containerd 1.7.23

Welcome to the v1.7.23 release of containerd!

The twenty-third patch release for containerd 1.7 contains various fixes
and updates.

Highlights

• Add errdefs aliases (#10792)
• Allow proxy plugins to have capabilities (#10731)
• Revert errdefs package migration (#10712)

Container Runtime Interface (CRI)

• Add check for CNI plugins before tearing down pod network (#10767)

Image Distribution

• Fix the race condition during GC of snapshots when client retries (#10763)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Austin Vazquez
• Phil Estes
• Akihiro Suda
• Samuel Karp
• Maksym Pavlenko
• Kern Walster
• Kir Kolyshkin
• Saket Jajoo
• Sameer
• Wei Fu
• Zou Nengren
• bo.jiang

Changes

37 commits

• Prepare release notes for v1.7.23 (#10802)
  • 921f554af Prepare release notes for v1.7.23
• Revert "update runc binary to 1.1.15" (#10826)
  • 8f16d6588 Revert "update runc binary to 1.1.15"
• Switch from actuated.dev to GH Action runners for arm64 (#10822)
  • 41e8f24cd Switch from actuated.dev to GH Action runners for arm64
  • dd811f224 Update github actions ci to run on forks
• bump golangci/golangci-lint-action from 4 to 6 (#10813)
  • 284484af4 bump golangci/golangci-lint-action from 4 to 6
• update to go1.23.2,go1.22.8 (#10808)
  • 814c59ba5 update to go1.23.2,go1.22.8
• prow: allow ENABLE_CRI_SANDBOXES to be configured (#10801)
  • ae11176fa prow: allow ENABLE_CRI_SANDBOXES to be configured
• TestNewBinaryIOCleanup: fix a comment, minor rewrite (#10776)
  • 7fd794a7c TestNewBinaryIOCleanup: fix a comment, minor rewrite
• Add errdefs aliases (#10792)
  • 0714a2952 Add errdefs aliases
• Update runc binary to 1.1.15 (#10794)
  • 113a9f1fc update runc binary to 1.1.15
• Update runner images to macOS13 (#10783)
  • 5305b03f2 Update runner images to macOS13
• Allow proxy plugins to have capabilities (#10731)
  • 950740390 Allow proxy plugins to have capabilities
• Bump crun to 1.16.1 (#10774)
  • e8aae7824 Bump crun to 1.16
  • ee1c39b79 CI: bump up crun to 1.15
• Fix the race condition during GC of snapshots when client retries (#10763)
  • cb5e6a01a Fix the race condition during GC of snapshots when client retries
• Add check for CNI plugins before tearing down pod network (#10767)
  • 278bd0f72 [release/1.7] Add check for CNI plugins before tearing down pod network
• Revert errdefs package migration (#10712)
  • 18403239e Synchronize 1.7 error package with errdefs
  • d8d27205b Revert "migrate errdefs package to github.com/containerd/errdefs module"
  • e82d201b3 Revert "replace uses of github.com/containerd/containerd/errdefs"
  • 51939238f Revert "errdefs: denote deprecation as a godoc comment"
  • ae80077e8 Revert "golangci-lint: enable depguard for packages that moved"
  • 32675f983 Revert "remove imports of errdefs package"

Changes from containerd/errdefs

29 commits

• Add errdefs/pkg package (containerd/errdefs#19)
  • 46a6522 Add errdefs/pkg package
• Update GitHub Actions packages and runners (containerd/errdefs#20)
  • 303a6ea Update to Go 1.22.8 in CI
  • e70104e Upgrade to golangci-lint@v1.61.0
  • ffe5586 Upgrade to golangci/golangci-lint-action@v6
  • 908b04b Upgrade to actions/checkout@v4
  • 608b83c Upgrade to actions/setup-go@v5
  • 8e82ae4 Upgrade macOS runner image to macOS 13
• Complete interface definitions for errors (containerd/errdefs#18)
  • 41d12e1 Complete interface definitions for errors
• Add support for grpc error details and multiple errors (containerd/errdefs#7)
  • b9dce4d Add support for grpc error details
  • ffb0349 Update Resolve function to support Is interface
• Add support for custom error messages (containerd/errdefs#10)
  • dc9b20e Add support for custom error messages
• Add a resolve error function to return first error (containerd/errdefs#9)
  • 9f87502 Add a resolve error function to return first error
• Add stack support (containerd/errdefs#8)
  • f96dfda Add stack package for managing error stack traces
  • 70fd2d7 Add collapsible error type
  • 6022faf Add typeurl to go mod
• Fix Cancelled interface typo (containerd/errdefs#6)
  • 9564d8f Fix Cancelled interface typo
• Split gRPC and HTTP error utility into seperate packages (containerd/errdefs#5)
  • fd0e482 Split gRPC and HTTP error utility into seperate packages
• Add more grpc types (containerd/errdefs#3)
  • f727cdb Add HTTP status code and error type conversion
  • 9854dc7 Add more grpc error types

Dependen...

containerd 1.7.22

Welcome to the v1.7.22 release of containerd!

