containerd 1.7.0-beta.1

Welcome to the v1.7.0-beta.1 release of containerd!
This is a pre-release of containerd

The eighth major release of containerd includes new functionality alongside many improvements.
This release is intended to be the last major release of containerd 1.x before 2.0.
Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0.
This release still adheres to our backwards compability guarantees and users who do not use or enable new functionality should use this release with the same stability expectations.
The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality.

This is a beta release and includes some functionality which is not yet complete. While most APIs are finalized before merge, they are subject to change until the official release.

Highlights

Sandbox API (experimental)

The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs.
This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients.

• Sandbox API (#6703)
• CRI Sandbox API Implementation (#7228)

Transfer Service (experimental)

• Transfer Service (#7320)

The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for
pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release
to allow for further plugin development and integration into existing plugins.

See the Transfer Docs

NRI (experimental)

• Extend NRI scope (nri#16)
• Support for updated NRI (#6019)

The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides
basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration.

This release introduces NRI v0.2.0 with an updated plugin interface to cover a wide range of use cases.

See the NRI Docs

Platform Support

• Linux containers on FreeBSD (#7000)

Runtime Features

• Add support for CDI device injection (#6654)
• Support for cgroups blockio (#5490)
• Add restart policy for enhanced restart manager (#6744)

Road to 2.0

Refactoring

There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points.

The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality
out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independenty. The new sandbox and distribution interfaces provide one example of this,
but it also being done for image and network management.

The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc.
Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability.

• Remove gogoproto.customtype (#6699)

• Remove enumvalue_customname, goproto_enum_prefix and enum_customname (#6708)

• Remove all gogoproto extensions (#6829)

• Migrate off from github.com/gogo/protobuf (#6841)

• ttrpc streaming (ttrpc#107)

• Add unpack interface for client (#6749)

• Add collectible resources to metadata gc (#6804)

Configuration

Existing CRI configurations will be supported until 2.0.
Any functionality split out of CRI will have their configuration migrated to new plugins.
Deprecated configuration versions and configurations for deprecated features will be removed in 2.0.

Deprecation

The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include.

• Docker Schema 1 Image Deprecation (#6884)

CRI Updates

• Support image pull progress timeout (#6150)
• Fix CRI plugin to setup pod network after creating the sandbox container (#5904)
• Pass all TOML runtime configuration options from CRI to the runtime (#7764)

Other

• Support shallow content copy by adding reader option to local content reader at (#7414)
• Add NoSameOwner option when unpacking tars (#7386)
• Add FetcherByDigest for fetching blobs without fetching a manifest (#7460)
• Update default seccomp profile to block socket calls to AF_VSOCK (#7510)
• Replace fork on mount logic with CLONE_FS (#7513)
• Add support for default registry host configuration (#7607)
• Use github.com/minio/sha256-simd for more efficient sha256 calculation (#7732)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Kazuyoshi Kato
• Derek McGowan
• Phil Estes
• Maksym Pavlenko
• Wei Fu
• Akihiro Suda
• Sebastiaan van Stijn
• Samuel Karp
• Mike Brown
• Krisztian Litkey
• Daniel Canter
• Ye Sijun
• yanggang
• Adam Korcz
• Ed Bartosh
• Stefan Berger
• Gabriel Adrian Samfira
• Nashwan Azhari
• Paul "TBBle" Hampson
• Luca Comellini
• ruiwen-zhao
• xin.li
• Austin Vazquez
• Brian Goff
• Shengjing Zhu
• zounengren
• Danny Canter
• Gavin Inglis
• Henry Wang
• Iceber Gu
• Justin Terry
• Swagat Bora
• wanglei
• Akhil Mohan
• Kevin Parsons
• lengrongfu
• Michael Crosby
• Paco Xu
• Qiutong Song
• Shiming Zhang
• James Jenkins
• Michael Zappa
• Tobias Klauser
• guodong
• pigletfly
• Amit Barve
• Antonio Ojea
• Cameron Sparr
• Craig Ingram
• Eng Zer Jun
• Eric Lin
• James Sturtevant
• Jess
• Jonny Stoten
• Juan Hoyos
• Kang.Zhang
• Mikko Ylinen
• Paul Cacheux
• Paul S. Schweigert
• Vincent Batts
• Yasin Turan
• bin liu
• cosmoer
• dependabot[bot]
• Abirdcfly
• Aditi Sharma
• Aman Sharma
• Anastassios Nanos
• Andrew G. Morgan
• Andrey Klimentyev
• Antti Kervinen
• Aviral Takkar
• Baoshuo
• Benjamin Elder
• Chao Dai
• Chuanying Du
• Claudiu Belu
• Cory Snider
• Danielle Lancashire
• Dat Nguyen
• Davanum Srinivas
• Dave
• David Porter
• Dmitry Shurupov
• Eric Ernst
• Ethan Lowman
• Fabian Hoffman
• Fabian Hoffmann
• Fahed Dorgaa
• Gabriela Cervantes
• Gijs Peskens
• Hamza El-Saawy
• Hsing-Yu (David) Chen
• Ikko Ashimine
• Jeff Widman
• Jeff Zvier
• Jeremi Piotrowski
• Jin Dong
• Jordan Karaze
• Joseph Sheng
• Joyce Brum
• Jukka Rissanen
• Kate
• Kathryn Baldauf
• Kirtana Ashok
• Kohei Tokunaga
• Kyle L Frisbie
• LongtaoZhang
• Manuel Alejandro de Brito Fontes
• Marc Schwind
• Mark Rossetti
• Marvin Giessing
• Mathis Michel
• Merlin Ran
• Nabeel Rana
• Nguyen Phan Huy
• Nikita Rybak
• Nobel Barakat
• Oleg Atamanenko
• Oleg Zhurakivskyy
• Oliver Radwell
• Qasim Sarfraz
• Quan Tian
• Rodrigo Campos
• Roy Yang
• Serge Logvinov
• Shane Jennings
• Shaun Lawrie
• Shinichi Morimoto
• SilverSoldier
• Sophie Liu
• Su Fei
• Taeho Nam
• Takumasa Sakao
• Tiger Kaovilai
• Tom Godkin
• Tomoya.Fujita
• Tony Fang
• Tõnis Tiigi
• Xinlin Ma
• Yakul Garg
• Zhang Tianyang
• Zhongming Chang
• Zhuchen Wang
• austinvazquez
• calvin0327
• cardy.tang
• dabaooline
• guiyong.ou
• huoqifeng
• jianfei.zhang
• ningmingxiao
• shi yixue
• shuaichang
• songjiang han
• wusong
• xiaoyang zhu
• yanghesong
• yaozhenxiu
• zhang he

