• CRI-O v1.28.3
  • Downloads
  • Changelog since v1.28.2
    • Changes by Kind
      • Uncategorized
  • Dependencies
    • Added
    • Changed
    • Removed

CRI-O v1.28.3

The release notes have been generated for the commit range v1.28.2...v1.28.3 on Fri, 12 Jan 2024 11:52:53 EST.

Note This release fixes CVE-2023-6476

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

• cri-o.amd64.v1.28.3.tar.gz
  • cri-o.amd64.v1.28.3.tar.gz.sha256sum
  • cri-o.amd64.v1.28.3.tar.gz.sig
  • cri-o.amd64.v1.28.3.tar.gz.cert
  • cri-o.amd64.v1.28.3.tar.gz.spdx
  • cri-o.amd64.v1.28.3.tar.gz.spdx.sig
  • cri-o.amd64.v1.28.3.tar.gz.spdx.cert
• cri-o.arm64.v1.28.3.tar.gz
  • cri-o.arm64.v1.28.3.tar.gz.sha256sum
  • cri-o.arm64.v1.28.3.tar.gz.sig
  • cri-o.arm64.v1.28.3.tar.gz.cert
  • cri-o.arm64.v1.28.3.tar.gz.spdx
  • cri-o.arm64.v1.28.3.tar.gz.spdx.sig
  • cri-o.arm64.v1.28.3.tar.gz.spdx.cert

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.28.3.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.28.3 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.28.3 \
    --signature cri-o.amd64.v1.28.3.tar.gz.sig \
    --certificate cri-o.amd64.v1.28.3.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.28.3.tar.gz
> bom validate -e cri-o.amd64.v1.28.3.tar.gz.spdx -d cri-o

Changelog since v1.28.2

Changes by Kind

Bug or Regression

• Fix CVE-2023-6476, where poorly filtered access to an experimental annotation can allow pods to circumvent resource limits on cgroupsv2. See GHSA-p4rx-7wvg-fwrc for more information. (@haircommander)

Uncategorized

• Add support for cpu load balancing annotation for cgroupv2 (#7539, @openshift-cherrypick-robot)
• Allow the io.kubernetes.cri-o.Devices annotation in the default runtime class, which along with AllowedDevices containing /dev/fuse by default, gives containers in the default runtime class optional access to /dev/fuse (#7535, @openshift-cherrypick-robot)
• Go get github.com/containers/[email protected] (#7498, @hswong3i)

