containerd 1.7.3

Welcome to the v1.7.3 release of containerd!

The third patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

• RunC: Update runc binary to v1.1.8 (#8843)
• CRI: Fix additionalGids: it should fallback to imageConfig.User when securityContext.RunAsUser,RunAsUsername are empty (#8824)
• CRI: write generated CNI config atomically (#8825)
• Port-Forward: Correctly handle known errors (#8806)
• Resolve docker.NewResolver race condition (#8799)
• Fix net.ipv4.ping_group_range with userns (#8786)
• Runtime/V2/RunC: handle early exits w/o big locks (#8712)
• SecComp: always allow name_to_handle_at (#8753)
• CRI: Windows Pod Stats: Add a check to skip stats for containers that are not running (#8654)
• Task: don't close() io before cancel() (#8658)
• Remove CNI conf_template deprecation (#8638)
• Fix issue for HPC pod metrics (#8634)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda
• Phil Estes
• Sebastiaan van Stijn
• Wei Fu
• Derek McGowan
• Kazuyoshi Kato
• Austin Vazquez
• Samuel Karp
• Shingo Omura
• Jin Dong
• Maksym Pavlenko
• Aditi Sharma
• Danny Canter
• James Sturtevant
• Laura Brehm
• Rodrigo Campos
• Akhil Mohan
• Andrey Epifanov
• Bjorn Neergaard
• Cory Snider
• Madhav Jivrajani
• Mahamed Ali
• Priyanka Saggu
• Qasim Sarfraz
• wangxiang
• zounengren

Changes

63 commits

• [release/1.7] Prepare release notes for v1.7.3 (#8871)
  • 4cb2f1515 [release/1.7] Add release notes for v1.7.3
• [release/1.7] cri: memory.memsw.limit_in_bytes: no such file or directory (#8869)
  • b461ecacf cri: memory.memsw.limit_in_bytes: no such file or directory
• [release/1.7] migrate to community owned bucket for node e2e tests (#8875)
  • 14328ae03 migrate to community owned bucket
• [release/1.7 backport] update runc binary to v1.1.8 (#8843)
  • b985f7ef1 update runc binary to v1.1.8
• [release/1.7 backport] [CRI] fix additionalGids: it should fallback to imageConfig.User when securityContext.RunAsUser,RunAsUsername are empty (#8824)
  • 083f57160 capture desc variable in range variable just in case that it run in parallel mode
  • a9440ce6b Use t.TempDir instead of os.MkdirTemp
  • eea3440d8 use strings.Cut instead of strings.Split for parsing imageConfig.User
  • eace67180 fix userstr for dditionalGids on Linux
• [release/1.7 backport] cri: write generated CNI config atomically (#8825)
  • 7353c0286 ctr: update WritePidFile to use atomicfile
  • ae7021300 shim: WritePidFile & WriteAddress use atomicfile
  • 186eb64b7 cri: write generated CNI config atomically on Unix
  • 64c3dcd8e atomicfile: new package for atomic file writes
• [release/1.7 backport] Move logrus setup code to log package (#8831)
  • f7a20e17c Move logrus setup code to log package
• [release/1.7 backport] Cirrus CI: configure apt-get to wait for locks (#8814)
  • 60a6db9c2 Cirrus CI: configure apt-get to wait for locks
• [release/1.7 backport] Update Go to 1.20.6,1.19.11 (#8815)
  • 973778193 Update Go to 1.20.6,1.19.11
• [release/1.7 backport] update go to go1.20.5, go1.19.10 (#8716)
  • 403033e52 update go to go1.20.5, go1.19.10
• [release/1.7 backport] bugfix(port-forward): Correctly handle known errors (#8806)
  • 6b6b0c828 bugfix(port-forward): Correctly handle known errors
• [release/1.7] Resolve docker.NewResolver race condition (#8799)
  • 898eca21e Change http.Header copy to builtin Clone
  • fa2efc406 Resolve docker.NewResolver race condition
• [release/1.7] Fix net.ipv4.ping_group_range with userns (#8786)
  • 241514815 pkg/cri/server: Test net.ipv4.ping_group_range works with userns
  • 801e8c806 pkg/cri/server: Fix net.ipv4.ping_group_range with userns
• [release/1.7 backport] vendor: github.com/containerd/zfs v1.1.0 (#8782)
  • d5639a5a8 vendor: github.com/containerd/zfs v1.1.0
• [release/1.7 backport] ci: remove libseccomp-dev installation for nightly (#8772)
  • 15d65709e ci: remove libseccomp-dev installation for nightly
• [release/1.7] go.mod: Update cgroups to 3.0.2 (#8769)
  • a08ae718c [release/1.7] go.mod: Update cgroups to 3.0.2
• [release/1.7 backport] runtime/v2/runc: handle early exits w/o big locks (#8712)
  • 18c6503d9 runtime/v2/runc: handle early exits w/o big locks
• [release/1.7 backport] integration/client: add timeout to TestShimOOMScore (#8750)
  • 3bf3996d9 integration/client: add timeout to TestShimOOMScore
• [release/1.7 backport] Update ginkgo to match cri-tools' version (#8760)
  • c2c54af9d Update ginkgo to match cri-tools' version
• [release/1.7 backport] seccomp: always allow name_to_handle_at (#8753)
  • 6281d46df seccomp: always allow name_to_handle_at
• [release/1.7] Pinned image support (#8718)
  • 699d6701a Pinned image support
• [release/1.7] cherry-pick: No more nondistributable layers in MS registry (#8690)
  • dafbeb5b1 No more nondistributable layers in MS registry
• [release/1.7] [cri] Windows Pod Stats: Add a check to skip stats for containers that are not running (#8654)
  • 58b6b99cd Add a check to skip stats for containe...

