Skip to content

Releases: containerd/containerd

containerd 1.5.15

06 Dec 18:49
@github-actions github-actions
v1.5.15
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
99a380d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.5.15

Welcome to the v1.5.15 release of containerd!

The fifteenth patch release for containerd 1.5 includes various fixes including a
fix for a long time issue with CNI resource leakage.

Notable Updates

  • Fix CNI leaks by changing pod network setup order in CRI plugin (#7464)
  • Fix request retry on push (#7479)
  • Fix lease labels unexpectedly overwriting expiration (#7746)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Akihiro Suda
  • Sebastiaan van Stijn
  • Derek McGowan
  • Wei Fu
  • Phil Estes
  • Kazuyoshi Kato
  • Hajime Tazaki
  • Qiutong Song
  • Austin Vazquez
  • Samuel Karp
  • jonyhy
  • Akhil Mohan
  • Gabriel Adrian Samfira
  • Gavin Inglis
  • Tobias Klauser
  • Yasin Turan
  • rongfu.leng

Changes

34 commits

  • Prepare release notes for v1.5.15 (#7759)
    • Prepare release notes for v1.5.15
  • [release/1.5] cherry-pick: Fix order of operations when setting lease labels (#7746)
    • Fix order of operations when setting lease labels
  • [release/1.5] go.mod: use golang_protobuf_extensions v1.0.4 to prevent incompatible versions (#7722)
    • [release/1.5] go.mod: use golang_protobuf_extensions v1.0.4
  • [release/1.5] retry request on writer reset (#7479)
    • fix pusher concurrent close channel
    • retry request on writer reset
  • [release/1.5] Setup pod network after creating the sandbox container (#7464)
    • Update container with sandbox metadata after NetNS is created
    • Add integration tests with failpoint
    • Persist container and sandbox if resource cleanup fails, like teardownPodNetwork
  • [release/1.5] ctr export strictly match default platform (#7649)
    • ctr export strictly match default platform
  • [release/1.5] update to Go 1.18.8 to address CVE-2022-41716 (#7633)
  • [release/1.5] ctr import: strictly match platform (#7593)
    • ctr import: strictly match platform
  • [release/1.5] Upgrade containerd/continuity from v0.1.0 to v0.3.0 (#7555)
    • Upgrade containerd/continuity from v0.1.0 to v0.3.0
  • [release/1.5] feat: support import image for specific platform (#7595)
    • fix: wrong flag type
    • feat: support import image for specific platform
  • [release/1.5] cherry-pick: Migrate away from GitHub actions set-output (#7583)
    • Migrate away from GitHub actions set-output
  • [release/1.5] test: introduce failpoint control to runc-shimv2 and cni (#7578)
    • integration: Add injected failpoint testing for RunPodSandbox
    • integration: simplify CNI-fp and add README.md
    • pkg/failpoint: add FreeBSD link and update pkg doc
    • integration: CNI bridge wrapper with failpoint
    • pkg/failpoint: add DelegatedEval API
    • bin/ctr,integration: new runc-shim with failpoint
    • pkg/failpoint: init failpoint package