Changes

1256 commits

• Prepare release notes for v1.7.0-beta.1 (#7793)
  • Prepare release notes for v1.7.0-beta.1
• support fetching containerd from non public GCS buckets (#7771)
  • disable tracing while handling token
  • support fetching containerd from non public GCS buckets
• images: support specifying SourceDateEpoch via ctx (#7651)
  • images: support specifying SourceDateEpoch via ctx
  • epoch: propagate SOURCE_DATE_EPOCH via ctx
• fuzzing: improve archive fuzzer (#7718)
  • fuzzing: improve archive fuzzer
• fix sdNotify func when debug level ([#7798](https://github.com/conta...

containerd 1.6.12

Welcome to the v1.6.12 release of containerd!

The twelfth patch release for containerd 1.6 contains a fix for CVE-2022-23471.

Notable Updates

• Fix goroutine leak during Exec in CRI plugin (GHSA-2qjp-425j-52j9)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Danny Canter
• Phil Estes
• Sebastiaan van Stijn

Changes

5 commits

• Github Security Advisory GHSA-2qjp-425j-52j9
  • Prepare release notes for v1.6.12
  • CRI stream server: Fix goroutine leak in Exec
• [release/1.6] update to go1.18.9 (#7766)
  • [release/1.6] update to go1.18.9

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.6.11

containerd 1.5.16

Welcome to the v1.5.16 release of containerd!

The sixteenth patch release for containerd 1.5 contains a fix for CVE-2022-23471.

Notable Updates

• Fix goroutine leak during Exec in CRI plugin (GHSA-2qjp-425j-52j9)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Danny Canter
• Phil Estes
• Sebastiaan van Stijn

Changes

5 commits

• Github Security Advisory GHSA-2qjp-425j-52j9
  • Prepare release notes for v1.5.16
  • CRI stream server: Fix goroutine leak in Exec
• [release/1.5] update to go1.18.9 (#7767)
  • [release/1.5] update to go1.18.9

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.5.15

containerd 1.6.11

Welcome to the v1.6.11 release of containerd!

The eleventh patch release for containerd 1.6 contains a various fixes and updates.

