CRI-O - v1.28.6
Security
CRI-O v1.28.6
The release notes have been generated for the commit range
v1.28.5...v1.28.6 on Thu, 02 May 2024 08:27:15 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.28.6.tar.gz
- cri-o.amd64.v1.28.6.tar.gz.sha256sum
- cri-o.amd64.v1.28.6.tar.gz.sig
- cri-o.amd64.v1.28.6.tar.gz.cert
- cri-o.amd64.v1.28.6.tar.gz.spdx
- cri-o.amd64.v1.28.6.tar.gz.spdx.sig
- cri-o.amd64.v1.28.6.tar.gz.spdx.cert
- cri-o.arm64.v1.28.6.tar.gz
- cri-o.arm64.v1.28.6.tar.gz.sha256sum
- cri-o.arm64.v1.28.6.tar.gz.sig
- cri-o.arm64.v1.28.6.tar.gz.cert
- cri-o.arm64.v1.28.6.tar.gz.spdx
- cri-o.arm64.v1.28.6.tar.gz.spdx.sig
- cri-o.arm64.v1.28.6.tar.gz.spdx.cert
- cri-o.ppc64le.v1.28.6.tar.gz
- cri-o.ppc64le.v1.28.6.tar.gz.sha256sum
- cri-o.ppc64le.v1.28.6.tar.gz.sig
- cri-o.ppc64le.v1.28.6.tar.gz.cert
- cri-o.ppc64le.v1.28.6.tar.gz.spdx
- cri-o.ppc64le.v1.28.6.tar.gz.spdx.sig
- cri-o.ppc64le.v1.28.6.tar.gz.spdx.cert
- cri-o.s390x.v1.28.6.tar.gz
- cri-o.s390x.v1.28.6.tar.gz.sha256sum
- cri-o.s390x.v1.28.6.tar.gz.sig
- cri-o.s390x.v1.28.6.tar.gz.cert
- cri-o.s390x.v1.28.6.tar.gz.spdx
- cri-o.s390x.v1.28.6.tar.gz.spdx.sig
- cri-o.s390x.v1.28.6.tar.gz.spdx.cert
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.28.6.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.28.6 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.28.6 \
--signature cri-o.amd64.v1.28.6.tar.gz.sig \
--certificate cri-o.amd64.v1.28.6.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.28.6.tar.gz
> bom validate -e cri-o.amd64.v1.28.6.tar.gz.spdx -d cri-o
Changelog since v1.28.5
Changes by Kind
Bug or Regression
- Fix CVE-2024-3154 , a security flaw where CRI-O allowed users to specify annotations that changed specific fields in the runtime. One consequence is a user can change the systemd properties of the container, allowing unsafe properties to be set by the runtime (#8086, @haircommander)
Dependencies
Added
Nothing has changed.
Changed
- github.com/containers/ocicrypt: v1.1.8 → v1.1.10
Removed
Nothing has changed.
Security
Details
date
May 2, 2024, 8:28 a.m.
name
v1.28.6
type
Patch
official page
👇
Register or login to:
- 🔍View and search all CRI-O releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!