Containerd - v1.5.14

Security

Welcome to the v1.5.14 release of containerd!

The fourteenth patch release for containerd 1.5 includes various fixes and updates
along with an updated version of runc.

Notable Updates

  • Fix WWW-Authenticate parsing to allow empty quoted string (#7132)
  • Update oci.WithDefaultUnixDevices(): remove tun/tap from the default devices (#7267)
  • Fix createTarFile: make xattr EPERM non-fatal (#7449)
  • Fix dockerPusher to handle abort correctly (#7467)
  • Migrate from k8s.gcr.io to registry.k8s.io (#7550)
  • Fix CRI: PodSandboxStatus should tolerate missing task (#7552)
  • Fix io.containerd.runc.v1: Stats() shouldn't assume s.container is non-nil (#7556)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Kazuyoshi Kato
  • Sebastiaan van Stijn
  • Samuel Karp
  • Phil Estes
  • Maksym Pavlenko
  • Akihiro Suda
  • Derek McGowan
  • Wei Fu
  • Baoshuo
  • Benjamin Elder
  • Brian Goff
  • Daniel Canter
  • Gabriel Adrian Samfira
  • Iceber Gu
  • Kohei Tokunaga
  • Mike Brown
  • Paco Xu
  • Ye Sijun
  • rongfu.leng

