-
v2.1.0-beta.0b430e5ac · ·
containerd 2.1.0-beta.0 Welcome to the v2.1.0-beta.0 release of containerd! *This is a pre-release of containerd* The 2.1 beta series is here, see the [2.1 milestone](https://github.com/containerd/containerd/milestone/48) to track ongoing efforts. Please try out the beta and report any issues! The first minor release of containerd 2.x focuses on continued stability alongside new features and improvements. This is the first time-based released for containerd. Most the feature set and core functionality has long been stable and harderened in production environments, so now we transition to a balance of timely delivery of new functionality with the same high confidence in stability and performance. ### Highlights * Erofs snapshotter and differ ([#10705](https://github.com/containerd/containerd/pull/10705)) * Fix race between serve and immediate shutdown on the server ([containerd/ttrpc#175](https://github.com/containerd/ttrpc/pull/175)) #### Container Runtime Interface (CRI) * Add OCI/Image Volume Source support ([#10579](https://github.com/containerd/containerd/pull/10579)) * Enable Writable cgroups for unprivileged containers ([#11131](https://github.com/containerd/containerd/pull/11131)) * Fix recursive RLock() mutex acquisition ([containerd/go-cni#126](https://github.com/containerd/go-cni/pull/126)) * Support CNI STATUS Verb ([containerd/go-cni#123](https://github.com/containerd/go-cni/pull/123)) #### Image Distribution * Add dial timeout field to hosts toml configuration ([#11106](https://github.com/containerd/containerd/pull/11106)) #### Node Resource Interface (NRI) * Expose Pod assigned IPs to NRI plugins ([#10921](https://github.com/containerd/containerd/pull/10921)) #### Runtime * Support multiple uid/gid mappings ([#10722](https://github.com/containerd/containerd/pull/10722)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Akihiro Suda * Derek McGowan * Phil Estes * Maksym Pavlenko * Jin Dong * Sebastiaan van Stijn * Wei Fu * Samuel Karp * Austin Vazquez * Kazuyoshi Kato * Henry Wang * Mike Brown * Akhil Mohan * Gao Xiang * Archit Kulkarni * Krisztian Litkey * ningmingxiao * Alexey Lunev * Antonio Ojea * Chris Henzie * Davanum Srinivas * Marat Radchenko * Michael Zappa * Paweł Gronowski * Adrien Delorme * Amit Barve * Andrey Smirnov * Divya * Etienne Champetier * Kirtana Ashok * fengwei0328 * zounengren * Adrian Reber * Alfred Wingate * Amal Thundiyil * Athos Ribeiro * Brian Goff * ChengyuZhu6 * Chongyi Zheng * Craig Ingram * David Son * Fupan Li * Jing Xu * Jonathan A. Sternberg * Jose Fernandez * Kaita Nakamura * Lei Liu * Mike Baynton * Philip Laine * Qiyuan Liang * Sameer * Shiming Zhang * Vered Rosen * alingse * bo.jiang * chriskery * luchenhan * mahmut ### Changes <details><summary>433 commits</summary> <p> * [`b430e5ac3`](https://github.com/containerd/containerd/commit/b430e5ac3accf636cf52b0128b27bb828574cbcf) Merge commit from fork * [`de1341c20`](https://github.com/containerd/containerd/commit/de1341c201ffb0effebbf51d00376181968c8779) validate uid/gid * Bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 ([#11544](https://github.com/containerd/containerd/pull/11544)) * [`8028a1d08`](https://github.com/containerd/containerd/commit/8028a1d086620f7ebf9d8b5446e3abb06bdecdc3) Bump github.com/go-jose/go-jose/v4 from v4.0.4 to v4.0.5 * [`ce055b530`](https://github.com/containerd/containerd/commit/ce055b530556532a2f0d92bdcd39bc89739cdbd8) Bump golang.org/x/text from 0.22.0 to 0.23.0 * [`e0aaed012`](https://github.com/containerd/containerd/commit/e0aaed0120ba2aa7e9245390a94a2fc550ee5c34) Bump golang.org/x/term from 0.29.0 to 0.30.0 * fix: repeat args from sub-func call ([#11512](https://github.com/containerd/containerd/pull/11512)) * [`b947e0566`](https://github.com/containerd/containerd/commit/b947e056634177e2e21ea7317b5496956213e004) fix: repeat args from sub-func call * build(deps): bump github.com/prometheus/client_golang from 1.20.5 to 1.21.1 ([#11525](https://github.com/containerd/containerd/pull/11525)) * [`75252f975`](https://github.com/containerd/containerd/commit/75252f9759c3bd3dfaf6fb2f5af12771ff1a1810) build(deps): bump github.com/prometheus/client_golang * integration: update TestUpgrade for 2.1 ([#11519](https://github.com/containerd/containerd/pull/11519)) * [`06daffb4d`](https://github.com/containerd/containerd/commit/06daffb4d1b65288d4e3c94b172efeddd8d61851) integration: update TestUpgrade for 2.1 * config:fix config migrate lost timeout config ([#11532](https://github.com/containerd/containerd/pull/11532)) * [`531adbf06`](https://github.com/containerd/containerd/commit/531adbf065160bf91315ef17cd5e70f9895d86b5) config:fix config migrate lost timeout config * Add dial timeout field to hosts toml configuration ([#11106](https://github.com/containerd/containerd/pull/11106)) * [`c4982bffc`](https://github.com/containerd/containerd/commit/c4982bffc6dd887a58a189f8a6be99b1b1542953) Add dial timeout field to hosts toml configuration * Prepare release notes for v2.1.0-beta.0 ([#11510](https://github.com/containerd/containerd/pull/11510)) * [`12762891d`](https://github.com/containerd/containerd/commit/12762891d6c4e0e91384c01650c102d911f9a915) Remove test for issue 10467 * [`93cc1e6eb`](https://github.com/containerd/containerd/commit/93cc1e6eb96c099e50f6cc0c7f68feeacf09dc48) Fix upgrade test runtime config * [`833d6bc8e`](https://github.com/containerd/containerd/commit/833d6bc8e932a6e2e24b4b3bd4ead920fe8e6035) Update release status for 2.1 to beta * [`71cfe00ee`](https://github.com/containerd/containerd/commit/71cfe00eec7b22a392458f4d87261dbd6e828af5) Prepare release notes for v2.1.0-beta.n * [`be8fe50f4`](https://github.com/containerd/containerd/commit/be8fe50f49a0fb2752b52d560ab1039dbfd83af4) Update the upgrade test to handle 2.1 * build(deps): bump the otel group with 8 updates ([#11521](https://github.com/containerd/containerd/pull/11521)) * [`94dd70f4f`](https://github.com/containerd/containerd/commit/94dd70f4f0c659526f3b75dc278530dd8d429628) build(deps): bump the otel group with 8 updates * client: Respect `client.WithTimeout` option ([#11508](https://github.com/containerd/containerd/pull/11508)) * [`ee574e76e`](https://github.com/containerd/containerd/commit/ee574e76e7f6bbe239298163eab6ccd8b94d73b3) client: Respect `client.WithTimeout` option * build(deps): bump github.com/urfave/cli/v2 from 2.27.5 to 2.27.6 ([#11523](https://github.com/containerd/containerd/pull/11523)) * [`700b98415`](https://github.com/containerd/containerd/commit/700b98415ef82825d18f53612e2e00eb16197d37) build(deps): bump github.com/urfave/cli/v2 from 2.27.5 to 2.27.6 * build(deps): bump the golang-x group with 3 updates ([#11520](https://github.com/containerd/containerd/pull/11520)) * [`85c04ab0e`](https://github.com/containerd/containerd/commit/85c04ab0ec8d50c042e4665254342730b0d67175) build(deps): bump the golang-x group with 3 updates * add k8s 1.32 to support table and as tested containerd supported branches at the time of release ([#11534](https://github.com/containerd/containerd/pull/11534)) * [`5bbd3ed1b`](https://github.com/containerd/containerd/commit/5bbd3ed1b1993c30188cd5b1acb959bb44469127) add k8s 1.32 and as tested containerd supported branches at the time of release * build(deps): bump google.golang.org/grpc from 1.70.0 to 1.71.0 ([#11524](https://github.com/containerd/containerd/pull/11524)) * [`c37e48b07`](https://github.com/containerd/containerd/commit/c37e48b07c51f6877a268f69a9d7d85c54e7d97f) build(deps): bump google.golang.org/grpc from 1.70.0 to 1.71.0 * Support container restore through CRI/Kubernetes ([#10365](https://github.com/containerd/containerd/pull/10365)) * [`9e6beafd5`](https://github.com/containerd/containerd/commit/9e6beafd53919eecd1fb650a76332002cf4c84dd) Support container restore through CRI/Kubernetes * build(deps): bump actions/attest-build-provenance from 2.2.2 to 2.2.3 ([#11526](https://github.com/containerd/containerd/pull/11526)) * [`d7de182dd`](https://github.com/containerd/containerd/commit/d7de182ddf46b61b894d363c76b92f5fbc24cccb) build(deps): bump actions/attest-build-provenance from 2.2.2 to 2.2.3 * build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 ([#11527](https://github.com/containerd/containerd/pull/11527)) * [`9f885ea4f`](https://github.com/containerd/containerd/commit/9f885ea4f549febd5de9fde536006f9484e12df5) build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 * build(deps): bump containerd/project-checks from 1.2.1 to 1.2.2 ([#11528](https://github.com/containerd/containerd/pull/11528)) * [`88faaac97`](https://github.com/containerd/containerd/commit/88faaac973dee7326e765a601bcdc6cf42843518) build(deps): bump containerd/project-checks from 1.2.1 to 1.2.2 * add name in package version ([#11518](https://github.com/containerd/containerd/pull/11518)) * [`405a952c6`](https://github.com/containerd/containerd/commit/405a952c653b2ec912cbfdef2c89b43151a072bd) add name in package version * update to go1.23.7 / go1.24.1 ([#11513](https://github.com/containerd/containerd/pull/11513)) * [`4f090fe77`](https://github.com/containerd/containerd/commit/4f090fe772b33191fa5e47a6b826ee56f45463f2) update to go1.23.7 / go1.24.1 * Don't produce unnecessary logs when encountering attestations ([#11327](https://github.com/containerd/containerd/pull/11327)) * [`3cdfc1003`](https://github.com/containerd/containerd/commit/3cdfc1003dbde389d1d3bd012202be534bf6a4cf) core/remotes: Handle attestations in MakeRefKey * [`e751b6bb1`](https://github.com/containerd/containerd/commit/e751b6bb1db7936ee111322ff199d9f708c27428) core/images: Ignore attestations when traversing children * perf(applyNaive): avoid walking the tree for each file in the same directory ([#11337](https://github.com/containerd/containerd/pull/11337)) * [`d8063c30d`](https://github.com/containerd/containerd/commit/d8063c30dd05ca71e7b2d8d78360af6835dd5e46) perf(applyNaive): avoid walking the tree for each file in the same directory * Update runtime-spec to v1.2.1 ([#11460](https://github.com/containerd/containerd/pull/11460)) * [`f8f205382`](https://github.com/containerd/containerd/commit/f8f205382adcad407b7e95e76b18e787e0688b35) Update runtime-spec to v1.2.1 * docs: include note about unprivileged sysctls ([#11502](https://github.com/containerd/containerd/pull/11502)) * [`edd1cc50d`](https://github.com/containerd/containerd/commit/edd1cc50d5f3c474fe6f09927afbe9be4c7c10da) docs: include note about unprivileged sysctls * ci: update GitHub Actions release runner to ubuntu-24.04 ([#11479](https://github.com/containerd/containerd/pull/11479)) * [`705518e58`](https://github.com/containerd/containerd/commit/705518e58b98e868cba35c116d9e46e88f9928bf) ci: update GitHub Actions release runner to ubuntu-24.04 * e2e: use the shim bundled with containerd artifact ([#11489](https://github.com/containerd/containerd/pull/11489)) * [`393ad5b11`](https://github.com/containerd/containerd/commit/393ad5b11ea3aae3d86f60400f40cf63849eda40) e2e: use the shim bundled with containerd artifact * build(deps): bump go.etcd.io/bbolt from 1.3.11 to 1.4.0 ([#11450](https://github.com/containerd/containerd/pull/11450)) * [`e84e5a215`](https://github.com/containerd/containerd/commit/e84e5a215cab4d189e05e989e94ae26cb84553cf) build(deps): bump go.etcd.io/bbolt from 1.3.11 to 1.4.0 * [`00cb73503`](https://github.com/containerd/containerd/commit/00cb7350392b13cb8c21c5f422304bde7317a760) Swap to go.etcd.io/bbolt/errors for bbolt errors * CVE-2025-22869: upgrade golang.org/x/crypto to v0.35.0 ([#11482](https://github.com/containerd/containerd/pull/11482)) * [`af5ff5a1f`](https://github.com/containerd/containerd/commit/af5ff5a1f18c7fb899d5a12434616db62a4a3bee) CVE-2025-22869: upgrade golang.org/x/crypto to v0.35.0 * device mapper:fix sometimes blkdiscard doesn't have --version flags ([#11330](https://github.com/containerd/containerd/pull/11330)) * [`44baada6a`](https://github.com/containerd/containerd/commit/44baada6aa88a4eb1c1adddceb353b14396cc442) device mapper:fix sometimes blkdiscard doesn't have --version flags * docs: add CRI Plugin Config runtime_path ([#11402](https://github.com/containerd/containerd/pull/11402)) * [`a1e7457bc`](https://github.com/containerd/containerd/commit/a1e7457bc486036559d01fe4a88327417efcf6c1) docs: add CRI Plugin Config runtime_path * Consolidate security profile logic into a common pkg ([#11080](https://github.com/containerd/containerd/pull/11080)) * [`71958731e`](https://github.com/containerd/containerd/commit/71958731e82a9068e783db9d578586841fd52404) move security profile to cri/sputil pkg * erofs-snapshotter: two bug-fixes ([#11476](https://github.com/containerd/containerd/pull/11476)) * [`3a5de731c`](https://github.com/containerd/containerd/commit/3a5de731c587342ccc8691acd5d4ae2154b9511c) erofs-snapshotter: clear IMMUTABLE_FL only for committed snapshots * [`971915797`](https://github.com/containerd/containerd/commit/971915797acd86cb4ea7efc7641cb17bec90c896) erofs-snapshotter: force the use of loop devices for single-layer images * CVE-2025-22868: upgrade golang.org/x/oauth2 to v0.27.0 ([#11481](https://github.com/containerd/containerd/pull/11481)) * [`10f2b7fde`](https://github.com/containerd/containerd/commit/10f2b7fded7fb91966a9af77d0dae06d872d2c5d) CVE-2025-22868: upgrade golang.org/x/oauth2 to v0.27.0 * build(deps): bump containerd/project-checks from 1.1.0 to 1.2.1 ([#11474](https://github.com/containerd/containerd/pull/11474)) * [`69c0d7f60`](https://github.com/containerd/containerd/commit/69c0d7f60f74210d6e41515e9064bb96362683c7) build(deps): bump containerd/project-checks from 1.1.0 to 1.2.1 * build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 ([#11464](https://github.com/containerd/containerd/pull/11464)) * [`72ac5cad4`](https://github.com/containerd/containerd/commit/72ac5cad446bdb315c83a2f720f55ecdffba3780) build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 * build(deps): bump github.com/klauspost/compress from 1.17.11 to 1.18.0 ([#11467](https://github.com/containerd/containerd/pull/11467)) * [`001dfeb19`](https://github.com/containerd/containerd/commit/001dfeb19f791348d3fc89c7d93ad23c971c7b93) build(deps): bump github.com/klauspost/compress from 1.17.11 to 1.18.0 * build(deps): bump actions/download-artifact from 4.1.8 to 4.1.9 ([#11468](https://github.com/containerd/containerd/pull/11468)) * [`86734729f`](https://github.com/containerd/containerd/commit/86734729fb1274b11fd2a3c97bf61bcc486017e6) build(deps): bump actions/download-artifact from 4.1.8 to 4.1.9 * build(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 ([#11469](https://github.com/containerd/containerd/pull/11469)) * [`9b0b67951`](https://github.com/containerd/containerd/commit/9b0b679519dc25f20c1084ca719e6225286f3534) build(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 * build(deps): bump actions/attest-build-provenance from 2.2.0 to 2.2.2 ([#11470](https://github.com/containerd/containerd/pull/11470)) * [`20fa1ca46`](https://github.com/containerd/containerd/commit/20fa1ca46ddb35799fa67c6743ea8652b3bd54f2) build(deps): bump actions/attest-build-provenance from 2.2.0 to 2.2.2 * build(deps): bump golang.org/x/net from 0.23.0 to 0.33.0 in /api ([#11472](https://github.com/containerd/containerd/pull/11472)) * [`37fe1e8b4`](https://github.com/containerd/containerd/commit/37fe1e8b42f8746944c5d9b4a8bf2b3dcfc99984) build(deps): bump golang.org/x/net from 0.23.0 to 0.33.0 in /api * build(deps): bump actions/cache from 4.2.1 to 4.2.2 ([#11471](https://github.com/containerd/containerd/pull/11471)) * [`0eea93d68`](https://github.com/containerd/containerd/commit/0eea93d6873c2b7b26a4c7bae0bfbd29c9039f3c) build(deps): bump actions/cache from 4.2.1 to 4.2.2 * Bump to newer opencontainers/image-spec @ v1.1.1 ([#11461](https://github.com/containerd/containerd/pull/11461)) * [`d37ea6977`](https://github.com/containerd/containerd/commit/d37ea6977d7e096e9221cbbba9a0282e97709acd) Bump to newer opencontainers/image-spec @ v1.1.1 * Remove After=local-fs.target from containerd.service ([#11116](https://github.com/containerd/containerd/pull/11116)) * [`e0459262b`](https://github.com/containerd/containerd/commit/e0459262ba8b52e936b3b2e555e7faeab846b600) Remove After=local-fs.target from containerd.service * erofs-snapshotter: protect layer blobs with FS_IMMUTABLE_FL ([#11431](https://github.com/containerd/containerd/pull/11431)) * [`b477cf8e9`](https://github.com/containerd/containerd/commit/b477cf8e97b6facd183bba964631a36ef7a3d32b) erofs-snapshotter: protect layer blobs with FS_IMMUTABLE_FL * Log "container event discarded" as Info ([#11115](https://github.com/containerd/containerd/pull/11115)) * [`6c7b1afe5`](https://github.com/containerd/containerd/commit/6c7b1afe5127c0f8827a8995c1756ab71289ec98) Log "container event discarded" as Info * Fix privileged container sysfs can't be rw because pod is ro by default ([#11271](https://github.com/containerd/containerd/pull/11271)) * [`1fc497218`](https://github.com/containerd/containerd/commit/1fc497218ac5f83fa65b9043bc3bc2bc0dee219c) Fix privileged container sysfs can't be rw because pod is ro by default * cri,nri: fix initial sync race of registering NRI plugins. ([#11384](https://github.com/containerd/containerd/pull/11384)) * [`6a01ad3e1`](https://github.com/containerd/containerd/commit/6a01ad3e16c57c631febb92090bbca5c331e2f7d) cri,nri: block NRI plugin sync. during event processing. * proxy: break up writes from the remote writer to avoid grpc limits ([#11441](https://github.com/containerd/containerd/pull/11441)) * [`f25f36c33`](https://github.com/containerd/containerd/commit/f25f36c334144d87233e06b0de90522ebd97e144) proxy: break up writes from the remote writer to avoid grpc limits * build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 ([#11423](https://github.com/containerd/containerd/pull/11423)) * [`0500dacf6`](https://github.com/containerd/containerd/commit/0500dacf609df804e3cb025f024f39e5e32cb1e4) build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 * go.{mod,sum}: bump CDI deps to v.0.8.1. ([#11449](https://github.com/containerd/containerd/pull/11449)) * [`22d568fb5`](https://github.com/containerd/containerd/commit/22d568fb5a8381fd20ea4e385f8aff9899e0e710) Update CDI dependency to v0.8.1. * build(deps): bump the k8s group across 1 directory with 6 updates ([#11398](https://github.com/containerd/containerd/pull/11398)) * [`d2b5653c1`](https://github.com/containerd/containerd/commit/d2b5653c11b6dc9023609cc9ca35b334e53768c0) build(deps): bump the k8s group across 1 directory with 6 updates * Prefer runtime options for PluginInfo request ([#11442](https://github.com/containerd/containerd/pull/11442)) * [`51f063f07`](https://github.com/containerd/containerd/commit/51f063f0716871070f6a8995902ee6a679ee9c45) Prefer runtime options for PluginInfo request * pkg: prevent oom watcher from depending on shim pkg ([#11433](https://github.com/containerd/containerd/pull/11433)) * [`268880bf5`](https://github.com/containerd/containerd/commit/268880bf53b39f8de4e6d7d668a8bb5e7ee3519a) [improve] prevent oom watcher depend on shim pkg. * Ignore defunct verifier procs in test ([#11435](https://github.com/containerd/containerd/pull/11435)) * [`76858ac8e`](https://github.com/containerd/containerd/commit/76858ac8e3129644fb4cf5ae9f86448655989cf4) Ignore defunct verifier procs in test * CI: arm64-8core-32gb -> ubuntu-24.04-arm ([#11427](https://github.com/containerd/containerd/pull/11427)) * [`4e7484d3f`](https://github.com/containerd/containerd/commit/4e7484d3f40a8ec07126eb16fae614aedafe630a) CI: arm64-8core-32gb -> ubuntu-24.04-arm * build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 ([#11424](https://github.com/containerd/containerd/pull/11424)) * [`125525d6c`](https://github.com/containerd/containerd/commit/125525d6cd4aa85ac91f694e94b5bf8c9b647b6d) build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 * build(deps): bump actions/cache from 4.2.0 to 4.2.1 ([#11426](https://github.com/containerd/containerd/pull/11426)) * [`86cde823a`](https://github.com/containerd/containerd/commit/86cde823a8361c3a3d3ff756da5523e89f1bb93b) build(deps): bump actions/cache from 4.2.0 to 4.2.1 * build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 ([#11425](https://github.com/containerd/containerd/pull/11425)) * [`49257264f`](https://github.com/containerd/containerd/commit/49257264fec6c950d18bd6960b35e5ae12eafa02) build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 * erofs-snapshotter: add fsverity support ([#11352](https://github.com/containerd/containerd/pull/11352)) * [`f3b6078f9`](https://github.com/containerd/containerd/commit/f3b6078f90bf61c87bab34c7f6c10eeb8258a465) erofs-snapshotter: add fsverity support * Support for importing layers in the block CIM format. ([#11179](https://github.com/containerd/containerd/pull/11179)) * [`a1c540085`](https://github.com/containerd/containerd/commit/a1c540085f86dcc8613e6db11b73bed4a3a02883) Support for importing layers in the block CIM format. * perf(zstd): deactivate the low mem decoder ([#11335](https://github.com/containerd/containerd/pull/11335)) * [`c51f5d26f`](https://github.com/containerd/containerd/commit/c51f5d26f1167d612d061cb20ae0cbb1ab00a0da) perf(zstd): deactivate the low mem decoder * build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 ([#11370](https://github.com/containerd/containerd/pull/11370)) * [`6a08d70e6`](https://github.com/containerd/containerd/commit/6a08d70e681b81049a2cabfd44216803662d6c8e) build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 * move the device after the options when using mkfs.ext4 ([#11362](https://github.com/containerd/containerd/pull/11362)) * [`b98378638`](https://github.com/containerd/containerd/commit/b9837863815e2ffe5ea28e52afe24a2e1829863f) move the device after the options when using mkfs.ext4 * build(deps): bump google.golang.org/grpc from 1.69.4 to 1.70.0 ([#11313](https://github.com/containerd/containerd/pull/11313)) * [`f23981281`](https://github.com/containerd/containerd/commit/f23981281e60fd5ad37d61e43a777ff64fbfb874) build(deps): bump google.golang.org/grpc from 1.69.4 to 1.70.0 * build(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.5.0 ([#11397](https://github.com/containerd/containerd/pull/11397)) * [`b8a759f1f`](https://github.com/containerd/containerd/commit/b8a759f1fd59eca20534e223fa8db2011ebbb519) build(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.5.0 * build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.5 ([#11373](https://github.com/containerd/containerd/pull/11373)) * [`326fbf074`](https://github.com/containerd/containerd/commit/326fbf07470ee61022e84f1387cf799aa86493b0) build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.5 * Clarify port handling in `hosts.toml` ([#11393](https://github.com/containerd/containerd/pull/11393)) * [`a502b7931`](https://github.com/containerd/containerd/commit/a502b7931babb81749c5236b38a09e5ae73fe88e) Clarify port handling in hosts toml * Move `linters-settings.exclude-dirs` to `issues.exclude-dirs` in golangci-lint config ([#11399](https://github.com/containerd/containerd/pull/11399)) * [`480e1039f`](https://github.com/containerd/containerd/commit/480e1039fe23512e6c1ea4bd8db1be93ac125993) move exclude-dirs to issues.exclude-dirs * Add OCI/Image Volume Source support ([#10579](https://github.com/containerd/containerd/pull/10579)) * [`1ec10d9ae`](https://github.com/containerd/containerd/commit/1ec10d9ae7535ddd7b18e3c21b6cd8ff12a2f90d) Add OCI/Image Volume Source support * build(deps): bump github.com/vishvananda/netns from 0.0.4 to 0.0.5 ([#11374](https://github.com/containerd/containerd/pull/11374)) * [`17acb356f`](https://github.com/containerd/containerd/commit/17acb356f826ccf6dd6b0160dcce5e3aedf41f21) build(deps): bump github.com/vishvananda/netns from 0.0.4 to 0.0.5 * Revert "Add timestamp to PodSandboxStatusResponse for kubernetes Evented PLEG" ([#11323](https://github.com/containerd/containerd/pull/11323)) * [`83b65e52f`](https://github.com/containerd/containerd/commit/83b65e52fddf9411009e396dda283a782921222f) Revert "Add timestamp to PodSandboxStatusResponse for kubernetes Evented PLEG" * Update runc binary to v1.2.5 ([#11388](https://github.com/containerd/containerd/pull/11388)) * [`938775864`](https://github.com/containerd/containerd/commit/938775864aba692f69d4bb143e1d6197b69b421b) Update runc binary to v1.2.5 * build(deps): bump docker/setup-buildx-action from 3.8.0 to 3.9.0 ([#11369](https://github.com/containerd/containerd/pull/11369)) * [`2f971ee2d`](https://github.com/containerd/containerd/commit/2f971ee2d474c403837500846e0deaa8ba399992) build(deps): bump docker/setup-buildx-action from 3.8.0 to 3.9.0 * Remove noinline in seccomp/apparmor SpecOpts ([#11264](https://github.com/containerd/containerd/pull/11264)) * [`222308416`](https://github.com/containerd/containerd/commit/222308416cd7d0204c4adf64ffdf438951e5aa64) Remove noinline in apparmor SpecOpts * [`2a4164ac8`](https://github.com/containerd/containerd/commit/2a4164ac868955ac9cb406cb4dc434d2eb3f9a16) Remove noinline in seccomp SpecOpts * build(deps): bump the golang-x group with 3 updates ([#11371](https://github.com/containerd/containerd/pull/11371)) * [`84e07f6b5`](https://github.com/containerd/containerd/commit/84e07f6b54400bf61d1242c42f3437384aec2a65) build(deps): bump the golang-x group with 3 updates * update to go 1.24.0 / go1.23.6 ([#11377](https://github.com/containerd/containerd/pull/11377)) * [`df99aa321`](https://github.com/containerd/containerd/commit/df99aa321a274c50de87332a067537cea746fd5c) update to go 1.24.0 / go1.23.6 * [`41eaa41c4`](https://github.com/containerd/containerd/commit/41eaa41c43787755427aa430149a9c857c643be3) update golangci-lint to v1.64.2 * build(deps): bump lycheeverse/lychee-action from 2.2.0 to 2.3.0 ([#11368](https://github.com/containerd/containerd/pull/11368)) * [`2b8a7f253`](https://github.com/containerd/containerd/commit/2b8a7f253dee9bd8a4dc650eb27fbd803a64c97a) build(deps): bump lycheeverse/lychee-action from 2.2.0 to 2.3.0 * build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.2 ([#11367](https://github.com/containerd/containerd/pull/11367)) * [`bdb8cb5a8`](https://github.com/containerd/containerd/commit/bdb8cb5a80915fc605dcdfa3e0b0f2eb2b293b1c) build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.2 * Erofs snapshotter and differ ([#10705](https://github.com/containerd/containerd/pull/10705)) * [`2f15d6586`](https://github.com/containerd/containerd/commit/2f15d6586b261d0f0bc68b847660dc2b691169db) Add tests for EROFS snapshotter * [`fd4caef78`](https://github.com/containerd/containerd/commit/fd4caef7866306f9e654f54ba0209c7f4a554ad9) Add EROFS snapshotter documentation * [`2486d542a`](https://github.com/containerd/containerd/commit/2486d542a5a96d71e3c8bb36517479e0a81f0131) Introduce EROFS Snapshotter * [`c73c8e5d5`](https://github.com/containerd/containerd/commit/c73c8e5d526aba6acf0eb75976bfc5a1037d64ac) Introduce EROFS differ * Update RELEASES.md for new release schedule and LTS policy ([#11294](https://github.com/containerd/containerd/pull/11294)) * [`6d1f6e75d`](https://github.com/containerd/containerd/commit/6d1f6e75d65283dc6440556cfaf694c20059d77d) Update upgrade section * [`5f238fa82`](https://github.com/containerd/containerd/commit/5f238fa827a97e729592c1ed896a1192ba53ab09) Update to time based releases * [`886d971f8`](https://github.com/containerd/containerd/commit/886d971f855da042f1c83fc87b2074c858062f3b) Update LTS definition and support horizon * nri: make OCI spec available on StopPodSandbox ([#11331](https://github.com/containerd/containerd/pull/11331)) * [`2eb0aa6b9`](https://github.com/containerd/containerd/commit/2eb0aa6b988a508400d6567602e7f3af838ca3c4) nri: make OCI spec available on StopPodSandbox * build(deps): bump google-github-actions/auth from 2.1.7 to 2.1.8 ([#11332](https://github.com/containerd/containerd/pull/11332)) * [`565b50dbb`](https://github.com/containerd/containerd/commit/565b50dbb92f231ea1f416dead040d8e96f0963a) build(deps): bump google-github-actions/auth from 2.1.7 to 2.1.8 * build(deps): bump google-github-actions/upload-cloud-storage from 2.2.1 to 2.2.2 ([#11334](https://github.com/containerd/containerd/pull/11334)) * [`b65f3875b`](https://github.com/containerd/containerd/commit/b65f3875ba3365a780ac9d9ace295c56ac230ee4) build(deps): bump google-github-actions/upload-cloud-storage * build(deps): bump github/codeql-action from 3.28.6 to 3.28.8 ([#11333](https://github.com/containerd/containerd/pull/11333)) * [`841ab361c`](https://github.com/containerd/containerd/commit/841ab361c1e52200319c08dc8b09f11e07d78f17) build(deps): bump github/codeql-action from 3.28.6 to 3.28.8 * Fix state/root bug in shim sandbox controller ([#11321](https://github.com/containerd/containerd/pull/11321)) * [`168c49e4d`](https://github.com/containerd/containerd/commit/168c49e4dcf1fcfebcf5d751f5aa20747b2a2032) Fix state/root bug in shim sandbox controller * build(deps): bump github/codeql-action from 3.28.1 to 3.28.6 ([#11315](https://github.com/containerd/containerd/pull/11315)) * [`48d09104d`](https://github.com/containerd/containerd/commit/48d09104dcc4244672c590e9b6ab3ab71d8c9ce4) build(deps): bump github/codeql-action from 3.28.1 to 3.28.6 * build(deps): bump actions/attest-build-provenance from 2.1.0 to 2.2.0 ([#11317](https://github.com/containerd/containerd/pull/11317)) * [`0c986c332`](https://github.com/containerd/containerd/commit/0c986c332f072ce2273c06d2707976b321830423) build(deps): bump actions/attest-build-provenance from 2.1.0 to 2.2.0 * build(deps): bump actions/stale from 9.0.0 to 9.1.0 ([#11316](https://github.com/containerd/containerd/pull/11316)) * [`575239789`](https://github.com/containerd/containerd/commit/5752397896d44d5807837c8a71e2c0f1769ba66a) build(deps): bump actions/stale from 9.0.0 to 9.1.0 * build(deps): bump the otel group across 1 directory with 8 updates ([#11286](https://github.com/containerd/containerd/pull/11286)) * [`69e82f9cd`](https://github.com/containerd/containerd/commit/69e82f9cd3e29428bd480b1c349268a0723af51d) build(deps): bump the otel group across 1 directory with 8 updates * build(deps): bump github.com/tchap/go-patricia/v2 from 2.3.1 to 2.3.2 ([#11283](https://github.com/containerd/containerd/pull/11283)) * [`19c546c97`](https://github.com/containerd/containerd/commit/19c546c9760b11c266a314bf25177b96d7a21f24) build(deps): bump github.com/tchap/go-patricia/v2 from 