Changes from containerd/continuity

56 commits

  • go.mod: update dependencies (take 2) (#204)
    • go.mod: update dependencies (take 2)
  • Revert "go.mod: update dependencies" (#205)
    • Revert "go.mod: update dependencies"
    • go.mod: update dependencies
    • cmd/continuity: remove FUSE for macOS
  • Various small fix-ups (#202)
    • README: update badges and links
    • golangci-lint: replace "golint" with "revive"
    • sysx: remove unused sysx/generate.sh script
    • fs: fix minor linting and gofmt issue
  • update authors and mailmap (#201)
    • update authors and mailmap
  • move cmd/continuity to its own go module (#200)
    • move cmd/continuity to its own go module
    • remove version package
    • move continuityfs -> cmd/continuity/continuityfs
    • move commands -> cmd/continuity/commands
    • go.mod: update logrus to v1.8.1
  • CI: resolve Go path before sudoing ; Remove deprecated io/ioutil (except ioutil.ReadDir) (#198)
    • CI: resolve Go path before sudoing
    • CI: modernize Go setup
    • Remove deprecated io/ioutil (except ioutil.ReadDir)
  • fs.CopyDir: support sockets and pipes (#197)
    • fs.CopyDir: support sockets and pipes
  • Fix wrapping errors (#196)
    • fs: fix wrapping nil err
    • fmt.Errorf: use %w, not %v to wrap errors
  • fs: use syscall.Timespec.Unix (#193)
    • fs: use syscall.Timespec.Unix
  • Update CI Go version to 1.17 (#192)
    • Update CI Go version to 1.17
  • Build containerd/continuity on multiple Unix OSes (#190)
    • Build containerd/continuity on multiple Unix OSes
  • Do not log errors before returning them (#191)
    • Do not log errors before returning them
  • Copy Windows file metadata (#188)
    • Copy Windows file metadata
  • fix fmt.Errorf("%w", err) on err == nil (#187)
    • fix fmt.Errorf("%w", err) on err == nil
  • Remove direct dependency on github.com/pkg/errors (#185)
    • run gofmt with Go 1.17
    • remove direct dependency on github.com/pkg/errors
  • Fix darwin issues (#186)
    • update AUTHORS
    • darwin: use utimensat syscall instead of utimes
    • fix darwin usage of du command
  • go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125 (#161)
    • go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125
  • fs/stat: add FreeBSD, and cleanup some nolint-comments (#184)
    • reformat nolint comments
    • fs/stat: add FreeBSD
  • Rename branch from master to main (#182)
    • Rename branch from master to main
  • testutil/loopback: print more debug info (#180)
    • testutil/loopback: print more debug info

Dependency Changes

  • github.com/Microsoft/go-winio v0.4.17 -> v0.5.2
  • github.com/containerd/continuity v0.1.0 -> v0.3.0
  • google.golang.org/protobuf v1.27.1 new

Previous release can be found at v1.5.14

Assets 10

containerd 1.6.10

14 Nov 18:36
@github-actions github-actions
v1.6.10
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
770bd01
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.6.10

Welcome to the v1.6.10 release of containerd!

The tenth patch release for containerd 1.6 contains various fixes, including a CVE fix for Windows platforms.

Notable Updates

  • Always check userxattr for overlay on kernels >= 5.11 (#7646)
  • Bump hcsshim to 0.9.5 to fix container shutdown bug on Windows (#7610
  • Bump Go version to 1.18.8 to address CVE-2022-41716 (#7634)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Akihiro Suda
  • Danny Canter
  • Kazuyoshi Kato
  • Austin Vazquez
  • Derek McGowan
  • Gavin Inglis
  • Kathryn Baldauf
  • Kevin Parsons
  • Phil Estes
  • Sebastiaan van Stijn
  • Yasin Turan

Changes

14 commits

  • [release/1.6] Prepare release notes for v1.6.10 (#7664)
    • Prepare release notes for v1.6.10
  • [release/1.6] overlayutils: Add fastpath for userxattr check (#7646)
    • overlayutils: Add fastpath for userxattr check
  • [release/1.6] update to Go 1.18.8 to address CVE-2022-41716 (#7634)
  • [release/1.6] ctr export strictly match default platform (#7627)
    • ctr export strictly match default platform
  • [release/1.6] go.mod: Bump hcsshim to v0.9.5 (#7610)
    • [release/1.6] go.mod: Bump hcsshim to v0.9.5
  • [release/1.6] ctr import: strictly match platform (#7594)
    • ctr import: strictly match platform
  • [release/1.6] cherry-pick: Migrate away from GitHub actions set-output (#7582)
    • Migrate away from GitHub actions set-output

Dependency Changes

  • github.com/Microsoft/hcsshim v0.9.4 -> v0.9.5

Previous release can be found at v1.6.9

Assets 32

containerd 1.7.0-beta.0

25 Oct 23:43
@github-actions github-actions
v1.7.0-beta.0
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
d878d7d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.7.0-beta.0 Pre-release
Pre-release

Welcome to the v1.7.0-beta.0 release of containerd!
This is a pre-release of containerd

The eighth major release of containerd includes new functionality alongside many improvements. This release is intended to be the last major release of containerd 1.x before 2.0. Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0. This release still adheres to our backwards compability guarantees and users who do not use or enable new functionality should use this release with the same stability expectations. The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality.

This is a beta release and includes some functionality which is not yet complete. While most APIs are finalized before merge, they are subject to change until the official release.

Highlights

Sandbox API (experimental)

The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs. This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients.

