Skip to content

@dmcgowan dmcgowan released this Feb 14, 2019

Welcome to the v1.1.6 release of containerd!

This is the sixth patch release for the containerd 1.1 release. This
release specifically re-vendors runc to capture the fix for the critical
CVE-2019-5736 container escape. Several CRI fixes were also included in
this release and are listed below.


  • Update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d to fix CVE-2019-5736


Please try out the release binaries and report any issues at


  • Lantao Liu
  • Phil Estes
  • Michael Crosby
  • Sebastiaan van Stijn
  • Akihiro Suda
  • Derek McGowan
  • Lifubang
  • Mike Brown
  • Wei Fu
  • Ace-Tang
  • Mike Brown


  • 0ad902c05b Merge pull request #3003 from estesp/prepare-v1.1.6-release
  • ed854e3ca1 Prepare v1.1.6 release
  • a79c691e0f Merge pull request #3015 from thaJeztah/1.1_bump_cri
  • 38bf6c598a [release/1.1] update containerd/cri to f0b5665a959119b6a6234001e6d55206d9200e95
  • 878924b9b5 Merge pull request #2999 from thaJeztah/1.1_backport_bump_runc_cve_2019-5736
  • 3177b4b96e Update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d (CVE-2019-5736)
  • 80c3f1a3e4 Merge pull request #2966 from fuweid/remove-noop-1-1
  • 3e6d7f678d metadata/gc: remove the noop-loop for snapshot reference
  • 813e5f6765 Merge pull request #2954 from thaJeztah/1.1_backport_fix_xattr
  • b48afb426e fix: SCHILY.xattrs should be SCHILY.xattr
  • 9979a1a936 Merge pull request #2951 from crosbymichael/lint-relase11
  • ff8a80e4c1 [release/1.1] fix: linter issue
  • 6b15143e8d Merge pull request #2933 from AkihiroSuda/runc20190115-1.1
  • acd495de00 bump up runc
  • b55cf2cc05 Merge pull request #2892 from thaJeztah/1.1_revert_temp_golang_fix
  • 0e93a1e41f Revert "Fix CI due to Golang 1.10.6 / 1.11.3 regressions (workaround)"
  • 02e398d93e Merge pull request #2880 from thaJeztah/1.1_backport_fix_ci_golang_1.11
  • 66a3eeb5b7 Fix CI due to Golang 1.10.6 / 1.11.3 regressions (workaround)
  • 3c89a5e3f1 Merge pull request #2833 from acmcodercom/pidreuseattack
  • 0bb672dc2b Merge pull request #2864 from thaJeztah/1.1_backport_runc-kill-paused
  • a1bfd3a2ed Update runc to 96ec2177ae841256168fcf76954f7177af
  • dbf186d970 Merge pull request #2848 from thaJeztah/1.1_backport_mask_asound
  • 3d313382ca Add /proc/asound to masked paths
  • 6bb83f2195 Merge pull request #2834 from acmcodercom/execrace
  • 190c910435 fix pid reuse attack when kill a exec process
  • 33c860f31d fix race in exec delete and start

Changes from containerd/cri

  • f0b5665a Merge pull request #1048 from Random-Liu/cherrypick-#1045-release-1.0
  • 5edec1d8 Include default envs from containerd.
  • 03cd5a31 Add env cache.
  • eedb9f81 Merge pull request #1047 from Random-Liu/cherrypick-#1042-release-1.0
  • b33f16e1 Don't log config at info level.
  • 3c7c404d Set /etc/hostname.
  • 71909a1a Merge pull request #1031 from Random-Liu/cherrypick-#1027-release-1.0
  • dd55db0a Add integration test.
  • b9cb0b21 Fix lint error.
  • 0e24a83a Fix the log ending newline handling.
  • 562eefa9 Merge pull request #1016 from Random-Liu/specify-platform-release-1.0
  • 3a10f4e6 Specify platform for image pull.
  • 12b411e8 Merge pull request #1008 from Random-Liu/revert-#998-release-1.0
  • 1347be5a Revert "Temporary fix for golang regression #29241."
  • 685bd043 Merge pull request #1006 from Random-Liu/cherrypick-#1004-release-1.0
  • 9d3f7085 Install libseccomp2 package based on debian version.
  • 5766ef2d Merge pull request #995 from Random-Liu/cherrypick-#991-release-1.0
  • a8b85255 Merge pull request #998 from Random-Liu/cherrypick-#997-release-1.0
  • 2b2ca4c4 Temporary fix for golang regression #29241.
  • 0ac83633 Add integration test.
  • 5e759f5c Remove container lifecycle image ref dependency.
  • 89aaac88 Merge pull request #988 from mikebrow/cherrypick-#984-release-1.0
  • 2f5d677a filter namespace

Dependency Changes

Previous release can be found at v1.1.5

  • bad0ae1102e1bf9e53876f75eacc42bc97cfb557 -> f0b5665a959119b6a6234001e6d55206d9200e95
  • 10d38b660a77168360df3522881e2dc2be5056bd -> 6635b4f0c6af3810594d2770f662f34ddc15b40d
  • 1b2967e3c290b7c545b3db0deeda16e9be4f98a2 -> 41f3e6584952bb034a481797859f6ab34b6803bd
Assets 3