Dependencies

Added

• cloud.google.com/go/dataproc/v2: v2.3.0

Changed

• cloud.google.com/go/accessapproval: v1.7.1 → v1.7.4
• cloud.google.com/go/accesscontextmanager: v1.8.1 → v1.8.4
• cloud.google.com/go/aiplatform: v1.45.0 → v1.54.0
• cloud.google.com/go/analytics: v0.21.2 → v0.21.6
• cloud.google.com/go/apigateway: v1.6.1 → v1.6.4
• cloud.google.com/go/apigeeconnect: v1.6.1 → v1.6.4
• cloud.google.com/go/apigeeregistry: v0.7.1 → v0.8.2
• cloud.google.com/go/appengine: v1.8.1 → v1.8.4
• cloud.google.com/go/area120: v0.8.1 → v0.8.4
• cloud.google.com/go/artifactregistry: v1.14.1 → v1.14.6
• cloud.google.com/go/asset: v1.14.1 → v1.15.3
• cloud.google.com/go/assuredworkloads: v1.11.1 → v1.11.4
• cloud.google.com/go/automl: v1.13.1 → v1.13.4
• cloud.google.com/go/baremetalsolution: v0.5.0 → v1.2.3
• cloud.google.com/go/batch: v0.7.0 → v1.6.3
• cloud.google.com/go/beyondcorp: v0.6.1 → v1.0.3
• cloud.google.com/go/bigquery: v1.52.0 → v1.57.1
• cloud.google.com/go/billing: v1.16.0 → v1.17.4
• cloud.google.com/go/binaryauthorization: v1.6.1 → v1.7.3
• cloud.google.com/go/certificatemanager: v1.7.1 → v1.7.4
• cloud.google.com/go/channel: v1.16.0 → v1.17.3
• cloud.google.com/go/cloudbuild: v1.10.1 → v1.15.0
• cloud.google.com/go/clouddms: v1.6.1 → v1.7.3
• cloud.google.com/go/cloudtasks: v1.11.1 → v1.12.4
• cloud.google.com/go/compute: v1.21.0 → v1.23.3
• cloud.google.com/go/contactcenterinsights: v1.9.1 → v1.12.0
• cloud.google.com/go/container: v1.22.1 → v1.28.0
• cloud.google.com/go/containeranalysis: v0.10.1 → v0.11.3
• cloud.google.com/go/datacatalog: v1.14.1 → v1.19.0
• cloud.google.com/go/dataflow: v0.9.1 → v0.9.4
• cloud.google.com/go/dataform: v0.8.1 → v0.9.1
• cloud.google.com/go/datafusion: v1.7.1 → v1.7.4
• cloud.google.com/go/datalabeling: v0.8.1 → v0.8.4
• cloud.google.com/go/dataplex: v1.8.1 → v1.11.2
• cloud.google.com/go/dataqna: v0.8.1 → v0.8.4
• cloud.google.com/go/datastore: v1.12.1 → v1.15.0
• cloud.google.com/go/datastream: v1.9.1 → v1.10.3
• cloud.google.com/go/deploy: v1.11.0 → v1.15.0
• cloud.google.com/go/dialogflow: v1.38.0 → v1.44.3
• cloud.google.com/go/dlp: v1.10.1 → v1.11.1
• cloud.google.com/go/documentai: v1.20.0 → v1.23.5
• cloud.google.com/go/domains: v0.9.1 → v0.9.4
• cloud.google.com/go/edgecontainer: v1.1.1 → v1.1.4
• cloud.google.com/go/essentialcontacts: v1.6.2 → v1.6.5
• cloud.google.com/go/eventarc: v1.12.1 → v1.13.3
• cloud.google.com/go/filestore: v1.7.1 → v1.8.0
• cloud.google.com/go/firestore: v1.11.0 → v1.14.0
• cloud.google.com/go/functions: v1.15.1 → v1.15.4
• cloud.google.com/go/gkebackup: v0.4.0 → v1.3.4
• cloud.google.com/go/gkeconnect: v0.8.1 → v0.8.4
• cloud.google.com/go/gkehub: v0.14.1 → v0.14.4
• cloud.google.com/go/gkemulticloud: v0.6.1 → v1.0.3
• cloud.google.com/go/gsuiteaddons: v1.6.1 → v1.6.4
• cloud.google.com/go/iam: v1.1.1 → v1.1.5
• cloud.google.com/go/iap: v1.8.1 → v1.9.3
• cloud.google.com/go/ids: v1.4.1 → v1.4.4
• cloud.google.com/go/iot: v1.7.1 → v1.7.4
• cloud.google.com/go/kms: v1.12.1 → v1.15.5
• cloud.google.com/go/language: v1.10.1 → v1.12.2
• cloud.google.com/go/lifesciences: v0.9.1 → v0.9.4
• cloud.google.com/go/logging: v1.7.0 → v1.8.1
• cloud.google.com/go/longrunning: v0.5.1 → v0.5.4
• cloud.google.com/go/managedidentities: v1.6.1 → v1.6.4
• cloud.google.com/go/maps: v0.7.0 → v1.6.1
• cloud.google.com/go/mediatranslation: v0.8.1 → v0.8.4
• cloud.google.com/go/memcache: v1.10.1 → v1.10.4
• cloud.google.com/go/metastore: v1.11.1 → v1.13.3
• cloud.google.com/go/monitoring: v1.15.1 → v1.16.3
• cloud.google.com/go/networkconnectivity: v1.12.1 → v1.14.3
• cloud.google.com/go/networkmanagement: v1.8.0 → v1.9.3
• cloud.google.com/go/networksecurity: v0.9.1 → v0.9.4
• cloud.google.com/go/notebooks: v1.9.1 → v1.11.2
• cloud.google.com/go/optimization: v1.4.1 → v1.6.2
• cloud.google.com/go/orchestration: v1.8.1 → v1.8.4
• cloud.google.com/go/orgpolicy: v1.11.1 → v1.11.4
• cloud.google.com/go/osconfig: v1.12.1 → v1.12.4
• cloud.google.com/go/oslogin: v1.10.1 → v1.12.2
• cloud.google.com/go/phishingprotection: v0.8.1 → v0.8.4
• cloud.google.com/go/policytroubleshooter: v1.7.1 → v1.10.2
• cloud.google.com/go/privatecatalog: v0.9.1 → v0.9.4
• cloud.google.com/go/pubsub: v1.32.0 → v1.33.0
• cloud.google.com/go/recaptchaenterprise/v2: v2.7.2 → v2.8.4
• cloud.google.com/go/recommendationengine: v0.8.1 → v0.8.4
• cloud.google.com/go/recommender: v1.10.1 → v1.11.3
• cloud.google.com/go/redis: v1.13.1 → v1.14.1
• cloud.google.com/go/resourcemanager: v1.9.1 → v1.9.4
• cloud.google.com/go/resourcesettings: v1.6.1 → v1.6.4
• cloud.google.com/go/retail: v1.14.1 → v1.14.4
• cloud.google.com/go/run: v0.9.0 → v1.3.3
• cloud.google.com/go/scheduler: v1.10.1 → v1.10.5
• cloud.google.com/go/secretmanager: v1.11.1 → v1.11.4
• cloud.google.com/go/security: v1.15.1 → v1.15.4
• cloud.google.com/go/securitycenter: v1.23.0 → v1.24.2
• cloud.google.com/go/servicedirectory: v1.10.1 → v1.11.3
• cloud.google.com/go/shell: v1.7.1 → v1.7.4
• cloud.google.com/go/spanner: v1.47.0 → v1.53.0
• cloud.google.com/go/speech: v1.17.1 → v1.21.0
• cloud.google.com/go/storagetransfer: v1.10.0 → v1.10.3
• cloud.google.com/go/talent: v1.6.2 → v1.6.5
• cloud.google.com/go/texttospeech: v1.7.1 → v1.7.4
• cloud.google.com/go/tpu: v1.6.1 → v1.6.4
• cloud.google.com/go/trace: v1.10.1 → v1.10.4
• cloud.google.com/go/translate: v1.8.1 → v1.9.3
• cloud.google.com/go/video: v1.17.1 → v1.20.3
• cloud.google.com/go/videointelligence: v1.11.1 → v1.11.4
• cloud.google.com/go/vision/v2: v2.7.2 → v2.7.5
• cloud.google.com/go/vmmigration: v1.7.1 → v1.7.4
• cloud.google.com/go/vmwareengine: v0.4.1 → v1.0.3
• cloud.google.com/go/vpcaccess: v1.7.1 → v1.7.4
• cloud.google.com/go/webrisk: v1.9.1 → v1.9.4
• cloud.google.com/go/websecurityscanner: v1.6.1 → v1.6.4
• cloud.google.com/go/workflows: v1.11.1 → v1.12.3
• cloud.google.com/go: v0.110.4 → v0.110.10
• github.com/containers/common: v0.55.3 → 8fedf2e
• github.com/go-jose/go-jose/v3: v3.0.0 → v3.0.1
• github.com/go-logr/logr: v1.2.4 → v1.3.0
• github.com/golang/glog: v1.1.0 → v1.1.2
• github.com/google/go-cmp: v0.5.9 → v0.6.0
• github.com/google/uuid: v1.3.0 → v1.3.1
• github.com/grpc-ecosystem/grpc-gateway/v2: v2.15.2 → v2.18.1
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.42.0 → v0.46.1
• go.opentelemetry.io/otel/exporters/otlp/internal/retry: v1.16.0 → v1.15.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.16.0 → v1.21.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.16.0 → v1.21.0
• go.opentelemetry.io/otel/metric: v1.16.0 → v1.21.0
• go.opentelemetry.io/otel/sdk: v1.16.0 → v1.21.0
• go.opentelemetry.io/otel/trace: v1.16.0 → v1.21.0
• go.opentelemetry.io/otel: v1.16.0 → v1.21.0
• go.opentelemetry.io/proto/otlp: v0.19.0 → v1.0.0
• go.uber.org/goleak: v1.2.1 → v1.3.0
• golang.org/x/crypto: v0.14.0 → v0.16.0
• golang.org/x/net: v0.17.0 → v0.19.0
• golang.org/x/oauth2: v0.10.0 → v0.13.0
• golang.org/x/sys: v0.13.0 → v0.15.0
• golang.org/x/term: v0.13.0 → v0.15.0
• golang.org/x/text: v0.13.0 → v0.14.0
• google.golang.org/genproto/googleapis/api: 782d3b1 → 3a041ad
• google.golang.org/genproto/googleapis/rpc: 782d3b1 → 3a041ad
• google.golang.org/genproto: 782d3b1 → 83a465c
• google.golang.org/grpc: v1.58.3 → v1.59.0

Removed

Nothing has changed.

• CRI-O v1.27.3
  • Downloads
  • Changelog since v1.27.2
    • Changes by Kind
      • Bug or Regression
  • Dependencies
    • Added
    • Changed
    • Removed

CRI-O v1.27.3

The release notes have been generated for the commit range v1.27.2...v1.27.3 on Fri, 12 Jan 2024 11:05:48 EST.

Note This release fixes CVE-2023-6476

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

• cri-o.amd64.v1.27.3.tar.gz
  • cri-o.amd64.v1.27.3.tar.gz.sha256sum
  • cri-o.amd64.v1.27.3.tar.gz.sig
  • cri-o.amd64.v1.27.3.tar.gz.cert
  • cri-o.amd64.v1.27.3.tar.gz.spdx
  • cri-o.amd64.v1.27.3.tar.gz.spdx.sig
  • cri-o.amd64.v1.27.3.tar.gz.spdx.cert
• cri-o.arm64.v1.27.3.tar.gz
  • cri-o.arm64.v1.27.3.tar.gz.sha256sum
  • cri-o.arm64.v1.27.3.tar.gz.sig
  • cri-o.arm64.v1.27.3.tar.gz.cert
  • cri-o.arm64.v1.27.3.tar.gz.spdx
  • cri-o.arm64.v1.27.3.tar.gz.spdx.sig
  • cri-o.arm64.v1.27.3.tar.gz.spdx.cert

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.27.3.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.27.3 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.27.3 \
    --signature cri-o.amd64.v1.27.3.tar.gz.sig \
    --certificate cri-o.amd64.v1.27.3.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.27.3.tar.gz
> bom validate -e cri-o.amd64.v1.27.3.tar.gz.spdx -d cri-o

Changelog since v1.27.2

Changes by Kind

Bug or Regression

• Fix CVE-2023-6476, where poorly filtered access to an experimental annotation can allow pods to circumvent resource limits on cgroupsv2. See https://github.com/cri-o/cri-o/security/advisories/GHSA-p4rx-7wvg-fwrc for more information. (@haircommander)
• Go get github.com/alvistack/[email protected] (#7499, @hswong3i)