Notable Updates

• Add pod UID annotation in CRI plugin (#7735)
• Fix nil pointer deference for Windows containers in CRI plugin (#7737)
• Fix lease labels unexpectedly overwriting expiration (#7745)
• Fix for simultaneous diff creation using the same parent snapshot (#7756)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Wei Fu
• Austin Vazquez
• Kirtana Ashok
• Maksym Pavlenko
• Phil Estes
• Qasim Sarfraz
• Sebastiaan van Stijn
• cosmoer

Changes

12 commits

• Prepare release notes for v1.6.11 (#7760)
  • Prepare release notes for v1.6.11
• [release/1.6] fix: support simultaneous create diff for same parent snapshot (#7756)
  • fix: support simultaneous create diff for same parent snapshot
• [release/1.6] cherry-pick: Fix order of operations when setting lease labels (#7745)
  • Fix order of operations when setting lease labels
• [release/1.6] Added nullptr checks to pkg/cri/server and sbserver (#7737)
  • Added nullptr checks to pkg/cri/server and sbserver
• [release/1.6] cri: add pod uid annotation (#7735)
  • cri: add pod uid annotation
• [release/1.6] go.mod: use golang_protobuf_extensions v1.0.4 to prevent incompatible versions (#7723)
  • [release/1.6] go.mod: use golang_protobuf_extensions v1.0.4

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.6.10

containerd 1.5.15

Welcome to the v1.5.15 release of containerd!

The fifteenth patch release for containerd 1.5 includes various fixes including a
fix for a long time issue with CNI resource leakage.

Notable Updates

• Fix CNI leaks by changing pod network setup order in CRI plugin (#7464)
• Fix request retry on push (#7479)
• Fix lease labels unexpectedly overwriting expiration (#7746)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda
• Sebastiaan van Stijn
• Derek McGowan
• Wei Fu
• Phil Estes
• Kazuyoshi Kato
• Hajime Tazaki
• Qiutong Song
• Austin Vazquez
• Samuel Karp
• jonyhy
• Akhil Mohan
• Gabriel Adrian Samfira
• Gavin Inglis
• Tobias Klauser
• Yasin Turan
• rongfu.leng

Changes

34 commits

• Prepare release notes for v1.5.15 (#7759)
  • Prepare release notes for v1.5.15
• [release/1.5] cherry-pick: Fix order of operations when setting lease labels (#7746)
  • Fix order of operations when setting lease labels
• [release/1.5] go.mod: use golang_protobuf_extensions v1.0.4 to prevent incompatible versions (#7722)
  • [release/1.5] go.mod: use golang_protobuf_extensions v1.0.4
• [release/1.5] retry request on writer reset (#7479)
  • fix pusher concurrent close channel
  • retry request on writer reset
• [release/1.5] Setup pod network after creating the sandbox container (#7464)
  • Update container with sandbox metadata after NetNS is created
  • Add integration tests with failpoint
  • Persist container and sandbox if resource cleanup fails, like teardownPodNetwork
• [release/1.5] ctr export strictly match default platform (#7649)
  • ctr export strictly match default platform
• [release/1.5] update to Go 1.18.8 to address CVE-2022-41716 (#7633)
  • [release/1.5] update to Go 1.18.8 to address CVE-2022-41716
• [release/1.5] ctr import: strictly match platform (#7593)
  • ctr import: strictly match platform
• [release/1.5] Upgrade containerd/continuity from v0.1.0 to v0.3.0 (#7555)
  • Upgrade containerd/continuity from v0.1.0 to v0.3.0
• [release/1.5] feat: support import image for specific platform (#7595)
  • fix: wrong flag type
  • feat: support import image for specific platform
• [release/1.5] cherry-pick: Migrate away from GitHub actions set-output (#7583)
  • Migrate away from GitHub actions set-output
• [release/1.5] test: introduce failpoint control to runc-shimv2 and cni (#7578)
  • integration: Add injected failpoint testing for RunPodSandbox
  • integration: simplify CNI-fp and add README.md
  • pkg/failpoint: add FreeBSD link and update pkg doc
  • integration: CNI bridge wrapper with failpoint
  • pkg/failpoint: add DelegatedEval API
  • bin/ctr,integration: new runc-shim with failpoint
  • pkg/failpoint: init failpoint package