2.3.1 to 2.3.2 * Update cimfs snapshotter & differ for new hcsshim interface ([#10033](https://github.com/containerd/containerd/pull/10033)) * [`b81ace872`](https://github.com/containerd/containerd/commit/b81ace8724e154a0899679a05a98b7174804abed) Update cimfs snapshotter & differ for new hcsshim interface * update to go1.23.5 / go1.22.11 ([#11277](https://github.com/containerd/containerd/pull/11277)) * [`157faf65c`](https://github.com/containerd/containerd/commit/157faf65c55c5de56f636fe3466f59b43241abb3) update to go1.23.5 / go1.22.11 * build(deps): bump lycheeverse/lychee-action from 2.1.0 to 2.2.0 ([#11287](https://github.com/containerd/containerd/pull/11287)) * [`f572a6db9`](https://github.com/containerd/containerd/commit/f572a6db9037e4a36225a4146a4344aaf34d692c) build(deps): bump lycheeverse/lychee-action from 2.1.0 to 2.2.0 * client: add WithExtraDialOpts option ([#11276](https://github.com/containerd/containerd/pull/11276)) * [`a6dc9905c`](https://github.com/containerd/containerd/commit/a6dc9905cbb1833c459362ba72928bd348967158) client: add WithExtraDialOpts option * build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.3 ([#11282](https://github.com/containerd/containerd/pull/11282)) * [`460e5a2e2`](https://github.com/containerd/containerd/commit/460e5a2e2bec851ba357dc1b738e3023841d0f2b) build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.3 * build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 ([#11288](https://github.com/containerd/containerd/pull/11288)) * [`36d3888cf`](https://github.com/containerd/containerd/commit/36d3888cf7eb7c9f533167cf93748ece98eb79cf) build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 * build(deps): bump softprops/action-gh-release from 2.2.0 to 2.2.1 ([#11289](https://github.com/containerd/containerd/pull/11289)) * [`4b77d4e41`](https://github.com/containerd/containerd/commit/4b77d4e41ef99e6526f3e20dae36bc301f648477) build(deps): bump softprops/action-gh-release from 2.2.0 to 2.2.1 * build(deps): bump github/codeql-action from 3.27.9 to 3.28.1 ([#11290](https://github.com/containerd/containerd/pull/11290)) * [`22e77720b`](https://github.com/containerd/containerd/commit/22e77720b3e6aecbb299ad70c68e2ade6dfd0108) build(deps): bump github/codeql-action from 3.27.9 to 3.28.1 * build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 ([#11291](https://github.com/containerd/containerd/pull/11291)) * [`53d6f3482`](https://github.com/containerd/containerd/commit/53d6f34822dda24bf7c8674305c93eadb4bad50b) build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 * Support multiple uid/gid mappings ([#10722](https://github.com/containerd/containerd/pull/10722)) * [`ff0d99e02`](https://github.com/containerd/containerd/commit/ff0d99e02873ac04b4f73054d92d22683a501b7d) Add multiple uid/gid mapping test cases to integration tests * [`ec231cdcf`](https://github.com/containerd/containerd/commit/ec231cdcf27b4bfad8fd51dbe4a3a328158aeb86) Update ctr to support remapper labels with multiple uid/gid mapping entries * [`8bbfb6528`](https://github.com/containerd/containerd/commit/8bbfb65289f3a32fd5358bf7419f8b860a08fbed) Update snapshotter opts to support multiple uid/gid mapping entries * [`8a030d653`](https://github.com/containerd/containerd/commit/8a030d6537e42194cca894ebf89556af09dfade8) Update overlay snapshotter to support multiple uid/gid mappings * [`168ec21db`](https://github.com/containerd/containerd/commit/168ec21dbd6254088a47257d1a44812155d6d54c) Update idmapped mount to support multiple uid/gid mappings * [`a11405975`](https://github.com/containerd/containerd/commit/a114059759ec1d70ce04acfce028da54428689a9) Add RootPair() and serialization routines to userns idmap * log: avoid using unsupported field by logrus ([#11148](https://github.com/containerd/containerd/pull/11148)) * [`04f9e30db`](https://github.com/containerd/containerd/commit/04f9e30db313908c1209b7f7d526d5d3eb8467ed) log: avoid using unsupported field by logrus * Move all fuzz tests to go native fuzz [part2] ([#11251](https://github.com/containerd/containerd/pull/11251)) * [`b49df6af1`](https://github.com/containerd/containerd/commit/b49df6af11dbf7e4fc715e972c8e816edcb02309) move FuzzCRIServer to go native fuzz * [`6019bcdfb`](https://github.com/containerd/containerd/commit/6019bcdfbbed387b366e4e368c30475f5c31f054) move FuzzContainerdImport to go native fuzz * Make ovl idmap mounts read-only ([#10955](https://github.com/containerd/containerd/pull/10955)) * [`1e3d10dc2`](https://github.com/containerd/containerd/commit/1e3d10dc29616f7e81b3fef3314d7a44d593c48c) Make ovl idmap mounts read-only * runtime/v2: add note about orphan process for runc-shim ([#10002](https://github.com/containerd/containerd/pull/10002)) * [`58bd48ecf`](https://github.com/containerd/containerd/commit/58bd48ecff5418efbeacf27134d8adb3e58ab17d) add some doc for shim reap orphan process * Fix panics in CI fuzz integration tests ([#11249](https://github.com/containerd/containerd/pull/11249)) * [`b7a117b46`](https://github.com/containerd/containerd/commit/b7a117b4648c981275e7e7ac944bfabec45fc56a) Fix fuzz integration tests * Move CDI device spec out of the OCI package ([#11262](https://github.com/containerd/containerd/pull/11262)) * [`bdc847f1e`](https://github.com/containerd/containerd/commit/bdc847f1eb535a6728b6db3f2619d2a5ed0edbb9) Remove deprecated WithCDIDevices in oci spec opts * [`e20f7f4a2`](https://github.com/containerd/containerd/commit/e20f7f4a2425c005d85855abfd4556d7b4ccbf87) Move CDI device spec out of the OCI package * docs: fix some function names in comment ([#11261](https://github.com/containerd/containerd/pull/11261)) * [`740c5d428`](https://github.com/containerd/containerd/commit/740c5d4284de1704ffab91bf03967346ae7d29a9) docs: fix some function names in comment * Use a order-only-prerequisite for mandir creation ([#11132](https://github.com/containerd/containerd/pull/11132)) * [`ffbe1b573`](https://github.com/containerd/containerd/commit/ffbe1b5738951aed8945bf58c23e634433e77eb1) Use a order-only-prerequisite for mandir creation * Update platforms to latest rc ([#11257](https://github.com/containerd/containerd/pull/11257)) * [`6148dbdd7`](https://github.com/containerd/containerd/commit/6148dbdd778942f7b1f5361d3e18859ada70f4d6) Update platforms to latest rc * Remove confusing warning in cri runtime config migration ([#10980](https://github.com/containerd/containerd/pull/10980)) * [`fb44e37ff`](https://github.com/containerd/containerd/commit/fb44e37ff27325edda8e8ad178e1c057139cd4f2) Remove confusing warning in cri runtime config migration * Unify default transport in docker resolver ([#11167](https://github.com/containerd/containerd/pull/11167)) * [`47c4dba40`](https://github.com/containerd/containerd/commit/47c4dba40935f8c887a7d43f6fbfca5fafadeb7f) Unify default transport in docker resolver * Clarify Go client API guidance ([#11093](https://github.com/containerd/containerd/pull/11093)) * [`9fc711a8a`](https://github.com/containerd/containerd/commit/9fc711a8a0f5ca61007c855d087c5a806d2273cc) Clarify Go client API guidance * build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0 in the golang-x group ([#11225](https://github.com/containerd/containerd/pull/11225)) * [`ef7fa43c9`](https://github.com/containerd/containerd/commit/ef7fa43c9a8ee086eada91630dcfe3ec8cc276b0) build(deps): bump golang.org/x/sys in the golang-x group * Fix runtime platform loading in cri image plugin init ([#11165](https://github.com/containerd/containerd/pull/11165)) * [`ef0e70922`](https://github.com/containerd/containerd/commit/ef0e7092287ac4816e9a9fdfd6925e6f75657f41) Fix runtime platform loading in cri image plugin init * ci: fix the issue of config_file unset ([#11240](https://github.com/containerd/containerd/pull/11240)) * [`e1aeb37cd`](https://github.com/containerd/containerd/commit/e1aeb37cdf10ed2ed4b2dd4be02d68a556acc106) ci: fix the issue of config_file unset * Fix go-cni race condition ([#11244](https://github.com/containerd/containerd/pull/11244)) * [`09bf281ec`](https://github.com/containerd/containerd/commit/09bf281ec415a6029177c60688e261dab55e3944) fix go-cni race condition * make sure console master tty is closed on task exit ([#11161](https://github.com/containerd/containerd/pull/11161)) * [`652e4d0b1`](https://github.com/containerd/containerd/commit/652e4d0b10490c4c2cfc94791ea80b5a16ff38ea) Add integ test to check tty leak * [`aedb079bf`](https://github.com/containerd/containerd/commit/aedb079bf18f1f913b705d9b791beebcf1962cdd) fix master tty leak due to leaking init container object * Move fuzz tests to go native fuzz [part1] ([#11189](https://github.com/containerd/containerd/pull/11189)) * [`e70977180`](https://github.com/containerd/containerd/commit/e70977180ae55ad0bd28e2438b15170d83100d48) change metadata fuzz operations as const and slice instead of map * [`a4e3218e8`](https://github.com/containerd/containerd/commit/a4e3218e8f4a817ca0d7f44f622b97e0c83189b7) change tmp dir creation in fuzz to t.TempDir * [`a8c643cc5`](https://github.com/containerd/containerd/commit/a8c643cc51b4793189ac6291a62fcc1c3990af50) change copyright from ADA Logics to containerd * [`a55083007`](https://github.com/containerd/containerd/commit/a5508300782032adf7011d17a02268a425e3b14c) Remove github.com/AdamKorcz/go-118-fuzz-build in go.mod * [`2de103029`](https://github.com/containerd/containerd/commit/2de1030299c1626b2c235c0ed21040bce91f57d3) Move fuzz tests to go native fuzz [part1] * Bump up otelttrpc to 0.1.0 ([#11241](https://github.com/containerd/containerd/pull/11241)) * [`15d3bf9b2`](https://github.com/containerd/containerd/commit/15d3bf9b248d423c457e871fe001eeb129a3fa82) Bump up otelttrpc to 0.1.0 * Add snapshotter exports to unpack platform ([#11227](https://github.com/containerd/containerd/pull/11227)) * [`63f604728`](https://github.com/containerd/containerd/commit/63f6047282525748e13ed91892b50583771c6427) Add snapshotter exports to unpack platform * ctr: `ctr images import --all-platforms`: fix unpack ([#11229](https://github.com/containerd/containerd/pull/11229)) * [`79a42eedc`](https://github.com/containerd/containerd/commit/79a42eedc724cd248a995cbf1174d3800d948d52) ctr: `ctr images import --all-platforms`: fix unpack * Deflake TestFailFastWhenConnectShim by making TestContainerCgroupWritable not parallel ([#11235](https://github.com/containerd/containerd/pull/11235)) * [`e65283321`](https://github.com/containerd/containerd/commit/e6528332195d23bf98ba58124b4cd647223e6969) make TestContainerCgroupWritable not parallel * update runc binary to v1.2.4 ([#11230](https://github.com/containerd/containerd/pull/11230)) * [`54ed595e1`](https://github.com/containerd/containerd/commit/54ed595e1db892e09083e01f6520bc847bf99ee9) update runc binary to v1.2.4 * Enable Writable cgroups for unprivileged containers ([#11131](https://github.com/containerd/containerd/pull/11131)) * [`1363849b0`](https://github.com/containerd/containerd/commit/1363849b034a1daf58a4d677e758124d7ea7087e) Add integration test * [`dda702042`](https://github.com/containerd/containerd/commit/dda7020429a06a1d5549ced9391cc2f85f94adef) Enable Writable cgroups for unprivileged containers * Avoid duplicated chain ID calculation in unpack ([#11219](https://github.com/containerd/containerd/pull/11219)) * [`d156d3df9`](https://github.com/containerd/containerd/commit/d156d3df9620844491a4e6c94945693d5c7df043) Benchamrk chainID calculation in unpack * [`95f45541e`](https://github.com/containerd/containerd/commit/95f45541e47253610ed83b064dab2124a11027e8) Avoid duplicated chain ID calculation in unpack * downgrade go-difflib and go-spew to tagged releases ([#11220](https://github.com/containerd/containerd/pull/11220)) * [`00a11e91d`](https://github.com/containerd/containerd/commit/00a11e91d38b5a1e3540382eaedfda878b1314b1) downgrade go-difflib and go-spew to tagged releases * Bump seccomp version to be the same as one in runc repo ([#11200](https://github.com/containerd/containerd/pull/11200)) * [`4f2f12be6`](https://github.com/containerd/containerd/commit/4f2f12be6d91868a3b39d441ac598f876b47a6c0) Bump seccomp version to be the same as one in runc repo * Remove loop variable copies ([#11194](https://github.com/containerd/containerd/pull/11194)) * [`bee64b2b9`](https://github.com/containerd/containerd/commit/bee64b2b93ba0494ecff94b72748427d5abe20a5) Remove loop variable copies * build(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1 ([#11192](https://github.com/containerd/containerd/pull/11192)) * [`4a4a027f7`](https://github.com/containerd/containerd/commit/4a4a027f7984c415d94054f6f6e14a6369a7dcd7) build(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1 * bump up ttrpc to use its MD.Clone ([#11204](https://github.com/containerd/containerd/pull/11204)) * [`ee6338188`](https://github.com/containerd/containerd/commit/ee63381887da22ecc1be8ef2a3e441a72a013e93) bump up ttrpc to use its MD.Clone * build(deps): bump google.golang.org/grpc from 1.69.0 to 1.69.2 ([#11193](https://github.com/containerd/containerd/pull/11193)) * [`9bb31b706`](https://github.com/containerd/containerd/commit/9bb31b706c898a9475638206d2c5813fd9e8d77f) build(deps): bump google.golang.org/grpc from 1.69.0 to 1.69.2 * build(deps): bump golang.org/x/net from 0.30.0 to 0.33.0 ([#11181](https://github.com/containerd/containerd/pull/11181)) * [`7f3599f09`](https://github.com/containerd/containerd/commit/7f3599f09396bf69496e1cf189b999acc0db13a5) build(deps): bump golang.org/x/net from 0.30.0 to 0.33.0 * build(deps): bump github.com/containerd/cgroups/v3 from 3.0.4 to 3.0.5 ([#11191](https://github.com/containerd/containerd/pull/11191)) * [`f98d5fdb6`](https://github.com/containerd/containerd/commit/f98d5fdb6f684410bea0881159ea0df354cae41b) build(deps): bump github.com/containerd/cgroups/v3 from 3.0.4 to 3.0.5 * Update golangci to 1.60.3 ([#11185](https://github.com/containerd/containerd/pull/11185)) * [`26a156f4f`](https://github.com/containerd/containerd/commit/26a156f4fd285ecddcdead54105022348075ad62) Update golangci to 1.60.3 * build(deps): bump softprops/action-gh-release from 2.1.0 to 2.2.0 ([#11170](https://github.com/containerd/containerd/pull/11170)) * [`a172d2c11`](https://github.com/containerd/containerd/commit/a172d2c116daeb101700d9d6c3a3622623c7446d) build(deps): bump softprops/action-gh-release from 2.1.0 to 2.2.0 * Update golangci-lint version in dev tools script ([#11180](https://github.com/containerd/containerd/pull/11180)) * [`fa531f808`](https://github.com/containerd/containerd/commit/fa531f808b72c6667844ec56cbd9e6e5f23e974d) Update golangci-lint version in dev tools script * build(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0 ([#11177](https://github.com/containerd/containerd/pull/11177)) * [`2f37b9da3`](https://github.com/containerd/containerd/commit/2f37b9da392387fac21d375874473a017bcefb8b) build(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0 * build(deps): bump google.golang.org/grpc from 1.68.1 to 1.69.0 ([#11176](https://github.com/containerd/containerd/pull/11176)) * [`4e4537a87`](https://github.com/containerd/containerd/commit/4e4537a87a8ee66debb947df455cae6e68e0dd5d) build(deps): bump google.golang.org/grpc from 1.68.1 to 1.69.0 * build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 ([#11171](https://github.com/containerd/containerd/pull/11171)) * [`d29751424`](https://github.com/containerd/containerd/commit/d297514248daffa3124e529a5ada4f57a15dbb12) build(deps): bump github/codeql-action from 3.27.6 to 3.27.9 * build(deps): bump docker/setup-buildx-action from 3.7.1 to 3.8.0 ([#11172](https://github.com/containerd/containerd/pull/11172)) * [`31e129856`](https://github.com/containerd/containerd/commit/31e12985601773ce5417926db6eda9c9d63dc445) build(deps): bump docker/setup-buildx-action from 3.7.1 to 3.8.0 * build(deps): bump github.com/containerd/imgcrypt/v2 from 2.0.0-rc.1 to 2.0.0 ([#11174](https://github.com/containerd/containerd/pull/11174)) * [`f6e956c22`](https://github.com/containerd/containerd/commit/f6e956c2240a3d4dba6c9e6589993d051ff82849) build(deps): bump github.com/containerd/imgcrypt/v2 * build(deps): bump google.golang.org/grpc from 1.67.1 to 1.68.1 ([#11126](https://github.com/containerd/containerd/pull/11126)) * [`aeb414021`](https://github.com/containerd/containerd/commit/aeb414021b07a625cc58d555aabb18bd5cf51f3d) build(deps): bump google.golang.org/grpc from 1.67.1 to 1.68.1 * test: prevent segfault in imageverifier test ([#10851](https://github.com/containerd/containerd/pull/10851)) * [`1617fd72e`](https://github.com/containerd/containerd/commit/1617fd72e10634923f75bb27ca00a23cf2f19ecb) test: prevent segfault in imageverifier test * Report an error when cni confDir removed ([#10646](https://github.com/containerd/containerd/pull/10646)) * [`0c2805a6e`](https://github.com/containerd/containerd/commit/0c2805a6e452dba5e42b3723b6ba069b811f7c9a) Report an error when cni confDir removed * build(deps): bump actions/attest-build-provenance from 1.4.4 to 2.1.0 ([#11122](https://github.com/containerd/containerd/pull/11122)) * [`afee762fb`](https://github.com/containerd/containerd/commit/afee762fbfac0141b50040a1ea8197b02eafa3c1) build(deps): bump actions/attest-build-provenance from 1.4.4 to 2.1.0 * vendor: update golang.org/x/ dependencies ([#11145](https://github.com/containerd/containerd/pull/11145)) * [`23e014140`](https://github.com/containerd/containerd/commit/23e01414069df958db56ca24fd7806979a9f2f2a) vendor: golang.org/x/crypto v0.31.0 * [`9b3d999bd`](https://github.com/containerd/containerd/commit/9b3d999bd9affbfe7df5bd7ef8e5df9446eda56f) vendor: golang.org/x/term v0.27.0 * [`1032fad27`](https://github.com/containerd/containerd/commit/1032fad2721a01ec321881c44963958dcb9b2ed8) vendor: golang.org/x/text v0.21.0 * [`6764e62cf`](https://github.com/containerd/containerd/commit/6764e62cf7518dd6bc7050ed2d33a52a107fd1cd) vendor: golang.org/x/sync v0.10.0 * [`160676647`](https://github.com/containerd/containerd/commit/1606766479f3e37318c5f4144d6d3d989cba51aa) vendor: golang.org/x/sys v0.28.0 * build(deps): bump actions/cache from 4.1.2 to 4.2.0 ([#11124](https://github.com/containerd/containerd/pull/11124)) * [`927012243`](https://github.com/containerd/containerd/commit/9270122437f5a0105c74b49089fddc1a2c2648af) build(deps): bump actions/cache from 4.1.2 to 4.2.0 * internal/cri: should not apply IoOwner options if it's not user namespace ([#11104](https://github.com/containerd/containerd/pull/11104)) * [`2c4c04032`](https://github.com/containerd/containerd/commit/2c4c040328e161ef04913d8470a7dd61caf9f1be) internal/cri: should not apply IoOwner options * update runc binary to v1.2.3 ([#11141](https://github.com/containerd/containerd/pull/11141)) * [`981414521`](https://github.com/containerd/containerd/commit/981414521baf578a313c7b7af034ade6cb92b10d) update runc binary to v1.2.3 * cmd/ctr: allow user to syncfs during unpacking image locally ([#11118](https://github.com/containerd/containerd/pull/11118)) * [`11b78255d`](https://github.com/containerd/containerd/commit/11b78255de6544fc91d5f523bdfec2bef2a711ca) cmd: add syncfs option to ctr command * Update go-cni for CNI STATUS ([#11135](https://github.com/containerd/containerd/pull/11135)) * [`1f220b23e`](https://github.com/containerd/containerd/commit/1f220b23e298b61f5ece5a994ef2a37a843732b0) feat: update go-cni version for CNI STATUS * Complete cri grpc plugin config migration ([#11061](https://github.com/containerd/containerd/pull/11061)) * [`ed39dfa5d`](https://github.com/containerd/containerd/commit/ed39dfa5d64d872c8a0b7b88b4973395028b2b1e) Add integration test for custom configuration * [`8540fed77`](https://github.com/containerd/containerd/commit/8540fed77493a5a205524b47b810726a0de288eb) complete cri grpc config migration * ctr pull should unpack for default platform when transfer service is used ([#11086](https://github.com/containerd/containerd/pull/11086)) * [`4c11d753c`](https://github.com/containerd/containerd/commit/4c11d753ca9964bf70f087560c85614741ca35a5) ctr pull unpack for default platform using transfer service * update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+ ([#11130](https://github.com/containerd/containerd/pull/11130)) * [`d76f92f24`](https://github.com/containerd/containerd/commit/d76f92f2402049869e5fd94087aeed1a9fddc729) update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+ * build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 ([#11123](https://github.com/containerd/containerd/pull/11123)) * [`73864c520`](https://github.com/containerd/containerd/commit/73864c52037da5cf870a9c11359ab197cdf08fe4) build(deps): bump github/codeql-action from 3.27.5 to 3.27.6 * CI: update Fedora to 41 ([#10930](https://github.com/containerd/containerd/pull/10930)) * [`6fdc35243`](https://github.com/containerd/containerd/commit/6fdc352439dfdf88ac7a62c95f5fb1fa07ae3be3) CI: update Fedora to 41 * Fix loop variable capture issue ([#11042](https://github.com/containerd/containerd/pull/11042)) * [`485020ca8`](https://github.com/containerd/containerd/commit/485020ca8999d2aa6c2165419cca0f104e9e9d5c) fix: loop variable capture issue * Add containerd community call to readme. ([#11046](https://github.com/containerd/containerd/pull/11046)) * [`59a2c3523`](https://github.com/containerd/containerd/commit/59a2c3523cddd05a5f4b14c7860f43ed66b6003d) Add containerd community call to readme. * update to go1.23.4 / go1.22.10 ([#11102](https://github.com/containerd/containerd/pull/11102)) * [`81780a5dd`](https://github.com/containerd/containerd/commit/81780a5dd37106f4bc01fa776b9d069197bed54b) update to go1.23.4 / go1.22.10 * Fix panic due to nil dereference cgroups v2 ([#11069](https://github.com/containerd/containerd/pull/11069)) * [`0903f203f`](https://github.com/containerd/containerd/commit/0903f203fb8a9b696ff2522f068313f5de2fad80) fix panic due to nil dereference cgroups v2 * The task_dir successfully cleans when the file is absent. ([#11043](https://github.com/containerd/containerd/pull/11043)) * [`4a664772e`](https://github.com/containerd/containerd/commit/4a664772efc48e031efc6b3ebd422df0e08ddbec) The task_dir successfully cleans when the file is absent. * docs: fix snapshots api import ([#11073](https://github.com/containerd/containerd/pull/11073)) * [`b78c5c6ed`](https://github.com/containerd/containerd/commit/b78c5c6ed2ad0f0d0a23306a36f0a71a84582f5d) docs: fix snapshots api import * build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 ([#11060](https://github.com/containerd/containerd/pull/11060)) * [`ea9397793`](https://github.com/containerd/containerd/commit/ea9397793f336327551d9024ea89bc9178d00401) build(deps): bump github/codeql-action from 3.27.4 to 3.27.5 * build(deps): bump github.com/containerd/cgroups/v3 from 3.0.3 to 3.0.4 ([#11059](https://github.com/containerd/containerd/pull/11059)) * [`6c16f3490`](https://github.com/containerd/containerd/commit/6c16f3490934aa396b785bd19c0945279a9e728f) build(deps): bump github.com/containerd/cgroups/v3 from 3.0.3 to 3.0.4 * build(deps): bump the k8s group with 5 updates ([#11057](https://github.com/containerd/containerd/pull/11057)) * [`662d64080`](https://github.com/containerd/containerd/commit/662d6408018eb74bba4d0700aeac6ea137c23571) build(deps): bump the k8s group with 5 updates * Update differ to handle zstd media types ([#11062](https://github.com/containerd/containerd/pull/11062)) * [`17f7858b4`](https://github.com/containerd/containerd/commit/17f7858b4e2e31b447410f66d0100b816c1fe6b3) Update differ to handle zstd media types * build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 ([#11058](https://github.com/containerd/containerd/pull/11058)) * [`5c905fb6c`](https://github.com/containerd/containerd/commit/5c905fb6c3c93d2180b878f36af41f516531937f) build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 * Unsorted platform conditionals cleanup ([#11065](https://github.com/containerd/containerd/pull/11065)) * [`e9d560f1e`](https://github.com/containerd/containerd/commit/e9d560f1e8ccd277e19888c95dd4378579d34842) Unsorted platform conditionals cleanup * Publish attestation as release artifact ([#11049](https://github.com/containerd/containerd/pull/11049)) * [`3961dc9c8`](https://github.com/containerd/containerd/commit/3961dc9c8cb0e31925e45a2273bbdc06412be262) Publish attestation as release artifact * Move rockylinux 9.4 to almalinux/9 in CI ([#11050](https://github.com/containerd/containerd/pull/11050)) * [`288001f68`](https://github.com/containerd/containerd/commit/288001f68c5fd34cfbdc7284f14375a3762b8ff4) move rocky 9.4 to almalinux/9 in CI * Clarify release for deprecated registry field removals ([#11045](https://github.com/containerd/containerd/pull/11045)) * [`e24864e48`](https://github.com/containerd/containerd/commit/e24864e48e30e1009a88637d410d6c4df39c3098) Clarify release for deprecated registry field removals * make ListContainerStats handle container that is removed before its sandbox ([#10724](https://github.com/containerd/containerd/pull/10724)) * [`c130d93c1`](https://github.com/containerd/containerd/commit/c130d93c11ec128d38d7560262d2e20b03263151) make ListContainerStats handle container that is removed before its sandbox * Add tests for CNI v2 loopback options ([#10915](https://github.com/containerd/containerd/pull/10915)) * [`34284c507`](https://github.com/containerd/containerd/commit/34284c50752ea636a2474c7254802d54600199ab) Add tests for CNI v2 loopback options * *: should align pipe's owner with init process ([#10906](https://github.com/containerd/containerd/pull/10906)) * [`a21b178f1`](https://github.com/containerd/containerd/commit/a21b178f12b223d48245fac4ad12a0c7b50bf20f) *: should align pipe's owner with init process * fix: set the credentials even if not provided ([#10917](https://github.com/containerd/containerd/pull/10917)) * [`11b1353c1`](https://github.com/containerd/containerd/commit/11b1353c12b9f3a1542ffe44a00a988e330f8c56) fix: set the credentials even if not provided * build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 ([#11024](https://github.com/containerd/containerd/pull/11024)) * [`dd2d89167`](https://github.com/containerd/containerd/commit/dd2d891672305ab756b4b93970ac1342c952ffc8) build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 * Reorganize per-platform defaults ([#11017](https://github.com/containerd/containerd/pull/11017)) * [`f6e30e962`](https://github.com/containerd/containerd/commit/f6e30e9622b79c1e3ef64e22329bbabe6d1789e7) [defaults] Reorganize per-platform defaults * build(deps): bump github.com/containerd/continuity from 0.4.4 to 0.4.5 ([#11025](https://github.com/containerd/containerd/pull/11025)) * [`be2c4504e`](https://github.com/containerd/containerd/commit/be2c4504eefcab5ea3a23caf0630ddeef3a98200) build(deps): bump github.com/containerd/continuity from 0.4.4 to 0.4.5 * Move content events to metadata ([#11013](https://github.com/containerd/containerd/pull/11013)) * [`9e3ab2332`](https://github.com/containerd/containerd/commit/9e3ab2332b8bc4ba3222133d5b174d5f9be26698) Move content events to metadata * build(deps): bump github/codeql-action from 3.27.1 to 3.27.4 ([#11026](https://github.com/containerd/containerd/pull/11026)) * [`f5b2c3a07`](https://github.com/containerd/containerd/commit/f5b2c3a07cd59c28419106d547c169d8d49f0e6f) build(deps): bump github/codeql-action from 3.27.1 to 3.27.4 * Use platform-specific default address ([#11016](https://github.com/containerd/containerd/pull/11016)) * [`9c7a403a2`](https://github.com/containerd/containerd/commit/9c7a403a22d09050eb37f5e578ec613d38d92231) [containerd-stress] Use platform-specific default address * Update install-imgcrypt to allow change install repo ([#11019](https://github.com/containerd/containerd/pull/11019)) * [`f8819df7c`](https://github.com/containerd/containerd/commit/f8819df7c4ee690315d45b57a4fddfcb970fcdd3) Update install-imgcrypt to allow change install repo * update runc binary to 1.2.2 ([#11022](https://github.com/containerd/containerd/pull/11022)) * [`9a7bc5423`](https://github.com/containerd/containerd/commit/9a7bc5423ef5f477705802e45c0b06869764caca) update runc binary to 1.2.2 * Fix runtimeoptions location in v2 migration script ([#11012](https://github.com/containerd/containerd/pull/11012)) * [`2447936fc`](https://github.com/containerd/containerd/commit/2447936fca8dcd92ddb8b3af5ec9038b8117d041) Fix runtimeoptions location in v2 migration * Revert "Disable vagrant strict dependency checking" ([#11004](https://github.com/containerd/containerd/pull/11004)) * [`1b01f396d`](https://github.com/containerd/containerd/commit/1b01f396de92dcf3cb47816047e61abe5cb81e69) Revert "Disable vagrant strict dependency checking" * docs: update schema 1 deprecation information ([#11002](https://github.com/containerd/containerd/pull/11002)) * [`6c1b699bf`](https://github.com/containerd/containerd/commit/6c1b699bf978b858ef32aeca62beddba9e88da08) docs: update schema 1 deprecation information * fsverity_linux.go: Fix fsverity.IsEnabled() for big endian systems ([#10981](https://github.com/containerd/containerd/pull/10981)) * [`91e4e0967`](https://github.com/containerd/containerd/commit/91e4e096758b4eccb28cbf5955e7a42dcdb29c15) fsverity_linux.go: Fix fsverity.IsEnabled() for big endian systems * build(deps): bump lycheeverse/lychee-action from 2.0.2 to 2.1.0 ([#10989](https://github.com/containerd/containerd/pull/10989)) * [`73ae1c66f`](https://github.com/containerd/containerd/commit/73ae1c66ff27695a326a77cb59b49c6dee3e6b2b) build(deps): bump lycheeverse/lychee-action from 2.0.2 to 2.1.0 * build(deps): bump github/codeql-action from 3.27.0 to 3.27.1 ([#10988](https://github.com/containerd/containerd/pull/10988)) * [`4bd33276c`](https://github.com/containerd/containerd/commit/4bd33276c3402f41b5b4618a118772e5a2fb7f41) build(deps): bump github/codeql-action from 3.27.0 to 3.27.1 * build(deps): bump the golang-x group with 3 updates ([#10990](https://github.com/containerd/containerd/pull/10990)) * [`cebca6f87`](https://github.com/containerd/containerd/commit/cebca6f874fdec53070fae3f45806849180d6235) build(deps): bump the golang-x group with 3 updates * build(deps): bump github.com/containerd/typeurl/v2 from 2.2.2 to 2.2.3 ([#10992](https://github.com/containerd/containerd/pull/10992)) * [`01c489141`](https://github.com/containerd/containerd/commit/01c489141c37e27b71370ab26ab28347b17f4284) build(deps): bump github.com/containerd/typeurl/v2 from 2.2.2 to 2.2.3 * build(deps): bump actions/attest-build-provenance