v1.29.1
CRI-O v1.29.1
The release notes have been generated for the commit range
v1.29.0...v1.29.1 on Fri, 12 Jan 2024 12:56:11 EST.
Note This release fixes CVE-2023-6476
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.29.1.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.29.1 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.29.1 \
--signature cri-o.amd64.v1.29.1.tar.gz.sig \
--certificate cri-o.amd64.v1.29.1.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.29.1.tar.gz
> bom validate -e cri-o.amd64.v1.29.1.tar.gz.spdx -d cri-o
Changelog since v1.29.0
Changes by Kind
Bug or Regression
- Fix CVE-2023-6476, where poorly filtered access to an experimental annotation can allow pods to circumvent resource limits on cgroupsv2. See GHSA-p4rx-7wvg-fwrc for more information. (@haircommander)
API Change
- Added more file system information in
ImageFsInfo
as part of the garbage collection KEP. (#7269, @kannon92)
Uncategorized
- Update linked logs to drop an intermediate directory and append
.log
to the container symlink (#7653, @haircommander)
Dependencies
Added
Nothing has changed.
Changed
- golang.org/x/crypto: v0.17.0 → v0.16.0
Removed
- github.com/google/go-github/v50: v50.2.0