Dependencies

Added

• cloud.google.com/go/dataproc/v2: v2.3.0

Changed

• cloud.google.com/go/accessapproval: v1.7.1 → v1.7.4
• cloud.google.com/go/accesscontextmanager: v1.8.1 → v1.8.4
• cloud.google.com/go/aiplatform: v1.45.0 → v1.54.0
• cloud.google.com/go/analytics: v0.21.2 → v0.21.6
• cloud.google.com/go/apigateway: v1.6.1 → v1.6.4
• cloud.google.com/go/apigeeconnect: v1.6.1 → v1.6.4
• cloud.google.com/go/apigeeregistry: v0.7.1 → v0.8.2
• cloud.google.com/go/appengine: v1.8.1 → v1.8.4
• cloud.google.com/go/area120: v0.8.1 → v0.8.4
• cloud.google.com/go/artifactregistry: v1.14.1 → v1.14.6
• cloud.google.com/go/asset: v1.14.1 → v1.15.3
• cloud.google.com/go/assuredworkloads: v1.11.1 → v1.11.4
• cloud.google.com/go/automl: v1.13.1 → v1.13.4
• cloud.google.com/go/baremetalsolution: v0.5.0 → v1.2.3
• cloud.google.com/go/batch: v0.7.0 → v1.6.3
• cloud.google.com/go/beyondcorp: v0.6.1 → v1.0.3
• cloud.google.com/go/bigquery: v1.52.0 → v1.57.1
• cloud.google.com/go/billing: v1.16.0 → v1.17.4
• cloud.google.com/go/binaryauthorization: v1.6.1 → v1.7.3
• cloud.google.com/go/certificatemanager: v1.7.1 → v1.7.4
• cloud.google.com/go/channel: v1.16.0 → v1.17.3
• cloud.google.com/go/cloudbuild: v1.10.1 → v1.15.0
• cloud.google.com/go/clouddms: v1.6.1 → v1.7.3
• cloud.google.com/go/cloudtasks: v1.11.1 → v1.12.4
• cloud.google.com/go/compute: v1.21.0 → v1.23.3
• cloud.google.com/go/contactcenterinsights: v1.9.1 → v1.12.0
• cloud.google.com/go/container: v1.22.1 → v1.28.0
• cloud.google.com/go/containeranalysis: v0.10.1 → v0.11.3
• cloud.google.com/go/datacatalog: v1.14.1 → v1.19.0
• cloud.google.com/go/dataflow: v0.9.1 → v0.9.4
• cloud.google.com/go/dataform: v0.8.1 → v0.9.1
• cloud.google.com/go/datafusion: v1.7.1 → v1.7.4
• cloud.google.com/go/datalabeling: v0.8.1 → v0.8.4
• cloud.google.com/go/dataplex: v1.8.1 → v1.11.2
• cloud.google.com/go/dataqna: v0.8.1 → v0.8.4
• cloud.google.com/go/datastore: v1.12.1 → v1.15.0
• cloud.google.com/go/datastream: v1.9.1 → v1.10.3
• cloud.google.com/go/deploy: v1.11.0 → v1.15.0
• cloud.google.com/go/dialogflow: v1.38.0 → v1.44.3
• cloud.google.com/go/dlp: v1.10.1 → v1.11.1
• cloud.google.com/go/documentai: v1.20.0 → v1.23.5
• cloud.google.com/go/domains: v0.9.1 → v0.9.4
• cloud.google.com/go/edgecontainer: v1.1.1 → v1.1.4
• cloud.google.com/go/essentialcontacts: v1.6.2 → v1.6.5
• cloud.google.com/go/eventarc: v1.12.1 → v1.13.3
• cloud.google.com/go/filestore: v1.7.1 → v1.8.0
• cloud.google.com/go/firestore: v1.11.0 → v1.14.0
• cloud.google.com/go/functions: v1.15.1 → v1.15.4
• cloud.google.com/go/gkebackup: v0.4.0 → v1.3.4
• cloud.google.com/go/gkeconnect: v0.8.1 → v0.8.4
• cloud.google.com/go/gkehub: v0.14.1 → v0.14.4
• cloud.google.com/go/gkemulticloud: v0.6.1 → v1.0.3
• cloud.google.com/go/gsuiteaddons: v1.6.1 → v1.6.4
• cloud.google.com/go/iam: v1.1.1 → v1.1.5
• cloud.google.com/go/iap: v1.8.1 → v1.9.3
• cloud.google.com/go/ids: v1.4.1 → v1.4.4
• cloud.google.com/go/iot: v1.7.1 → v1.7.4
• cloud.google.com/go/kms: v1.12.1 → v1.15.5
• cloud.google.com/go/language: v1.10.1 → v1.12.2
• cloud.google.com/go/lifesciences: v0.9.1 → v0.9.4
• cloud.google.com/go/logging: v1.7.0 → v1.8.1
• cloud.google.com/go/longrunning: v0.5.1 → v0.5.4
• cloud.google.com/go/managedidentities: v1.6.1 → v1.6.4
• cloud.google.com/go/maps: v0.7.0 → v1.6.1
• cloud.google.com/go/mediatranslation: v0.8.1 → v0.8.4
• cloud.google.com/go/memcache: v1.10.1 → v1.10.4
• cloud.google.com/go/metastore: v1.11.1 → v1.13.3
• cloud.google.com/go/monitoring: v1.15.1 → v1.16.3
• cloud.google.com/go/networkconnectivity: v1.12.1 → v1.14.3
• cloud.google.com/go/networkmanagement: v1.8.0 → v1.9.3
• cloud.google.com/go/networksecurity: v0.9.1 → v0.9.4
• cloud.google.com/go/notebooks: v1.9.1 → v1.11.2
• cloud.google.com/go/optimization: v1.4.1 → v1.6.2
• cloud.google.com/go/orchestration: v1.8.1 → v1.8.4
• cloud.google.com/go/orgpolicy: v1.11.1 → v1.11.4
• cloud.google.com/go/osconfig: v1.12.1 → v1.12.4
• cloud.google.com/go/oslogin: v1.10.1 → v1.12.2
• cloud.google.com/go/phishingprotection: v0.8.1 → v0.8.4
• cloud.google.com/go/policytroubleshooter: v1.7.1 → v1.10.2
• cloud.google.com/go/privatecatalog: v0.9.1 → v0.9.4
• cloud.google.com/go/pubsub: v1.32.0 → v1.33.0
• cloud.google.com/go/recaptchaenterprise/v2: v2.7.2 → v2.8.4
• cloud.google.com/go/recommendationengine: v0.8.1 → v0.8.4
• cloud.google.com/go/recommender: v1.10.1 → v1.11.3
• cloud.google.com/go/redis: v1.13.1 → v1.14.1
• cloud.google.com/go/resourcemanager: v1.9.1 → v1.9.4
• cloud.google.com/go/resourcesettings: v1.6.1 → v1.6.4
• cloud.google.com/go/retail: v1.14.1 → v1.14.4
• cloud.google.com/go/run: v0.9.0 → v1.3.3
• cloud.google.com/go/scheduler: v1.10.1 → v1.10.5
• cloud.google.com/go/secretmanager: v1.11.1 → v1.11.4
• cloud.google.com/go/security: v1.15.1 → v1.15.4
• cloud.google.com/go/securitycenter: v1.23.0 → v1.24.2
• cloud.google.com/go/servicedirectory: v1.10.1 → v1.11.3
• cloud.google.com/go/shell: v1.7.1 → v1.7.4
• cloud.google.com/go/spanner: v1.47.0 → v1.53.0
• cloud.google.com/go/speech: v1.17.1 → v1.21.0
• cloud.google.com/go/storagetransfer: v1.10.0 → v1.10.3
• cloud.google.com/go/talent: v1.6.2 → v1.6.5
• cloud.google.com/go/texttospeech: v1.7.1 → v1.7.4
• cloud.google.com/go/tpu: v1.6.1 → v1.6.4
• cloud.google.com/go/trace: v1.10.1 → v1.10.4
• cloud.google.com/go/translate: v1.8.1 → v1.9.3
• cloud.google.com/go/video: v1.17.1 → v1.20.3
• cloud.google.com/go/videointelligence: v1.11.1 → v1.11.4
• cloud.google.com/go/vision/v2: v2.7.2 → v2.7.5
• cloud.google.com/go/vmmigration: v1.7.1 → v1.7.4
• cloud.google.com/go/vmwareengine: v0.4.1 → v1.0.3
• cloud.google.com/go/vpcaccess: v1.7.1 → v1.7.4
• cloud.google.com/go/webrisk: v1.9.1 → v1.9.4
• cloud.google.com/go/websecurityscanner: v1.6.1 → v1.6.4
• cloud.google.com/go/workflows: v1.11.1 → v1.12.3
• cloud.google.com/go: v0.110.4 → v0.110.10
• github.com/cenkalti/backoff/v4: v4.2.0 → v4.2.1
• github.com/containers/common: v0.53.0 → 6b57a0d
• github.com/containers/storage: v1.46.1 → 65bf8c5
• github.com/go-logr/logr: v1.2.3 → v1.3.0
• github.com/golang/glog: v1.1.0 → v1.1.2
• github.com/google/go-cmp: v0.5.9 → v0.6.0
• github.com/google/uuid: v1.3.0 → v1.3.1
• github.com/grpc-ecosystem/grpc-gateway/v2: v2.15.2 → v2.18.1
• github.com/stretchr/testify: v1.8.2 → v1.8.4
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.40.0 → v0.46.1
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.14.0 → v1.21.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.14.0 → v1.21.0
• go.opentelemetry.io/otel/metric: v0.37.0 → v1.21.0
• go.opentelemetry.io/otel/sdk: v1.14.0 → v1.21.0
• go.opentelemetry.io/otel/trace: v1.14.0 → v1.21.0
• go.opentelemetry.io/otel: v1.14.0 → v1.21.0
• go.opentelemetry.io/proto/otlp: v0.19.0 → v1.0.0
• go.uber.org/goleak: v1.2.1 → v1.3.0
• golang.org/x/crypto: v0.14.0 → v0.16.0
• golang.org/x/net: v0.17.0 → v0.19.0
• golang.org/x/oauth2: v0.10.0 → v0.13.0
• golang.org/x/sys: v0.13.0 → v0.15.0
• golang.org/x/term: v0.13.0 → v0.15.0
• golang.org/x/text: v0.13.0 → v0.14.0
• google.golang.org/genproto/googleapis/api: 782d3b1 → 3a041ad
• google.golang.org/genproto/googleapis/rpc: 782d3b1 → 3a041ad
• google.golang.org/genproto: 782d3b1 → 83a465c
• google.golang.org/grpc: v1.58.3 → v1.59.0