Changes from containerd/continuity

56 commits

• go.mod: update dependencies (take 2) (#204)
  • go.mod: update dependencies (take 2)
• Revert "go.mod: update dependencies" (#205)
  • Revert "go.mod: update dependencies"
  • go.mod: update dependencies
  • cmd/continuity: remove FUSE for macOS
• Various small fix-ups (#202)
  • README: update badges and links
  • golangci-lint: replace "golint" with "revive"
  • sysx: remove unused sysx/generate.sh script
  • fs: fix minor linting and gofmt issue
• update authors and mailmap (#201)
  • update authors and mailmap
• move cmd/continuity to its own go module (#200)
  • move cmd/continuity to its own go module
  • remove version package
  • move continuityfs -> cmd/continuity/continuityfs
  • move commands -> cmd/continuity/commands
  • go.mod: update logrus to v1.8.1
• CI: resolve Go path before sudoing ; Remove deprecated io/ioutil (except ioutil.ReadDir) (#198)
  • CI: resolve Go path before sudoing
  • CI: modernize Go setup
  • Remove deprecated io/ioutil (except ioutil.ReadDir)
• fs.CopyDir: support sockets and pipes (#197)
  • fs.CopyDir: support sockets and pipes
• Fix wrapping errors (#196)
  • fs: fix wrapping nil err
  • fmt.Errorf: use %w, not %v to wrap errors
• fs: use syscall.Timespec.Unix (#193)
  • fs: use syscall.Timespec.Unix
• Update CI Go version to 1.17 (#192)
  • Update CI Go version to 1.17
• Build containerd/continuity on multiple Unix OSes (#190)
  • Build containerd/continuity on multiple Unix OSes
• Do not log errors before returning them (#191)
  • Do not log errors before returning them
• Copy Windows file metadata (#188)
  • Copy Windows file metadata
• fix fmt.Errorf("%w", err) on err == nil (#187)
  • fix fmt.Errorf("%w", err) on err == nil
• Remove direct dependency on github.com/pkg/errors (#185)
  • run gofmt with Go 1.17
  • remove direct dependency on github.com/pkg/errors
• Fix darwin issues (#186)
  • update AUTHORS
  • darwin: use utimensat syscall instead of utimes
  • fix darwin usage of du command
• go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125 (#161)
  • go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125
• fs/stat: add FreeBSD, and cleanup some nolint-comments (#184)
  • reformat nolint comments
  • fs/stat: add FreeBSD
• Rename branch from master to main (#182)
  • Rename branch from master to main
• testutil/loopback: print more debug info (#180)
  • testutil/loopback: print more debug info

Dependency Changes

• github.com/Microsoft/go-winio v0.4.17 -> v0.5.2
• github.com/containerd/continuity v0.1.0 -> v0.3.0
• google.golang.org/protobuf v1.27.1 new

Previous release can be found at v1.5.14

containerd 1.6.10

Welcome to the v1.6.10 release of containerd!

The tenth patch release for containerd 1.6 contains various fixes, including a CVE fix for Windows platforms.

Notable Updates

• Always check userxattr for overlay on kernels >= 5.11 (#7646)
• Bump hcsshim to 0.9.5 to fix container shutdown bug on Windows (#7610
• Bump Go version to 1.18.8 to address CVE-2022-41716 (#7634)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda
• Danny Canter
• Kazuyoshi Kato
• Austin Vazquez
• Derek McGowan
• Gavin Inglis
• Kathryn Baldauf
• Kevin Parsons
• Phil Estes
• Sebastiaan van Stijn
• Yasin Turan

Changes

14 commits

• [release/1.6] Prepare release notes for v1.6.10 (#7664)
  • Prepare release notes for v1.6.10
• [release/1.6] overlayutils: Add fastpath for userxattr check (#7646)
  • overlayutils: Add fastpath for userxattr check
• [release/1.6] update to Go 1.18.8 to address CVE-2022-41716 (#7634)
  • [release/1.6] update to Go 1.18.8 to address CVE-2022-41716
• [release/1.6] ctr export strictly match default platform (#7627)
  • ctr export strictly match default platform
• [release/1.6] go.mod: Bump hcsshim to v0.9.5 (#7610)
  • [release/1.6] go.mod: Bump hcsshim to v0.9.5
• [release/1.6] ctr import: strictly match platform (#7594)
  • ctr import: strictly match platform
• [release/1.6] cherry-pick: Migrate away from GitHub actions set-output (#7582)
  • Migrate away from GitHub actions set-output

Dependency Changes

• github.com/Microsoft/hcsshim v0.9.4 -> v0.9.5

Previous release can be found at v1.6.9

containerd 1.7.0-beta.0

Welcome to the v1.7.0-beta.0 release of containerd!
This is a pre-release of containerd

The eighth major release of containerd includes new functionality alongside many improvements. This release is intended to be the last major release of containerd 1.x before 2.0. Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0. This release still adheres to our backwards compability guarantees and users who do not use or enable new functionality should use this release with the same stability expectations. The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality.

This is a beta release and includes some functionality which is not yet complete. While most APIs are finalized before merge, they are subject to change until the official release.

Highlights

Sandbox API (experimental)

The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs. This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients.

