• CRI-O v1.27.2
• Downloads
• Changelog since v1.27.1
  • Changes by Kind
  • Dependency-Change
  • Bug or Regression
  • Uncategorized
• Dependencies
  • Added
  • Changed
  • Removed

CRI-O v1.27.2

The release notes have been generated for the commit range
v1.27.1...v1.27.2 on Thu, 21 Dec 2023 15:13:23 EST.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

• cri-o.amd64.v1.27.2.tar.gz
• cri-o.amd64.v1.27.2.tar.gz.sha256sum
• cri-o.amd64.v1.27.2.tar.gz.sig
• cri-o.amd64.v1.27.2.tar.gz.cert
• cri-o.amd64.v1.27.2.tar.gz.spdx
• cri-o.amd64.v1.27.2.tar.gz.spdx.sig
• cri-o.amd64.v1.27.2.tar.gz.spdx.cert
• cri-o.arm64.v1.27.2.tar.gz
• cri-o.arm64.v1.27.2.tar.gz.sha256sum
• cri-o.arm64.v1.27.2.tar.gz.sig
• cri-o.arm64.v1.27.2.tar.gz.cert
• cri-o.arm64.v1.27.2.tar.gz.spdx
• cri-o.arm64.v1.27.2.tar.gz.spdx.sig
• cri-o.arm64.v1.27.2.tar.gz.spdx.cert

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.27.2.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.27.2 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.27.2 \
    --signature cri-o.amd64.v1.27.2.tar.gz.sig \
    --certificate cri-o.amd64.v1.27.2.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.27.2.tar.gz
> bom validate -e cri-o.amd64.v1.27.2.tar.gz.spdx -d cri-o

Changelog since v1.27.1

Changes by Kind

Dependency-Change

• Update the golang.org/x/net package from 0.12.0 to 0.17.0 to fix vulnerabilities CVE-2023-39325 and CVE-2023-4448. (#7416, @kwilczynski)
• Update the google.golang.org/grpc package from 1.54.0 to 1.58.3 to fix vulnerabilities CVE-2023-39325 and CVE-2023-4448. (#7415, @kwilczynski)

Bug or Regression

• Fix a very rare panic from a double closed channel in container stop (#7168, @haircommander)
• Fixed an issue preventing the use of block devices with kata containers (#7158, @littlejawa)

Uncategorized

• Add platform_runtime_paths option to the runtime handler structure, which allows admins to define specific runtime paths based on different platforms. (#7197, @sohankunkerkar)
• Fix a bug in cpuset load balancing where cpusets flip between load balanced and not due to an ordering issue. (#7291, @openshift-cherrypick-robot)
• Fix a bug where the cgroup crun configures is different than that CRI-O sets load balancing/cpu quota on (#7443, @haircommander)
• Revert kata containers block devices fix because it prevents non-root users from accessing block devices (where they were previously able to) (#7191, @davidvossel)
• Set mount type HostToContainer for mounts that include container storage root
• Fix a bug where CRI-O would override a Bidirectional mount in favor of a HostToContainer if the mount contained the host's container storage (#7457, @kwilczynski)

Dependencies

Added

• google.golang.org/genproto/googleapis/api: 782d3b1
• google.golang.org/genproto/googleapis/rpc: 782d3b1

