Containerd Versions Save

Welcome to the v2.0.0-rc.0 release of containerd! This is a pre-release of containerd

The first major release of containerd 2.x focuses on the continued stability of containerd's core feature set with an easy upgrade from containerd 1.x. This release includes the stabilization of new features added in the last 1.x release as well as the removal of features which were deprecated in 1.x. The goal is to support the vast community of containerd users well into the future along with their ever increasing deployment footprints and variety of use cases.

Highlights

• Configure otel from env instead of config.toml (#8970)
• Disable the support for Schema 1 images (#9765)
• Fix config import relative path glob (#9746)
• Enable NRI by default (#9744)
• Add PluginInfo to introspection API (#9442)
• Remove overlayfs volatile option on temp mounts (#9555)
• Move packages based on contributing guide (#9365)
• Update import and export to allow references to missing content (#9554)
• Add option to perform syncfs after pull (#9401)
• Expose usage of deprecated features (#9258)
• Use Intel ISA-L's igzip if available (#9200)
• Generalize plugin library (#9214)
• Introduce top level config migration (#9223)
• Add image delete target (#8989)
• Remove LimitNOFILE from containerd.service (#8924)
• Use github.com/containerd/log (#9086)
• Add image verifier transfer service plugin system based on a binary directory (#8493)
• Add support for image expiration during garbage collection (#9022)
• Reduce the contention between ref lock and boltdb lock in content store (#8792)
• Remove "containerd.io/restart.logpath" label (#8264)
• Remove aufs snapshotter (#8263)

Container Runtime Interface (CRI)

• Add support for multiple subscribers to CRI container events (#9661)
• Enable CDI by default (#9621)
• Remove non-sandboxed CRI implementation (#9228)
• Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) (#8287)
• Use sandboxed CRI by default (#8994)
• Implement RuntimeConfig CRI call (#8722)
• Add support for user namespaces (KEP-127) (#8803)
• Remove CRI v1alpha2 (#8276)

Runtime

• Support vsock connection to task api (#9738)
• Update RuntimeDefault seccomp profile to disallow io_uring related syscalls (#9320)
• Switch runc shim to task service v3 and fix restore (#9233)
• Add sandboxer configuration and move sandbox controllers to plugins (#8268)
• Remove the CriuPath field from runc's options (#8279)
• Remove support for config.toml version = 1 (#8275)
• Remove io.containerd.runtime.v1.linux and io.containerd.runc.v1 (#8262)

Security Advisories

• [medium] RAPL accessible to a container GHSA-7ww5-4wqc-m92c

Breaking

• Disable the support for Schema 1 images (#9765)
• Update RuntimeDefault seccomp profile to disallow io_uring related syscalls (#9320)
• Move client to subpackage (#9316)
• Remove LimitNOFILE from containerd.service (#8924)
• Remove CRI v1alpha2 (#8276)
• Remove io.containerd.runtime.v1.linux and io.containerd.runc.v1 (#8262)
• Remove "containerd.io/restart.logpath" label (#8264)
• Remove aufs snapshotter (#8263)

Deprecations

• Deprecate go-plugin configuration option (#9238)
• CNI conf_template in CRI is no longer deprecated (#8637)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Akihiro Suda
• Wei Fu
• Phil Estes
• Maksym Pavlenko
• Sebastiaan van Stijn
• Samuel Karp
• Kazuyoshi Kato
• Rodrigo Campos
• Danny Canter
• Gabriel Adrian Samfira
• Iceber Gu
• Abel Feng
• Kirtana Ashok
• Austin Vazquez
• Krisztian Litkey
• Akhil Mohan
• Jin Dong
• Mike Brown
• Bjorn Neergaard
• Kohei Tokunaga
• rongfu.leng
• Justin Chadwell
• James Sturtevant
• Paul "TBBle" Hampson
• Davanum Srinivas
• Enrico Weigelt
• Paweł Gronowski
• Brian Goff
• Hsing-Yu (David) Chen
• Ilya Hanov
• Marat Radchenko
• Cardy.Tang
• Henry Wang
• Laura Brehm
• Aditi Sharma
• Bryant Biggs
• Jordan Liggitt
• Kay Yan
• Markus Lehtonen
• Nashwan Azhari
• Shingo Omura
• Vinayak Goyal
• helen
• Alexandru Matei
• Amit Barve
• Charity Kathure
• Ed Bartosh
• Etienne Champetier
• Evan Lezar
• James Jenkins
• Milas Bowman
• yanggang
• Aditya Ramani
• Amir M. Ghazanfari
• Anthony Nandaa
• Artem Khramov
• Brad Davidson
• Chen Yiyang
• Christian Muehlhaeuser
• Cory Snider
• Djordje Lukic
• Ethan Lowman
• Jiang Liu
• June Rhodes
• Mahamed Ali
• Michael Crosby
• Peteris Rudzusiks
• Sam Edwards
• Samruddhi Khandale
• Shuaiyi Zhang
• Steve Griffith
• Tony Fang
• VERNOU Cédric
• hang.jiang
• jerryzhuang
• lengrongfu
• roman-kiselenko
• Aaron Lehmann
• Adrian Reber
• Alex Couture-Beil
• Alex Ellis
• Alex Rodriguez
• Angelos Kolaitis
• Antonio Huete Jimenez
• Avi Deitcher
• Ben Foster
• Bin Xin
• BinBin He
• Brennan Kinney
• Christian Stewart
• Craig Ingram
• Daisy Rong
• Derek Nola
• Edgar Lee
• Eng Zer Jun
• Fahed Dorgaa
• Gary McDonald
• Iain Macdonald
• James Lakin
• Jan Dubois
• Jaroslav Jindrak
• Jiongchi Yu
• Julien Balestra
• Kern Walster
• Kevin Parsons
• Kirill A. Korinsky
• Konstantin Khlebnikov
• Maksim An
• Pan Yibo
• Qasim Sarfraz
• Qiutong Song
• Robbie Buxton
• Robert-André Mauchin
• Shukui Yang
• Talon
• Tianon Gravi
• Tim Hockin
• Tõnis Tiigi
• Wang Xinwen
• William Chen
• Yibo Zhuang
• Yury Gargay
• Zechun Chen
• Zhang Tianyang
• Zoe
• charles-chenzz
• chschumacher1994
• guangli.bao
• krglosse
• ningmingxiao
• pigletfly
• rokkiter
• wangxiang
• zhangpeng
• zhanluxianshen
• zhaojizhuang
• zounengren
• 吴小白
• 张钰
• 沈陵
• 谭九鼎

