fix: update containerd versions on Ubuntu to fix CVEs#8595
Conversation
github-actions
Bot
added
the
components
There was a problem hiding this comment.
Pull request overview
Updates the pinned containerd (moby-containerd) package versions in parts/common/components.json, which is used to drive VHD component selection and expected package versions across OS variants.
Changes:
- Bump Ubuntu 24.04 moby-containerd from
2.1.6-ubuntu24.04u2→2.1.7-ubuntu24.04u2 - Bump Ubuntu 22.04 moby-containerd from
1.7.31-ubuntu22.04u1→1.7.32-ubuntu22.04u1 - Bump Ubuntu 20.04 moby-containerd from
1.7.30-ubuntu20.04u4→1.7.32-ubuntu20.04u1
Package Update Analysis: containerd (moby-containerd)
Version change:
- Ubuntu 24.04:
2.1.6-ubuntu24.04u2→2.1.7-ubuntu24.04u2(patch update) - Ubuntu 22.04:
1.7.31-ubuntu22.04u1→1.7.32-ubuntu22.04u1(patch update) - Ubuntu 20.04:
1.7.30-ubuntu20.04u4→1.7.32-ubuntu20.04u1(patch update)
OS variants affected: Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04
OS variants NOT updated: Mariner 2.0, Azure Linux 3.0, Windows (containerd)
Changes between versions
Upstream changelog not found in-repo for these specific distro/package revision variants. Manual validation (package availability + e2e/VHD build validation) recommended before merge.
Overall Risk: 🟡 Medium
Justification: Container runtime updates are high-impact even when patch-level; additionally, the PR description/title implies a broad CVE fix while only Ubuntu variants are updated.
Recommendation: Request changes/clarification and ensure OS coverage matches the stated CVE scope.
djsly
changed the title
Fixes bunch of CVE