containerd 1.7.2

Welcome to the v1.7.2 release of containerd!

The second patch release for containerd 1.7 includes enhancements to CRI sandbox mode,
Windows snapshot mounting support, and CRI and container IO bug fixes.

CRI/Sandbox Updates

• Publish sandbox events (#8613)
• Make stats respect sandbox's platform (#8604)

Other Notable Updates

• Mount snapshots on Windows (#8616)
• Notify readiness when registered plugins are ready (#8584)
• Fix cio.Cancel() should close pipes (#8624)
• CDI: Use CRI Config.CDIDevices field for CDI injection (#8519)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Gabriel Adrian Samfira
• Derek McGowan
• Paul "TBBle" Hampson
• Maksym Pavlenko
• Phil Estes
• Austin Vazquez
• Akihiro Suda
• Kazuyoshi Kato
• Danny Canter
• Samuel Karp
• Sebastiaan van Stijn
• Ed Bartosh
• Henry Wang
• Hsing-Yu (David) Chen
• Jan Dubois
• Mike Brown
• Wei Fu
• helen

Changes

59 commits

• [release/1.7] Prepare release notes for v1.7.2 (#8629)
  • 0e41daaea [release/1.7] Prepare release notes for v1.7.2
• [1.7 backport] Fix panic when remote differ returns empty result (#8631)
  • e134b6393 Fix panic when remote differ returns empty result
• [release/1.7 backport] Mount snapshots on Windows (#8616)
  • 313c226b8 Update continuity to a tagged version
  • 8dd16285a UnmountAll is a no-op for missing mount points
  • acff3eefa Improve error messages and remove check
  • b4dd3bf4e Make ReadOnly() available on all platforms
  • 08d8baf3f Increase integration test tmieout to 20m
  • 1f0dbd011 Remove bind code path in mount()
  • 8f37b1c63 Remove "bind" code path from diff
  • 9139208b3 Properly mount base layers
  • e61e7b312 Skip parent layer options on bind mounts
  • e4307926f Add ReadOnly() function
  • 0277b9b01 Remove escalated privileges
  • d5c18dfb7 Use DefaultSnapshotter
  • 853179366 use t.Fatal if we cannot enable process privileges
  • 5b3ee413f Update continuity
  • 375172604 Fix go.mod, simplify boolean logic, add logging
  • 600abd137 Ignore ERROR_NOT_FOUND error when removing mount
  • df7295dcd Update continuity, go-winio and hcsshim
  • 0db78c482 Remove unused function
  • 219058766 Grant needed privileges for snapshotter tests
  • 96fbe5bc8 Fix layer comparison and enable read-only checks
  • 279e0d3c9 Use bind filer for mounts
  • 93e94da40 Enable TestSnapshotterClient on Windows
  • 3a3da693a Run Windows snapshotter through the test suite
  • e7b62322f Fix misspelling of 'Native' as 'Naive'
  • e1f999a18 Add paired 'mount' log for 'unmount'
  • 5788d6e52 Don't use all-upper-case filenames in snapshot tests
  • 3cdcb2f10 Skip tests that do not apply to WCOW on Windows
  • b0968b8bb Ensure mounts are unmounted before leaving the test
  • b57424851 Unify testutil.Unmount on Windows and Unix
  • b9a8aad45 Implement Windows mounting for bind and windows-layer mounts
  • 1a64ee183 Implement WCOW parentless active snapshots and view snapshots
• [release/1.7] fix: cio.Cancel() should close the pipes (#8624)
