Skip to content

v2.2.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 15 Jun 00:58
· 145 commits to main since this release
v2.2.0
d88d65b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

  • docs(readme): lead with core competitiveness (first-principles) by @ZhiXiao-Lin in #30
  • fix(guest-init): make container stdout/stderr re-openable (Apache httpd, /dev/stdout) by @ZhiXiao-Lin in #31
  • feat(run): warn when a health check probes localhost under TSI networking by @ZhiXiao-Lin in #32
  • fix(box): release overlay mount on box teardown + idempotent mount (mount leak) by @ZhiXiao-Lin in #33
  • fix(state): atomic box registration in compose + snapshot (orphan-VM race) by @ZhiXiao-Lin in #34
  • fix(vm): reap passt on boot failure so the published port is released by @ZhiXiao-Lin in #35
  • fix(cli): atomic StateFile writes for lifecycle status commands (closes orphan-VM race) by @ZhiXiao-Lin in #36
  • fix(box): enforce --pids-limit on the run path (in-guest cgroup pids.max) by @ZhiXiao-Lin in #37
  • fix(cli): close the restart state-clobber race missed by #36 by @ZhiXiao-Lin in #38
  • fix(runtime): harden resize — reject shell-injectable cpuset, clamp cpu.weight by @ZhiXiao-Lin in #39
  • fix(cli): unmount overlay before deleting box dir in compose cleanup (#33 class) by @ZhiXiao-Lin in #40
  • fix(runtime): refuse OCI blobs with unverifiable digest algorithms by @ZhiXiao-Lin in #41
  • fix(guest-init): retry stdio relay on EINTR (don't truncate output on SIGTERM) by @ZhiXiao-Lin in #42
  • fix(guest-init): cgroup mount TOCTOU + stdio fd-leak + signal-64 edge by @ZhiXiao-Lin in #43
  • fix(runtime): kill passt on boot-failure timeout + guard terminate against PID reuse by @ZhiXiao-Lin in #44
  • fix(runtime): overlay comma guard + bounded unmount-retry in provider cleanup by @ZhiXiao-Lin in #46
  • fix(cri): surface container log-file open failures (don't swallow) by @ZhiXiao-Lin in #47
  • fix(runtime): atomic OCI store/build-cache writes (stage + rename) by @ZhiXiao-Lin in #45
  • fix(runtime): stage single-file bind mounts so virtio-fs can share them by @ZhiXiao-Lin in #48
  • fix(runtime): warm pool falls back to cold boot when snapshot-fork is unavailable by @ZhiXiao-Lin in #49
  • fix(box): base64-encode exec args/env so quotes survive libkrun env passing by @ZhiXiao-Lin in #50
  • fix(cri): StopPodSandbox state invariant + non-running container stats by @ZhiXiao-Lin in #51
  • fix(cri): close stdin / send port-forward CLOSE on streaming error paths by @ZhiXiao-Lin in #52
  • fix(cri): reject empty image reference in pull/status/remove image by @ZhiXiao-Lin in #53
  • fix(cri): resolve image reference in RemoveImage (rmi by short tag) by @ZhiXiao-Lin in #54
  • chore(release): v2.2.0 — hardening + CRI fixes by @ZhiXiao-Lin in #55

Full Changelog: v2.1.0...v2.2.0

Contributors

ZhiXiao-Lin
Assets 6
Loading