Dependency Changes

• dario.cat/mergo v1.0.0 new
• github.com/AdaLogics/go-fuzz-headers 1f10f66a31bf -> ced1acdcaa24
• github.com/AdamKorcz/go-118-fuzz-build 5330a85ea652 -> 8075edf89bb0
• github.com/Microsoft/go-winio v0.6.0 -> v0.6.1
• github.com/Microsoft/hcsshim v0.10.0-rc.7 -> v0.12.0
• github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
• github.com/checkpoint-restore/checkpointctl v1.1.0 new
• github.com/checkpoint-restore/go-criu/v7 v7.0.0 new
• github.com/cilium/ebpf v0.9.1 -> v0.11.0
• github.com/containerd/cgroups/v3 v3.0.1 -> v3.0.3
• github.com/containerd/console v1.0.3 -> v1.0.4
• github.com/containerd/continuity v0.3.0 -> v0.4.3
• github.com/containerd/errdefs v0.1.0 new
• github.com/containerd/go-runc v1.0.0 -> v1.1.0
• github.com/containerd/log v0.1.0 new
• github.com/containerd/nri v0.3.0 -> v0.6.0
• github.com/containerd/platforms v0.1.1 new
• github.com/containerd/plugin v0.1.0 new
• github.com/containerd/ttrpc v1.2.1 -> v1.2.3
• github.com/containerd/typeurl/v2 v2.1.0 -> v2.1.1
• github.com/containernetworking/plugins v1.2.0 -> v1.4.0
• github.com/distribution/reference v0.5.0 new
• github.com/emicklei/go-restful/v3 v3.10.1 -> v3.11.0
• github.com/felixge/httpsnoop v1.0.4 new
• github.com/fsnotify/fsnotify v1.6.0 -> v1.7.0
• github.com/go-logr/logr v1.2.3 -> v1.4.1
• github.com/golang/protobuf v1.5.2 -> v1.5.4
• github.com/google/go-cmp v0.5.9 -> v0.6.0
• github.com/google/uuid v1.3.0 -> v1.6.0
• github.com/gorilla/websocket v1.5.0 new
• github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.0.0 new
• github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.0-rc.3 new
• github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 -> v2.19.0
• github.com/intel/goresctrl v0.3.0 -> v0.6.0
• github.com/klauspost/compress v1.16.0 -> v1.17.7
• github.com/klauspost/cpuid/v2 v2.0.4 -> v2.2.5
• github.com/mdlayher/socket v0.4.1 new
• github.com/mdlayher/vsock v1.2.1 new
• github.com/minio/sha256-simd v1.0.0 -> v1.0.1
• github.com/moby/sys/mountinfo v0.6.2 -> v0.7.1
• github.com/moby/sys/user v0.1.0 new
• github.com/mxk/go-flowrate cca7078d478f new
• github.com/opencontainers/image-spec 3a7f492d3f1b -> v1.1.0
• github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> v1.2.0
• github.com/opencontainers/runtime-tools 946c877fa809 -> 2e043c6bd626
• github.com/pelletier/go-toml/v2 v2.1.1 new
• github.com/prometheus/client_golang v1.14.0 -> v1.19.0
• github.com/prometheus/client_model v0.3.0 -> v0.5.0
• github.com/prometheus/common v0.37.0 -> v0.48.0
• github.com/prometheus/procfs v0.8.0 -> v0.12.0
• github.com/sirupsen/logrus v1.9.0 -> v1.9.3
• github.com/stretchr/testify v1.8.2 -> v1.9.0
• github.com/urfave/cli/v2 v2.27.1 new
• github.com/vishvananda/netns 2eb08e3e575f -> v0.0.4
• github.com/xrash/smetrics 039620a65673 new
• go.etcd.io/bbolt v1.3.7 -> v1.3.9
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.40.0 -> v0.49.0
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 new
• go.opentelemetry.io/otel v1.14.0 -> v1.24.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0 -> v1.24.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0 -> v1.24.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.14.0 -> v1.24.0
• go.opentelemetry.io/otel/metric v0.37.0 -> v1.24.0
• go.opentelemetry.io/otel/sdk v1.14.0 -> v1.24.0
• go.opentelemetry.io/otel/trace v1.14.0 -> v1.24.0
• go.opentelemetry.io/proto/otlp v0.19.0 -> v1.1.0
• golang.org/x/exp aacd6d4b4611 new
• golang.org/x/mod v0.7.0 -> v0.16.0
• golang.org/x/net v0.7.0 -> v0.21.0
• golang.org/x/oauth2 v0.4.0 -> v0.16.0
• golang.org/x/sync v0.1.0 -> v0.6.0
• golang.org/x/sys v0.6.0 -> v0.18.0
• golang.org/x/term v0.5.0 -> v0.17.0
• golang.org/x/text v0.7.0 -> v0.14.0
• golang.org/x/time 90d013bbcef8 -> v0.3.0
• golang.org/x/tools v0.5.0 -> v0.16.1
• google.golang.org/appengine v1.6.7 -> v1.6.8
• google.golang.org/genproto/googleapis/api ef4313101c80 new
• google.golang.org/genproto/googleapis/rpc ef4313101c80 new
• google.golang.org/grpc v1.53.0 -> v1.62.1
• google.golang.org/protobuf v1.28.1 -> v1.33.0
• k8s.io/api v0.26.2 -> v0.29.2
• k8s.io/apimachinery v0.26.2 -> v0.29.2
• k8s.io/apiserver v0.26.2 -> v0.29.2
• k8s.io/client-go v0.26.2 -> v0.29.2
• k8s.io/component-base v0.26.2 -> v0.29.2
• k8s.io/cri-api v0.26.2 -> v0.30.0-alpha.3
• k8s.io/klog/v2 v2.90.1 -> v2.120.1
• k8s.io/kubelet v0.29.2 new
• k8s.io/utils a5ecb0141aa5 -> 3b25d923346b
• sigs.k8s.io/json f223a00ba0e2 -> bc3834ca7abd
• sigs.k8s.io/structured-merge-diff/v4 v4.2.3 -> v4.4.1
• tags.cncf.io/container-device-interface v0.6.2 new
• tags.cncf.io/container-device-interface/specs-go v0.6.0 new

Previous release can be found at v1.7.0

Which file should I download?

• containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
• containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install runc and CNI plugins from their official sites too.

See also the Getting Started documentation.

Welcome to the v1.7.14 release of containerd!

The fourteenth patch release for containerd 1.7 contains various fixes and updates.

Highlights

• Update builds to use go 1.21.8 (#9933)
• Fix various timing issues with docker pusher (#9921)
• Register imagePullThroughput and count with MiB (#9855)
• Move high volume event logs to Trace level (#9823)

Container Runtime Interface (CRI)

• Handle pod transition states gracefully while listing pod stats (#9905)

Runtime

• Update runc-shim to process exec exits before init (#9928)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Wei Fu
• Derek McGowan
• Maksym Pavlenko
• Krisztian Litkey
• Akihiro Suda
• Justin Chadwell
• Sebastiaan van Stijn
• Phil Estes
• Kirtana Ashok
• Akhil Mohan
• Austin Vazquez
• Etienne Champetier
• Jordan Liggitt
• Kohei Tokunaga
• Mike Brown
• Samuel Karp
• Davanum Srinivas
• Edgar Lee
• Henry Wang
• James Sturtevant
• Laura Brehm
• Nashwan Azhari
• Robbie Buxton
• Robert-André Mauchin
• Shukui Yang