Removed

• cloud.google.com/go/dataproc: v1.12.0
• github.com/pkg/diff: 20ebb0f

• CRI-O v1.29.1
  • Downloads
  • Changelog since v1.29.0
    • Changes by Kind
      • API Change
      • Uncategorized
  • Dependencies
    • Added
    • Changed
    • Removed

CRI-O v1.29.1

The release notes have been generated for the commit range v1.29.0...v1.29.1 on Fri, 12 Jan 2024 12:56:11 EST.

Note This release fixes CVE-2023-6476

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

• cri-o.amd64.v1.29.1.tar.gz
  • cri-o.amd64.v1.29.1.tar.gz.sha256sum
  • cri-o.amd64.v1.29.1.tar.gz.sig
  • cri-o.amd64.v1.29.1.tar.gz.cert
  • cri-o.amd64.v1.29.1.tar.gz.spdx
  • cri-o.amd64.v1.29.1.tar.gz.spdx.sig
  • cri-o.amd64.v1.29.1.tar.gz.spdx.cert
• cri-o.arm64.v1.29.1.tar.gz
  • cri-o.arm64.v1.29.1.tar.gz.sha256sum
  • cri-o.arm64.v1.29.1.tar.gz.sig
  • cri-o.arm64.v1.29.1.tar.gz.cert
  • cri-o.arm64.v1.29.1.tar.gz.spdx
  • cri-o.arm64.v1.29.1.tar.gz.spdx.sig
  • cri-o.arm64.v1.29.1.tar.gz.spdx.cert
• cri-o.ppc64le.v1.29.1.tar.gz
  • cri-o.ppc64le.v1.29.1.tar.gz.sha256sum
  • cri-o.ppc64le.v1.29.1.tar.gz.sig
  • cri-o.ppc64le.v1.29.1.tar.gz.cert
  • cri-o.ppc64le.v1.29.1.tar.gz.spdx
  • cri-o.ppc64le.v1.29.1.tar.gz.spdx.sig
  • cri-o.ppc64le.v1.29.1.tar.gz.spdx.cert

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.29.1.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.29.1 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.29.1 \
    --signature cri-o.amd64.v1.29.1.tar.gz.sig \
    --certificate cri-o.amd64.v1.29.1.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.29.1.tar.gz
> bom validate -e cri-o.amd64.v1.29.1.tar.gz.spdx -d cri-o

Changelog since v1.29.0

Changes by Kind

Bug or Regression

• Fix CVE-2023-6476, where poorly filtered access to an experimental annotation can allow pods to circumvent resource limits on cgroupsv2. See GHSA-p4rx-7wvg-fwrc for more information. (@haircommander)

API Change

• Added more file system information in ImageFsInfo as part of the garbage collection KEP. (#7269, @kannon92)

Uncategorized

• Update linked logs to drop an intermediate directory and append .log to the container symlink (#7653, @haircommander)

Dependencies

Added

Nothing has changed.

Changed

• golang.org/x/crypto: v0.17.0 → v0.16.0

Removed

• github.com/google/go-github/v50: v50.2.0

• CRI-O v1.27.2
  • Downloads
  • Changelog since v1.27.1
    • Changes by Kind
      • Dependency-Change
      • Bug or Regression
      • Uncategorized
  • Dependencies
    • Added
    • Changed
    • Removed

CRI-O v1.27.2

The release notes have been generated for the commit range v1.27.1...v1.27.2 on Thu, 21 Dec 2023 15:13:23 EST.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

• cri-o.amd64.v1.27.2.tar.gz
  • cri-o.amd64.v1.27.2.tar.gz.sha256sum
  • cri-o.amd64.v1.27.2.tar.gz.sig
  • cri-o.amd64.v1.27.2.tar.gz.cert
  • cri-o.amd64.v1.27.2.tar.gz.spdx
  • cri-o.amd64.v1.27.2.tar.gz.spdx.sig
  • cri-o.amd64.v1.27.2.tar.gz.spdx.cert
• cri-o.arm64.v1.27.2.tar.gz
  • cri-o.arm64.v1.27.2.tar.gz.sha256sum
  • cri-o.arm64.v1.27.2.tar.gz.sig
  • cri-o.arm64.v1.27.2.tar.gz.cert
  • cri-o.arm64.v1.27.2.tar.gz.spdx
  • cri-o.arm64.v1.27.2.tar.gz.spdx.sig
  • cri-o.arm64.v1.27.2.tar.gz.spdx.cert

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.27.2.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.27.2 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.27.2 \
    --signature cri-o.amd64.v1.27.2.tar.gz.sig \
    --certificate cri-o.amd64.v1.27.2.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.27.2.tar.gz
> bom validate -e cri-o.amd64.v1.27.2.tar.gz.spdx -d cri-o

Changelog since v1.27.1

Changes by Kind

Dependency-Change

• Update the golang.org/x/net package from 0.12.0 to 0.17.0 to fix vulnerabilities CVE-2023-39325 and CVE-2023-4448. (#7416, @kwilczynski)
• Update the google.golang.org/grpc package from 1.54.0 to 1.58.3 to fix vulnerabilities CVE-2023-39325 and CVE-2023-4448. (#7415, @kwilczynski)

