CRI-O - v1.23.1
Security
CRI-O v1.23.1
The release notes have been generated for the commit range
v1.23.0...53ada6d on Fri, 11 Feb 2022 22:03:35 UTC.
This release has a fix for CVE-2022-0532
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.53ada6de691b5c48f03b7975f3e8d5216fc13cea.tar.gz
- cri-o.amd64.53ada6de691b5c48f03b7975f3e8d5216fc13cea.tar.gz.sha256sum
- cri-o.arm64.53ada6de691b5c48f03b7975f3e8d5216fc13cea.tar.gz
- cri-o.arm64.53ada6de691b5c48f03b7975f3e8d5216fc13cea.tar.gz.sha256sum
Changelog since v1.23.0
Changes by Kind
Other
- Introduce the following metrics:
crio_operations_total, crio_operations_latency_seconds_total, crio_operations_latency_seconds,
crio_operations_errors_total, crio_image_pulls_bytes_total,
crio_image_pulls_skipped_bytes_total,
crio_image_pulls_success_total, crio_image_pulls_failure_total,
crio_image_layer_reuse_total, crio_containers_oom_count_total
while marking metric names that do not follow prometheus best practices as Deprecated in Prometheus metric help text. (#5487, @swghosh)
Feature
- Add
allowed_devices
field to config, allowing admins to specify which devices are allowed to be specified in the "io.kubernetes.cri-o.Devices" allowed_annotation. The default for this config field is [/dev/fuse] (#5551, @haircommander) - Add functionality to use taskset to spawn new commands cri-o runs. Now, if InfraCtrCPUSet is called, all newly spawned commands will be placed in the InfraCtrCPUSet (as it's expected to be set to the reserved CPU set that system commands should run on). (#5514, @haircommander)
Bug or Regression
- Conmon now always writes its logs to syslog, instead of only when the cgroup manager is cgroupfs (#3773, @haircommander)
- Fix a bug where a pod given a host IPC or network namespace could configure sysctls on the host (#5610, @haircommander)
- Fix a bug where memory swap values were specified even if the memory swap cgroup is not enabled (#5539, @haircommander)
- Fix a bug where situations of excessive load on nodes causes containers to never actually start (#5590, @haircommander)
- Fix a potential crash caused by a log message NULL-pointer dereference. (#5579, @klihub)
- Fix an issue where protobuf panics when serializing ListContainer and ListPodSandbox calls (#5606, @haircommander)
- Fix bug where
ip a
reportsError: Peer netns reference is invalid
(#5529, @haircommander) - Fix crypto-profile bind within RHEL based containers. (#5555, @rphillips)
- Fix vm containers couldn't restore after cri-o restart (#5574, @gozssky)
- Fix zsh completion generation. (#5586, @klihub)
- Fixed possible runtime panic on pod sandbox stats retrieval. (#5588, @saschagrunert)
Uncategorized
- Changes default config output to comment default values instead of omitting them (#5007, @wgahnagl)
- Update go to 1.17 in go.mod (#5577, @QiWang19)
Dependencies
Added
Nothing has changed.
Changed
- github.com/containers/image/v5: v5.16.1 → v5.17.0
- github.com/docker/docker: v20.10.9+incompatible → v20.10.11+incompatible
- github.com/manifoldco/promptui: v0.8.0 → v0.9.0
- golang.org/x/net: e898025 → d4b1ae0
- golang.org/x/sys: 751e447 → 2c5d950
Removed
Nothing has changed.
Security
Details
date
Feb. 11, 2022, 9:15 p.m.
name
v1.23.1
type
Patch
official page
👇
Register or login to:
- 🔍View and search all CRI-O releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!