from 1.4.3 to 1.4.4 ([#10987](https://github.com/containerd/containerd/pull/10987)) * [`d32ed4a56`](https://github.com/containerd/containerd/commit/d32ed4a560f240b9a05c8a25cec54456da5d99b9) build(deps): bump actions/attest-build-provenance from 1.4.3 to 1.4.4 * build(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0 ([#10986](https://github.com/containerd/containerd/pull/10986)) * [`d810c5759`](https://github.com/containerd/containerd/commit/d810c5759fd5f864d7794a6ff4ef13887110ebe9) build(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0 * fsverity_test.go: fix nil pointer derefence, fix test fail, fix minor/major device numbers resolving ([#10972](https://github.com/containerd/containerd/pull/10972)) * [`f9537ae12`](https://github.com/containerd/containerd/commit/f9537ae126fc2be685cc32d5c98b4189a72e02e9) fsverity_test.go: fix major/minor device number resolving * [`8a8e50e6d`](https://github.com/containerd/containerd/commit/8a8e50e6d7baf99ebe02e6ca04d9d842addcd36c) fsverity_test.go: fix nil pointer dereference, fix test fail * update to go1.23.3 / go1.22.9 ([#10970](https://github.com/containerd/containerd/pull/10970)) * [`bcc3cc968`](https://github.com/containerd/containerd/commit/bcc3cc968abd5e13084afa1e8dba6afc0d41a2fa) update to go1.23.3 / go1.22.9 * Avoid arch info in the sed/replace when building cri-cni-containerd.tar.gz ([#10964](https://github.com/containerd/containerd/pull/10964)) * [`784116b7d`](https://github.com/containerd/containerd/commit/784116b7d5e67804f26f3c3e060243b0c737ea7c) Avoid arch info in the sed/replace when building cri-cni-containerd.tar.gz * Expose Pod assigned IPs to NRI plugins ([#10921](https://github.com/containerd/containerd/pull/10921)) * [`bc056a5c6`](https://github.com/containerd/containerd/commit/bc056a5c60a8add5fb98c59d9e88f9b89025f658) nri: report pod ips to the nri plugins * [`a256f326c`](https://github.com/containerd/containerd/commit/a256f326cabd29b4a78334ac981409f005ea9c3f) bump nri version to get PodIPs * build(deps): bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 ([#10948](https://github.com/containerd/containerd/pull/10948)) * [`a17001b42`](https://github.com/containerd/containerd/commit/a17001b42694baa746a22217f6ca7857a096b681) build(deps): bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 </p> </details> ### Changes from containerd/continuity <details><summary>17 commits</summary> <p> * fs: fix Ctime returning Mtime ([containerd/continuity#261](https://github.com/containerd/continuity/pull/261)) * [`f4f4fb5`](https://github.com/containerd/continuity/commit/f4f4fb5bbdd8321481b8aeedec5cc4412d5001b5) fs: fix Ctime returning Mtime * fs: implement Atime, Ctime, Mtime for bsd and darwin ([containerd/continuity#262](https://github.com/containerd/continuity/pull/262)) * [`dbe44eb`](https://github.com/containerd/continuity/commit/dbe44ebd46e9e2497b4b37e0c387f03f7e048f6b) fs: implement Atime, Ctime, Mtime for bsd and darwin * Makefile: make "lint" target also lint cmd/continuity module and fix linting issues ([containerd/continuity#255](https://github.com/containerd/continuity/pull/255)) * [`4c00ab7`](https://github.com/containerd/continuity/commit/4c00ab7567238214d4dd9b9797435774836e3381) Makefile: make "lint" target also lint cmd/continuity module * [`cadd3a2`](https://github.com/containerd/continuity/commit/cadd3a2d76962f90047608655e607861862e329e) cmd/continuity/continuityfs: SA1019: fuse.ENOENT is deprecated * [`38fcdae`](https://github.com/containerd/continuity/commit/38fcdae95788e9c47bdacd674f06164bab91de1b) cmd/continuity: fix SA1019: entry.User/entry.Group is deprecated * assorted linting fixes and minor cleanups ([containerd/continuity#259](https://github.com/containerd/continuity/pull/259)) * [`38f66a6`](https://github.com/containerd/continuity/commit/38f66a6d37247c12e5aac5b5ceac4ccb16a1c76e) TestWalkFS: fix unhandled error * [`94c0490`](https://github.com/containerd/continuity/commit/94c04905cf9ed5b65bbe2eac4f3f858769cb9f5a) rename variables that shadowed package-level type * [`2200bb4`](https://github.com/containerd/continuity/commit/2200bb480f47137ea31eada2d9b0dcfc2474222b) don't use "ctx" for continuity.Context arguments * [`583d7ed`](https://github.com/containerd/continuity/commit/583d7ed1582f6b45643c7e11d2b93f6a68b7c623) commands/mount_unsupported: drop nil-assignment (revive) * [`5158c3f`](https://github.com/containerd/continuity/commit/5158c3f19836c8dd55dfc1ef84cb8656fca29f9f) golangci-lint: sort linters * [`a8c7143`](https://github.com/containerd/continuity/commit/a8c714358ce4cf76db246f88b9495a2b903b2c38) golangci-lint: don't use deprecated name for "govet" linter * cmd/continuity: switch to google.golang.org/protobuf/proto ([containerd/continuity#260](https://github.com/containerd/continuity/pull/260)) * [`fd64705`](https://github.com/containerd/continuity/commit/fd6470559ebe380f21b1af08a8869bee7e3435c2) cmd/continuity: switch to google.golang.org/protobuf/proto </p> </details> ### Changes from containerd/go-cni <details><summary>9 commits</summary> <p> * Fix recursive RLock() mutex acquisition ([containerd/go-cni#126](https://github.com/containerd/go-cni/pull/126)) * [`75a2440`](https://github.com/containerd/go-cni/commit/75a24409e8193fc64b0e9ed777ff884c338a21ca) fix: recursive RLock() mutex acquision * Support CNI STATUS Verb ([containerd/go-cni#123](https://github.com/containerd/go-cni/pull/123)) * [`208eca9`](https://github.com/containerd/go-cni/commit/208eca91c33bb793f471831a0abaf6cebe9676a4) support CNI status verb * Bump github actions dependencies to match containerd CI repo and fix lint ([containerd/go-cni#122](https://github.com/containerd/go-cni/pull/122)) * [`386f475`](https://github.com/containerd/go-cni/commit/386f4757e63914b2589b8abe6098bfa23f83fa8b) Fix ci.yml indent * [`a9b0675`](https://github.com/containerd/go-cni/commit/a9b0675fc9b8b5ce52d84f91a4fc049501853862) Another doc commit to trigger lint? * [`14af454`](https://github.com/containerd/go-cni/commit/14af4542b76fa694f2e1853b35554f23c6829f5d) Bump github actions dependency versions * [`9e0d096`](https://github.com/containerd/go-cni/commit/9e0d096d58145757809ddce8b8650efc07e19916) Trivial doc commit to trigger lint </p> </details> ### Changes from containerd/otelttrpc <details><summary>6 commits</summary> <p> * Add dependabot and upgrade golang and dependency versions ([containerd/otelttrpc#3](https://github.com/containerd/otelttrpc/pull/3)) * [`2d46141`](https://github.com/containerd/otelttrpc/commit/2d46141c9f9842bc8e2563ae884b963e34ea175f) upgrade golang, deps, CI versions * [`64922e7`](https://github.com/containerd/otelttrpc/commit/64922e78c69b7bdecf065f039a5ead4d64e567e0) Add dependabot CI * Fix concurrent map panic on metadata ([containerd/otelttrpc#2](https://github.com/containerd/otelttrpc/pull/2)) * [`2ba3be1`](https://github.com/containerd/otelttrpc/commit/2ba3be1e39398b8d2544f5ea962edc1e2f906d32) Fix concurrent map panic on inject metadata * [`f50a922`](https://github.com/containerd/otelttrpc/commit/f50a9220fc748442b274390c45773191367262ec) UT for concurrent inject/extract metadata </p> </details> ### Changes from containerd/platforms <details><summary>6 commits</summary> <p> * Move windows matcher logic so all platforms can use ([containerd/platforms#22](https://github.com/containerd/platforms/pull/22)) * [`7c58292`](https://github.com/containerd/platforms/commit/7c5829273cd83c987784fd7ef5487485e0d2fee0) Move windows matcher logic so all platforms can use * replace testify with stdlib in tests ([containerd/platforms#21](https://github.com/containerd/platforms/pull/21)) * [`86a86b7`](https://github.com/containerd/platforms/commit/86a86b73a6e01f92aecad823e0f516f6198f3e2c) replace testify with stdlib in tests * Replace arm64 minor variant logic with lookup table ([containerd/platforms#18](https://github.com/containerd/platforms/pull/18)) * [`364665a`](https://github.com/containerd/platforms/commit/364665a87c183d5b5eb45fc0e9b86e99013a621a) Replace arm64 minor variant logic with lookup table </p> </details> ### Changes from containerd/ttrpc <details><summary>5 commits</summary> <p> * Add MD.Clone function ([containerd/ttrpc#177](https://github.com/containerd/ttrpc/pull/177)) * [`430f734`](https://github.com/containerd/ttrpc/commit/430f7347915993a5543bfb00858ac337274528ba) Add MD.Clone * Fix race between serve and immediate shutdown on the server ([containerd/ttrpc#175](https://github.com/containerd/ttrpc/pull/175)) * [`c4d96d5`](https://github.com/containerd/ttrpc/commit/c4d96d55ad9c4f4cf6036c70a5b18ba80655d648) server: fix Serve() vs. immediate Shutdown() race. * [`ed6c3ba`](https://github.com/containerd/ttrpc/commit/ed6c3ba082bdbc82284c198d93ca5f07ad9900dd) server_test: add Serve()/Shutdown() race test. </p> </details> ### Dependency Changes * **github.com/Microsoft/hcsshim** v0.12.9 -> v0.13.0-rc.3 * **github.com/cilium/ebpf** v0.11.0 -> v0.16.0 * **github.com/containerd/cgroups/v3** v3.0.3 -> v3.0.5 * **github.com/containerd/continuity** v0.4.4 -> v0.4.5 * **github.com/containerd/go-cni** v1.1.10 -> v1.1.12 * **github.com/containerd/imgcrypt/v2** v2.0.0-rc.1 -> v2.0.0 * **github.com/containerd/otelttrpc** ea5083fda723 -> v0.1.0 * **github.com/containerd/platforms** v1.0.0-rc.0 -> v1.0.0-rc.1 * **github.com/containerd/ttrpc** v1.2.6 -> v1.2.7 * **github.com/containerd/typeurl/v2** v2.2.2 -> v2.2.3 * **github.com/containers/ocicrypt** v1.2.0 -> v1.2.1 * **github.com/davecgh/go-spew** d8f796af33cc -> v1.1.1 * **github.com/fsnotify/fsnotify** v1.7.0 -> v1.8.0 * **github.com/go-jose/go-jose/v4** v4.0.4 -> v4.0.5 * **github.com/google/go-cmp** v0.6.0 -> v0.7.0 * **github.com/grpc-ecosystem/grpc-gateway/v2** v2.22.0 -> v2.26.1 * **github.com/klauspost/compress** v1.17.11 -> v1.18.0 * **github.com/moby/spdystream** v0.4.0 -> v0.5.0 * **github.com/opencontainers/image-spec** v1.1.0 -> v1.1.1 * **github.com/opencontainers/runtime-spec** v1.2.0 -> v1.2.1 * **github.com/petermattis/goid** 4fcff4a6cae7 **_new_** * **github.com/pmezard/go-difflib** 5d4384ee4fb2 -> v1.0.0 * **github.com/prometheus/client_golang** v1.20.5 -> v1.21.1 * **github.com/prometheus/common** v0.55.0 -> v0.62.0 * **github.com/sasha-s/go-deadlock** v0.3.5 **_new_** * **github.com/smallstep/pkcs7** v0.1.1 **_new_** * **github.com/stretchr/testify** v1.9.0 -> v1.10.0 * **github.com/tchap/go-patricia/v2** v2.3.1 -> v2.3.2 * **github.com/urfave/cli/v2** v2.27.5 -> v2.27.6 * **github.com/vishvananda/netns** v0.0.4 -> v0.0.5 * **go.etcd.io/bbolt** v1.3.11 -> v1.4.0 * **go.opentelemetry.io/auto/sdk** v1.1.0 **_new_** * **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.56.0 -> v0.60.0 * **go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp** v0.56.0 -> v0.60.0 * **go.opentelemetry.io/otel** v1.31.0 -> v1.35.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.31.0 -> v1.35.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.31.0 -> v1.35.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.31.0 -> v1.35.0 * **go.opentelemetry.io/otel/metric** v1.31.0 -> v1.35.0 * **go.opentelemetry.io/otel/sdk** v1.31.0 -> v1.35.0 * **go.opentelemetry.io/otel/trace** v1.31.0 -> v1.35.0 * **go.opentelemetry.io/proto/otlp** v1.3.1 -> v1.5.0 * **golang.org/x/crypto** v0.28.0 -> v0.36.0 * **golang.org/x/exp** aacd6d4b4611 -> 2d47ceb2692f * **golang.org/x/mod** v0.21.0 -> v0.24.0 * **golang.org/x/net** v0.30.0 -> v0.35.0 * **golang.org/x/oauth2** v0.22.0 -> v0.27.0 * **golang.org/x/sync** v0.8.0 -> v0.12.0 * **golang.org/x/sys** v0.26.0 -> v0.31.0 * **golang.org/x/term** v0.25.0 -> v0.30.0 * **golang.org/x/text** v0.19.0 -> v0.23.0 * **golang.org/x/time** v0.3.0 -> v0.7.0 * **google.golang.org/genproto/googleapis/api** 5fefd90f89a9 -> 56aae31c358a * **google.golang.org/genproto/googleapis/rpc** 324edc3d5d38 -> 56aae31c358a * **google.golang.org/grpc** v1.67.1 -> v1.71.0 * **google.golang.org/protobuf** v1.35.1 -> v1.36.5 * **k8s.io/api** v0.31.2 -> v0.32.2 * **k8s.io/apimachinery** v0.31.2 -> v0.32.2 * **k8s.io/apiserver** v0.31.2 -> v0.32.2 * **k8s.io/client-go** v0.31.2 -> v0.32.2 * **k8s.io/component-base** v0.31.2 -> v0.32.2 * **k8s.io/cri-api** v0.31.2 -> v0.32.2 * **k8s.io/kubelet** v0.31.2 -> v0.32.2 * **k8s.io/utils** 18e509b52bc8 -> 3ea5e8cea738 * **sigs.k8s.io/json** bc3834ca7abd -> 9aa6b5e7a4b3 * **sigs.k8s.io/structured-merge-diff/v4** v4.4.1 -> v4.4.2 * **tags.cncf.io/container-device-interface** v0.8.0 -> v0.8.1 Previous release can be found at [v2.0.0](https://github.com/containerd/containerd/releases/tag/v2.0.0) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation. -
v2.0.41a43cb6a · ·
containerd 2.0.4 Welcome to the v2.0.4 release of containerd! The fourth patch release for containerd 2.0 includes various bug fixes and updates. ### Highlights * Fix integer overflow in User ID handling ([GHSA-265r-hfxg-fhmg](https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg)) * Respect `client.WithTimeout` option on connect ([#11536](https://github.com/containerd/containerd/pull/11536)) * Update image type checks to avoid unnecessary logs for attestations ([#11537](https://github.com/containerd/containerd/pull/11537)) #### Node Resource Interface (NRI) * Fix incorrect runtime name being passed to NRI ([#11529](https://github.com/containerd/containerd/pull/11529)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Akihiro Suda * Paweł Gronowski * Akhil Mohan * Phil Estes * Samuel Karp * Craig Ingram * ningmingxiao ### Changes <details><summary>19 commits</summary> <p> * [`1a43cb6a1`](https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20) Merge commit from fork * [`07a0b5419`](https://github.com/containerd/containerd/commit/07a0b5419c408e70ed90179ea3e5825d986f80af) (cherry picked from commit de1341c201ffb0effebbf51d00376181968c8779) * Prepare release notes for v2.0.4 ([#11541](https://github.com/containerd/containerd/pull/11541)) * [`06a886a8e`](https://github.com/containerd/containerd/commit/06a886a8e49a02bc15895c093e0519db27415548) Prepare release notes for v2.0.4 * Respect `client.WithTimeout` option on connect ([#11536](https://github.com/containerd/containerd/pull/11536)) * [`6b5efba83`](https://github.com/containerd/containerd/commit/6b5efba83b2aa68b522ebfe73d3fed8e18a59429) client: Respect `client.WithTimeout` option * Update image type checks to avoid unnecessary logs for attestations ([#11537](https://github.com/containerd/containerd/pull/11537)) * [`916d48722`](https://github.com/containerd/containerd/commit/916d4872262eed04fb6626183c2306320d14e965) core/remotes: Handle attestations in MakeRefKey * [`df4d905a6`](https://github.com/containerd/containerd/commit/df4d905a6f0d9e74a0aff2514030c343d56ba86d) core/images: Ignore attestations when traversing children * Fix incorrect runtime name being passed to NRI ([#11529](https://github.com/containerd/containerd/pull/11529)) * [`4f037050c`](https://github.com/containerd/containerd/commit/4f037050ce83224d79e8b65e270222abb9ce6ab0) add name in package version * update build to go1.23.7, test go1.24.1 ([#11514](https://github.com/containerd/containerd/pull/11514)) * [`e5ad0d0a0`](https://github.com/containerd/containerd/commit/e5ad0d0a0e212bc8cd5b8b7169f6b10873e2e6fe) update build to go1.23.7, test go1.24.1 * docs: include note about unprivileged sysctls ([#11506](https://github.com/containerd/containerd/pull/11506)) * [`a39f1146b`](https://github.com/containerd/containerd/commit/a39f1146b065a0ef054933f912ede0476586fa83) docs: include note about unprivileged sysctls * e2e: use the shim bundled with containerd artifact ([#11503](https://github.com/containerd/containerd/pull/11503)) * [`81b3384a0`](https://github.com/containerd/containerd/commit/81b3384a0d6c0f58d36884bbd24bf9f7a965b008) e2e: use the shim bundled with containerd artifact * build(deps): bump containerd/project-checks from 1.1.0 to 1.2.1 ([#11497](https://github.com/containerd/containerd/pull/11497)) * [`7215a7d2c`](https://github.com/containerd/containerd/commit/7215a7d2caa73cd8ca2de50435fa3a5f1df36d75) build(deps): bump containerd/project-checks from 1.1.0 to 1.2.1 </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v2.0.3](https://github.com/containerd/containerd/releases/tag/v2.0.3) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
-
v1.7.2705044ec0 · ·
containerd 1.7.27 Welcome to the v1.7.27 release of containerd! The twenty-seventh patch release for containerd 1.7 contains various fixes and updates. ### Highlights * Fix integer overflow in User ID handling ([GHSA-265r-hfxg-fhmg](https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg)) * Update image type checks to avoid unnecessary logs for attestations ([#11538](https://github.com/containerd/containerd/pull/11538)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Jin Dong * Akhil Mohan * Derek McGowan * Maksym Pavlenko * Paweł Gronowski * Phil Estes * Akihiro Suda * Craig Ingram * Krisztian Litkey * Samuel Karp ### Changes <details><summary>20 commits</summary> <p> * [`05044ec0a`](https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da) Merge commit from fork * [`11504c3fc`](https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82) validate uid/gid * Prepare release notes for v1.7.27 ([#11540](https://github.com/containerd/containerd/pull/11540)) * [`1be04be6c`](https://github.com/containerd/containerd/commit/1be04be6c307a7f67423574ca1b9744e57377753) Prepare release notes for v1.7.27 * Update image type checks to avoid unnecessary logs for attestations ([#11538](https://github.com/containerd/containerd/pull/11538)) * [`82b5c43fe`](https://github.com/containerd/containerd/commit/82b5c43fed40d1f32e88215a3f0acbaf8cd9af10) core/remotes: Handle attestations in MakeRefKey * [`2c670e79b`](https://github.com/containerd/containerd/commit/2c670e79bf19bc7716c8b9f1f82c700ad8233af3) core/images: Ignore attestations when traversing children * update build to go1.23.7, test go1.24.1 ([#11515](https://github.com/containerd/containerd/pull/11515)) * [`a39863c9f`](https://github.com/containerd/containerd/commit/a39863c9fd52abb50895a4b6f653cf501a2e3388) update build to go1.23.7, test go1.24.1 * Remove hashicorp/go-multierror dependency and fix CI ([#11499](https://github.com/containerd/containerd/pull/11499)) * [`49537b3a7`](https://github.com/containerd/containerd/commit/49537b3a75bdcd982e7e26855779b346bb363a54) e2e: use the shim bundled with containerd artifact * [`fe490b76f`](https://github.com/containerd/containerd/commit/fe490b76fd78cc1461f20aab89951be5f88fc454) Bump up github.com/intel/goresctrl to 0.5.0 * [`13fc9d313`](https://github.com/containerd/containerd/commit/13fc9d3132fc4c77f6533551049d2d865d4e4b45) update containerd/project-checks to 1.2.1 * [`585699c94`](https://github.com/containerd/containerd/commit/585699c94f68649a89b0af46d675d6e998d67ccd) Remove unnecessary joinError unwrap * [`4b9df59be`](https://github.com/containerd/containerd/commit/4b9df59be202a011c4f65604bbeab75eeb85ab46) Remove hashicorp/go-multierror * go.{mod,sum}: bump CDI deps to v0.8.1. ([#11422](https://github.com/containerd/containerd/pull/11422)) * [`5ba28f8dc`](https://github.com/containerd/containerd/commit/5ba28f8dc1d007059ed3eb1a7b55025e72abd525) go.{mod,sum}: bump CDI deps to v0.8.1, re-vendor. * CI: arm64-8core-32gb -> ubuntu-24.04-arm ([#11437](https://github.com/containerd/containerd/pull/11437)) * [`85f10bd92`](https://github.com/containerd/containerd/commit/85f10bd9221f35ef1c2b8ec2d67520f461aa51a0) CI: arm64-8core-32gb -> ubuntu-24.04-arm * [`561ed520e`](https://github.com/containerd/containerd/commit/561ed520eaef2974aa8008b7a18a0944e6f90872) increase xfs base image size to 300Mb </p> </details> ### Dependency Changes * **github.com/intel/goresctrl** v0.3.0 -> v0.5.0 * **github.com/prometheus/client_golang** v1.14.0 -> v1.16.0 * **github.com/prometheus/common** v0.37.0 -> v0.42.0 * **github.com/prometheus/procfs** v0.8.0 -> v0.10.1 * **k8s.io/apimachinery** v0.26.2 -> v0.27.4 * **sigs.k8s.io/json** f223a00ba0e2 -> bc3834ca7abd * **tags.cncf.io/container-device-interface** v0.7.2 -> v0.8.1 * **tags.cncf.io/container-device-interface/specs-go** v0.7.0 -> v0.8.0 Previous release can be found at [v1.7.26](https://github.com/containerd/containerd/releases/tag/v1.7.26) -
v1.6.38cf158e88 · ·
containerd 1.6.38 Welcome to the v1.6.38 release of containerd! The thirty-eighth patch release for containerd 1.6 contains various fixes and updates. ### Highlights * Fix integer overflow in User ID handling ([GHSA-265r-hfxg-fhmg](https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg)) #### Container Runtime Interface (CRI) * Fix fatal map concurrency error in httpstream ([#11319](https://github.com/containerd/containerd/pull/11319)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Jin Dong * Akhil Mohan * Derek McGowan * Phil Estes * Akihiro Suda * Craig Ingram * Kohei Tokunaga * Maksym Pavlenko * Samuel Karp * ningmingxiao ### Changes <details><summary>19 commits</summary> <p> * [`cf158e884`](https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a) Merge commit from fork * [`9639b9625`](https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f) validate uid/gid * Prepare release notes for v1.6.38 ([#11539](https://github.com/containerd/containerd/pull/11539)) * [`eee34bac2`](https://github.com/containerd/containerd/commit/eee34bac2c401b3e4381594e99f6220bf8258c9c) Prepare release notes for v1.6.38 * update build to go1.23.7, test go1.24.1 ([#11421](https://github.com/containerd/containerd/pull/11421)) * [`b67a35baf`](https://github.com/containerd/containerd/commit/b67a35baf0a97c87033f1a6c9bdf97630fe4e9e8) move exclude-dirs to issues.exclude-dirs * [`2104a41ef`](https://github.com/containerd/containerd/commit/2104a41efece4a12a34e03f00d780e905b95b5a5) update golangci-lint to 1.60.1 * [`820e81adc`](https://github.com/containerd/containerd/commit/820e81adccbf3819d282a6597db98bd4df49c12c) update build to go1.23.7, test go1.24.1 * Remove hashicorp/go-multierror dependency and fix CI ([#11500](https://github.com/containerd/containerd/pull/11500)) * [`7cc3b3dce`](https://github.com/containerd/containerd/commit/7cc3b3dcec509f1ce2e5d52887520baa48201c54) e2e: use the shim bundled with containerd artifact * [`0733895f3`](https://github.com/containerd/containerd/commit/0733895f3de3df51fe4e14563ee94a98df1be8dd) Remove unnecessary joinError unwrap * [`054c4cc79`](https://github.com/containerd/containerd/commit/054c4cc79c929eecfb9724fd1c3e9f13a4cd5701) Remove hashicorp/go-multierror * [`ff21be0ee`](https://github.com/containerd/containerd/commit/ff21be0ee8b274c05a542a096c1042ef63857f09) Update go to 1.20 to use its multi error support * [`f63b5fd3f`](https://github.com/containerd/containerd/commit/f63b5fd3f9b4b809d94d4a3053c4d76a7753072c) update containerd/project-checks to 1.2.1 * Fix fatal map concurrency error in httpstream ([#11319](https://github.com/containerd/containerd/pull/11319)) * [`abd1692cf`](https://github.com/containerd/containerd/commit/abd1692cf27bcff4590207bdd8a827b06657c446) fix fatal error: concurrent map iteration and map write * CI: arm64-8core-32gb -> ubuntu-24.04-arm ([#11438](https://github.com/containerd/containerd/pull/11438)) * [`f5ab73c0a`](https://github.com/containerd/containerd/commit/f5ab73c0a776ad2462198725b8d522e820dc690a) CI: arm64-8core-32gb -> ubuntu-24.04-arm * [`2cc6b5b0a`](https://github.com/containerd/containerd/commit/2cc6b5b0af07563d2c6a0b183a32e342b7ce86d2) increase xfs base image size to 300Mb </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.6.37](https://github.com/containerd/containerd/releases/tag/v1.6.37)
-
v2.0.306b99ca8 · ·
containerd 2.0.3 Welcome to the v2.0.3 release of containerd! The third patch release for containerd 2.0 includes various bug fixes and updates. ### Highlights * Update remote content to break up writes to avoid grpc message size limits ([#11457](https://github.com/containerd/containerd/pull/11457)) * Update runc binary to v1.2.5 ([#11394](https://github.com/containerd/containerd/pull/11394)) #### Container Runtime Interface (CRI) * Fix privileged container sysfs can't be rw because pod is ro by default ([#11456](https://github.com/containerd/containerd/pull/11456)) * Fix recursive RLock() mutex acquisition ([containerd/go-cni#126](https://github.com/containerd/go-cni/pull/126)) #### Node Resource Interface (NRI) * Fix initial sync race when registering NRI plugins ([#11329](https://github.com/containerd/containerd/pull/11329)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Akihiro Suda * Mike Brown * Phil Estes * Akhil Mohan * Chifeng Cai * Krisztian Litkey * Wei Fu * Andrey Smirnov * Austin Vazquez * Chris Henzie * Jing Xu * Jonathan A. Sternberg * Jose Fernandez * Kirtana Ashok * Lei Liu * Maksym Pavlenko * Michael Zappa * Samuel Karp * fengwei0328 * zounengren ### Changes <details><summary>42 commits</summary> <p> * Prepare release notes for v2.0.3 ([#11443](https://github.com/containerd/containerd/pull/11443)) * [`b8dde9189`](https://github.com/containerd/containerd/commit/b8dde9189df2e62b1650fb699ea8e8f612cdfb66) Prepare release notes for v2.0.3 * Update remote content to break up writes to avoid grpc message size limits ([#11457](https://github.com/containerd/containerd/pull/11457)) * [`eaa7ca80d`](https://github.com/containerd/containerd/commit/eaa7ca80dcc1ea3e3dffe1382d96d77377720c30) proxy: break up writes from the remote writer to avoid grpc limits * Fix privileged container sysfs can't be rw because pod is ro by default ([#11456](https://github.com/containerd/containerd/pull/11456)) * [`c7f64196f`](https://github.com/containerd/containerd/commit/c7f64196fcbc792fd9383eb9aa8d43be0f9fa748) Fix privileged container sysfs can't be rw because pod is ro by default * go.{mod,sum}: bump CDI deps to v.0.8.1. ([#11430](https://github.com/containerd/containerd/pull/11430)) * [`92ae2951f`](https://github.com/containerd/containerd/commit/92ae2951ffd92e39a38aba2ab48b31a6cb49138e) Update CDI dependency to v0.8.1. * Prefer runtime options for PluginInfo request ([#11446](https://github.com/containerd/containerd/pull/11446)) * [`569af34cb`](https://github.com/containerd/containerd/commit/569af34cbb761f0507546457ffe376f4454c87ea) Prefer runtime options for PluginInfo request * pkg: prevent oom watcher from depending on shim pkg ([#11439](https://github.com/containerd/containerd/pull/11439)) * [`0ce93e16a`](https://github.com/containerd/containerd/commit/0ce93e16a9fd91c03a67150a6098d09f5258c300) prevent oom watcher depend on shim pkg. * CI: arm64-8core-32gb -> ubuntu-24.04-arm ([#11436](https://github.com/containerd/containerd/pull/11436)) * [`f3284aa68`](https://github.com/containerd/containerd/commit/f3284aa68f864f2303b42546b14f7af15eccd063) CI: arm64-8core-32gb -> ubuntu-24.04-arm * Revert "Add timestamp to PodSandboxStatusResponse for kubernetes Evented PLEG" ([#11403](https://github.com/containerd/containerd/pull/11403)) * [`b5313993c`](https://github.com/containerd/containerd/commit/b5313993c16f8ae9d4a053162a75bacced36e246) Revert "Add timestamp to PodSandboxStatusResponse for kubernetes Evented PLEG" * move the device after the options when using mkfs.ext4 ([#11411](https://github.com/containerd/containerd/pull/11411)) * [`f95a426b8`](https://github.com/containerd/containerd/commit/f95a426b83ec716feaab0a436d5e2280dc4e9d99) move the device after the options when using mkfs.ext4 * update build to go1.23.6, test go1.24.0 ([#11410](https://github.com/containerd/containerd/pull/11410)) * [`4d19a6adf`](https://github.com/containerd/containerd/commit/4d19a6adfec9440d0806a1cc4633deaef3e5d53c) update build to go1.23.6, test go1.24.0 * build(deps): bump actions/cache from 4.1.2 to 4.2.0 ([#11405](https://github.com/containerd/containerd/pull/11405)) * [`c738c3aab`](https://github.com/containerd/containerd/commit/c738c3aabc350ae67c5200de4c504c5038834e91) build(deps): bump actions/cache from 4.1.2 to 4.2.0 * Upgrade x/net to 0.33.0 to fix vulnerability GHSA-w32m-9786-jp63 ([#11387](https://github.com/containerd/containerd/pull/11387)) * [`fcf64305c`](https://github.com/containerd/containerd/commit/fcf64305cef019c8bf135d7373e2b658e02019b3) Update vendor files to fix build failure * [`d3437eb29`](https://github.com/containerd/containerd/commit/d3437eb2918f6e266e97c5ee08737926519dc40d) Upgrade x/net to 0.33.0 * Update install-imgcrypt to allow change install repo ([#11357](https://github.com/containerd/containerd/pull/11357)) * [`0785bd8cc`](https://github.com/containerd/containerd/commit/0785bd8cc6405b346a81025c983365825910e77f) Update install-imgcrypt to allow change install repo * Update runc binary to v1.2.5 ([#11394](https://github.com/containerd/containerd/pull/11394)) * [`697c59c63`](https://github.com/containerd/containerd/commit/697c59c63568a8d722e958e68ef52bbb25160b63) Update runc binary to v1.2.5 * Update go-cni version to fix Race Condition issue ([#11269](https://github.com/containerd/containerd/pull/11269)) * [`06891f899`](https://github.com/containerd/containerd/commit/06891f899d25de9dd1cb5e5443ec099e17a57e00) fix go-cni race condition * Fix initial sync race when registering NRI plugins ([#11329](https://github.com/containerd/containerd/pull/11329)) * [`79cdbf61b`](https://github.com/containerd/containerd/commit/79cdbf61b6f7e4be2feb1bb2d631bdb1b9c5cd7f) cri,nri: block NRI plugin sync. during event processing. * Update github.com/containerd/imgcrypt to v2.0.0 ([#11325](https://github.com/containerd/containerd/pull/11325)) * [`9d5cfce83`](https://github.com/containerd/containerd/commit/9d5cfce833cf7dc98319390ce002bd4f6a20d423) Update github.com/containerd/imgcrypt to v2.0.0 * Move CDI device spec out of the OCI package ([#11265](https://github.com/containerd/containerd/pull/11265)) * [`f58939c33`](https://github.com/containerd/containerd/commit/f58939c33d5777c3c813927831bc260cd94baf57) Remove deprecated WithCDIDevices in oci spec opts * [`3d53430fe`](https://github.com/containerd/containerd/commit/3d53430fe14eb76849a6c997d60b21a9f95c19ed) Move CDI device spec out of the OCI package * update to go1.23.5 / go1.22.11 ([#11297](https://github.com/containerd/containerd/pull/11297)) * [`1f4e5688e`](https://github.com/containerd/containerd/commit/1f4e5688efd71cb9db26158ed697d27ba26dd6b3) update to go1.23.5 / go1.22.11 * build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 ([#11263](https://github.com/containerd/containerd/pull/11263)) * [`3a6ab80d0`](https://github.com/containerd/containerd/commit/3a6ab80d0176e205bd9f6a958450f9dce4415091) build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 </p> </details> ### Changes from containerd/go-cni <details><summary>2 commits</summary> <p> * Fix recursive RLock() mutex acquisition ([containerd/go-cni#126](https://github.com/containerd/go-cni/pull/126)) * [`75a2440`](https://github.com/containerd/go-cni/commit/75a24409e8193fc64b0e9ed777ff884c338a21ca) fix: recursive RLock() mutex acquision </p> </details> ### Dependency Changes * **github.com/containerd/go-cni** v1.1.11 -> v1.1.12 * **github.com/containerd/imgcrypt/v2** v2.0.0-rc.1 -> v2.0.0 * **github.com/containers/ocicrypt** v1.2.0 -> v1.2.1 * **github.com/petermattis/goid** 4fcff4a6cae7 **_new_** * **github.com/sasha-s/go-deadlock** v0.3.5 **_new_** * **github.com/smallstep/pkcs7** v0.1.1 **_new_** * **golang.org/x/crypto** v0.28.0 -> v0.31.0 * **golang.org/x/net** v0.30.0 -> v0.33.0 * **golang.org/x/oauth2** v0.22.0 -> v0.23.0 * **golang.org/x/sync** v0.8.0 -> v0.10.0 * **golang.org/x/sys** v0.26.0 -> v0.28.0 * **golang.org/x/term** v0.25.0 -> v0.27.0 * **golang.org/x/text** v0.19.0 -> v0.21.0 * **google.golang.org/grpc** v1.67.1 -> v1.68.1 * **google.golang.org/protobuf** v1.35.1 -> v1.35.2 * **tags.cncf.io/container-device-interface** v0.8.0 -> v0.8.1 Previous release can be found at [v2.0.2](https://github.com/containerd/containerd/releases/tag/v2.0.2) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation. -
