578d20) Change os.Stderr reassign for Windows service * [release/1.6] Backport: bump macos runner version ([containerd#7230](containerd#7230)) * [`12cae4961`](containerd@12cae49) Update Vagrant CI to macos-12 * [`bc4091aae`](containerd@bc4091a) chore: bump macos runner version * [release/1.6] Backport Windows HostProcess test improvements ([containerd#7227](containerd#7227)) * [`cb73bd050`](containerd@cb73bd0) Windows HostProcess container CRI stats test * [`ac388525a`](containerd@ac38852) Add validations for Windows HostProcess CRI configs * [release/1.6] go.mod: Bump hcsshim to v0.9.4 ([containerd#7200](containerd#7200)) * [`0007f40fe`](containerd@0007f40) [release/1.6] go.mod: Bump hcsshim to v0.9.4 * [release/1.6] Update Fedora version to 36 ([containerd#7217](containerd#7217)) * [`c9607e78c`](containerd@c9607e7) Update Fedora version to 36 * [release/1.6] Support RISC-V 64 ([containerd#7170](containerd#7170)) * [`2952b66c0`](containerd@2952b66) CI: add riscv64 builds * [`6b2dc9a37`](containerd@6b2dc9a) release/Dockerfile: update Ubuntu to 22.04 for supporting riscv64 * [`745dc07c4`](containerd@745dc07) seccomp: support riscv64 * [`c2f841f21`](containerd@c2f841f) Create ppc64le release * [release/1.6] allow ptrace(2) by default for kernel >= 4.8 ([containerd#7171](containerd#7171)) * [`f3da3e51f`](containerd@f3da3e5) allow ptrace(2) by default for kernel >= 4.8 * [release/1.6] seccomp: allow clock_settime64 when CAP_SYS_TIME is added ([containerd#7172](containerd#7172)) * [`86b55bd8d`](containerd@86b55bd) seccomp: allow clock_settime64 when CAP_SYS_TIME is added * [release/1.6] update golang to 1.17.12 ([containerd#7160](containerd#7160)) * [`aa1101068`](containerd@aa11010) [release/1.6] update golang to 1.17.12 * [release/1.6] Fix WWW-Authenticate parsing ([containerd#7131](containerd#7131)) * [`37dfc5c9d`](containerd@37dfc5c) [release/1.6] Fix WWW-Authenticate parsing * [release/1.6] Downgrade MinGW to version 10.2.0 ([containerd#7133](containerd#7133)) * [`fa2016d58`](containerd@fa2016d) [release/1.6] Downgrade MinGW to version 10.2.0 * [release/1.6] ctr: fix label args used in NewContainer ([containerd#7051](containerd#7051)) * [`99c56d217`](containerd@99c56d2) ctr: fix label args used in NewContainer * [release/1.6] Make building static binaries simpler ([containerd#7045](containerd#7045)) * [`51de785f8`](containerd@51de785) [release/1.6] Make building static binaries simpler * [release/1.6] update runc binary to v1.1.3 ([containerd#7036](containerd#7036)) * [`2ea4e6348`](containerd@2ea4e63) update runc binary to v1.1.3 </p> </details> ### Dependency Changes * **github.com/Microsoft/hcsshim** v0.9.3 -> v0.9.4 Previous release can be found at [v1.6.6](https://github.com/containerd/containerd/releases/tag/v1.6.6)
containerd 1.6.6 Welcome to the v1.6.6 release of containerd! The sixth patch release for containerd 1.6 includes a fix for [GHSA-5ffw-gxpp-mxpf](GHSA-5ffw-gxpp-mxpf). ### Notable Updates * **Fix ExecSync handler to cap console output size** ([GHSA-5ffw-gxpp-mxpf](GHSA-5ffw-gxpp-mxpf)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Kazuyoshi Kato ### Changes <details><summary>4 commits</summary> <p> * Github Security Advisory [GHSA-5ffw-gxpp-mxpf](GHSA-5ffw-gxpp-mxpf) * [`61213742a`](containerd@6121374) Prepare release notes for v1.6.6 * [`f92068350`](containerd@f920683) Implicitly discard the input to drain the reader * [`2eb67213b`](containerd@2eb6721) [release/1.6] Limit the response size of ExecSync </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.6.5](https://github.com/containerd/containerd/releases/tag/v1.6.5)
