containerd 1.6.9

Welcome to the v1.6.9 release of containerd!

The ninth patch release for containerd 1.6 contains various fixes, reorders the pod setup workflow in the CRI plugin to
prevent CNI resource leaks, and includes a new version of runc.

Notable Updates

• Update oci.WithDefaultUnixDevices(): remove tun/tap from the default devices (#7268)
• Fix CRI: Do not append []string{""} to command to preserve Docker compatibility (#7298)
• Enhance CRI: ContainerStatus to return container resources (#7410)
• Fix OCI resolver to skip TLS verification for localhost (#7438
• Fix createTarFile: make xattr EPERM non-fatal (#7447)
• Fix CRI plugin to setup pod network after creating the sandbox container (#7456)
• Fix OCI pusher to retry request on writer reset (#7461)
• Fix archive to validate digests before use (#7490)
• Migrate from k8s.gcr.io to registry.k8s.io (#7549)
• Fix CRI: PodSandboxStatus should tolerate missing task (#7551)
• Fix io.containerd.runc.v1: Stats() shouldn't assume s.container is non-nil (#7557)
• Enhance CRI plugin to add logging volume metrics (#7571)
• Add support for CAP_BPF and CAP_PERFMON (#7574)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Sebastiaan van Stijn
• Akihiro Suda
• Wei Fu
• Samuel Karp
• Kazuyoshi Kato
• Maksym Pavlenko
• Derek McGowan
• Phil Estes
• Qiutong Song
• ruiwen-zhao
• zounengren
• Akhil Mohan
• Andrey Klimentyev
• Benjamin Elder
• Henry Wang
• Iceber Gu
• Paco Xu
• Sophie Liu
• Ye Sijun
• rongfu.leng

Changes

68 commits

• [release/1.6] Prepare release notes for v1.6.9 (#7573)
  • f1493f665 Prepare release notes for v1.6.9
  • 99578d1fc Update mailmap
• [release/1.6] adding support of CAP_BPF and CAP_PERFMON (#7574)
  • 346412f5a adding support of CAP_BPF and CAP_PERFMON
• [release/1.6] Add logging volume metrics to Containerd CRI plugin (#7571)
  • a956d8415 Add logging volume metrics to Containerd CRI plugin
• [release/1.6] fix pusher concurrent close channel (#7562)
  • 29e2dea50 fix pusher concurrent close channel
• [release/1.6] Stats() shouldn't assume s.container is non-nil (#7557)
  • 8a9d69385 [release/1.6] Stats() shouldn't assume s.container is non-nil
• [release/1.6] cri: PodSandboxStatus should tolerate missing task (#7551)
  • a9adc7938 cri: PodSandboxStatus should tolerate missing task
• [release/1.6] migrate from k8s.gcr.io to registry.k8s.io (#7549)
  • b66eb726a migrate from k8s.gcr.io to registry.k8s.io
• [release/1.6] upgrade containerd/continuity from v0.2.2 to v0.3.0 (#7518)
  • 5b40993a5 [release/1.6] upgrade containerd/continuity from v0.2.2 to v0.3.0
• [release/1.6] Update container with sandbox metadata after NetNS is created (#7505)
  • f2376e659 Update container with sandbox metadata after NetNS is created
• [release/1.6] archive: validate digests before use (#7490)
  • 06f82efef archive: validate digests before use
• [release/1.6] Update go 1.18.7, addresses CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 (#7475)
  • 28324c529 [release/1.6] Update go 1.18.7, addresses CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
  • 0aeeb62cb [release/1.6] update golangci-lint to v1.19.0
  • 7db9d1f76 Fix linter warnings
  • 4dc932e62 [release/1.6] gofmt with go1.19
  • 7b8d679ad [release/1.6] integration: remove use of deprecated io/ioutil
• [release/1.6] retry request on writer reset (#7461)
  • 926b9c72f retry request on writer reset
• [release/1.6] Setup pod network after creating the sandbox container (#7456)
  • b9a35c6af Add integration tests with failpoint
  • 1f29fac48 Persist container and sandbox if resource cleanup fails, like teardownPodNetwork
• [release/1.6] test: introduce failpoint control to runc-shimv2 and cni (#7455)
  • a85709c6c integration: simplify CNI-fp and add README.md
  • d89a8d223 pkg/failpoint: add FreeBSD link and update pkg doc
  • b0ce2965a integration: Add injected failpoint testing for RunPodSandbox
  • a7f956d86 integration: CNI bridge wrapper with failpoint
  • 07c479471 pkg/failpoint: add DelegatedEval API
  • 4a5bc05aa runtime/v2/shim: return if error in load plugin
  • 71ee7de24 bin/ctr,integration: new runc-shim with failpoint
  • 3e2e77849 runtime/v2: manager supports server interceptor
  • cb935bf49 pkg/failpoint: init failpoint package
• [release/1.6] cherry-pick: make xattr EPERM non-fatal in createTarFile (#7447)
  • 2fdfd564c make xattr EPERM non-fatal in createTarFile
• [release/1.6] remotes/docker/config: Skipping TLS verification for localhost (#7438)
  • 89e49609d remotes/docker/config: Skipping TLS verification for localhost
• [release/1.6] .zuul: remove the zull because it is offline (#7427)
  • b720be2ce remove stray .zuul.yaml
  • 6b30bc4b4 .zuul: remove the zuul because it is offline
• [release/1.6] cherry-pick: Set grpc code for unimplemented cri-api methods (#7421)
  • 0f7e258ee Set grpc code for unimplemented cri-api methods
• [release/1.6] cherry-pick: ContainerStatus to return container resources (#7410)
  • [fb753e5cd](https://github.com/contain...