  • 99582fb1a fix: cio.Cancel() should close the pipes
• [release/1.7 backport] remotes/docker: ResolverOptions: fix deprecation comments (#8621)
  • eeda70fb0 remotes/docker: ResolverOptions: fix deprecation comments
• [release/1.7] Publish sandbox events (#8613)
  • e21c8beee Post cherry-pick fixes
  • 246240f71 Move PLEG event back to CRI
  • 16f3726dd Generate sandbox exit events from CRI
  • 0c8cfb1a7 Move pod sandbox recovery to podsandbox/ package
  • 91d9f5c64 Publish sandbox events
  • 4b77683b4 Add sandbox events protos
• [release/1.7] notify readiness when registered plugins are ready (#8584)
  • 2c38cad77 notify readiness when registered plugins are ready
• [release/1.7] Backport CRI sandbox server stats changes (#8604)
  • 7851b0a9f CRI: Make stats respect sandbox's platform
  • 8d7c340ca [sbserver] handle missing cpu stats
  • d08b2a088 [sbserver] Refactor usageNanoCores be to used for all OSes
• [release/1.7] Cherry-pick: Update volume-ownership image with latest hashes (#8574)
  • 08de6e7b8 Update volume-ownership image with latest hashes
• [release/1.7] CDI: Use CRI Config.CDIDevices field for CDI injection (#8519)
  • 6a5e54c15 Get CDI devices from CRI Config.CDIDevices field
• [release/1.7 backport] snapshots/testsuite: Rename: fix fuse-overlayfs incompatibility (#8510)
  • 9e60300ea snapshots/testsuite: Rename: fix fuse-overlayfs incompatibility

#...

containerd 1.7.1

Welcome to the v1.7.1 release of containerd!

The first patch release for containerd 1.7 includes many fixes to CRI
sandbox mode, various other fixes, runc update, and important fixes in
core dependencies such as ttrpc and typeurl.

CRI/Sandbox Updates

• Throw not supported error when UID or GID mappings provided (#8211)
• Cleanup shim on start failure (#8282)
• Fix premature close of CRI service when there are no CNI configuration monitors (#8282)
• Avoid UID lookup from mount on Darwin (#8314)
• Keep Linux mounts for Linux sandboxes on non-Linux hosts (#8331)
• Add noexec,nodev,nosuid to /etc/resolv.conf bind mount (#8336)
• Remove entry for container from container store on error (#8457)
• Fix unmarshal in container metrics (#8472)

Other Notable Updates

• Use readonly for temporary mounts (#8300 #8358)
• Fix skip docker manifest option on image exporter (#8344)
• Update runc binary to v1.1.7 (#8451)
• Fix runtime path task option (#8453)
• Fix panic from nil checkpoint options (#8475)
• Fix transfer service configuration options (#8491)
• Fix server-side goroutine leak on receive message error (ttrpc#141)
• Fix panic caused by race to close send channel (ttrpc#140)
• Fix unmarshal to return non-nil object when nil value (ttrpc#140)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Sebastiaan van Stijn
• Akihiro Suda
• Iceber Gu
• Phil Estes
• Maksym Pavlenko
• Wei Fu
• Danny Canter
• Kirtana Ashok
• Rodrigo Campos
• Samuel Karp
• Vinayak Goyal
• Austin Vazquez
• Justin Chadwell
• Kazuyoshi Kato
• Brad Davidson
• Djordje Lukic
• Ethan Lowman
• Laura Brehm
• Michael Crosby