• Sandbox API (#6703)
• CRI Sandbox API Implementation (#7228)

Transfer Service (in progress)

• Transfer Service (#7320)

NRI (in progress)

• Extend NRI scope (nri#16)
• Support for updated NRI (#6019)

Platform Support

• Linux containers on FreeBSD (#7000)

Runtime Features

• Add support for CDI device injection (#6654)
• Support for cgroups blockio (#5490)
• Add restart policy for enhanced restart manager (#6744)

Road to 2.0

Refactoring

There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points.

The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independenty. The new sandbox and distribution interfaces provide one example of this, but it also being done for image and network management.

The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc. Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability.

• Remove gogoproto.customtype (#6699)

• Remove enumvalue_customname, goproto_enum_prefix and enum_customname (#6708)

• Remove all gogoproto extensions (#6829)

• Migrate off from github.com/gogo/protobuf (#6841)

• ttrpc streaming (ttrpc#107)

• Add unpack interface for client (#6749)

• Add collectible resources to metadata gc (#6804)

Configuration

Existing CRI configurations will be supported until 2.0. Any functionality split out of CRI will have their configuration migrated to new plugins. Deprecated configuration versions and configurations for deprecated features will be removed in 2.0.

Deprecation

The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include.

• Docker Schema 1 Image Deprecation (#6884)

CRI Updates

• Support image pull progress timeout (#6150)
• Fix CRI plugin to setup pod network after creating the sandbox container (#5904)

Other

• Support shallow content copy by adding reader option to local content reader at (#7414)
• Add NoSameOwner option when unpacking tars (#7386)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Kazuyoshi Kato
• Phil Estes
• Derek McGowan
• Maksym Pavlenko
• Wei Fu
• Akihiro Suda
• Sebastiaan van Stijn
• Samuel Karp
• Mike Brown
• Daniel Canter
• Ye Sijun
• Ed Bartosh
• Stefan Berger
• Paul "TBBle" Hampson
• Gabriel Adrian Samfira
• Nashwan Azhari
• xin.li
• Shengjing Zhu
• Adam Korcz
• Henry Wang
• Justin Terry
• wanglei
• zounengren
• Iceber Gu
• Kevin Parsons
• Brian Goff
• Gavin Inglis
• Michael Crosby
• Qiutong Song
• lengrongfu
• ruiwen-zhao
• Cameron Sparr
• James Jenkins
• Luca Comellini
• Michael Zappa
• Paco Xu
• Tobias Klauser
• pigletfly
• Akhil Mohan
• Amit Barve
• Eng Zer Jun
• Eric Lin
• James Sturtevant
• Jonny Stoten
• Kang.Zhang
• Mikko Ylinen
• Paul S. Schweigert
• Shiming Zhang
• Swagat Bora
• Vincent Batts
• cosmoer
• dependabot[bot]
• yaoyinnan
• Abirdcfly
• Anastassios Nanos
• Andrew G. Morgan
• Andrey Klimentyev
• Antonio Ojea
• Antti Kervinen
• Austin Vazquez
• Baoshuo
• Benjamin Elder
• Chao Dai
• Claudiu Belu
• Cory Snider
• Danielle Lancashire
• Danny Canter
• Dat Nguyen
• Davanum Srinivas
• David Porter
• Dmitry Shurupov
• Eric Ernst
• Ethan Lowman
• Fabian Hoffman
• Fabian Hoffmann
• Fahed Dorgaa
• Gabriela Cervantes
• Gijs Peskens
• Hamza El-Saawy
• Ikko Ashimine
• Jeff Widman
• Jeff Zvier
• Jeremi Piotrowski
• Jordan Karaze
• Joseph Sheng
• Joyce Brum
• Kathryn Baldauf
• Kohei Tokunaga
• Kyle L Frisbie
• Marc Schwind
• Mark Rossetti
• Marvin Giessing
• Nabeel Rana
• Nguyen Phan Huy
• Nobel Barakat
• Oleg Atamanenko
• Oleg Zhurakivskyy
• Oliver Radwell
• Quan Tian
• Rodrigo Campos
• Roy Yang
• Serge Logvinov
• Shane Jennings
• Shaun Lawrie
• Shinichi Morimoto
• SilverSoldier
• Sophie Liu
• Taeho Nam
• Takumasa Sakao
• Tiger Kaovilai
• Tom Godkin
• Tomoya.Fujita
• Tõnis Tiigi
• Xinlin Ma
• Yakul Garg
• Zhongming Chang
• Zhuchen Wang
• austinvazquez
• bin liu
• cardy.tang
• cathaysia
• dabaooline
• guiyong.ou
• jianfei.zhang
• ningmingxiao
• shi yixue
• shuaichang
• songjiang han
• wusong
• xiaoyang zhu
• yanghesong
• zhang he