  • Sandbox API (#6703)
  • CRI Sandbox API Implementation (#7228)

Transfer Service (in progress)

  • Transfer Service (#7320)

NRI (in progress)

  • Extend NRI scope (nri#16)
  • Support for updated NRI (#6019)

Platform Support

  • Linux containers on FreeBSD (#7000)

Runtime Features

  • Add support for CDI device injection (#6654)
  • Support for cgroups blockio (#5490)
  • Add restart policy for enhanced restart manager (#6744)

Road to 2.0

Refactoring

There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points.

The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independenty. The new sandbox and distribution interfaces provide one example of this, but it also being done for image and network management.

The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc. Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability.

  • Remove gogoproto.customtype (#6699)

  • Remove enumvalue_customname, goproto_enum_prefix and enum_customname (#6708)

  • Remove all gogoproto extensions (#6829)

  • Migrate off from github.com/gogo/protobuf (#6841)

  • ttrpc streaming (ttrpc#107)

  • Add unpack interface for client (#6749)

  • Add collectible resources to metadata gc (#6804)

Configuration

Existing CRI configurations will be supported until 2.0. Any functionality split out of CRI will have their configuration migrated to new plugins. Deprecated configuration versions and configurations for deprecated features will be removed in 2.0.

Deprecation

The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include.

  • Docker Schema 1 Image Deprecation (#6884)

CRI Updates

  • Support image pull progress timeout (#6150)
  • Fix CRI plugin to setup pod network after creating the sandbox container (#5904)

Other

  • Support shallow content copy by adding reader option to local content reader at (#7414)
  • Add NoSameOwner option when unpacking tars (#7386)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Kazuyoshi Kato
  • Phil Estes
  • Derek McGowan
  • Maksym Pavlenko
  • Wei Fu
  • Akihiro Suda
  • Sebastiaan van Stijn
  • Samuel Karp
  • Mike Brown
  • Daniel Canter
  • Ye Sijun
  • Ed Bartosh
  • Stefan Berger
  • Paul "TBBle" Hampson
  • Gabriel Adrian Samfira
  • Nashwan Azhari
  • xin.li
  • Shengjing Zhu
  • Adam Korcz
  • Henry Wang
  • Justin Terry
  • wanglei
  • zounengren
  • Iceber Gu
  • Kevin Parsons
  • Brian Goff
  • Gavin Inglis
  • Michael Crosby
  • Qiutong Song
  • lengrongfu
  • ruiwen-zhao
  • Cameron Sparr
  • James Jenkins
  • Luca Comellini
  • Michael Zappa
  • Paco Xu
  • Tobias Klauser
  • pigletfly
  • Akhil Mohan
  • Amit Barve
  • Eng Zer Jun
  • Eric Lin
  • James Sturtevant
  • Jonny Stoten
  • Kang.Zhang
  • Mikko Ylinen
  • Paul S. Schweigert
  • Shiming Zhang
  • Swagat Bora
  • Vincent Batts
  • cosmoer
  • dependabot[bot]
  • yaoyinnan
  • Abirdcfly
  • Anastassios Nanos
  • Andrew G. Morgan
  • Andrey Klimentyev
  • Antonio Ojea
  • Antti Kervinen
  • Austin Vazquez
  • Baoshuo
  • Benjamin Elder
  • Chao Dai
  • Claudiu Belu
  • Cory Snider
  • Danielle Lancashire
  • Danny Canter
  • Dat Nguyen
  • Davanum Srinivas
  • David Porter
  • Dmitry Shurupov
  • Eric Ernst
  • Ethan Lowman
  • Fabian Hoffman
  • Fabian Hoffmann
  • Fahed Dorgaa
  • Gabriela Cervantes
  • Gijs Peskens
  • Hamza El-Saawy
  • Ikko Ashimine
  • Jeff Widman
  • Jeff Zvier
  • Jeremi Piotrowski
  • Jordan Karaze
  • Joseph Sheng
  • Joyce Brum
  • Kathryn Baldauf
  • Kohei Tokunaga
  • Kyle L Frisbie
  • Marc Schwind
  • Mark Rossetti
  • Marvin Giessing
  • Nabeel Rana
  • Nguyen Phan Huy
  • Nobel Barakat
  • Oleg Atamanenko
  • Oleg Zhurakivskyy
  • Oliver Radwell
  • Quan Tian
  • Rodrigo Campos
  • Roy Yang
  • Serge Logvinov
  • Shane Jennings
  • Shaun Lawrie
  • Shinichi Morimoto
  • SilverSoldier
  • Sophie Liu
  • Taeho Nam
  • Takumasa Sakao
  • Tiger Kaovilai
  • Tom Godkin
  • Tomoya.Fujita
  • Tõnis Tiigi
  • Xinlin Ma
  • Yakul Garg
  • Zhongming Chang
  • Zhuchen Wang
  • austinvazquez
  • bin liu
  • cardy.tang
  • cathaysia
  • dabaooline
  • guiyong.ou
  • jianfei.zhang
  • ningmingxiao
  • shi yixue
  • shuaichang
  • songjiang han
  • wusong
  • xiaoyang zhu
  • yanghesong
  • zhang he