The twenty-second patch release for containerd 1.7 contains various fixes
and updates.

Highlights

Build and Release Toolchain

• Update to go1.22.7, go1.23.1 (#10679)

Container Runtime Interface (CRI)

• Cumulative stats can't decrease (#10670)

Runtime

• Fix bug where init exits were being dropped (#10675)
• Update runc binary to 1.1.14 (#10668)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• James Sturtevant
• Laura Brehm
• Maksym Pavlenko
• Akhil Mohan
• Akihiro Suda
• Cory Snider
• Derek McGowan
• Sebastiaan van Stijn

Changes

16 commits

• Prepare release notes for v1.7.22 (#10684)
  • 43174ee6a Prepare release notes for v1.7.22
• integration: regression test for issue 10589 (#10682)
  • 0c4ba21d8 integration: regression test for issue 10589
  • 1cc2cfa4b fifosync: cross-process synchronization
• Fix bug where init exits were being dropped (#10675)
  • f338717ed runc-shim: handle pending execs as running
  • 686c69490 runc-shim: refuse to start execs after init exits
  • 760935e52 runc-shim: remove misleading comment
• Update to go1.22.7, go1.23.1 (#10679)
  • 19d678f73 update to go1.22.7, go1.23.1
• Cumulative stats can't decrease (#10670)
  • 3658d5b40 Include change in cri server
  • 88d001c74 Cumulative stats can't decrease
• Update runc binary to 1.1.14 (#10668)
  • 33e8a2005 update runc binary to 1.1.14

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.7.21

containerd 1.7.21

Welcome to the v1.7.21 release of containerd!

The twenty-first patch release for containerd 1.7 contains various fixes
and updates.

Highlights

• Regenerate introspection UUID if state is empty (#10510)
• Set stderr to empty string when using terminal on Windows (#10499)

Build and Release Toolchain

• Move builds to Go 1.22 and add support for testing with 1.23 (#10596)

Container Runtime Interface (CRI)

• Borrow latest wsstream from k8s v1.31.x to 1.7 (#10575)
• Ensure the CRIAPIV1Alpha2 warning's lastOccurrence is accurate (#10571)
• Make StopContainer idempotent (#10528)
• Make StopPodSandbox idempotent (#10527)

Go client

• Fix failed force deletion for tasks with PID 0 (#10523)

Runtime

• Fix packaged runc reporting incorrect version (#10559)
• Ensure /run/containerd gets created with correct perms (#10534)

Deprecations

• Ensure the CRIAPIV1Alpha2 warning's lastOccurrence is accurate (#10571)
• Update warnings for deprecated CRI config fields (#10512)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Davanum Srinivas
• Samuel Karp
• Sebastiaan van Stijn
• Phil Estes
• Maksym Pavlenko
• Akhil Mohan
• Chris Henzie
• Derek McGowan
• Kazuyoshi Kato
• Sascha Grunert
• Akihiro Suda
• Erikson Tung
• Iceber Gu
• Mauri de Souza Meneguzzo
• Mike Brown
• Shengjing Zhu
• TinaMor
• rongfu.leng