Bug or Regression

• Fix a very rare panic from a double closed channel in container stop (#7168, @haircommander)
• Fixed an issue preventing the use of block devices with kata containers (#7158, @littlejawa)

Uncategorized

• Add platform_runtime_paths option to the runtime handler structure, which allows admins to define specific runtime paths based on different platforms. (#7197, @sohankunkerkar)
• Fix a bug in cpuset load balancing where cpusets flip between load balanced and not due to an ordering issue. (#7291, @openshift-cherrypick-robot)
• Fix a bug where the cgroup crun configures is different than that CRI-O sets load balancing/cpu quota on (#7443, @haircommander)
• Revert kata containers block devices fix because it prevents non-root users from accessing block devices (where they were previously able to) (#7191, @davidvossel)
• Set mount type HostToContainer for mounts that include container storage root
• Fix a bug where CRI-O would override a Bidirectional mount in favor of a HostToContainer if the mount contained the host's container storage (#7457, @kwilczynski)

Dependencies

Added

• google.golang.org/genproto/googleapis/api: 782d3b1
• google.golang.org/genproto/googleapis/rpc: 782d3b1

Changed

• cloud.google.com/go/accessapproval: v1.6.0 → v1.7.1
• cloud.google.com/go/accesscontextmanager: v1.7.0 → v1.8.1
• cloud.google.com/go/aiplatform: v1.36.1 → v1.45.0
• cloud.google.com/go/analytics: v0.19.0 → v0.21.2
• cloud.google.com/go/apigateway: v1.5.0 → v1.6.1
• cloud.google.com/go/apigeeconnect: v1.5.0 → v1.6.1
• cloud.google.com/go/apigeeregistry: v0.6.0 → v0.7.1
• cloud.google.com/go/appengine: v1.7.0 → v1.8.1
• cloud.google.com/go/area120: v0.7.1 → v0.8.1
• cloud.google.com/go/artifactregistry: v1.12.0 → v1.14.1
• cloud.google.com/go/asset: v1.12.0 → v1.14.1
• cloud.google.com/go/assuredworkloads: v1.10.0 → v1.11.1
• cloud.google.com/go/automl: v1.12.0 → v1.13.1
• cloud.google.com/go/beyondcorp: v0.5.0 → v0.6.1
• cloud.google.com/go/bigquery: v1.49.0 → v1.52.0
• cloud.google.com/go/billing: v1.13.0 → v1.16.0
• cloud.google.com/go/binaryauthorization: v1.5.0 → v1.6.1
• cloud.google.com/go/certificatemanager: v1.6.0 → v1.7.1
• cloud.google.com/go/channel: v1.12.0 → v1.16.0
• cloud.google.com/go/cloudbuild: v1.9.0 → v1.10.1
• cloud.google.com/go/clouddms: v1.5.0 → v1.6.1
• cloud.google.com/go/cloudtasks: v1.10.0 → v1.11.1
• cloud.google.com/go/compute: v1.19.0 → v1.21.0
• cloud.google.com/go/contactcenterinsights: v1.6.0 → v1.9.1
• cloud.google.com/go/container: v1.14.0 → v1.22.1
• cloud.google.com/go/containeranalysis: v0.9.0 → v0.10.1
• cloud.google.com/go/datacatalog: v1.13.0 → v1.14.1
• cloud.google.com/go/dataflow: v0.8.0 → v0.9.1
• cloud.google.com/go/dataform: v0.7.0 → v0.8.1
• cloud.google.com/go/datafusion: v1.6.0 → v1.7.1
• cloud.google.com/go/datalabeling: v0.7.0 → v0.8.1
• cloud.google.com/go/dataplex: v1.6.0 → v1.8.1
• cloud.google.com/go/dataqna: v0.7.0 → v0.8.1
• cloud.google.com/go/datastore: v1.10.0 → v1.12.1
• cloud.google.com/go/datastream: v1.7.0 → v1.9.1
• cloud.google.com/go/deploy: v1.8.0 → v1.11.0
• cloud.google.com/go/dialogflow: v1.32.0 → v1.38.0
• cloud.google.com/go/dlp: v1.9.0 → v1.10.1
• cloud.google.com/go/documentai: v1.18.0 → v1.20.0
• cloud.google.com/go/domains: v0.8.0 → v0.9.1
• cloud.google.com/go/edgecontainer: v1.0.0 → v1.1.1
• cloud.google.com/go/essentialcontacts: v1.5.0 → v1.6.2
• cloud.google.com/go/eventarc: v1.11.0 → v1.12.1
• cloud.google.com/go/filestore: v1.6.0 → v1.7.1
• cloud.google.com/go/firestore: v1.9.0 → v1.11.0
• cloud.google.com/go/functions: v1.12.0 → v1.15.1
• cloud.google.com/go/gkeconnect: v0.7.0 → v0.8.1
• cloud.google.com/go/gkehub: v0.12.0 → v0.14.1
• cloud.google.com/go/gkemulticloud: v0.5.0 → v0.6.1
• cloud.google.com/go/gsuiteaddons: v1.5.0 → v1.6.1
• cloud.google.com/go/iam: v0.13.0 → v1.1.1
• cloud.google.com/go/iap: v1.7.0 → v1.8.1
• cloud.google.com/go/ids: v1.3.0 → v1.4.1
• cloud.google.com/go/iot: v1.6.0 → v1.7.1
• cloud.google.com/go/kms: v1.10.0 → v1.12.1
• cloud.google.com/go/language: v1.9.0 → v1.10.1
• cloud.google.com/go/lifesciences: v0.8.0 → v0.9.1
• cloud.google.com/go/longrunning: v0.4.1 → v0.5.1
• cloud.google.com/go/managedidentities: v1.5.0 → v1.6.1
• cloud.google.com/go/mediatranslation: v0.7.0 → v0.8.1
• cloud.google.com/go/memcache: v1.9.0 → v1.10.1
• cloud.google.com/go/metastore: v1.10.0 → v1.11.1
• cloud.google.com/go/monitoring: v1.13.0 → v1.15.1
• cloud.google.com/go/networkconnectivity: v1.11.0 → v1.12.1
• cloud.google.com/go/networkmanagement: v1.6.0 → v1.8.0
• cloud.google.com/go/networksecurity: v0.8.0 → v0.9.1
• cloud.google.com/go/notebooks: v1.8.0 → v1.9.1
• cloud.google.com/go/optimization: v1.3.1 → v1.4.1
• cloud.google.com/go/orchestration: v1.6.0 → v1.8.1
• cloud.google.com/go/orgpolicy: v1.10.0 → v1.11.1
• cloud.google.com/go/osconfig: v1.11.0 → v1.12.1
• cloud.google.com/go/oslogin: v1.9.0 → v1.10.1
• cloud.google.com/go/phishingprotection: v0.7.0 → v0.8.1
• cloud.google.com/go/policytroubleshooter: v1.6.0 → v1.7.1
• cloud.google.com/go/privatecatalog: v0.8.0 → v0.9.1
• cloud.google.com/go/pubsub: v1.30.0 → v1.32.0
• cloud.google.com/go/pubsublite: v1.7.0 → v1.8.1
• cloud.google.com/go/recaptchaenterprise/v2: v2.7.0 → v2.7.2
• cloud.google.com/go/recommendationengine: v0.7.0 → v0.8.1
• cloud.google.com/go/recommender: v1.9.0 → v1.10.1
• cloud.google.com/go/redis: v1.11.0 → v1.13.1
• cloud.google.com/go/resourcemanager: v1.6.0 → v1.9.1
• cloud.google.com/go/resourcesettings: v1.5.0 → v1.6.1
• cloud.google.com/go/retail: v1.12.0 → v1.14.1
• cloud.google.com/go/scheduler: v1.9.0 → v1.10.1
• cloud.google.com/go/secretmanager: v1.10.0 → v1.11.1
• cloud.google.com/go/security: v1.13.0 → v1.15.1
• cloud.google.com/go/securitycenter: v1.19.0 → v1.23.0
• cloud.google.com/go/servicedirectory: v1.9.0 → v1.10.1
• cloud.google.com/go/shell: v1.6.0 → v1.7.1
• cloud.google.com/go/spanner: v1.44.0 → v1.47.0
• cloud.google.com/go/speech: v1.15.0 → v1.17.1
• cloud.google.com/go/storagetransfer: v1.8.0 → v1.10.0
• cloud.google.com/go/talent: v1.5.0 → v1.6.2
• cloud.google.com/go/texttospeech: v1.6.0 → v1.7.1
• cloud.google.com/go/tpu: v1.5.0 → v1.6.1
• cloud.google.com/go/trace: v1.9.0 → v1.10.1
• cloud.google.com/go/translate: v1.7.0 → v1.8.1
• cloud.google.com/go/video: v1.14.0 → v1.17.1
• cloud.google.com/go/videointelligence: v1.10.0 → v1.11.1
• cloud.google.com/go/vision/v2: v2.7.0 → v2.7.2
• cloud.google.com/go/vmmigration: v1.6.0 → v1.7.1
• cloud.google.com/go/vmwareengine: v0.3.0 → v0.4.1
• cloud.google.com/go/vpcaccess: v1.6.0 → v1.7.1
• cloud.google.com/go/webrisk: v1.8.0 → v1.9.1
• cloud.google.com/go/websecurityscanner: v1.5.0 → v1.6.1
• cloud.google.com/go/workflows: v1.10.0 → v1.11.1
• cloud.google.com/go: v0.110.0 → v0.110.4
• github.com/cncf/xds/go: 06c439d → e9ce688
• github.com/envoyproxy/go-control-plane: v0.10.3 → v0.11.1
• github.com/envoyproxy/protoc-gen-validate: v0.9.1 → v1.0.2
• github.com/golang/glog: v1.0.0 → v1.1.0
• golang.org/x/crypto: v0.8.0 → v0.14.0
• golang.org/x/net: v0.9.0 → v0.17.0
• golang.org/x/oauth2: v0.7.0 → v0.10.0
• golang.org/x/sync: v0.1.0 → v0.3.0
• golang.org/x/sys: v0.7.0 → v0.13.0
• golang.org/x/term: v0.7.0 → v0.13.0
• golang.org/x/text: v0.9.0 → v0.13.0
• google.golang.org/genproto: dcfb400 → 782d3b1
• google.golang.org/grpc: v1.54.0 → v1.58.3
• google.golang.org/protobuf: v1.30.0 → v1.31.0