Changes

950 commits

  • Add release notes for v1.7.0-beta.0 (#7575)
    • Add release notes for v1.7.0-beta.0
    • Update mailmap
  • Cleanup sandbox interfaces (#7576)
    • Cleanup sandbox interfaces
  • Update GitHub actions release workflow set output (#7581)
    • Migrate away from GitHub actions set-output
  • Fix LogURI generation-related tests on Windows. (#7569)
    • Fix LogURI generation-related tests on Windows.
  • maintenance: Remove WithWindowsNetworkNamespace from pkg/cri (#7577)
    • maintenance: Remove WithWindowsNetworkNamespace from pkg/cri
  • CRI: implement Controller.Delete for SandboxAPI (#7457)
    • CRI: implement Controller.Delete for SandboxAPI
  • Configure CDI registry only on start (#7419)
    • update go.mod and go.sum
    • improve CDI logging
    • CDI: configure registry on start
    • move WithCDI to pkg/cri/opts
  • update codeql-action to v2 (#7568)
    • update codeql-action to v2
  • Add logging related metrics to Containerd CRI plugin (#7546)
    • Add logging volume metrics to Containerd CRI plugin
  • sys: optimize and refactor MkdirAllWithACL() (#7531)
    • sys: synchronize mkdirall() with latest os.MkDirAll()
    • sys: create SecurityAttribute only once (Windows)
    • sys: update volumePath regex to allow returning earlier
    • sys: compile volume-path regex once, and update GoDoc
  • fix install cni script (#7484)
    • fix install cni script
  • Update 1.5 release support timeframe (#7560)
    • Update 1.5 release support timeframe
  • bump go-fuzz-headers (#7503)
    • bump go-fuzz-headers
  • Add long term stable release branches (#7454)
    • Add long term stable release branches
  • fix pusher concurrent close channel (#7473)
    • fix pusher concurrent close channel
  • Make tests on GitHub less noisy (#7530)
    • Use logtest if possible to clean up logs
    • Separate containerd logs in GitHub Actions' console
    • Upgrade critools from 1.24.1 to 1.25.0
    • Upgrade actions/upload-artifact from v2 to v3
  • containerd should not print error log that failed to init a tracing process...
Read more
Assets 32

containerd 1.6.9

24 Oct 17:46
@github-actions github-actions
v1.6.9
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
1c90a44
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.6.9

Welcome to the v1.6.9 release of containerd!

The ninth patch release for containerd 1.6 contains various fixes, reorders the pod setup workflow in the CRI plugin to
prevent CNI resource leaks, and includes a new version of runc.

Notable Updates

  • Update oci.WithDefaultUnixDevices(): remove tun/tap from the default devices (#7268)
  • Fix CRI: Do not append []string{""} to command to preserve Docker compatibility (#7298)
  • Enhance CRI: ContainerStatus to return container resources (#7410)
  • Fix OCI resolver to skip TLS verification for localhost (#7438
  • Fix createTarFile: make xattr EPERM non-fatal (#7447)
  • Fix CRI plugin to setup pod network after creating the sandbox container (#7456)
  • Fix OCI pusher to retry request on writer reset (#7461)
  • Fix archive to validate digests before use (#7490)
  • Migrate from k8s.gcr.io to registry.k8s.io (#7549)
  • Fix CRI: PodSandboxStatus should tolerate missing task (#7551)
  • Fix io.containerd.runc.v1: Stats() shouldn't assume s.container is non-nil (#7557)
  • Enhance CRI plugin to add logging volume metrics (#7571)
  • Add support for CAP_BPF and CAP_PERFMON (#7574)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Sebastiaan van Stijn
  • Akihiro Suda
  • Wei Fu
  • Samuel Karp
  • Kazuyoshi Kato
  • Maksym Pavlenko
  • Derek McGowan
  • Phil Estes
  • Qiutong Song
  • ruiwen-zhao
  • zounengren
  • Akhil Mohan
  • Andrey Klimentyev
  • Benjamin Elder
  • Henry Wang
  • Iceber Gu
  • Paco Xu
  • Sophie Liu
  • Ye Sijun
  • rongfu.leng