Changes

68 commits

• [release/1.7] Prepare release notes for v1.7.1 (#8501)
  • 27a0d957b Prepare release notes for v1.7.1
• [release/1.7] Update ttrpc v1.2.2 (#8499)
  • 7b288e2d7 Update ttrpc to v1.2.2
• [release/1.7] runtime/shim: fix the nil checkpoint options (#8475)
  • 3ef5b689a runtime/shim: fix the nil checkpoint options
• [release/1.7] bump typeurl to v2.1.1 (#8495)
  • 0e0532eb2 bump typeurl to v2.1.1
• [release/1.7] Transfer service backports (#8491)
  • 35e86f96c [transfer] avoid setting limiters when max is 0
  • f7233811f Update transfer configuration
  • 4510eac00 Fix image pulling with Transfer service
• [release/1.7]Update hcsshim tag to v0.10.0-rc.8 (#8480)
  • aaa65e8c1 Update hcsshim tag to v0.10.0-rc.8
• [release/1.7] cri: Fix umarshal metrics (#8472)
  • 95ef67e19 Fix umarshal metrics for CRI server
• [release/1.7 backport] update go to go1.20.4, go1.19.9 (#8471)
  • 021bba28b update go to go1.20.4, go1.19.9
• [release/1.7] fix the task setting the runtime path (#8453)
  • c0e128624 skip TestContainerStartWithAbsRuntimePath if the runtime is v1
  • aa3c63c15 integration: add container start test using abs runtime path
  • d2d9eedb1 WithRuntimePath uses the TaskInfo.RuntimePath field
• [release/1.7] Remove entry for container from container store on error (#8457)
  • 6b3ae0129 Remove entry for container from container store on error
• [release/1.7 backport] update runc binary to v1.1.7 (#8451)
  • fae4b6223 update runc binary to v1.1.7
• [release/1.7] cri: Vendor v0.27.1 (#8444)
  • 571715a9d cri: Vendor v0.27.1
• [release/1.7 backport] oci: partially restore comment on read-only mounts for uid/gid uses (#8404)
  • 1bbf98e53 oci: partially restore comment on read-only mounts for uid/gid uses
• [release/1.7] Fix argsEscaped tests (#8405)
  • a6d336c1f Fix argsEscaped tests
• [release/1.7] Throw an error if the kubelet requests mounts with uid/gid mappings (#8211)
  • 7de8629be cri: Throw an error if idmap mounts is requested
  • 75ac7e0d8 cri: Vendor v0.27.0-beta.0 for mounts uid/gid mappings
• [release/1.7] go.mod: remove redundant replace, and some cleaning-up (#8396)
  • 8f6e86fec go.mod: add comment explaining go-fuzz-headers replace rule
  • 1ece0cb50 go.mod: remove replace for github.com/opencontainers/runtime-tools
  • e9f962187 go.mod: integration: use non-pre-release of containerd
  • 84393b005 go.mod: integration: move indirect dependencies to the right group
• [release/1.7 backport] update runc binary to v1.1.6 (#8386)
  • dec2595af update runc binary to v1.1.6
• [release/1.7 backport] oci: Use WithReadonlyTempMount when adding users/groups (#8358)
  • 54d12b872 oci: Use WithReadonlyTempMount when adding users/groups
• [release/1.7 backport] update go to go1.20.3, go1.19.8 (#8354)
  • 624327651 update go to go1.20.3, go1.19.8
• [release/1.7] archive: consistently respect value of WithSkipDockerManifest (#8344)
  • 1d6641b7c export: add test for WithSkipDockerManifest
  • 0e0d84f6b archive: consistently respect value of WithSkipDockerManifest
• [release/1.7] Add noexec nodev and nosuid to sandbox /etc/resolv.conf mount bind. (#8336)
  • 9b4935d86 Update sbserver to add noexec nodev and nosuid to /etc/resolv.conf mount bind.
  • ...

containerd 1.6.21

Welcome to the v1.6.21 release of containerd!

The twenty-first patch release for containerd 1.6 contains various fixes and updates.

Notable Updates

• **update runc binary to v1.1.7 (#8450)
• **Remove entry for container from container store on error (#8456)
• **oci: partially restore comment on read-only mounts for uid/gid uses (#8403)
• **windows: Add ArgsEscaped support for CRI (#8247)
• **oci: Use WithReadonlyTempMount when adding users/groups (#8357)
• **archive: consistently respect value of WithSkipDockerManifest (#8345)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Sebastiaan van Stijn
• Iceber Gu
• Kirtana Ashok
• Justin Chadwell
• Phil Estes
• Akihiro Suda
• Djordje Lukic
• Kazuyoshi Kato
• Mike Brown
• Wei Fu
• kiashok