containerd 1.5.14

Welcome to the v1.5.14 release of containerd!

The fourteenth patch release for containerd 1.5 includes various fixes and updates
along with an updated version of runc.

Notable Updates

• Fix WWW-Authenticate parsing to allow empty quoted string (#7132)
• Update oci.WithDefaultUnixDevices(): remove tun/tap from the default devices (#7267)
• Fix createTarFile: make xattr EPERM non-fatal (#7449)
• Fix dockerPusher to handle abort correctly (#7467)
• Migrate from k8s.gcr.io to registry.k8s.io (#7550)
• Fix CRI: PodSandboxStatus should tolerate missing task (#7552)
• Fix io.containerd.runc.v1: Stats() shouldn't assume s.container is non-nil (#7556)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Kazuyoshi Kato
• Sebastiaan van Stijn
• Samuel Karp
• Phil Estes
• Maksym Pavlenko
• Akihiro Suda
• Derek McGowan
• Wei Fu
• Baoshuo
• Benjamin Elder
• Brian Goff
• Daniel Canter
• Gabriel Adrian Samfira
• Iceber Gu
• Kohei Tokunaga
• Mike Brown
• Paco Xu
• Ye Sijun
• rongfu.leng

Changes

56 commits

• [release/1.5] Prepare release notes for 1.5.14 (#7572)
  • ed672fe1c Prepare release notes for 1.5.14
  • 5150b97dd Update mailmap
• [release/1.5] Update go 1.18.7, addresses CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 (#7476)
  • f109930d5 fix install cni script
  • 1fea434b7 [release/1.5] sync gha with release/1.6 branch
  • a6672294a [release/1.5] Update go 1.18.7, addresses CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
  • 1c1045d79 [release/1.5] update golangci-lint to v1.49.0
  • 03d7e8e49 Fix linter warnings
  • e6de4d6ef [release/1.5] gofmt with go1.19
  • 699a1f90e Do not use go get to install executables
  • c24d508c9 update gotestsum to v1.7.0
  • 79f119b43 update gotestsum to current master
  • 4806c2400 Update gotestsum to add timestamps to junit output
• [release/1.5] cri: PodSandboxStatus should tolerate missing task (#7552)
  • 60dec1391 cri: PodSandboxStatus should tolerate missing task
• [release/1.5] Stats() shouldn't assume s.container is non-nil (#7556)
  • 208615ca7 [release/1.5] Stats() shouldn't assume s.container is non-nil
• [release/1.5] migrate from k8s.gcr.io to registry.k8s.io (#7550)
  • a34a30b52 migrate from k8s.gcr.io to registry.k8s.io
• [release/1.5] vendor: golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f (#7515)
  • ac382a74d [release/1.5] vendor: golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f
• [release/1.5] cherry-pick: remotes: fix dockerPusher to handle abort correctly (#7467)
  • 2fe813d36 remotes: fix dockerPusher to handle abort correctly
• [release/1.5] cherry-pick: make xattr EPERM non-fatal in createTarFile (#7449)