v1.7.26753481ec · ·
containerd 1.7.26 Welcome to the v1.7.26 release of containerd! The twenty-sixth patch release for containerd 1.7 contains various fixes and updates. ### Highlights * Add support for syncfs after unpack ([#11267](https://github.com/containerd/containerd/pull/11267)) * Update runc binary to v1.2.5 ([#11395](https://github.com/containerd/containerd/pull/11395)) * Fix race between serve and immediate shutdown on the server ([containerd/ttrpc#175](https://github.com/containerd/ttrpc/pull/175)) * Reject oversized messages from the sender ([containerd/ttrpc#171](https://github.com/containerd/ttrpc/pull/171)) #### Container Runtime Interface (CRI) * Fix fatal concurrency error in port forwarding ([#11306](https://github.com/containerd/containerd/pull/11306)) #### Node Resource Interface (NRI) * Fix initial sync race when registering NRI plugins ([#11326](https://github.com/containerd/containerd/pull/11326)) * Add API support for reading Pod IPs ([containerd/nri#119](https://github.com/containerd/nri/pull/119)) * Fix plugin sync to use multiple messages if ttrpc max message limit is hit ([containerd/nri#111](https://github.com/containerd/nri/pull/111)) * Update API to pass configured timeouts to plugins. ([containerd/nri#109](https://github.com/containerd/nri/pull/109)) * Fix mount removal in adjustments ([containerd/nri#107](https://github.com/containerd/nri/pull/107)) * Close plugin if initial synchronization fails ([containerd/nri#103](https://github.com/containerd/nri/pull/103)) * Add support for adjusting OOM score ([containerd/nri#94](https://github.com/containerd/nri/pull/94)) * Add API support for NRI-native CDI injection ([containerd/nri#98](https://github.com/containerd/nri/pull/98)) * Add support for pids cgroup ([containerd/nri#76](https://github.com/containerd/nri/pull/76)) #### Runtime * Fix console TTY leak in runc shim ([#11250](https://github.com/containerd/containerd/pull/11250)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Krisztian Litkey * Mike Brown * Samuel Karp * Wei Fu * Phil Estes * Derek McGowan * Iceber Gu * Akhil Mohan * Antonio Ojea * Austin Vazquez * Henry Wang * Jin Dong * Xiaojin Zhang * ningmingxiao * AbdelrahmanElawady * Akihiro Suda * Antti Kervinen * Jing Xu * Jitang Lei * Justin Alvarez * Lei Liu * Maksym Pavlenko * Yang Yang * Yuhang Wei * cormick * jingtao.liang ### Changes <details><summary>24 commits</summary> <p> * Prepare release notes for v1.7.26 ([#11356](https://github.com/containerd/containerd/pull/11356)) * [`ceba197f5`](https://github.com/containerd/containerd/commit/ceba197f5fa0b76b0f181c24f81c67c43d34bff2) Prepare release notes for v1.7.26 * Upgrade x/net to 0.33.0 to fix vulnerability GHSA-w32m-9786-jp63 ([#11434](https://github.com/containerd/containerd/pull/11434)) * [`3486bc8dd`](https://github.com/containerd/containerd/commit/3486bc8dd19acbde278ed6c4c4fa42c7299e1278) Upgrade x/net to 0.33.0 * update build to go1.23.6, test go1.24.0 ([#11419](https://github.com/containerd/containerd/pull/11419)) * [`9025d3075`](https://github.com/containerd/containerd/commit/9025d3075b91b0806ff15f27f28bbce8af4f1a76) update build to go1.23.6, test go1.24.0 * Update install-imgcrypt to allow change install repo ([#11358](https://github.com/containerd/containerd/pull/11358)) * [`83eaab482`](https://github.com/containerd/containerd/commit/83eaab4822188e019efe68c29a6d77f37f099d6e) Update install-imgcrypt to allow change install repo * Add support for syncfs after unpack ([#11267](https://github.com/containerd/containerd/pull/11267)) * [`8bc21cba7`](https://github.com/containerd/containerd/commit/8bc21cba7516727b294d4dd6a3e8859cbdd146a8) support to syncfs after pull by using diff plugin * Update runc binary to v1.2.5 ([#11395](https://github.com/containerd/containerd/pull/11395)) * [`27c472acf`](https://github.com/containerd/containerd/commit/27c472acf59c4d86e2b446ae554691149ac43661) Update runc binary to v1.2.5 * Move `run.skip-dirs` to `issues.exclude-dirs` in golangci-lint config ([#11400](https://github.com/containerd/containerd/pull/11400)) * [`8d8034b66`](https://github.com/containerd/containerd/commit/8d8034b66e2790ef0149207acb7c92a033d7f1f8) move skip-dirs to issues.exclude-dirs * Fix initial sync race when registering NRI plugins ([#11326](https://github.com/containerd/containerd/pull/11326)) * [`11af05177`](https://github.com/containerd/containerd/commit/11af05177545dbb97d87aa861b15d70ab911307c) cri,nri: block NRI plugin sync. during event processing. * [`d4036cd3d`](https://github.com/containerd/containerd/commit/d4036cd3d1eb174ea379c8e1d139c25cfe9f18d8) go.{mod,sum}: bump NRI to v0.8.0, re-vendor. * Fix console TTY leak in runc shim ([#11250](https://github.com/containerd/containerd/pull/11250)) * [`c3e24e024`](https://github.com/containerd/containerd/commit/c3e24e0248f0ca83d0bfbb0262862c2a06a632e2) Add integ test to check tty leak * [`4e45a463d`](https://github.com/containerd/containerd/commit/4e45a463d90fd44f6b92978721779d7b09045cee) fix master tty leak due to leaking init container object * Fix fatal concurrency error in port forwarding ([#11306](https://github.com/containerd/containerd/pull/11306)) * [`0fe9f0b52`](https://github.com/containerd/containerd/commit/0fe9f0b52f7b700689df46d13de36e67b62486e1) fix fatal error: concurrent map iteration and map write * update build to go1.22.11, test go1.23.5 ([#11298](https://github.com/containerd/containerd/pull/11298)) * [`441b92636`](https://github.com/containerd/containerd/commit/441b92636a806d71655945137210126de723e4fe) update build to go1.22.11, test go1.23.5 </p> </details> ### Changes from containerd/nri <details><summary>77 commits</summary> <p> * Add API support for reading Pod IPs ([containerd/nri#119](https://github.com/containerd/nri/pull/119)) * [`eaf78a9`](https://github.com/containerd/nri/commit/eaf78a9afe9ebac28a68d1163dd00183525801a3) api: support Pod IPs * generate: do not set OOMScoreAdj if no adjustment ([containerd/nri#116](https://github.com/containerd/nri/pull/116)) * [`07bfc18`](https://github.com/containerd/nri/commit/07bfc18129a3cc9c4b44e1aced9972279a50ddb5) wip: generate: add test for oom score adj * [`b5fc359`](https://github.com/containerd/nri/commit/b5fc359973c0e8c599b12c1d118546c267894b3b) generate: do not set OOMScoreAdj if no adjustment * device-injector: remove unreachable code. ([containerd/nri#115](https://github.com/containerd/nri/pull/115)) * [`235aa11`](https://github.com/containerd/nri/commit/235aa114dffc784073ec8b2f88fbd4ecfba06450) chore: remove unreachable code and fmt files * Fix plugin sync to use multiple messages if ttrpc max message limit is hit ([containerd/nri#111](https://github.com/containerd/nri/pull/111)) * [`159f575`](https://github.com/containerd/nri/commit/159f5754db397e32ce886cd07985ffd95f1bd823) template: dump pod/container count in sync message. * [`bf267e3`](https://github.com/containerd/nri/commit/bf267e336f2ec2f5045fd396fb68f9853d2b5db9) stub: collect/handle split sync messages. * [`ed78ae9`](https://github.com/containerd/nri/commit/ed78ae9231cb603031f66921559ca6f38ef77bb5) adaptation: use multiple sync messages if necessary. * [`6fd59d6`](https://github.com/containerd/nri/commit/6fd59d6d7701cdadeae4db0058b3fde84c02e94b) api: add support for multiple sync messages. * [`a7fcccc`](https://github.com/containerd/nri/commit/a7fcccc4ba35f69ea2af790b6cb4b46385c50ce4) mux: split oversized messages. * [`5fe9b06`](https://github.com/containerd/nri/commit/5fe9b06401fb7fce78c41b95df04e05dffc22e5b) mux: fix maximum allowed message size. * [`693d64e`](https://github.com/containerd/nri/commit/693d64e2565cc14c00fae2de904ffc030fc2b894) go.{mod,sum}, plugins: update ttrpc and NRI deps. * Update API to pass configured timeouts to plugins. ([containerd/nri#109](https://github.com/containerd/nri/pull/109)) * [`320e4e7`](https://github.com/containerd/nri/commit/320e4e7e52a856b119cfa1c06a4a135ab5f88f56) adaptation: tests for runtime version, timeouts. * [`f86d982`](https://github.com/containerd/nri/commit/f86d98210749556ef562776fde784d2250d1190e) api,adaptation,stub: let plugin know configured timeouts. * [`cfcd2af`](https://github.com/containerd/nri/commit/cfcd2af3c80db6667f2d1a291225cc616b6049c3) Makefile: fix ginkgo-tests target. * [`8cd9504`](https://github.com/containerd/nri/commit/8cd9504a48e1b79625ff5fce3d058c6662bc34d6) adaptation: block plugin sync/registration in test suite. * [`966ac92`](https://github.com/containerd/nri/commit/966ac92b01fca271373e2088695538dcef0edb2b) adaptation: implement plugin synchronization blocks. * ci: verify that code generation works and results match ([containerd/nri#113](https://github.com/containerd/nri/pull/113)) * [`f74ce31`](https://github.com/containerd/nri/commit/f74ce31ef9b048d69702b954912122a0597598a8) ci: verify code generation and generated files in repo * deps: bump gingko to v2.19.1, golang to v1.21.x. ([containerd/nri#110](https://github.com/containerd/nri/pull/110)) * [`e4d5c36`](https://github.com/containerd/nri/commit/e4d5c36429c495c5d61d0183ba1c1a908ed598f4) ci: stop testing with golang 1.20.x. * [`6578149`](https://github.com/containerd/nri/commit/65781492cc1b0cf5a6a6166a81ba638e45b7f93f) go.{mod,sum}: bump golang requirement to 1.21. * [`442e812`](https://github.com/containerd/nri/commit/442e81239436c53689e14d9a641099a4aeec7cbe) go.{mod,sum}: update to ginkgo v2.19.1. * sync sandboxes and containers after starting the pre-installed plugins ([containerd/nri#43](https://github.com/containerd/nri/pull/43)) * [`eada085`](https://github.com/containerd/nri/commit/eada085db3965057686def58fd8993c70030dd7f) ignore pre-installed plugins that did not sync successfully * [`b881bc4`](https://github.com/containerd/nri/commit/b881bc4ba69e3bfe718939d97f327f3c72670fad) sync sandboxes and containers after starting the pre-installed plugins * Fix mount removal in adjustments ([containerd/nri#107](https://github.com/containerd/nri/pull/107)) * [`3880f1d`](https://github.com/containerd/nri/commit/3880f1df504f4b3ceedd3a36172162c886a00564) adaptation: add test case for mount removal. * [`0d3b376`](https://github.com/containerd/nri/commit/0d3b37631b9fb913e95a9a0efd31b27117208e40) adaptation: fix mount removal in adjustments. * codespell: add codespell config, workflow, fix spelling errors. ([containerd/nri#105](https://github.com/containerd/nri/pull/105)) * [`df84c47`](https://github.com/containerd/nri/commit/df84c475025e3fc536701aa99f6ca6d14dbea648) .github: add codespell workflow. * [`a03dc93`](https://github.com/containerd/nri/commit/a03dc9359c2d526924e56a9d167445a69588d3ae) pkg,plugins,.codespellrc: add codespellrc, fix spelling. * Close plugin if initial synchronization fails ([containerd/nri#103](https://github.com/containerd/nri/pull/103)) * [`4aec208`](https://github.com/containerd/nri/commit/4aec208281ac3630b02d737005778527aec8abae) adaptation: log plugin as connected and synchronized. * [`4e60cd0`](https://github.com/containerd/nri/commit/4e60cd0fb845ffefa9590084bb5261a113ad6858) adaptation: close plugin if initial synchronization fails. * Reset source path of api.pb.go to pkg/api/api.proto ([containerd/nri#104](https://github.com/containerd/nri/pull/104)) * [`1cc026f`](https://github.com/containerd/nri/commit/1cc026f8a3773b9e0d4ca80f9c3e978ef7d54bef) Reset source path of api.pb.go to pkg/api/api.proto * Add support for adjusting OOM score ([containerd/nri#94](https://github.com/containerd/nri/pull/94)) * [`efcb2da`](https://github.com/containerd/nri/commit/efcb2dad664293bd3fbad1557cac2dcfd15a86dc) NRI plugins support adjust oom_score_adj * Add API support for NRI-native CDI injection ([containerd/nri#98](https://github.com/containerd/nri/pull/98)) * [`8783973`](https://github.com/containerd/nri/commit/87839736588c90995cd7d8a19beb47076efd3319) device-injector: clarify precedence of annotations. * [`4eb7075`](https://github.com/containerd/nri/commit/4eb70757f7095a9928d6a34a9e8f28eaac066a42) pkg/adaptation: fix grammatical mistakes in comments. * [`4bd8da8`](https://github.com/containerd/nri/commit/4bd8da8cf7128f9ac88ebed28f2e3afd73d0fab1) device-injector: add support for CDI injection. * [`44773bd`](https://github.com/containerd/nri/commit/44773bdd8b2fc5ed0e193975f54cfdf7153f708c) runtime-tools/generate: add support CDI injection. * [`65282fe`](https://github.com/containerd/nri/commit/65282fe079414600930b9fa084a46fb0bd0e0c8b) adaptation: add CDI device injection unit test. * [`01f3b7a`](https://github.com/containerd/nri/commit/01f3b7a6681de5961920091f88e71335778ecc21) adaptation: add support for native CDI injection. * [`f1aa58f`](https://github.com/containerd/nri/commit/f1aa58f8157aacbdda3826316c77e4e96914235a) api: add support for native CDI device injection. * types: Fix a typo ([containerd/nri#101](https://github.com/containerd/nri/pull/101)) * [`8434439`](https://github.com/containerd/nri/commit/8434439b76e0b4c8dad1c5e2b1fadc4bbfea4b1a) types: Fix a typo * Add support for pids cgroup ([containerd/nri#76](https://github.com/containerd/nri/pull/76)) * [`1719502`](https://github.com/containerd/nri/commit/1719502ed2a62bb99e561f759278f3e6628ae191) support pids cgroup * stub: support restart after stub stopped ([containerd/nri#91](https://github.com/containerd/nri/pull/91)) * [`242661f`](https://github.com/containerd/nri/commit/242661fd7ab841358dc0cc53b8fe34dd7878b6c8) stub: support re-start after stub stopped * stop closed plugins that will be removed ([containerd/nri#89](https://github.com/containerd/nri/pull/89)) * [`ba398fa`](https://github.com/containerd/nri/commit/ba398fa866f5f8a2d51e92eedcde2ea6aacce2b1) stop closed plugins that will be removed * plugins/device-injector: fix a small typo in README.md. ([containerd/nri#97](https://github.com/containerd/nri/pull/97)) * [`f96a550`](https://github.com/containerd/nri/commit/f96a550770396c0e83763d2ff1a48c74facbbff7) device-injector: small grammar fix in README.md. * plugins/template: fix a typo in a comment. ([containerd/nri#96](https://github.com/containerd/nri/pull/96)) * [`5680921`](https://github.com/containerd/nri/commit/5680921a7acdd967fc72317b63380b278c3a447c) plugins/template: fix typo in a comment. * go.{mod,sum}, .github: bump minimum golang version to 1.20. ([containerd/nri#88](https://github.com/containerd/nri/pull/88)) * [`2c3608d`](https://github.com/containerd/nri/commit/2c3608db37a03ff3d7b02fc86d2a763976a830ea) .golangci.yml: silence dot-import errors for tests. * [`8f56974`](https://github.com/containerd/nri/commit/8f56974eb755a4a09d1013a82f30d9593fc50b9a) pkg/{adaptation,api,net,stub}: fix linter errors. * [`e863892`](https://github.com/containerd/nri/commit/e863892df021fc7ac5f5d9302132fb4a82c54394) .github: bump golangci-lint to v1.58.0. * [`674cb41`](https://github.com/containerd/nri/commit/674cb4149fc21a25e35e82b3b7baec2c9ac4404a) .github: bump setup-go to v5. * [`9106283`](https://github.com/containerd/nri/commit/9106283b2ebbad9f0c3374113a2b93c1cd0ab304) .github: test with golang 1.20.x, 1.21.x, 1.22.3 in CI. * [`a9778ad`](https://github.com/containerd/nri/commit/a9778ad8bf138b27289e2d12d84b81420f6709b2) plugins: bump golang version to 1.20. * [`8e86065`](https://github.com/containerd/nri/commit/8e860654df09f8aebac99b6738c2cbffefd8f8b8) go.{mod.sum}: bump golang version to 1.20. * network device injector plugin ([containerd/nri#82](https://github.com/containerd/nri/pull/82)) * [`ff774e6`](https://github.com/containerd/nri/commit/ff774e6e62a652d4473e2398110ff796aa1e420b) network device injector plugin * Modify hook-injector plugin to monitor directories to match cri-o ([containerd/nri#84](https://github.com/containerd/nri/pull/84)) * [`06841c2`](https://github.com/containerd/nri/commit/06841c28928f8f0c21ddb7511cb2b464f8c08139) Modify hook-injector plugin to monitor directories to match cri-o * docs: fix broken link to sample plugins in README.md ([containerd/nri#81](https://github.com/containerd/nri/pull/81)) * [`2791e93`](https://github.com/containerd/nri/commit/2791e932d71d3bff0bed040a17b5d4f9afc549be) docs: fix broken link to sample plugins in README.md </p> </details> ### Changes from containerd/ttrpc <details><summary>11 commits</summary> <p> * Add MD.Clone function ([containerd/ttrpc#177](https://github.com/containerd/ttrpc/pull/177)) * [`430f734`](https://github.com/containerd/ttrpc/commit/430f7347915993a5543bfb00858ac337274528ba) Add MD.Clone * Fix race between serve and immediate shutdown on the server ([containerd/ttrpc#175](https://github.com/containerd/ttrpc/pull/175)) * [`c4d96d5`](https://github.com/containerd/ttrpc/commit/c4d96d55ad9c4f4cf6036c70a5b18ba80655d648) server: fix Serve() vs. immediate Shutdown() race. * [`ed6c3ba`](https://github.com/containerd/ttrpc/commit/ed6c3ba082bdbc82284c198d93ca5f07ad9900dd) server_test: add Serve()/Shutdown() race test. * Reject oversized messages from the sender ([containerd/ttrpc#171](https://github.com/containerd/ttrpc/pull/171)) * [`b5cd6e4`](https://github.com/containerd/ttrpc/commit/b5cd6e4b32878158dc44b7854a7d14b454f75daf) channel: allow discovery of overflown message size. * [`d8c00df`](https://github.com/containerd/ttrpc/commit/d8c00dfec306c305efef44aa526f2acf8ebd165b) channel_test: update oversize message test. * [`de273bf`](https://github.com/containerd/ttrpc/commit/de273bf7511de4710934b92415a00d471a6118cb) channel: reject oversized messages on the sender side. * server_test: fix error message in TestOversizeCall. ([containerd/ttrpc#170](https://github.com/containerd/ttrpc/pull/170)) * [`84e1784`](https://github.com/containerd/ttrpc/commit/84e1784f340651f94891fbd091cbb3d5bfdf9e62) server_test: fix error message in TestOversizeCall. </p> </details> ### Dependency Changes * **github.com/containerd/nri** v0.6.1 -> v0.8.0 * **github.com/containerd/ttrpc** v1.2.5 -> v1.2.7 * **github.com/go-logr/logr** v1.3.0 -> v1.4.2 * **golang.org/x/net** v0.25.0 -> v0.33.0 Previous release can be found at [v1.7.25](https://github.com/containerd/containerd/releases/tag/v1.7.25) -
v1.6.37cfc13b6d · ·
containerd 1.6.37 Welcome to the v1.6.37 release of containerd! The thirty-seventh patch release for containerd 1.6 contains various fixes and updates. ### Highlights * Update runc binary to v1.2.5 ([#11396](https://github.com/containerd/containerd/pull/11396)) * Fix the race condition during GC of snapshots when client retries ([#10764](https://github.com/containerd/containerd/pull/10764)) #### Container Runtime Interface (CRI) * Update the container exit log to info level ([#11008](https://github.com/containerd/containerd/pull/11008)) * Handle teardown failure to avoid blocking cleanup ([#10778](https://github.com/containerd/containerd/pull/10778)) * Add check for CNI plugins before tearing down pod network ([#10766](https://github.com/containerd/containerd/pull/10766)) #### Runtime * Fix console TTY leak in runc shim ([#11359](https://github.com/containerd/containerd/pull/11359)) * Fix panic due to nil dereference cgroups v2 ([#11100](https://github.com/containerd/containerd/pull/11100)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Phil Estes * Akihiro Suda * Maksym Pavlenko * Akhil Mohan * Austin Vazquez * Derek McGowan * Samuel Karp * Henry Wang * Jin Dong * Jing Xu * Sebastiaan van Stijn * Wei Fu * Benjamin Peterson * Kazuyoshi Kato * Saket Jajoo * Sameer * Zou Nengren * bo.jiang * jinda.ljd * ningmingxiao ### Changes <details><summary>59 commits</summary> <p> * Prepare release notes for v1.6.37 ([#11429](https://github.com/containerd/containerd/pull/11429)) * [`16ba72ad9`](https://github.com/containerd/containerd/commit/16ba72ad97f44da68569409bacea2b63bf04b314) Prepare release notes for v1.6.37 * Fix console TTY leak in runc shim ([#11359](https://github.com/containerd/containerd/pull/11359)) * [`3e6f219d7`](https://github.com/containerd/containerd/commit/3e6f219d7337db04b9d471c0d3dea22abf083748) Add integ test to check tty leak * [`bc20f7457`](https://github.com/containerd/containerd/commit/bc20f74574b55fc6f7540e7ddcf491fa65ac4e0b) fix master tty leak due to leaking init container object * Update install-imgcrypt to allow change install repo ([#11418](https://github.com/containerd/containerd/pull/11418)) * [`cbd44298c`](https://github.com/containerd/containerd/commit/cbd44298c1a92ffb31a238a52cc732c408ddd5d5) Update install-imgcrypt to allow change install repo * Update runc binary to v1.2.5 ([#11396](https://github.com/containerd/containerd/pull/11396)) * [`9918dc4e3`](https://github.com/containerd/containerd/commit/9918dc4e3a726c3c006f0d6a1bfb037de3176d70) Update runc binary to v1.2.5 * Update vagrant host OS to fix Vagrant CI runs ([#11348](https://github.com/containerd/containerd/pull/11348)) * [`d92457c71`](https://github.com/containerd/containerd/commit/d92457c71d825faf02ca0c0f58e5971bbd215c82) Remove vagrant scp from the install list * update runc binary to v1.2.4 ([#11237](https://github.com/containerd/containerd/pull/11237)) * [`315a23dd9`](https://github.com/containerd/containerd/commit/315a23dd975e3aab1db5391c557ad1415b605220) update runc binary to v1.2.4 * update runc binary to v1.2.3 ([#11144](https://github.com/containerd/containerd/pull/11144)) * [`79f6df6f4`](https://github.com/containerd/containerd/commit/79f6df6f4ff0c547aaffd51eb693d57679336f66) update runc binary to v1.2.3 * update build to go1.22.10, test go1.23.4 ([#11112](https://github.com/containerd/containerd/pull/11112)) * [`bf89950f5`](https://github.com/containerd/containerd/commit/bf89950f5fde4d5b22ad50357ba24255b6b47f8b) update build to go1.22.10, test go1.23.4 * Fix panic due to nil dereference cgroups v2 ([#11100](https://github.com/containerd/containerd/pull/11100)) * [`db096794f`](https://github.com/containerd/containerd/commit/db096794f71ee9729c4cd1fce999c43a25e8e1e3) fix panic due to nil dereference cgroups v2 * Add almalinux/9 in CI ([#11055](https://github.com/containerd/containerd/pull/11055)) * [`3a0f138b0`](https://github.com/containerd/containerd/commit/3a0f138b044a218c1e1dcdccdc83b275a7951be9) add almalinux/9 in CI * Update the container exit log to info level ([#11008](https://github.com/containerd/containerd/pull/11008)) * [`aca1ca440`](https://github.com/containerd/containerd/commit/aca1ca44060500f76804b6378d28a9ba4a648a34) add info of exited event * update runc binary to 1.2.2 ([#11028](https://github.com/containerd/containerd/pull/11028)) * [`4eaef56a2`](https://github.com/containerd/containerd/commit/4eaef56a21b12ac7a51daddc1957957fea21c886) update runc binary to 1.2.2 * Revert "Disable vagrant strict dependency checking" ([#11010](https://github.com/containerd/containerd/pull/11010)) * [`f42035a21`](https://github.com/containerd/containerd/commit/f42035a21318848e7efed49ab227ea8f6b83e8bc) Revert "Disable vagrant strict dependency checking" * update build to go1.22.9, test go1.23.3 ([#10975](https://github.com/containerd/containerd/pull/10975)) * [`20958cbb0`](https://github.com/containerd/containerd/commit/20958cbb0fb6237549dff06c1485527d8ef9ea8d) update build to go1.22.9, test go1.23.3 * backport: Disable vagrant strict dependency checking ([#10966](https://github.com/containerd/containerd/pull/10966)) * [`edb3df5ab`](https://github.com/containerd/containerd/commit/edb3df5ab099bf97fafc3880e207003c072c86f4) Disable vagrant strict dependency checking * Update critools-version to 1.29 ([#10929](https://github.com/containerd/containerd/pull/10929)) * [`9eca374a4`](https://github.com/containerd/containerd/commit/9eca374a407732487338b672c726ffdfe779c65a) Update critools-version to 1.29 in release 1.6 * update runc binary to 1.2.1 ([#10941](https://github.com/containerd/containerd/pull/10941)) * [`6134f736d`](https://github.com/containerd/containerd/commit/6134f736d43ecd997fa4646f3d91f1a40481ad06) update runc binary to 1.2.1 * services/snapshots: include name of snapshotter in debug logs ([#10932](https://github.com/containerd/containerd/pull/10932)) * [`4e54972f0`](https://github.com/containerd/containerd/commit/4e54972f085e61fc04575f1fd44cad79b033cb27) services/snapshots: include name of snapshotter in debug logs * Make TestContainerPids more resilient ([#10937](https://github.com/containerd/containerd/pull/10937)) * [`d7c7a12f3`](https://github.com/containerd/containerd/commit/d7c7a12f36c7f4f89b0f87162e481088c865a267) Make TestContainerPids more resilient * Add After=dbus.service to containerd.service ([#10860](https://github.com/containerd/containerd/pull/10860)) * [`e6d8e5e9c`](https://github.com/containerd/containerd/commit/e6d8e5e9c7625ea07dc50025d673004c6d2ee80e) Add After=dbus.service to containerd.service * Handle teardown failure to avoid blocking cleanup ([#10778](https://github.com/containerd/containerd/pull/10778)) * [`b1f8b03e7`](https://github.com/containerd/containerd/commit/b1f8b03e7bc9a6e59e0de3cf54fd0d814e5ef79a) Handle teardown failure to avoid blocking cleanup * Switch from actuated.dev to GH Action runners for arm64 ([#10823](https://github.com/containerd/containerd/pull/10823)) * [`ba411483a`](https://github.com/containerd/containerd/commit/ba411483a4b523824f9273781a1ad5a84e72ffcc) Switch from actuated.dev to GH Action runners for arm64 * [`8c58f78c2`](https://github.com/containerd/containerd/commit/8c58f78c2088fe473aa03f184a8a2907e4a44840) Update github actions ci to run on forks * bump golangci/golangci-lint-action from 4 to 6 ([#10819](https://github.com/containerd/containerd/pull/10819)) * [`e4211a530`](https://github.com/containerd/containerd/commit/e4211a530c48c08847f75cd84082c738a5879173) bump golangci/golangci-lint-action from 4 to 6 * update to go1.23.2,go1.22.8 ([#10809](https://github.com/containerd/containerd/pull/10809)) * [`1ca261fe4`](https://github.com/containerd/containerd/commit/1ca261fe466739e27d737d23533c3ae67239eed3) update to go1.23.2,go1.22.8 * Update runner images to macOS13 ([#10784](https://github.com/containerd/containerd/pull/10784)) * [`1c96f2391`](https://github.com/containerd/containerd/commit/1c96f23918b6d1f76edf0adae94eba1f5a54e19f) Update runner images to macOS13 * Bump crun to 1.16.1 ([#10775](https://github.com/containerd/containerd/pull/10775)) * [`1ba7381cf`](https://github.com/containerd/containerd/commit/1ba7381cfd7759e27935cc6a03b28985db0f5e3a) Bump crun to 1.16 * [`afc84d092`](https://github.com/containerd/containerd/commit/afc84d09269254c162c65fdf7cb5b042ec25f610) CI: bump up crun to 1.15 * Fix the race condition during GC of snapshots when client retries ([#10764](https://github.com/containerd/containerd/pull/10764)) * [`74951d6cf`](https://github.com/containerd/containerd/commit/74951d6cf22eb1f21522229cd8e22b9c4480923d) Fix the race condition during GC of snapshots when client retries * Add check for CNI plugins before tearing down pod network ([#10766](https://github.com/containerd/containerd/pull/10766)) * [`ca6516ee8`](https://github.com/containerd/containerd/commit/ca6516ee85cd1f8765b10127c5694bb3fae1dab2) [release/1.6] Add check for CNI plugins before tearing down pod network </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.6.36](https://github.com/containerd/containerd/releases/tag/v1.6.36)
-
v2.0.2c507a025 · ·