Changes

26 commits

• [release/1.6] Prepare release notes for v1.6.21 (#8463)
  • 9226c362a Add release notes for v1.6.21
• [release/1.6] update go to go1.19.9 (#8469)
  • 39566aade [release/1.6] update go to go1.19.9
• [release/1.6] fix the task setting the runtime path (#8454)
  • e8840f688 skip TestContainerStartWithAbsRuntimePath if the runtime is v1
  • 75ab094de integration: add container start test using abs runtime path
  • f49254f0b WithRuntimePath uses the TaskInfo.RuntimePath field
• [release/1.6 backport] update runc binary to v1.1.7 (#8450)
  • ccb51ff26 update runc binary to v1.1.7
• [release/1.6] Remove entry for container from container store on error (#8456)
  • 95d31551d Remove entry for container from container store on error
• [release/1.6 backport] oci: partially restore comment on read-only mounts for uid/gid uses (#8403)
  • c33eb574d oci: partially restore comment on read-only mounts for uid/gid uses
• [release/1.6 ] Add ArgsEscaped support for CRI (#8247)
  • bc2e01303 Fix argsEscaped tests
  • 8b81d5acc Add ArgsEscaped support for CRI
• [release/1.6 backport] update runc binary to v1.1.6 (#8385)
  • 57d953482 update runc binary to v1.1.6
• [release/1.6 backport] oci: Use WithReadonlyTempMount when adding users/groups (#8357)
  • fb5e663d0 oci: Use WithReadonlyTempMount when adding users/groups
• [release/1.6] update go to go1.19.8 (#8353)
  • 26efb8fd5 [release/1.6] update go to go1.19.8
• [release/1.6] archive: consistently respect value of WithSkipDockerManifest (#8345)
  • ec13b497e export: add test for WithSkipDockerManifest
  • d1f3771c4 archive: consistently respect value of WithSkipDockerManifest

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.6.20

containerd 1.5.18

Welcome to the v1.5.18 release of containerd!

The eighteenth patch release for containerd 1.5 includes fixes for CVE-2023-25153 and CVE-2023-25173
along with a security update for Go.

Notable Updates

• Fix supplementary groups not being set up properly (GHSA-hmfx-3pcx-653p)
• Fix OCI image importer memory exhaustion (GHSA-259w-8hf6-59c2)
• Update Go to 1.19.6 (#8112)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda
• Derek McGowan
• Ye Sijun
• Samuel Karp
• Phil Estes
• Swagat Bora
• Wei Fu

Changes

17 commits

• [release/1.5] Prepare release notes for v1.5.18 (#8117)
  • ddf9de6cb Prepare release notes for v1.5.18
• Github Security Advisory GHSA-hmfx-3pcx-653p
  • a62c38bf2 oci: fix additional GIDs
  • 3b89da580 oci: fix loop iterator aliasing
  • b07ec6b25 oci: skip checking gid for WithAppendAdditionalGroups
  • 356672cb5 refactor: reduce duplicate code
  • 6a7b7617c add WithAdditionalGIDs test
  • 832bcf300 add WithAppendAdditionalGroups helper
• Github Security Advisory GHSA-259w-8hf6-59c2
  • 19a347e45 importer: stream oci-layout and manifest.json
• [release/1.5] Go 1.19.6 (#8112)
  • 4209dc243 Go 1.19.6
• [release/1.5] Fix retry logic within devmapper device deactivation (#8089)
  • 0d16d045d Fix retry logic within devmapper device deactivation
• [release/1.5] CI: skip some jobs when repo != containerd/containerd (#8084)
  • 34451bc66 CI: skip some jobs when repo != containerd/containerd

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.5.17

containerd 1.5.17

Welcome to the v1.5.17 release of containerd!

The seventeenth patch release for containerd 1.5 includes various fixes and updates.

Notable Updates

• Update shim to fail fast on dial error (#7953)
• Fix no CNI info for pod sandbox on restart (#7849)
• Fix push error propagation (#7998)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Akihiro Suda
• Wei Fu
• Danny Canter
• Justin Chadwell
• Kirtana Ashok
• Phil Estes
• Samuel Karp
• Sebastiaan van Stijn

