CRI-O - v1.24.4
Security
CRI-O v1.24.4
The release notes have been generated for the commit range
v1.24.3...v1.24.4 on Tue, 10 Jan 2023 16:24:52 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.24.4.tar.gz
- cri-o.amd64.v1.24.4.tar.gz.sha256sum
- cri-o.arm64.v1.24.4.tar.gz
- cri-o.arm64.v1.24.4.tar.gz.sha256sum
Changelog since v1.24.3
Changes by Kind
Dependency-Change
- Fixed bug to restore
/var/lib/containers/storage/overlay/backingFsBlockDev
on XFS file systems. (#6358, @saschagrunert)
Deprecation
- Fix CVE-2022-4318 by failing to create container if it's passed a HOME environment variable with a newline (#6450, @haircommander)
API Change
- Removed support for CRI
v1alpha2
, means that CRI-O now only supportsv1
. (#6347, @saschagrunert)
Feature
- Added OTLP tracing support via conmon-rs. (#6293, @saschagrunert)
- Added a new boolean configuration flag "--evented-pleg"(defaulted to "false") to enable the evented pleg mechanism in cri-o. The environment variable "EVENTED_PLEG" when set to "true" also enables the evented pleg in the cri-o. (#6404, @sairameshv)
- Added logs and GRPC error codes to OpenTelemetry traces. (#6294, @saschagrunert)
- Added seccomp notifier feature, which can be enabled by setting the annotation
io.kubernetes.cri-o.seccompNotifierAction
either tostop
(for terminating the workload) or anything else to just create metrics or logs. This also includes the new metriccrio_containers_seccomp_notifier_count_total
. For more information on its usage, please refer to the crio.conf.5 man page. (#6120, @saschagrunert) - Added support to checkpoint and restore containers in pods without infrastructure containers. (#6379, @adrianreber)
- More information available in tracing spans (#6343, @vrutkovs)
Documentation
- Updated CLI and config documentation to show how to enable Open Telemetry trace sampling for every span. (#6324, @saschagrunert)
Bug or Regression
- Fix a bug where
internal/resourcestore.(*ResourceStore).SetStageForResource
leaks memory (#6403, @haircommander) - Fix a segfault in
crio config
whenruntime.workloads.resources
is nil (#6192, @haircommander) - Fix conmonrs cgroup when infra container is dropped (#6416, @mrunalp)
- Fixed wrong tracing key for hostname field (
service.instance.id
→host.name
). - Added process.id to the traces. (#6326, @saschagrunert)
- Update systemd unit restart policy to be
on-failure
(#6408, @haircommander)
Uncategorized
- Add initial support for Node Resource Interface (NRI) v0.2.0. NRI allows vendors to customize container behavior and configuration using plugins. NRI plugins can register to various events in containers' lifecycle and make controlled changes to containers' configuration when these events occur. This feature is experimental and disabled by default. It can be enabled using the
--enable-nri
command line option or by settingenable_nri = true
in the CRI-O configuration[crio.nri]
table. The same table can be used to set other NRI-related configuration options. In addition to enabling NRI support in cri-o, an NRI configuration file also needs to be in place. The default location for this file is/etc/nri/nri.conf
and it can be empty. (#5318, @klihub) - This introduces the ability to store checkpoint archives as OCI images and push the checkpoint images to a remote registry. Important to remember is that the checkpoint image contains all memory pages of the checkpoint and therefore might contain sensitive information (password, encryption keys, ...). (#6181, @adrianreber)
Dependencies
Added
Nothing has changed.
Changed
- github.com/containers/storage: v1.37.2 → v1.37.3
Removed
Nothing has changed.
Security
Details
date
Jan. 10, 2023, 4:43 p.m.
name
v1.24.4
type
Patch
official page
👇
Register or login to:
- 🔍View and search all CRI-O releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!