Changes

68 commits

  • [release/1.6] Prepare release notes for v1.6.9 (#7573)
  • [release/1.6] adding support of CAP_BPF and CAP_PERFMON (#7574)
    • 346412f5a adding support of CAP_BPF and CAP_PERFMON
  • [release/1.6] Add logging volume metrics to Containerd CRI plugin (#7571)
    • a956d8415 Add logging volume metrics to Containerd CRI plugin
  • [release/1.6] fix pusher concurrent close channel (#7562)
    • 29e2dea50 fix pusher concurrent close channel
  • [release/1.6] Stats() shouldn't assume s.container is non-nil (#7557)
    • 8a9d69385 [release/1.6] Stats() shouldn't assume s.container is non-nil
  • [release/1.6] cri: PodSandboxStatus should tolerate missing task (#7551)
    • a9adc7938 cri: PodSandboxStatus should tolerate missing task
  • [release/1.6] migrate from k8s.gcr.io to registry.k8s.io (#7549)
    • b66eb726a migrate from k8s.gcr.io to registry.k8s.io
  • [release/1.6] upgrade containerd/continuity from v0.2.2 to v0.3.0 (#7518)
    • 5b40993a5 [release/1.6] upgrade containerd/continuity from v0.2.2 to v0.3.0
  • [release/1.6] Update container with sandbox metadata after NetNS is created (#7505)
    • f2376e659 Update container with sandbox metadata after NetNS is created
  • [release/1.6] archive: validate digests before use (#7490)
    • 06f82efef archive: validate digests before use
  • [release/1.6] Update go 1.18.7, addresses CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 (#7475)
  • [release/1.6] retry request on writer reset (#7461)
  • [release/1.6] Setup pod network after creating the sandbox container (#7456)
    • b9a35c6af Add integration tests with failpoint
    • 1f29fac48 Persist container and sandbox if resource cleanup fails, like teardownPodNetwork
  • [release/1.6] test: introduce failpoint control to runc-shimv2 and cni (#7455)
    • a85709c6c integration: simplify CNI-fp and add README.md
    • d89a8d223 pkg/failpoint: add FreeBSD link and update pkg doc
    • b0ce2965a integration: Add injected failpoint testing for RunPodSandbox
    • a7f956d86 integration: CNI bridge wrapper with failpoint
    • 07c479471 pkg/failpoint: add DelegatedEval API
    • 4a5bc05aa runtime/v2/shim: return if error in load plugin
    • 71ee7de24 bin/ctr,integration: new runc-shim with failpoint
    • 3e2e77849 runtime/v2: manager supports server interceptor
    • cb935bf49 pkg/failpoint: init failpoint package
  • [release/1.6] cherry-pick: make xattr EPERM non-fatal in createTarFile (#7447)
    • 2fdfd564c make xattr EPERM non-fatal in createTarFile
  • [release/1.6] remotes/docker/config: Skipping TLS verification for localhost (#7438)
    • 89e49609d remotes/docker/config: Skipping TLS verification for localhost
  • [release/1.6] .zuul: remove the zull because it is offline (#7427)
    • b720be2ce remove stray .zuul.yaml
    • 6b30bc4b4 .zuul: remove the zuul because it is offline
  • [release/1.6] cherry-pick: Set grpc code for unimplemented cri-api methods (#7421)
    • 0f7e258ee Set grpc code for unimplemented cri-api methods
  • [release/1.6] cherry-pick: ContainerStatus to return container resources (#7410)
Read more
Assets 32

containerd 1.5.14

24 Oct 16:19
@github-actions github-actions
v1.5.14
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
b84d0b1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.5.14

Welcome to the v1.5.14 release of containerd!