  • f94332ee5 make xattr EPERM non-fatal in createTarFile
• [release/1.5] .zuul: remove the zuul because it is offline (#7428)
  • 0e11ab933 remove stray .zuul.yaml
  • 83ea10446 .zuul: remove the zuul because it is offline
• [release/1.5 backport] update runc binary to v1.1.4 (#7332)
  • 4593d187a update runc binary to v1.1.4
• [release/1.5] ci: remove GOPROXY environment variable due to https://github.com/go-… (#7300)
  • d3d97cce3 ci: remove GOPROXY environment variable due to go-yaml/yaml#887
• [release 1.5 backport] Fix cleanup in critest (#7275)
  • c2ace6ebc Fix cleanup in critest
• [release/1.5 backport] oci: WithDefaultUnixDevices(): remove tun/tap from the default devices (#7267)
  • 9bdd52b3a oci: WithDefaultUnixDevices(): remove tun/tap from the default devices
• [release/1.5] release workflow: increase timeout to 30 minutes (#7262)
  • 401af14ea release workflow: increase timeout to 30 minutes
• [release/1.5] backport: update GitHub Actions runners to macos-12 (#7248)
  • 792ead0cf Update Vagrant CI to macos-12
  • 07e037f09 chore: bump macos runner version
• [release/1.5] gha: make release workflow work in forks (#7239)
  • 7e7eb6793 gha: make release workflow work in forks
• [release/1.5] Update golang to 1.17.13 (#7245)
  • 9a116ee4f Update golang to 1.17.13
• [release/1.5] update golang to 1.17.12 (#7161)
  • e91e39347 [release/1.5] update golang to 1.17.12
• [release/1.5] Downgrade MinGW to version 10.2.0 (#7134)
  • 46933650b [release/1.5] Downgrade MinGW to version 10.2.0
• [release/1.5] Fix WWW-Authenticate parsing (#7132)
  • 8ae864ae9 [release/1.5] Fix WWW-Authenticate parsing
• [release/1.5] ctr: fix label args used in NewContainer (#7071)
  • febb0e82d ctr: fix label args used in NewContainer
• [release/1.5] update runc binary to v1.1.3 (#7035)
  • e549139d3 update runc binary to v1.1.3

Dependency Changes

• golang.org/x/sys 33da011f77ad -> 8c9f86f7a55f

Previous release can be found at v1.5.13

containerd 1.6.6

Welcome to the v1.6.6 release of containerd!

The sixth patch release for containerd 1.6 includes a fix for
GHSA-5ffw-gxpp-mxpf.

Notable Updates

• Fix ExecSync handler to cap console output size (GHSA-5ffw-gxpp-mxpf)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Kazuyoshi Kato

Changes

4 commits

• Github Security Advisory GHSA-5ffw-gxpp-mxpf
  • 61213742a Prepare release notes for v1.6.6
  • f92068350 Implicitly discard the input to drain the reader
  • 2eb67213b [release/1.6] Limit the response size of ExecSync

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.6.5

containerd 1.5.13

Welcome to the v1.5.13 release of containerd!

The thirteenth patch release for containerd 1.5 includes a fix for
GHSA-5ffw-gxpp-mxpf.