Changed

• cloud.google.com/go/accessapproval: v1.6.0 → v1.7.1
• cloud.google.com/go/accesscontextmanager: v1.7.0 → v1.8.1
• cloud.google.com/go/aiplatform: v1.36.1 → v1.45.0
• cloud.google.com/go/analytics: v0.19.0 → v0.21.2
• cloud.google.com/go/apigateway: v1.5.0 → v1.6.1
• cloud.google.com/go/apigeeconnect: v1.5.0 → v1.6.1
• cloud.google.com/go/apigeeregistry: v0.6.0 → v0.7.1
• cloud.google.com/go/appengine: v1.7.0 → v1.8.1
• cloud.google.com/go/area120: v0.7.1 → v0.8.1
• cloud.google.com/go/artifactregistry: v1.12.0 → v1.14.1
• cloud.google.com/go/asset: v1.12.0 → v1.14.1
• cloud.google.com/go/assuredworkloads: v1.10.0 → v1.11.1
• cloud.google.com/go/automl: v1.12.0 → v1.13.1
• cloud.google.com/go/beyondcorp: v0.5.0 → v0.6.1
• cloud.google.com/go/bigquery: v1.49.0 → v1.52.0
• cloud.google.com/go/billing: v1.13.0 → v1.16.0
• cloud.google.com/go/binaryauthorization: v1.5.0 → v1.6.1
• cloud.google.com/go/certificatemanager: v1.6.0 → v1.7.1
• cloud.google.com/go/channel: v1.12.0 → v1.16.0
• cloud.google.com/go/cloudbuild: v1.9.0 → v1.10.1
• cloud.google.com/go/clouddms: v1.5.0 → v1.6.1
• cloud.google.com/go/cloudtasks: v1.10.0 → v1.11.1
• cloud.google.com/go/compute: v1.19.0 → v1.21.0
• cloud.google.com/go/contactcenterinsights: v1.6.0 → v1.9.1
• cloud.google.com/go/container: v1.14.0 → v1.22.1
• cloud.google.com/go/containeranalysis: v0.9.0 → v0.10.1
• cloud.google.com/go/datacatalog: v1.13.0 → v1.14.1
• cloud.google.com/go/dataflow: v0.8.0 → v0.9.1
• cloud.google.com/go/dataform: v0.7.0 → v0.8.1
• cloud.google.com/go/datafusion: v1.6.0 → v1.7.1
• cloud.google.com/go/datalabeling: v0.7.0 → v0.8.1
• cloud.google.com/go/dataplex: v1.6.0 → v1.8.1
• cloud.google.com/go/dataqna: v0.7.0 → v0.8.1
• cloud.google.com/go/datastore: v1.10.0 → v1.12.1
• cloud.google.com/go/datastream: v1.7.0 → v1.9.1
• cloud.google.com/go/deploy: v1.8.0 → v1.11.0
• cloud.google.com/go/dialogflow: v1.32.0 → v1.38.0
• cloud.google.com/go/dlp: v1.9.0 → v1.10.1
• cloud.google.com/go/documentai: v1.18.0 → v1.20.0
• cloud.google.com/go/domains: v0.8.0 → v0.9.1
• cloud.google.com/go/edgecontainer: v1.0.0 → v1.1.1
• cloud.google.com/go/essentialcontacts: v1.5.0 → v1.6.2
• cloud.google.com/go/eventarc: v1.11.0 → v1.12.1
• cloud.google.com/go/filestore: v1.6.0 → v1.7.1
• cloud.google.com/go/firestore: v1.9.0 → v1.11.0
• cloud.google.com/go/functions: v1.12.0 → v1.15.1
• cloud.google.com/go/gkeconnect: v0.7.0 → v0.8.1
• cloud.google.com/go/gkehub: v0.12.0 → v0.14.1
• cloud.google.com/go/gkemulticloud: v0.5.0 → v0.6.1
• cloud.google.com/go/gsuiteaddons: v1.5.0 → v1.6.1
• cloud.google.com/go/iam: v0.13.0 → v1.1.1
• cloud.google.com/go/iap: v1.7.0 → v1.8.1
• cloud.google.com/go/ids: v1.3.0 → v1.4.1
• cloud.google.com/go/iot: v1.6.0 → v1.7.1
• cloud.google.com/go/kms: v1.10.0 → v1.12.1
• cloud.google.com/go/language: v1.9.0 → v1.10.1
• cloud.google.com/go/lifesciences: v0.8.0 → v0.9.1
• cloud.google.com/go/longrunning: v0.4.1 → v0.5.1
• cloud.google.com/go/managedidentities: v1.5.0 → v1.6.1
• cloud.google.com/go/mediatranslation: v0.7.0 → v0.8.1
• cloud.google.com/go/memcache: v1.9.0 → v1.10.1
• cloud.google.com/go/metastore: v1.10.0 → v1.11.1
• cloud.google.com/go/monitoring: v1.13.0 → v1.15.1