containerd 1.5.13 Welcome to the v1.5.13 release of containerd! The thirteenth patch release for containerd 1.5 includes a fix for [GHSA-5ffw-gxpp-mxpf](GHSA-5ffw-gxpp-mxpf). ### Notable Updates * **Fix ExecSync handler to cap console output size** ([GHSA-5ffw-gxpp-mxpf](GHSA-5ffw-gxpp-mxpf)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Kazuyoshi Kato ### Changes <details><summary>4 commits</summary> <p> * Github Security Advisory [GHSA-5ffw-gxpp-mxpf](GHSA-5ffw-gxpp-mxpf) * [`1ab043141`](containerd@1ab0431) Prepare release notes for v1.5.13 * [`b40a356cf`](containerd@b40a356) Implicitly discard the input to drain the reader * [`943588b54`](containerd@943588b) [release/1.5] Limit the response size of ExecSync </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.5.12](https://github.com/containerd/containerd/releases/tag/v1.5.12)
containerd 1.6.5 Welcome to the v1.6.5 release of containerd! The fifth patch release for containerd 1.6 includes a few fixes and updated version of runc. ### Notable Updates * **Fix for older CNI plugins not reporting version** ([containerd#7011](containerd#7011)) * **Fix mount path handling for CRI plugin on Windows** ([containerd#6929](containerd#6929)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Mike Brown * Sebastiaan van Stijn * Kazuyoshi Kato * Phil Estes * Wei Fu * Akihiro Suda * Derek McGowan * Paul S. Schweigert * Amit Barve * Daniel Canter * Kevin Parsons * Marc Schwind ### Changes <details><summary>26 commits</summary> <p> * Prepare release notes for v1.6.5 ([containerd#7021](containerd#7021)) * [`185e87275`](containerd@185e872) Prepare release notes for v1.6.5 * [release/1.6] update golang to 1.17.11 ([containerd#7013](containerd#7013)) * [`5c9c83d3e`](containerd@5c9c83d) [release/1.6] update golang to 1.17.11 * [release/1.6] update go-cni/for cni update fixing plugins that don't respond with version ([containerd#7011](containerd#7011)) * [`fdcdc27bc`](containerd@fdcdc27) update go-cni/for cni update fixing plugins that don't respond with version * [release/1.6] archive: add human-readable hint to Lchown error ([containerd#6985](containerd#6985)) * [`e33b9e709`](containerd@e33b9e7) archive: add human-readable hint to Lchown error * [release/1.6] go.mod: Bump hcsshim to 0.9.3 ([containerd#6968](containerd#6968)) * [`6eff5b6c0`](containerd@6eff5b6) [release/1.6] go.mod: Bump hcsshim to 0.9.3 * [release/1.6] config: improve config v1 deprecation message ([containerd#6980](containerd#6980)) * [`3bb5a9d19`](containerd@3bb5a9d) config: improve config v1 deprecation message * [release/1.6] update golang to 1.17.10, golang.org/x/sys v0.0.0-20220412211240-33da011f77ad ([containerd#6927](containerd#6927)) * [`f1d2d9260`](containerd@f1d2d92) [release/1.6] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad * [`9f99be51b`](containerd@9f99be5) [release/1.6] update golang to 1.17.10 * [release/1.6] Bug fix for mount path handling ([containerd#6929](containerd#6929)) * [`70839a344`](containerd@70839a3) Bug fix for mount path handling * [release/1.6] Reverts removal of parallel run from critest ([containerd#6942](containerd#6942)) * [`82a77be2d`](containerd@82a77be) reverts removal of parallel run from critest * [release/1.6 backport] update runc binary and vendor to v1.1.2 ([containerd#6936](containerd#6936)) * [`246a1b42e`](containerd@246a1b4) vendor: github.com/opencontainers/runc v1.1.2 * [`43717e03a`](containerd@43717e0) update runc binary to v1.1.2 * [release/1.6] Allow git commands in Vagrantfile ([containerd#6941](containerd#6941)) * [`06bdfeb67`](containerd@06bdfeb) Allow git commands in Vagrantfile * [release/1.6] Update critools to v1.24 ([containerd#6895](containerd#6895)) * [`1520bae0f`](containerd@1520bae) update critools to v1.24 </p> </details> ### Changes from containerd/go-cni <details><summary>6 commits</summary> <p> * go.mod: update libcni to v1.1.1 ([containerd#101](containerd/go-cni#101)) * [`cb645ef`](containerd/go-cni@cb645ef) go.mod: update libcni to v1.1.1 * add in some serial setup tests; a little make cleanup ([containerd#100](containerd/go-cni#100)) * [`42cfe0f`](containerd/go-cni@42cfe0f) add in some serial setup tests; a little make cleanup * Re-introduce serial network setup ([containerd#99](containerd/go-cni#99)) * [`ee1a707`](containerd/go-cni@ee1a707) Re-introduce serial network setup </p> </details> ### Dependency Changes * **github.com/Microsoft/hcsshim** v0.9.2 -> v0.9.3 * **github.com/containerd/go-cni** v1.1.5 -> v1.1.6 * **github.com/containernetworking/cni** v1.1.0 -> v1.1.1 * **github.com/opencontainers/runc** v1.1.1 -> v1.1.2 * **golang.org/x/sys** 1d35b9e2eb4e -> 33da011f77ad Previous release can be found at [v1.6.4](https://github.com/containerd/containerd/releases/tag/v1.6.4)
containerd 1.5.12 Welcome to the v1.5.12 release of containerd! The twelfth patch release for containerd 1.5 includes various fixes and updates along with an updated version of runc. ### Notable Updates * **Fix inotify fd leak when cgroup is deleted** ([containerd#6961](containerd#6961)) * **Close fifos when container is deleted in CRI plugin** ([containerd#6857](containerd#6857)) * **Update unpack to to respect MaxConcurrentDownloads** ([containerd#6774](containerd#6774)) * **Monitor OOMKill instead of OOM in cgroupv2** ([containerd#6735](containerd#6735)) * **Make the temp mount as ready only in container WithVolumes** ([containerd#6729](containerd#6729)) * **Fix deadlock from abandoned transactions in native snapshotter** ([containerd#6726](containerd#6726)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Sebastiaan van Stijn * Phil Estes * Akihiro Suda * Derek McGowan * Wei Fu * Jeremi Piotrowski * Kazuyoshi Kato * Maksym Pavlenko * Miao Wang * Mike Brown * Alexey Ivanov * Brian Goff * Henry Wang * Michael Crosby * Qiutong Song * Samuel Ortiz * Tõnis Tiigi * chenxiaoyu * linrunlong * ningmingxiao * zounengren ### Changes <details><summary>34 commits</summary> <p> * Prepare release notes for v1.5.12 ([containerd#7019](containerd#7019)) * [`5a55f1efc`](containerd@5a55f1e) Prepare release notes for v1.5.12 * [release/1.5] update golang to 1.17.11 ([containerd#7014](containerd#7014)) * [`3f61d5ed4`](containerd@3f61d5e) [release/1.5] update golang to 1.17.11 * [release/1.5] archive: add human-readable hint to Lchown error ([containerd#6986](containerd#6986)) * [`f67de000d`](containerd@f67de00) archive: add human-readable hint to Lchown error * [release/1.5] config: improve config v1 deprecation message ([containerd#6981](containerd#6981)) * [`4c98768bd`](containerd@4c98768) config: improve config v1 deprecation message * [release/1.5] upgrade containerd/cgroups to v1.0.3 ([containerd#6961](containerd#6961)) * [`f890c79fd`](containerd@f890c79) [release/1.5] upgrade containerd/cgroups to v1.0.3 * [release/1.5] update golang to 1.17.10, golang.org/x/sys v0.0.0-20220412211240-33da011f77ad ([containerd#6928](containerd#6928)) * [`9f6e1864c`](containerd@9f6e186) [release/1.5] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad * [`c00476595`](containerd@c004765) [release/1.5] update golang to 1.17.10 * [release/1.5 backport] update runc binary to v1.1.2 ([containerd#6935](containerd#6935)) * [`c2f793349`](containerd@c2f7933) update runc binary to v1.1.2 * [release/1.5] cherry-pick: Allow git commands in Vagrantfile ([containerd#6943](containerd#6943)) * [`1f9900830`](containerd@1f99008) Allow git commands in Vagrantfile * [release/1.5] cri: close fifos when container is deleted ([containerd#6857](containerd#6857)) * [`689b342c1`](containerd@689b342) cri: close fifos when container is deleted * [release/1.5] update golang to 1.17.9 ([containerd#6824](containerd#6824)) * [`65aad9d93`](containerd@65aad9d) [release/1.5] update golang to 1.17.9 * [release/1.5] check for duplicate nspath possibilities ([containerd#6814](containerd#6814)) * [`283058cd6`](containerd@283058c) check for duplicate nspath possibilities * [release/1.5] fix containerd#6054 MaxConcurrentDownloads is not effect when Unpack is true ([containerd#6774](containerd#6774)) * [`4dbd0c851`](containerd@4dbd0c8) fix containerd#6054 MaxConcurrentDownloads is not effect when Unpack is true * [release/1.5 backport] update runc binary to v1.1.1 ([containerd#6770](containerd#6770)) * [`ef56dcafc`](containerd@ef56dca) update runc binary to v1.1.1 * [`b8ab8dd3f`](containerd@b8ab8dd) update runc binary to v1.1.0 * [release/1.5 backport] Make the temp mount as ready only in container WithVolumes ([containerd#6729](containerd#6729)) * [`05b04a1a3`](containerd@05b04a1) Make the temp mount as ready only in container WithVolumes * [release/1.5 backport] native: fix deadlock from leaving transactions open ([containerd#6726](containerd#6726)) * [`603ef55e0`](containerd@603ef55) native: fix deadlock from leaving transactions open * [release/1.5 backport] cgroup2: monitor OOMKill instead of OOM to prevent missing container events ([containerd#6735](containerd#6735)) * [`1c68f5037`](containerd@1c68f50) cgroup2: monitor OOMKill instead of OOM to prevent missing container OOM events </p> </details> ### Changes from containerd/cgroups <details><summary>33 commits</summary> <p> * v2: Fix inotify fd leak when cgroup is deleted ([containerd#212](containerd/cgroups#212)) * [`a7d6888`](containerd/cgroups@a7d6888) v2: add test case for Manager.EventChan() behavior * [`cf1f978`](containerd/cgroups@cf1f978) v2: flip error handling for readKVStat("memory.events") to reduce indentation * [`6a46df2`](containerd/cgroups@6a46df2) v2: manager: factor out memory.events parsing * [`35b5b55`](containerd/cgroups@35b5b55) v2: Fix inotify leak when cgroup is deleted * fix Implicit memory aliasing in for loop ([containerd#214](containerd/cgroups#214)) * [`182c3af`](containerd/cgroups@182c3af) fix Implicit memory aliasing in for loop * Fix potential dirfd leak. ([containerd#210](containerd/cgroups#210)) * [`17fece8`](containerd/cgroups@17fece8) Fix potential dirfd leak. * cgroup: Optionally add process and task to a subsystems subset ([containerd#203](containerd/cgroups#203)) * [`80a7821`](containerd/cgroups@80a7821) cgroup: Optionally add process and task to a subsystems subset * replace pkg/errors from vendor ([containerd#208](containerd/cgroups#208)) * [`0072297`](containerd/cgroups@0072297) replace pkg/errors from vendor * cgroup.go: avoid panic on nil interface ([containerd#207](containerd/cgroups#207)) * [`d55de5d`](containerd/cgroups@d55de5d) cgroup.go: avoid panic on nil interface * Improvements on cgroup v2 support ([containerd#204](containerd/cgroups#204)) * [`73a8516`](containerd/cgroups@73a8516) cgroupv2: reset lastErr to nil when subtree control is successfully written * [`2ca92c5`](containerd/cgroups@2ca92c5) cgroupv2: enable controllers before setting resources in NewChild() * v2: remove unimplemented errors and ErrorHandler, IgnoreNotExist ([containerd#201](containerd/cgroups#201)) * [`db173a8`](containerd/cgroups@db173a8) v2: remove ErrorHandler and IgnoreNotExist as they are not implemented * [`b19a60d`](containerd/cgroups@b19a60d) v2: remove errors that are never returned * v1: reduce duplicated code ([containerd#202](containerd/cgroups#202)) * [`4fe70f3`](containerd/cgroups@4fe70f3) v1: reduce duplicated code * cgroup v1: implement AddProc() ([containerd#200](containerd/cgroups#200)) * [`6659093`](containerd/cgroups@6659093) cgroup v1: implement AddProc() * Rename branch