Notable Updates

• Fix ExecSync handler to cap console output size (GHSA-5ffw-gxpp-mxpf)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Kazuyoshi Kato

Changes

4 commits

• Github Security Advisory GHSA-5ffw-gxpp-mxpf
  • 1ab043141 Prepare release notes for v1.5.13
  • b40a356cf Implicitly discard the input to drain the reader
  • 943588b54 [release/1.5] Limit the response size of ExecSync

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.5.12

containerd 1.6.5

Welcome to the v1.6.5 release of containerd!

The fifth patch release for containerd 1.6 includes a few fixes and updated
version of runc.

Notable Updates

• Fix for older CNI plugins not reporting version (#7011)
• Fix mount path handling for CRI plugin on Windows (#6929)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Mike Brown
• Sebastiaan van Stijn
• Kazuyoshi Kato
• Phil Estes
• Wei Fu
• Akihiro Suda
• Derek McGowan
• Paul S. Schweigert
• Amit Barve
• Daniel Canter
• Kevin Parsons
• Marc Schwind

Changes

26 commits

• Prepare release notes for v1.6.5 (#7021)
  • 185e87275 Prepare release notes for v1.6.5
• [release/1.6] update golang to 1.17.11 (#7013)
  • 5c9c83d3e [release/1.6] update golang to 1.17.11
• [release/1.6] update go-cni/for cni update fixing plugins that don't respond with version (#7011)
  • fdcdc27bc update go-cni/for cni update fixing plugins that don't respond with version
• [release/1.6] archive: add human-readable hint to Lchown error (#6985)
  • e33b9e709 archive: add human-readable hint to Lchown error
• [release/1.6] go.mod: Bump hcsshim to 0.9.3 (#6968)
  • 6eff5b6c0 [release/1.6] go.mod: Bump hcsshim to 0.9.3
• [release/1.6] config: improve config v1 deprecation message (#6980)
  • 3bb5a9d19 config: improve config v1 deprecation message
• [release/1.6] update golang to 1.17.10, golang.org/x/sys v0.0.0-20220412211240-33da011f77ad (#6927)
  • f1d2d9260 [release/1.6] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
  • 9f99be51b [release/1.6] update golang to 1.17.10
• [release/1.6] Bug fix for mount path handling (#6929)
  • 70839a344 Bug fix for mount path handling
• [release/1.6] Reverts removal of parallel run from critest (#6942)
  • 82a77be2d reverts removal of parallel run from critest
• [release/1.6 backport] update runc binary and vendor to v1.1.2 (#6936)
  • 246a1b42e vendor: github.com/opencontainers/runc v1.1.2
  • 43717e03a update runc binary to v1.1.2
• [release/1.6] Allow git commands in Vagrantfile (#6941)
  • 06bdfeb67 Allow git commands in Vagrantfile
• [release/1.6] Update critools to v1.24 (#6895)
  • 1520bae0f update critools to v1.24

Changes from containerd/go-cni

6 commits

• go.mod: update libcni to v1.1.1 (#101)
  • cb645ef go.mod: update libcni to v1.1.1
• add in some serial setup tests; a little make cleanup (#100)
  • 42cfe0f add in some serial setup tests; a little make cleanup
• Re-introduce serial network setup (#99)
  • ee1a707 Re-introduce serial network setup

Dependency Changes

• github.com/Microsoft/hcsshim v0.9.2 -> v0.9.3
• github.com/containerd/go-cni v1.1.5 -> v1.1.6
• github.com/containernetworking/cni v1.1.0 -> v1.1.1
• github.com/opencontainers/runc v1.1.1 -> v1.1.2
• golang.org/x/sys 1d35b9e2eb4e -> 33da011f77ad

Previous release can be found at v1.6.4

containerd 1.5.12

Welcome to the v1.5.12 release of containerd!

The twelfth patch release for containerd 1.5 includes various fixes and updates
along with an updated version of runc.