Changes

70 commits

• Prepare release notes for v1.7.14 (#9953)
  • 1babe6b58 Prepare release notes for v1.7.14
• Backport use Go toolchain in CI matrix to build binaries (#9951)
  • a9bbbefcf Use the Go toolchain in CI matrix to build binaries
• Update builds to use go 1.21.8 (#9933)
  • 1ca9a643a update to go 1.21.8, 1.22.1
• Move inline PS scripts into files (#9938)
  • 39caf532e Move inline PS scripts into files
• Disable OOM set score unpriv test temporarily (#9944)
  • 630226bb4 Disable OOM set score unpriv test temporarily
• Update runc-shim to process exec exits before init (#9928)
  • de7b6bae9 runc-shim: process exec exits before init
• update to go 1.21.6, test 1.22.0 (#9860)
  • 3b3e537ea Uninstall mingw before attempting upgrade
  • 9e24388b2 CI: Explicitly upgrade MinGW on Windows 2019 GitHub runners.
  • 5b23a4127 seccomp, apparmor: add go:noinline
  • 753422ac1 Drop go 1.20 and build against 1.22
  • a2d64218c Fix windows integration tests
  • 6379dd6f4 Update workflow files to install Go via composite action
  • a5c0d061c Extract a composite action to install Go
• Fix various timing issues with docker pusher (#9921)
  • 52a1402df copy: prevent potential deadlock if close before fully written
  • 872746386 copy: setError should imply Close
  • a8004007a copy: remove max number of ErrResets
  • 0465472ed pushWriter: refactor reset pipe logic into separate function
  • 2577207cc copy: improve error detection from closed pipes
  • d081da86b copy: check if writer was closed before setting a pipe
  • 2a25c085b copy: remove wrapping io.NopCloser from push writer pipe
• Register imagePullThroughput and count with MiB (#9855)
  • 711cebd48 Register imagePullThroughput and count with MiB
• Update golangci-lint to v1.56.1 (#9900)
  • 926ceb036 fix golangci-lint errors
  • 4030ae235 Update golangci-lint to v1.56.1
  • 6620d6bfd ci: bump up golangci-lint to v1.55.2
  • b16ca72b2 Bump up golangci-lint to v1.54.2
• Handle pod transition states gracefully while listing pod stats (#9905)
  • 39db3f18b adjust test cases to run for windows
  • 579d8b463 [cri] Handle Windows pod transitions gracefully
• Backport GitHub actions package updates (#9876)
  • 8d6f0f2ae build(deps): bump golangci/golangci-lint-action from 3 to 4
  • 7929592b9 build(deps): bump actions/upload-artifact from 3 to 4
  • e11de777d build(deps): bump crazy-max/ghaction-github-runtime from 2 to 3
  • 2b40a4074 build(deps): bump actions/checkout from 3 to 4
  • 22feefa57 build(deps): bump actions/setup-go from 3 to 5
  • b96aa4012 build(deps): bump actions/upload-artifact from 1 to 3
  • 97763f91d build(deps): bump docker/setup-buildx-action from 2 to 3
  • 6875bb14f build(deps): bump github/codeql-action from 2 to 3
  • 87f9adb6b build(deps): bump actions/download-artifact from 3 to 4
• .github: windows should use fix critool version (#9874)
  • d9c099a9a .github: windows should use fix critool version
• ci: update crun version to 1.14.3 (#9850)
  • dc594b01d ci: update crun version to 1.14.3
• Add WithMetaStore to overlay snapshotter and missing unpacker.Wait for image import (#9837)
  • 8fe0b26f1 Add missing unpacker.Wait for image import
  • 31ea2d7d9 Add WithMetaStore to overlay snapshotter to allow bringing your own
• Move high volume event logs to Trace level (#9823)
  • 982e0cffb Move high volume event logs to Trace level
• cri: propagate deprecation list to runtime status (#9818)
  • c79ffa277 cri: propagate deprecation list to runtime status
• ctr: print deprecation warnings on every invocation (#9820)
  • eaebe23de ctr: print deprecation warnings on every invocation
• bug fix: make sure cri image is pinned when it is pulled outside cri (#9784)
  • 26c057423 bug fix: make sure cri image is pinned when it is pulled outside cri
• go.{mod,sum}: update NRI dependency, fixing a potential fd double close error. (#9783)
  • d3e997556 go.{mod,sum}: update NRI dependency, re-vendor.
• Add option to perform syncfs after pull (#9769)
  • ea0a92ec3 *: introduce image_pull_with_sync_fs in CRI
  • 4caf44032 api: introduce sync_fs to diff.ApplyRequest
• Move certain debug logs to trace logs (#9761)
  • 3f75af7bf Move certain debug logs to trace logs

Changes from containerd/nri

23 commits

• socketpair_windows: remove implementation for now (containerd/nri#69)
  • e47f09b socketpair_windows: remove implementation for now
• adaptation, stub: allow extra ttrpc client and server options. (containerd/nri#67)
  • 45b9e3f plugins: update dependencies.
  • f600cf6 go.{mod,sum}: update dependencies.
  • 13ee978 pkg/stub: add support for extra ttrpc options.
  • c4e2f81 pkg/adaptation: add support for extra ttrpc options.
• socketpair_unix: avoid double close(), set FD_CLOEXEC (containerd/nri#66)
  • 5d0b52b sockerpair_unix: avoid double close(), set FD_CLOEXEC
• Task: fix typo in godoc (containerd/nri#61)
  • ae7840b Task: fix typo in godoc
• Take pkg/hooks from github.com/containers/common (carry 46) (containerd/nri#55)
  • b4ac58c Take pkg/hooks from github.com/containers/common
• gha: remove GOPATH and workingdir, update actions/setup-go@v4, actions/checkout@v4 (containerd/nri#53)
  • ee96969 gha: update actions/checkout@v4
  • 7b33fbf gha: update actions/setup-go@v4
  • e33ac3e gha: remove working-dir and GOPATH
• remove containerd as dependency (containerd/nri#51)
  • da8a7e5 remove containerd as dependency
• make plugins/ulimit-adjuster a separate module (containerd/nri#54)
  • 934815e make plugins/ulimit-adjuster a separate module
• scripts: fix protobuf URL on arm64 (containerd/nri#52)
  • 9b43daa scripts: fix protobuf URL on arm64

Changes from containerd/ttrpc

21 commits

• Fix streaming with empty payloads (containerd/ttrpc#157)
  • 44ca009 Add comment
  • 6615f15 Fix linter
  • dea99e9 Fix handling of empty payloads
  • 336fc1b Add integration test to reproduce issue with empty payloads
• Bump google.golang.org/grpc from 1.57.0 to 1.57.1 (containerd/ttrpc#156)
  • 1e51c46 Bump google.golang.org/grpc from 1.57.0 to 1.57.1
• Bump golang.org/x/net from 0.10.0 to 0.17.0 (containerd/ttrpc#155)
  • bea960d Bump golang.org/x/net from 0.10.0 to 0.17.0
• Implement support for unary interceptor chaining. (containerd/ttrpc#152)
  • 40f227d server: implement UnaryServerInterceptor chaining.
  • f984c9b client: implement UnaryClientInterceptor chaining.
• Fix grammar in comment for UserOnCloseWait. (containerd/ttrpc#153)
  • 8ca4110 Fix comment for UserOnCloseWait.
• Bump genproto dependency (containerd/ttrpc#154)
  • a2fbc14 go.mod: google.golang.org/genproto/googleapis/rpc v0.0.0-20230731190214-cbb8c96f2d6d
  • cf2b85d go.mod: bump to supported go version
• server_test: wait for OnClose in TestClientEOF. (containerd/ttrpc#150)
  • e0cd801 server_test: wait for OnClose in TestClientEOF.
• .github: give more slack for build+tests. (containerd/ttrpc#151)
  • 8d47846 .github: give more slack for build+tests.

Dependency Changes

• github.com/containerd/nri v0.4.0 -> v0.6.0
• github.com/containerd/ttrpc v1.2.2 -> v1.2.3
• google.golang.org/genproto/googleapis/rpc 782d3b101e98 -> cbb8c96f2d6d

Previous release can be found at v1.7.13

Welcome to the v1.6.30 release of containerd!

The thirtieth patch release for containerd 1.6 contains various fixes and updates as well as a build fix which prevented the v1.6.29 tag from being released.

Highlights

• Update builds to go 1.21.8 (#9945)
• Fix config import relative path glob (#9835)
• Move high volume event logs to Trace level (#9824)
• Move certain debug logs to trace logs (#9762)

Container Runtime Interface (CRI)

• Add timeout to drain exec io (#9768)
• Propagate deprecation list to runtime status (#9819)
• Fix image pinning when image is not pulled through cri (#9785)

Runtime

• Update runc-shim to process exec exits before init (#9927)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda
• Derek McGowan
• Wei Fu
• Maksym Pavlenko
• Phil Estes
• Kirtana Ashok
• Mike Brown
• Akhil Mohan
• Angelos Kolaitis
• Austin Vazquez
• Henry Wang
• Laura Brehm
• Nashwan Azhari
• Sebastiaan van Stijn
• Tony Fang

