Open Container Initiative-based implementation of Kubernetes Container Runtime Interface
The release notes have been generated for the commit range v1.28.2...v1.28.3 on Fri, 12 Jan 2024 11:52:53 EST.
Note This release fixes CVE-2023-6476
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.28.3.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.28.3 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.28.3 \
--signature cri-o.amd64.v1.28.3.tar.gz.sig \
--certificate cri-o.amd64.v1.28.3.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.28.3.tar.gz
> bom validate -e cri-o.amd64.v1.28.3.tar.gz.spdx -d cri-o
io.kubernetes.cri-o.Devices
annotation in the default runtime class, which along with AllowedDevices containing /dev/fuse by default, gives containers in the default runtime class optional access to /dev/fuse (#7535, @openshift-cherrypick-robot)Nothing has changed.
The release notes have been generated for the commit range v1.27.2...v1.27.3 on Fri, 12 Jan 2024 11:05:48 EST.
Note This release fixes CVE-2023-6476
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.27.3.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.27.3 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.27.3 \
--signature cri-o.amd64.v1.27.3.tar.gz.sig \
--certificate cri-o.amd64.v1.27.3.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.27.3.tar.gz
> bom validate -e cri-o.amd64.v1.27.3.tar.gz.spdx -d cri-o
The release notes have been generated for the commit range v1.29.0...v1.29.1 on Fri, 12 Jan 2024 12:56:11 EST.
Note This release fixes CVE-2023-6476
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.29.1.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.29.1 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.29.1 \
--signature cri-o.amd64.v1.29.1.tar.gz.sig \
--certificate cri-o.amd64.v1.29.1.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.29.1.tar.gz
> bom validate -e cri-o.amd64.v1.29.1.tar.gz.spdx -d cri-o
ImageFsInfo
as part of the garbage collection KEP. (#7269, @kannon92).log
to the container symlink (#7653, @haircommander)Nothing has changed.
The release notes have been generated for the commit range v1.27.1...v1.27.2 on Thu, 21 Dec 2023 15:13:23 EST.
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.27.2.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.27.2 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.27.2 \
--signature cri-o.amd64.v1.27.2.tar.gz.sig \
--certificate cri-o.amd64.v1.27.2.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.27.2.tar.gz
> bom validate -e cri-o.amd64.v1.27.2.tar.gz.spdx -d cri-o
The release notes have been generated for the commit range v1.28.1...v1.28.2 on Thu, 02 Nov 2023 10:12:17 UTC.
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.28.2.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.28.2 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.28.2 \
--signature cri-o.amd64.v1.28.2.tar.gz.sig \
--certificate cri-o.amd64.v1.28.2.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.28.2.tar.gz
> bom validate -e cri-o.amd64.v1.28.2.tar.gz.spdx -d cri-o
Nothing has changed.
Nothing has changed.
The release notes have been generated for the commit range v1.28.0...v1.28.1 on Tue, 12 Sep 2023 15:07:42 UTC.
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.28.1.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.28.1 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.28.1 \
--signature cri-o.amd64.v1.28.1.tar.gz.sig \
--certificate cri-o.amd64.v1.28.1.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.28.1.tar.gz
> bom validate -e cri-o.amd64.v1.28.1.tar.gz.spdx -d cri-o
Nothing has changed.
Nothing has changed.
The release notes have been generated for the commit range v1.25.3...v1.25.4 on Tue, 01 Aug 2023 17:51:17 UTC.
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.25.4.tar.gz \
--signature cri-o.amd64.v1.25.4.tar.gz.sig \
--certificate cri-o.amd64.v1.25.4.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.25.4.tar.gz
> bom validate -e cri-o.amd64.v1.25.4.tar.gz.spdx -d cri-o
0
. (#6900, @saschagrunert)Nothing has changed.
Nothing has changed.
The release notes have been generated for the commit range v1.26.3...v1.26.4 on Thu, 13 Jul 2023 14:50:12 UTC.
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.26.4.tar.gz \
--certificate-identity-regexp '.*' \
--certificate-oidc-issuer-regexp '.*' \
--signature cri-o.amd64.v1.26.4.tar.gz.sig \
--certificate cri-o.amd64.v1.26.4.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.26.4.tar.gz
> bom validate -e cri-o.amd64.v1.26.4.tar.gz.spdx -d cri-o
io.kubernetes.cri-o.LinkLogs
annotation, which allows a pod's logs to be mounted into a specified empty-dir for inspection by a log aggregator (#7045, @haircommander)cpu-quota.crio.io
annotation was not propagated to the pod cgroup, meaning cpu quota was not disabled for the container (#6938, @haircommander)pod with cpu-quota.crio.io: disable fails with error: set CPU CFS quota: invalid slice name: /kubepods.slice
Fix a bug where stopped containers break cpu load balancing being disabled (#7013, @haircommander)0
. (#6895, @saschagrunert)Nothing has changed.