containerd 1.1.6
Welcome to the v1.1.6 release of containerd!
This is the sixth patch release for the containerd
1.1 release. This
release specifically re-vendors runc
to capture the fix for the critical
CVE-2019-5736 container escape. Several CRI fixes were also included in
this release and are listed below.
Runtime
- Update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d to fix CVE-2019-5736
CRI
- containerd/cri#984 filter events for non k8s.io namespaces (resolves firecracker-microvm/firecracker-containerd#35)
- containerd/cri#991 Remove container lifecycle image dependency (fixes containerd/cri#990)
- containerd/cri#1016 Specify platform for image pull (fixes containerd/cri#1015)
- containerd/cri#1027 Fix the log ending newline handling (fixes containerd/cri#1026)
- containerd/cri#1042 Set /etc/hostname (fixes containerd/cri#1041)
- containerd/cri#1045 Fix env performance issue (fixes containerd/cri#1044)
- Update cri to f0b5665a959119b6a6234001e6d55206d9200e95
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Lantao Liu
- Phil Estes
- Michael Crosby
- Sebastiaan van Stijn
- Akihiro Suda
- Derek McGowan
- Lifubang
- Mike Brown
- Wei Fu
- Ace-Tang
- Mike Brown
Changes
0ad902c05b
Merge pull request #3003 from estesp/prepare-v1.1.6-releaseed854e3ca1
Prepare v1.1.6 releasea79c691e0f
Merge pull request #3015 from thaJeztah/1.1_bump_cri38bf6c598a
[release/1.1] update containerd/cri to f0b5665a959119b6a6234001e6d55206d9200e95878924b9b5
Merge pull request #2999 from thaJeztah/1.1_backport_bump_runc_cve_2019-57363177b4b96e
Update runc to 6635b4f0c6af3810594d2770f662f34ddc15b40d (CVE-2019-5736)80c3f1a3e4
Merge pull request #2966 from fuweid/remove-noop-1-13e6d7f678d
metadata/gc: remove the noop-loop for snapshot reference813e5f6765
Merge pull request #2954 from thaJeztah/1.1_backport_fix_xattrb48afb426e
fix: SCHILY.xattrs should be SCHILY.xattr9979a1a936
Merge pull request #2951 from crosbymichael/lint-relase11ff8a80e4c1
[release/1.1] fix: linter issue6b15143e8d
Merge pull request #2933 from AkihiroSuda/runc20190115-1.1acd495de00
bump up runcb55cf2cc05
Merge pull request #2892 from thaJeztah/1.1_revert_temp_golang_fix0e93a1e41f
Revert "Fix CI due to Golang 1.10.6 / 1.11.3 regressions (workaround)"02e398d93e
Merge pull request #2880 from thaJeztah/1.1_backport_fix_ci_golang_1.1166a3eeb5b7
Fix CI due to Golang 1.10.6 / 1.11.3 regressions (workaround)3c89a5e3f1
Merge pull request #2833 from acmcodercom/pidreuseattack0bb672dc2b
Merge pull request #2864 from thaJeztah/1.1_backport_runc-kill-pauseda1bfd3a2ed
Update runc to 96ec2177ae841256168fcf76954f7177afdbf186d970
Merge pull request #2848 from thaJeztah/1.1_backport_mask_asound3d313382ca
Add /proc/asound to masked paths6bb83f2195
Merge pull request #2834 from acmcodercom/execrace190c910435
fix pid reuse attack when kill a exec process33c860f31d
fix race in exec delete and start
Changes from containerd/cri
f0b5665a
Merge pull request #1048 from Random-Liu/cherrypick-#1045-release-1.05edec1d8
Include default envs from containerd.03cd5a31
Add env cache.eedb9f81
Merge pull request #1047 from Random-Liu/cherrypick-#1042-release-1.0b33f16e1
Don't log config at info level.3c7c404d
Set /etc/hostname.71909a1a
Merge pull request #1031 from Random-Liu/cherrypick-#1027-release-1.0dd55db0a
Add integration test.b9cb0b21
Fix lint error.0e24a83a
Fix the log ending newline handling.562eefa9
Merge pull request #1016 from Random-Liu/specify-platform-release-1.03a10f4e6
Specify platform for image pull.12b411e8
Merge pull request #1008 from Random-Liu/revert-#998-release-1.01347be5a
Revert "Temporary fix for golang regression #29241."685bd043
Merge pull request #1006 from Random-Liu/cherrypick-#1004-release-1.09d3f7085
Install libseccomp2 package based on debian version.5766ef2d
Merge pull request #995 from Random-Liu/cherrypick-#991-release-1.0a8b85255
Merge pull request #998 from Random-Liu/cherrypick-#997-release-1.02b2ca4c4
Temporary fix for golang regression #29241.0ac83633
Add integration test.5e759f5c
Remove container lifecycle image ref dependency.89aaac88
Merge pull request #988 from mikebrow/cherrypick-#984-release-1.02f5d677a
filter namespace
Dependency Changes
Previous release can be found at v1.1.5
- github.com/containerd/cri bad0ae1102e1bf9e53876f75eacc42bc97cfb557 -> f0b5665a959119b6a6234001e6d55206d9200e95
- github.com/opencontainers/runc 10d38b660a77168360df3522881e2dc2be5056bd -> 6635b4f0c6af3810594d2770f662f34ddc15b40d
- golang.org/x/sys 1b2967e3c290b7c545b3db0deeda16e9be4f98a2 -> 41f3e6584952bb034a481797859f6ab34b6803bd