The fourteenth patch release for containerd 1.5 includes various fixes and updates
along with an updated version of runc.

Notable Updates

  • Fix WWW-Authenticate parsing to allow empty quoted string (#7132)
  • Update oci.WithDefaultUnixDevices(): remove tun/tap from the default devices (#7267)
  • Fix createTarFile: make xattr EPERM non-fatal (#7449)
  • Fix dockerPusher to handle abort correctly (#7467)
  • Migrate from k8s.gcr.io to registry.k8s.io (#7550)
  • Fix CRI: PodSandboxStatus should tolerate missing task (#7552)
  • Fix io.containerd.runc.v1: Stats() shouldn't assume s.container is non-nil (#7556)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Kazuyoshi Kato
  • Sebastiaan van Stijn
  • Samuel Karp
  • Phil Estes
  • Maksym Pavlenko
  • Akihiro Suda
  • Derek McGowan
  • Wei Fu
  • Baoshuo
  • Benjamin Elder
  • Brian Goff
  • Daniel Canter
  • Gabriel Adrian Samfira
  • Iceber Gu
  • Kohei Tokunaga
  • Mike Brown
  • Paco Xu
  • Ye Sijun
  • rongfu.leng

Changes

56 commits

  • [release/1.5] Prepare release notes for 1.5.14 (#7572)
  • [release/1.5] Update go 1.18.7, addresses CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 (#7476)
  • [release/1.5] cri: PodSandboxStatus should tolerate missing task (#7552)
    • 60dec1391 cri: PodSandboxStatus should tolerate missing task
  • [release/1.5] Stats() shouldn't assume s.container is non-nil (#7556)
    • 208615ca7 [release/1.5] Stats() shouldn't assume s.container is non-nil
  • [release/1.5] migrate from k8s.gcr.io to registry.k8s.io (#7550)
    • a34a30b52 migrate from k8s.gcr.io to registry.k8s.io
  • [release/1.5] vendor: golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f (#7515)
    • ac382a74d [release/1.5] vendor: golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f
  • [release/1.5] cherry-pick: remotes: fix dockerPusher to handle abort correctly (#7467)
    • 2fe813d36 remotes: fix dockerPusher to handle abort correctly
  • [release/1.5] cherry-pick: make xattr EPERM non-fatal in createTarFile (#7449)
    • f94332ee5 make xattr EPERM non-fatal in createTarFile
  • [release/1.5] .zuul: remove the zuul because it is offline (#7428)
    • 0e11ab933 remove stray .zuul.yaml
    • 83ea10446 .zuul: remove the zuul because it is offline
  • [release/1.5 backport] update runc binary to v1.1.4 (#7332)
  • [release/1.5] ci: remove GOPROXY environment variable due to https://github.com/go-… (#7300)
  • [release 1.5 backport] Fix cleanup in critest (#7275)
  • [release/1.5 backport] oci: WithDefaultUnixDevices(): remove tun/tap from the default devices (#7267)
    • 9bdd52b3a oci: WithDefaultUnixDevices(): remove tun/tap from the default devices
  • [release/1.5] release workflow: increase timeout to 30 minutes (#7262)
    • 401af14ea release workflow: increase timeout to 30 minutes
  • [release/1.5] backport: update GitHub Actions runners to macos-12 (#7248)
  • [release/1.5] gha: make release workflow work in forks (#7239)
    • 7e7eb6793 gha: make release workflow work in forks
  • [release/1.5] Update golang to 1.17.13 (#7245)
  • [release/1.5] update golang to 1.17.12 (#7161)
    • e91e39347 [release/1.5] update golang to 1.17.12
  • [release/1.5] Downgrade MinGW to version 10.2.0 (#7134)
    • 46933650b [release/1.5] Downgrade MinGW to version 10.2.0
  • [release/1.5] Fix WWW-Authenticate parsing (#7132)
    • 8ae864ae9 [release/1.5] Fix WWW-Authenticate parsing
  • [release/1.5] ctr: fix label args used in NewContainer (#7071)
    • febb0e82d ctr: fix label args used in NewContainer
  • [release/1.5] update runc binary to v1.1.3 (#7035)

Dependency Changes

  • golang.org/x/sys 33da011f77ad -> 8c9f86f7a55f

Previous release can be found at v1.5.13

Assets 10

containerd 1.6.8

08 Aug 17:27
@github-actions github-actions
v1.6.8
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
9cd3357
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.6.8

Welcome to the v1.6.8 release of containerd!