containerd 2.0.2 Welcome to the v2.0.2 release of containerd! The second patch release for containerd 2.0 includes a number of bug fixes and improvements. ### Highlights #### Container Runtime Interface (CRI) * Remove confusing warning in cri runtime config migration ([#11256](https://github.com/containerd/containerd/pull/11256)) * Fix runtime platform loading in cri image plugin init ([#11248](https://github.com/containerd/containerd/pull/11248)) #### Runtime * Update runc binary to v1.2.4 ([#11239](https://github.com/containerd/containerd/pull/11239)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Jin Dong * Derek McGowan * Akihiro Suda * Kazuyoshi Kato * Henry Wang * Krisztian Litkey * Phil Estes * Samuel Karp * Sebastiaan van Stijn * Akhil Mohan * Brian Goff * Chongyi Zheng * Maksym Pavlenko * Mike Brown * Pierre Gimalac * Wei Fu ### Changes <details><summary>23 commits</summary> <p> * Prepare release notes for v2.0.2 ([#11245](https://github.com/containerd/containerd/pull/11245)) * [`cdaf4dfb4`](https://github.com/containerd/containerd/commit/cdaf4dfb4de6b288314cf43d1571c3c6b05e8b27) Prepare release notes for v2.0.2 * Update platforms to latest rc ([#11259](https://github.com/containerd/containerd/pull/11259)) * [`eb125e1dd`](https://github.com/containerd/containerd/commit/eb125e1dd3ddc427fb314640aabe6eb88c8bbd3b) Update platforms to latest rc * Remove confusing warning in cri runtime config migration ([#11256](https://github.com/containerd/containerd/pull/11256)) * [`468079c5c`](https://github.com/containerd/containerd/commit/468079c5c4a8c36be6f8005112bf2f0cd69984c4) Remove confusing warning in cri runtime config migration * Fix runtime platform loading in cri image plugin init ([#11248](https://github.com/containerd/containerd/pull/11248)) * [`a2d9d4fd5`](https://github.com/containerd/containerd/commit/a2d9d4fd556970c39d1fe80d94a77a1aa025c032) Fix runtime platform loading in cri image plugin init * make sure console master tty is closed on task exit ([#11246](https://github.com/containerd/containerd/pull/11246)) * [`184ffad01`](https://github.com/containerd/containerd/commit/184ffad01ff70e513f969a392de03b6d18b5e31e) Add integ test to check tty leak * [`17181ed33`](https://github.com/containerd/containerd/commit/17181ed33e018a629deeb08889bef4cc3412c64e) fix master tty leak due to leaking init container object * Bump up otelttrpc to 0.1.0 ([#11242](https://github.com/containerd/containerd/pull/11242)) * [`8666e7422`](https://github.com/containerd/containerd/commit/8666e742255ac0d4e8047538aa69912689722861) Bump up otelttrpc to 0.1.0 * ctr: `ctr images import --all-platforms`: fix unpack ([#11236](https://github.com/containerd/containerd/pull/11236)) * [`c4270430d`](https://github.com/containerd/containerd/commit/c4270430db0f7e27a4c03b60822c7e14d210ae46) ctr: `ctr images import --all-platforms`: fix unpack * Update runc binary to v1.2.4 ([#11239](https://github.com/containerd/containerd/pull/11239)) * [`7373ddd70`](https://github.com/containerd/containerd/commit/7373ddd70bed3958aecd99e9b76d431c890beaa4) update runc binary to v1.2.4 * downgrade go-difflib and go-spew to tagged releases ([#11222](https://github.com/containerd/containerd/pull/11222)) * [`f34147772`](https://github.com/containerd/containerd/commit/f34147772bb97ef3220c85730b6139bfbf369095) downgrade go-difflib and go-spew to tagged releases * Add a build tag to disable std `plugin` import ([#11213](https://github.com/containerd/containerd/pull/11213)) * [`dca769485`](https://github.com/containerd/containerd/commit/dca769485cc524f86984631e15477f07bbf545c4) chore: add a build tag to disable containerd plugin import * Update golangci to 1.60.3 ([#11187](https://github.com/containerd/containerd/pull/11187)) * [`5942b3fcb`](https://github.com/containerd/containerd/commit/5942b3fcbacf02e3aeafd0cc1070ee1888aadd31) Update golangci to 1.60.3 </p> </details> ### Changes from containerd/otelttrpc <details><summary>6 commits</summary> <p> * Add dependabot and upgrade golang and dependency versions ([containerd/otelttrpc#3](https://github.com/containerd/otelttrpc/pull/3)) * [`2d46141`](https://github.com/containerd/otelttrpc/commit/2d46141c9f9842bc8e2563ae884b963e34ea175f) upgrade golang, deps, CI versions * [`64922e7`](https://github.com/containerd/otelttrpc/commit/64922e78c69b7bdecf065f039a5ead4d64e567e0) Add dependabot CI * Fix concurrent map panic on metadata ([containerd/otelttrpc#2](https://github.com/containerd/otelttrpc/pull/2)) * [`2ba3be1`](https://github.com/containerd/otelttrpc/commit/2ba3be1e39398b8d2544f5ea962edc1e2f906d32) Fix concurrent map panic on inject metadata * [`f50a922`](https://github.com/containerd/otelttrpc/commit/f50a9220fc748442b274390c45773191367262ec) UT for concurrent inject/extract metadata </p> </details> ### Changes from containerd/platforms <details><summary>6 commits</summary> <p> * Move windows matcher logic so all platforms can use ([containerd/platforms#22](https://github.com/containerd/platforms/pull/22)) * [`7c58292`](https://github.com/containerd/platforms/commit/7c5829273cd83c987784fd7ef5487485e0d2fee0) Move windows matcher logic so all platforms can use * replace testify with stdlib in tests ([containerd/platforms#21](https://github.com/containerd/platforms/pull/21)) * [`86a86b7`](https://github.com/containerd/platforms/commit/86a86b73a6e01f92aecad823e0f516f6198f3e2c) replace testify with stdlib in tests * Replace arm64 minor variant logic with lookup table ([containerd/platforms#18](https://github.com/containerd/platforms/pull/18)) * [`364665a`](https://github.com/containerd/platforms/commit/364665a87c183d5b5eb45fc0e9b86e99013a621a) Replace arm64 minor variant logic with lookup table </p> </details> ### Changes from containerd/ttrpc <details><summary>5 commits</summary> <p> * Add MD.Clone function ([containerd/ttrpc#177](https://github.com/containerd/ttrpc/pull/177)) * [`430f734`](https://github.com/containerd/ttrpc/commit/430f7347915993a5543bfb00858ac337274528ba) Add MD.Clone * server: fix a Serve() vs. (immediate) Shutdown() race ([containerd/ttrpc#175](https://github.com/containerd/ttrpc/pull/175)) * [`c4d96d5`](https://github.com/containerd/ttrpc/commit/c4d96d55ad9c4f4cf6036c70a5b18ba80655d648) server: fix Serve() vs. immediate Shutdown() race. * [`ed6c3ba`](https://github.com/containerd/ttrpc/commit/ed6c3ba082bdbc82284c198d93ca5f07ad9900dd) server_test: add Serve()/Shutdown() race test. </p> </details> ### Dependency Changes * **github.com/containerd/otelttrpc** ea5083fda723 -> v0.1.0 * **github.com/containerd/platforms** v1.0.0-rc.0 -> v1.0.0-rc.1 * **github.com/containerd/ttrpc** v1.2.6 -> v1.2.7 * **github.com/davecgh/go-spew** d8f796af33cc -> v1.1.1 * **github.com/pmezard/go-difflib** 5d4384ee4fb2 -> v1.0.0 * **github.com/stretchr/testify** v1.9.0 -> v1.10.0 Previous release can be found at [v2.0.1](https://github.com/containerd/containerd/releases/tag/v2.0.1) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
-
v1.7.25bcc810d6 · ·
containerd 1.7.25 Welcome to the v1.7.25 release of containerd! The twenty-fifth patch release for containerd 1.7 contains various fixes and updates. ### Highlights * Update runc binary to v1.2.4 ([#11238](https://github.com/containerd/containerd/pull/11238)) * Fix proto conflicts and update to 1.8 API ([#11184](https://github.com/containerd/containerd/pull/11184)) #### Container Runtime Interface (CRI) * Fix `ip_pref` configuration option ([#11223](https://github.com/containerd/containerd/pull/11223)) #### Runtime * Fix panic due to nil dereference cgroups v2 ([#11099](https://github.com/containerd/containerd/pull/11099)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Akihiro Suda * Derek McGowan * Sebastiaan van Stijn * Wei Fu * Maksym Pavlenko * Akhil Mohan * Henry Wang * Jin Dong * Phil Estes * Sam Edwards * Samuel Karp * Brian Goff * David Son * Kohei Tokunaga * Pierre Gimalac * Yang Yang * bo.jiang ### Changes <details><summary>32 commits</summary> <p> * Prepare release notes for v1.7.25 ([#11243](https://github.com/containerd/containerd/pull/11243)) * [`bda53fc60`](https://github.com/containerd/containerd/commit/bda53fc604cbba571db1daca3827b82dde72a0b8) Prepare release notes for v1.7.25 * Update runc binary to v1.2.4 ([#11238](https://github.com/containerd/containerd/pull/11238)) * [`d4a649130`](https://github.com/containerd/containerd/commit/d4a649130e65a95808cd6a9dfa3a4128c03f4c98) update runc binary to v1.2.4 * Reduce shim plugin log level ([#11224](https://github.com/containerd/containerd/pull/11224)) * [`99c973791`](https://github.com/containerd/containerd/commit/99c97379135b175862e594d32b421d24655b6920) runtime/v2: reduce shim plugin log * Fix `ip_pref` configuration option ([#11223](https://github.com/containerd/containerd/pull/11223)) * [`0cfc1edf3`](https://github.com/containerd/containerd/commit/0cfc1edf34648807bd02caf1835fe2c6fddf46fa) Fix "even if IPv4 comes first" test to have IPv4 first * [`53d1fd0d9`](https://github.com/containerd/containerd/commit/53d1fd0d96c2c1f3c4997c2fb376203f6491c7d9) Don't use `To16() != nil` to detect IPv6 addresses * Add a build tag to disable std `plugin` import (#11202) ([#11203](https://github.com/containerd/containerd/pull/11203)) * [`2b12ef2f4`](https://github.com/containerd/containerd/commit/2b12ef2f421f141805f8afcd72d1315698b2582c) chore: add a build tag to disable containerd plugin import * bump github.com/containerd/continuity from 0.4.2 to 0.4.4 ([#11216](https://github.com/containerd/containerd/pull/11216)) * [`b99091838`](https://github.com/containerd/containerd/commit/b99091838db961b2c06cea388c70466f5ca0a067) build(deps): bump github.com/containerd/continuity from 0.4.3 to 0.4.4 * [`9f48f7af0`](https://github.com/containerd/containerd/commit/9f48f7af05f1b19c0500eaae78e605ec45e03ab5) build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.35.2 * [`79172ba16`](https://github.com/containerd/containerd/commit/79172ba1624d21263a236a37909f33b8ba639c61) go.mod: github.com/containerd/continuity v0.4.3 * deps: update golang.org/x/ ([#11178](https://github.com/containerd/containerd/pull/11178)) * [`2dfbe2c7c`](https://github.com/containerd/containerd/commit/2dfbe2c7c1de9c8a45e1500d09e79652a5a3d416) vendor: update golang.org/x/crypto dependencies * Fix proto conflicts and update to 1.8 API ([#11184](https://github.com/containerd/containerd/pull/11184)) * [`3d7a50749`](https://github.com/containerd/containerd/commit/3d7a50749b58d84ae32afaf84a475cb25f0eb327) Replace use of deprecated api Envelope * [`929e7bde6`](https://github.com/containerd/containerd/commit/929e7bde6d686e8d694852258762e144d92bc38f) Use api types over deprecated alias * [`5a42503d1`](https://github.com/containerd/containerd/commit/5a42503d19e4e17e15af9155830cc1e808f1362b) Remove end of life api directory * [`c4069878e`](https://github.com/containerd/containerd/commit/c4069878e1c2587434b303b27e7f114a5426fc81) Update runtime/v2/runc/options to alias api type * [`4d955223a`](https://github.com/containerd/containerd/commit/4d955223a4cfa047e8f8ea58efc275d2771c0e0a) Update to containerd api 1.8 * [`efacd2ac7`](https://github.com/containerd/containerd/commit/efacd2ac7b099e875619df184a4f695719a4ec3b) Fix lint failures * update runc binary to v1.2.3 ([#11143](https://github.com/containerd/containerd/pull/11143)) * [`957c31895`](https://github.com/containerd/containerd/commit/957c31895ab1f84f7c33696a931bde628e79086c) update runc binary to v1.2.3 * update build to go1.22.10, test go1.23.4 ([#11111](https://github.com/containerd/containerd/pull/11111)) * [`4c0db6ad6`](https://github.com/containerd/containerd/commit/4c0db6ad60aa549ed3be557150f263e09cac7061) update build to go1.22.10, test go1.23.4 * Fix panic due to nil dereference cgroups v2 ([#11099](https://github.com/containerd/containerd/pull/11099)) * [`a40aa60a5`](https://github.com/containerd/containerd/commit/a40aa60a5452f92338e252f047871fee2ddd8727) fix panic due to nil dereference cgroups v2 * Move rockylinux 9.4 to almalinux/9 in CI ([#11054](https://github.com/containerd/containerd/pull/11054)) * [`b1ef1dda7`](https://github.com/containerd/containerd/commit/b1ef1dda758185d6709b3e4869dded4dd11dee40) move rocky 9.4 to almalinux/9 in CI </p> </details> ### Changes from containerd/continuity <details><summary>40 commits</summary> <p> * go.mod: bump up ([containerd/continuity#257](https://github.com/containerd/continuity/pull/257)) * [`8ae2b5e`](https://github.com/containerd/continuity/commit/8ae2b5ed00ea2ce911d163c19b85de58ffeaee10) Disable FUSE for FreeBSD * [`ef3b6f4`](https://github.com/containerd/continuity/commit/ef3b6f490ced58b82bf25ffd3ca5c242bedf06ef) go.mod: bump up * cmd/continuity/commands: MountCmd: remove macOS remnants ([containerd/continuity#254](https://github.com/containerd/continuity/pull/254)) * [`327ebdd`](https://github.com/containerd/continuity/commit/327ebdd9c1ddcbfd517279a3602efa286dfe5cdc) cmd/continuity/commands: MountCmd: remove macOS remnants * kind.String(): fix missing case statements for iota consts in switch ([containerd/continuity#256](https://github.com/containerd/continuity/pull/256)) * [`7d074e7`](https://github.com/containerd/continuity/commit/7d074e72420162b4e873d4699f2518c02fcb983f) kind.String(): fix missing case statements for iota consts in switch * go-fix: remove pre-go1.17 build-tags ([containerd/continuity#252](https://github.com/containerd/continuity/pull/252)) * [`433b975`](https://github.com/containerd/continuity/commit/433b9755fb2e7489793942d7e7d795c91ded249a) go-fix: remove pre-go1.17 build-tags * fs: properly handle ENOTSUP in copyXAttrs ([containerd/continuity#245](https://github.com/containerd/continuity/pull/245)) * [`c494f3d`](https://github.com/containerd/continuity/commit/c494f3d90ac521345eed00be6784fe5e798d0bbc) fs: properly handle ENOTSUP in copyXAttrs * gha: update CodeQL action to v3, run on go1.22 ([containerd/continuity#251](https://github.com/containerd/continuity/pull/251)) * [`3ca0c62`](https://github.com/containerd/continuity/commit/3ca0c6254f9a9238cf8b27f94e6004d14ebcaf58) gha: update CodeQL action to v3, as v2 is deprecated * [`1d06b76`](https://github.com/containerd/continuity/commit/1d06b761601826b507eaa06055f18961c85d8afa) gha: update CodeQL action to run on go1.22 * go.mod: prune indirect gopkg.in/yaml.v3 ([containerd/continuity#250](https://github.com/containerd/continuity/pull/250)) * [`3eb1ef4`](https://github.com/containerd/continuity/commit/3eb1ef4c2469f3c8e4b557a4f4ddcbd76682e784) cmd/continuity: tidy go.mod, go.sum * [`f0775b0`](https://github.com/containerd/continuity/commit/f0775b0cefc909012eab90c1ff60653bc4ddba08) go.mod: prune indirect gopkg.in/yaml.v3 * gha: run CI on go1.22 ([containerd/continuity#242](https://github.com/containerd/continuity/pull/242)) * [`f0f6869`](https://github.com/containerd/continuity/commit/f0f6869d0dfa7a977b939b91e47fe36bf9c6bbc1) gha: run CI on go1.22 * switch to github.com/containerd/log module ([containerd/continuity#243](https://github.com/containerd/continuity/pull/243)) * [`7d07d28`](https://github.com/containerd/continuity/commit/7d07d28ec16c8b8bacc7638feef10fc4e15536f4) switch to github.com/containerd/log module * Fix TestDiffDirChangeWithOverlayfs (also updates the CI to use Ubuntu 24.04) ([containerd/continuity#249](https://github.com/containerd/continuity/pull/249)) * [`97eff17`](https://github.com/containerd/continuity/commit/97eff17e2d69acf3724a694badf7eedb1c59684f) Fix TestDiffDirChangeWithOverlayfs * [`d934057`](https://github.com/containerd/continuity/commit/d93405730daf33f10e26855303a94e126378c90f) CI: use ubuntu-24.04 * fs: implement Atime for Windows ([containerd/continuity#241](https://github.com/containerd/continuity/pull/241)) * [`3cbda8c`](https://github.com/containerd/continuity/commit/3cbda8c24bde1ce635ff5dc3417a481a3b6b6e07) fs: implement Atime for Windows * build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.33.0 ([containerd/continuity#238](https://github.com/containerd/continuity/pull/238)) * [`31a50de`](https://github.com/containerd/continuity/commit/31a50def4bb28692365be8f56c64f71d676b81d1) build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.33.0 * build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.33.0 in /cmd/continuity ([containerd/continuity#237](https://github.com/containerd/continuity/pull/237)) * [`b3e10e6`](https://github.com/containerd/continuity/commit/b3e10e6650ecac26b241e41c65e58e6199b4a3f7) build(deps): bump google.golang.org/protobuf in /cmd/continuity * support filesystem magic for linux ([containerd/continuity#239](https://github.com/containerd/continuity/pull/239)) * [`8df9930`](https://github.com/containerd/continuity/commit/8df993081e4942a06a3de2e78c3171198641f9f8) support filesystem magic for linux * fs: add DiffDirChanges function to get changeset fast ([containerd/continuity#145](https://github.com/containerd/continuity/pull/145)) * [`8b312bd`](https://github.com/containerd/continuity/commit/8b312bddbe566d249b9f3962119a20e415f574be) fs: add DiffDirChanges function to get changeset fast * update golangci-lint to vl.55.0 ([containerd/continuity#233](https://github.com/containerd/continuity/pull/233)) * [`e08b7e4`](https://github.com/containerd/continuity/commit/e08b7e4a95b607784ce68c7f1216531c51bd375e) update golangci-lint to vl.55.0 , matching the version used by containerd * Add type to iterate directory ([containerd/continuity#229](https://github.com/containerd/continuity/pull/229)) * [`5c2d1b4`](https://github.com/containerd/continuity/commit/5c2d1b465b6a874f3e534f844d9ba3b6699f5ce5) Add type to itterate directory * Substitute deprecated rand.Seed() in Go 1.20 ([containerd/continuity#231](https://github.com/containerd/continuity/pull/231)) * [`242e29e`](https://github.com/containerd/continuity/commit/242e29e108631f355e3f442f3cc07a05109aabd2) Substitute deprecated rand.Seed() in Go 1.20 </p> </details> ### Dependency Changes * **github.com/containerd/containerd/api** v1.7.19 -> v1.8.0 * **github.com/containerd/continuity** v0.4.2 -> v0.4.4 * **golang.org/x/crypto** v0.21.0 -> v0.31.0 * **golang.org/x/mod** v0.12.0 -> v0.17.0 * **golang.org/x/net** v0.23.0 -> v0.25.0 * **golang.org/x/sync** v0.5.0 -> v0.10.0 * **golang.org/x/sys** v0.18.0 -> v0.28.0 * **golang.org/x/term** v0.18.0 -> v0.27.0 * **golang.org/x/text** v0.14.0 -> v0.21.0 * **google.golang.org/genproto/googleapis/rpc** 995d672761c0 -> c3f982113cda * **google.golang.org/protobuf** v1.33.0 -> v1.35.2 Previous release can be found at [v1.7.24](https://github.com/containerd/containerd/releases/tag/v1.7.24)
-
v2.0.188aa2f53 · ·
containerd 2.0.1 Welcome to the v2.0.1 release of containerd! The first patch release for containerd 2.0 includes a number of bug fixes and improvements. ### Highlights #### Container Runtime Interface (CRI) * Fix apply IoOwner options when not in user namespace ([#11151](https://github.com/containerd/containerd/pull/11151)) * Fix cri grpc plugin config migration ([#11140](https://github.com/containerd/containerd/pull/11140)) * Support CNI STATUS Verb ([containerd/go-cni#123](https://github.com/containerd/go-cni/pull/123)) #### Image Distribution * Update differ to handle zstd media types ([#11068](https://github.com/containerd/containerd/pull/11068)) #### Runtime * Update runc binary to v1.2.3 ([#11142](https://github.com/containerd/containerd/pull/11142)) * Fix panic due to nil dereference cgroups v2 ([#11098](https://github.com/containerd/containerd/pull/11098)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Wei Fu * Archit Kulkarni * Jin Dong * Phil Estes * Akhil Mohan * Akihiro Suda * Alexey Lunev * Austin Vazquez * Maksym Pavlenko * Mike Brown * Michael Zappa * Samuel Karp * Sebastiaan van Stijn * Andrey Smirnov * Davanum Srinivas ### Changes <details><summary>50 commits</summary> <p> * Prepare release notes for v2.0.1 ([#11158](https://github.com/containerd/containerd/pull/11158)) * [`b0ece5dc5`](https://github.com/containerd/containerd/commit/b0ece5dc55f93493c2d94f4c19139f0dc49d8f38) Prepare release notes for v2.0.1 * build(deps): bump actions/attest-build-provenance from 1.4.4 to 2.1.0 ([#11154](https://github.com/containerd/containerd/pull/11154)) * [`fe6957084`](https://github.com/containerd/containerd/commit/fe695708499661af965e068bc4c458b868cc2229) build(deps): bump actions/attest-build-provenance from 1.4.4 to 2.1.0 * update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+ ([#11153](https://github.com/containerd/containerd/pull/11153)) * [`eb2ce6882`](https://github.com/containerd/containerd/commit/eb2ce688293bdb1914ffa2928bb6f3fd88bae114) update xx to v1.6.1 for compatibility with alpine 3.21 and file 5.46+ * ctr pull should unpack for default platform when transfer service is used ([#11139](https://github.com/containerd/containerd/pull/11139)) * [`44cdca68b`](https://github.com/containerd/containerd/commit/44cdca68b5f97f85386eea305c14c08ed3e93520) ctr pull unpack for default platform using transfer service * Fix apply IoOwner options when not in user namespace ([#11151](https://github.com/containerd/containerd/pull/11151)) * [`018d83650`](https://github.com/containerd/containerd/commit/018d83650fd4b23d61cd7af381ea5123935005c6) internal/cri: should not apply IoOwner options * Update go-cni for CNI STATUS ([#11146](https://github.com/containerd/containerd/pull/11146)) * [`5eb7995a9`](https://github.com/containerd/containerd/commit/5eb7995a9ae16deb23af0b320a91de633dae0ce0) feat: update go-cni version for CNI STATUS * Fix cri grpc plugin config migration ([#11140](https://github.com/containerd/containerd/pull/11140)) * [`a2302ea89`](https://github.com/containerd/containerd/commit/a2302ea89f90cb8ef2cafea3ca4ed20933d5d8b5) Add integration test for custom configuration * [`be5eda069`](https://github.com/containerd/containerd/commit/be5eda069f1055d934b40815d0ee30eeeda3771e) complete cri grpc config migration * Update runc binary to v1.2.3 ([#11142](https://github.com/containerd/containerd/pull/11142)) * [`a53eff53d`](https://github.com/containerd/containerd/commit/a53eff53d9ad0ed99ae3b48473c5fcb90c930aa4) update runc binary to v1.2.3 * Update differ to handle zstd media types ([#11068](https://github.com/containerd/containerd/pull/11068)) * [`73f57acb0`](https://github.com/containerd/containerd/commit/73f57acb0da8dd4cff5f9dab2fd8685d7bd0048b) Update differ to handle zstd media types * update to go1.23.4 / go1.22.10 ([#11109](https://github.com/containerd/containerd/pull/11109)) * [`290e8bc70`](https://github.com/containerd/containerd/commit/290e8bc70405718e6f61c91415e08affc3ed1056) update to go1.23.4 / go1.22.10 * CI: update Fedora to 41 ([#11110](https://github.com/containerd/containerd/pull/11110)) * [`62b790bfa`](https://github.com/containerd/containerd/commit/62b790bfac2aa5e4825bb37b93dcc75286ae2a09) CI: update Fedora to 41 * Fix panic due to nil dereference cgroups v2 ([#11098](https://github.com/containerd/containerd/pull/11098)) * [`3ba2df924`](https://github.com/containerd/containerd/commit/3ba2df924a3f23419b7e8fe2626fa55cd934eb16) fix panic due to nil dereference cgroups v2 * Publish attestation as release artifact ([#11067](https://github.com/containerd/containerd/pull/11067)) * [`34a45cab2`](https://github.com/containerd/containerd/commit/34a45cab2a573a589415d8d83fc00c3b6114bfff) Publish attestation as release artifact * Move rockylinux 9.4 to almalinux/9 in CI ([#11053](https://github.com/containerd/containerd/pull/11053)) * [`7dec6b460`](https://github.com/containerd/containerd/commit/7dec6b460752fb77b4754ef527c5ce492ac3c0ac) move rocky 9.4 to almalinux/9 in CI * *: should align pipe's owner with init process ([#11035](https://github.com/containerd/containerd/pull/11035)) * [`cf07f28ee`](https://github.com/containerd/containerd/commit/cf07f28ee22a6df79177b55751902b24548105ad) *: should align pipe's owner with init process * fix: set the credentials even if not provided ([#11031](https://github.com/containerd/containerd/pull/11031)) * [`986088866`](https://github.com/containerd/containerd/commit/9860888666f7e96a37d0a412ee80be065ea74903) fix: set the credentials even if not provided * fsverity_test.go: fix nil pointer derefence, fix test fail, fix minor/major device numbers resolving ([#10978](https://github.com/containerd/containerd/pull/10978)) * [`30b929ece`](https://github.com/containerd/containerd/commit/30b929ece7e79e030a710de13a58d73b79853e7c) fsverity_test.go: fix major/minor device number resolving * [`10996a334`](https://github.com/containerd/containerd/commit/10996a334b2d507e919244fd60be09f62384e3c0) fsverity_test.go: fix nil pointer dereference, fix test fail * update runc binary to 1.2.2 ([#11023](https://github.com/containerd/containerd/pull/11023)) * [`9081e979f`](https://github.com/containerd/containerd/commit/9081e979f7c8e6c0628fd1796cccb5d08d714f11) update runc binary to 1.2.2 * Revert "Disable vagrant strict dependency checking" ([#11009](https://github.com/containerd/containerd/pull/11009)) * [`6399c936f`](https://github.com/containerd/containerd/commit/6399c936fa46999d893fb2309f9a9453c9f7951a) Revert "Disable vagrant strict dependency checking" * fsverity_linux.go: Fix fsverity.IsEnabled() for big endian systems ([#11005](https://github.com/containerd/containerd/pull/11005)) * [`a7f2b562f`](https://github.com/containerd/containerd/commit/a7f2b562f3b6f87733ae4e3e4fd04afad3b24816) fsverity_linux.go: Fix fsverity.IsEnabled() for big endian systems * bump github.com/containerd/typeurl/v2 from 2.2.2 to 2.2.3 ([#10997](https://github.com/containerd/containerd/pull/10997)) * [`389e781ea`](https://github.com/containerd/containerd/commit/389e781ea10b81d97093eee94e7dba55620f844f) build(deps): bump github.com/containerd/typeurl/v2 from 2.2.2 to 2.2.3 * update to go1.23.3 / go1.22.9 ([#10973](https://github.com/containerd/containerd/pull/10973)) * [`5b879f30c`](https://github.com/containerd/containerd/commit/5b879f30c05d88f98455dc76f4fe296cb9771b56) update to go1.23.3 / go1.22.9 * ci: enable marking 2.0 releases as latest ([#10963](https://github.com/containerd/containerd/pull/10963)) * [`458215f6c`](https://github.com/containerd/containerd/commit/458215f6cf256d644239eed9ff40db1b2eceaeb6) ci: enable marking 2.0 releases as latest * Avoid arch info in the sed/replace when building cri-cni-containerd.tar.gz ([#10968](https://github.com/containerd/containerd/pull/10968)) * [`e99c2b55c`](https://github.com/containerd/containerd/commit/e99c2b55c3fcbb2e04e0bc2fed37b0c2d7fe9245) Avoid arch info in the sed/replace when building cri-cni-containerd.tar.gz </p> </details> ### Changes from containerd/go-cni <details><summary>7 commits</summary> <p> * Support CNI STATUS Verb ([containerd/go-cni#123](https://github.com/containerd/go-cni/pull/123)) * [`208eca9`](https://github.com/containerd/go-cni/commit/208eca91c33bb793f471831a0abaf6cebe9676a4) support CNI status verb * Bump github actions dependencies to match containerd CI repo and fix lint ([containerd/go-cni#122](https://github.com/containerd/go-cni/pull/122)) * [`386f475`](https://github.com/containerd/go-cni/commit/386f4757e63914b2589b8abe6098bfa23f83fa8b) Fix ci.yml indent * [`a9b0675`](https://github.com/containerd/go-cni/commit/a9b0675fc9b8b5ce52d84f91a4fc049501853862) Another doc commit to trigger lint? * [`14af454`](https://github.com/containerd/go-cni/commit/14af4542b76fa694f2e1853b35554f23c6829f5d) Bump github actions dependency versions * [`9e0d096`](https://github.com/containerd/go-cni/commit/9e0d096d58145757809ddce8b8650efc07e19916) Trivial doc commit to trigger lint </p> </details> ### Dependency Changes * **github.com/containerd/go-cni** v1.1.10 -> v1.1.11 * **github.com/containerd/typeurl/v2** v2.2.2 -> v2.2.3 Previous release can be found at [v2.0.0](https://github.com/containerd/containerd/releases/tag/v2.0.0) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
-
-
v1.7.2488bf19b2 · ·
containerd 1.7.24 Welcome to the v1.7.24 release of containerd! The twenty-fourth patch release for containerd 1.7 contains various fixes and updates. ### Highlights * Update runc binary to 1.2.2 ([#11027](https://github.com/containerd/containerd/pull/11027)) * Fix "invalid metric type" error message for cgroup v1 ([#10814](https://github.com/containerd/containerd/pull/10814)) #### Container Runtime Interface (CRI) * Update the container exit log to info level ([#11007](https://github.com/containerd/containerd/pull/11007)) #### Image Distribution * Fix retry logic and concurrency issue with http fallback ([#11032](https://github.com/containerd/containerd/pull/11032)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Phil Estes * Akhil Mohan * Akihiro Suda * Maksym Pavlenko * Austin Vazquez * Samuel Karp * Benjamin Peterson * Davanum Srinivas * Iceber Gu * Mike Brown * Sebastiaan van Stijn * Tõnis Tiigi * ningmingxiao ### Changes <details><summary>36 commits</summary> <p> * Prepare release notes for v1.7.24 ([#11036](https://github.com/containerd/containerd/pull/11036)) * [`936f8e2de`](https://github.com/containerd/containerd/commit/936f8e2dee4ab47369a23a1071efd4304ba35e39) Prepare release notes for v1.7.24 * Update the container exit log to info level ([#11007](https://github.com/containerd/containerd/pull/11007)) * [`47ff8e2b6`](https://github.com/containerd/containerd/commit/47ff8e2b6250e582c03564bb8a02eec2af19571f) add info of exited event * Fix retry logic and concurrency issue with http fallback ([#11032](https://github.com/containerd/containerd/pull/11032)) * [`10af0d60f`](https://github.com/containerd/containerd/commit/10af0d60fbaa20cc07c0d54c60ef22e349efce42) Adds a mutex to protect fallback host * [`e426ec51b`](https://github.com/containerd/containerd/commit/e426ec51ba9f27a64ba21a2c9a0902cfc8493832) Use unix and windows specific connection error checks * [`49c9f303b`](https://github.com/containerd/containerd/commit/49c9f303b1d35101bb798cb37c57b06cd1eacf5e) Allow fallback across default ports * local: avoid writing to content root on readonly store ([#10913](https://github.com/containerd/containerd/pull/10913)) * [`ddf2b03ed`](https://github.com/containerd/containerd/commit/ddf2b03edf74a7b72b69125efcaad724f85f8b5d) local: avoid writing to content root on readonly store * Update runc binary to 1.2.2 ([#11027](https://github.com/containerd/containerd/pull/11027)) * [`06e72da76`](https://github.com/containerd/containerd/commit/06e72da7673ef512e381fcabdc14e15b6677a7dc) update runc binary to 1.2.2 * Revert "Disable vagrant strict dependency checking" ([#11011](https://github.com/containerd/containerd/pull/11011)) * [`23a31ce63`](https://github.com/containerd/containerd/commit/23a31ce630a580517d741f6160bf146d17dbbf8b) Revert "Disable vagrant strict dependency checking" * testutil: avoid conflict with continuity/testutil ([#10956](https://github.com/containerd/containerd/pull/10956)) * [`4bd411f8c`](https://github.com/containerd/containerd/commit/4bd411f8c8cfc92fb6c55e8e1f5cb83d9790b3f8) testutil: avoid conflict with continuity/testutil * update cri-tools to v1.29.0 ([#10969](https://github.com/containerd/containerd/pull/10969)) * [`216dc892e`](https://github.com/containerd/containerd/commit/216dc892e02cee69e3f5cdaaf54760307e0558ab) update cri-tools to v1.29.0 * update build to go1.22.9, test go1.23.3 ([#10974](https://github.com/containerd/containerd/pull/10974)) * [`56a7d31cb`](https://github.com/containerd/containerd/commit/56a7d31cb5b4a3dac964350113240999707e26a9) update build to go1.22.9, test go1.23.3 * ci: disable marking 1.7 releases as latest ([#10962](https://github.com/containerd/containerd/pull/10962)) * [`205940716`](https://github.com/containerd/containerd/commit/205940716b01b4eb8244e7431afd5f06166e1cb4) ci: disable marking 1.7 releases as latest * Avoid arch info in the sed/replace when building cri-cni-containerd.tar.gz ([#10976](https://github.com/containerd/containerd/pull/10976)) * [`b7bb8d515`](https://github.com/containerd/containerd/commit/b7bb8d5158a497cff0f4735160f528e94b2b8e8b) Avoid arch info in the sed/replace when building cri-cni-containerd.tar.gz * backport: Disable vagrant strict dependency checking ([#10965](https://github.com/containerd/containerd/pull/10965)) * [`860a51384`](https://github.com/containerd/containerd/commit/860a51384231e9ce432710676a15d17ee0c90b4b) Disable vagrant strict dependency checking * Update runc binary to 1.2.1 ([#10940](https://github.com/containerd/containerd/pull/10940)) * [`710cd3716`](https://github.com/containerd/containerd/commit/710cd371690f0663c6953e1bdc7db4daee2354b5) update runc binary to 1.2.1 * services/snapshots: include name of snapshotter in debug logs ([#10931](https://github.com/containerd/containerd/pull/10931)) * [`5bd0834ce`](https://github.com/containerd/containerd/commit/5bd0834ce94032f394f5cd6e267f98ede4ebe889) services/snapshots: include name of snapshotter in debug logs * Make TestContainerPids more resilient ([#10936](https://github.com/containerd/containerd/pull/10936)) * [`455787bf8`](https://github.com/containerd/containerd/commit/455787bf80f3f1556f644211d393dbe26d5dafe6) Make TestContainerPids more resilient * Add After=dbus.service to containerd.service ([#10859](https://github.com/containerd/containerd/pull/10859)) * [`cb82e52a4`](https://github.com/containerd/containerd/commit/cb82e52a43cfb150daa5ce2dcce5805655447fa7) Add After=dbus.service to containerd.service * Fix "invalid metric type" error message for cgroup v1 ([#10814](https://github.com/containerd/containerd/pull/10814)) * [`d6f577843`](https://github.com/containerd/containerd/commit/d6f5778439dd9b2bdd7ab3199e6eaaddb3ba39b8) metrics: Use UnmarshalTo instead of UnmarshalAny </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.7.23](https://github.com/containerd/containerd/releases/tag/v1.7.23)