Changes

14 commits

• [release/1.5] Prepare release notes for v1.5.17 (#8017)
  • 40a4d58de Prepare release notes for v1.5.17
• [release/1.5] integration/images: switch away from Docker Hub to avoid rate limit (#8009)
  • d44769ad6 integration/images: switch away from Docker Hub to avoid rate limit
• [release/1.5 backport] pushWriter: correctly propagate errors (#7998)
  • 1e848038d pushWriter: correctly propagate errors
• [release/1.5] update to go1.18.10 (#7993)
  • 464c2fb7a [release/1.5] update to go1.18.10
• [release/1.5] runtime: should fail fast if dial error on shim (#7953)
  • 7473711de runtime: should fail fast if dial error on shim
• [release/1.5] CRI: Fix no CNI info for pod sandbox on restart (#7849)
  • 23c2a863e CRI: Fix no CNI info for pod sandbox on restart
• [release/1.5] go.mod: Bump hcsshim to v0.8.25 (#7817)
  • 1c5d8d142 [release/1.5] Bump shim tag to v0.8.25

Dependency Changes

• github.com/Microsoft/hcsshim v0.8.24 -> v0.8.25

Previous release can be found at v1.5.16

containerd 1.6.15

Welcome to the v1.6.15 release of containerd!

The fifteenth patch release for containerd 1.6 fixes an issue with CNI in the CRI plugin

Notable Updates

• Fix no CNI info for pod sandbox on restart in CRI plugin (#7848)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Akihiro Suda
• Danny Canter
• Kevin Parsons
• Samuel Karp
• Wei Fu

Changes

8 commits

• [release/1.6] Prepare release notes for v1.6.15 (#7924)
  • 883899eae Prepare release notes for v1.6.15
• [release/1.6] CI: Pass GITHUB_TOKEN to containerd/project-checks (#7919)
  • b57367020 CI: Pass GITHUB_TOKEN to containerd/project-checks
• [release/1.6] integration/images: switch away from Docker Hub to avoid rate limit (#7900)
  • 0f4062c9b integration/images: switch away from Docker Hub to avoid rate limit
• [release/1.6] CRI: Fix no CNI info for pod sandbox on restart (#7848)
  • f16447e2d CRI: Fix no CNI info for pod sandbox on restart

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.6.14

containerd 1.6.14

Welcome to the v1.6.14 release of containerd!

The fourteenth patch release for containerd 1.6 fixes a regression in the CRI plugin related to swap

Notable Updates

• Fix memory.memsw.limit_in_bytes: no such file or directory error in CRI plugin (#7838)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Phil Estes
• Derek McGowan
• Akihiro Suda
• Cameron Sparr
• Akhil Mohan
• Kazuyoshi Kato
• Sebastiaan van Stijn
• Serge Logvinov
• Wang Bing
• Wei Fu
• cathaysia
• shi yixue
• wusong

Changes

6 commits

• Prepare release notes for v1.6.14 (#7841)
  • 1347d7c87 Prepare release notes for v1.6.14
• [release/1.6] cri: fix memory.memsw.limit_in_bytes: no such file or directory (#7838)
  • 53c733e0b cri: fix memory.memsw.limit_in_bytes: no such file or directory
• Revert "[release/1.6] support fetching containerd from non public GCS buckets" (#7830)
  • e8b22c100 Revert "[release/1.6] support fetching containerd from non public GCS buckets"

Changes from containerd/cgroups

21 commits

• ParseCgroupFile: fix wrong comment about unified hierarchy ; add ParseCgroupFileUnified to get the unified path (#232)
  • dd81920 add ParseCgroupFileUnified to get the unified path
  • dae6735 ParseCgroupFile: fix wrong comment about unified hierarchy
• Bump go version to 1.17 in go.mod (#230)
  • e5baf6b Bump go version to 1.17 in go.mod
• make cmd/ a separate module (as it's only for testing) (#226)
  • 66f3f56 make cmd/ a separate module (as it's only for testing)
• feat(v2): add Update method for v2.Manager (#225)
  • 0592512 feat(v2): add Update method for v2.Manager
• feat: add memory.min param (#211)
  • 8276db2 feat: add memory.min param
• modified the dereference null pointer value. (#218)
  • a76c4fb modified the dereference null pointer value.
• update readme for cpu cgroup demo (#217)
  • f39d7da update readme for cpu cgroup demo
• Fix systemd full path (#221)
  • aa8003c Fix systemd full path
• Update Go version and fedora base (#223)
  • d7918f2 Update Go version and fedora base
• Fix panic in NewSystemd on nil values (#219)
  • 65478b8 Fix panic in NewSystemd on nil values

Dependency Changes

• github.com/containerd/cgroups v1.0.3 -> v1.0.4

Previous release can be found at v1.6.13

containerd 1.6.13

Welcome to the v1.6.13 release of containerd!

