Skip to content

@dmcgowan dmcgowan released this Feb 4, 2020 · 1467 commits to master since this release

Welcome to the v1.2.12 release of containerd!

The twelfth patch release for containerd 1.2 includes an updated runc with
a fix for CVE-2019-19921, an updated version of the opencontainers/selinux
dependency, which includes a fix for CVE-2019-16884, an updated version of the dependency to address CVE-2019-11253, and a Golang update.

Notable Updates

  • Update the runc vendor to v1.0.0-rc10 which includes a mitigation for CVE-2019-19921.

  • Update the opencontainers/selinux which includes a mitigation for CVE-2019-16884.

  • Update Golang runtime to 1.12.16, mitigating the CVE-2020-0601 certificate verification bypass on Windows, and CVE-2020-7919, which only affects 32-bit architectures.

  • Update Golang runtime to 1.12.15, which includes a fix to the runtime (Go 1.12.14, Go 1.12.15) and and the net/http package (Go 1.12.15)

  • A fix to prevent SIGSEGV when starting containerd-shim containerd/containerd#3960

  • Fixes to exec containerd/containerd#3755

    • Prevent docker exec hanging if an earlier docker exec left a zombie process
    • Prevent High system load/CPU utilization with liveness and readiness probes
    • Prevent Docker healthcheck causing high CPU utilization
  • CRI fixes:

    • Update the vendor to v2.2.8 with a mitigation for CVE-2019-11253


Please try out the release binaries and report any issues at


  • Sebastiaan van Stijn
  • Lantao Liu
  • Phil Estes
  • Derek McGowan
  • Davanum Srinivas
  • Michael Crosby
  • Mike Brown
  • Maksym Pavlenko
  • Akihiro Suda
  • Reid Li
  • Wei Fu


  • 35bd7a5f69 Merge pull request #3984 from thaJeztah/release_1.2.12
  • 79d65767e4 Prepare v1.2.12 release
  • 9be62a7ee9 Update mailmap
  • 7018df2284 Merge pull request #3996 from thaJeztah/1.2_bump_containerd_cri
  • 9c7bd5072d Merge pull request #3997 from thaJeztah/1.2_backport_dockerfile_test_fixes
  • 89c589bf03 Merge pull request #3995 from thaJeztah/1.2_backport_bump_grpc
  • 8761b1bf86 Update name for btrfs headers package
  • 5db3987ebf Fix dependency in
  • 945611681c [release/1.2] vendor: bump containerd/cri b1052f3b73fb9f0a6805d3c20e884a4cef265a38
  • 520c8cb846 bump v1.23.1
  • a558638ee7 Merge pull request #3993 from thaJeztah/1.2_update_containerd_cri
  • c12aaf0e59 vendor: bump v2.2.8
  • 9d1954f2ec vendor: bump containerd/cri b075cc4e9f394780dbed101601c48dcc3d37c828 (release/1.2 branch)
  • 92b40b6254 Merge pull request #3988 from thaJeztah/1.2_bump_golang_1.12.16
  • 1bc2590d98 vendor: update 69ecbb4d6d5dab05e49161c6e77ea40a030884e1
  • 44b5bac0c0 Update Golang 1.12.16 (CVE-2020-0601, CVE-2020-7919)
  • 7276974071 Merge pull request #3982 from dims/bump-opencontainers/selinux-for-CVE-2019-16884-release-1.2
  • 4c03d5dfb8 Pick up fix for CVE-2019-16884 in opencontainers/selinux
  • 318111bdfe Merge pull request #3977 from dims/update-to-new-rc10-of-opencontainers/runc-release-1.2
  • 87648d2a7b Bump to opencontainers/runc new version - v1.0.0-rc10
  • 701a8d0db8 Merge pull request #3968 from thaJeztah/1.2_bump_golang_1.12.15
  • f106ae4ab5 Update Golang 1.12.15
  • 625b11b6e1 Merge pull request #3960 from fuweid/cp-3559
  • 4288ba10fd runtime: only check killall for init process
  • 28d162717f Merge pull request #3918 from thaJeztah/1.2_bump_golang_1.12.14
  • e7b06baa68 Update Golang 1.12.14
  • b584375bdf Merge pull request #3909 from estesp/cp-3898-1.2
  • 34978bf3bd Disable criu tests in Travis CI
  • 79f4c650d5 Merge pull request #3755 from thaJeztah/1.2_backport_avoid_unnecessary_runc_state
  • ec48c95015 Merge pull request #3856 from fuweid/cp-1.2-3853
  • de8ed89b12 Fix cleanup error on content client test
  • 0877136a97 Use cached state instead of runc state.
  • f71f6d39b6 Robust pid locking for shim processes
  • 42aba6e0fe Add timeout for I/O waitgroups

Changes from containerd/cri

  • b1052f3b Merge pull request #1392 from dims/sync-vendors-with-containerd-in-release/1.2
  • 6adfc229 Merge pull request #1389 from dims/update-opencontainers/selinux-in-release/1.2
  • 6f8dc60e Sync vendors with containerd 1.2.11
  • ae6b4816 pick up fix for CVE-2019-19921 in opencontainers/selinux
  • b075cc4e Merge pull request #1388 from thaJeztah/1.2_bump_yaml
  • b1a3e1e9 [release/1.2] vendor: bump v2.2.8
  • 5420c6fb Merge pull request #1354 from Random-Liu/cherrypick-#1351-release-1.2
  • 12b09431 Better handle unknown state.
  • 57022a55 Merge pull request #1321 from Random-Liu/cherrypick-#1319-release-1.2
  • c229ad5c Fix containerd build, use libbtrfs-dev when available.
  • 80959d35 Merge pull request #1313 from Random-Liu/cherrypick-#1312-release-1.2
  • 6a7a8275 Update based on default xenial distro.
  • 69a876d4 Merge pull request #1305 from Random-Liu/sync-vendor-release-1.2
  • b638ad99 Sync vendors with containerd.

Dependency Changes

Previous release can be found at v1.2.11

  • bab7348fcfcc795e0dda2cc02e8cac6316c85edc -> b1052f3b73fb9f0a6805d3c20e884a4cef265a38
  • d736ef14f0288d6993a1845745d6756cfc9ddd5a -> dc9208a3303feef5b3839f4323d9beb36df0a9dd
  • v1.2.2 -> 5215b1806f52b1fcc2070a8826c542c9d33cd3cf
  • 49796115aa4b964c318aad4f3084fdb41e9aa067 -> 69ecbb4d6d5dab05e49161c6e77ea40a030884e1
  • 54a98f90d1c46b7731eb8fb305d2a321c30ef610 new
  • 6eaf6f47437a6b4e2153a190160ef39a92c7eceb -> 39e8a7b072a67ca2a75f57fa2e0d50995f5b22f6
  • v2.2.1 -> 53403b58ad1b561927d19068c655246f2db79d48
Assets 3
You can’t perform that action at this time.