-
v2.0.0207ad711 · ·
containerd 2.0.0 Welcome to the v2.0.0 release of containerd! The first major release of containerd 2.x focuses on the continued stability of containerd's core feature set with an easy upgrade from containerd 1.x. This release includes the stabilization of new features added in the last 1.x release as well as the removal of features which were deprecated in 1.x. The goal is to support the vast community of containerd users well into the future along with their ever increasing deployment footprints and variety of use cases. See [containerd 2.0](https://github.com/containerd/containerd/blob/main/docs/containerd-2.0.md) documentation for details on what is new and has changed in this release. ### Highlights * Allow sections of Plugins to be merged, and not overwritten as entire sections. ([#9982](https://github.com/containerd/containerd/pull/9982)) * Add Update API for sandbox controller ([#9903](https://github.com/containerd/containerd/pull/9903)) * Configure otel from env instead of config.toml ([#8970](https://github.com/containerd/containerd/pull/8970)) * Enable NRI by default ([#9744](https://github.com/containerd/containerd/pull/9744)) * Add PluginInfo to introspection API ([#9442](https://github.com/containerd/containerd/pull/9442)) * Remove overlayfs volatile option on temp mounts ([#9555](https://github.com/containerd/containerd/pull/9555)) * Expose usage of deprecated features ([#9258](https://github.com/containerd/containerd/pull/9258)) * Use Intel ISA-L's igzip if available ([#9200](https://github.com/containerd/containerd/pull/9200)) * Introduce top level config migration ([#9223](https://github.com/containerd/containerd/pull/9223)) * Add image delete target ([#8989](https://github.com/containerd/containerd/pull/8989)) * Remove `LimitNOFILE` from `containerd.service` ([#8924](https://github.com/containerd/containerd/pull/8924)) * Add support for image expiration during garbage collection ([#9022](https://github.com/containerd/containerd/pull/9022)) * Reduce the contention between ref lock and boltdb lock in content store ([#8792](https://github.com/containerd/containerd/pull/8792)) * Remove "containerd.io/restart.logpath" label ([#8264](https://github.com/containerd/containerd/pull/8264)) * Remove `aufs` snapshotter ([#8263](https://github.com/containerd/containerd/pull/8263)) * Fix deadlock during NRI plugin registration ([containerd/nri#79](https://github.com/containerd/nri/pull/79)) * Support arm64/v9 and minor variants ([containerd/platforms#8](https://github.com/containerd/platforms/pull/8)) * Fix deadlock when writing to pipe blocks ([containerd/ttrpc#168](https://github.com/containerd/ttrpc/pull/168)) #### Build and Release Toolchain * Generate attestation for artifacts during release ([#10543](https://github.com/containerd/containerd/pull/10543)) * Remove `cri-containerd-*.tar.gz` release bundles ([#9096](https://github.com/containerd/containerd/pull/9096)) #### Container Runtime Interface (CRI) * Use 'UserSpecifiedImage' from CRI to set the image-name annotation ([#10747](https://github.com/containerd/containerd/pull/10747)) * Fine-grained SupplementalGroups control ([#9737](https://github.com/containerd/containerd/pull/9737)) * Add support to set loopback to up ([#10238](https://github.com/containerd/containerd/pull/10238)) * KEP-3857: Recursive Read-only (RRO) mounts ([#9787](https://github.com/containerd/containerd/pull/9787)) * Add support for multiple subscribers to CRI container events ([#9661](https://github.com/containerd/containerd/pull/9661)) * Enable CDI by default ([#9621](https://github.com/containerd/containerd/pull/9621)) * Remove non-sandboxed CRI implementation ([#9228](https://github.com/containerd/containerd/pull/9228)) * Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) ([#8287](https://github.com/containerd/containerd/pull/8287)) * Use sandboxed CRI by default ([#8994](https://github.com/containerd/containerd/pull/8994)) * Implement RuntimeConfig CRI call ([#8722](https://github.com/containerd/containerd/pull/8722)) * Add support for user namespaces (KEP-127) ([#8803](https://github.com/containerd/containerd/pull/8803)) * Remove CRI v1alpha2 ([#8276](https://github.com/containerd/containerd/pull/8276)) #### Go client * Add api Go module and move all protos under api ([#10151](https://github.com/containerd/containerd/pull/10151)) * Move packages based on contributing guide ([#9365](https://github.com/containerd/containerd/pull/9365)) * Generalize plugin library ([#9214](https://github.com/containerd/containerd/pull/9214)) * Use github.com/containerd/log ([#9086](https://github.com/containerd/containerd/pull/9086)) #### Image Distribution * Support to syncfs after pull by using diff plugin ([#10284](https://github.com/containerd/containerd/pull/10284)) * Skip "unknown" in image platform listing ([#10257](https://github.com/containerd/containerd/pull/10257)) * Update unpacker to fetch all provided content ([#10202](https://github.com/containerd/containerd/pull/10202)) * Enable Transfer service API to support plain HTTP ([#10024](https://github.com/containerd/containerd/pull/10024)) * Enable Transfer service to use registry configuration directory ([#9908](https://github.com/containerd/containerd/pull/9908)) * Disable the support for Schema 1 images ([#9765](https://github.com/containerd/containerd/pull/9765)) * Update Transfer service to add OCI descriptors to Progress structure ([#9630](https://github.com/containerd/containerd/pull/9630)) * Update import and export to allow references to missing content ([#9554](https://github.com/containerd/containerd/pull/9554)) * Add option to perform syncfs after pull ([#9401](https://github.com/containerd/containerd/pull/9401)) * Add image verifier transfer service plugin system based on a binary directory ([#8493](https://github.com/containerd/containerd/pull/8493)) #### Runtime * Implement RuntimeStatus.features.supplemental_groups_policy from KEP-3619 ([#10410](https://github.com/containerd/containerd/pull/10410)) * Add pprof to runc-shim ([#10242](https://github.com/containerd/containerd/pull/10242)) * Provide runtime options in plugin info ([#10251](https://github.com/containerd/containerd/pull/10251)) * Store bootstrap parameters in sandbox metadata ([#9736](https://github.com/containerd/containerd/pull/9736)) * Update apparmor to allow confined runc to kill containers ([#10123](https://github.com/containerd/containerd/pull/10123)) * Support vsock connection to task api ([#9738](https://github.com/containerd/containerd/pull/9738)) * Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([#9320](https://github.com/containerd/containerd/pull/9320)) * Switch runc shim to task service v3 and fix restore ([#9233](https://github.com/containerd/containerd/pull/9233)) * Add sandboxer configuration and move sandbox controllers to plugins ([#8268](https://github.com/containerd/containerd/pull/8268)) * Add annotations to CreateSandbox request ([#8960](https://github.com/containerd/containerd/pull/8960)) * Add SandboxMetrics ([#8680](https://github.com/containerd/containerd/pull/8680)) * Publish sandbox events ([#8602](https://github.com/containerd/containerd/pull/8602)) * Remove the CriuPath field from runc's options ([#8279](https://github.com/containerd/containerd/pull/8279)) * Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([#8262](https://github.com/containerd/containerd/pull/8262)) #### Security Advisories * [medium] RAPL accessible to a container [GHSA-7ww5-4wqc-m92c](https://github.com/containerd/containerd/security/advisories/GHSA-7ww5-4wqc-m92c) #### Breaking * Remove `disable_cgroup` from CRI config ([#10594](https://github.com/containerd/containerd/pull/10594)) * Disable the support for Schema 1 images ([#9765](https://github.com/containerd/containerd/pull/9765)) * Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([#9320](https://github.com/containerd/containerd/pull/9320)) * Move client to subpackage ([#9316](https://github.com/containerd/containerd/pull/9316)) * Remove `LimitNOFILE` from `containerd.service` ([#8924](https://github.com/containerd/containerd/pull/8924)) * Remove CRI v1alpha2 ([#8276](https://github.com/containerd/containerd/pull/8276)) * Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([#8262](https://github.com/containerd/containerd/pull/8262)) * Remove "containerd.io/restart.logpath" label ([#8264](https://github.com/containerd/containerd/pull/8264)) * Remove `aufs` snapshotter ([#8263](https://github.com/containerd/containerd/pull/8263)) #### Deprecations * Update warnings for deprecated CRI config fields ([#10509](https://github.com/containerd/containerd/pull/10509)) * Add type alias for event Envelope ([#10279](https://github.com/containerd/containerd/pull/10279)) * Postpone removal of deprecated CRI config properties ([#9966](https://github.com/containerd/containerd/pull/9966)) * Deprecate go-plugin configuration option ([#9238](https://github.com/containerd/containerd/pull/9238)) * CNI conf_template in CRI is no longer deprecated ([#8637](https://github.com/containerd/containerd/pull/8637)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Akihiro Suda * Maksym Pavlenko * Wei Fu * Phil Estes * Sebastiaan van Stijn * Samuel Karp * Krisztian Litkey * Kazuyoshi Kato * Austin Vazquez * Rodrigo Campos * Danny Canter * Abel Feng * Mike Brown * Kirtana Ashok * Akhil Mohan * Iceber Gu * Gabriel Adrian Samfira * Jin Dong * Kohei Tokunaga * Bjorn Neergaard * Brian Goff * Justin Chadwell * rongfu.leng * James Sturtevant * Davanum Srinivas * Paul "TBBle" Hampson * Henry Wang * Enrico Weigelt * Laura Brehm * Marat Radchenko * Paweł Gronowski * Shingo Omura * Hsing-Yu (David) Chen * Ilya Hanov * Cardy.Tang * Swagat Bora * Aditi Sharma * Amit Barve * Bryant Biggs * Evan Lezar * James Jenkins * Jordan Liggitt * Kay Yan * Markus Lehtonen * Nashwan Azhari * Shuaiyi Zhang * Vinayak Goyal * helen * Alexandru Matei * Anthony Nandaa * Avi Deitcher * Charity Kathure * Cory Snider * Ed Bartosh * Etienne Champetier * Kevin Parsons * Michael Zappa * Milas Bowman * lengrongfu * ningmingxiao * yanggang * zounengren * Aditya Ramani * Adrian Reber * Amir M. Ghazanfari * Antonio Ojea * Artem Khramov * Brad Davidson * Chen Yiyang * Chongyi Zheng * Christian Muehlhaeuser * Djordje Lukic * Edgar Lee * Eric Lin * Ethan Lowman * Jiang Liu * June Rhodes * Kern Walster * Lei Jitang * Lucas Rattz * Mahamed Ali * Maksim An * Michael Crosby * Peteris Rudzusiks * Ray Burgemeestre * Sam Edwards * Samruddhi Khandale * Sascha Grunert * Steve Griffith * Tony Fang * Tõnis Tiigi * VERNOU Cédric * Vishal Reddy Gurrala * Xiaojin Zhang * Yang Yang * hang.jiang * harshitasao * jerryzhuang * roman-kiselenko * zhanluxianshen * Aaron Lehmann * AbdelrahmanElawady * Adrien Delorme * Alex Couture-Beil * Alex Ellis * Alex Rodriguez * Angelos Kolaitis * Antonio Huete Jimenez * Antti Kervinen * Arash Haghighat * Arkin Modi * Ben Foster * Benjamin Peterson * Bin Tang * Bin Xin * BinBin He * Brennan Kinney * Changqing Li * ChengenH * ChengyuZhu6 * Christian Stewart * Colin O'Dell * Craig Ingram * Daisy Rong * David Porter * David Son * Derek Nola * Eng Zer Jun * Erikson Tung * Fabiano Fidêncio * Fahed Dorgaa * Gabriela Cervantes * Gary McDonald * Iain Macdonald * James Lakin * Jan Dubois * Jaroslav Jindrak * Javier Maestro * Jian Wang * Jiongchi Yu * Julien Balestra * Kir Kolyshkin * Kirill A. Korinsky * Konstantin Khlebnikov * Lei Liu * Matteo Pulcini * Mauri de Souza Meneguzzo * Mike Baynton * Niklas Gehlen * Pan Yibo * Paul Meyer * Qasim Sarfraz * Qiutong Song * Reinhard Tartler * Robbie Buxton * Robert-André Mauchin * Ruihua Wen * Saket Jajoo * Sameer * Shengjing Zhu * Shiming Zhang * Shukui Yang * StepSecurity Bot * Talon * Tariq Ibrahim * Tianon Gravi * Tim Hockin * TinaMor * Tobias Klauser * Tomáš Virtus * Wang Xinwen * William Chen * Xinyang Ge * Yibo Zhuang * Yuhang Wei * Yury Gargay * Zechun Chen * Zhang Tianyang * Zoe * baijia * bo.jiang * bzsuni * charles-chenzz * chschumacher1994 * cormick * guangli.bao * guangwu * jinda.ljd * jingtao.liang * krglosse * pigletfly * rokkiter * wangxiang * zhangpeng * zhaojizhuang * 吴小白 * 张钰 * 沈陵 * 谭九鼎 ### Dependency Changes * **dario.cat/mergo** v1.0.1 **_new_** * **github.com/AdaLogics/go-fuzz-headers** 1f10f66a31bf -> e8a1dd7889d6 * **github.com/AdamKorcz/go-118-fuzz-build** 5330a85ea652 -> 2b5cbb29f3e2 * **github.com/Microsoft/go-winio** v0.6.0 -> v0.6.2 * **github.com/Microsoft/hcsshim** v0.10.0-rc.7 -> v0.12.9 * **github.com/cenkalti/backoff/v4** v4.2.0 -> v4.3.0 * **github.com/cespare/xxhash/v2** v2.2.0 -> v2.3.0 * **github.com/checkpoint-restore/checkpointctl** v1.3.0 **_new_** * **github.com/checkpoint-restore/go-criu/v7** v7.2.0 **_new_** * **github.com/cilium/ebpf** v0.9.1 -> v0.11.0 * **github.com/containerd/cgroups/v3** v3.0.1 -> v3.0.3 * **github.com/containerd/console** v1.0.3 -> v1.0.4 * **github.com/containerd/containerd/api** v1.8.0 **_new_** * **github.com/containerd/continuity** v0.3.0 -> v0.4.4 * **github.com/containerd/errdefs** v1.0.0 **_new_** * **github.com/containerd/errdefs/pkg** v0.3.0 **_new_** * **github.com/containerd/go-cni** v1.1.9 -> v1.1.10 * **github.com/containerd/go-runc** v1.0.0 -> v1.1.0 * **github.com/containerd/imgcrypt/v2** v2.0.0-rc.1 **_new_** * **github.com/containerd/log** v0.1.0 **_new_** * **github.com/containerd/nri** v0.3.0 -> v0.8.0 * **github.com/containerd/otelttrpc** ea5083fda723 **_new_** * **github.com/containerd/platforms** v1.0.0-rc.0 **_new_** * **github.com/containerd/plugin** v1.0.0 **_new_** * **github.com/containerd/ttrpc** v1.2.1 -> v1.2.6 * **github.com/containerd/typeurl/v2** v2.1.0 -> v2.2.2 * **github.com/containerd/zfs/v2** v2.0.0-rc.0 **_new_** * **github.com/containernetworking/cni** v1.1.2 -> v1.2.3 * **github.com/containernetworking/plugins** v1.2.0 -> v1.5.1 * **github.com/containers/ocicrypt** v1.1.6 -> v1.2.0 * **github.com/cpuguy83/go-md2man/v2** v2.0.2 -> v2.0.5 * **github.com/davecgh/go-spew** v1.1.1 -> d8f796af33cc * **github.com/distribution/reference** v0.6.0 **_new_** * **github.com/emicklei/go-restful/v3** v3.10.1 -> v3.11.0 * **github.com/felixge/httpsnoop** v1.0.4 **_new_** * **github.com/fsnotify/fsnotify** v1.6.0 -> v1.7.0 * **github.com/fxamacker/cbor/v2** v2.7.0 **_new_** * **github.com/go-jose/go-jose/v4** v4.0.4 **_new_** * **github.com/go-logr/logr** v1.2.3 -> v1.4.2 * **github.com/golang/protobuf** v1.5.2 -> v1.5.4 * **github.com/google/go-cmp** v0.5.9 -> v0.6.0 * **github.com/google/uuid** v1.3.0 -> v1.6.0 * **github.com/gorilla/websocket** v1.5.0 **_new_** * **github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus** v1.0.1 **_new_** * **github.com/grpc-ecosystem/go-grpc-middleware/v2** v2.1.0 **_new_** * **github.com/grpc-ecosystem/grpc-gateway/v2** v2.7.0 -> v2.22.0 * **github.com/intel/goresctrl** v0.3.0 -> v0.8.0 * **github.com/klauspost/compress** v1.16.0 -> v1.17.11 * **github.com/mdlayher/socket** v0.4.1 **_new_** * **github.com/mdlayher/vsock** v1.2.1 **_new_** * **github.com/mistifyio/go-zfs/v3** v3.0.1 **_new_** * **github.com/moby/spdystream** v0.2.0 -> v0.4.0 * **github.com/moby/sys/mountinfo** v0.6.2 -> v0.7.2 * **github.com/moby/sys/sequential** v0.5.0 -> v0.6.0 * **github.com/moby/sys/signal** v0.7.0 -> v0.7.1 * **github.com/moby/sys/symlink** v0.2.0 -> v0.3.0 * **github.com/moby/sys/user** v0.3.0 **_new_** * **github.com/moby/sys/userns** v0.1.0 **_new_** * **github.com/munnerz/goautoneg** a7dc8b61c822 **_new_** * **github.com/mxk/go-flowrate** cca7078d478f **_new_** * **github.com/opencontainers/image-spec** 3a7f492d3f1b -> v1.1.0 * **github.com/opencontainers/runtime-spec** v1.1.0-rc.1 -> v1.2.0 * **github.com/opencontainers/runtime-tools** 946c877fa809 -> 2e043c6bd626 * **github.com/opencontainers/selinux** v1.11.0 -> v1.11.1 * **github.com/pelletier/go-toml/v2** v2.2.3 **_new_** * **github.com/pmezard/go-difflib** v1.0.0 -> 5d4384ee4fb2 * **github.com/prometheus/client_golang** v1.14.0 -> v1.20.5 * **github.com/prometheus/client_model** v0.3.0 -> v0.6.1 * **github.com/prometheus/common** v0.37.0 -> v0.55.0 * **github.com/prometheus/procfs** v0.8.0 -> v0.15.1 * **github.com/sirupsen/logrus** v1.9.0 -> v1.9.3 * **github.com/stefanberger/go-pkcs11uri** 78d3cae3a980 -> 78284954bff6 * **github.com/stretchr/testify** v1.8.2 -> v1.9.0 * **github.com/urfave/cli/v2** v2.27.5 **_new_** * **github.com/vishvananda/netlink** v1.2.1-beta.2 -> v1.3.0 * **github.com/vishvananda/netns** 2eb08e3e575f -> v0.0.4 * **github.com/x448/float16** v0.8.4 **_new_** * **github.com/xrash/smetrics** 686a1a2994c1 **_new_** * **go.etcd.io/bbolt** v1.3.7 -> v1.3.11 * **go.mozilla.org/pkcs7** 432b2356ecb1 -> v0.9.0 * **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.40.0 -> v0.56.0 * **go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp** v0.56.0 **_new_** * **go.opentelemetry.io/otel** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/otel/metric** v0.37.0 -> v1.31.0 * **go.opentelemetry.io/otel/sdk** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/otel/trace** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/proto/otlp** v0.19.0 -> v1.3.1 * **golang.org/x/crypto** v0.1.0 -> v0.28.0 * **golang.org/x/exp** aacd6d4b4611 **_new_** * **golang.org/x/mod** v0.7.0 -> v0.21.0 * **golang.org/x/net** v0.7.0 -> v0.30.0 * **golang.org/x/oauth2** v0.4.0 -> v0.22.0 * **golang.org/x/sync** v0.1.0 -> v0.8.0 * **golang.org/x/sys** v0.6.0 -> v0.26.0 * **golang.org/x/term** v0.5.0 -> v0.25.0 * **golang.org/x/text** v0.7.0 -> v0.19.0 * **golang.org/x/time** 90d013bbcef8 -> v0.3.0 * **google.golang.org/genproto/googleapis/api** 5fefd90f89a9 **_new_** * **google.golang.org/genproto/googleapis/rpc** 324edc3d5d38 **_new_** * **google.golang.org/grpc** v1.53.0 -> v1.67.1 * **google.golang.org/protobuf** v1.28.1 -> v1.35.1 * **k8s.io/api** v0.26.2 -> v0.31.2 * **k8s.io/apimachinery** v0.26.2 -> v0.31.2 * **k8s.io/apiserver** v0.26.2 -> v0.31.2 * **k8s.io/client-go** v0.26.2 -> v0.31.2 * **k8s.io/component-base** v0.26.2 -> v0.31.2 * **k8s.io/cri-api** v0.26.2 -> v0.31.2 * **k8s.io/klog/v2** v2.90.1 -> v2.130.1 * **k8s.io/kubelet** v0.31.2 **_new_** * **k8s.io/utils** a5ecb0141aa5 -> 18e509b52bc8 * **sigs.k8s.io/json** f223a00ba0e2 -> bc3834ca7abd * **sigs.k8s.io/structured-merge-diff/v4** v4.2.3 -> v4.4.1 * **sigs.k8s.io/yaml** v1.3.0 -> v1.4.0 * **tags.cncf.io/container-device-interface** v0.8.0 **_new_** * **tags.cncf.io/container-device-interface/specs-go** v0.8.0 **_new_** Previous release can be found at [v1.7.0](https://github.com/containerd/containerd/releases/tag/v1.7.0) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
-
api/v1.8.0cf36acf6 · ·
containerd api/v1.8.0 Welcome to the api/v1.8.0 release of containerd! The first dedicated release for the containerd API. This release continues the 1.x line of API compatibility with the 9th minor release of the 1.x API. ### Highlights * Add Update API for sandbox controller ([#9903](https://github.com/containerd/containerd/pull/9903)) * Add PluginInfo to introspection API ([#9442](https://github.com/containerd/containerd/pull/9442)) * Expose usage of deprecated features ([#9258](https://github.com/containerd/containerd/pull/9258)) * Add image delete target ([#8989](https://github.com/containerd/containerd/pull/8989)) #### Go client * Add api Go module and move all protos under api ([#10151](https://github.com/containerd/containerd/pull/10151)) #### Image Distribution * Enable Transfer service API to support plain HTTP ([#10024](https://github.com/containerd/containerd/pull/10024)) * Enable Transfer service to use registry configuration directory ([#9908](https://github.com/containerd/containerd/pull/9908)) * Update Transfer service to add OCI descriptors to Progress structure ([#9630](https://github.com/containerd/containerd/pull/9630)) * Add option to perform syncfs after pull ([#9401](https://github.com/containerd/containerd/pull/9401)) #### Runtime * Store bootstrap parameters in sandbox metadata ([#9736](https://github.com/containerd/containerd/pull/9736)) * Add sandboxer configuration and move sandbox controllers to plugins ([#8268](https://github.com/containerd/containerd/pull/8268)) * Add annotations to CreateSandbox request ([#8960](https://github.com/containerd/containerd/pull/8960)) * Add SandboxMetrics ([#8680](https://github.com/containerd/containerd/pull/8680)) * Publish sandbox events ([#8602](https://github.com/containerd/containerd/pull/8602)) #### Deprecations * Add type alias for event Envelope ([#10279](https://github.com/containerd/containerd/pull/10279)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Maksym Pavlenko * Wei Fu * Abel Feng * Akihiro Suda * Phil Estes * Danny Canter * Samuel Karp * Kohei Tokunaga * Sebastiaan van Stijn * Akhil Mohan * Brian Goff * Bryant Biggs * Davanum Srinivas * Iceber Gu * Kirtana Ashok ### Changes <details><summary>65 commits</summary> <p> * Prepare release notes for api/v1.8.0 ([#10935](https://github.com/containerd/containerd/pull/10935)) * [`d38911808`](https://github.com/containerd/containerd/commit/d38911808acfb7290092af0513cf25ec94dbcfe1) Prepare release notes for api/v1.8.0 * Clean up some dependency trees for runc shim ([#10757](https://github.com/containerd/containerd/pull/10757)) * [`2123855ee`](https://github.com/containerd/containerd/commit/2123855eeb399dfcbb152ca3502e8fb4322d06cb) Add build tag to omit grpc * Add Update API for sandbox controller ([#9903](https://github.com/containerd/containerd/pull/9903)) * [`15887d7ef`](https://github.com/containerd/containerd/commit/15887d7efc60e4bde9e65c87a0376d94e9f6eb04) sandbox: add update api for controller * api: update github.com/containerd/ttrpc v1.2.5 to be aligned with containerd ([#10366](https://github.com/containerd/containerd/pull/10366)) * [`cb38b1e2b`](https://github.com/containerd/containerd/commit/cb38b1e2be065ea9e248e03906ee893f954370d8) api: update github.com/containerd/ttrpc v1.2.5 * Add type alias for event Envelope ([#10279](https://github.com/containerd/containerd/pull/10279)) * [`3e71ccafc`](https://github.com/containerd/containerd/commit/3e71ccafc48bc87a054f4ce3a67ecf2df91932c5) Add type alias for event Envelope * Update api minimum Go version to 1.21 ([#10276](https://github.com/containerd/containerd/pull/10276)) * [`359d84351`](https://github.com/containerd/containerd/commit/359d84351d53d335688ab96c1a3e1ae0151b3a2d) Update api minimum go version to 1.21 * Prepare release notes for api/v1.8.0-rc.0 ([#10167](https://github.com/containerd/containerd/pull/10167)) * [`55fcebffc`](https://github.com/containerd/containerd/commit/55fcebffc76e642e9155eda5e097043f95109e4d) Prepare release notes for api/v1.8.0 * Add api Go module and move all protos under api ([#10151](https://github.com/containerd/containerd/pull/10151)) * [`2ac2b9c90`](https://github.com/containerd/containerd/commit/2ac2b9c909fb64f4d06958a0ca2f556bec348d05) Make api a Go sub-module * [`3e9cace72`](https://github.com/containerd/containerd/commit/3e9cace720cee5eb631c8291d8fb51928dc3fb3b) Move runtimeoptions to api directory * [`4a4550777`](https://github.com/containerd/containerd/commit/4a455077722796fd6a63253bc30d2b4c0c379d1d) Move runc options to api directory * Store bootstrap parameters in sandbox metadata ([#9736](https://github.com/containerd/containerd/pull/9736)) * [`de38490ed`](https://github.com/containerd/containerd/commit/de38490ed6b8d9cb9cb6ea7cfcd0071e8f27d304) sandbox: merge address and protocol to one url * [`f6e0cf189`](https://github.com/containerd/containerd/commit/f6e0cf1894b9211f07d801e1af3166f290969cd7) sandbox: add address info in Start and Status response * Enable Transfer service API to support plain HTTP ([#10024](https://github.com/containerd/containerd/pull/10024)) * [`433279438`](https://github.com/containerd/containerd/commit/4332794384253ad85a05a17fe42aa929f62fc72a) Transfer: Registry: Enable plain HTTP * Enable Transfer service to use registry configuration directory ([#9908](https://github.com/containerd/containerd/pull/9908)) * [`7a3b7fba5`](https://github.com/containerd/containerd/commit/7a3b7fba59a9ff9e8756976cf6f55117b1814a63) Transfer: Registry: Enable to use registry configuration diretory * Generate proto services with go-ttrpc ([#7609](https://github.com/containerd/containerd/pull/7609)) * [`f0e874941`](https://github.com/containerd/containerd/commit/f0e8749411301e99958e0caf545d85bf0112dda4) Add ttrpc generated services * [`65031eade`](https://github.com/containerd/containerd/commit/65031eadec262d783db25456a8bbca1eed1956b7) Update protobuild to build ttrpc services * Add OSVersion to platform protobuf ([#9733](https://github.com/containerd/containerd/pull/9733)) * [`5aa05481d`](https://github.com/containerd/containerd/commit/5aa05481ddd40138eef79ec4bce2b0232adef354) Add OSVersion to platform protobuf * Move Message proto to types ([#9742](https://github.com/containerd/containerd/pull/9742)) * [`0facc8592`](https://github.com/containerd/containerd/commit/0facc85925a114edac4b3b05a871f4ad205f45f1) Fix proto formatting * [`7f2d2c4f4`](https://github.com/containerd/containerd/commit/7f2d2c4f44afe090872301cc8614e8fc0d432e9e) Move Message proto to types * refactor: move plugin/fieldpath to api/types/ ([#9687](https://github.com/containerd/containerd/pull/9687)) * [`b16e3572a`](https://github.com/containerd/containerd/commit/b16e3572a308be0c58b3c810b1922ec8d444d1f7) refactor: move plugin/fieldpath to api/types/ * Add PluginInfo to introspection API ([#9442](https://github.com/containerd/containerd/pull/9442)) * [`22d586e51`](https://github.com/containerd/containerd/commit/22d586e515654d3a901c40443fb2b4adcad65827) api/services/instrospection: add PluginInfo * Update Transfer service to add OCI descriptors to Progress structure ([#9630](https://github.com/containerd/containerd/pull/9630)) * [`a2472c0b5`](https://github.com/containerd/containerd/commit/a2472c0b5ab17e46ab3f3b000a6fa512a45d7f05) transfer: add OCI descriptors to Progress structure * Add option to perform syncfs after pull ([#9401](https://github.com/containerd/containerd/pull/9401)) * [`bd5c602c4`](https://github.com/containerd/containerd/commit/bd5c602c4dc91d19976f2dc222a337ab76716750) api: introduce sync_fs to diff.ApplyRequest * Containerd v2 module ([#9306](https://github.com/containerd/containerd/pull/9306)) * [`5fdf55e49`](https://github.com/containerd/containerd/commit/5fdf55e493d68079d22a08de1a7afe522e5838e5) Update go module to github.com/containerd/containerd/v2 * Expose usage of deprecated features ([#9258](https://github.com/containerd/containerd/pull/9258)) * [`57c897f10`](https://github.com/containerd/containerd/commit/57c897f10df48556af799f71c85a91b889df2d70) api/introspection: deprecation warnings in server * Add sandboxer configuration and move sandbox controllers to plugins ([#8268](https://github.com/containerd/containerd/pull/8268)) * [`d2d434b7d`](https://github.com/containerd/containerd/commit/d2d434b7d6546842b1f791ef17392da99320265d) sandbox: add all sandbox information to Create method * [`f372b3501`](https://github.com/containerd/containerd/commit/f372b3501b6096c8228203f9d5d5aae8ff998d61) sandbox: add sandboxer field of sandbox requests * Add image delete target ([#8989](https://github.com/containerd/containerd/pull/8989)) * [`f8fb2dad3`](https://github.com/containerd/containerd/commit/f8fb2dad39a4b45ce1de59f236e72ee72ad53cf7) api: update image service to support target in delete request * fix: Add `containerd` to the message type reference ([#9126](https://github.com/containerd/containerd/pull/9126)) * [`42eee8bf0`](https://github.com/containerd/containerd/commit/42eee8bf05c89524a29f064cb4ce0a460a8c0081) fix: Add `containerd` to the message type reference * platforms: isolate from errdefs and api dependencies ([#9095](https://github.com/containerd/containerd/pull/9095)) * [`e916d77c8`](https://github.com/containerd/containerd/commit/e916d77c81b8a61d7a37276e310b4a150b04f4ab) platforms: move ToProto, FromProto to api/types * Add annotations to CreateSandbox request ([#8960](https://github.com/containerd/containerd/pull/8960)) * [`939ccbed4`](https://github.com/containerd/containerd/commit/939ccbed427e81eaecd37777ddcb2eac792114e6) Sandbox: Add annotations to CreateSandbox surface * archive: use 1970-01-01 as the whiteout timestamp ([#8764](https://github.com/containerd/containerd/pull/8764)) * [`5dedb6d0d`](https://github.com/containerd/containerd/commit/5dedb6d0d2565507f0636254a18fdb7462a9eac3) archive: use 1970-01-01 as the whiteout timestamp * Add SandboxMetrics ([#8680](https://github.com/containerd/containerd/pull/8680)) * [`d278d37ca`](https://github.com/containerd/containerd/commit/d278d37caae501ef18fd919e611610c639ad471b) Sandbox: Add Metrics rpc for controller * [`d56722ef2`](https://github.com/containerd/containerd/commit/d56722ef2a42953841728f5ed5666da776ce0d8f) Sandbox: Add SandboxMetrics rpc * Publish sandbox events ([#8602](https://github.com/containerd/containerd/pull/8602)) * [`65906335b`](https://github.com/containerd/containerd/commit/65906335bf086dfe4ed73fbddb90429047e8aa96) Add sandbox events protos * Cleanup protobuild config ([#8278](https://github.com/containerd/containerd/pull/8278)) * [`0bbca7f1b`](https://github.com/containerd/containerd/commit/0bbca7f1bcc29933dfd3cb3c463cc4fb8fbbe036) Cleanup protobuild config </p> </details> ### Dependency Changes * **github.com/containerd/log** v0.1.0 **_new_** * **github.com/containerd/ttrpc** v1.2.1 -> v1.2.5 * **github.com/containerd/typeurl/v2** v2.1.0 -> v2.1.1 * **github.com/golang/protobuf** v1.5.2 -> v1.5.3 * **github.com/opencontainers/image-spec** 3a7f492d3f1b -> v1.1.0 * **github.com/sirupsen/logrus** v1.9.0 -> v1.9.3 * **golang.org/x/net** v0.7.0 -> v0.23.0 * **golang.org/x/sys** v0.6.0 -> v0.18.0 * **golang.org/x/text** v0.7.0 -> v0.14.0 * **google.golang.org/genproto/googleapis/rpc** c3f982113cda **_new_** * **google.golang.org/grpc** v1.53.0 -> v1.59.0 * **google.golang.org/protobuf** v1.28.1 -> v1.33.0 Previous release can be found at [v1.7.0](https://github.com/containerd/containerd/releases/tag/v1.7.0)