The eighth patch release for containerd 1.6 fixes a regression in the release
build binaries which limited the environments they could be run in.

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Akihiro Suda
  • Derek McGowan
  • Samuel Karp
  • Phil Estes

Changes

7 commits

  • [release/1.6] Prepare release notes for v1.6.8 (#7263)
  • [release/1.6] release workflow: increase timeout to 30 minutes & remove Go setup action (#7261)
    • 390920429 release workflow: remove Go setup action
    • cf48ba6e8 release workflow: increase timeout to 30 minutes
  • [release/1.6] release: rollback Ubuntu to 18.04 (except for riscv64) (#7260)
    • 57873e652 release: rollback Ubuntu to 18.04 (except for riscv64)

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.6.7

Assets 32

containerd 1.6.7

04 Aug 22:22
@github-actions github-actions
v1.6.7
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
0197261
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.6.7

Welcome to the v1.6.7 release of containerd!

The seventh patch release for containerd 1.6 contains various fixes,
includes a new version of runc and adds support for ppc64le and riscv64
(requires unreleased runc 1.2) builds.

Notable Updates

  • Update runc to v1.1.3 (#7036)
  • Seccomp: Allow clock_settime64 with CAP_SYS_TIME (#7172)
  • Fix WWW-Authenticate parsing (#7131)
  • Support RISC-V 64 and ppc64le builds (#7170)
  • Windows: Update hcsshim to v0.9.4 to fix regression with HostProcess stats (#7200)
  • Windows: Fix shim logs going to panic.log file (#7242)
  • Allow ptrace(2) by default for kernels >= 4.8 (#7171)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Phil Estes
  • Daniel Canter
  • Derek McGowan
  • Akihiro Suda
  • Kazuyoshi Kato
  • Mike Brown
  • Sebastiaan van Stijn
  • Wei Fu
  • Baoshuo
  • Gabriel Adrian Samfira
  • Henry Wang
  • Iceber Gu
  • Marvin Giessing

Changes

40 commits

  • [release/1.6] Update release build timeout (#7250)
    • eccb82f6d Update release build timeout to 20 minutes
  • Prepare releases notes for 1.6.7 (#7225)
  • [release/1.6] Update golang to 1.17.13 (#7244)
  • [release/1.6] Backport: Change os.Stderr reassign for Windows service (#7242)
    • 0578d20c5 Change os.Stderr reassign for Windows service
  • [release/1.6] Backport: bump macos runner version (#7230)
  • [release/1.6] Backport Windows HostProcess test improvements (#7227)
    • cb73bd050 Windows HostProcess container CRI stats test
    • ac388525a Add validations for Windows HostProcess CRI configs
  • [release/1.6] go.mod: Bump hcsshim to v0.9.4 (#7200)
    • 0007f40fe [release/1.6] go.mod: Bump hcsshim to v0.9.4
  • [release/1.6] Update Fedora version to 36 (#7217)
  • [release/1.6] Support RISC-V 64 (#7170)
  • [release/1.6] allow ptrace(2) by default for kernel >= 4.8 (#7171)
    • f3da3e51f allow ptrace(2) by default for kernel >= 4.8
  • [release/1.6] seccomp: allow clock_settime64 when CAP_SYS_TIME is added (#7172)
    • 86b55bd8d seccomp: allow clock_settime64 when CAP_SYS_TIME is added
  • [release/1.6] update golang to 1.17.12 (#7160)
    • aa1101068 [release/1.6] update golang to 1.17.12
  • [release/1.6] Fix WWW-Authenticate parsing (#7131)
    • 37dfc5c9d [release/1.6] Fix WWW-Authenticate parsing
  • [release/1.6] Downgrade MinGW to version 10.2.0 (#7133)
    • fa2016d58 [release/1.6] Downgrade MinGW to version 10.2.0
  • [release/1.6] ctr: fix label args used in NewContainer (#7051)
    • 99c56d217 ctr: fix label args used in NewContainer
  • [release/1.6] Make building static binaries simpler (#7045)
    • 51de785f8 [release/1.6] Make building static binaries simpler
  • [release/1.6] update runc binary to v1.1.3 (#7036)

Dependency Changes

  • github.com/Microsoft/hcsshim v0.9.3 -> v0.9.4

Previous release can be found at v1.6.6

Assets 32

containerd 1.6.6

06 Jun 17:39
@github-actions github-actions
v1.6.6
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
10c1295
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.6.6

Welcome to the v1.6.6 release of containerd!

