Skip to content

containerd 1.4.4

Choose a tag to compare
@github-actions github-actions released this 05 Mar 06:03

Welcome to the v1.4.4 release of containerd!

The fourth patch release for containerd 1.4 contains a fix for CVE-2021-21334
along with various other minor issues.
See GHSA-6g2q-w5j3-fwh4
for more details related to CVE-2021-21334.

Notable Updates

  • Fix container create in CRI to prevent possible environment variable leak between containers #1628
  • Update shim server to return grpc NotFound error #4872
  • Add bounds on max oom_score_adj value for shim's AdjustOOMScore #4874
  • Update task manager to use fresh context when calling shim shutdown #4929
  • Update Docker resolver to avoid possible concurrent map access panic #4941
  • Update shim's log file open flags to avoid containerd hang on syscall open #4971
  • Fix incorrect usage calculation #5019

Please try out the release binaries and report any issues at


  • Shengjing Zhu
  • Derek McGowan
  • Sebastiaan van Stijn
  • Phil Estes
  • Akihiro Suda
  • Wei Fu
  • Michael Crosby
  • Mike Brown
  • Phil Estes
  • Tõnis Tiigi
  • Danail Branekov
  • IceberGu
  • Maksym Pavlenko
  • Simon Kaegi
  • Zhiyu Li


28 commits

Changes from containerd/continuity

18 commits

  • 1d9893e Merge pull request #169 from dmcgowan/fix-usage-block-size
  • 363153d Add directory size to usage calculation test
  • b97555e Fix incorrect usage calculation
  • 91328d7 Merge pull request #166 from zhsj/fix-riscv64
  • 809d89c go.mod: to latest
  • 62ef0ff Merge pull request #165 from zhsj/fix-arm64
  • 25269ef Fix building on arm64
  • 310e183 gha: fix invalid workflow definition
  • 04c754f Merge pull request #163 from dmcgowan/fix-sparse-file-usage
  • bc5e3ed Fix usage calculation to account for sparse files
  • 03c371a gha: replace uses of deprecated "set-env", "add-path"
  • f2cc351 Merge pull request #157 from thaJeztah/update_deps
  • aaa8883 Merge pull request #160 from thaJeztah/test_go_1.15
  • 5b95d2d GH Actions: test against Go 1.15
  • c9598ea go.mod: v1.0.0
  • 71d065d go.mod: v1.0.0
  • 84c3eb7 go.mod: v0.9.1
  • 2068663 go.mod: logrus v1.6.0

Changes from containerd/cri

13 commits

  • aa2d5a97 Merge pull request #1628 from zhsj/bpo-containerd-5024-5054
  • e4fcda32 cri: append envs from image config to empty slice to avoid env lost
  • f9bcbb73 cri: append envs from image config to empty slice to avoid env lost
  • b4b894c8 Merge pull request #1621 from zhsj/bpo-containerd-4987
  • 4dbbd509 Merge pull request #1620 from zhsj/bpo-containerd-4974
  • ed743f7f Merge pull request #1618 from zhsj/bpo-containerd-4863
  • 7efa54f0 Fix deprecated registry auth conversion.
  • 5848b5ba cri/config: fix range iterator issue in ValidatePluginConfig
  • 815eaf40 Update gogo/protobuf to v1.3.2
  • 8b859cbc Ensure log dir is created
  • 779131a4 Merge pull request #1608 from thaJeztah/1.4_bump_go_1.15
  • 3e353f11 [release/1.4] update Go 1.15.5 (to match containerd)
  • 3c709ba1 [release/1.4] hack/utils: update cri-tools 0f5f734a7e1da0979915c6e7d5b6641bd9dc2627

Dependency Changes

  • efbc4488d8fe -> 1d9893e5674b
  • adc0b6a578ed -> aa2d5a97cdc4
  • v1.3.1 -> v1.3.2

Previous release can be found at v1.4.3