Overview All releases

Version History

v1.29.3 v1.29.2 v1.29.1 v1.29.0 v1.28.5 v1.28.4 v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.25.0 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.23.1

v1.23.0

v1.22.5 v1.22.4 v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.21.7 v1.21.6 v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.21.0

v1.20.9 v1.20.7

v1.20.6

v1.20.5

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.20.0-rc.1

v1.19.6 v1.19.5

v1.19.4

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc.1

v1.18.6

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.18.0-rc1

v1.17.5

v1.17.4

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.15.0

v1.14.12

v1.14.11

v1.14.10

v1.14.9

v1.14.8

v1.14.7

v1.14.6

v1.14.5

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.12

v1.13.11

v1.13.10

v1.13.9

v1.13.8

v1.13.7

v1.13.6

v1.13.5

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.10

v1.12.9

v1.12.8

v1.12.7

v1.12.6

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.12.0

v1.11.15

v1.11.14

v1.11.13

v1.11.12

v1.11.11

v1.11.10

v1.11.9

v1.11.8

v1.11.7

v1.11.6

v1.11.5

v1.11.4

v1.11.3

v1.11.2

v1.11.1

v1.11.0

v1.10.6

v1.10.5

v1.10.4

v1.10.3

v1.10.2

v1.10.1

v1.10.0

v1.10.0-beta.1

v1.9.16

v1.9.14

v1.9.13

v1.9.12

v1.9.11

v1.9.9

v1.9.8

v1.9.7

v1.9.6

v1.9.5

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-beta.2

v1.9.0-beta.1

v1.8.5

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v1.0.0-rc3

v1.0.0-rc2

v1.0.0-rc1

v1.0.0-beta.0

v1.0.0-alpha.0

v0.3

v0.2

v0.1

CRI-O - v1.22.2

Security

CRI-O v1.22.2
Downloads
Changelog since v1.22.1
Dependencies
- Added
- Changed
- Removed

CRI-O v1.22.2

The release notes have been generated for the commit range
v1.22.1...b030be8 on Fri, 25 Feb 2022 14:56:11 UTC.

This release has a fix for CVE-2022-0532

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

Changelog since v1.22.1

Changes by Kind

Other

Introduce the following metrics:
crio_operations_total, crio_operations_latency_seconds_total, crio_operations_latency_seconds,
crio_operations_errors_total, crio_image_pulls_bytes_total,
crio_image_pulls_skipped_bytes_total,
crio_image_pulls_success_total, crio_image_pulls_failure_total,
crio_image_layer_reuse_total, crio_containers_oom_count_total
while marking metric names that do not follow prometheus best practices as Deprecated in Prometheus metric help text. (#5487, @swghosh)

API Change

Drop support for v1alpha2 Container Runtime Interface (CRI) and require v1. (#5471, @saschagrunert)

Feature

Add allowed_devices field to config, allowing admins to specify which devices are allowed to be specified in the "io.kubernetes.cri-o.Devices" allowed_annotation. The default for this config field is [/dev/fuse] (#5551, @haircommander)
Add a [crio.stats] table to the config for configuring all things stats-related.
Add ability (with config field StatsCollectionPeriod) to calculate and save stats for pods and containers, rather than return them on demand.
Add support for {,List}PodSandboxStats, which allows the kubelet to take advantage of the PodAndContainerStatsFromCRI feature gate--one that is set to be alpha in 1.23. (#5427, @haircommander)
Add functionality to use taskset to spawn new commands cri-o runs. Now, if InfraCtrCPUSet is called, all newly spawned commands will be placed in the InfraCtrCPUSet (as it's expected to be set to the reserved CPU set that system commands should run on). (#5514, @haircommander)
Add support for TARGET namespace mode, which enables support for ephemeral containers. (#5440, @haircommander)
Add support for minimum_mappable_{u,g}id which relaxes the requirement on sc.RunAs{User,Group}. If set, the RunAs{User,Group} value and any explicitly-mapped host IDs are only required to be at or above the configured values. (#5462, @nalind)
Containers now have a /run/.containerenv file to help applications identify that they are running inside a container. (#5463, @pjbgf)
Now, if infra_ctr_cpuset is configured, conmon is put in the same cpuset (#5414, @haircommander)

Documentation

Improved some error messages related to user namespaces. (#5494, @frasertweedale)

Bug or Regression

Allow for both runtime class and workload level allowed annotations. Now, if a container or pod has both specified, the list will be merged. (#5465, @haircommander)
Conmon now always writes its logs to syslog, instead of only when the cgroup manager is cgroupfs (#3773, @haircommander)
Fix a bug where CRI-O would never shutdown if the networking plugin wasn't configured correctly (#5284, @haircommander)
Fix a bug where a pod given a host IPC or network namespace could configure sysctls on the host (#5610, @haircommander)
Fix a bug where invalid default_sysctls could be specified, leading to an error like "Failed to configure sysctls after unshare: No such file or directory" (#5673, @haircommander)
Fix a bug where memory swap values were specified even if the memory swap cgroup is not enabled (#5539, @haircommander)
Fix a bug where situations of excessive load on nodes causes containers to never actually start (#5590, @haircommander)
Fix a potential crash caused by a log message NULL-pointer dereference. (#5579, @klihub)
Fix an issue where protobuf panics when serializing ListContainer and ListPodSandbox calls (#5606, @haircommander)
Fix bug where ip a reports Error: Peer netns reference is invalid (#5529, @haircommander)
Fix crypto-profile bind within RHEL based containers. (#5555, @rphillips)
Fix vm containers couldn't restore after cri-o restart (#5574, @gozssky)
Fix zsh completion generation. (#5586, @klihub)
Fixed possible runtime panic on pod sandbox stats retrieval. (#5588, @saschagrunert)
Forbid AppArmor profiles with the name localhost/. (#5655, @saschagrunert)
Move namespace cleanup from sandbox stop to sandbox remove. This allows veth entries in the network namespaces of pods to be cleaned up earlier (#5336, @haircommander)

Uncategorized

Changes default config output to comment default values instead of omitting them (#5007, @wgahnagl)
Fix a case where conmon children are sometimes leaked (#5500, @haircommander)
Inherits storage configs from storage.conf if crio config does not set. (#5520, @QiWang19)
Specify runtime table format in the error message (#5452, @QiWang19)
Update go to 1.17 in go.mod (#5577, @QiWang19)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

Security

CVE-2022-0532

Details

date

Feb. 25, 2022, 4:44 p.m.

name

v1.22.2

type

Patch

official page

https://github.com/cri-o/cri-o/releases/tag/v1.22.2

👇

🔍View and search all CRI-O releases.
🛠️Create and share lists to track your tools.
🚨Setup notifications for major, security, feature or patch updates.
🚀Much more coming soon!

Continue with GitHub

Continue with Google

Username

Password

Password (again)

leave this field blank to prove your humanity