Changes

45 commits

• Prepare release notes for v1.7.21 (#10632)
  • 975f279ee Prepare release notes for v1.7.21
• go.mod: keep minimum go version at go1.21 (#10633)
  • d63bd8464 go.mod: keep minimum go version at go1.21
• Move builds to Go 1.22 and add support for testing with 1.23 (#10596)
  • c76028088 update golangci-lint to 1.60.1
  • 3b263d082 add go1.23.0, drop go1.21.x
• Fix TestNewBinaryIOCleanup on Go 1.23 and Linux 5.4 (#10590)
  • 09ca004de Fix TestNewBinaryIOCleanup on Go 1.23 and Linux 5.4
• Borrow latest wsstream from k8s v1.31.x to 1.7 (#10575)
  • 9269d97b1 hide wsstream under internal/ to prevent external use
  • 59815fa44 golangci-lint should only look for problems in new code
  • 1c431dc6f Run go mod tidy
  • 226f93d92 Add copyright headers
  • 6f3252733 switch over references to the new package
  • 0a85d476a Fix up some constant references
  • 82bfa44d0 Copy over wsstream from k8s v1.31.0-rc.1 release
• Ensure the CRIAPIV1Alpha2 warning's lastOccurrence is accurate (#10571)
  • 52b79f337 Update CRIAPIV1Alpha2 warning lastOccurrence every call
• pkg/userns: deprecate and migrate to github.com/moby/sys/userns (#10564)
  • dce0b5a6d migrate to github.com/moby/sys/userns
  • 65f7d0740 pkg/userns: deprecate and migrate to github.com/moby/sys/user/userns
  • f21675c27 vendor: github.com/moby/sys/user v0.2.0
• update to go1.21.13 / go1.22.6 (#10570)
  • 228914a5e update to go1.21.13 / go1.22.6
• Fix TestNewBinaryIOCleanup failing with gotip (#10554)
  • 3ff82ba0f Fix TestNewBinaryIOCleanup failing with gotip
• Fix packaged runc reporting incorrect version (#10559)
  • d51143f6f script/setup/install-runc: fix runc using incorrect version
• update auths code comment (#10536)
  • 7bb1455d8 update auths code comment
• Ensure /run/containerd gets created with correct perms (#10534)
  • 16c5fc768 Ensure /run/containerd is created with correct perms
• Make StopContainer idempotent (#10528)
  • 6da4e40b2 Make StopContainer RPC idempotent
• Make StopPodSandbox idempotent (#10527)
  • b3b6f1507 Make StopPodSandbox RPC idempotent
• Fix failed force deletion for tasks with PID 0 (#10523)
  • 0db46f664 client: fix tasks with PID 0 cannot be forced to delete
• Update warnings for deprecated CRI config fields (#10512)
  • 9afb8dcdf deprecation: update warnings for CRI config fields
• Regenerate introspection UUID if state is empty (#10510)
  • b140792e4 introspection: regenerate UUID if state is empty
• Set stderr to empty string when using terminal on Windows (#10499)
  • f9beac3db Set stderr to empty string when using terminal on Windows.

Dependency Changes

• github.com/moby/sys/userns v0.1.0 new

Previous release can be found at v1.7.20

containerd 1.7.17

Welcome to the v1.7.17 release of containerd!

The seventeenth patch release for containerd 1.7 contains various fixes and updates.

Highlights

• Use LOOP_CONFIGURE when creating loop devices (#10209)
• Update unpacker to fetch all provided content (#10233)
• Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts (#10210)
• Update metadata snapshotter to lease on already exists (#10198)
• Handle unsupported config versions (#10165)
• Fix deadlock when writing to pipe blocks (containerd/ttrpc#168)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Stefan Berger
• Derek McGowan
• Austin Vazquez
• Alexandru Matei
• Maksym Pavlenko
• Akihiro Suda
• Bryant Biggs
• Kevin Parsons
• Kirtana Ashok
• Phil Estes
• Kazuyoshi Kato
• Kohei Tokunaga
• Swagat Bora

Changes

43 commits

• Prepare release notes for v1.7.17 (#10235)
  • 114b07b97 Prepare release notes for v1.7.17
• Use LOOP_CONFIGURE when creating loop devices (#10209)
  • 803aaa680 Remove internal LoopConfig struct
  • 7bd3be948 Swap internal ioctl implementation with golang.org/x/sys
  • a0739dc0e Use LOOP_CONFIGURE when creating loop devices
• Update unpacker to fetch all provided content (#10233)
  • 1573ea598 Update ctr image pull all platforms
  • 32b594f1b Update unpacker to always fetch all
• Update hcsshim tag to v0.11.5 (#10232)
  • 5a03a3aee Update hcsshim tag to v0.11.5
• Update ttrpc tag to 1.2.4 (#10221)
  • 9a1eda40f update ttrpc tag to 1.2.4
• Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts (#10210)
  • ad85652fa Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts
• Update instrumentation fuzzer with new flag (#10229)
  • 582f3f43d Update instrumentation fuzzer with new flag
• vendor: github.com/containerd/imgcrypt@v1.1.8 (#10215)
  • a5d13689b vendor: github.com/containerd/imgcrypt@v1.1.8
• vendor: golang.org/x/net@v0.23.0 (#10211)
  • f853bc129 vendor: golang.org/x/net@v0.23.0
  • 837972979 vendor: golang.org/x/net@v0.21.0
  • 56aa87792 vendor: golang.org/x/net@v0.20.0
  • 4e6335ebd vendor: golang.org/x/net@v0.19.0
  • 1c6c745c6 vendor: golang.org/x/term@v0.17.0
  • 1077d38c9 vendor: golang.org/x/sys@v0.18.0
• Update tooling to Go 1.21.10, 1.22.3 for net/http bug fixes (#10207)
  • c53b635f9 Update toolchain to Go 1.21.10 and 1.22.3
• vendor: golang.org/x/crypto@v0.18.0 (#10204)
  • 4b52104f0 vendor: golang.org/x/crypto@v0.18.0
  • 2f65c83b0 vendor: golang.org/x/term@v0.16.0
  • 8a76171f7 vendor: golang.org/x/sys@v0.16.0
  • d45778523 vendor: golang.org/x/term@v0.15.0, golang.org/x/text@v0.14.0
  • 24038de8c vendor: golang.org/x/sys@v0.15.0
• Update metadata snapshotter to lease on already exists (#10198)
  • eb930375c Add lease test for metadata snapshotter
  • 9f6c61ab9 Update metadata snapshotter to lease on exists
• Update grpc and image-spec dependencies (#10180)
  • 24dd403ab Update image-spec to v1.1.0
  • 189b69e24 go.mod: github.com/opencontainers/image-spec v1.1.0-rc3
  • 388fb336b Update grpc to v1.59.0
• Handle unsupported config versions (#10165)
  • 00347b7fa Add check for unsupported config versions

