containerd 1.1.6
Welcome to the v1.1.6 release of containerd!
This is the sixth patch release for the containerd 1.1 release. This
release specifically re-vendors runc to capture the fix for the critical
CVE-2019-5736 container escape. Several CRI fixes were also included in
this release and are listed below.
Runtime
- Update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d to fix CVE-2019-5736
CRI
- containerd/cri#984 filter events for non k8s.io namespaces (resolves firecracker-microvm/firecracker-containerd#35)
- containerd/cri#991 Remove container lifecycle image dependency (fixes containerd/cri#990)
- containerd/cri#1016 Specify platform for image pull (fixes containerd/cri#1015)
- containerd/cri#1027 Fix the log ending newline handling (fixes containerd/cri#1026)
- containerd/cri#1042 Set /etc/hostname (fixes containerd/cri#1041)
- containerd/cri#1045 Fix env performance issue (fixes containerd/cri#1044)
- Update cri to f0b5665a959119b6a6234001e6d55206d9200e95
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Lantao Liu
- Phil Estes
- Michael Crosby
- Sebastiaan van Stijn
- Akihiro Suda
- Derek McGowan
- Lifubang
- Mike Brown
- Wei Fu
- Ace-Tang
- Mike Brown
Changes
0ad902c05bMerge pull request #3003 from estesp/prepare-v1.1.6-releaseed854e3ca1Prepare v1.1.6 releasea79c691e0fMerge pull request #3015 from thaJeztah/1.1_bump_cri38bf6c598a[release/1.1] update containerd/cri to f0b5665a959119b6a6234001e6d55206d9200e95878924b9b5Merge pull request #2999 from thaJeztah/1.1_backport_bump_runc_cve_2019-57363177b4b96eUpdate runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d (CVE-2019-5736)80c3f1a3e4Merge pull request #2966 from fuweid/remove-noop-1-13e6d7f678dmetadata/gc: remove the noop-loop for snapshot reference813e5f6765Merge pull request #2954 from thaJeztah/1.1_backport_fix_xattrb48afb426efix: SCHILY.xattrs should be SCHILY.xattr9979a1a936Merge pull request #2951 from crosbymichael/lint-relase11ff8a80e4c1[release/1.1] fix: linter issue6b15143e8dMerge pull request #2933 from AkihiroSuda/runc20190115-1.1acd495de00bump up runcb55cf2cc05Merge pull request #2892 from thaJeztah/1.1_revert_temp_golang_fix0e93a1e41fRevert "Fix CI due to Golang 1.10.6 / 1.11.3 regressions (workaround)"02e398d93eMerge pull request #2880 from thaJeztah/1.1_backport_fix_ci_golang_1.1166a3eeb5b7Fix CI due to Golang 1.10.6 / 1.11.3 regressions (workaround)3c89a5e3f1Merge pull request #2833 from acmcodercom/pidreuseattack0bb672dc2bMerge pull request #2864 from thaJeztah/1.1_backport_runc-kill-pauseda1bfd3a2edUpdate runc to 96ec2177ae841256168fcf76954f7177afdbf186d970Merge pull request #2848 from thaJeztah/1.1_backport_mask_asound3d313382caAdd /proc/asound to masked paths6bb83f2195Merge pull request #2834 from acmcodercom/execrace190c910435fix pid reuse attack when kill a exec process33c860f31dfix race in exec delete and start
Changes from containerd/cri
f0b5665aMerge pull request #1048 from Random-Liu/cherrypick-#1045-release-1.05edec1d8Include default envs from containerd.03cd5a31Add env cache.eedb9f81Merge pull request #1047 from Random-Liu/cherrypick-#1042-release-1.0b33f16e1Don't log config at info level.3c7c404dSet /etc/hostname.71909a1aMerge pull request #1031 from Random-Liu/cherrypick-#1027-release-1.0dd55db0aAdd integration test.b9cb0b21Fix lint error.0e24a83aFix the log ending newline handling.562eefa9Merge pull request #1016 from Random-Liu/specify-platform-release-1.03a10f4e6Specify platform for image pull.12b411e8Merge pull request #1008 from Random-Liu/revert-#998-release-1.01347be5aRevert "Temporary fix for golang regression #29241."685bd043Merge pull request #1006 from Random-Liu/cherrypick-#1004-release-1.09d3f7085Install libseccomp2 package based on debian version.5766ef2dMerge pull request #995 from Random-Liu/cherrypick-#991-release-1.0a8b85255Merge pull request #998 from Random-Liu/cherrypick-#997-release-1.02b2ca4c4Temporary fix for golang regression #29241.0ac83633Add integration test.5e759f5cRemove container lifecycle image ref dependency.89aaac88Merge pull request #988 from mikebrow/cherrypick-#984-release-1.02f5d677afilter namespace
Dependency Changes
Previous release can be found at v1.1.5
- github.com/containerd/cri bad0ae1102e1bf9e53876f75eacc42bc97cfb557 -> f0b5665a959119b6a6234001e6d55206d9200e95
- github.com/opencontainers/runc 10d38b660a77168360df3522881e2dc2be5056bd -> 6635b4f0c6af3810594d2770f662f34ddc15b40d
- golang.org/x/sys 1b2967e3c290b7c545b3db0deeda16e9be4f98a2 -> 41f3e6584952bb034a481797859f6ab34b6803bd