Changes

950 commits

• Add release notes for v1.7.0-beta.0 (#7575)
  • Add release notes for v1.7.0-beta.0
  • Update mailmap
• Cleanup sandbox interfaces (#7576)
  • Cleanup sandbox interfaces
• Update GitHub actions release workflow set output (#7581)
  • Migrate away from GitHub actions set-output
• Fix LogURI generation-related tests on Windows. (#7569)
  • Fix LogURI generation-related tests on Windows.
• maintenance: Remove WithWindowsNetworkNamespace from pkg/cri (#7577)
  • maintenance: Remove WithWindowsNetworkNamespace from pkg/cri
• CRI: implement Controller.Delete for SandboxAPI (#7457)
  • CRI: implement Controller.Delete for SandboxAPI
• Configure CDI registry only on start (#7419)
  • update go.mod and go.sum
  • improve CDI logging
  • CDI: configure registry on start
  • move WithCDI to pkg/cri/opts
• update codeql-action to v2 (#7568)
  • update codeql-action to v2
• Add logging related metrics to Containerd CRI plugin (#7546)
  • Add logging volume metrics to Containerd CRI plugin
• sys: optimize and refactor MkdirAllWithACL() (#7531)
  • sys: synchronize mkdirall() with latest os.MkDirAll()
  • sys: create SecurityAttribute only once (Windows)
  • sys: update volumePath regex to allow returning earlier
  • sys: compile volume-path regex once, and update GoDoc
• fix install cni script (#7484)
  • fix install cni script
• Update 1.5 release support timeframe (#7560)
  • Update 1.5 release support timeframe
• bump go-fuzz-headers (#7503)
  • bump go-fuzz-headers
• Add long term stable release branches (#7454)
  • Add long term stable release branches
• fix pusher concurrent close channel (#7473)
  • fix pusher concurrent close channel
• Make tests on GitHub less noisy (#7530)
  • Use logtest if possible to clean up logs
  • Separate containerd logs in GitHub Actions' console
  • Upgrade critools from 1.24.1 to 1.25.0
  • Upgrade actions/upload-artifact from v2 to v3
• containerd should not print error log that failed to init a tracing process...

containerd 1.6.9

Welcome to the v1.6.9 release of containerd!

The ninth patch release for containerd 1.6 contains various fixes, reorders the pod setup workflow in the CRI plugin to
prevent CNI resource leaks, and includes a new version of runc.

Notable Updates

• Update oci.WithDefaultUnixDevices(): remove tun/tap from the default devices (#7268)
• Fix CRI: Do not append []string{""} to command to preserve Docker compatibility (#7298)
• Enhance CRI: ContainerStatus to return container resources (#7410)
• Fix OCI resolver to skip TLS verification for localhost (#7438
• Fix createTarFile: make xattr EPERM non-fatal (#7447)
• Fix CRI plugin to setup pod network after creating the sandbox container (#7456)
• Fix OCI pusher to retry request on writer reset (#7461)
• Fix archive to validate digests before use (#7490)
• Migrate from k8s.gcr.io to registry.k8s.io (#7549)
• Fix CRI: PodSandboxStatus should tolerate missing task (#7551)
• Fix io.containerd.runc.v1: Stats() shouldn't assume s.container is non-nil (#7557)
• Enhance CRI plugin to add logging volume metrics (#7571)
• Add support for CAP_BPF and CAP_PERFMON (#7574)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Sebastiaan van Stijn
• Akihiro Suda
• Wei Fu
• Samuel Karp
• Kazuyoshi Kato
• Maksym Pavlenko
• Derek McGowan
• Phil Estes
• Qiutong Song
• ruiwen-zhao
• zounengren
• Akhil Mohan
• Andrey Klimentyev
• Benjamin Elder
• Henry Wang
• Iceber Gu
• Paco Xu
• Sophie Liu
• Ye Sijun
• rongfu.leng