Changes from containerd/imgcrypt

53 commits

• CHANGES: Updated CHANGES document for 1.1.8 release (containerd/imgcrypt#122)
  • 956b4d3 CHANGES: Updated CHANGES document for 1.1.8 release
• Synchronize enc-ctr with upstream ctr from containerd v1.6.23 and use containerd v1.6.23 in dependency (containerd/imgcrypt#120)
  • 9e8e1c1 ctr: Sync code with containerd v1.6.23 ctr
  • 7d2cca5 build(deps): bump containerd from 1.6.20 to 1.6.23
• Synchronize enc-ctr with upstream ctr from containerd v1.6.20 (containerd/imgcrypt#119)
  • 0f2559e ctr: Sync code with containerd v1.6.20 ctr
  • c48dd78 cmd: Copy IntToInt32Array into img package and use it
• Update to ocicrypt 1.1.8 and minimum go 1.20 (containerd/imgcrypt#118)
  • 6d48a4e build(deps): bump ocicrypt from 1.1.7 to 1.1.8
  • 1bc94a2 github: Use golangci-lint v1.54.1 and adjust config file
  • 9065f1d github: Test with go 1.21 and go 1.20
  • 74986f3 go.mod: Require go 1.20
• build(deps): bump google.golang.org/grpc from 1.47.0 to 1.53.0 (containerd/imgcrypt#117)
  • a2a8273 build(deps): bump google.golang.org/grpc from 1.47.0 to 1.53.0
• test: Test creating and running of container with key file missing (containerd/imgcrypt#116)
  • 286470a test: Test creating and running of container with key file missing
• Fix some issues in the test script (containerd/imgcrypt#115)
  • aa517cc test: Fix order of parameters and remove unnecessary key parameter
  • [ec72311](https://github.com/contai...

containerd 1.7.16

Welcome to the v1.7.16 release of containerd!

The sixteenth patch release for containerd 1.7 contains various fixes and updates.

Highlights

• Update AppArmor template to allow confined runc to kill containers (#10129)
• Fix config import relative path glob (#9834)
• Update AppArmor template to better support rootlesskit (#10116)
• Update HTTP fallback to better account for TLS timeout and previous attempts (#10112)
• Add support for HPC port forwarding (#10008)
• Prevent GC from schedule itself with 0 period. (#10102)
• Fix issue with using invalid token to retry fetching layer (#10065)
• Automatically decompress archives for transfer service import (#9989)
• Fix HTTPFallback fails when pushing manifest (#10044)
• Add support for configuring otel from env and config deprecation notice (#9992)
• Fix deadlock during NRI plugin registration (containerd/nri#79)

Build and Release Toolchain

• Update Go to 1.21.9 and 1.22.2 with net/http security fix (#10115)

Container Runtime Interface (CRI)

• Fix CRI snapshotter root path when not under containerd root (#10096)
• Fix network creation failure from CreatedAt time as 269 years ago (#10122)
• Include userns info in PodSandboxStatus (#9865)
• Fix default working directory Windows HostProcess containers (#10071)
• Fix ListPodSandboxStats to skip sandboxes with missing tasks (#10042)

Deprecations

• Add support for configuring otel from env and config deprecation notice (#9992)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Samuel Karp
• Wei Fu
• Danny Canter
• Kazuyoshi Kato
• Kirtana Ashok
• Maksym Pavlenko
• Phil Estes
• Sebastiaan van Stijn
• Brian Goff
• Rodrigo Campos
• Akihiro Suda
• Angelos Kolaitis
• Bin Tang
• David Porter
• Edgar Lee
• Evan Lezar
• Kirill A. Korinsky
• Kohei Tokunaga
• Maksim An
• Paweł Gronowski
• Tomáš Virtus
• 张钰10307750
• 沈陵