Changes

59 commits

• Prepare v1.6.30 (#9952)
  • 8268fc6e9 Prepare release notes for v1.6.30
  • 614ca2e12 Revert go version environment removal
• Prepare release notes for v1.6.29 (#9950)
  • 9ef6d9d03 Add release notes for v1.6.29.toml
• use a composite action to install Go (#9949)
  • cfbbb510c Use the Go toolchain in CI matrix to build binaries
  • f015dbc5a use composite action in ci workflow
• Update builds to go 1.21.8 (#9945)
  • ccf3eb6a2 update to go 1.21.8, 1.22.1
• Backport easy go install and update go (#9890)
  • f6475ea59 Drop go 1.20 and build against 1.22
  • 7c45ad092 Extract a composite action to install Go
  • 4f7305414 update to go1.21.6, go1.20.13
  • da5a36c37 Use testify
  • afe6efee3 Revert container_stats_test.go change which caused Windows CRI integration test failure
  • 370ef115f container_stats_test.go: avoid checking snapshot size
  • 935720b8c Move inline PS scripts into files
  • 74bae5af8 Uninstall mingw before attempting upgrade
  • 9b9500bb0 CI: Explicitly upgrade MinGW on Windows 2019 GitHub runners.
  • 4814f9e48 seccomp, apparmor: add go:noinline
• Disable OOM set score unpriv test temporarily (#9943)
  • c7c8ce6bc Disable OOM set score unpriv test temporarily
• Update runc-shim to process exec exits before init (#9927)
  • 65915f0a2 runc-shim: process exec exits before init
• Backport GitHub actions package updates (#9877)
  • e552c8898 build(deps): bump golangci/golangci-lint-action from 3 to 4
  • 888ae152c build(deps): bump actions/cache from 3 to 4
  • dd913a0de build(deps): bump actions/upload-artifact from 3 to 4
  • a250c101a build(deps): bump actions/download-artifact from 3 to 4
  • 7c8fd2255 build(deps): bump github/codeql-action from 2 to 3
  • f325e559e build(deps): bump docker/setup-buildx-action from 2 to 3
  • 1bae160de build(deps): bump crazy-max/ghaction-github-runtime from 2 to 3
  • 3c81dc13b build(deps): bump actions/upload-artifact from 1 to 3
  • 9b3b80eea build(deps): bump actions/setup-go from 3 to 5
  • 6b74818d8 build(deps): bump actions/checkout from 3 to 4
• Fix config import relative path glob (#9835)
  • 0f2068a70 Fix config import relative path glob
• ci: update crun version to 1.14.3 (#9851)
  • 89d00db95 ci: update crun version to 1.14.3
• Add timeout to drain exec io (#9768)
  • aac488730 *: fix code style issue
  • 2a38c7e2e cri: add config ut for invalid drain io timeout value
  • ce213431f integration: add testcase to drain exec IO in time
  • b5d52efca cri: disable drain-exec-IO if it is empty timeout
  • 85bed5863 *: update drainExecSyncIO docs and validate the timeout
  • 0438e477c *: add DrainExecSyncIOTimeout config and disable as by default
  • fb262317c *: fix typo and skip exec-io-drain-testcase in win
  • f50c9922b pkg/cri/server: add timeout to drain exec io
• Move high volume event logs to Trace level (#9824)
  • 99fa35e70 Move high volume event logs to Trace level
• Propagate deprecation list to runtime status (#9819)
  • 3785deac4 cri: propagate deprecation list to runtime status
• ctr: print deprecation warnings on every invocation (#9821)
  • b7a0b1b8e ctr: print deprecation warnings on every invocation
• Fix image pinning when image is not pulled through cri (#9785)
  • 2d43994fb bug fix: make sure cri image is pinned when it is pulled outside cri
• Move certain debug logs to trace logs (#9762)
  • 195ef7691 Move certain debug logs to trace logs

Dependency Changes

This release has no dependency changes

Previous release can be found at v1.6.28

Welcome to the v1.7.13 release of containerd!

The thirteenth patch release for containerd 1.7 updates the runc binary in the release builds to address CVE-2024-21626

Notable Updates

• Update runc binary to v1.1.12 (GHSA-xr7r-f8xq-vfvv)
• Update seccomp profile for new syscalls added since Linux 5.16 (#9693)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Akihiro Suda
• Evan Lezar
• Paweł Gronowski
• Phil Estes
• Wei Fu

Changes

9 commits

• Prepare v1.7.13 and update runc to v1.1.12 (#9724)
  • b97e611b9 Prepare release notes for v1.7.13
  • 2e7fa14db Update runc binary to v1.1.12
• [release/1.7] seccomp: kernel 6.7 (#9693)
  • 1bed37871 seccomp: kernel 6.7
• [release/1.7] Update container-device-interface to v0.6.2 (#9685)
  • 14628d4aa Update container-device-interface to v0.6.2
• [release/1.7] content: Add InfoReaderProvider (#9658)
  • 836477930 content: Add InfoReaderProvider

Dependency Changes

• tags.cncf.io/container-device-interface v0.6.2 new
• tags.cncf.io/container-device-interface/specs-go v0.6.0 new

Previous release can be found at v1.7.12

Welcome to the v1.6.28 release of containerd!

The twenty-eighth patch release for containerd 1.6 updates the runc binary in the release builds to address CVE-2024-21626

Notable Updates

• Update runc binary to v1.1.12 (GHSA-xr7r-f8xq-vfvv)
• Update seccomp profile for new syscalls added since Linux 5.16 (#9694)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Andrey Epifanov
• Derek McGowan
• Akihiro Suda
• Maksym Pavlenko
• Phil Estes
• Shengjing Zhu
• Wei Fu

Changes

13 commits

• Prepare v1.6.28 and update runc to v1.1.12 (#9723)
• 570c7c637 Prepare release notes for v1.6.28
• b20b9f86b Update runc binary to v1.1.12
• [release/1.6] upgrade OpenTelemetry to v1.21.0 / v0.46.0 (CVE-2023-47108) etc. (#9707)
  • 19500722a [release/1.6] vendor: golang.org/x/crypto v0.18.0
  • 919928f6b [release/1.6] vendor: golang.org/x/term v0.16.0
  • 7d6a4d23b [release/1.6] vendor: golang.org/x/sys v0.16.0
  • 16ac018ae [release/1.6] vendor: upgrade OpenTelemetry to v1.21.0 / v0.46.0
• [release/1.6] seccomp: kernel 6.7 (#9694)
  • f44628305 seccomp: kernel 6.7
• [release/1.6] carry #9557 - enable ARM CI (#9636)
  • 65e1656f2 cri: fix integration test on cgroupsv2 system
  • 9cf1e1a39 *: enable ARM64 runner

Dependency Changes

• github.com/go-logr/logr v1.2.2 -> v1.3.0
• github.com/google/go-cmp v0.5.9 -> v0.6.0
• github.com/google/uuid v1.3.0 -> v1.3.1
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0 -> v0.46.0
• go.opentelemetry.io/otel v1.3.0 -> v1.21.0
• go.opentelemetry.io/otel/metric v1.21.0 new
• go.opentelemetry.io/otel/sdk v1.3.0 -> v1.21.0
• go.opentelemetry.io/otel/trace v1.3.0 -> v1.21.0
• golang.org/x/crypto v0.14.0 -> v0.18.0
• golang.org/x/net v0.17.0 -> v0.18.0
• golang.org/x/oauth2 v0.10.0 -> v0.11.0
• golang.org/x/sys v0.13.0 -> v0.16.0
• golang.org/x/term v0.13.0 -> v0.16.0
• golang.org/x/text v0.13.0 -> v0.14.0
• google.golang.org/grpc v1.58.3 -> v1.59.0

Previous release can be found at v1.6.27

Welcome to the v2.0.0-beta.2 release of containerd! This is a pre-release of containerd

The first major release of containerd 2.x focuses on the continued stability of containerd's core feature set with an easy upgrade from containerd 1.x. This release includes the stabilization of new features added in the last 1.x release as well as the removal of features which were deprecated in 1.x. The goal is to support the vast community of containerd users well into the future along with their ever increasing deployment footprints and variety of use cases.