Changes

68 commits

• [release/1.6] Prepare release notes for v1.6.9 (#7573)
  • f1493f665 Prepare release notes for v1.6.9
  • 99578d1fc Update mailmap
• [release/1.6] adding support of CAP_BPF and CAP_PERFMON (#7574)
  • 346412f5a adding support of CAP_BPF and CAP_PERFMON
• [release/1.6] Add logging volume metrics to Containerd CRI plugin (#7571)
  • a956d8415 Add logging volume metrics to Containerd CRI plugin
• [release/1.6] fix pusher concurrent close channel (#7562)
  • 29e2dea50 fix pusher concurrent close channel
• [release/1.6] Stats() shouldn't assume s.container is non-nil (#7557)
  • 8a9d69385 [release/1.6] Stats() shouldn't assume s.container is non-nil
• [release/1.6] cri: PodSandboxStatus should tolerate missing task (#7551)
  • a9adc7938 cri: PodSandboxStatus should tolerate missing task
• [release/1.6] migrate from k8s.gcr.io to registry.k8s.io (#7549)
  • b66eb726a migrate from k8s.gcr.io to registry.k8s.io
• [release/1.6] upgrade containerd/continuity from v0.2.2 to v0.3.0 (#7518)
  • 5b40993a5 [release/1.6] upgrade containerd/continuity from v0.2.2 to v0.3.0
• [release/1.6] Update container with sandbox metadata after NetNS is created (#7505)
  • f2376e659 Update container with sandbox metadata after NetNS is created
• [release/1.6] archive: validate digests before use (#7490)
  • 06f82efef archive: validate digests before use
• [release/1.6] Update go 1.18.7, addresses CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 (#7475)
  • 28324c529 [release/1.6] Update go 1.18.7, addresses CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
  • 0aeeb62cb [release/1.6] update golangci-lint to v1.19.0
  • 7db9d1f76 Fix linter warnings
  • 4dc932e62 [release/1.6] gofmt with go1.19
  • 7b8d679ad [release/1.6] integration: remove use of deprecated io/ioutil
• [release/1.6] retry request on writer reset (#7461)
  • 926b9c72f retry request on writer reset
• [release/1.6] Setup pod network after creating the sandbox container (#7456)
  • b9a35c6af Add integration tests with failpoint
  • 1f29fac48 Persist container and sandbox if resource cleanup fails, like teardownPodNetwork
• [release/1.6] test: introduce failpoint control to runc-shimv2 and cni (#7455)
  • a85709c6c integration: simplify CNI-fp and add README.md
  • d89a8d223 pkg/failpoint: add FreeBSD link and update pkg doc
  • b0ce2965a integration: Add injected failpoint testing for RunPodSandbox
  • a7f956d86 integration: CNI bridge wrapper with failpoint
  • 07c479471 pkg/failpoint: add DelegatedEval API
  • 4a5bc05aa runtime/v2/shim: return if error in load plugin
  • 71ee7de24 bin/ctr,integration: new runc-shim with failpoint
  • 3e2e77849 runtime/v2: manager supports server interceptor
  • cb935bf49 pkg/failpoint: init failpoint package
• [release/1.6] cherry-pick: make xattr EPERM non-fatal in createTarFile (#7447)
  • 2fdfd564c make xattr EPERM non-fatal in createTarFile
• [release/1.6] remotes/docker/config: Skipping TLS verification for localhost (#7438)
  • 89e49609d remotes/docker/config: Skipping TLS verification for localhost
• [release/1.6] .zuul: remove the zull because it is offline (#7427)
  • b720be2ce remove stray .zuul.yaml
  • 6b30bc4b4 .zuul: remove the zuul because it is offline
• [release/1.6] cherry-pick: Set grpc code for unimplemented cri-api methods (#7421)
  • 0f7e258ee Set grpc code for unimplemented cri-api methods
• [release/1.6] cherry-pick: ContainerStatus to return container resources (#7410)
  • [fb753e5cd](https://github.com/contain...

containerd 1.5.14

Welcome to the v1.5.14 release of containerd!

The fourteenth patch release for containerd 1.5 includes various fixes and updates
along with an updated version of runc.

Notable Updates

• Fix WWW-Authenticate parsing to allow empty quoted string (#7132)
• Update oci.WithDefaultUnixDevices(): remove tun/tap from the default devices (#7267)
• Fix createTarFile: make xattr EPERM non-fatal (#7449)
• Fix dockerPusher to handle abort correctly (#7467)
• Migrate from k8s.gcr.io to registry.k8s.io (#7550)
• Fix CRI: PodSandboxStatus should tolerate missing task (#7552)
• Fix io.containerd.runc.v1: Stats() shouldn't assume s.container is non-nil (#7556)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Kazuyoshi Kato
• Sebastiaan van Stijn
• Samuel Karp
• Phil Estes
• Maksym Pavlenko
• Akihiro Suda
• Derek McGowan
• Wei Fu
• Baoshuo
• Benjamin Elder
• Brian Goff
• Daniel Canter
• Gabriel Adrian Samfira
• Iceber Gu
• Kohei Tokunaga
• Mike Brown
• Paco Xu
• Ye Sijun
• rongfu.leng