Changes

56 commits

* [release/1.5] Prepare release notes for 1.5.14 ([#7572](https://github.com/containerd/containerd/pull/7572)) * [`ed672fe1c`](https://github.com/containerd/containerd/commit/ed672fe1c1579b7a7ed0b762262c88c8ed10541a) Prepare release notes for 1.5.14 * [`5150b97dd`](https://github.com/containerd/containerd/commit/5150b97dd61da8da4a8e0aec9e94dc3a0f6e095f) Update mailmap * [release/1.5] Update go 1.18.7, addresses CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 ([#7476](https://github.com/containerd/containerd/pull/7476)) * [`f109930d5`](https://github.com/containerd/containerd/commit/f109930d54c7abc76907497661d9e285fb3ea694) fix install cni script * [`1fea434b7`](https://github.com/containerd/containerd/commit/1fea434b700fb74bd55c02ecbba1c91477a6e4d5) [release/1.5] sync gha with release/1.6 branch * [`a6672294a`](https://github.com/containerd/containerd/commit/a6672294a5fb12bbab45beaab6d5f963c88cf5ed) [release/1.5] Update go 1.18.7, addresses CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 * [`1c1045d79`](https://github.com/containerd/containerd/commit/1c1045d799b8254319ef59b0ad6f7fce49ea161b) [release/1.5] update golangci-lint to v1.49.0 * [`03d7e8e49`](https://github.com/containerd/containerd/commit/03d7e8e49b9d935f7999ac0a1cb7eb1b6afc217b) Fix linter warnings * [`e6de4d6ef`](https://github.com/containerd/containerd/commit/e6de4d6efeac456b5a7e1947650362662508bf82) [release/1.5] gofmt with go1.19 * [`699a1f90e`](https://github.com/containerd/containerd/commit/699a1f90e25aa6ccde8ba2fefd23633043507576) Do not use `go get` to install executables * [`c24d508c9`](https://github.com/containerd/containerd/commit/c24d508c93710261add241810e2d10a421a2f526) update gotestsum to v1.7.0 * [`79f119b43`](https://github.com/containerd/containerd/commit/79f119b4391892ec34cf14dc7ac4eaedee70b456) update gotestsum to current master * [`4806c2400`](https://github.com/containerd/containerd/commit/4806c2400eca618ec89228746b7395d4789b5c38) Update gotestsum to add timestamps to junit output * [release/1.5] cri: PodSandboxStatus should tolerate missing task ([#7552](https://github.com/containerd/containerd/pull/7552)) * [`60dec1391`](https://github.com/containerd/containerd/commit/60dec13912618d9159befd4a368b541fafcd02d4) cri: PodSandboxStatus should tolerate missing task * [release/1.5] Stats() shouldn't assume s.container is non-nil ([#7556](https://github.com/containerd/containerd/pull/7556)) * [`208615ca7`](https://github.com/containerd/containerd/commit/208615ca79125f56dd6e2c1e88030780e7795eb7) [release/1.5] Stats() shouldn't assume s.container is non-nil * [release/1.5] migrate from k8s.gcr.io to registry.k8s.io ([#7550](https://github.com/containerd/containerd/pull/7550)) * [`a34a30b52`](https://github.com/containerd/containerd/commit/a34a30b5251ceb89ee37ec1b80a305b670e26f82) migrate from k8s.gcr.io to registry.k8s.io * [release/1.5] vendor: golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f ([#7515](https://github.com/containerd/containerd/pull/7515)) * [`ac382a74d`](https://github.com/containerd/containerd/commit/ac382a74d25d3d2cb972db507e76ac0cf1226681) [release/1.5] vendor: golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f * [release/1.5] cherry-pick: remotes: fix dockerPusher to handle abort correctly ([#7467](https://github.com/containerd/containerd/pull/7467)) * [`2fe813d36`](https://github.com/containerd/containerd/commit/2fe813d368ffc5e1224e0748b30d6d240b858250) remotes: fix dockerPusher to handle abort correctly * [release/1.5] cherry-pick: make xattr EPERM non-fatal in createTarFile ([#7449](https://github.com/containerd/containerd/pull/7449)) * [`f94332ee5`](https://github.com/containerd/containerd/commit/f94332ee54296dbfaf236743fd5cfb9cb05662ac) make xattr EPERM non-fatal in createTarFile * [release/1.5] .zuul: remove the zuul because it is offline ([#7428](https://github.com/containerd/containerd/pull/7428)) * [`0e11ab933`](https://github.com/containerd/containerd/commit/0e11ab9339622680f1d69efb8d4803f18e53e0ff) remove stray .zuul.yaml * [`83ea10446`](https://github.com/containerd/containerd/commit/83ea10446abfa139fd40d31239726275d40fcd3d) .zuul: remove the zuul because it is offline * [release/1.5 backport] update runc binary to v1.1.4 ([#7332](https://github.com/containerd/containerd/pull/7332)) * [`4593d187a`](https://github.com/containerd/containerd/commit/4593d187a718dc0228222195e94312043346831b) update runc binary to v1.1.4 * [release/1.5] ci: remove GOPROXY environment variable due to https://github.com/go-… ([#7300](https://github.com/containerd/containerd/pull/7300)) * [`d3d97cce3`](https://github.com/containerd/containerd/commit/d3d97cce31f42da18c381c2c6c7a5ccbc70fa5f8) ci: remove GOPROXY environment variable due to https://github.com/go-yaml/yaml/issues/887 * [release 1.5 backport] Fix cleanup in critest ([#7275](https://github.com/containerd/containerd/pull/7275)) * [`c2ace6ebc`](https://github.com/containerd/containerd/commit/c2ace6ebc8bf3cda5faee1c4861670257f238bed) Fix cleanup in critest * [release/1.5 backport] oci: WithDefaultUnixDevices(): remove tun/tap from the default devices ([#7267](https://github.com/containerd/containerd/pull/7267)) * [`9bdd52b3a`](https://github.com/containerd/containerd/commit/9bdd52b3a43acebc52ee257546c312adc2c81390) oci: WithDefaultUnixDevices(): remove tun/tap from the default devices * [release/1.5] release workflow: increase timeout to 30 minutes ([#7262](https://github.com/containerd/containerd/pull/7262)) * [`401af14ea`](https://github.com/containerd/containerd/commit/401af14eaf187a90b6ea028b26f5acd637701268) release workflow: increase timeout to 30 minutes * [release/1.5] backport: update GitHub Actions runners to macos-12 ([#7248](https://github.com/containerd/containerd/pull/7248)) * [`792ead0cf`](https://github.com/containerd/containerd/commit/792ead0cf7c524f860b1df7ff4e3a37261aaeb48) Update Vagrant CI to macos-12 * [`07e037f09`](https://github.com/containerd/containerd/commit/07e037f09a0fb5acb3aa91fb332a5184357fb726) chore: bump macos runner version * [release/1.5] gha: make release workflow work in forks ([#7239](https://github.com/containerd/containerd/pull/7239)) * [`7e7eb6793`](https://github.com/containerd/containerd/commit/7e7eb6793385a4febfe00bf88abfc8cfcd55a403) gha: make release workflow work in forks * [release/1.5] Update golang to 1.17.13 ([#7245](https://github.com/containerd/containerd/pull/7245)) * [`9a116ee4f`](https://github.com/containerd/containerd/commit/9a116ee4f74349909c53c8b05722365db66b508d) Update golang to 1.17.13 * [release/1.5] update golang to 1.17.12 ([#7161](https://github.com/containerd/containerd/pull/7161)) * [`e91e39347`](https://github.com/containerd/containerd/commit/e91e39347a8f15e1061df79b2c063817711bff0e) [release/1.5] update golang to 1.17.12 * [release/1.5] Downgrade MinGW to version 10.2.0 ([#7134](https://github.com/containerd/containerd/pull/7134)) * [`46933650b`](https://github.com/containerd/containerd/commit/46933650b5afbbfdbdae687619175656c730d2d9) [release/1.5] Downgrade MinGW to version 10.2.0 * [release/1.5] Fix WWW-Authenticate parsing ([#7132](https://github.com/containerd/containerd/pull/7132)) * [`8ae864ae9`](https://github.com/containerd/containerd/commit/8ae864ae9871d8f7d16c5f21cd9d54e5fcaabd97) [release/1.5] Fix WWW-Authenticate parsing * [release/1.5] ctr: fix label args used in NewContainer ([#7071](https://github.com/containerd/containerd/pull/7071)) * [`febb0e82d`](https://github.com/containerd/containerd/commit/febb0e82d6c6a8974fc2b3bdfa80a92895106fa6) ctr: fix label args used in NewContainer * [release/1.5] update runc binary to v1.1.3 ([#7035](https://github.com/containerd/containerd/pull/7035)) * [`e549139d3`](https://github.com/containerd/containerd/commit/e549139d3c1f3a8b95272d7498928dd4941ab4cd) update runc binary to v1.1.3

Dependency Changes

  • golang.org/x/sys 33da011f77ad -> 8c9f86f7a55f

Previous release can be found at v1.5.13

Details

date
Oct. 24, 2022, 4:19 p.m.
name
containerd 1.5.14
type
Patch
official page
https://github.com/containerd/containerd/releases/tag/v1.5.14
👇
Register or login to:
  • 🔍View and search all Containerd releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or