Highlights

• Add PluginInfo to introspection API (#9442)
• Remove overlayfs volatile option on temp mounts (#9555)
• Move packages based on contributing guide (#9365)
• Update import and export to allow references to missing content (#9554)
• Add option to perform syncfs after pull (#9401)
• Update RuntimeDefault seccomp profile to disallow io_uring related syscalls (#9320)
• Expose usage of deprecated features (#9258)
• Switch runc shim to task service v3 and fix restore (#9233)
• Use Intel ISA-L's igzip if available (#9200)
• Generalize plugin library (#9214)
• Introduce top level config migration (#9223)
• Add image delete target (#8989)
• Remove LimitNOFILE from containerd.service (#8924)
• Use github.com/containerd/log (#9086)
• Add support for image expiration during garbage collection (#9022)
• Reduce the contention between ref lock and boltdb lock in content store (#8792)
• Remove the CriuPath field from runc's options (#8279)
• Remove support for config.toml version = 1 (#8275)
• Remove "containerd.io/restart.logpath" label (#8264)
• Remove aufs snapshotter (#8263)

Container Runtime Interface (CRI)

• Enable CDI by default (#9621)
• Remove non-sandboxed CRI implementation (#9228)
• Add image verifier transfer service plugin system based on a binary directory (#8493)
• Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) (#8287)
• Use sandboxed CRI by default (#8994)
• Implement RuntimeConfig CRI call (#8722)
• Add support for user namespaces (KEP-127) (#8803)
• Remove CRI v1alpha2 (#8276)

Runtime

• Add sandboxer configuration and move sandbox controllers to plugins (#8268)
• Remove io.containerd.runtime.v1.linux and io.containerd.runc.v1 (#8262)

Security Advisories

• [medium] RAPL accessible to a container GHSA-7ww5-4wqc-m92c

Breaking

• Update RuntimeDefault seccomp profile to disallow io_uring related syscalls (#9320)
• Move client to subpackage (#9316)
• Remove LimitNOFILE from containerd.service (#8924)
• Remove CRI v1alpha2 (#8276)
• Remove io.containerd.runtime.v1.linux and io.containerd.runc.v1 (#8262)
• Remove "containerd.io/restart.logpath" label (#8264)
• Remove aufs snapshotter (#8263)

Deprecations

• Deprecate go-plugin configuration option (#9238)
• CNI conf_template in CRI is no longer deprecated (#8637)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Akihiro Suda
• Wei Fu
• Phil Estes
• Sebastiaan van Stijn
• Samuel Karp
• Maksym Pavlenko
• Kazuyoshi Kato
• Rodrigo Campos
• Danny Canter
• Gabriel Adrian Samfira
• Iceber Gu
• Abel Feng
• Akhil Mohan
• Jin Dong
• Bjorn Neergaard
• Kirtana Ashok
• Kohei Tokunaga
• Austin Vazquez
• rongfu.leng
• Mike Brown
• Paul "TBBle" Hampson
• Krisztian Litkey
• James Sturtevant
• Enrico Weigelt
• Paweł Gronowski
• Ilya Hanov
• Marat Radchenko
• Cardy.Tang
• Hsing-Yu (David) Chen
• Justin Chadwell
• Brian Goff
• Bryant Biggs
• Davanum Srinivas
• Henry Wang
• Kay Yan
• Laura Brehm
• Markus Lehtonen
• Nashwan Azhari
• Shingo Omura
• Vinayak Goyal
• helen
• Aditi Sharma
• Charity Kathure
• Ed Bartosh
• Evan Lezar
• James Jenkins
• Milas Bowman
• yanggang
• Aditya Ramani
• Amit Barve
• Artem Khramov
• Brad Davidson
• Chen Yiyang
• Cory Snider
• Djordje Lukic
• Ethan Lowman
• Jiang Liu
• Jordan Liggitt
• June Rhodes
• Mahamed Ali
• Michael Crosby
• Peteris Rudzusiks
• Sam Edwards
• Samruddhi Khandale
• Shuaiyi Zhang
• Steve Griffith
• VERNOU Cédric
• hang.jiang
• jerryzhuang
• lengrongfu
• Aaron Lehmann
• Alex Couture-Beil
• Alex Ellis
• Alex Rodriguez
• Alexandru Matei
• Amir M. Ghazanfari
• Anthony Nandaa
• Antonio Huete Jimenez
• Avi Deitcher
• Ben Foster
• Bin Xin
• BinBin He
• Brennan Kinney
• Craig Ingram
• Daisy Rong
• Edgar Lee
• Eng Zer Jun
• Etienne Champetier
• Fahed Dorgaa
• Gary McDonald
• Iain Macdonald
• James Lakin
• Jan Dubois
• Jaroslav Jindrak
• Jiongchi Yu
• Kern Walster
• Kevin Parsons
• Konstantin Khlebnikov
• Maksim An
• Pan Yibo
• Qasim Sarfraz
• Qiutong Song
• Robbie Buxton
• Robert-André Mauchin
• Shukui Yang
• Tianon Gravi
• Tony Fang
• Tõnis Tiigi
• Wang Xinwen
• William Chen
• Yibo Zhuang
• Yury Gargay
• charles-chenzz
• chschumacher1994
• guangli.bao
• krglosse
• ningmingxiao
• pigletfly
• rokkiter
• roman-kiselenko
• roman-kiselenko
• wangxiang
• zhangpeng
• zhaojizhuang
• zounengren
• 吴小白
• 张钰
• 沈陵

Dependency Changes

• cloud.google.com/go/compute/metadata v0.2.3 new
• dario.cat/mergo v1.0.0 new
• github.com/AdaLogics/go-fuzz-headers 1f10f66a31bf -> ced1acdcaa24
• github.com/AdamKorcz/go-118-fuzz-build 5330a85ea652 -> 8075edf89bb0
• github.com/Microsoft/go-winio v0.6.0 -> v0.6.1
• github.com/Microsoft/hcsshim v0.10.0-rc.7 -> v0.12.0-rc.2
• github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
• github.com/cilium/ebpf v0.9.1 -> v0.11.0
• github.com/containerd/cgroups/v3 v3.0.1 -> v3.0.3
• github.com/containerd/continuity v0.3.0 -> v0.4.3
• github.com/containerd/errdefs v0.1.0 new
• github.com/containerd/go-runc v1.0.0 -> v1.1.0
• github.com/containerd/log v0.1.0 new
• github.com/containerd/nri v0.3.0 -> v0.5.0
• github.com/containerd/platforms v0.1.1 new
• github.com/containerd/plugin 7ec69893e1e7 new
• github.com/containerd/ttrpc v1.2.1 -> v1.2.2
• github.com/containerd/typeurl/v2 v2.1.0 -> v2.1.1
• github.com/containernetworking/plugins v1.2.0 -> v1.4.0
• github.com/distribution/reference v0.5.0 new
• github.com/emicklei/go-restful/v3 v3.10.1 -> v3.10.2
• github.com/felixge/httpsnoop v1.0.3 new
• github.com/fsnotify/fsnotify v1.6.0 -> v1.7.0
• github.com/go-logr/logr v1.2.3 -> v1.4.1
• github.com/golang/protobuf v1.5.2 -> v1.5.3
• github.com/google/go-cmp v0.5.9 -> v0.6.0
• github.com/google/uuid v1.3.0 -> v1.5.0
• github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 -> v1.4.0
• github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 -> v2.16.2
• github.com/intel/goresctrl v0.3.0 -> v0.6.0
• github.com/klauspost/compress v1.16.0 -> v1.17.4
• github.com/klauspost/cpuid/v2 v2.0.4 -> v2.2.5
• github.com/minio/sha256-simd v1.0.0 -> v1.0.1
• github.com/moby/sys/mountinfo v0.6.2 -> v0.7.1
• github.com/moby/sys/user v0.1.0 new
• github.com/opencontainers/image-spec 3a7f492d3f1b -> v1.1.0-rc5
• github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> 4fec88fd00a4
• github.com/opencontainers/runtime-tools 946c877fa809 -> 2e043c6bd626
• github.com/pelletier/go-toml/v2 v2.1.1 new
• github.com/prometheus/client_golang v1.14.0 -> v1.17.0
• github.com/prometheus/client_model v0.3.0 -> 9a2bf3000d16
• github.com/prometheus/common v0.37.0 -> v0.44.0
• github.com/prometheus/procfs v0.8.0 -> v0.11.1
• github.com/sirupsen/logrus v1.9.0 -> v1.9.3
• github.com/stretchr/testify v1.8.2 -> v1.8.4
• github.com/urfave/cli v1.22.12 -> v1.22.14
• github.com/vishvananda/netns 2eb08e3e575f -> v0.0.4
• go.etcd.io/bbolt v1.3.7 -> v1.3.8
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.40.0 -> v0.46.1
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 new
• go.opentelemetry.io/otel v1.14.0 -> v1.21.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0 -> v1.19.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0 -> v1.19.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.14.0 -> v1.19.0
• go.opentelemetry.io/otel/metric v0.37.0 -> v1.21.0
• go.opentelemetry.io/otel/sdk v1.14.0 -> v1.21.0
• go.opentelemetry.io/otel/trace v1.14.0 -> v1.21.0
• go.opentelemetry.io/proto/otlp v0.19.0 -> v1.0.0
• golang.org/x/exp aacd6d4b4611 new
• golang.org/x/mod v0.7.0 -> v0.14.0
• golang.org/x/net v0.7.0 -> v0.19.0
• golang.org/x/oauth2 v0.4.0 -> v0.13.0
• golang.org/x/sync v0.1.0 -> v0.6.0
• golang.org/x/sys v0.6.0 -> v0.16.0
• golang.org/x/term v0.5.0 -> v0.15.0
• golang.org/x/text v0.7.0 -> v0.14.0
• golang.org/x/time 90d013bbcef8 -> v0.3.0
• golang.org/x/tools v0.5.0 -> v0.16.0
• google.golang.org/appengine v1.6.7 -> v1.6.8
• google.golang.org/genproto/googleapis/api d307bd883b97 new
• google.golang.org/genproto/googleapis/rpc 995d672761c0 new
• google.golang.org/grpc v1.53.0 -> v1.60.1
• google.golang.org/protobuf v1.28.1 -> v1.32.0
• k8s.io/api v0.26.2 -> v0.28.4
• k8s.io/apimachinery v0.26.2 -> v0.28.4
• k8s.io/apiserver v0.26.2 -> v0.28.2
• k8s.io/client-go v0.26.2 -> v0.28.4
• k8s.io/component-base v0.26.2 -> v0.28.4
• k8s.io/cri-api v0.26.2 -> v0.28.2
• k8s.io/klog/v2 v2.90.1 -> v2.100.1
• k8s.io/kubelet v0.28.2 new
• k8s.io/utils a5ecb0141aa5 -> d93618cff8a2
• sigs.k8s.io/json f223a00ba0e2 -> bc3834ca7abd
• tags.cncf.io/container-device-interface v0.6.2 new
• tags.cncf.io/container-device-interface/specs-go v0.6.0 new