The thirteenth patch release for containerd 1.6 contains various fixes and updates.

Notable Updates

• Update overlay snapshotter to check for tmpfs when evaluating usage of userxattr (#7788)
• Update hcsschim to v0.9.6 to fix resource leak on exec (#7808)
• Make swapping disabled with memory limit in CRI plugin (#7815)
• Allow clients to remove created tasks with PID 0 (#7816)
• Fix concurrent map iteration and map write in CRI port forwarding (#7819)
• Check for nil HugepageLimits to avoid panic in CRI plugin (#7820)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Akhil Mohan
• Phil Estes
• Kazuyoshi Kato
• Maksym Pavlenko
• Akihiro Suda
• Gavin Inglis
• Kirtana Ashok
• Mike Brown
• Qasim Sarfraz
• Shinichi Morimoto
• chaunceyjiang
• mathis-m

Changes

25 commits

• [release/1.6] Prepare release notes for v1.6.13 (#7821)
  • Prepare release notes for v1.6.13
• [release/1.6] support fetching containerd from non public GCS buckets (#7823)
  • disable tracing while handling token
  • support fetching containerd from non public GCS buckets
• [release/1.6] nil check to avoid panic on upgrade (#7820)
  • nil check to avoid panic on upgrade
• [release/1.6] concurrent map iteration and map write (#7819)
  • fatal error: concurrent map iteration and map write
• [release/1.6] allow client to remove created tasks with PID 0 (#7816)
  • allow client to remove created tasks with PID 0
• [release/1.6] cri: make swapping disabled with memory limit (#7815)
  • cri: make swapping disabled with memory limit
• [release/1.6] go.mod: Bump hcsshim to v0.9.6 (#7808)
  • Bump hcsshim to v0.9.6
• [release/1.6] Cherry pick GitHub actions workflow updates 1.6 (#7713)
  • update codeql-action to v2
  • Upgrade actions/upload-artifact from v2 to v3
  • Move up actions versions to prep for deprecation
  • CI: update GHA instances from Ubuntu 18.04 to 20.04
  • Use global env variable to specify Go version on CI
  • Rework permission handling in scripts
  • fix pool_device_test.go
• [release/1.6] fix: check for tmpfs when evaluating if userxattr should be used (#7788)
  • fix: check for tmpfs when evaluating if userxattr should be used

Dependency Changes

• github.com/Microsoft/hcsshim v0.9.5 -> v0.9.6

Previous release can be found at v1.6.12

containerd 1.6.10

Welcome to the v1.6.10 release of containerd!

The tenth patch release for containerd 1.6 contains various fixes, including a CVE fix for Windows platforms.

Notable Updates

• Always check userxattr for overlay on kernels >= 5.11 (#7646)
• Bump hcsshim to 0.9.5 to fix container shutdown bug on Windows (#7610
• Bump Go version to 1.18.8 to address CVE-2022-41716 (#7634)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda
• Danny Canter
• Kazuyoshi Kato
• Austin Vazquez
• Derek McGowan
• Gavin Inglis
• Kathryn Baldauf
• Kevin Parsons
• Phil Estes
• Sebastiaan van Stijn
• Yasin Turan

Changes

14 commits

• [release/1.6] Prepare release notes for v1.6.10 (#7664)
  • Prepare release notes for v1.6.10
• [release/1.6] overlayutils: Add fastpath for userxattr check (#7646)
  • overlayutils: Add fastpath for userxattr check
• [release/1.6] update to Go 1.18.8 to address CVE-2022-41716 (#7634)
  • [release/1.6] update to Go 1.18.8 to address CVE-2022-41716
• [release/1.6] ctr export strictly match default platform (#7627)
  • ctr export strictly match default platform
• [release/1.6] go.mod: Bump hcsshim to v0.9.5 (#7610)
  • [release/1.6] go.mod: Bump hcsshim to v0.9.5
• [release/1.6] ctr import: strictly match platform (#7594)
  • ctr import: strictly match platform
• [release/1.6] cherry-pick: Migrate away from GitHub actions set-output (#7582)
  • Migrate away from GitHub actions set-output

Dependency Changes

• github.com/Microsoft/hcsshim v0.9.4 -> v0.9.5

Previous release can be found at v1.6.9