Notable Updates

• Fix inotify fd leak when cgroup is deleted (#6961)
• Close fifos when container is deleted in CRI plugin (#6857)
• Update unpack to to respect MaxConcurrentDownloads (#6774)
• Monitor OOMKill instead of OOM in cgroupv2 (#6735)
• Make the temp mount as ready only in container WithVolumes (#6729)
• Fix deadlock from abandoned transactions in native snapshotter (#6726)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Sebastiaan van Stijn
• Phil Estes
• Akihiro Suda
• Derek McGowan
• Wei Fu
• Jeremi Piotrowski
• Kazuyoshi Kato
• Maksym Pavlenko
• Miao Wang
• Mike Brown
• Alexey Ivanov
• Brian Goff
• Henry Wang
• Michael Crosby
• Qiutong Song
• Samuel Ortiz
• Tõnis Tiigi
• chenxiaoyu
• linrunlong
• ningmingxiao
• zounengren

Changes

34 commits

• Prepare release notes for v1.5.12 (#7019)
  • 5a55f1efc Prepare release notes for v1.5.12
• [release/1.5] update golang to 1.17.11 (#7014)
  • 3f61d5ed4 [release/1.5] update golang to 1.17.11
• [release/1.5] archive: add human-readable hint to Lchown error (#6986)
  • f67de000d archive: add human-readable hint to Lchown error
• [release/1.5] config: improve config v1 deprecation message (#6981)
  • 4c98768bd config: improve config v1 deprecation message
• [release/1.5] upgrade containerd/cgroups to v1.0.3 (#6961)
  • f890c79fd [release/1.5] upgrade containerd/cgroups to v1.0.3
• [release/1.5] update golang to 1.17.10, golang.org/x/sys v0.0.0-20220412211240-33da011f77ad (#6928)
  • 9f6e1864c [release/1.5] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
  • c00476595 [release/1.5] update golang to 1.17.10
• [release/1.5 backport] update runc binary to v1.1.2 (#6935)
  • c2f793349 update runc binary to v1.1.2
• [release/1.5] cherry-pick: Allow git commands in Vagrantfile (#6943)
  • 1f9900830 Allow git commands in Vagrantfile
• [release/1.5] cri: close fifos when container is deleted (#6857)
  • 689b342c1 cri: close fifos when container is deleted
• [release/1.5] update golang to 1.17.9 (#6824)
  • 65aad9d93 [release/1.5] update golang to 1.17.9
• [release/1.5] check for duplicate nspath possibilities (#6814)
  • 283058cd6 check for duplicate nspath possibilities
• [release/1.5] fix containerd#6054 MaxConcurrentDownloads is not effect when Unpack is true (#6774)
  • 4dbd0c851 fix containerd#6054 MaxConcurrentDownloads is not effect when Unpack is true
• [release/1.5 backport] update runc binary to v1.1.1 (#6770)
  • ef56dcafc update runc binary to v1.1.1
  • b8ab8dd3f update runc binary to v1.1.0
• [release/1.5 backport] Make the temp mount as ready only in container WithVolumes (#6729)
  • 05b04a1a3 Make the temp mount as ready only in container WithVolumes
• [release/1.5 backport] native: fix deadlock from leaving transactions open (#6726)
  • 603ef55e0 native: fix deadlock from leaving transactions open
• [release/1.5 backport] cgroup2: monitor OOMKill instead of OOM to prevent missing container events (#6735)
  • 1c68f5037 cgroup2: monitor OOMKill instead of OOM to prevent missing container OOM events