from master to main ([containerd#199](containerd/cgroups#199)) * [`7254c12`](containerd/cgroups@7254c12) Rename branch from master to main * utils: export ParseCgroupFile() ([containerd#197](containerd/cgroups#197)) * [`23b5120`](containerd/cgroups@23b5120) utils: export ParseCgroupFile() * go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations ([containerd#194](containerd/cgroups#194)) * [`f8918cf`](containerd/cgroups@f8918cf) go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations * Use /proc/partitions to get device names ([containerd#195](containerd/cgroups#195)) * [`1a4509d`](containerd/cgroups@1a4509d) Use /proc/partitions to get device names </p> </details> ### Dependency Changes * **github.com/containerd/cgroups** v1.0.1 -> v1.0.3 * **github.com/stretchr/testify** v1.6.1 -> v1.7.0 * **golang.org/x/net** e18ecbb05110 -> a5a99cb37ef4 * **golang.org/x/sync** 09787c993a3a -> 036812b2e83c * **golang.org/x/sys** d19ff857e887 -> 33da011f77ad Previous release can be found at [v1.5.11](https://github.com/containerd/containerd/releases/tag/v1.5.11)
containerd 1.6.4 Welcome to the v1.6.4 release of containerd! The fourth patch release for containerd 1.6 includes two fixes for CNI and SELinux. ### Notable Updates * **Update go-cni to fix teardown regression** ([containerd#6877](containerd#6877)) * **Fix broken SELinux relabeling for Kubernetes volume mounts** ([containerd#6878](containerd#6878)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Mike Brown * Kazuyoshi Kato * Michael Zappa * Wang Bing * Wei Fu * Antonio Ojea * Derek McGowan * Henry Wang * Nabeel Rana * Phil Estes ### Changes <details><summary>8 commits</summary> <p> * Prepare release notes for 1.6.4 ([containerd#6887](containerd#6887)) * [`0d1d2953b`](containerd@0d1d295) Prepare release notes for 1.6.4 * [release/1.6 backport] Bump opencontainers/selinux from 1.10.0 to 1.10.1 ([containerd#6878](containerd#6878)) * [`42d691fe6`](containerd@42d691f) Bump opencontainers/selinux from 1.10.0 to 1.10.1 * [release/1.6] Update go-cni to v1.1.5 backported due to conflict in go.mod ([containerd#6877](containerd#6877)) * [`e9f22e008`](containerd@e9f22e0) Update go-cni to v1.1.5 * [release/1.6] cri: close fifos when container is deleted ([containerd#6859](containerd#6859)) * [`be4909e95`](containerd@be4909e) cri: close fifos when container is deleted </p> </details> ### Changes from containerd/go-cni <details><summary>8 commits</summary> <p> * bump github.com/containernetworking/cni v1.1.0 ([containerd#98](containerd/go-cni#98)) * [`e24193e`](containerd/go-cni@e24193e) bump github.com/containernetworking/cni v1.1.0 * Revert "Update loopback version to support check" ([containerd#96](containerd/go-cni#96)) * [`186662c`](containerd/go-cni@186662c) Revert "Update loopback version to support check" * Use revive instead of golint ([containerd#92](containerd/go-cni#92)) * [`322e8bf`](containerd/go-cni@322e8bf) Use revive instead of golint * Bump go verion to 1.17 ([containerd#91](containerd/go-cni#91)) * [`9b78de4`](containerd/go-cni@9b78de4) Bump go verion to 1.17 </p> </details> ### Dependency Changes * **github.com/containerd/go-cni** v1.1.4 -> v1.1.5 * **github.com/containernetworking/cni** v1.0.1 -> v1.1.0 * **github.com/opencontainers/selinux** v1.10.0 -> v1.10.1 Previous release can be found at [v1.6.3](https://github.com/containerd/containerd/releases/tag/v1.6.3)