Changes

50 commits

• Add release notes for v1.7.16 (#10124)
  • 1c623084f Add release notes for v1.7.16
• Update AppArmor template to allow confined runc to kill containers (#10129)
  • 18a2c36fa apparmor: Allow confined runc to kill containers
• Fix config import relative path glob (#9834)
  • 62e9535f2 Fix config import relative path glob
• Fix CRI snapshotter root path when not under containerd root (#10096)
  • a8ebceb97 CRI: "Fix" imageFSPath behavior
  • bd423bf84 Snapshotters: Export the root path
  • 8fb6bfa71 Add exports to proxy plugin config
  • 8916e2cf9 Add platform config to proxy plugins
• Fix network creation failure from CreatedAt time as 269 years ago (#10122)
  • 293f5151d pod: CreatedAt time will be 269 years ago while creating cri network failed.
• Update AppArmor template to better support rootlesskit (#10116)
  • af19e746e apparmor: add signal (receive) peer=/usr/local/bin/rootlesskit,
• Update Go to 1.21.9 and 1.22.2 with net/http security fix (#10115)
  • 637d259dd update to go1.21.9, go1.22.2
• Update HTTP fallback to better account for TLS timeout and previous attempts (#10112)
  • 794b0c723 Add deprecated HTTPFallback for package compatibility
  • 51c649d9d Update HTTPFallback to handle tls handshake timeout
  • aa14890ed Remove empty default tls configuration in ctr
• Add support for HPC port forwarding (#10008)
  • 3df5d4445 Add support for HPC port forwarding
• Prevent GC from schedule itself with 0 period. (#10102)
  • 5c15bf406 Prevent GC from schedule itself with 0 period.
• Include userns info in PodSandboxStatus (#9865)
  • b57dc9fd3 cri/server: Add userns tests in PodSandboxStatus
  • 6e809ef13 cri: Expose userns in PodSandboxStatus rpc
• mod: bump github.com/containerd/nri@v0.6.1 (#10097)
  • 395a31901 mod: bump github.com/containerd/nri@v0.6.1
• Fix issue with using invalid token to retry fetching layer (#10065)
  • f61de0864 fix bug that using invalid token to retry fetching layer
• Bump tags.cncf.io/container-device-interface to v0.7.2 (#10077)
  • 7a2f49f70 Bump tags.cncf.io/container-device-interface to v0.7.2
• Fix default working directory Windows HostProcess containers (#10071)
  • 989f1ec54 fix default working directory hostProcess
• Fix unexpected order of mounts since go 1.19 (#10063)
  • 9f774e438 fix(cri): fix unexpected order of mounts since go 1.19
• Automatically decompress archives for transfer service import (#9989)
  • 2aec52493 Automatically decompress archives for transfer service import
• Use different containerd sock address in tests (#10056)
  • 8c76e7948 Use different containerd sock address in tests
• Fix HTTPFallback fails when pushing manifest (#10044)
  • 18f4ad5ee remote: Fix HTTPFallback fails when pushing manifest
• Add support for configuring otel from env and config deprecation notice (#9992)
  • 600ba8612 vendor: revendor OTEL
  • 9360e3716 Changes to configuring otel from env only
  • f2354894f Deprecate otel configs
• Fix ListPodSandboxStats to skip sandboxes with missing tasks (#10042)
  • 90c309fe2 Add IsNotFound case to ListPodSandboxStats

Changes from containerd/nri

5 commits<...

containerd 1.7.15

Welcome to the v1.7.15 release of containerd!

The fifteenth patch release for containerd 1.7 contains various fixes; one for a
regression introduced in v1.7.14 in the way process exits were handled.

Highlights

• Adds mediatype to OCI index record on export (#9990)

Runtime

• Fix runc shim to only defer init process exits (#10037)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Phil Estes
• Austin Vazquez
• Laura Brehm
• Sebastiaan van Stijn
• Talon

Changes

12 commits

• Prepare for v1.7.15 release (#10039)
  • 4d4759b54 Prep v1.7.15 release
• Fix runc shim to only defer init process exits (#10037)
  • 21df46766 runc-shim: only defer init process exits
• Fix compile from version control system (source) use case (#10012)
  • 2a054213e Fix compile from version control system (source) use case
• Adds mediatype to OCI index record on export (#9990)
  • 6605c47a4 adds mediatype to oci index record
• vendor: google.golang.org/protobuf 1.33.0, github.com/golang/protobuf v1.5.4 (#9975)
  • e6d91d843 vendor: github.com/golang/protobuf v1.5.4
  • 2d136c5f5 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
  • a1a7af7a3 build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0

Dependency Changes

• github.com/golang/protobuf v1.5.3 -> v1.5.4
• google.golang.org/protobuf v1.31.0 -> v1.33.0

Previous release can be found at v1.7.14

containerd 1.7.14

Welcome to the v1.7.14 release of containerd!

The fourteenth patch release for containerd 1.7 contains various fixes and updates.