Changes from containerd/cgroups

33 commits

• v2: Fix inotify fd leak when cgroup is deleted (#212)
  • a7d6888 v2: add test case for Manager.EventChan() behavior
  • cf1f978 v2: flip error handling for readKVStat("memory.events") to reduce indentation
  • 6a46df2 v2: manager: factor out memory.events parsing
  • 35b5b55 v2: Fix inotify leak when cgroup is deleted
• fix Implicit memory aliasing in for loop (#214)
  • 182c3af fix Implicit memory aliasing in for loop
• Fix potential dirfd leak. (#210)
  • 17fece8 Fix potential dirfd leak.
• cgroup: Optionally add process and task to a subsystems subset (#203)
  • 80a7821 cgroup: Optionally add process and task to a subsystems subset
• replace pkg/errors from vendor (#208)
  • 0072297 replace pkg/errors from vendor
• cgroup.go: avoid panic on nil interface (#207)
  • d55de5d cgroup.go: avoid panic on nil interface
• Improvements on cgroup v2 support (#204)
  • 73a8516 cgroupv2: reset lastErr to nil when subtree control is successfully written
  • 2ca92c5 cgroupv2: enable controllers before setting resources in NewChild()
• v2: remove unimplemented errors and ErrorHandler, IgnoreNotExist (#201)
  • db173a8 v2: remove ErrorHandler and IgnoreNotExist as they are not implemented
  • b19a60d v2: remove errors that are never returned
• v1: reduce duplicated code (#202)
  • 4fe70f3 v1: reduce duplicated code
• cgroup v1: implement AddProc() (#200)
  • 6659093 cgroup v1: implement AddProc()
• Rename branch from master to main (#199)
  • 7254c12 Rename branch from master to main
• utils: export ParseCgroupFile() (#197)
  • [23b5120](https://github.com/containerd/cgroups/co...

containerd 1.6.4

Welcome to the v1.6.4 release of containerd!

The fourth patch release for containerd 1.6 includes two fixes for CNI and SELinux.

Notable Updates

• Update go-cni to fix teardown regression (#6877)
• Fix broken SELinux relabeling for Kubernetes volume mounts (#6878)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Mike Brown
• Kazuyoshi Kato
• Michael Zappa
• Wang Bing
• Wei Fu
• Antonio Ojea
• Derek McGowan
• Henry Wang
• Nabeel Rana
• Phil Estes

Changes

8 commits

• Prepare release notes for 1.6.4 (#6887)
  • 0d1d2953b Prepare release notes for 1.6.4
• [release/1.6 backport] Bump opencontainers/selinux from 1.10.0 to 1.10.1 (#6878)
  • 42d691fe6 Bump opencontainers/selinux from 1.10.0 to 1.10.1
• [release/1.6] Update go-cni to v1.1.5 backported due to conflict in go.mod (#6877)
  • e9f22e008 Update go-cni to v1.1.5
• [release/1.6] cri: close fifos when container is deleted (#6859)
  • be4909e95 cri: close fifos when container is deleted

Changes from containerd/go-cni

8 commits

• bump github.com/containernetworking/cni v1.1.0 (#98)
  • e24193e bump github.com/containernetworking/cni v1.1.0
• Revert "Update loopback version to support check" (#96)
  • 186662c Revert "Update loopback version to support check"
• Use revive instead of golint (#92)
  • 322e8bf Use revive instead of golint
• Bump go verion to 1.17 (#91)
  • 9b78de4 Bump go verion to 1.17

Dependency Changes

• github.com/containerd/go-cni v1.1.4 -> v1.1.5
• github.com/containernetworking/cni v1.0.1 -> v1.1.0
• github.com/opencontainers/selinux v1.10.0 -> v1.10.1

Previous release can be found at v1.6.3

containerd 1.6.3

Welcome to the v1.6.3 release of containerd!

The third patch release for containerd 1.6 includes various fixes and updates.

Notable Updates

• Fix panic when configuring tracing plugin (#6853)
• Improve image pull performance in CRI plugin (#6816)
• Check for duplicate nspath (#6813)
• Fix deadlock in cgroup metrics collector (#6801)
• Mount devmapper xfs file system with "nouuid" option (#6731)
• Make the temp mount as ready only in container WithVolumes (#6730)
• Fix deadlock from leaving transaction open in native snapshotter (#6727)
• Monitor OOMKill events to prevent missing container events (#6734)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Stefan Berger
• Wei Fu
• Akihiro Suda
• Derek McGowan
• Phil Estes
• Kazuyoshi Kato
• Mike Brown
• Sebastiaan van Stijn
• Maksym Pavlenko
• dependabot[bot]
• Cory Snider
• Henry Wang
• Jeremi Piotrowski
• Michael Zappa
• Qiutong Song
• Tõnis Tiigi
• Ye Sijun

