Skip to content

containerd 1.3.10

Choose a tag to compare
@github-actions github-actions released this 05 Mar 05:54

Welcome to the v1.3.10 release of containerd!

The tenth patch release for containerd 1.3 contains a fix for CVE-2021-21334
along with various other minor issues. This is the final release for
containerd 1.3.

See GHSA-6g2q-w5j3-fwh4
for more details related to CVE-2021-21334.

Notable Updates

  • Fix container create in CRI to prevent possible environment variable leak between containers #1629
  • Add bounds on max oom_score_adj value for shim's AdjustOOMScore #4875
  • Update task manager to use fresh context when calling shim shutdown #4930
  • Fix incorrect usage calculation #5126

Please try out the release binaries and report any issues at


  • Derek McGowan
  • Phil Estes
  • Sebastiaan van Stijn
  • Mike Brown
  • Akihiro Suda
  • Kir Kolyshkin
  • Wei Fu
  • Shengjing Zhu
  • Li Yuxuan
  • Michael Crosby
  • Phil Estes
  • Sam Whited
  • Tom Faulhaber
  • Brian Goff
  • Derek McGowan
  • IceberGu
  • Ivan Markin
  • Maksym Pavlenko
  • Michael Crosby
  • Samuel Karp
  • Simon Kaegi
  • Tibor Vass
  • Wilbert van de Ridder
  • Xiaodong Ye


16 commits

  • 1c5970efb Merge pull request from GHSA-6g2q-w5j3-fwh4
  • 9d46f241e Prepare release notes for 1.3.10
  • 0eb8cbd29 Merge pull request #5126 from dmcgowan/backport-1.3-continuity-usage-calculation
  • 8f71d98c6 Update continuity to fix usage calculation
  • dc49905ce Merge pull request #5121 from fuweid/update-cri-plugin
  • 2d9c8aa4b vendor: update CRI plugin with commit ca9c55
  • 3405c1d61 Merge pull request #4992 from Iceber/fix-runc-v2-service-1.3
  • fb872ce79 runtime: fix shutdown runc v2 service
  • 070cc0129 Merge pull request #4930 from fuweid/cherry-pick-1.3-846cb963c
  • e97824177 runtime/v2: should use defer ctx to cleanup
  • 804621064 Merge pull request #4875 from johnathanmdell/release/1.3
  • ff9f916b4 Add bounds on max oom_score_adj value for AdjustOOMScore
  • 1e683ff22 Merge pull request #4755 from thaJeztah/1.3_backport_cancel_shim_log_ctx_by_onclose
  • 3f694f1a3 v2: Cancel shim log ctx when ttrpc is closed
  • 7a2410592 v2: Fix missing ns when openShimLog on windows
  • e9518fb31 v2: Call shim.Delete at first when create is failed

Changes from containerd/continuity

53 commits

  • 1d9893e Merge pull request #169 from dmcgowan/fix-usage-block-size
  • 363153d Add directory size to usage calculation test
  • b97555e Fix incorrect usage calculation
  • 91328d7 Merge pull request #166 from zhsj/fix-riscv64
  • 809d89c go.mod: to latest
  • 62ef0ff Merge pull request #165 from zhsj/fix-arm64
  • 25269ef Fix building on arm64
  • 310e183 gha: fix invalid workflow definition
  • 04c754f Merge pull request #163 from dmcgowan/fix-sparse-file-usage
  • bc5e3ed Fix usage calculation to account for sparse files
  • 03c371a gha: replace uses of deprecated "set-env", "add-path"
  • f2cc351 Merge pull request #157 from thaJeztah/update_deps
  • aaa8883 Merge pull request #160 from thaJeztah/test_go_1.15
  • 5b95d2d GH Actions: test against Go 1.15
  • c9598ea go.mod: v1.0.0
  • 71d065d go.mod: v1.0.0
  • 84c3eb7 go.mod: v0.9.1
  • 2068663 go.mod: logrus v1.6.0
  • efbc448 Merge pull request #156 from estesp/disable-travis
  • e2d0145 Remove travis config
  • daa8e1c Merge pull request #155 from estesp/gh-actions-ci
  • 8c3ce1b Update CI to use GitHub Actions
  • 6629113 Update linting to use golangci-lint
  • 9365a1b Fix golangci-lint errors
  • f1c9af8 Merge pull request #154 from mikebrow/cleanup-nits
  • f681eac reduce code complexity
  • 6728803 update AUTHORS
  • f265cff fix gofmt issues
  • cf53015 Merge pull request #153 from tomfaulhaber/empty-file-fix
  • 5a33969 Add a comment to clarify that we're handling the empty file case
  • 11900e8 Fix sameFile() to recognize empty files as the same
  • d3ef23f Merge pull request #151 from kolyshkin/readlink-win
  • 0f16d7a Merge pull request #150 from kolyshkin/xattr
  • 643e66e Remove Windows' Readlink fork
  • da42a30 driver: fail to build on Windows with go < 1.13
  • d7961f4 travis.yml: rm unsupported go releases, add 1.14
  • bbd0be0 sysx/xattr: improve listxattrAll
  • 9e256e6 sysx/xattr: fix getxattrAll
  • 26c1120 Merge pull request #109 from nogoegst/fs-openbsd
  • 0ec5967 Merge pull request #148 from zhsj/fix-gccgo
  • a7f992c fs: don't convert syscall.Timespec to unix.Timespec directly
  • 669de92 Merge pull request #147 from yeahdongcn/xattr
  • b05c0fd xattr lost when copying directory
  • 1097c8b Merge pull request #144 from SamWhited/modules
  • 91c91a7 Merge branch 'master' into modules
  • f65d91d Merge pull request #146 from fuweid/me-enable-root-for-testing
  • 2f58149 test: enable root for RequiresRoot cases
  • abe3784 Support Go Modules
  • 75bee3e Merge pull request #143 from tiborvass/fix-sockets
  • 403b5be Merge pull request #141 from WRidder/patch-1
  • cd143ee fstest: have CreateSocket actually create a socket
  • 38f9467 Add src string to copyDirectory error message.
  • cad9e55 fs: support for OpenBSD

Changes from containerd/cri

14 commits

  • ca9c5533 Merge pull request #1629 from fuweid/cherry-pick-cri-1628
  • 7ea3462f cri: append envs from image config to empty slice to avoid env lost
  • 3a1c3b3b Merge pull request #1604 from samuelkarp/backport1.3-runtimes
  • f6f5aef1 Merge pull request #1610 from thaJeztah/1.3_bump_containerd
  • 7945246e vendor: containerd v1.3.7 and dependencies
  • 473085cb vendor.conf: sort dependencies
  • 87913363 reformat vendor.conf, and use tags again, to match containerd
  • fa4724b7 Merge pull request #1611 from thaJeztah/1.3_fix_golangci_install
  • c04aabc3 Fix golangci-lint installation
  • 8c742677 enable test-integration target to specify runtime
  • 9528e306 Merge pull request #1558 from cpuguy83/1.3_no_libseccomp
  • 52678022 Fix header for new seccomp files.
  • 2cc11e5e fix for image pull linter change
  • 7f1124c9 remove libseccomp cgo dependency

Dependency Changes

  • f2a389ac0a02 -> 1d9893e5674b
  • f864905c93b9 -> ca9c5533489d

Previous release can be found at v1.3.9