Changes

56 commits

• [release/1.5] Prepare release notes for 1.5.14 (#7572)
  • ed672fe1c Prepare release notes for 1.5.14
  • 5150b97dd Update mailmap
• [release/1.5] Update go 1.18.7, addresses CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 (#7476)
  • f109930d5 fix install cni script
  • 1fea434b7 [release/1.5] sync gha with release/1.6 branch
  • a6672294a [release/1.5] Update go 1.18.7, addresses CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
  • 1c1045d79 [release/1.5] update golangci-lint to v1.49.0
  • 03d7e8e49 Fix linter warnings
  • e6de4d6ef [release/1.5] gofmt with go1.19
  • 699a1f90e Do not use go get to install executables
  • c24d508c9 update gotestsum to v1.7.0
  • 79f119b43 update gotestsum to current master
  • 4806c2400 Update gotestsum to add timestamps to junit output
• [release/1.5] cri: PodSandboxStatus should tolerate missing task (#7552)
  • 60dec1391 cri: PodSandboxStatus should tolerate missing task
• [release/1.5] Stats() shouldn't assume s.container is non-nil (#7556)
  • 208615ca7 [release/1.5] Stats() shouldn't assume s.container is non-nil
• [release/1.5] migrate from k8s.gcr.io to registry.k8s.io (#7550)
  • a34a30b52 migrate from k8s.gcr.io to registry.k8s.io
• [release/1.5] vendor: golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f (#7515)
  • ac382a74d [release/1.5] vendor: golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f
• [release/1.5] cherry-pick: remotes: fix dockerPusher to handle abort correctly (#7467)
  • 2fe813d36 remotes: fix dockerPusher to handle abort correctly
• [release/1.5] cherry-pick: make xattr EPERM non-fatal in createTarFile (#7449)
  • f94332ee5 make xattr EPERM non-fatal in createTarFile
• [release/1.5] .zuul: remove the zuul because it is offline (#7428)
  • 0e11ab933 remove stray .zuul.yaml
  • 83ea10446 .zuul: remove the zuul because it is offline
• [release/1.5 backport] update runc binary to v1.1.4 (#7332)
  • 4593d187a update runc binary to v1.1.4
• [release/1.5] ci: remove GOPROXY environment variable due to https://github.com/go-… (#7300)
  • d3d97cce3 ci: remove GOPROXY environment variable due to go-yaml/yaml#887
• [release 1.5 backport] Fix cleanup in critest (#7275)
  • c2ace6ebc Fix cleanup in critest
• [release/1.5 backport] oci: WithDefaultUnixDevices(): remove tun/tap from the default devices (#7267)
  • 9bdd52b3a oci: WithDefaultUnixDevices(): remove tun/tap from the default devices
• [release/1.5] release workflow: increase timeout to 30 minutes (#7262)
  • 401af14ea release workflow: increase timeout to 30 minutes
• [release/1.5] backport: update GitHub Actions runners to macos-12 (#7248)
  • 792ead0cf Update Vagrant CI to macos-12
  • 07e037f09 chore: bump macos runner version
• [release/1.5] gha: make release workflow work in forks (#7239)
  • 7e7eb6793 gha: make release workflow work in forks
• [release/1.5] Update golang to 1.17.13 (#7245)
  • 9a116ee4f Update golang to 1.17.13
• [release/1.5] update golang to 1.17.12 (#7161)
  • e91e39347 [release/1.5] update golang to 1.17.12
• [release/1.5] Downgrade MinGW to version 10.2.0 (#7134)
  • 46933650b [release/1.5] Downgrade MinGW to version 10.2.0
• [release/1.5] Fix WWW-Authenticate parsing (#7132)
  • 8ae864ae9 [release/1.5] Fix WWW-Authenticate parsing
• [release/1.5] ctr: fix label args used in NewContainer (#7071)
  • febb0e82d ctr: fix label args used in NewContainer
• [release/1.5] update runc binary to v1.1.3 (#7035)
  • e549139d3 update runc binary to v1.1.3

Dependency Changes

• golang.org/x/sys 33da011f77ad -> 8c9f86f7a55f

Previous release can be found at v1.5.13

containerd 1.6.8

Welcome to the v1.6.8 release of containerd!

The eighth patch release for containerd 1.6 fixes a regression in the release
build binaries which limited the environments they could be run in.

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda
• Derek McGowan
• Samuel Karp
• Phil Estes

Changes

7 commits

• [release/1.6] Prepare release notes for v1.6.8 (#7263)
  • 3364f411e Prepare release notes for v1.6.8
• [release/1.6] release workflow: increase timeout to 30 minutes & remove Go setup action (#7261)
  • 390920429 release workflow: remove Go setup action
  • cf48ba6e8 release workflow: increase timeout to 30 minutes
• [release/1.6] release: rollback Ubuntu to 18.04 (except for riscv64) (#7260)
  • 57873e652 release: rollback Ubuntu to 18.04 (except for riscv64)

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.6.7