containerd 1.4.4
Welcome to the v1.4.4 release of containerd!
The fourth patch release for containerd
1.4 contains a fix for CVE-2021-21334
along with various other minor issues.
See GHSA-6g2q-w5j3-fwh4
for more details related to CVE-2021-21334.
Notable Updates
- Fix container create in CRI to prevent possible environment variable leak between containers #1628
- Update shim server to return grpc NotFound error #4872
- Add bounds on max
oom_score_adj
value for shim's AdjustOOMScore #4874 - Update task manager to use fresh context when calling shim shutdown #4929
- Update Docker resolver to avoid possible concurrent map access panic #4941
- Update shim's log file open flags to avoid containerd hang on syscall open #4971
- Fix incorrect usage calculation #5019
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Shengjing Zhu
- Derek McGowan
- Sebastiaan van Stijn
- Phil Estes
- Akihiro Suda
- Wei Fu
- Michael Crosby
- Mike Brown
- Phil Estes
- Tõnis Tiigi
- Danail Branekov
- IceberGu
- Maksym Pavlenko
- Simon Kaegi
- Zhiyu Li
Changes
28 commits
05f951a37
Merge pull request from GHSA-6g2q-w5j3-fwh43ba4a3171
Prepare release notes for 1.4.4a22f1f642
Merge pull request #5107 from zhsj/update-cricbcb2f57f
vendor: update crida919aa2a
Merge pull request #5103 from AkihiroSuda/cache-vagrant-14633bfb712
CI: cache ~/.vagrant.d/boxes23495ab4a
Merge pull request #5082 from AkihiroSuda/fix-5077-14e7851d743
CI: fix "ls: cannot access '/etc/cni/net.d': Permission denied"8a7e41c5c
Merge pull request #5018 from zhsj/bpo-4974758f07631
Merge pull request #5019 from zhsj/bpo-4808f4a6e163e
Update continuity2ec4a495f
Update gogo/protobuf to v1.3.233d90b72d
Merge pull request #5010 from thaJeztah/1.4_update_golang232cee448
Update to go 1.15.802df14f78
Merge pull request #4993 from Iceber/fix-runc-v2-service-1.4f087d7849
runtime: fix shutdown runc v2 service349f7a5ef
Merge pull request #4971 from payall4u/bugfix/fix-open-shim-fifo-rebaseedffc830b
change flag from RDONLY to RDWR and close the fifo correctc36f12a27
Merge pull request #4942 from zhsj/cherry-pick-485486f5704c6
Merge pull request #4941 from zhsj/cherry-pick-4855e7cd2030e
pusher: add missing authentication support for requestsec752e8ba
docker: avoid concurrent map access panic00f5ffa45
Merge pull request #4929 from fuweid/cherry-pick-1.4-846cb963cb73052d34
runtime/v2: should use defer ctx to cleanuped8ec9749
Merge pull request #4872 from masters-of-cats/pr-process-not-found-err-14d5c1444af
Merge pull request #4874 from johnathanmdell/release/1.48cff6b375
[release/1.4 backport] Return GRPC not found error instead of plain onea6f6eb00c
Add bounds on max oom_score_adj value for AdjustOOMScore
Changes from containerd/continuity
18 commits
1d9893e
Merge pull request #169 from dmcgowan/fix-usage-block-size363153d
Add directory size to usage calculation testb97555e
Fix incorrect usage calculation91328d7
Merge pull request #166 from zhsj/fix-riscv64809d89c
go.mod: golang.org/x/sys to latest62ef0ff
Merge pull request #165 from zhsj/fix-arm6425269ef
Fix building on arm64310e183
gha: fix invalid workflow definition04c754f
Merge pull request #163 from dmcgowan/fix-sparse-file-usagebc5e3ed
Fix usage calculation to account for sparse files03c371a
gha: replace uses of deprecated "set-env", "add-path"f2cc351
Merge pull request #157 from thaJeztah/update_depsaaa8883
Merge pull request #160 from thaJeztah/test_go_1.155b95d2d
GH Actions: test against Go 1.15c9598ea
go.mod: github.com/opencontainers/go-digest v1.0.071d065d
go.mod: github.com/dustin/go-humanize v1.0.084c3eb7
go.mod: github.com/pkg/errors v0.9.12068663
go.mod: logrus v1.6.0
Changes from containerd/cri
13 commits
aa2d5a97
Merge pull request #1628 from zhsj/bpo-containerd-5024-5054e4fcda32
cri: append envs from image config to empty slice to avoid env lostf9bcbb73
cri: append envs from image config to empty slice to avoid env lostb4b894c8
Merge pull request #1621 from zhsj/bpo-containerd-49874dbbd509
Merge pull request #1620 from zhsj/bpo-containerd-4974ed743f7f
Merge pull request #1618 from zhsj/bpo-containerd-48637efa54f0
Fix deprecated registry auth conversion.5848b5ba
cri/config: fix range iterator issue in ValidatePluginConfig815eaf40
Update gogo/protobuf to v1.3.28b859cbc
Ensure log dir is created779131a4
Merge pull request #1608 from thaJeztah/1.4_bump_go_1.153e353f11
[release/1.4] update Go 1.15.5 (to match containerd)3c709ba1
[release/1.4] hack/utils: update cri-tools 0f5f734a7e1da0979915c6e7d5b6641bd9dc2627
Dependency Changes
- github.com/containerd/continuity efbc4488d8fe -> 1d9893e5674b
- github.com/containerd/cri adc0b6a578ed -> aa2d5a97cdc4
- github.com/gogo/protobuf v1.3.1 -> v1.3.2
Previous release can be found at v1.4.3