Changes

35 commits

• Prepare release notes for v1.6.3 (#6844)
  • baa386dc0 Prepare release notes for v1.6.3
• [release/1.6] tracing: fix panic on startup when configured (#6853)
  • e8da82adc tracing: fix panic on startup when configured
• [release/1.6] CRI: improve image pulling performance (#6816)
  • 1764ea9a2 CRI: improve image pulling performance
• [release/1.6] update golang to 1.17.9 (#6823)
  • 9cd76d465 [release/1.6] update golang to 1.17.9
• [release/1.6] check for duplicate nspath possibilities (#6813)
  • c09cc1242 check for duplicate nspath possibilities
• [release/1.6] metrics/cgroups: fix deadlock issue in Add during Collect (#6801)
  • fe6ba62ce metrics/cgroups: fix deadlock issue in Add during Collect
• [release/1.6] go.mod: update image-spec to merge-commit of v1 into main (#6766)
  • 8b81a7843 [release/1.6] go.mod: update image-spec to merge-commit of v1 into main
• [release/1.6 backport] update runc to 1.1.1 (#6759)
  • f2ba2041b update runc binary to v1.1.1
  • b736b4dab go.mod: github.com/opencontainers/runc v1.1.1
• [release/1.6] CI: add Rocky Linux 8 (#6752)
  • 72f1e58c7 CI: add Rocky Linux 8
• [release/1.6] vendor: github.com/containerd/imgcrypt v1.1.4 (#6739)
  • 7ede40c5c [release/1.6] vendor: github.com/containerd/imgcrypt v1.1.4
• [release/1.6 backport] moving up to go-cni v1.1.4 (#6728)
  • 82a12edf2 moving up to go-cni v1.1.4
• [release/1.6 backport] Update prometheus client vendor (#6732)
  • da35c19da Test turning off golang CI lint cache
  • a0213573b Add nolint:staticcheck to platform-specific calls
  • ad0036ed6 Update prometheus client vendor
• [release/1.6 backport] Mount devmapper xfs file system with "nouuid" option. (#6731)
  • c7bbf316f Mount devmapper xfs file system with "nouuid" option.
• [release/1.6 backport] Make the temp mount as ready only in container WithVolumes (#6730)
  • a1de89c3e Make the temp mount as ready only in container WithVolumes
• [release/1.6 backport] native: fix deadlock from leaving transactions open (#6727)
  • 28b44826b native: fix deadlock from leaving transactions open
• [release/1.6 backport] cgroup2: monitor OOMKill instead of OOM to prevent missing container events (#6734)
  • 5538be6cf cgroup2: monitor OOMKill instead of OOM to prevent missing container OOM events

Changes from containerd/go-cni

8 commits

• moving up to latest CNI plugin release (#90)
  • 689fcd9 moving up to latest CNI plugin release
• Fix Loopback Version (#88)
  • 9ebcec1 Update loopback version to support check
• Update comment for capabilities (#89)
  • a4d8d38 update comment for capabilities
• Add integration test for linux and update go version from 1.16 to 1.17 (#84)
  • 49aa5ab Add integration test and update go version

Changes from containerd/imgcrypt

13 commits

• CHANGES: Updated CHANGES document for 1.1.4 release (#74)
  • f576654 CHANGES: Updated CHANGES document for 1.1.4 release
• Bump github.com/containerd/containerd from 1.5.10 to 1.6.1 (#73)
  • 2efa871 Bump github.com/containerd/containerd from 1.5.10 to 1.6.1
• images: prepare for typeurl.Any (#72)
  • f842da4 images: prepare for typeurl.Any
  • 6fdd981 images: Add list of Platforms to CheckAuthorization()
  • f440058 test: Test running of encrypted image only pulled for local platform
• Bump ocicrypt to 1.1.3 (#71)
  • d4d4684 Bump ocicrypt to 1.1.3
  • 727850f Bump github.com/containerd/containerd from 1.5.9 to 1.5.10
• Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 (#67)
  • 3c7db10 Bump github.com/containerd/containerd from 1.5.8 to 1.5.9

