• CRI-O v1.27.6
• Downloads
• Changelog since v1.27.5
  • Changes by Kind
  • Bug or Regression
• Dependencies
  • Added
  • Changed
  • Removed

CRI-O v1.27.6

The release notes have been generated for the commit range
v1.27.5...v1.27.6 on Tue, 30 Apr 2024 14:35:26 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

• cri-o.amd64.v1.27.6.tar.gz
• cri-o.amd64.v1.27.6.tar.gz.sha256sum
• cri-o.amd64.v1.27.6.tar.gz.sig
• cri-o.amd64.v1.27.6.tar.gz.cert
• cri-o.amd64.v1.27.6.tar.gz.spdx
• cri-o.amd64.v1.27.6.tar.gz.spdx.sig
• cri-o.amd64.v1.27.6.tar.gz.spdx.cert
• cri-o.arm64.v1.27.6.tar.gz
• cri-o.arm64.v1.27.6.tar.gz.sha256sum
• cri-o.arm64.v1.27.6.tar.gz.sig
• cri-o.arm64.v1.27.6.tar.gz.cert
• cri-o.arm64.v1.27.6.tar.gz.spdx
• cri-o.arm64.v1.27.6.tar.gz.spdx.sig
• cri-o.arm64.v1.27.6.tar.gz.spdx.cert

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.27.6.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.27.6 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.27.6 \
    --signature cri-o.amd64.v1.27.6.tar.gz.sig \
    --certificate cri-o.amd64.v1.27.6.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.27.6.tar.gz
> bom validate -e cri-o.amd64.v1.27.6.tar.gz.spdx -d cri-o

Changelog since v1.27.5

Changes by Kind

Bug or Regression

• Fix CVE-2024-3154 , a security flaw where CRI-O allowed users to specify annotations that changed specific fields in the runtime. One consequence is a user can change the systemd properties of the container, allowing unsafe properties to be set by the runtime (#8087, @haircommander)

Dependencies

Added

Nothing has changed.

Changed

• github.com/containers/ocicrypt: v1.1.8 → v1.1.10

Removed

Nothing has changed.