Highlights

• Update builds to use go 1.21.8 (#9933)
• Fix various timing issues with docker pusher (#9921)
• Register imagePullThroughput and count with MiB (#9855)
• Move high volume event logs to Trace level (#9823)

Container Runtime Interface (CRI)

• Handle pod transition states gracefully while listing pod stats (#9905)

Runtime

• Update runc-shim to process exec exits before init (#9928)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Wei Fu
• Derek McGowan
• Maksym Pavlenko
• Krisztian Litkey
• Akihiro Suda
• Justin Chadwell
• Sebastiaan van Stijn
• Phil Estes
• Kirtana Ashok
• Akhil Mohan
• Austin Vazquez
• Etienne Champetier
• Jordan Liggitt
• Kohei Tokunaga
• Mike Brown
• Samuel Karp
• Davanum Srinivas
• Edgar Lee
• Henry Wang
• James Sturtevant
• Laura Brehm
• Nashwan Azhari
• Robbie Buxton
• Robert-André Mauchin
• Shukui Yang

Changes

70 commits

• Prepare release notes for v1.7.14 (#9953)
  • 1babe6b58 Prepare release notes for v1.7.14
• Backport use Go toolchain in CI matrix to build binaries (#9951)
  • a9bbbefcf Use the Go toolchain in CI matrix to build binaries
• Update builds to use go 1.21.8 (#9933)
  • 1ca9a643a update to go 1.21.8, 1.22.1
• Move inline PS scripts into files (#9938)
  • 39caf532e Move inline PS scripts into files
• Disable OOM set score unpriv test temporarily (#9944)
  • 630226bb4 Disable OOM set score unpriv test temporarily
• Update runc-shim to process exec exits before init (#9928)
  • de7b6bae9 runc-shim: process exec exits before init
• update to go 1.21.6, test 1.22.0 (#9860)
  • 3b3e537ea Uninstall mingw before attempting upgrade
  • 9e24388b2 CI: Explicitly upgrade MinGW on Windows 2019 GitHub runners.
  • 5b23a4127 seccomp, apparmor: add go:noinline
  • 753422ac1 Drop go 1.20 and build against 1.22
  • a2d64218c Fix windows integration tests
  • 6379dd6f4 Update workflow files to install Go via composite action
  • a5c0d061c Extract a composite action to install Go
• Fix various timing issues with docker pusher (#9921)
  • 52a1402df copy: prevent potential deadlock if close before fully written
  • 872746386 copy: setError should imply Close
  • a8004007a copy: remove max number of ErrResets
  • 0465472ed pushWriter: refactor reset pipe logic into separate function
  • 2577207cc copy: improve error detection from closed pipes
  • d081da86b copy: check if writer was closed before setting a pipe
  • 2a25c085b copy: remove wrapping io.NopCloser from push writer pipe
• Register imagePullThroughput and count with MiB (#9855)
  • 711cebd48 Register imagePullThroughput and count with MiB
• Update golangci-lint to v1.56.1 (#9900)
  • 926ceb036 fix golangci-lint errors
  • 4030ae235 Update golangci-lint to v1.56.1
  • 6620d6bfd ci: bump up golangci-lint to v1.55.2
  • b16ca72b2 Bump up golangci-lint to v1.54.2
• Handle pod transition states gracefully while listing pod stats (#9905)
  • 39db3f18b adjust test cases to run for windows
  • 579d8b463 [cri] Handle Windows pod transitions gracefully
• Backport GitHub actions package updates (#9876)
  • 8d6f0f2ae build(deps): bump golangci/golangci-lint-action from 3 to 4
  • 7929592b9 build(deps): bump actions/upload-artifact from 3 to 4
  • e11de777d build(deps): bump crazy-max/ghaction-github-runtime from 2 to 3
  • 2b40a4074 build(deps): bump actions/checkout from 3 to 4
  • 22feefa57 build(deps): bump actions/setup-go from 3 to 5
  • b96aa4012 build(deps): bump actions/upload-artifact from 1 to 3
  • 97763f91d build(deps): bump docker/setup-buildx-action from 2 to 3
  • 6875bb14f build(deps): bump github/codeql-action from 2 to 3
  • 87f9adb6b build(deps): bump actions/download-artifact from 3 to 4
• .github: windows should use fix critool version (#9874)
  • d9c099a9a .github: windows should use fix critool version
• ci: update crun version to 1.14.3 (#9850)
  • dc594b01d ci: update crun version to 1.14.3
• Add WithMetaStore to overlay snapshotter and missing unpacker.Wait for image import (#9837)
  • 8fe0b26f1 Add missing unpacker.Wait for image import
  • 31ea2d7d9 Add WithMetaStore to overlay snapshotter to allow bringing your own
• Move high volume event logs to Trace level (#9823)
  • 982e0cffb Move high volume event logs to Trace level
• cri: propagate deprecation list to runtime status (#9818)
  • c79ffa277 cri: propagate deprecation list to runtime status
• ctr: print deprecation warnings on every invocation (#9820)
  • [eaebe23de](containerd@eaebe23de407600ff81b9466...

containerd 1.7.12

Welcome to the v1.7.12 release of containerd!