Previous release can be found at v1.7.0

Which file should I download?

• containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
• containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install runc and CNI plugins from their official sites too.

See also the Getting Started documentation.

Welcome to the v2.0.0-beta.1 release of containerd! This is a pre-release of containerd

The first major release of containerd 2.x focuses on the continued stability of containerd's core feature set with an easy upgrade from containerd 1.x. This release includes the stabilization of new features added in the last 1.x release as well as the removal of features which were deprecated in 1.x. The goal is to support the vast community of containerd users well into the future along with their ever increasing deployment footprints and variety of use cases.

Highlights

• Move packages based on contributing guide (#9365)
• Update import and export to allow references to missing content (#9554)
• *: enable ARM64 runner (#9456)
• Update RuntimeDefault seccomp profile to disallow io_uring related syscalls (#9320)
• Expose usage of deprecated features (#9258)
• Switch runc shim to task service v3 and fix restore (#9233)
• Use Intel ISA-L's igzip if available (#9200)
• Generalize plugin library (#9214)
• Introduce top level config migration (#9223)
• Add image delete target (#8989)
• Use github.com/containerd/log (#9086)
• Add support for image expiration during garbage collection (#9022)
• Reduce the contention between ref lock and boltdb lock in content store (#8792)
• Remove the CriuPath field from runc's options (#8279)
• Remove support for config.toml version = 1 (#8275)
• Remove "containerd.io/restart.logpath" label (#8264)
• Remove aufs snapshotter (#8263)

Container Runtime Interface (CRI)

• Enable CDI by default (#9621)
• Remove non-sandboxed CRI implementation (#9228)
• Add image verifier transfer service plugin system based on a binary directory (#8493)
• Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) (#8287)
• Use sandboxed CRI by default (#8994)
• Implement RuntimeConfig CRI call (#8722)
• Add support for user namespaces (KEP-127) (#8803)
• Remove CRI v1alpha2 (#8276)

Runtime

• Add sandboxer configuration and move sandbox controllers to plugins (#8268)
• Remove io.containerd.runtime.v1.linux and io.containerd.runc.v1 (#8262)

Security Advisories

• [medium] RAPL accessible to a container GHSA-7ww5-4wqc-m92c

Breaking

• Update RuntimeDefault seccomp profile to disallow io_uring related syscalls (#9320)
• Move client to subpackage (#9316)
• Remove CRI v1alpha2 (#8276)
• Remove io.containerd.runtime.v1.linux and io.containerd.runc.v1 (#8262)
• Remove "containerd.io/restart.logpath" label (#8264)
• Remove aufs snapshotter (#8263)

Deprecations

• Deprecate go-plugin configuration option (#9238)
• CNI conf_template in CRI is no longer deprecated (#8637)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Akihiro Suda
• Wei Fu
• Phil Estes
• Sebastiaan van Stijn
• Samuel Karp
• Maksym Pavlenko
• Kazuyoshi Kato
• Rodrigo Campos
• dependabot[bot]
• Danny Canter
• Gabriel Adrian Samfira
• Iceber Gu
• Abel Feng
• Jin Dong
• Bjorn Neergaard
• Kirtana Ashok
• Kohei Tokunaga
• Austin Vazquez
• rongfu.leng
• Akhil Mohan
• Mike Brown
• Paul "TBBle" Hampson
• Krisztian Litkey
• Enrico Weigelt
• James Sturtevant
• Paweł Gronowski
• Ilya Hanov
• Marat Radchenko
• Cardy.Tang
• Hsing-Yu (David) Chen
• Justin Chadwell
• Brian Goff
• Bryant Biggs
• Davanum Srinivas
• Henry Wang
• Kay Yan
• Laura Brehm
• Markus Lehtonen
• Nashwan Azhari
• Shingo Omura
• Vinayak Goyal
• helen
• Aditi Sharma
• Charity Kathure
• Ed Bartosh
• James Jenkins
• Milas Bowman
• Aditya Ramani
• Amit Barve
• Artem Khramov
• Brad Davidson
• Chen Yiyang
• Cory Snider
• Djordje Lukic
• Ethan Lowman
• Jiang Liu
• Jordan Liggitt
• June Rhodes
• Mahamed Ali
• Michael Crosby
• Peteris Rudzusiks
• Sam Edwards
• Samruddhi Khandale
• Shuaiyi Zhang
• Steve Griffith
• VERNOU Cédric
• hang.jiang
• jerryzhuang
• lengrongfu
• Aaron Lehmann
• Alex Couture-Beil
• Alex Ellis
• Alex Rodriguez
• Alexandru Matei
• Amir M. Ghazanfari
• Anthony Nandaa
• Antonio Huete Jimenez
• Avi Deitcher
• Ben Foster
• Bin Xin
• BinBin He
• Brennan Kinney
• Craig Ingram
• Daisy Rong
• Edgar Lee
• Eng Zer Jun
• Etienne Champetier
• Evan Lezar
• Fahed Dorgaa
• Gary McDonald
• Iceber Gu
• James Lakin
• Jan Dubois
• Jaroslav Jindrak
• Jiongchi Yu
• Kern Walster
• Kevin Parsons
• Konstantin Khlebnikov
• Maksim An
• Pan Yibo
• Qasim Sarfraz
• Qiutong Song
• Robbie Buxton
• Robert-André Mauchin
• Shukui Yang
• Tianon Gravi
• Tony Fang
• Tõnis Tiigi
• Wang Xinwen
• William Chen
• Yibo Zhuang
• charles-chenzz
• chschumacher1994
• guangli.bao
• ningmingxiao
• pigletfly
• rokkiter
• roman-kiselenko
• wangxiang
• zhangpeng
• zhaojizhuang
• zounengren
• 吴小白
• 沈陵