-
v2.0.0-rc.6b70cce20 · ·
containerd 2.0.0-rc.6 Welcome to the v2.0.0-rc.6 release of containerd! *This is a pre-release of containerd* The first major release of containerd 2.x focuses on the continued stability of containerd's core feature set with an easy upgrade from containerd 1.x. This release includes the stabilization of new features added in the last 1.x release as well as the removal of features which were deprecated in 1.x. The goal is to support the vast community of containerd users well into the future along with their ever increasing deployment footprints and variety of use cases. ### Highlights * Allow sections of Plugins to be merged, and not overwritten as entire sections. ([#9982](https://github.com/containerd/containerd/pull/9982)) * Add Update API for sandbox controller ([#9903](https://github.com/containerd/containerd/pull/9903)) * Configure otel from env instead of config.toml ([#8970](https://github.com/containerd/containerd/pull/8970)) * Enable NRI by default ([#9744](https://github.com/containerd/containerd/pull/9744)) * Add PluginInfo to introspection API ([#9442](https://github.com/containerd/containerd/pull/9442)) * Remove overlayfs volatile option on temp mounts ([#9555](https://github.com/containerd/containerd/pull/9555)) * Expose usage of deprecated features ([#9258](https://github.com/containerd/containerd/pull/9258)) * Use Intel ISA-L's igzip if available ([#9200](https://github.com/containerd/containerd/pull/9200)) * Introduce top level config migration ([#9223](https://github.com/containerd/containerd/pull/9223)) * Add image delete target ([#8989](https://github.com/containerd/containerd/pull/8989)) * Remove `LimitNOFILE` from `containerd.service` ([#8924](https://github.com/containerd/containerd/pull/8924)) * Add support for image expiration during garbage collection ([#9022](https://github.com/containerd/containerd/pull/9022)) * Reduce the contention between ref lock and boltdb lock in content store ([#8792](https://github.com/containerd/containerd/pull/8792)) * Remove "containerd.io/restart.logpath" label ([#8264](https://github.com/containerd/containerd/pull/8264)) * Remove `aufs` snapshotter ([#8263](https://github.com/containerd/containerd/pull/8263)) * Fix deadlock during NRI plugin registration ([containerd/nri#79](https://github.com/containerd/nri/pull/79)) * Fix deadlock when writing to pipe blocks ([containerd/ttrpc#168](https://github.com/containerd/ttrpc/pull/168)) #### Build and Release Toolchain * Generate attestation for artifacts during release ([#10543](https://github.com/containerd/containerd/pull/10543)) * Remove `cri-containerd-*.tar.gz` release bundles ([#9096](https://github.com/containerd/containerd/pull/9096)) #### Container Runtime Interface (CRI) * Use 'UserSpecifiedImage' from CRI to set the image-name annotation ([#10747](https://github.com/containerd/containerd/pull/10747)) * Fine-grained SupplementalGroups control ([#9737](https://github.com/containerd/containerd/pull/9737)) * Add support to set loopback to up ([#10238](https://github.com/containerd/containerd/pull/10238)) * Add support for multiple subscribers to CRI container events ([#9661](https://github.com/containerd/containerd/pull/9661)) * Enable CDI by default ([#9621](https://github.com/containerd/containerd/pull/9621)) * Remove non-sandboxed CRI implementation ([#9228](https://github.com/containerd/containerd/pull/9228)) * Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) ([#8287](https://github.com/containerd/containerd/pull/8287)) * Use sandboxed CRI by default ([#8994](https://github.com/containerd/containerd/pull/8994)) * Implement RuntimeConfig CRI call ([#8722](https://github.com/containerd/containerd/pull/8722)) * Add support for user namespaces (KEP-127) ([#8803](https://github.com/containerd/containerd/pull/8803)) * Remove CRI v1alpha2 ([#8276](https://github.com/containerd/containerd/pull/8276)) #### Go client * Add api Go module and move all protos under api ([#10151](https://github.com/containerd/containerd/pull/10151)) * Move packages based on contributing guide ([#9365](https://github.com/containerd/containerd/pull/9365)) * Generalize plugin library ([#9214](https://github.com/containerd/containerd/pull/9214)) * Use github.com/containerd/log ([#9086](https://github.com/containerd/containerd/pull/9086)) #### Image Distribution * Support to syncfs after pull by using diff plugin ([#10284](https://github.com/containerd/containerd/pull/10284)) * Skip "unknown" in image platform listing ([#10257](https://github.com/containerd/containerd/pull/10257)) * Update unpacker to fetch all provided content ([#10202](https://github.com/containerd/containerd/pull/10202)) * Enable Transfer service API to support plain HTTP ([#10024](https://github.com/containerd/containerd/pull/10024)) * Enable Transfer service to use registry configuration directory ([#9908](https://github.com/containerd/containerd/pull/9908)) * Disable the support for Schema 1 images ([#9765](https://github.com/containerd/containerd/pull/9765)) * Update Transfer service to add OCI descriptors to Progress structure ([#9630](https://github.com/containerd/containerd/pull/9630)) * Update import and export to allow references to missing content ([#9554](https://github.com/containerd/containerd/pull/9554)) * Add option to perform syncfs after pull ([#9401](https://github.com/containerd/containerd/pull/9401)) * Add image verifier transfer service plugin system based on a binary directory ([#8493](https://github.com/containerd/containerd/pull/8493)) #### Runtime * Implement RuntimeStatus.features.supplemental_groups_policy from KEP-3619 ([#10410](https://github.com/containerd/containerd/pull/10410)) * Add pprof to runc-shim ([#10242](https://github.com/containerd/containerd/pull/10242)) * Provide runtime options in plugin info ([#10251](https://github.com/containerd/containerd/pull/10251)) * Store bootstrap parameters in sandbox metadata ([#9736](https://github.com/containerd/containerd/pull/9736)) * Update apparmor to allow confined runc to kill containers ([#10123](https://github.com/containerd/containerd/pull/10123)) * Support vsock connection to task api ([#9738](https://github.com/containerd/containerd/pull/9738)) * Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([#9320](https://github.com/containerd/containerd/pull/9320)) * Switch runc shim to task service v3 and fix restore ([#9233](https://github.com/containerd/containerd/pull/9233)) * Add sandboxer configuration and move sandbox controllers to plugins ([#8268](https://github.com/containerd/containerd/pull/8268)) * Add annotations to CreateSandbox request ([#8960](https://github.com/containerd/containerd/pull/8960)) * Add SandboxMetrics ([#8680](https://github.com/containerd/containerd/pull/8680)) * Publish sandbox events ([#8602](https://github.com/containerd/containerd/pull/8602)) * Remove the CriuPath field from runc's options ([#8279](https://github.com/containerd/containerd/pull/8279)) * Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([#8262](https://github.com/containerd/containerd/pull/8262)) #### Security Advisories * [medium] RAPL accessible to a container [GHSA-7ww5-4wqc-m92c](https://github.com/containerd/containerd/security/advisories/GHSA-7ww5-4wqc-m92c) #### Breaking * Remove `disable_cgroup` from CRI config ([#10594](https://github.com/containerd/containerd/pull/10594)) * Disable the support for Schema 1 images ([#9765](https://github.com/containerd/containerd/pull/9765)) * Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([#9320](https://github.com/containerd/containerd/pull/9320)) * Move client to subpackage ([#9316](https://github.com/containerd/containerd/pull/9316)) * Remove `LimitNOFILE` from `containerd.service` ([#8924](https://github.com/containerd/containerd/pull/8924)) * Remove CRI v1alpha2 ([#8276](https://github.com/containerd/containerd/pull/8276)) * Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([#8262](https://github.com/containerd/containerd/pull/8262)) * Remove "containerd.io/restart.logpath" label ([#8264](https://github.com/containerd/containerd/pull/8264)) * Remove `aufs` snapshotter ([#8263](https://github.com/containerd/containerd/pull/8263)) #### Deprecations * Update warnings for deprecated CRI config fields ([#10509](https://github.com/containerd/containerd/pull/10509)) * Add type alias for event Envelope ([#10279](https://github.com/containerd/containerd/pull/10279)) * Postpone removal of deprecated CRI config properties ([#9966](https://github.com/containerd/containerd/pull/9966)) * Deprecate go-plugin configuration option ([#9238](https://github.com/containerd/containerd/pull/9238)) * CNI conf_template in CRI is no longer deprecated ([#8637](https://github.com/containerd/containerd/pull/8637)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Akihiro Suda * Maksym Pavlenko * Wei Fu * Phil Estes * Sebastiaan van Stijn * Samuel Karp * Stefan Berger * Krisztian Litkey * Kazuyoshi Kato * Rodrigo Campos * Austin Vazquez * Danny Canter * Abel Feng * Mike Brown * Akhil Mohan * Kirtana Ashok * Iceber Gu * Gabriel Adrian Samfira * Jin Dong * Kohei Tokunaga * Bjorn Neergaard * Brian Goff * Justin Chadwell * rongfu.leng * James Sturtevant * Davanum Srinivas * Paul "TBBle" Hampson * Henry Wang * Enrico Weigelt * Laura Brehm * Marat Radchenko * Paweł Gronowski * Shingo Omura * Hsing-Yu (David) Chen * Ilya Hanov * Cardy.Tang * Swagat Bora * Aditi Sharma * Amit Barve * Bryant Biggs * Evan Lezar * James Jenkins * Jordan Liggitt * Kay Yan * Markus Lehtonen * Nashwan Azhari * Shuaiyi Zhang * Vinayak Goyal * helen * Alexandru Matei * Anthony Nandaa * Avi Deitcher * Charity Kathure * Cory Snider * Ed Bartosh * Etienne Champetier * Kevin Parsons * Michael Zappa * Milas Bowman * lengrongfu * ningmingxiao * yanggang * zounengren * Aditya Ramani * Adrian Reber * Amir M. Ghazanfari * Artem Khramov * Brad Davidson * Chen Yiyang * Christian Muehlhaeuser * Djordje Lukic * Edgar Lee * Eric Lin * Ethan Lowman * Jiang Liu * June Rhodes * Kern Walster * Lei Jitang * Lucas Rattz * Mahamed Ali * Maksim An * Michael Crosby * Peteris Rudzusiks * Ray Burgemeestre * Sam Edwards * Samruddhi Khandale * Sascha Grunert * Steve Griffith * Tony Fang * VERNOU Cédric * Vishal Reddy Gurrala * Xiaojin Zhang * hang.jiang * harshitasao * jerryzhuang * roman-kiselenko * zhanluxianshen * Aaron Lehmann * AbdelrahmanElawady * Adrien Delorme * Alex Couture-Beil * Alex Ellis * Alex Rodriguez * Angelos Kolaitis * Antonio Huete Jimenez * Antonio Ojea * Antti Kervinen * Arash Haghighat * Ben Foster * Benjamin Peterson * Bin Tang * Bin Xin * BinBin He * Brennan Kinney * Changqing Li * ChengenH * ChengyuZhu6 * Christian Stewart * Colin O'Dell * Craig Ingram * Daisy Rong * David Porter * Derek Nola * Eng Zer Jun * Erikson Tung * Fabiano Fidêncio * Fahed Dorgaa * Gabriela Cervantes * Gary McDonald * Iain Macdonald * James Lakin * Jan Dubois * Jaroslav Jindrak * Javier Maestro * Jian Wang * Jiongchi Yu * Julien Balestra * Kir Kolyshkin * Kirill A. Korinsky * Konstantin Khlebnikov * Lei Liu * Matteo Pulcini * Mauri de Souza Meneguzzo * Mike Baynton * Pan Yibo * Paul Meyer * Qasim Sarfraz * Qiutong Song * Reinhard Tartler * Robbie Buxton * Robert-André Mauchin * Ruihua Wen * Saket Jajoo * Sameer * Shengjing Zhu * Shiming Zhang * Shukui Yang * StepSecurity Bot * Talon * Tariq Ibrahim * Tianon Gravi * Tim Hockin * TinaMor * Tobias Klauser * Tomáš Virtus * Tõnis Tiigi * Wang Xinwen * William Chen * Xinyang Ge * Yang Yang * Yibo Zhuang * Yuhang Wei * Yury Gargay * Zechun Chen * Zhang Tianyang * Zoe * baijia * bo.jiang * bzsuni * charles-chenzz * chschumacher1994 * cormick * guangli.bao * guangwu * jinda.ljd * jingtao.liang * krglosse * pigletfly * rokkiter * wangxiang * zhangpeng * zhaojizhuang * 吴小白 * 张钰 * 沈陵 * 谭九鼎 ### Dependency Changes * **dario.cat/mergo** v1.0.1 **_new_** * **github.com/AdaLogics/go-fuzz-headers** 1f10f66a31bf -> ced1acdcaa24 * **github.com/AdamKorcz/go-118-fuzz-build** 5330a85ea652 -> 8075edf89bb0 * **github.com/Microsoft/go-winio** v0.6.0 -> v0.6.2 * **github.com/Microsoft/hcsshim** v0.10.0-rc.7 -> v0.12.8 * **github.com/cenkalti/backoff/v4** v4.2.0 -> v4.3.0 * **github.com/cespare/xxhash/v2** v2.2.0 -> v2.3.0 * **github.com/checkpoint-restore/checkpointctl** v1.2.1 **_new_** * **github.com/checkpoint-restore/go-criu/v7** v7.2.0 **_new_** * **github.com/cilium/ebpf** v0.9.1 -> v0.11.0 * **github.com/containerd/cgroups/v3** v3.0.1 -> v3.0.3 * **github.com/containerd/console** v1.0.3 -> v1.0.4 * **github.com/containerd/containerd/api** v1.8.0-rc.4 **_new_** * **github.com/containerd/continuity** v0.3.0 -> v0.4.3 * **github.com/containerd/errdefs** v0.3.0 **_new_** * **github.com/containerd/errdefs/pkg** v0.3.0 **_new_** * **github.com/containerd/go-cni** v1.1.9 -> v1.1.10 * **github.com/containerd/go-runc** v1.0.0 -> v1.1.0 * **github.com/containerd/imgcrypt** v1.1.7 -> v1.2.0-rc1 * **github.com/containerd/log** v0.1.0 **_new_** * **github.com/containerd/nri** v0.3.0 -> v0.7.0 * **github.com/containerd/otelttrpc** ea5083fda723 **_new_** * **github.com/containerd/platforms** v0.2.1 **_new_** * **github.com/containerd/plugin** v0.1.0 **_new_** * **github.com/containerd/ttrpc** v1.2.1 -> b5cd6e4b3287 * **github.com/containerd/typeurl/v2** v2.1.0 -> v2.2.0 * **github.com/containernetworking/cni** v1.1.2 -> v1.2.3 * **github.com/containernetworking/plugins** v1.2.0 -> v1.5.1 * **github.com/containers/ocicrypt** v1.1.6 -> v1.2.0 * **github.com/cpuguy83/go-md2man/v2** v2.0.2 -> v2.0.5 * **github.com/davecgh/go-spew** v1.1.1 -> d8f796af33cc * **github.com/distribution/reference** v0.6.0 **_new_** * **github.com/emicklei/go-restful/v3** v3.10.1 -> v3.11.0 * **github.com/felixge/httpsnoop** v1.0.4 **_new_** * **github.com/fsnotify/fsnotify** v1.6.0 -> v1.7.0 * **github.com/fxamacker/cbor/v2** v2.7.0 **_new_** * **github.com/go-jose/go-jose/v4** v4.0.2 **_new_** * **github.com/go-logr/logr** v1.2.3 -> v1.4.2 * **github.com/golang/protobuf** v1.5.2 -> v1.5.4 * **github.com/google/go-cmp** v0.5.9 -> v0.6.0 * **github.com/google/uuid** v1.3.0 -> v1.6.0 * **github.com/gorilla/websocket** v1.5.0 **_new_** * **github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus** v1.0.1 **_new_** * **github.com/grpc-ecosystem/go-grpc-middleware/v2** v2.1.0 **_new_** * **github.com/grpc-ecosystem/grpc-gateway/v2** v2.7.0 -> v2.22.0 * **github.com/intel/goresctrl** v0.3.0 -> v0.8.0 * **github.com/klauspost/compress** v1.16.0 -> v1.17.11 * **github.com/mdlayher/socket** v0.4.1 **_new_** * **github.com/mdlayher/vsock** v1.2.1 **_new_** * **github.com/moby/spdystream** v0.2.0 -> v0.4.0 * **github.com/moby/sys/mountinfo** v0.6.2 -> v0.7.2 * **github.com/moby/sys/sequential** v0.5.0 -> v0.6.0 * **github.com/moby/sys/signal** v0.7.0 -> v0.7.1 * **github.com/moby/sys/symlink** v0.2.0 -> v0.3.0 * **github.com/moby/sys/user** v0.3.0 **_new_** * **github.com/moby/sys/userns** v0.1.0 **_new_** * **github.com/munnerz/goautoneg** a7dc8b61c822 **_new_** * **github.com/mxk/go-flowrate** cca7078d478f **_new_** * **github.com/opencontainers/image-spec** 3a7f492d3f1b -> v1.1.0 * **github.com/opencontainers/runtime-spec** v1.1.0-rc.1 -> v1.2.0 * **github.com/opencontainers/runtime-tools** 946c877fa809 -> 2e043c6bd626 * **github.com/opencontainers/selinux** v1.11.0 -> v1.11.1 * **github.com/pelletier/go-toml/v2** v2.2.3 **_new_** * **github.com/pmezard/go-difflib** v1.0.0 -> 5d4384ee4fb2 * **github.com/prometheus/client_golang** v1.14.0 -> v1.20.5 * **github.com/prometheus/client_model** v0.3.0 -> v0.6.1 * **github.com/prometheus/common** v0.37.0 -> v0.55.0 * **github.com/prometheus/procfs** v0.8.0 -> v0.15.1 * **github.com/sirupsen/logrus** v1.9.0 -> v1.9.3 * **github.com/stefanberger/go-pkcs11uri** 78d3cae3a980 -> 78284954bff6 * **github.com/stretchr/testify** v1.8.2 -> v1.9.0 * **github.com/urfave/cli/v2** v2.27.5 **_new_** * **github.com/vishvananda/netlink** v1.2.1-beta.2 -> v1.3.0 * **github.com/vishvananda/netns** 2eb08e3e575f -> v0.0.4 * **github.com/x448/float16** v0.8.4 **_new_** * **github.com/xrash/smetrics** 686a1a2994c1 **_new_** * **go.etcd.io/bbolt** v1.3.7 -> v1.3.11 * **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.40.0 -> v0.56.0 * **go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp** v0.56.0 **_new_** * **go.opentelemetry.io/otel** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/otel/metric** v0.37.0 -> v1.31.0 * **go.opentelemetry.io/otel/sdk** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/otel/trace** v1.14.0 -> v1.31.0 * **go.opentelemetry.io/proto/otlp** v0.19.0 -> v1.3.1 * **golang.org/x/crypto** v0.1.0 -> v0.28.0 * **golang.org/x/exp** aacd6d4b4611 **_new_** * **golang.org/x/mod** v0.7.0 -> v0.21.0 * **golang.org/x/net** v0.7.0 -> v0.30.0 * **golang.org/x/oauth2** v0.4.0 -> v0.22.0 * **golang.org/x/sync** v0.1.0 -> v0.8.0 * **golang.org/x/sys** v0.6.0 -> v0.26.0 * **golang.org/x/term** v0.5.0 -> v0.25.0 * **golang.org/x/text** v0.7.0 -> v0.19.0 * **golang.org/x/time** 90d013bbcef8 -> v0.3.0 * **google.golang.org/genproto/googleapis/api** 5fefd90f89a9 **_new_** * **google.golang.org/genproto/googleapis/rpc** 5fefd90f89a9 **_new_** * **google.golang.org/grpc** v1.53.0 -> v1.67.1 * **google.golang.org/protobuf** v1.28.1 -> v1.35.1 * **k8s.io/api** v0.26.2 -> v0.31.1 * **k8s.io/apimachinery** v0.26.2 -> v0.31.1 * **k8s.io/apiserver** v0.26.2 -> v0.31.1 * **k8s.io/client-go** v0.26.2 -> v0.31.1 * **k8s.io/component-base** v0.26.2 -> v0.31.1 * **k8s.io/cri-api** v0.26.2 -> v0.32.0-alpha.0 * **k8s.io/klog/v2** v2.90.1 -> v2.130.1 * **k8s.io/kubelet** v0.31.1 **_new_** * **k8s.io/utils** a5ecb0141aa5 -> 18e509b52bc8 * **sigs.k8s.io/json** f223a00ba0e2 -> bc3834ca7abd * **sigs.k8s.io/structured-merge-diff/v4** v4.2.3 -> v4.4.1 * **sigs.k8s.io/yaml** v1.3.0 -> v1.4.0 * **tags.cncf.io/container-device-interface** v0.8.0 **_new_** * **tags.cncf.io/container-device-interface/specs-go** v0.8.0 **_new_** Previous release can be found at [v1.7.0](https://github.com/containerd/containerd/releases/tag/v1.7.0) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
-
api/v1.8.0-rc.4b291eb80 · ·
containerd api/v1.8.0-rc.4 Welcome to the api/v1.8.0-rc.4 release of containerd! *This is a pre-release of containerd* The first dedicated release for the containerd API. This release continues the 1.x line of API compatibility with the 9th minor release of the 1.x API. ### Highlights * Add Update API for sandbox controller ([#9903](https://github.com/containerd/containerd/pull/9903)) * Add PluginInfo to introspection API ([#9442](https://github.com/containerd/containerd/pull/9442)) * Expose usage of deprecated features ([#9258](https://github.com/containerd/containerd/pull/9258)) * Add image delete target ([#8989](https://github.com/containerd/containerd/pull/8989)) #### Go client * Add api Go module and move all protos under api ([#10151](https://github.com/containerd/containerd/pull/10151)) #### Image Distribution * Enable Transfer service API to support plain HTTP ([#10024](https://github.com/containerd/containerd/pull/10024)) * Enable Transfer service to use registry configuration directory ([#9908](https://github.com/containerd/containerd/pull/9908)) * Update Transfer service to add OCI descriptors to Progress structure ([#9630](https://github.com/containerd/containerd/pull/9630)) * Add option to perform syncfs after pull ([#9401](https://github.com/containerd/containerd/pull/9401)) #### Runtime * Store bootstrap parameters in sandbox metadata ([#9736](https://github.com/containerd/containerd/pull/9736)) * Add sandboxer configuration and move sandbox controllers to plugins ([#8268](https://github.com/containerd/containerd/pull/8268)) * Add annotations to CreateSandbox request ([#8960](https://github.com/containerd/containerd/pull/8960)) * Add SandboxMetrics ([#8680](https://github.com/containerd/containerd/pull/8680)) * Publish sandbox events ([#8602](https://github.com/containerd/containerd/pull/8602)) #### Deprecations * Add type alias for event Envelope ([#10279](https://github.com/containerd/containerd/pull/10279)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Maksym Pavlenko * Wei Fu * Abel Feng * Akihiro Suda * Phil Estes * Danny Canter * Samuel Karp * Kohei Tokunaga * Sebastiaan van Stijn * Akhil Mohan * Brian Goff * Bryant Biggs * Davanum Srinivas * Iceber Gu * Kirtana Ashok ### Changes <details><summary>63 commits</summary> <p> * Clean up some dependency trees for runc shim ([#10757](https://github.com/containerd/containerd/pull/10757)) * [`2123855ee`](https://github.com/containerd/containerd/commit/2123855eeb399dfcbb152ca3502e8fb4322d06cb) Add build tag to omit grpc * Add Update API for sandbox controller ([#9903](https://github.com/containerd/containerd/pull/9903)) * [`15887d7ef`](https://github.com/containerd/containerd/commit/15887d7efc60e4bde9e65c87a0376d94e9f6eb04) sandbox: add update api for controller * api: update github.com/containerd/ttrpc v1.2.5 to be aligned with containerd ([#10366](https://github.com/containerd/containerd/pull/10366)) * [`cb38b1e2b`](https://github.com/containerd/containerd/commit/cb38b1e2be065ea9e248e03906ee893f954370d8) api: update github.com/containerd/ttrpc v1.2.5 * Add type alias for event Envelope ([#10279](https://github.com/containerd/containerd/pull/10279)) * [`3e71ccafc`](https://github.com/containerd/containerd/commit/3e71ccafc48bc87a054f4ce3a67ecf2df91932c5) Add type alias for event Envelope * Update api minimum Go version to 1.21 ([#10276](https://github.com/containerd/containerd/pull/10276)) * [`359d84351`](https://github.com/containerd/containerd/commit/359d84351d53d335688ab96c1a3e1ae0151b3a2d) Update api minimum go version to 1.21 * Prepare release notes for api/v1.8.0-rc.0 ([#10167](https://github.com/containerd/containerd/pull/10167)) * [`55fcebffc`](https://github.com/containerd/containerd/commit/55fcebffc76e642e9155eda5e097043f95109e4d) Prepare release notes for api/v1.8.0 * Add api Go module and move all protos under api ([#10151](https://github.com/containerd/containerd/pull/10151)) * [`2ac2b9c90`](https://github.com/containerd/containerd/commit/2ac2b9c909fb64f4d06958a0ca2f556bec348d05) Make api a Go sub-module * [`3e9cace72`](https://github.com/containerd/containerd/commit/3e9cace720cee5eb631c8291d8fb51928dc3fb3b) Move runtimeoptions to api directory * [`4a4550777`](https://github.com/containerd/containerd/commit/4a455077722796fd6a63253bc30d2b4c0c379d1d) Move runc options to api directory * Store bootstrap parameters in sandbox metadata ([#9736](https://github.com/containerd/containerd/pull/9736)) * [`de38490ed`](https://github.com/containerd/containerd/commit/de38490ed6b8d9cb9cb6ea7cfcd0071e8f27d304) sandbox: merge address and protocol to one url * [`f6e0cf189`](https://github.com/containerd/containerd/commit/f6e0cf1894b9211f07d801e1af3166f290969cd7) sandbox: add address info in Start and Status response * Enable Transfer service API to support plain HTTP ([#10024](https://github.com/containerd/containerd/pull/10024)) * [`433279438`](https://github.com/containerd/containerd/commit/4332794384253ad85a05a17fe42aa929f62fc72a) Transfer: Registry: Enable plain HTTP * Enable Transfer service to use registry configuration directory ([#9908](https://github.com/containerd/containerd/pull/9908)) * [`7a3b7fba5`](https://github.com/containerd/containerd/commit/7a3b7fba59a9ff9e8756976cf6f55117b1814a63) Transfer: Registry: Enable to use registry configuration diretory * Generate proto services with go-ttrpc ([#7609](https://github.com/containerd/containerd/pull/7609)) * [`f0e874941`](https://github.com/containerd/containerd/commit/f0e8749411301e99958e0caf545d85bf0112dda4) Add ttrpc generated services * [`65031eade`](https://github.com/containerd/containerd/commit/65031eadec262d783db25456a8bbca1eed1956b7) Update protobuild to build ttrpc services * Add OSVersion to platform protobuf ([#9733](https://github.com/containerd/containerd/pull/9733)) * [`5aa05481d`](https://github.com/containerd/containerd/commit/5aa05481ddd40138eef79ec4bce2b0232adef354) Add OSVersion to platform protobuf * Move Message proto to types ([#9742](https://github.com/containerd/containerd/pull/9742)) * [`0facc8592`](https://github.com/containerd/containerd/commit/0facc85925a114edac4b3b05a871f4ad205f45f1) Fix proto formatting * [`7f2d2c4f4`](https://github.com/containerd/containerd/commit/7f2d2c4f44afe090872301cc8614e8fc0d432e9e) Move Message proto to types * refactor: move plugin/fieldpath to api/types/ ([#9687](https://github.com/containerd/containerd/pull/9687)) * [`b16e3572a`](https://github.com/containerd/containerd/commit/b16e3572a308be0c58b3c810b1922ec8d444d1f7) refactor: move plugin/fieldpath to api/types/ * Add PluginInfo to introspection API ([#9442](https://github.com/containerd/containerd/pull/9442)) * [`22d586e51`](https://github.com/containerd/containerd/commit/22d586e515654d3a901c40443fb2b4adcad65827) api/services/instrospection: add PluginInfo * Update Transfer service to add OCI descriptors to Progress structure ([#9630](https://github.com/containerd/containerd/pull/9630)) * [`a2472c0b5`](https://github.com/containerd/containerd/commit/a2472c0b5ab17e46ab3f3b000a6fa512a45d7f05) transfer: add OCI descriptors to Progress structure * Add option to perform syncfs after pull ([#9401](https://github.com/containerd/containerd/pull/9401)) * [`bd5c602c4`](https://github.com/containerd/containerd/commit/bd5c602c4dc91d19976f2dc222a337ab76716750) api: introduce sync_fs to diff.ApplyRequest * Containerd v2 module ([#9306](https://github.com/containerd/containerd/pull/9306)) * [`5fdf55e49`](https://github.com/containerd/containerd/commit/5fdf55e493d68079d22a08de1a7afe522e5838e5) Update go module to github.com/containerd/containerd/v2 * Expose usage of deprecated features ([#9258](https://github.com/containerd/containerd/pull/9258)) * [`57c897f10`](https://github.com/containerd/containerd/commit/57c897f10df48556af799f71c85a91b889df2d70) api/introspection: deprecation warnings in server * Add sandboxer configuration and move sandbox controllers to plugins ([#8268](https://github.com/containerd/containerd/pull/8268)) * [`d2d434b7d`](https://github.com/containerd/containerd/commit/d2d434b7d6546842b1f791ef17392da99320265d) sandbox: add all sandbox information to Create method * [`f372b3501`](https://github.com/containerd/containerd/commit/f372b3501b6096c8228203f9d5d5aae8ff998d61) sandbox: add sandboxer field of sandbox requests * Add image delete target ([#8989](https://github.com/containerd/containerd/pull/8989)) * [`f8fb2dad3`](https://github.com/containerd/containerd/commit/f8fb2dad39a4b45ce1de59f236e72ee72ad53cf7) api: update image service to support target in delete request * fix: Add `containerd` to the message type reference ([#9126](https://github.com/containerd/containerd/pull/9126)) * [`42eee8bf0`](https://github.com/containerd/containerd/commit/42eee8bf05c89524a29f064cb4ce0a460a8c0081) fix: Add `containerd` to the message type reference * platforms: isolate from errdefs and api dependencies ([#9095](https://github.com/containerd/containerd/pull/9095)) * [`e916d77c8`](https://github.com/containerd/containerd/commit/e916d77c81b8a61d7a37276e310b4a150b04f4ab) platforms: move ToProto, FromProto to api/types * Add annotations to CreateSandbox request ([#8960](https://github.com/containerd/containerd/pull/8960)) * [`939ccbed4`](https://github.com/containerd/containerd/commit/939ccbed427e81eaecd37777ddcb2eac792114e6) Sandbox: Add annotations to CreateSandbox surface * archive: use 1970-01-01 as the whiteout timestamp ([#8764](https://github.com/containerd/containerd/pull/8764)) * [`5dedb6d0d`](https://github.com/containerd/containerd/commit/5dedb6d0d2565507f0636254a18fdb7462a9eac3) archive: use 1970-01-01 as the whiteout timestamp * Add SandboxMetrics ([#8680](https://github.com/containerd/containerd/pull/8680)) * [`d278d37ca`](https://github.com/containerd/containerd/commit/d278d37caae501ef18fd919e611610c639ad471b) Sandbox: Add Metrics rpc for controller * [`d56722ef2`](https://github.com/containerd/containerd/commit/d56722ef2a42953841728f5ed5666da776ce0d8f) Sandbox: Add SandboxMetrics rpc * Publish sandbox events ([#8602](https://github.com/containerd/containerd/pull/8602)) * [`65906335b`](https://github.com/containerd/containerd/commit/65906335bf086dfe4ed73fbddb90429047e8aa96) Add sandbox events protos * Cleanup protobuild config ([#8278](https://github.com/containerd/containerd/pull/8278)) * [`0bbca7f1b`](https://github.com/containerd/containerd/commit/0bbca7f1bcc29933dfd3cb3c463cc4fb8fbbe036) Cleanup protobuild config </p> </details> ### Dependency Changes * **github.com/containerd/log** v0.1.0 **_new_** * **github.com/containerd/ttrpc** v1.2.1 -> v1.2.5 * **github.com/containerd/typeurl/v2** v2.1.0 -> v2.1.1 * **github.com/golang/protobuf** v1.5.2 -> v1.5.3 * **github.com/opencontainers/image-spec** 3a7f492d3f1b -> v1.1.0 * **github.com/sirupsen/logrus** v1.9.0 -> v1.9.3 * **golang.org/x/net** v0.7.0 -> v0.23.0 * **golang.org/x/sys** v0.6.0 -> v0.18.0 * **golang.org/x/text** v0.7.0 -> v0.14.0 * **google.golang.org/genproto/googleapis/rpc** c3f982113cda **_new_** * **google.golang.org/grpc** v1.53.0 -> v1.59.0 * **google.golang.org/protobuf** v1.28.1 -> v1.33.0 Previous release can be found at [v1.7.0](https://github.com/containerd/containerd/releases/tag/v1.7.0)