The twelfth patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

• Fix on dialer function for Windows (#9501)
• Improve /etc/group handling when appending groups (#9544)
• Update shim pidfile permissions to 0644 (#9548)
• Update runc binary to v1.1.11 (#9596)
• Allow import and export to reference missing content (#9600)
• Remove runc import (#9605)
• Update Go version to 1.20.13 (#9624)

Deprecation Warnings

• Emit deprecation warning for containerd.io/restart.logpath label usage (#9567)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda
• Sebastiaan van Stijn
• Wei Fu
• Derek McGowan
• Paweł Gronowski
• Jaroslav Jindrak
• Maksym Pavlenko
• Samuel Karp
• Anthony Nandaa
• Bjorn Neergaard
• Djordje Lukic
• Kay Yan

Changes

34 commits

• [release/1.7] Prepare release notes for v1.7.12 (#9632)
  • 775d544fe Prepare release notes for v1.7.12
• [release/1.7] update to go1.20.13, test go1.21.6 (#9624)
  • a5dc5b894 update to go1.20.13, test go1.21.6
• [release/1.7] shim: Create pid-file and address with 0644 permissions (#9548)
  • 8d82242eb shim: Create address file with 0644 permissions
  • 260963a35 shim: Create pid-file with 0644 permissions
• [release/1.7 backport] switch back from golang.org/x/sys/execabs to os/exec (go1.19) (#9602)
  • 872af82f5 remove remaining uses of golang.org/x/sys/execabs
  • 2ad2a2e83 switch back from golang.org/x/sys/execabs to os/exec (go1.19)
• [release/1.7] update to CDI v0.6.1, and remove github.com/opencontainers/runc dependency (#9605)
  • 9251072f7 remove github.com/opencontainers/runc dependency
  • 4e67213d4 vendor: github.com/cncf-tags/container-device-interface v0.6.1
  • e0ee0be0d go.mod: github.com/opencontainers/runtime-spec v1.1.0
  • 02be2236a go.mod: github.com/.../container-device-interface v0.6.0
  • 91f953bb4 go.mod: github.com/opencontainers/runtime-spec v1.1.0-rc.2
• [release/1.7 backport] import/export: Support references to missing content (#9600)
  • 6089b05d9 images/Export: Revert signature change
  • 6b4b760c3 integration/import-export: Add WithSkipMissing tests
  • abb3c5ef9 export: Copy distribution source labels to manifest annotations
  • 9609f04f6 import/export: Support references to missing content
  • 42b60d865 images/archive: use mediatype helpers
• [release/1.7 backport] update runc binary to v1.1.11 (#9596)
  • 23516a99c update runc binary to v1.1.11
• [release/1.7 backport] go.mod: dario.cat/mergo v1.0.0 (#9569)
  • 428714e32 go.mod: dario.cat/mergo v1.0.0
• [release/1.7] restart: containerd.io/restart.logpath warning (#9567)
  • 03fed557e restart: containerd.io/restart.logpath warning
• [release 1.7] backport: fix on dialer function for windows (#9501)
  • 68d237392 fix(pkg/dialer): minor fix on dialer function for windows
• [release/1.7] *: enable ARM64 runner (#9502)
  • c63165123 *: enable ARM64 runner
• [release/1.7 backport] WithAppendAdditionalGroups: better /etc/group handling (#9544)
  • 55e570844 WithAppendAdditionalGroups: better /etc/group handling

Dependency Changes

• dario.cat/mergo v1.0.0 new
• github.com/container-orchestrated-devices/container-device-interface v0.5.4 -> v0.6.1
• github.com/moby/sys/user v0.1.0 new
• github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> v1.1.0

Previous release can be found at v1.7.11

containerd 1.7.11

Welcome to the v1.7.11 release of containerd!

The eleventh patch release for containerd 1.7 contains various fixes and updates including
one security issue.