Dependency Changes

• cloud.google.com/go/compute/metadata v0.2.3 new
• dario.cat/mergo v1.0.0 new
• github.com/AdaLogics/go-fuzz-headers 1f10f66a31bf -> ced1acdcaa24
• github.com/AdamKorcz/go-118-fuzz-build 5330a85ea652 -> 8075edf89bb0
• github.com/Microsoft/go-winio v0.6.0 -> v0.6.1
• github.com/Microsoft/hcsshim v0.10.0-rc.7 -> v0.12.0-rc.2
• github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
• github.com/cilium/ebpf v0.9.1 -> v0.11.0
• github.com/container-orchestrated-devices/container-device-interface v0.5.4 -> v0.6.1
• github.com/containerd/cgroups/v3 v3.0.1 -> v3.0.3
• github.com/containerd/continuity v0.3.0 -> v0.4.3
• github.com/containerd/go-runc v1.0.0 -> v1.1.0
• github.com/containerd/log v0.1.0 new
• github.com/containerd/nri v0.3.0 -> v0.5.0
• github.com/containerd/plugin 7ec69893e1e7 new
• github.com/containerd/ttrpc v1.2.1 -> v1.2.2
• github.com/containerd/typeurl/v2 v2.1.0 -> v2.1.1
• github.com/containernetworking/plugins v1.2.0 -> v1.4.0
• github.com/distribution/reference v0.5.0 new
• github.com/emicklei/go-restful/v3 v3.10.1 -> v3.10.2
• github.com/felixge/httpsnoop v1.0.3 new
• github.com/fsnotify/fsnotify v1.6.0 -> v1.7.0
• github.com/go-logr/logr v1.2.3 -> v1.4.1
• github.com/golang/protobuf v1.5.2 -> v1.5.3
• github.com/google/go-cmp v0.5.9 -> v0.6.0
• github.com/google/uuid v1.3.0 -> v1.5.0
• github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 -> v1.4.0
• github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 -> v2.16.2
• github.com/intel/goresctrl v0.3.0 -> v0.6.0
• github.com/klauspost/compress v1.16.0 -> v1.17.4
• github.com/klauspost/cpuid/v2 v2.0.4 -> v2.2.5
• github.com/minio/sha256-simd v1.0.0 -> v1.0.1
• github.com/moby/sys/mountinfo v0.6.2 -> v0.7.1
• github.com/moby/sys/user v0.1.0 new
• github.com/opencontainers/image-spec 3a7f492d3f1b -> v1.1.0-rc5
• github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> 4fec88fd00a4
• github.com/opencontainers/runtime-tools 946c877fa809 -> 2e043c6bd626
• github.com/pelletier/go-toml/v2 v2.1.1 new
• github.com/prometheus/client_golang v1.14.0 -> v1.17.0
• github.com/prometheus/client_model v0.3.0 -> 9a2bf3000d16
• github.com/prometheus/common v0.37.0 -> v0.44.0
• github.com/prometheus/procfs v0.8.0 -> v0.11.1
• github.com/sirupsen/logrus v1.9.0 -> v1.9.3
• github.com/stretchr/testify v1.8.2 -> v1.8.4
• github.com/urfave/cli v1.22.12 -> v1.22.14
• github.com/vishvananda/netns 2eb08e3e575f -> v0.0.4
• go.etcd.io/bbolt v1.3.7 -> v1.3.8
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.40.0 -> v0.46.1
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 new
• go.opentelemetry.io/otel v1.14.0 -> v1.21.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0 -> v1.19.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0 -> v1.19.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.14.0 -> v1.19.0
• go.opentelemetry.io/otel/metric v0.37.0 -> v1.21.0
• go.opentelemetry.io/otel/sdk v1.14.0 -> v1.21.0
• go.opentelemetry.io/otel/trace v1.14.0 -> v1.21.0
• go.opentelemetry.io/proto/otlp v0.19.0 -> v1.0.0
• golang.org/x/exp aacd6d4b4611 new
• golang.org/x/mod v0.7.0 -> v0.14.0
• golang.org/x/net v0.7.0 -> v0.19.0
• golang.org/x/oauth2 v0.4.0 -> v0.13.0
• golang.org/x/sync v0.1.0 -> v0.6.0
• golang.org/x/sys v0.6.0 -> v0.16.0
• golang.org/x/term v0.5.0 -> v0.15.0
• golang.org/x/text v0.7.0 -> v0.14.0
• golang.org/x/time 90d013bbcef8 -> v0.3.0
• golang.org/x/tools v0.5.0 -> v0.16.0
• google.golang.org/appengine v1.6.7 -> v1.6.8
• google.golang.org/genproto/googleapis/api d307bd883b97 new
• google.golang.org/genproto/googleapis/rpc 995d672761c0 new
• google.golang.org/grpc v1.53.0 -> v1.60.1
• google.golang.org/protobuf v1.28.1 -> v1.32.0
• k8s.io/api v0.26.2 -> v0.28.4
• k8s.io/apimachinery v0.26.2 -> v0.28.4
• k8s.io/apiserver v0.26.2 -> v0.28.2
• k8s.io/client-go v0.26.2 -> v0.28.4
• k8s.io/component-base v0.26.2 -> v0.28.4
• k8s.io/cri-api v0.26.2 -> v0.28.2
• k8s.io/klog/v2 v2.90.1 -> v2.100.1
• k8s.io/kubelet v0.28.2 new
• k8s.io/utils a5ecb0141aa5 -> d93618cff8a2
• sigs.k8s.io/json f223a00ba0e2 -> bc3834ca7abd

Previous release can be found at v1.7.0

Which file should I download?

• containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
• containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install runc and CNI plugins from their official sites too.

See also the Getting Started documentation.

Welcome to the v1.6.27 release of containerd!

The twenty-seventh patch release for containerd 1.6 contains various fixes and updates.

Notable Updates

• Improve /etc/group handling when appending groups (#9543)
• Update runc binary to v1.1.11 (#9597)
• Remove runc import (#9606)
• Update shim pidfile permissions to 0644 (#9613)
• Update Go version to 1.20.13 (#9625)

Deprecation Warnings

• Emit deprecation warning for CRIU config usage (#9448)
• Emit deprecation warning for some CRI configs (#9447)
• Emit deprecation warning for containerd.io/restart.logpath label usage (#9572)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• Akihiro Suda
• Derek McGowan
• Sebastiaan van Stijn
• Djordje Lukic
• Jaroslav Jindrak
• Kay Yan
• Maksym Pavlenko
• Phil Estes
• Wei Fu
• ruiwen-zhao

Changes

26 commits

• [release/1.6] Prepare release notes for v1.6.27 (#9631)
  • d0edecf28 Prepare release notes for v1.6.27
• [release/1.6] update to go1.20.13, test go1.21.6 (#9625)
  • 32a515211 update to go1.20.13, test go1.21.6
• [release/1.6 backport] shim: Create pid-file with 0644 permissions (#9613)
  • 37de14d95 shim: Create pid-file with 0644 permissions
• [release/1.6 backport] remove github.com/opencontainers/runc dependency (#9606)
  • 3938d63de remove github.com/opencontainers/runc dependency
• [release/1.6 backport] update runc binary to v1.1.11 (#9597)
  • 9a9b11f73 update runc binary to v1.1.11
• [release/1.6 backport] go.mod: dario.cat/mergo v1.0.0 (#9570)
  • 6cd8e17ab go.mod: dario.cat/mergo v1.0.0
  • 4f8ff5154 go.mod: github.com/imdario/mergo v0.3.13
• [release/1.6] restart: containerd.io/restart.logpath warning (#9572)
  • d24d263a4 restart: containerd.io/restart.logpath warning
• [release/1.6 backport] WithAppendAdditionalGroups: better /etc/group handling (#9543)
  • 9489c0eb0 WithAppendAdditionalGroups: better /etc/group handling
• [release/1.6] cri: add deprecation warnings for deprecated CRI configs (#9547)
  • 713065793 deprecation: fix missing spaces in warnings
  • de0cc92a7 cri: add deprecation warning for runtime_root
  • 833b94149 cri: add deprecation warning for rutnime_engine
  • 47de3d63d cri: add deprecation warning for default_runtime
  • d421b8fda cri: add warning for untrusted_workload_runtime
  • 802cb64b0 cri: add warning for old form of systemd_cgroup
• [release/1.6] Add warning for CRIU config usage (#9546)
  • f8447466c Add warning for CRIU config usage

Dependency Changes

• dario.cat/mergo v1.0.0 new
• github.com/moby/sys/user v0.1.0 new

Previous release can be found at v1.6.26

Welcome to the v1.7.12 release of containerd!

