v0.9.8

What's Changed

• [release/0.9] Fix graceful termination test errors (#1687) by @kiashok in #1695

Full Changelog: v0.9.7...v0.9.8

v0.10.0-rc.7

What's Changed

• Provide error message when allow_stdio_access creates and undecideable error by @SeanTAllen in #1662
• Make a couple tests match the naming convention around them by @SeanTAllen in #1664
• Update selectContainerFromConstraints to work on a container list by @SeanTAllen in #1645
• Bump golang.org/x/net from 0.5.0 to 0.7.0 in /test by @dependabot in #1666
• Provide error message when the lack of required environment variable causes policy denial by @SeanTAllen in #1661
• tests: rego policy exec in container tests by @anmaxvl in #1635
• Fix compilation error caused by "PRs crossing in the night" by @SeanTAllen in #1668
• Adding support and policy enforcement for NoNewPrivileges. by @matajoh in #1652
• Bump golang.org/x/net from 0.1.0 to 0.7.0 by @dependabot in #1667
• Format encrypted scratch disk as xfs rather than ext4fs by @KenGordon in #1665
• Wait longer before trying to install mingw after failing to install by @SeanTAllen in #1670
• osversion: implement stringer interface, deprecate ToString() by @thaJeztah in #1547
• Bump actions/upload-artifact from 2 to 3 by @dependabot in #1677
• Bump actions/checkout from 2 to 3 by @dependabot in #1676
• Bump github.com/opencontainers/runtime-tools from 0.0.0-20181011054405-1d69bd0f9c39 to 0.9.0 in /test by @dependabot in #1674
• Use gotestsum to get test summary by @helsaawy in #1678
• simplify zeroDevice to just zero first block by @anmaxvl in #1672
• Base layer manipulation by @gabriel-samfira in #1637

Full Changelog: v0.10.0-rc.6...v0.10.0-rc.7

v0.9.7

What's Changed

• [release/0.9] Retain pause.exe as entrypoint for default pause images by @kiashok in #1634
• [release/0.9] wcow: support graceful termination of servercore containers (#1416) by @kiashok in #1640

Full Changelog: v0.9.6...v0.9.7

v0.10.0-rc.6

fix: temp file leak during hash computation (#1641)

Fix a temp file leak when computing dmverity root hash. This
mainly affects `dmverity-vhd` tool and users may see their temp
storage filling up.

Signed-off-by: Maksim An <[email protected]>

v0.10.0-rc.5

What's Changed

• Add logic to cleanup the oci bundle root dir on container delete by @katiewasnothere in #1597
• Retain pause.exe as entrypoint for default pause images by @kiashok in #1615
• Add missing AllowElevated policy check when creating a container by @SeanTAllen in #1624
• rego enforcer: trim whitespaces from fragment namespace name by @anmaxvl in #1627
• Make LCOWPrivileged annotation more resilient to change by @SeanTAllen in #1628
• fix snp-report: fake-report flag is now correctly parsed by @anmaxvl in #1626
• API Data and Framework Versioning. by @matajoh in #1622
• rego: fix slightly incorrect sandbox and hugepage mounts enforcement by @anmaxvl in #1625
• Fragment COSE Sign1 support. by @KenGordon in #1575
• Bump github.com/containerd/cgroups from 1.0.3 to 1.1.0 in /test by @dependabot in #1631
• Bump github.com/google/go-containerregistry from 0.12.1 to 0.13.0 in /test by @dependabot in #1632
• Bump google.golang.org/grpc from 1.51.0 to 1.52.3 in /test by @dependabot in #1633
• Bump golang.org/x/sys from 0.3.0 to 0.4.0 in /test by @dependabot in #1612
• Bump github.com/containerd/cgroups from 1.0.3 to 1.1.0 by @dependabot in #1630
• Bump github.com/google/go-containerregistry from 0.12.1 to 0.13.0 by @dependabot in #1629
• internal/tools/securitypolicy: switch to github.com/pelletier/go-toml by @thaJeztah in #1620
• Add retry to install mingw by @helsaawy in #1636
• test: Add CRI benchmarks for container operations by @helsaawy in #1569

Full Changelog: v0.10.0-rc.4...v0.10.0-rc.5

v0.10.0-rc.4

What's Changed

• Updating dependencies by @helsaawy in #1607
• policy: do not set policy to open door if none is provided by @anmaxvl in #1572
• wcow: support graceful termination of servercore containers by @kiashok in #1416
• Add 20H2 container image to test constants by @helsaawy in #1611
• Remove goversioninfo from tools.go by @helsaawy in #1616
• Adding a simulator + regopolicyinterpreter. by @matajoh in #1558
• adding tarball support for generating root layer hashes by @SethHollandsworth in #1600

Full Changelog: v0.10.0-rc.3...v0.10.0-rc.4

v0.8.25

What's Changed

• [release/0.8] Remove blocking wait on container exit for every exec created by @kiashok in #1605

Full Changelog: v0.8.24...v0.8.25

v0.10.0-rc.3

What's Changed

• Prevent operations on exited HCS objects. by @helsaawy in #1567
• Add ability in policy to allow/disallow access to stdio by @matajoh in #1594
• Remove blocking on container exit for every new exec created by @kiashok in #1601

Full Changelog: v0.10.0-rc.2...v0.10.0-rc.3

v0.9.6

What's Changed

• [release/0.9] Remove blocking wait on container exit for every exec created by @kiashok in #1604

Full Changelog: v0.9.5...v0.9.6

v0.10.0-rc.2

plumb AMD certs to workload containers (#1549)

confidential containers: Add AMD cert plumbing

Add logic to plumb AMD certificates to workload containers. The
assumption is that the certificates will be "fresh enough" for
necessary attestation and key release by the workflow and third
party services.

Additionally add error logging when UVM reference info file
is not found

Signed-off-by: Maksim An <[email protected]>