Dependency Changes

• github.com/containerd/go-cni v1.1.3 -> v1.1.4
• github.com/containerd/imgcrypt v1.1.3 -> v1.1.4
• github.com/containernetworking/plugins v1.0.1 -> v1.1.1
• github.com/containers/ocicrypt v1.1.2 -> v1.1.3
• github.com/miekg/pkcs11 v1.0.3 -> v1.1.1
• github.com/opencontainers/image-spec 693428a734f5 -> c5a74bcca799
• github.com/opencontainers/runc v1.1.0 -> v1.1.1
• github.com/prometheus/client_golang v1.11.0 -> v1.11.1

Previous release can be found at [v1.6.2](https://g...

containerd 1.6.2

Welcome to the v1.6.2 release of containerd!

The second patch release for containerd 1.6 includes a fix for
CVE-2022-24769.

Notable Updates

• Fix the inheritable capability defaults (GHSA-c9cp-9c75-9v8c)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Kazuyoshi Kato
• Sebastiaan van Stijn
• Akihiro Suda
• Andrew G. Morgan
• Phil Estes
• Shengjing Zhu
• Wei Fu

Changes

17 commits

• Prepare release notes for v1.6.2 (#6725)
  • Prepare release notes for v1.6.2
  • Add static checks to shim for Windows
• [release/1.6] update go.mod go version (#6724)
  • Update go.mod go version
• [release/1.6] remove empty go mod to allow building for go 1.18 (#6717)
  • [release/1.6] remove empty go mod to allow building for go 1.18
• Github Security Advisory GHSA-c9cp-9c75-9v8c
  • Fix the Inheritable capability defaults.
• [release/1.6] cherry-pick: Update TestNormalize to only test Windows (#6673)
  • Update TestNormalize to only test Windows
• [release/1.6] cherry-pick: Upgrade golangci-lint and its GitHub Action (#6675)
  • Upgrade golangci-lint and its GitHub Action
• [release/1.6] cri: relax test for system without hugetlb (#6623)
  • cri: relax test for system without hugetlb
• [release/1.6] update to go 1.16.15, 1.17.8 to address CVE-2022-24921 (#6620)
  • update to go 1.16.15, 1.17.8 to address CVE-2022-24921

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.6.1

containerd 1.5.11

Welcome to the v1.5.11 release of containerd!

The eleventh patch release for containerd 1.5 includes a fix for
CVE-2022-24769.

Notable Updates

• Fix the inheritable capability defaults (GHSA-c9cp-9c75-9v8c)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Sebastiaan van Stijn
• Akihiro Suda
• Andrew G. Morgan
• Daniel Canter
• Kazuyoshi Kato
• Phil Estes

Changes

18 commits

• Prepare release notes for v1.5.11 (#6723)
  • Prepare release notes for v1.5.11
• [release/1.5] Upgrade Go to 1.17 and golangci-lint (#6719)
  • Update go version to 1.17
  • Update linter errors
  • Run gofmt
  • Upgrade golangci-lint and its GitHub Action
• [release/1.5] fix critools installation (#6718)
  • Update get to install for cri tools
• [release/1.5] remove empty go mod to allow building for go 1.18 (#6716)
  • install-dev-tools: use go install, and pin by version
  • [release/1.5] remove empty go mod to allow building for go 1.18
• Github Security Advisory GHSA-c9cp-9c75-9v8c
  • Fix the Inheritable capability defaults.
• [release/1.5] update to go 1.16.15 to address CVE-2022-24921 (#6621)
  • [release/1.5] update to go 1.16.15 to address CVE-2022-24921
• [release/1.5] go.mod: Bump hcsshim to v0.8.24 (#6588)
  • go.mod: Bump hcsshim to v0.8.24

Dependency Changes

• github.com/Microsoft/hcsshim v0.8.23 -> v0.8.24

Previous release can be found at v1.5.10