containerd 1.6.18
Welcome to the v1.6.18 release of containerd!
The eighteenth patch release for containerd 1.6 includes fixes for CVE-2023-25153 and CVE-2023-25173
along with a security update for Go.
Notable Updates
- Fix OCI image importer memory exhaustion (GHSA-259w-8hf6-59c2)
- Fix supplementary groups not being set up properly (GHSA-hmfx-3pcx-653p)
- Revert removal of
/sbin/apparmor_parsercheck (#8087) - Update Go to 1.19.6 (#8111)
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Akihiro Suda
- Derek McGowan
- Ye Sijun
- Samuel Karp
- Bjorn Neergaard
- Wei Fu
- Brian Goff
- Iceber Gu
- Kazuyoshi Kato
- Phil Estes
- Swagat Bora
Changes
24 commits
- [release/1.6] Prepare release notes for v1.6.18 (#8118)
44e61d764Add release notes for v1.6.18
- Github Security Advisory GHSA-hmfx-3pcx-653p
- Github Security Advisory GHSA-259w-8hf6-59c2
84936fd1fimporter: stream oci-layout and manifest.json
- [1.6] Add fallback for windows platforms without osversion (#8106)
b327af6a4Add fallback for windows platforms without osversion
- [release/1.6] Go 1.19.6 (#8111)
54ead5b7bGo 1.19.6
- [release/1.6] ctr/run: flags --detach and --rm cannot be specified together (#8094)
2b4b35ab4ctr/run: flags --detach and --rm cannot be specified together
- [release/1.6] Fix retry logic within devmapper device deactivation (#8088)
d5284157bFix retry logic within devmapper device deactivation
- [release/1.6 backport] Revert
apparmor_parserregression (#8087) - [release/1.6] CI: skip some jobs when
repo != containerd/containerd(#8083)664a938a3CI: skip some jobs whenrepo != containerd/containerd
Dependency Changes
This release has no dependency changes
Previous release can be found at v1.6.17