The sixth patch release for containerd 1.6 includes a fix for
CVE-2022-31030.

Notable Updates

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Kazuyoshi Kato

Changes

4 commits

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.6.5

Assets 20

containerd 1.5.13

06 Jun 17:27
@github-actions github-actions
v1.5.13
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
a17ec49
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.5.13

Welcome to the v1.5.13 release of containerd!

The thirteenth patch release for containerd 1.5 includes a fix for
CVE-2022-31030.

Notable Updates

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Kazuyoshi Kato

Changes

4 commits

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.5.12

Assets 10

containerd 1.6.5

03 Jun 23:03
@github-actions github-actions
v1.6.5
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
96df099
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.6.5

Welcome to the v1.6.5 release of containerd!

The fifth patch release for containerd 1.6 includes a few fixes and updated
version of runc.

Notable Updates

  • Fix for older CNI plugins not reporting version (#7011)
  • Fix mount path handling for CRI plugin on Windows (#6929)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Mike Brown
  • Sebastiaan van Stijn
  • Kazuyoshi Kato
  • Phil Estes
  • Wei Fu
  • Akihiro Suda
  • Derek McGowan
  • Paul S. Schweigert
  • Amit Barve
  • Daniel Canter
  • Kevin Parsons
  • Marc Schwind

Changes

26 commits

  • Prepare release notes for v1.6.5 (#7021)
  • [release/1.6] update golang to 1.17.11 (#7013)
    • 5c9c83d3e [release/1.6] update golang to 1.17.11
  • [release/1.6] update go-cni/for cni update fixing plugins that don't respond with version (#7011)
    • fdcdc27bc update go-cni/for cni update fixing plugins that don't respond with version
  • [release/1.6] archive: add human-readable hint to Lchown error (#6985)
    • e33b9e709 archive: add human-readable hint to Lchown error
  • [release/1.6] go.mod: Bump hcsshim to 0.9.3 (#6968)
    • 6eff5b6c0 [release/1.6] go.mod: Bump hcsshim to 0.9.3
  • [release/1.6] config: improve config v1 deprecation message (#6980)
    • 3bb5a9d19 config: improve config v1 deprecation message
  • [release/1.6] update golang to 1.17.10, golang.org/x/sys v0.0.0-20220412211240-33da011f77ad (#6927)
    • f1d2d9260 [release/1.6] vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
    • 9f99be51b [release/1.6] update golang to 1.17.10
  • [release/1.6] Bug fix for mount path handling (#6929)
  • [release/1.6] Reverts removal of parallel run from critest (#6942)
    • 82a77be2d reverts removal of parallel run from critest
  • [release/1.6 backport] update runc binary and vendor to v1.1.2 (#6936)
    • 246a1b42e vendor: github.com/opencontainers/runc v1.1.2
    • 43717e03a update runc binary to v1.1.2
  • [release/1.6] Allow git commands in Vagrantfile (#6941)
    • 06bdfeb67 Allow git commands in Vagrantfile
  • [release/1.6] Update critools to v1.24 (#6895)

Changes from containerd/go-cni

6 commits

  • go.mod: update libcni to v1.1.1 (#101)
    • cb645ef go.mod: update libcni to v1.1.1
  • add in some serial setup tests; a little make cleanup (#100)
    • 42cfe0f add in some serial setup tests; a little make cleanup
  • Re-introduce serial network setup (#99)
    • ee1a707 Re-introduce serial network setup

Dependency Changes

  • github.com/Microsoft/hcsshim v0.9.2 -> v0.9.3
  • github.com/containerd/go-cni v1.1.5 -> v1.1.6
  • github.com/containernetworking/cni v1.1.0 -> v1.1.1
  • github.com/opencontainers/runc v1.1.1 -> v1.1.2
  • golang.org/x/sys 1d35b9e2eb4e -> 33da011f77ad

Previous release can be found at v1.6.4

Assets 20