-
v1.7.2357f17b0a · ·
containerd 1.7.23 Welcome to the v1.7.23 release of containerd! The twenty-third patch release for containerd 1.7 contains various fixes and updates. ### Highlights * Add errdefs aliases ([#10792](https://github.com/containerd/containerd/pull/10792)) * Allow proxy plugins to have capabilities ([#10731](https://github.com/containerd/containerd/pull/10731)) * Revert errdefs package migration ([#10712](https://github.com/containerd/containerd/pull/10712)) #### Container Runtime Interface (CRI) * Add check for CNI plugins before tearing down pod network ([#10767](https://github.com/containerd/containerd/pull/10767)) #### Image Distribution * Fix the race condition during GC of snapshots when client retries ([#10763](https://github.com/containerd/containerd/pull/10763)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Austin Vazquez * Phil Estes * Akihiro Suda * Samuel Karp * Maksym Pavlenko * Kern Walster * Kir Kolyshkin * Saket Jajoo * Sameer * Wei Fu * Zou Nengren * bo.jiang ### Changes <details><summary>37 commits</summary> <p> * Prepare release notes for v1.7.23 ([#10802](https://github.com/containerd/containerd/pull/10802)) * [`921f554af`](https://github.com/containerd/containerd/commit/921f554af99d32ff867f45499acdaf5f72444da6) Prepare release notes for v1.7.23 * Revert "update runc binary to 1.1.15" ([#10826](https://github.com/containerd/containerd/pull/10826)) * [`8f16d6588`](https://github.com/containerd/containerd/commit/8f16d6588a79c4b639e6473dfca0cb899028e575) Revert "update runc binary to 1.1.15" * Switch from actuated.dev to GH Action runners for arm64 ([#10822](https://github.com/containerd/containerd/pull/10822)) * [`41e8f24cd`](https://github.com/containerd/containerd/commit/41e8f24cd1d8de2360e6bb35a3f7e11c2330d23b) Switch from actuated.dev to GH Action runners for arm64 * [`dd811f224`](https://github.com/containerd/containerd/commit/dd811f224a327e9647fc3ff8fd30fb5c61322898) Update github actions ci to run on forks * bump golangci/golangci-lint-action from 4 to 6 ([#10813](https://github.com/containerd/containerd/pull/10813)) * [`284484af4`](https://github.com/containerd/containerd/commit/284484af449cd09d1708ff446489e0aa22730ec6) bump golangci/golangci-lint-action from 4 to 6 * update to go1.23.2,go1.22.8 ([#10808](https://github.com/containerd/containerd/pull/10808)) * [`814c59ba5`](https://github.com/containerd/containerd/commit/814c59ba56bfb2342350c034d791c9933014e657) update to go1.23.2,go1.22.8 * prow: allow ENABLE_CRI_SANDBOXES to be configured ([#10801](https://github.com/containerd/containerd/pull/10801)) * [`ae11176fa`](https://github.com/containerd/containerd/commit/ae11176facd42ab7cca86a3a04b1468c1dae4b9a) prow: allow ENABLE_CRI_SANDBOXES to be configured * TestNewBinaryIOCleanup: fix a comment, minor rewrite ([#10776](https://github.com/containerd/containerd/pull/10776)) * [`7fd794a7c`](https://github.com/containerd/containerd/commit/7fd794a7cd9ce246d1792842f2c6c0c16d9bdd76) TestNewBinaryIOCleanup: fix a comment, minor rewrite * Add errdefs aliases ([#10792](https://github.com/containerd/containerd/pull/10792)) * [`0714a2952`](https://github.com/containerd/containerd/commit/0714a2952af68dc83c41b46d50413a344af68521) Add errdefs aliases * Update runc binary to 1.1.15 ([#10794](https://github.com/containerd/containerd/pull/10794)) * [`113a9f1fc`](https://github.com/containerd/containerd/commit/113a9f1fc9aa47ed622bcd0eb954ef8cf84551e3) update runc binary to 1.1.15 * Update runner images to macOS13 ([#10783](https://github.com/containerd/containerd/pull/10783)) * [`5305b03f2`](https://github.com/containerd/containerd/commit/5305b03f2c374fb54edcbbd3f1f07e413460d79e) Update runner images to macOS13 * Allow proxy plugins to have capabilities ([#10731](https://github.com/containerd/containerd/pull/10731)) * [`950740390`](https://github.com/containerd/containerd/commit/9507403907c62536c97277bcd8ebffa7f357adae) Allow proxy plugins to have capabilities * Bump crun to 1.16.1 ([#10774](https://github.com/containerd/containerd/pull/10774)) * [`e8aae7824`](https://github.com/containerd/containerd/commit/e8aae7824420c2c6673aeba640d168db6332099b) Bump crun to 1.16 * [`ee1c39b79`](https://github.com/containerd/containerd/commit/ee1c39b79972102da15abab87f130fa1ab08f059) CI: bump up crun to 1.15 * Fix the race condition during GC of snapshots when client retries ([#10763](https://github.com/containerd/containerd/pull/10763)) * [`cb5e6a01a`](https://github.com/containerd/containerd/commit/cb5e6a01a30dd6a34d4f7c25d8d429a5173bc541) Fix the race condition during GC of snapshots when client retries * Add check for CNI plugins before tearing down pod network ([#10767](https://github.com/containerd/containerd/pull/10767)) * [`278bd0f72`](https://github.com/containerd/containerd/commit/278bd0f7251eb58583f0cd52a18c16c537ae967b) [release/1.7] Add check for CNI plugins before tearing down pod network * Revert errdefs package migration ([#10712](https://github.com/containerd/containerd/pull/10712)) * [`18403239e`](https://github.com/containerd/containerd/commit/18403239e8cf0c040d28bf98e434198fd4852f88) Synchronize 1.7 error package with errdefs * [`d8d27205b`](https://github.com/containerd/containerd/commit/d8d27205b50bf4933a60cd9e6ddf3aaa2b56c469) Revert "migrate errdefs package to github.com/containerd/errdefs module" * [`e82d201b3`](https://github.com/containerd/containerd/commit/e82d201b3ffb87c15d2b7be2eb2e0c7bfa99d114) Revert "replace uses of github.com/containerd/containerd/errdefs" * [`51939238f`](https://github.com/containerd/containerd/commit/51939238f648806330c67a0294b5b75c79956d75) Revert "errdefs: denote deprecation as a godoc comment" * [`ae80077e8`](https://github.com/containerd/containerd/commit/ae80077e80712ba27c162d85498bc7180710c210) Revert "golangci-lint: enable depguard for packages that moved" * [`32675f983`](https://github.com/containerd/containerd/commit/32675f9837d585d957849cabf72a4afd83cbd19c) Revert "remove imports of errdefs package" </p> </details> ### Changes from containerd/errdefs <details><summary>29 commits</summary> <p> * Add errdefs/pkg package ([containerd/errdefs#19](https://github.com/containerd/errdefs/pull/19)) * [`46a6522`](https://github.com/containerd/errdefs/commit/46a6522eb15b62d58e2eb429682318d5700b3123) Add errdefs/pkg package * Update GitHub Actions packages and runners ([containerd/errdefs#20](https://github.com/containerd/errdefs/pull/20)) * [`303a6ea`](https://github.com/containerd/errdefs/commit/303a6ea6abfdcbc4ba2b8bf44c1af25a5831caea) Update to Go 1.22.8 in CI * [`e70104e`](https://github.com/containerd/errdefs/commit/e70104e29d6783e914cbe12e7aeb6c6600d0d0a2) Upgrade to golangci-lint@v1.61.0 * [`ffe5586`](https://github.com/containerd/errdefs/commit/ffe5586c0581f6744ddebe87a82ca6f75bb0da78) Upgrade to golangci/golangci-lint-action@v6 * [`908b04b`](https://github.com/containerd/errdefs/commit/908b04b90d2a8dd2127469ebb66fb9dd60a780c5) Upgrade to actions/checkout@v4 * [`608b83c`](https://github.com/containerd/errdefs/commit/608b83c69071e34c689a7174d439a700a5b10aa8) Upgrade to actions/setup-go@v5 * [`8e82ae4`](https://github.com/containerd/errdefs/commit/8e82ae46fd7eecc2425ed55cd06c6738d31ab1ef) Upgrade macOS runner image to macOS 13 * Complete interface definitions for errors ([containerd/errdefs#18](https://github.com/containerd/errdefs/pull/18)) * [`41d12e1`](https://github.com/containerd/errdefs/commit/41d12e1db5cf9452436122e3c648e761453a112c) Complete interface definitions for errors * Add support for grpc error details and multiple errors ([containerd/errdefs#7](https://github.com/containerd/errdefs/pull/7)) * [`b9dce4d`](https://github.com/containerd/errdefs/commit/b9dce4d7bd5a514f38c0b47bcc4397b7ad7930f4) Add support for grpc error details * [`ffb0349`](https://github.com/containerd/errdefs/commit/ffb0349b41b940e9415587a6e12d571cd9a55fbe) Update Resolve function to support Is interface * Add support for custom error messages ([containerd/errdefs#10](https://github.com/containerd/errdefs/pull/10)) * [`dc9b20e`](https://github.com/containerd/errdefs/commit/dc9b20ea99092223cac03215dcaf6cd96f190a7c) Add support for custom error messages * Add a resolve error function to return first error ([containerd/errdefs#9](https://github.com/containerd/errdefs/pull/9)) * [`9f87502`](https://github.com/containerd/errdefs/commit/9f87502f13ad5c2758b225ff9bc10f3d9f932010) Add a resolve error function to return first error * Add stack support ([containerd/errdefs#8](https://github.com/containerd/errdefs/pull/8)) * [`f96dfda`](https://github.com/containerd/errdefs/commit/f96dfdab01b66580d2451fee46e05f002c9ea157) Add stack package for managing error stack traces * [`70fd2d7`](https://github.com/containerd/errdefs/commit/70fd2d7ff216659f37f286c42cf827f450d9d074) Add collapsible error type * [`6022faf`](https://github.com/containerd/errdefs/commit/6022faf38302b354934727fbe5a34851f9fb95b6) Add typeurl to go mod * Fix Cancelled interface typo ([containerd/errdefs#6](https://github.com/containerd/errdefs/pull/6)) * [`9564d8f`](https://github.com/containerd/errdefs/commit/9564d8ff88294257499cd16f16b8814ef78021b6) Fix Cancelled interface typo * Split gRPC and HTTP error utility into seperate packages ([containerd/errdefs#5](https://github.com/containerd/errdefs/pull/5)) * [`fd0e482`](https://github.com/containerd/errdefs/commit/fd0e4826e7aee061a8d584680686a8fade5bccc9) Split gRPC and HTTP error utility into seperate packages * Add more grpc types ([containerd/errdefs#3](https://github.com/containerd/errdefs/pull/3)) * [`f727cdb`](https://github.com/containerd/errdefs/commit/f727cdba81f149bab695a0d5cfb9a240e8f03ae9) Add HTTP status code and error type conversion * [`9854dc7`](https://github.com/containerd/errdefs/commit/9854dc7575de563e298661aec4079fe1766d9f43) Add more grpc error types </p> </details> ### Dependency Changes * **github.com/containerd/errdefs** v0.1.0 -> v0.3.0 Previous release can be found at [v1.7.22](https://github.com/containerd/containerd/releases/tag/v1.7.22)
-
v2.0.0-rc.505ee43a5 · ·
containerd 2.0.0-rc.5 Welcome to the v2.0.0-rc.5 release of containerd! *This is a pre-release of containerd* The first major release of containerd 2.x focuses on the continued stability of containerd's core feature set with an easy upgrade from containerd 1.x. This release includes the stabilization of new features added in the last 1.x release as well as the removal of features which were deprecated in 1.x. The goal is to support the vast community of containerd users well into the future along with their ever increasing deployment footprints and variety of use cases. ### Highlights * Add Update API for sandbox controller ([#9903](https://github.com/containerd/containerd/pull/9903)) * Configure otel from env instead of config.toml ([#8970](https://github.com/containerd/containerd/pull/8970)) * Enable NRI by default ([#9744](https://github.com/containerd/containerd/pull/9744)) * Add PluginInfo to introspection API ([#9442](https://github.com/containerd/containerd/pull/9442)) * Remove overlayfs volatile option on temp mounts ([#9555](https://github.com/containerd/containerd/pull/9555)) * Expose usage of deprecated features ([#9258](https://github.com/containerd/containerd/pull/9258)) * Use Intel ISA-L's igzip if available ([#9200](https://github.com/containerd/containerd/pull/9200)) * Introduce top level config migration ([#9223](https://github.com/containerd/containerd/pull/9223)) * Add image delete target ([#8989](https://github.com/containerd/containerd/pull/8989)) * Remove `LimitNOFILE` from `containerd.service` ([#8924](https://github.com/containerd/containerd/pull/8924)) * Add support for image expiration during garbage collection ([#9022](https://github.com/containerd/containerd/pull/9022)) * Reduce the contention between ref lock and boltdb lock in content store ([#8792](https://github.com/containerd/containerd/pull/8792)) * Remove "containerd.io/restart.logpath" label ([#8264](https://github.com/containerd/containerd/pull/8264)) * Remove `aufs` snapshotter ([#8263](https://github.com/containerd/containerd/pull/8263)) * Fix deadlock during NRI plugin registration ([containerd/nri#79](https://github.com/containerd/nri/pull/79)) * Fix deadlock when writing to pipe blocks ([containerd/ttrpc#168](https://github.com/containerd/ttrpc/pull/168)) #### Build and Release Toolchain * Generate attestation for artifacts during release ([#10543](https://github.com/containerd/containerd/pull/10543)) #### Container Runtime Interface (CRI) * Use 'UserSpecifiedImage' from CRI to set the image-name annotation ([#10747](https://github.com/containerd/containerd/pull/10747)) * Add support to set loopback to up ([#10238](https://github.com/containerd/containerd/pull/10238)) * Add support for multiple subscribers to CRI container events ([#9661](https://github.com/containerd/containerd/pull/9661)) * Enable CDI by default ([#9621](https://github.com/containerd/containerd/pull/9621)) * Remove non-sandboxed CRI implementation ([#9228](https://github.com/containerd/containerd/pull/9228)) * Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) ([#8287](https://github.com/containerd/containerd/pull/8287)) * Use sandboxed CRI by default ([#8994](https://github.com/containerd/containerd/pull/8994)) * Implement RuntimeConfig CRI call ([#8722](https://github.com/containerd/containerd/pull/8722)) * Add support for user namespaces (KEP-127) ([#8803](https://github.com/containerd/containerd/pull/8803)) * Remove CRI v1alpha2 ([#8276](https://github.com/containerd/containerd/pull/8276)) #### Go client * Add api Go module and move all protos under api ([#10151](https://github.com/containerd/containerd/pull/10151)) * Move packages based on contributing guide ([#9365](https://github.com/containerd/containerd/pull/9365)) * Generalize plugin library ([#9214](https://github.com/containerd/containerd/pull/9214)) * Use github.com/containerd/log ([#9086](https://github.com/containerd/containerd/pull/9086)) #### Image Distribution * Support to syncfs after pull by using diff plugin ([#10284](https://github.com/containerd/containerd/pull/10284)) * Skip "unknown" in image platform listing ([#10257](https://github.com/containerd/containerd/pull/10257)) * Update unpacker to fetch all provided content ([#10202](https://github.com/containerd/containerd/pull/10202)) * Enable Transfer service API to support plain HTTP ([#10024](https://github.com/containerd/containerd/pull/10024)) * Enable Transfer service to use registry configuration directory ([#9908](https://github.com/containerd/containerd/pull/9908)) * Disable the support for Schema 1 images ([#9765](https://github.com/containerd/containerd/pull/9765)) * Update Transfer service to add OCI descriptors to Progress structure ([#9630](https://github.com/containerd/containerd/pull/9630)) * Update import and export to allow references to missing content ([#9554](https://github.com/containerd/containerd/pull/9554)) * Add option to perform syncfs after pull ([#9401](https://github.com/containerd/containerd/pull/9401)) * Add image verifier transfer service plugin system based on a binary directory ([#8493](https://github.com/containerd/containerd/pull/8493)) #### Runtime * Implement RuntimeStatus.features.supplemental_groups_policy from KEP-3619 ([#10410](https://github.com/containerd/containerd/pull/10410)) * Add pprof to runc-shim ([#10242](https://github.com/containerd/containerd/pull/10242)) * Provide runtime options in plugin info ([#10251](https://github.com/containerd/containerd/pull/10251)) * Store bootstrap parameters in sandbox metadata ([#9736](https://github.com/containerd/containerd/pull/9736)) * Update apparmor to allow confined runc to kill containers ([#10123](https://github.com/containerd/containerd/pull/10123)) * Support vsock connection to task api ([#9738](https://github.com/containerd/containerd/pull/9738)) * Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([#9320](https://github.com/containerd/containerd/pull/9320)) * Switch runc shim to task service v3 and fix restore ([#9233](https://github.com/containerd/containerd/pull/9233)) * Add sandboxer configuration and move sandbox controllers to plugins ([#8268](https://github.com/containerd/containerd/pull/8268)) * Add annotations to CreateSandbox request ([#8960](https://github.com/containerd/containerd/pull/8960)) * Add SandboxMetrics ([#8680](https://github.com/containerd/containerd/pull/8680)) * Publish sandbox events ([#8602](https://github.com/containerd/containerd/pull/8602)) * Remove the CriuPath field from runc's options ([#8279](https://github.com/containerd/containerd/pull/8279)) * Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([#8262](https://github.com/containerd/containerd/pull/8262)) #### Security Advisories * [medium] RAPL accessible to a container [GHSA-7ww5-4wqc-m92c](https://github.com/containerd/containerd/security/advisories/GHSA-7ww5-4wqc-m92c) #### Breaking * Remove `disable_cgroup` from CRI config ([#10594](https://github.com/containerd/containerd/pull/10594)) * Disable the support for Schema 1 images ([#9765](https://github.com/containerd/containerd/pull/9765)) * Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([#9320](https://github.com/containerd/containerd/pull/9320)) * Move client to subpackage ([#9316](https://github.com/containerd/containerd/pull/9316)) * Remove `LimitNOFILE` from `containerd.service` ([#8924](https://github.com/containerd/containerd/pull/8924)) * Remove CRI v1alpha2 ([#8276](https://github.com/containerd/containerd/pull/8276)) * Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([#8262](https://github.com/containerd/containerd/pull/8262)) * Remove "containerd.io/restart.logpath" label ([#8264](https://github.com/containerd/containerd/pull/8264)) * Remove `aufs` snapshotter ([#8263](https://github.com/containerd/containerd/pull/8263)) #### Deprecations * Update warnings for deprecated CRI config fields ([#10509](https://github.com/containerd/containerd/pull/10509)) * Add type alias for event Envelope ([#10279](https://github.com/containerd/containerd/pull/10279)) * Postpone removal of deprecated CRI config properties ([#9966](https://github.com/containerd/containerd/pull/9966)) * Deprecate go-plugin configuration option ([#9238](https://github.com/containerd/containerd/pull/9238)) * CNI conf_template in CRI is no longer deprecated ([#8637](https://github.com/containerd/containerd/pull/8637)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Akihiro Suda * Maksym Pavlenko * Wei Fu * Phil Estes * Sebastiaan van Stijn * Samuel Karp * Stefan Berger * Kazuyoshi Kato * Rodrigo Campos * Danny Canter * Abel Feng * Akhil Mohan * Kirtana Ashok * Gabriel Adrian Samfira * Austin Vazquez * Iceber Gu * Krisztian Litkey * Kohei Tokunaga * Mike Brown * Jin Dong * Bjorn Neergaard * Justin Chadwell * rongfu.leng * James Sturtevant * Davanum Srinivas * Paul "TBBle" Hampson * Henry Wang * Brian Goff * Enrico Weigelt * Laura Brehm * Marat Radchenko * Paweł Gronowski * Shingo Omura * Hsing-Yu (David) Chen * Ilya Hanov * Cardy.Tang * Swagat Bora * Aditi Sharma * Amit Barve * Bryant Biggs * Evan Lezar * James Jenkins * Jordan Liggitt * Kay Yan * Markus Lehtonen * Nashwan Azhari * Shuaiyi Zhang * Vinayak Goyal * helen * Alexandru Matei * Anthony Nandaa * Avi Deitcher * Charity Kathure * Cory Snider * Ed Bartosh * Etienne Champetier * Kevin Parsons * Michael Zappa * Milas Bowman * ningmingxiao * yanggang * zounengren * Aditya Ramani * Adrian Reber * Amir M. Ghazanfari * Artem Khramov * Brad Davidson * Chen Yiyang * Christian Muehlhaeuser * Djordje Lukic * Edgar Lee * Eric Lin * Ethan Lowman * Jiang Liu * June Rhodes * Kern Walster * Lucas Rattz * Mahamed Ali * Maksim An * Michael Crosby * Peteris Rudzusiks * Sam Edwards * Samruddhi Khandale * Sascha Grunert * Steve Griffith * Tony Fang * VERNOU Cédric * Vishal Reddy Gurrala * hang.jiang * harshitasao * jerryzhuang * lengrongfu * roman-kiselenko * zhanluxianshen * Aaron Lehmann * Adrien Delorme * Alex Couture-Beil * Alex Ellis * Alex Rodriguez * Angelos Kolaitis * Antonio Huete Jimenez * Arash Haghighat * Ben Foster * Bin Tang * Bin Xin * BinBin He * Brennan Kinney * Changqing Li * ChengenH * ChengyuZhu6 * Christian Stewart * Colin O'Dell * Craig Ingram * Daisy Rong * David Porter * Derek Nola * Eng Zer Jun * Erikson Tung * Fabiano Fidêncio * Fahed Dorgaa * Gary McDonald * Iain Macdonald * James Lakin * Jan Dubois * Jaroslav Jindrak * Javier Maestro * Jian Wang * Jiongchi Yu * Julien Balestra * Kir Kolyshkin * Kirill A. Korinsky * Konstantin Khlebnikov * Mauri de Souza Meneguzzo * Pan Yibo * Paul Meyer * Qasim Sarfraz * Qiutong Song * Reinhard Tartler * Robbie Buxton * Robert-André Mauchin * Ruihua Wen * Sameer * Shengjing Zhu * Shiming Zhang * Shukui Yang * Talon * Tariq Ibrahim * Tianon Gravi * Tim Hockin * TinaMor * Tobias Klauser * Tomáš Virtus * Tõnis Tiigi * Wang Xinwen * William Chen * Xinyang Ge * Yibo Zhuang * Yury Gargay * Zechun Chen * Zhang Tianyang * Zoe * baijia * bo.jiang * bzsuni * charles-chenzz * chschumacher1994 * guangli.bao * guangwu * jinda.ljd * krglosse * pigletfly * rokkiter * wangxiang * zhangpeng * zhaojizhuang * 吴小白 * 张钰 * 沈陵 * 谭九鼎 ### Dependency Changes * **dario.cat/mergo** v1.0.1 **_new_** * **github.com/AdaLogics/go-fuzz-headers** 1f10f66a31bf -> ced1acdcaa24 * **github.com/AdamKorcz/go-118-fuzz-build** 5330a85ea652 -> 8075edf89bb0 * **github.com/Microsoft/go-winio** v0.6.0 -> v0.6.2 * **github.com/Microsoft/hcsshim** v0.10.0-rc.7 -> v0.12.6 * **github.com/cenkalti/backoff/v4** v4.2.0 -> v4.3.0 * **github.com/cespare/xxhash/v2** v2.2.0 -> v2.3.0 * **github.com/checkpoint-restore/checkpointctl** v1.2.1 **_new_** * **github.com/checkpoint-restore/go-criu/v7** v7.2.0 **_new_** * **github.com/cilium/ebpf** v0.9.1 -> v0.11.0 * **github.com/containerd/cgroups/v3** v3.0.1 -> v3.0.3 * **github.com/containerd/console** v1.0.3 -> v1.0.4 * **github.com/containerd/containerd/api** v1.8.0-rc.3 **_new_** * **github.com/containerd/continuity** v0.3.0 -> v0.4.3 * **github.com/containerd/errdefs** v0.1.0 **_new_** * **github.com/containerd/go-cni** v1.1.9 -> v1.1.10 * **github.com/containerd/go-runc** v1.0.0 -> v1.1.0 * **github.com/containerd/imgcrypt** v1.1.7 -> v1.2.0-rc1 * **github.com/containerd/log** v0.1.0 **_new_** * **github.com/containerd/nri** v0.3.0 -> v0.6.1 * **github.com/containerd/otelttrpc** ea5083fda723 **_new_** * **github.com/containerd/platforms** v0.2.1 **_new_** * **github.com/containerd/plugin** v0.1.0 **_new_** * **github.com/containerd/ttrpc** v1.2.1 -> v1.2.5 * **github.com/containerd/typeurl/v2** v2.1.0 -> v2.2.0 * **github.com/containernetworking/cni** v1.1.2 -> v1.2.3 * **github.com/containernetworking/plugins** v1.2.0 -> v1.5.1 * **github.com/containers/ocicrypt** v1.1.6 -> v1.2.0 * **github.com/cpuguy83/go-md2man/v2** v2.0.2 -> v2.0.4 * **github.com/davecgh/go-spew** v1.1.1 -> d8f796af33cc * **github.com/distribution/reference** v0.6.0 **_new_** * **github.com/emicklei/go-restful/v3** v3.10.1 -> v3.11.0 * **github.com/felixge/httpsnoop** v1.0.4 **_new_** * **github.com/fsnotify/fsnotify** v1.6.0 -> v1.7.0 * **github.com/fxamacker/cbor/v2** v2.7.0 **_new_** * **github.com/go-jose/go-jose/v4** v4.0.2 **_new_** * **github.com/go-logr/logr** v1.2.3 -> v1.4.2 * **github.com/golang/protobuf** v1.5.2 -> v1.5.4 * **github.com/google/go-cmp** v0.5.9 -> v0.6.0 * **github.com/google/uuid** v1.3.0 -> v1.6.0 * **github.com/gorilla/websocket** v1.5.0 **_new_** * **github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus** v1.0.1 **_new_** * **github.com/grpc-ecosystem/go-grpc-middleware/v2** v2.1.0 **_new_** * **github.com/grpc-ecosystem/grpc-gateway/v2** v2.7.0 -> v2.22.0 * **github.com/intel/goresctrl** v0.3.0 -> v0.7.0 * **github.com/klauspost/compress** v1.16.0 -> v1.17.10 * **github.com/mdlayher/socket** v0.4.1 **_new_** * **github.com/mdlayher/vsock** v1.2.1 **_new_** * **github.com/moby/spdystream** v0.2.0 -> v0.4.0 * **github.com/moby/sys/mountinfo** v0.6.2 -> v0.7.2 * **github.com/moby/sys/sequential** v0.5.0 -> v0.6.0 * **github.com/moby/sys/signal** v0.7.0 -> v0.7.1 * **github.com/moby/sys/symlink** v0.2.0 -> v0.3.0 * **github.com/moby/sys/user** v0.3.0 **_new_** * **github.com/moby/sys/userns** v0.1.0 **_new_** * **github.com/munnerz/goautoneg** a7dc8b61c822 **_new_** * **github.com/mxk/go-flowrate** cca7078d478f **_new_** * **github.com/opencontainers/image-spec** 3a7f492d3f1b -> v1.1.0 * **github.com/opencontainers/runtime-spec** v1.1.0-rc.1 -> v1.2.0 * **github.com/opencontainers/runtime-tools** 946c877fa809 -> 2e043c6bd626 * **github.com/pelletier/go-toml/v2** v2.2.3 **_new_** * **github.com/pmezard/go-difflib** v1.0.0 -> 5d4384ee4fb2 * **github.com/prometheus/client_golang** v1.14.0 -> v1.20.4 * **github.com/prometheus/client_model** v0.3.0 -> v0.6.1 * **github.com/prometheus/common** v0.37.0 -> v0.55.0 * **github.com/prometheus/procfs** v0.8.0 -> v0.15.1 * **github.com/sirupsen/logrus** v1.9.0 -> v1.9.3 * **github.com/stretchr/testify** v1.8.2 -> v1.9.0 * **github.com/urfave/cli/v2** v2.27.4 **_new_** * **github.com/vishvananda/netlink** v1.2.1-beta.2 -> v1.3.0 * **github.com/vishvananda/netns** 2eb08e3e575f -> v0.0.4 * **github.com/x448/float16** v0.8.4 **_new_** * **github.com/xrash/smetrics** 686a1a2994c1 **_new_** * **go.etcd.io/bbolt** v1.3.7 -> v1.3.11 * **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.40.0 -> v0.55.0 * **go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp** v0.55.0 **_new_** * **go.opentelemetry.io/otel** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/otel/metric** v0.37.0 -> v1.30.0 * **go.opentelemetry.io/otel/sdk** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/otel/trace** v1.14.0 -> v1.30.0 * **go.opentelemetry.io/proto/otlp** v0.19.0 -> v1.3.1 * **golang.org/x/crypto** v0.1.0 -> v0.27.0 * **golang.org/x/exp** aacd6d4b4611 **_new_** * **golang.org/x/mod** v0.7.0 -> v0.21.0 * **golang.org/x/net** v0.7.0 -> v0.29.0 * **golang.org/x/oauth2** v0.4.0 -> v0.22.0 * **golang.org/x/sync** v0.1.0 -> v0.8.0 * **golang.org/x/sys** v0.6.0 -> v0.25.0 * **golang.org/x/term** v0.5.0 -> v0.24.0 * **golang.org/x/text** v0.7.0 -> v0.18.0 * **golang.org/x/time** 90d013bbcef8 -> v0.3.0 * **google.golang.org/genproto/googleapis/api** 8af14fe29dc1 **_new_** * **google.golang.org/genproto/googleapis/rpc** 8af14fe29dc1 **_new_** * **google.golang.org/grpc** v1.53.0 -> v1.67.0 * **google.golang.org/protobuf** v1.28.1 -> v1.34.2 * **k8s.io/api** v0.26.2 -> v0.31.1 * **k8s.io/apimachinery** v0.26.2 -> v0.31.1 * **k8s.io/apiserver** v0.26.2 -> v0.31.1 * **k8s.io/client-go** v0.26.2 -> v0.31.1 * **k8s.io/component-base** v0.26.2 -> v0.31.1 * **k8s.io/cri-api** v0.26.2 -> v0.32.0-alpha.0 * **k8s.io/klog/v2** v2.90.1 -> v2.130.1 * **k8s.io/kubelet** v0.31.1 **_new_** * **k8s.io/utils** a5ecb0141aa5 -> 18e509b52bc8 * **sigs.k8s.io/json** f223a00ba0e2 -> bc3834ca7abd * **sigs.k8s.io/structured-merge-diff/v4** v4.2.3 -> v4.4.1 * **sigs.k8s.io/yaml** v1.3.0 -> v1.4.0 * **tags.cncf.io/container-device-interface** v0.8.0 **_new_** * **tags.cncf.io/container-device-interface/specs-go** v0.8.0 **_new_** Previous release can be found at [v1.7.0](https://github.com/containerd/containerd/releases/tag/v1.7.0) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
-
v1.7.227f7fdf5f · ·
containerd 1.7.22 Welcome to the v1.7.22 release of containerd! The twenty-second patch release for containerd 1.7 contains various fixes and updates. ### Highlights #### Build and Release Toolchain * Update to go1.22.7, go1.23.1 ([#10679](https://github.com/containerd/containerd/pull/10679)) #### Container Runtime Interface (CRI) * Cumulative stats can't decrease ([#10670](https://github.com/containerd/containerd/pull/10670)) #### Runtime * Fix bug where init exits were being dropped ([#10675](https://github.com/containerd/containerd/pull/10675)) * Update runc binary to 1.1.14 ([#10668](https://github.com/containerd/containerd/pull/10668)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Samuel Karp * James Sturtevant * Laura Brehm * Maksym Pavlenko * Akhil Mohan * Akihiro Suda * Cory Snider * Derek McGowan * Sebastiaan van Stijn ### Changes <details><summary>16 commits</summary> <p> * Prepare release notes for v1.7.22 ([#10684](https://github.com/containerd/containerd/pull/10684)) * [`43174ee6a`](https://github.com/containerd/containerd/commit/43174ee6addb26a0e52f3fbed4a76bbbcc151ae0) Prepare release notes for v1.7.22 * integration: regression test for issue 10589 ([#10682](https://github.com/containerd/containerd/pull/10682)) * [`0c4ba21d8`](https://github.com/containerd/containerd/commit/0c4ba21d855ce81b2b946d2f6779c1dc529da506) integration: regression test for issue 10589 * [`1cc2cfa4b`](https://github.com/containerd/containerd/commit/1cc2cfa4bf042e8c202f44903a6445bd1f432a5b) fifosync: cross-process synchronization * Fix bug where init exits were being dropped ([#10675](https://github.com/containerd/containerd/pull/10675)) * [`f338717ed`](https://github.com/containerd/containerd/commit/f338717ed4fdc06d289b8d6e2862eeb3035b32da) runc-shim: handle pending execs as running * [`686c69490`](https://github.com/containerd/containerd/commit/686c69490d0bb9ed6513b3ed2f2502ec65b11d75) runc-shim: refuse to start execs after init exits * [`760935e52`](https://github.com/containerd/containerd/commit/760935e5211df1b6681fcf14d62804710fe512cd) runc-shim: remove misleading comment * Update to go1.22.7, go1.23.1 ([#10679](https://github.com/containerd/containerd/pull/10679)) * [`19d678f73`](https://github.com/containerd/containerd/commit/19d678f732da9fcf9445a65ece4ad5ad3e993580) update to go1.22.7, go1.23.1 * Cumulative stats can't decrease ([#10670](https://github.com/containerd/containerd/pull/10670)) * [`3658d5b40`](https://github.com/containerd/containerd/commit/3658d5b403bbcb92f994cfdcd03b6fca1acb87aa) Include change in cri server * [`88d001c74`](https://github.com/containerd/containerd/commit/88d001c749a8b90416460c776196c88f0fc26977) Cumulative stats can't decrease * Update runc binary to 1.1.14 ([#10668](https://github.com/containerd/containerd/pull/10668)) * [`33e8a2005`](https://github.com/containerd/containerd/commit/33e8a20050808a9d9300269d2ce705ec934154e3) update runc binary to 1.1.14 </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.7.21](https://github.com/containerd/containerd/releases/tag/v1.7.21)