Removed

• cloud.google.com/go/apikeys: v0.6.0
• cloud.google.com/go/gaming: v1.9.0
• cloud.google.com/go/servicecontrol: v1.11.1
• cloud.google.com/go/servicemanagement: v1.8.0
• cloud.google.com/go/serviceusage: v1.6.0

• CRI-O v1.28.2
  • Downloads
  • Changelog since v1.28.1
    • Changes by Kind
      • Dependency-Change
      • Feature
      • Uncategorized
  • Dependencies
    • Added
    • Changed
    • Removed

CRI-O v1.28.2

The release notes have been generated for the commit range v1.28.1...v1.28.2 on Thu, 02 Nov 2023 10:12:17 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

• cri-o.amd64.v1.28.2.tar.gz
  • cri-o.amd64.v1.28.2.tar.gz.sha256sum
  • cri-o.amd64.v1.28.2.tar.gz.sig
  • cri-o.amd64.v1.28.2.tar.gz.cert
  • cri-o.amd64.v1.28.2.tar.gz.spdx
  • cri-o.amd64.v1.28.2.tar.gz.spdx.sig
  • cri-o.amd64.v1.28.2.tar.gz.spdx.cert
• cri-o.arm64.v1.28.2.tar.gz
  • cri-o.arm64.v1.28.2.tar.gz.sha256sum
  • cri-o.arm64.v1.28.2.tar.gz.sig
  • cri-o.arm64.v1.28.2.tar.gz.cert
  • cri-o.arm64.v1.28.2.tar.gz.spdx
  • cri-o.arm64.v1.28.2.tar.gz.spdx.sig
  • cri-o.arm64.v1.28.2.tar.gz.spdx.cert

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.28.2.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.28.2 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.28.2 \
    --signature cri-o.amd64.v1.28.2.tar.gz.sig \
    --certificate cri-o.amd64.v1.28.2.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.28.2.tar.gz
> bom validate -e cri-o.amd64.v1.28.2.tar.gz.spdx -d cri-o

Changelog since v1.28.1

Changes by Kind

Dependency-Change

• Update the golang.org/x/net package from 0.13.0 to 0.17.0 to fix vulnerabilities CVE-2023-39325 and CVE-2023-4448. (#7386, @kwilczynski)
• Update the google.golang.org/grpc package from 1.57.0 to 1.58.3 to fix vulnerabilities CVE-2023-39325 and CVE-2023-4448. (#7381, @kwilczynski)

Feature

• Added registries.conf to CRI-O bundle (#7312, @saschagrunert)

Uncategorized

• Fix a bug where CRI-O would override a Bidirectional mount in favor of a HostToContainer if the mount contained the host's container storage (#7456, @openshift-cherrypick-robot)
• Fix a bug where the cgroup crun configures is different than that CRI-O sets load balancing/cpu quota on (#7442, @haircommander)

Dependencies

Added

Nothing has changed.