containerd 1.6.3 Welcome to the v1.6.3 release of containerd! The third patch release for containerd 1.6 includes various fixes and updates. ### Notable Updates * **Fix panic when configuring tracing plugin** ([containerd#6853](containerd#6853)) * **Improve image pull performance in CRI plugin** ([containerd#6816](containerd#6816)) * **Check for duplicate nspath** ([containerd#6813](containerd#6813)) * **Fix deadlock in cgroup metrics collector** ([containerd#6801](containerd#6801)) * **Mount devmapper xfs file system with "nouuid" option** ([containerd#6731](containerd#6731)) * **Make the temp mount as ready only in container WithVolumes** ([containerd#6730](containerd#6730)) * **Fix deadlock from leaving transaction open in native snapshotter** ([containerd#6727](containerd#6727)) * **Monitor OOMKill events to prevent missing container events** ([containerd#6734](containerd#6734)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Stefan Berger * Wei Fu * Akihiro Suda * Derek McGowan * Phil Estes * Kazuyoshi Kato * Mike Brown * Sebastiaan van Stijn * Maksym Pavlenko * dependabot[bot] * Cory Snider * Henry Wang * Jeremi Piotrowski * Michael Zappa * Qiutong Song * Tõnis Tiigi * Ye Sijun ### Changes <details><summary>35 commits</summary> <p> * Prepare release notes for v1.6.3 ([containerd#6844](containerd#6844)) * [`baa386dc0`](containerd@baa386d) Prepare release notes for v1.6.3 * [release/1.6] tracing: fix panic on startup when configured ([containerd#6853](containerd#6853)) * [`e8da82adc`](containerd@e8da82a) tracing: fix panic on startup when configured * [release/1.6] CRI: improve image pulling performance ([containerd#6816](containerd#6816)) * [`1764ea9a2`](containerd@1764ea9) CRI: improve image pulling performance * [release/1.6] update golang to 1.17.9 ([containerd#6823](containerd#6823)) * [`9cd76d465`](containerd@9cd76d4) [release/1.6] update golang to 1.17.9 * [release/1.6] check for duplicate nspath possibilities ([containerd#6813](containerd#6813)) * [`c09cc1242`](containerd@c09cc12) check for duplicate nspath possibilities * [release/1.6] metrics/cgroups: fix deadlock issue in Add during Collect ([containerd#6801](containerd#6801)) * [`fe6ba62ce`](containerd@fe6ba62) metrics/cgroups: fix deadlock issue in Add during Collect * [release/1.6] go.mod: update image-spec to merge-commit of v1 into main ([containerd#6766](containerd#6766)) * [`8b81a7843`](containerd@8b81a78) [release/1.6] go.mod: update image-spec to merge-commit of v1 into main * [release/1.6 backport] update runc to 1.1.1 ([containerd#6759](containerd#6759)) * [`f2ba2041b`](containerd@f2ba204) update runc binary to v1.1.1 * [`b736b4dab`](containerd@b736b4d) go.mod: github.com/opencontainers/runc v1.1.1 * [release/1.6] CI: add Rocky Linux 8 ([containerd#6752](containerd#6752)) * [`72f1e58c7`](containerd@72f1e58) CI: add Rocky Linux 8 * [release/1.6] vendor: github.com/containerd/imgcrypt v1.1.4 ([containerd#6739](containerd#6739)) * [`7ede40c5c`](containerd@7ede40c) [release/1.6] vendor: github.com/containerd/imgcrypt v1.1.4 * [release/1.6 backport] moving up to go-cni v1.1.4 ([containerd#6728](containerd#6728)) * [`82a12edf2`](containerd@82a12ed) moving up to go-cni v1.1.4 * [release/1.6 backport] Update prometheus client vendor ([containerd#6732](containerd#6732)) * [`da35c19da`](containerd@da35c19) Test turning off golang CI lint cache * [`a0213573b`](containerd@a021357) Add nolint:staticcheck to platform-specific calls * [`ad0036ed6`](containerd@ad0036e) Update prometheus client vendor * [release/1.6 backport] Mount devmapper xfs file system with "nouuid" option. ([containerd#6731](containerd#6731)) * [`c7bbf316f`](containerd@c7bbf31) Mount devmapper xfs file system with "nouuid" option. * [release/1.6 backport] Make the temp mount as ready only in container WithVolumes ([containerd#6730](containerd#6730)) * [`a1de89c3e`](containerd@a1de89c) Make the temp mount as ready only in container WithVolumes * [release/1.6 backport] native: fix deadlock from leaving transactions open ([containerd#6727](containerd#6727)) * [`28b44826b`](containerd@28b4482) native: fix deadlock from leaving transactions open * [release/1.6 backport] cgroup2: monitor OOMKill instead of OOM to prevent missing container events ([containerd#6734](containerd#6734)) * [`5538be6cf`](containerd@5538be6) cgroup2: monitor OOMKill instead of OOM to prevent missing container OOM events </p> </details> ### Changes from containerd/go-cni <details><summary>8 commits</summary> <p> * moving up to latest CNI plugin release ([containerd#90](containerd/go-cni#90)) * [`689fcd9`](containerd/go-cni@689fcd9) moving up to latest CNI plugin release * Fix Loopback Version ([containerd#88](containerd/go-cni#88)) * [`9ebcec1`](containerd/go-cni@9ebcec1) Update loopback version to support check * Update comment for capabilities ([containerd#89](containerd/go-cni#89)) * [`a4d8d38`](containerd/go-cni@a4d8d38) update comment for capabilities * Add integration test for linux and update go version from 1.16 to 1.17 ([containerd#84](containerd/go-cni#84)) * [`49aa5ab`](containerd/go-cni@49aa5ab) Add integration test and update go version </p> </details> ### Changes from containerd/imgcrypt <details><summary>13 commits</summary> <p> * CHANGES: Updated CHANGES document for 1.1.4 release ([containerd#74](containerd/imgcrypt#74)) * [`f576654`](containerd/imgcrypt@f576654) CHANGES: Updated CHANGES document for 1.1.4 release * Bump github.com/containerd/containerd from 1.5.10 to 1.6.1 ([containerd#73](containerd/imgcrypt#73)) * [`2efa871`](containerd/imgcrypt@2efa871) Bump github.com/containerd/containerd from 1.5.10 to 1.6.1 * images: prepare for typeurl.Any ([containerd#72](containerd/imgcrypt#72)) * [`f842da4`](containerd/imgcrypt@f842da4) images: prepare for typeurl.Any * [`6fdd981`](containerd/imgcrypt@6fdd981) images: Add list of Platforms to CheckAuthorization() * [`f440058`](containerd/imgcrypt@f440058) test: Test running of encrypted image only pulled for local platform * Bump ocicrypt to 1.1.3 ([containerd#71](containerd/imgcrypt#71)) * [`d4d4684`](containerd/imgcrypt@d4d4684) Bump ocicrypt to 1.1.3 * [`727850f`](containerd/imgcrypt@727850f) Bump github.com/containerd/containerd from 1.5.9 to 1.5.10 * Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 ([containerd#67](containerd/imgcrypt#67)) * [`3c7db10`](containerd/imgcrypt@3c7db10) Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 </p> </details> ### Dependency Changes * **github.com/containerd/go-cni** v1.1.3 -> v1.1.4 * **github.com/containerd/imgcrypt** v1.1.3 -> v1.1.4 * **github.com/containernetworking/plugins** v1.0.1 -> v1.1.1 * **github.com/containers/ocicrypt** v1.1.2 -> v1.1.3 * **github.com/miekg/pkcs11** v1.0.3 -> v1.1.1 * **github.com/opencontainers/image-spec** 693428a734f5 -> c5a74bcca799 * **github.com/opencontainers/runc** v1.1.0 -> v1.1.1 * **github.com/prometheus/client_golang** v1.11.0 -> v1.11.1 Previous release can be found at [v1.6.2](https://github.com/containerd/containerd/releases/tag/v1.6.2)
containerd 1.6.2 Welcome to the v1.6.2 release of containerd! The second patch release for containerd 1.6 includes a fix for [CVE-2022-24769](GHSA-c9cp-9c75-9v8c). ### Notable Updates * **Fix the inheritable capability defaults** ([GHSA-c9cp-9c75-9v8c](GHSA-c9cp-9c75-9v8c)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Kazuyoshi Kato * Sebastiaan van Stijn * Akihiro Suda * Andrew G. Morgan * Phil Estes * Shengjing Zhu * Wei Fu ### Changes <details><summary>17 commits</summary> <p> * Prepare release notes for v1.6.2 ([containerd#6725](containerd#6725)) * Prepare release notes for v1.6.2 * Add static checks to shim for Windows * [release/1.6] update go.mod go version ([containerd#6724](containerd#6724)) * Update go.mod go version * [release/1.6] remove empty go mod to allow building for go 1.18 ([containerd#6717](containerd#6717)) * [release/1.6] remove empty go mod to allow building for go 1.18 * Github Security Advisory [GHSA-c9cp-9c75-9v8c](GHSA-c9cp-9c75-9v8c) * Fix the Inheritable capability defaults. * [release/1.6] cherry-pick: Update TestNormalize to only test Windows ([containerd#6673](containerd#6673)) * Update TestNormalize to only test Windows * [release/1.6] cherry-pick: Upgrade golangci-lint and its GitHub Action ([containerd#6675](containerd#6675)) * Upgrade golangci-lint and its GitHub Action * [release/1.6] cri: relax test for system without hugetlb ([containerd#6623](containerd#6623)) * cri: relax test for system without hugetlb * [release/1.6] update to go 1.16.15, 1.17.8 to address CVE-2022-24921 ([containerd#6620](containerd#6620)) * update to go 1.16.15, 1.17.8 to address CVE-2022-24921 </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.6.1](https://github.com/containerd/containerd/releases/tag/v1.6.1)
containerd 1.5.11 Welcome to the v1.5.11 release of containerd! The eleventh patch release for containerd 1.5 includes a fix for [CVE-2022-24769](GHSA-c9cp-9c75-9v8c). ### Notable Updates * **Fix the inheritable capability defaults** ([GHSA-c9cp-9c75-9v8c](GHSA-c9cp-9c75-9v8c)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Sebastiaan van Stijn * Akihiro Suda * Andrew G. Morgan * Daniel Canter * Kazuyoshi Kato * Phil Estes ### Changes <details><summary>18 commits</summary> <p> * Prepare release notes for v1.5.11 ([containerd#6723](containerd#6723)) * Prepare release notes for v1.5.11 * [release/1.5] Upgrade Go to 1.17 and golangci-lint ([containerd#6719](containerd#6719)) * Update go version to 1.17 * Update linter errors * Run gofmt * Upgrade golangci-lint and its GitHub Action * [release/1.5] fix critools installation ([containerd#6718](containerd#6718)) * Update get to install for cri tools * [release/1.5] remove empty go mod to allow building for go 1.18 ([containerd#6716](containerd#6716)) * install-dev-tools: use go install, and pin by version * [release/1.5] remove empty go mod to allow building for go 1.18 * Github Security Advisory [GHSA-c9cp-9c75-9v8c](GHSA-c9cp-9c75-9v8c) * Fix the Inheritable capability defaults. * [release/1.5] update to go 1.16.15 to address CVE-2022-24921 ([containerd#6621](containerd#6621)) * [release/1.5] update to go 1.16.15 to address CVE-2022-24921 * [release/1.5] go.mod: Bump hcsshim to v0.8.24 ([containerd#6588](containerd#6588)) * go.mod: Bump hcsshim to v0.8.24 </p> </details> ### Dependency Changes * **github.com/Microsoft/hcsshim** v0.8.23 -> v0.8.24 Previous release can be found at [v1.5.10](https://github.com/containerd/containerd/releases/tag/v1.5.10)
containerd 1.6.1 Welcome to the v1.6.1 release of containerd! The first patch release for containerd 1.6 includes a fix for [CVE-2022-23648](GHSA-crp2-qrr5-8pq7) and other issues. ### Notable Updates * **Use fs.RootPath when mounting volumes** ([GHSA-crp2-qrr5-8pq7](GHSA-crp2-qrr5-8pq7)) * **Return init pid when clean dead shim in runc.v1/v2 shims** ([containerd#6572](containerd#6572)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Jeff Zvier * Maksym Pavlenko * Wei Fu * ruiwen-zhao ### Changes <details><summary>7 commits</summary> <p> * [release/1.6] Prepare release notes for v1.6.1 ([containerd#6607](containerd#6607)) * Prepare release notes for v1.6.1 * Github Security Advisory [GHSA-crp2-qrr5-8pq7](GHSA-crp2-qrr5-8pq7) * Use fs.RootPath when mounting volumes * [release/1.6] runc.v1/v2: return init pid when clean dead shim ([containerd#6572](containerd#6572)) * containerd-shim-runc-v1: return init pid when clean dead shim * containerd-shim-runc-v2: return init pid when clean dead shim </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0)
PreviousNext