The twelfth patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

• Fix on dialer function for Windows (#9501)
• Improve /etc/group handling when appending groups (#9544)
• Update shim pidfile permissions to 0644 (#9548)
• Update runc binary to v1.1.11 (#9596)
• Allow import and export to reference missing content (#9600)
• Remove runc import (#9605)
• Update Go version to 1.20.13 (#9624)

Deprecation Warnings

• Emit deprecation warning for containerd.io/restart.logpath label usage (#9567)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Akihiro Suda
• Sebastiaan van Stijn
• Wei Fu
• Derek McGowan
• Paweł Gronowski
• Jaroslav Jindrak
• Maksym Pavlenko
• Samuel Karp
• Anthony Nandaa
• Bjorn Neergaard
• Djordje Lukic
• Kay Yan

Changes

34 commits

• [release/1.7] Prepare release notes for v1.7.12 (#9632)
  • 775d544fe Prepare release notes for v1.7.12
• [release/1.7] update to go1.20.13, test go1.21.6 (#9624)
  • a5dc5b894 update to go1.20.13, test go1.21.6
• [release/1.7] shim: Create pid-file and address with 0644 permissions (#9548)
  • 8d82242eb shim: Create address file with 0644 permissions
  • 260963a35 shim: Create pid-file with 0644 permissions
• [release/1.7 backport] switch back from golang.org/x/sys/execabs to os/exec (go1.19) (#9602)
  • 872af82f5 remove remaining uses of golang.org/x/sys/execabs
  • 2ad2a2e83 switch back from golang.org/x/sys/execabs to os/exec (go1.19)
• [release/1.7] update to CDI v0.6.1, and remove github.com/opencontainers/runc dependency (#9605)
  • 9251072f7 remove github.com/opencontainers/runc dependency
  • 4e67213d4 vendor: github.com/cncf-tags/container-device-interface v0.6.1
  • e0ee0be0d go.mod: github.com/opencontainers/runtime-spec v1.1.0
  • 02be2236a go.mod: github.com/.../container-device-interface v0.6.0
  • 91f953bb4 go.mod: github.com/opencontainers/runtime-spec v1.1.0-rc.2
• [release/1.7 backport] import/export: Support references to missing content (#9600)
  • 6089b05d9 images/Export: Revert signature change
  • 6b4b760c3 integration/import-export: Add WithSkipMissing tests
  • abb3c5ef9 export: Copy distribution source labels to manifest annotations
  • 9609f04f6 import/export: Support references to missing content
  • 42b60d865 images/archive: use mediatype helpers
• [release/1.7 backport] update runc binary to v1.1.11 (#9596)
  • 23516a99c update runc binary to v1.1.11
• [release/1.7 backport] go.mod: dario.cat/mergo v1.0.0 (#9569)
  • 428714e32 go.mod: dario.cat/mergo v1.0.0
• [release/1.7] restart: containerd.io/restart.logpath warning (#9567)
  • 03fed557e restart: containerd.io/restart.logpath warning
• [release 1.7] backport: fix on dialer function for windows (#9501)
  • 68d237392 fix(pkg/dialer): minor fix on dialer function for windows
• [release/1.7] *: enable ARM64 runner (#9502)
  • c63165123 *: enable ARM64 runner
• [release/1.7 backport] WithAppendAdditionalGroups: better /etc/group handling (#9544)
  • 55e570844 WithAppendAdditionalGroups: better /etc/group handling

Dependency Changes

• dario.cat/mergo v1.0.0 new
• github.com/container-orchestrated-devices/container-device-interface v0.5.4 -> v0.6.1
• github.com/moby/sys/user v0.1.0 new
• github.com/opencontainers/runtime-spec v1.1.0-rc.1 -> v1.1.0

Previous release can be found at v1.7.11

Welcome to the v1.7.11 release of containerd!

The eleventh patch release for containerd 1.7 contains various fixes and updates including one security issue.

Notable Updates

• Fix Windows default path overwrite issue (#9440)
• Update push to always inherit distribution sources from parent (#9452)
• Update shim to use net dial for gRPC shim sockets (#9458)
• Fix otel version incompatibility (#9483)
• Fix Windows snapshotter blocking snapshot GC on remove failure (#9482)
• Mask /sys/devices/virtual/powercap path in runtime spec and deny in default apparmor profile (GHSA-7ww5-4wqc-m92c)

Deprecation Warnings

• Emit deprecation warning for AUFS snapshotter (#9436)
• Emit deprecation warning for v1 runtime (#9450)
• Emit deprecation warning for deprecated CRI configs (#9469)
• Emit deprecation warning for CRI v1alpha1 usage (#9479)
• Emit deprecation warning for CRIU config in CRI (#9481)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• Derek McGowan
• Phil Estes
• Bjorn Neergaard
• Danny Canter
• Sebastiaan van Stijn
• ruiwen-zhao
• Akihiro Suda
• Amit Barve
• Charity Kathure
• Maksym Pavlenko
• Milas Bowman
• Paweł Gronowski
• Wei Fu

Changes

39 commits

• [release/1.7] Prepare release notes for v1.7.11 (#9491)
  • dfae68bc3 Prepare release notes for v1.7.11
• [release/1.7] update to go1.20.12, test go1.21.5 (#9352)
  • 0d314401d update to go1.20.12, test go1.21.5
  • 1ec1ae2c6 update to go1.20.11, test go1.21.4
• Github Security Advisory GHSA-7ww5-4wqc-m92c
  • cb804da21 contrib/apparmor: deny /sys/devices/virtual/powercap
  • 40162a576 oci/spec: deny /sys/devices/virtual/powercap
• [release/1.7] Don't block snapshot garbage collection on Remove failures (#9482)
  • ed7c6895b Don't block snapshot garbage collection on Remove failures
• [release/1.7] Add warning for CRIU config usage (#9481)
  • 1fdefdd22 Add warning for CRIU config usage
• [release/1.7] Fix otel version incompatibility (#9483)
  • f8f659e66 Add HTTP client update function to tracing library
  • 807ddd658 fix(tracing): use latest version of semconv
• [release/1.7] Add cri-api v1alpha2 usage warning to all api calls (#9479)
  • dc45bc838 Add cri-api v1alpha2 usage warning to all api calls
• [release/1.7] cri: add deprecation warnings for deprecated CRI configs (#9469)
  • 9d1bad62e deprecation: fix missing spaces in warnings
  • 51a604c07 cri: add deprecation warning for runtime_root
  • 8040e74bf cri: add deprecation warning for rutnime_engine
  • 99adc40eb cri: add deprecation warning for default_runtime
  • afef7ec64 cri: add warning for untrusted_workload_runtime
  • 6220dc190 cri: add warning for old form of systemd_cgroup
• [release/1.7] runtime/v2: net.Dial gRPC shim sockets before trying grpc (#9458)
  • 80f96cd18 runtime/v2: net.Dial gRPC shim sockets before trying grpc
• [release/1.7] tasks: emit warning for v1 runtime and runc v1 runtime (#9450)
  • f471bb2b8 tasks: emit warning for runc v1 runtime
  • 329e1d487 tasks: emit warning for v1 runtime
• [release/1.7] push: always inherit distribution sources from parent (#9452)
  • 4464fde12 push: always inherit distribution sources from parent
• [release/1.7] Update tar tests to run on Darwin (#9451)
  • 7e069ee25 Update tar tests to run on Darwin
• [release/1.7] ctr: Add sandbox flag to ctr run (#9449)
  • 5fc0e4e61 ctr: Add sandbox flag to ctr run
• [release/1.7] Windows default path overwrite fix (#9440)
  • 31fe03764 Fix windows default path overwrite issue
• [release/1.7] snapshots: emit deprecation warning for aufs (#9436)
  • 625b35e4b snapshots: emit deprecation warning for aufs

Dependency Changes

• github.com/felixge/httpsnoop v1.0.3 new
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 new

Previous release can be found at v1.7.10