Changed

• cloud.google.com/go/accessapproval: v1.6.0 → v1.7.1
• cloud.google.com/go/accesscontextmanager: v1.7.0 → v1.8.1
• cloud.google.com/go/aiplatform: v1.37.0 → v1.45.0
• cloud.google.com/go/analytics: v0.19.0 → v0.21.2
• cloud.google.com/go/apigateway: v1.5.0 → v1.6.1
• cloud.google.com/go/apigeeconnect: v1.5.0 → v1.6.1
• cloud.google.com/go/apigeeregistry: v0.6.0 → v0.7.1
• cloud.google.com/go/appengine: v1.7.1 → v1.8.1
• cloud.google.com/go/area120: v0.7.1 → v0.8.1
• cloud.google.com/go/artifactregistry: v1.13.0 → v1.14.1
• cloud.google.com/go/asset: v1.13.0 → v1.14.1
• cloud.google.com/go/assuredworkloads: v1.10.0 → v1.11.1
• cloud.google.com/go/automl: v1.12.0 → v1.13.1
• cloud.google.com/go/beyondcorp: v0.5.0 → v0.6.1
• cloud.google.com/go/bigquery: v1.50.0 → v1.52.0
• cloud.google.com/go/billing: v1.13.0 → v1.16.0
• cloud.google.com/go/binaryauthorization: v1.5.0 → v1.6.1
• cloud.google.com/go/certificatemanager: v1.6.0 → v1.7.1
• cloud.google.com/go/channel: v1.12.0 → v1.16.0
• cloud.google.com/go/cloudbuild: v1.9.0 → v1.10.1
• cloud.google.com/go/clouddms: v1.5.0 → v1.6.1
• cloud.google.com/go/cloudtasks: v1.10.0 → v1.11.1
• cloud.google.com/go/compute: v1.20.1 → v1.21.0
• cloud.google.com/go/contactcenterinsights: v1.6.0 → v1.9.1
• cloud.google.com/go/container: v1.15.0 → v1.22.1
• cloud.google.com/go/containeranalysis: v0.9.0 → v0.10.1
• cloud.google.com/go/datacatalog: v1.13.0 → v1.14.1
• cloud.google.com/go/dataflow: v0.8.0 → v0.9.1
• cloud.google.com/go/dataform: v0.7.0 → v0.8.1
• cloud.google.com/go/datafusion: v1.6.0 → v1.7.1
• cloud.google.com/go/datalabeling: v0.7.0 → v0.8.1
• cloud.google.com/go/dataplex: v1.6.0 → v1.8.1
• cloud.google.com/go/dataqna: v0.7.0 → v0.8.1
• cloud.google.com/go/datastore: v1.11.0 → v1.12.1
• cloud.google.com/go/datastream: v1.7.0 → v1.9.1
• cloud.google.com/go/deploy: v1.8.0 → v1.11.0
• cloud.google.com/go/dialogflow: v1.32.0 → v1.38.0
• cloud.google.com/go/dlp: v1.9.0 → v1.10.1
• cloud.google.com/go/documentai: v1.18.0 → v1.20.0
• cloud.google.com/go/domains: v0.8.0 → v0.9.1
• cloud.google.com/go/edgecontainer: v1.0.0 → v1.1.1
• cloud.google.com/go/essentialcontacts: v1.5.0 → v1.6.2
• cloud.google.com/go/eventarc: v1.11.0 → v1.12.1
• cloud.google.com/go/filestore: v1.6.0 → v1.7.1
• cloud.google.com/go/firestore: v1.9.0 → v1.11.0
• cloud.google.com/go/functions: v1.13.0 → v1.15.1
• cloud.google.com/go/gkeconnect: v0.7.0 → v0.8.1
• cloud.google.com/go/gkehub: v0.12.0 → v0.14.1
• cloud.google.com/go/gkemulticloud: v0.5.0 → v0.6.1
• cloud.google.com/go/gsuiteaddons: v1.5.0 → v1.6.1
• cloud.google.com/go/iam: v1.1.0 → v1.1.1
• cloud.google.com/go/iap: v1.7.1 → v1.8.1
• cloud.google.com/go/ids: v1.3.0 → v1.4.1
• cloud.google.com/go/iot: v1.6.0 → v1.7.1
• cloud.google.com/go/language: v1.9.0 → v1.10.1
• cloud.google.com/go/lifesciences: v0.8.0 → v0.9.1
• cloud.google.com/go/longrunning: v0.4.1 → v0.5.1
• cloud.google.com/go/managedidentities: v1.5.0 → v1.6.1
• cloud.google.com/go/mediatranslation: v0.7.0 → v0.8.1
• cloud.google.com/go/memcache: v1.9.0 → v1.10.1
• cloud.google.com/go/metastore: v1.10.0 → v1.11.1
• cloud.google.com/go/monitoring: v1.13.0 → v1.15.1
• cloud.google.com/go/networkconnectivity: v1.11.0 → v1.12.1
• cloud.google.com/go/networkmanagement: v1.6.0 → v1.8.0
• cloud.google.com/go/networksecurity: v0.8.0 → v0.9.1
• cloud.google.com/go/notebooks: v1.8.0 → v1.9.1
• cloud.google.com/go/optimization: v1.3.1 → v1.4.1
• cloud.google.com/go/orchestration: v1.6.0 → v1.8.1
• cloud.google.com/go/orgpolicy: v1.10.0 → v1.11.1
• cloud.google.com/go/osconfig: v1.11.0 → v1.12.1
• cloud.google.com/go/oslogin: v1.9.0 → v1.10.1
• cloud.google.com/go/phishingprotection: v0.7.0 → v0.8.1
• cloud.google.com/go/policytroubleshooter: v1.6.0 → v1.7.1
• cloud.google.com/go/privatecatalog: v0.8.0 → v0.9.1
• cloud.google.com/go/pubsub: v1.30.0 → v1.32.0
• cloud.google.com/go/pubsublite: v1.7.0 → v1.8.1
• cloud.google.com/go/recaptchaenterprise/v2: v2.7.0 → v2.7.2
• cloud.google.com/go/recommendationengine: v0.7.0 → v0.8.1
• cloud.google.com/go/recommender: v1.9.0 → v1.10.1
• cloud.google.com/go/redis: v1.11.0 → v1.13.1
• cloud.google.com/go/resourcemanager: v1.7.0 → v1.9.1
• cloud.google.com/go/resourcesettings: v1.5.0 → v1.6.1
• cloud.google.com/go/retail: v1.12.0 → v1.14.1
• cloud.google.com/go/scheduler: v1.9.0 → v1.10.1
• cloud.google.com/go/secretmanager: v1.10.0 → v1.11.1
• cloud.google.com/go/security: v1.14.0 → v1.15.1
• cloud.google.com/go/securitycenter: v1.19.0 → v1.23.0
• cloud.google.com/go/servicedirectory: v1.9.0 → v1.10.1
• cloud.google.com/go/shell: v1.6.0 → v1.7.1
• cloud.google.com/go/spanner: v1.45.0 → v1.47.0
• cloud.google.com/go/speech: v1.15.0 → v1.17.1
• cloud.google.com/go/storagetransfer: v1.8.0 → v1.10.0
• cloud.google.com/go/talent: v1.5.0 → v1.6.2
• cloud.google.com/go/texttospeech: v1.6.0 → v1.7.1
• cloud.google.com/go/tpu: v1.5.0 → v1.6.1
• cloud.google.com/go/trace: v1.9.0 → v1.10.1
• cloud.google.com/go/translate: v1.7.0 → v1.8.1
• cloud.google.com/go/video: v1.15.0 → v1.17.1
• cloud.google.com/go/videointelligence: v1.10.0 → v1.11.1
• cloud.google.com/go/vision/v2: v2.7.0 → v2.7.2
• cloud.google.com/go/vmmigration: v1.6.0 → v1.7.1
• cloud.google.com/go/vmwareengine: v0.3.0 → v0.4.1
• cloud.google.com/go/vpcaccess: v1.6.0 → v1.7.1
• cloud.google.com/go/webrisk: v1.8.0 → v1.9.1
• cloud.google.com/go/websecurityscanner: v1.5.0 → v1.6.1
• cloud.google.com/go/workflows: v1.10.0 → v1.11.1
• cloud.google.com/go: v0.110.2 → v0.110.4
• github.com/envoyproxy/go-control-plane: 9239064 → v0.11.1
• github.com/envoyproxy/protoc-gen-validate: v0.10.1 → v1.0.2
• golang.org/x/crypto: v0.11.0 → v0.14.0
• golang.org/x/net: v0.13.0 → v0.17.0
• golang.org/x/sys: v0.11.0 → v0.13.0
• golang.org/x/term: v0.10.0 → v0.13.0
• golang.org/x/text: v0.11.0 → v0.13.0
• google.golang.org/genproto/googleapis/api: e85fd2c → 782d3b1
• google.golang.org/genproto/googleapis/rpc: e449d1e → 782d3b1
• google.golang.org/genproto: e85fd2c → 782d3b1
• google.golang.org/grpc: v1.57.0 → v1.58.3

Removed

Nothing has changed.

