CRI-O - v1.23.3
Security
CRI-O v1.23.3
This release fixes CVE-2022-1708
The release notes have been generated for the commit range
v1.23.2...2cf9dbf on Mon, 06 Jun 2022 14:41:13 EDT.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.2cf9dbf1a447d25931008c1815de407d9e5749f7.tar.gz
- cri-o.amd64.2cf9dbf1a447d25931008c1815de407d9e5749f7.tar.gz.sha256sum
- cri-o.arm64.2cf9dbf1a447d25931008c1815de407d9e5749f7.tar.gz
- cri-o.arm64.2cf9dbf1a447d25931008c1815de407d9e5749f7.tar.gz.sha256sum
Changelog since v1.23.2
Changes by Kind
Bug or Regression
- Fix a bug where ExecSync requests (exec probes) could use an arbitrary amount of memory and disk. Output from ExecSync requests is now limited to 16MB (the amount that exec output was limited to in the dockershim). Disk limiting requires conmon 2.1.2 to work. See https://github.com/cri-o/cri-o/security/advisories/GHSA-fcm2-6c3h-pg6j and CVE-2022-1708 for more information. (#5937, @haircommander)
Uncategorized
- Disable systemd-mode cgroup detection if /sys/fs/cgroup is bind mounted from the host (#5815, @openshift-cherrypick-robot)
- Fix a bug where CRI-O would leak a log file if a container failed to be created and the pod hadn't yet been cleaned up. (#5817, @openshift-cherrypick-robot)
- Fix a segfault when multiple container stops come in for the same container (#5782, @openshift-cherrypick-robot)
- Fixed
io.kubernetes.cri-o.TrySkipVolumeSELinuxLabel
annotation usage with the OpenShift MCS. (#5792, @openshift-cherrypick-robot) - Internal pod and container creation timeouts now account for changes in
runtime-request-timeout
in the Kubelet (#5853, @openshift-cherrypick-robot)
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
Security
Details
date
June 6, 2022, 6:47 p.m.
name
v1.23.3
type
Patch
official page
👇
Register or login to:
- 🔍View and search all CRI-O releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!