• cloud.google.com/go/networkconnectivity: v1.11.0 → v1.12.1
• cloud.google.com/go/networkmanagement: v1.6.0 → v1.8.0
• cloud.google.com/go/networksecurity: v0.8.0 → v0.9.1
• cloud.google.com/go/notebooks: v1.8.0 → v1.9.1
• cloud.google.com/go/optimization: v1.3.1 → v1.4.1
• cloud.google.com/go/orchestration: v1.6.0 → v1.8.1
• cloud.google.com/go/orgpolicy: v1.10.0 → v1.11.1
• cloud.google.com/go/osconfig: v1.11.0 → v1.12.1
• cloud.google.com/go/oslogin: v1.9.0 → v1.10.1
• cloud.google.com/go/phishingprotection: v0.7.0 → v0.8.1
• cloud.google.com/go/policytroubleshooter: v1.6.0 → v1.7.1
• cloud.google.com/go/privatecatalog: v0.8.0 → v0.9.1
• cloud.google.com/go/pubsub: v1.30.0 → v1.32.0
• cloud.google.com/go/pubsublite: v1.7.0 → v1.8.1
• cloud.google.com/go/recaptchaenterprise/v2: v2.7.0 → v2.7.2
• cloud.google.com/go/recommendationengine: v0.7.0 → v0.8.1
• cloud.google.com/go/recommender: v1.9.0 → v1.10.1
• cloud.google.com/go/redis: v1.11.0 → v1.13.1
• cloud.google.com/go/resourcemanager: v1.6.0 → v1.9.1
• cloud.google.com/go/resourcesettings: v1.5.0 → v1.6.1
• cloud.google.com/go/retail: v1.12.0 → v1.14.1
• cloud.google.com/go/scheduler: v1.9.0 → v1.10.1
• cloud.google.com/go/secretmanager: v1.10.0 → v1.11.1
• cloud.google.com/go/security: v1.13.0 → v1.15.1
• cloud.google.com/go/securitycenter: v1.19.0 → v1.23.0
• cloud.google.com/go/servicedirectory: v1.9.0 → v1.10.1
• cloud.google.com/go/shell: v1.6.0 → v1.7.1
• cloud.google.com/go/spanner: v1.44.0 → v1.47.0
• cloud.google.com/go/speech: v1.15.0 → v1.17.1
• cloud.google.com/go/storagetransfer: v1.8.0 → v1.10.0
• cloud.google.com/go/talent: v1.5.0 → v1.6.2
• cloud.google.com/go/texttospeech: v1.6.0 → v1.7.1
• cloud.google.com/go/tpu: v1.5.0 → v1.6.1
• cloud.google.com/go/trace: v1.9.0 → v1.10.1
• cloud.google.com/go/translate: v1.7.0 → v1.8.1
• cloud.google.com/go/video: v1.14.0 → v1.17.1
• cloud.google.com/go/videointelligence: v1.10.0 → v1.11.1
• cloud.google.com/go/vision/v2: v2.7.0 → v2.7.2
• cloud.google.com/go/vmmigration: v1.6.0 → v1.7.1
• cloud.google.com/go/vmwareengine: v0.3.0 → v0.4.1
• cloud.google.com/go/vpcaccess: v1.6.0 → v1.7.1
• cloud.google.com/go/webrisk: v1.8.0 → v1.9.1
• cloud.google.com/go/websecurityscanner: v1.5.0 → v1.6.1
• cloud.google.com/go/workflows: v1.10.0 → v1.11.1
• cloud.google.com/go: v0.110.0 → v0.110.4
• github.com/cncf/xds/go: 06c439d → e9ce688
• github.com/envoyproxy/go-control-plane: v0.10.3 → v0.11.1
• github.com/envoyproxy/protoc-gen-validate: v0.9.1 → v1.0.2
• github.com/golang/glog: v1.0.0 → v1.1.0
• golang.org/x/crypto: v0.8.0 → v0.14.0
• golang.org/x/net: v0.9.0 → v0.17.0
• golang.org/x/oauth2: v0.7.0 → v0.10.0
• golang.org/x/sync: v0.1.0 → v0.3.0
• golang.org/x/sys: v0.7.0 → v0.13.0
• golang.org/x/term: v0.7.0 → v0.13.0
• golang.org/x/text: v0.9.0 → v0.13.0
• google.golang.org/genproto: dcfb400 → 782d3b1
• google.golang.org/grpc: v1.54.0 → v1.58.3
• google.golang.org/protobuf: v1.30.0 → v1.31.0

Removed

• cloud.google.com/go/apikeys: v0.6.0
• cloud.google.com/go/gaming: v1.9.0
• cloud.google.com/go/servicecontrol: v1.11.1
• cloud.google.com/go/servicemanagement: v1.8.0
• cloud.google.com/go/serviceusage: v1.6.0