Notable Updates

• Fix Windows default path overwrite issue (#9440)
• Update push to always inherit distribution sources from parent (#9452)
• Update shim to use net dial for gRPC shim sockets (#9458)
• Fix otel version incompatibility (#9483)
• Fix Windows snapshotter blocking snapshot GC on remove failure (#9482)
• Mask /sys/devices/virtual/powercap path in runtime spec and deny in default apparmor profile (GHSA-7ww5-4wqc-m92c)

Deprecation Warnings

• Emit deprecation warning for AUFS snapshotter (#9436)
• Emit deprecation warning for v1 runtime (#9450)
• Emit deprecation warning for deprecated CRI configs (#9469)
• Emit deprecation warning for CRI v1alpha1 usage (#9479)
• Emit deprecation warning for CRIU config in CRI (#9481)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• Derek McGowan
• Phil Estes
• Bjorn Neergaard
• Danny Canter
• Sebastiaan van Stijn
• ruiwen-zhao
• Akihiro Suda
• Amit Barve
• Charity Kathure
• Maksym Pavlenko
• Milas Bowman
• Paweł Gronowski
• Wei Fu

Changes

39 commits

• [release/1.7] Prepare release notes for v1.7.11 (#9491)
  • dfae68bc3 Prepare release notes for v1.7.11
• [release/1.7] update to go1.20.12, test go1.21.5 (#9352)
  • 0d314401d update to go1.20.12, test go1.21.5
  • 1ec1ae2c6 update to go1.20.11, test go1.21.4
• Github Security Advisory GHSA-7ww5-4wqc-m92c
  • cb804da21 contrib/apparmor: deny /sys/devices/virtual/powercap
  • 40162a576 oci/spec: deny /sys/devices/virtual/powercap
• [release/1.7] Don't block snapshot garbage collection on Remove failures (#9482)
  • ed7c6895b Don't block snapshot garbage collection on Remove failures
• [release/1.7] Add warning for CRIU config usage (#9481)
  • 1fdefdd22 Add warning for CRIU config usage
• [release/1.7] Fix otel version incompatibility (#9483)
  • f8f659e66 Add HTTP client update function to tracing library
  • 807ddd658 fix(tracing): use latest version of semconv
• [release/1.7] Add cri-api v1alpha2 usage warning to all api calls (#9479)
  • dc45bc838 Add cri-api v1alpha2 usage warning to all api calls
• [release/1.7] cri: add deprecation warnings for deprecated CRI configs (#9469)
  • 9d1bad62e deprecation: fix missing spaces in warnings
  • 51a604c07 cri: add deprecation warning for runtime_root
  • 8040e74bf cri: add deprecation warning for rutnime_engine
  • 99adc40eb cri: add deprecation warning for default_runtime
  • afef7ec64 cri: add warning for untrusted_workload_runtime
  • 6220dc190 cri: add warning for old form of systemd_cgroup
• [release/1.7] runtime/v2: net.Dial gRPC shim sockets before trying grpc (#9458)
  • 80f96cd18 runtime/v2: net.Dial gRPC shim sockets before trying grpc
• [release/1.7] tasks: emit warning for v1 runtime and runc v1 runtime (#9450)
  • f471bb2b8 tasks: emit warning for runc v1 runtime
  • 329e1d487 tasks: emit warning for v1 runtime
• [release/1.7] push: always inherit distribution sources from parent (#9452)
  • 4464fde12 push: always inherit distribution sources from parent
• [release/1.7] Update tar tests to run on Darwin (#9451)
  • 7e069ee25 Update tar tests to run on Darwin
• [release/1.7] ctr: Add sandbox flag to ctr run (#9449)
  • 5fc0e4e61 ctr: Add sandbox flag to ctr run
• [release/1.7] Windows default path overwrite fix (#9440)
  • 31fe03764 Fix windows default path overwrite issue
• [release/1.7] snapshots: emit deprecation warning for aufs (#9436)
  • 625b35e4b snapshots: emit deprecation warning for aufs

Dependency Changes

• github.com/felixge/httpsnoop v1.0.3 new
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 new

Previous release can be found at v1.7.10

containerd 1.7.10

Welcome to the v1.7.10 release of containerd!

The tenth patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

• Enhance container image unpack client logs (#9379)
• cri: fix using the pinned label to pin image (#9381)
• fix: ImagePull should close http connection if there is no available data to read. (#9409)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Wei Fu
• Iceber Gu
• Austin Vazquez
• Derek McGowan
• Phil Estes
• Samuel Karp
• ruiwen-zhao

Changes

11 commits

• Add release notes for v1.7.10 (#9426)
  • a995fe3a8 Add release notes for v1.7.10
• [release/1.7] fix: ImagePull should close http connection if there is no available data to read. (#9409)
  • 206806128 remotes/docker: close connection if no more data
  • 328493962 integration: reproduce containerd#9347
  • d1aab27cb fix: deflake TestCRIImagePullTimeout/HoldingContentOpenWriter
• [release/1.7] cri: fix using the pinned label to pin image (#9381)
  • a2b16d7f9 cri: fix update of pinned label for images
  • 8dc861844 cri: fix using the pinned label to pin image
• [release/1.7] Enhance container image unpack client logs (#9379)
  • 5930a3750 Enhance container image unpack client logs

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.7.9