• CRI-O v1.28.1
  • Downloads
  • Changelog since v1.28.0
    • Changes by Kind
      • Feature
      • Uncategorized
  • Dependencies
    • Added
    • Changed
    • Removed

CRI-O v1.28.1

The release notes have been generated for the commit range v1.28.0...v1.28.1 on Tue, 12 Sep 2023 15:07:42 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

• cri-o.amd64.v1.28.1.tar.gz
  • cri-o.amd64.v1.28.1.tar.gz.sha256sum
  • cri-o.amd64.v1.28.1.tar.gz.sig
  • cri-o.amd64.v1.28.1.tar.gz.cert
  • cri-o.amd64.v1.28.1.tar.gz.spdx
  • cri-o.amd64.v1.28.1.tar.gz.spdx.sig
  • cri-o.amd64.v1.28.1.tar.gz.spdx.cert
• cri-o.arm64.v1.28.1.tar.gz
  • cri-o.arm64.v1.28.1.tar.gz.sha256sum
  • cri-o.arm64.v1.28.1.tar.gz.sig
  • cri-o.arm64.v1.28.1.tar.gz.cert
  • cri-o.arm64.v1.28.1.tar.gz.spdx
  • cri-o.arm64.v1.28.1.tar.gz.spdx.sig
  • cri-o.arm64.v1.28.1.tar.gz.spdx.cert

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.28.1.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.28.1 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.28.1 \
    --signature cri-o.amd64.v1.28.1.tar.gz.sig \
    --certificate cri-o.amd64.v1.28.1.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.28.1.tar.gz
> bom validate -e cri-o.amd64.v1.28.1.tar.gz.spdx -d cri-o

Changelog since v1.28.0

Changes by Kind

Feature

• Check the runtime supports IDMap support before specifying it (#7297, @rata)

Uncategorized

• Fix a bug in cpuset load balancing where cpusets flip between load balanced and not due to an ordering issue. (#7290, @openshift-cherrypick-robot)

Dependencies

Added

Nothing has changed.

Changed

• github.com/opencontainers/runtime-spec: v1.1.0 → 4fec88f

Removed

Nothing has changed.

• CRI-O v1.25.4
  • Downloads
  • Changelog since v1.25.3
    • Changes by Kind
      • Bug or Regression
      • Uncategorized
  • Dependencies
    • Added
    • Changed
    • Removed

CRI-O v1.25.4

The release notes have been generated for the commit range v1.25.3...v1.25.4 on Tue, 01 Aug 2023 17:51:17 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

• cri-o.amd64.v1.25.4.tar.gz
  • cri-o.amd64.v1.25.4.tar.gz.sha256sum
  • cri-o.amd64.v1.25.4.tar.gz.sig
  • cri-o.amd64.v1.25.4.tar.gz.cert
  • cri-o.amd64.v1.25.4.tar.gz.spdx
• cri-o.arm64.v1.25.4.tar.gz
  • cri-o.arm64.v1.25.4.tar.gz.sha256sum
  • cri-o.arm64.v1.25.4.tar.gz.sig
  • cri-o.arm64.v1.25.4.tar.gz.cert
  • cri-o.arm64.v1.25.4.tar.gz.spdx

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.25.4.tar.gz \
    --signature cri-o.amd64.v1.25.4.tar.gz.sig \
    --certificate cri-o.amd64.v1.25.4.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.25.4.tar.gz
> bom validate -e cri-o.amd64.v1.25.4.tar.gz.spdx -d cri-o

Changelog since v1.25.3

Changes by Kind

Bug or Regression

• Fix a bug where network metrics collection is broken with systemd cgroup driver and dropped infra containers. (#6930, @haircommander)
• Fixed bug where CRI-O runs with umask of 0. (#6900, @saschagrunert)

Uncategorized

• Adds debug log to identify when a relabel was not requested (#6963, @openshift-cherrypick-robot)
• Fix a bug where sending information to cadvisor is stalled on taking the container's state lock (#7132, @sohankunkerkar)

Dependencies

Added

Nothing has changed.

Changed

• github.com/containers/common: 582fadb → 2ba2fd3

Removed

Nothing has changed.

• CRI-O v1.26.4
  • Downloads
  • Changelog since v1.26.3
    • Changes by Kind
      • Feature
      • Bug or Regression
      • Uncategorized
  • Dependencies
    • Added
    • Changed
    • Removed

CRI-O v1.26.4

The release notes have been generated for the commit range v1.26.3...v1.26.4 on Thu, 13 Jul 2023 14:50:12 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

• cri-o.amd64.v1.26.4.tar.gz
  • cri-o.amd64.v1.26.4.tar.gz.sha256sum
  • cri-o.amd64.v1.26.4.tar.gz.sig
  • cri-o.amd64.v1.26.4.tar.gz.cert
  • cri-o.amd64.v1.26.4.tar.gz.spdx
  • cri-o.amd64.v1.26.4.tar.gz.spdx.sig
  • cri-o.amd64.v1.26.4.tar.gz.spdx.cert
• cri-o.arm64.v1.26.4.tar.gz
  • cri-o.arm64.v1.26.4.tar.gz.sha256sum
  • cri-o.arm64.v1.26.4.tar.gz.sig
  • cri-o.arm64.v1.26.4.tar.gz.cert
  • cri-o.arm64.v1.26.4.tar.gz.spdx
  • cri-o.arm64.v1.26.4.tar.gz.spdx.sig
  • cri-o.arm64.v1.26.4.tar.gz.spdx.cert

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.26.4.tar.gz \
    --certificate-identity-regexp '.*' \
    --certificate-oidc-issuer-regexp '.*' \
    --signature cri-o.amd64.v1.26.4.tar.gz.sig \
    --certificate cri-o.amd64.v1.26.4.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.26.4.tar.gz
> bom validate -e cri-o.amd64.v1.26.4.tar.gz.spdx -d cri-o

Changelog since v1.26.3

Changes by Kind

Feature

• Add support for io.kubernetes.cri-o.LinkLogs annotation, which allows a pod's logs to be mounted into a specified empty-dir for inspection by a log aggregator (#7045, @haircommander)
• Update high performance hooks to disable load balancing through cgroups, rather than directly through the kernel's sysfs (#6812, @haircommander)

Bug or Regression

• Fix a bug where the cpu-quota.crio.io annotation was not propagated to the pod cgroup, meaning cpu quota was not disabled for the container (#6938, @haircommander)
• Fix a bug with cpu quota annotation that manifests like: pod with cpu-quota.crio.io: disable fails with error: set CPU CFS quota: invalid slice name: /kubepods.slice Fix a bug where stopped containers break cpu load balancing being disabled (#7013, @haircommander)
• Fixed bug where CRI-O runs with umask of 0. (#6895, @saschagrunert)

Uncategorized

• Adds debug log to identify when a relabel was not requested (#6962, @openshift-cherrypick-robot)
• Fix a bug where network metrics collection is broken with systemd cgroup driver and dropped infra containers. (#6875, @openshift-cherrypick-robot)
• Fix a bug where sending information to cadvisor is stalled on taking the container's state lock (#7131, @sohankunkerkar)

Dependencies

Added

• github.com/checkpoint-restore/go-criu/v4: v4.1.0

Changed

• github.com/alexflint/go-filemutex: v1.1.0 → v1.2.0
• github.com/containerd/nri: v0.3.0 → 9418541
• github.com/containernetworking/plugins: v1.1.1 → v1.2.0
• github.com/containers/buildah: c2cf9fa → v1.29.0
• github.com/containers/common: 582fadb → v0.51.1
• github.com/containers/podman/v4: 757fdca → 4213001
• github.com/fsouza/go-dockerclient: v1.9.0 → v1.9.3
• github.com/onsi/ginkgo/v2: v2.6.1 → v2.7.0
• github.com/onsi/gomega: v1.24.1 → v1.26.0
• github.com/opencontainers/runc: 8b9452f → v1.1.7
• github.com/rootless-containers/rootlesskit: v1.0.1 → v1.1.0
• github.com/safchain/ethtool: 9aa261d → v0.2.0
• golang.org/x/mod: v0.7.0 → v0.8.0
• golang.org/x/net: v0.5.0 → v0.8.0
• golang.org/x/sys: v0.4.0 → v0.6.0
• golang.org/x/term: v0.4.0 → v0.6.0
• golang.org/x/text: v0.6.0 → v0.8.0
• golang.org/x/tools: v0.4.0 → v0.6.0

Removed

Nothing has changed.