Skip to content

Releases: containerd/containerd

containerd API 1.8.0-rc.0

06 May 17:47
@github-actions github-actions
api/v1.8.0-rc.0
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
114ef75
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd API 1.8.0-rc.0 Pre-release
Pre-release

Welcome to the api/v1.8.0-rc.0 release of containerd!
This is a pre-release of containerd

The first dedicated release for the containerd API. This release continues the 1.x
line of API compatibility with the 9th minor release of the 1.x API.

Highlights

  • Add api Go module and move all protos under api (#10151)
  • Add PluginInfo to introspection API (#9442)
  • Expose usage of deprecated features (#9258)
  • Add image delete target (#8989)

Image Distribution

  • Enable Transfer service API to support plain HTTP (#10024)
  • Enable Transfer service to use registry configuration directory (#9908)
  • Update Transfer service to add OCI descriptors to Progress structure (#9630)
  • Add option to perform syncfs after pull (#9401)

Runtime

  • Store bootstrap parameters in sandbox metadata (#9736)
  • Add sandboxer configuration and move sandbox controllers to plugins (#8268)
  • Add annotations to CreateSandbox request (#8960)
  • Add SandboxMetrics (#8680)
  • Publish sandbox events (#8602)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Maksym Pavlenko
  • Akihiro Suda
  • Wei Fu
  • Abel Feng
  • Danny Canter
  • Phil Estes
  • Samuel Karp
  • Kohei Tokunaga
  • Akhil Mohan
  • Bryant Biggs
  • Davanum Srinivas
  • Iceber Gu
  • Kirtana Ashok
  • Sebastiaan van Stijn

Changes

53 commits

  • Prepare release notes for api/v1.8.0-rc.0 (#10167)
    • 55fcebffc Prepare release notes for api/v1.8.0
  • Add api Go module and move all protos under api (#10151)
  • Store bootstrap parameters in sandbox metadata (#9736)
    • de38490ed sandbox: merge address and protocol to one url
    • f6e0cf189 sandbox: add address info in Start and Status response
  • Enable Transfer service API to support plain HTTP (#10024)
    • 433279438 Transfer: Registry: Enable plain HTTP
  • Enable Transfer service to use registry configuration directory (#9908)
    • 7a3b7fba5 Transfer: Registry: Enable to use registry configuration diretory
  • Generate proto services with go-ttrpc (#7609)
    • f0e874941 Add ttrpc generated services
    • 65031eade Update protobuild to build ttrpc services
  • Add OSVersion to platform protobuf (#9733)
    • 5aa05481d Add OSVersion to platform protobuf
  • Move Message proto to types (#9742)
  • refactor: move plugin/fieldpath to api/types/ (#9687)
    • b16e3572a refactor: move plugin/fieldpath to api/types/
  • Add PluginInfo to introspection API (#9442)
    • 22d586e51 api/services/instrospection: add PluginInfo
  • Update Transfer service to add OCI descriptors to Progress structure (#9630)
    • a2472c0b5 transfer: add OCI descriptors to Progress structure
  • Add option to perform syncfs after pull (#9401)
    • bd5c602c4 api: introduce sync_fs to diff.ApplyRequest
  • Containerd v2 module (#9306)
    • 5fdf55e49 Update go module to github.com/containerd/containerd/v2
  • Expose usage of deprecated features (#9258)
    • 57c897f10 api/introspection: deprecation warnings in server
  • Add sandboxer configuration and move sandbox controllers to plugins (#8268)
    • d2d434b7d sandbox: add all sandbox information to Create method
    • f372b3501 sandbox: add sandboxer field of sandbox requests
  • Add image delete target (#8989)
    • f8fb2dad3 api: update image service to support target in delete request
  • fix: Add containerd to the message type reference (#9126)
    • 42eee8bf0 fix: Add containerd to the message type reference
  • platforms: isolate from errdefs and api dependencies (#9095)
    • e916d77c8 platforms: move ToProto, FromProto to api/types
  • Add annotations to CreateSandbox request (#8960)
    • 939ccbed4 Sandbox: Add annotations to CreateSandbox surface
  • archive: use 1970-01-01 as the whiteout timestamp (#8764)
    • 5dedb6d0d archive: use 1970-01-01 as the whiteout timestamp
  • Add SandboxMetrics (#8680)
    • d278d37ca Sandbox: Add Metrics rpc for controller
    • d56722ef2 Sandbox: Add SandboxMetrics rpc
  • Publish sandbox events (#8602)
  • Cleanup protobuild config (#8278)

Dependency Changes

  • github.com/containerd/ttrpc v1.2.1 -> v1.2.3
  • github.com/containerd/typeurl/v2 v2.1.0 -> v2.1.1
  • github.com/golang/protobuf v1.5.2 -> v1.5.3
  • github.com/opencontainers/image-spec 3a7f492d3f1b -> v1.1.0
  • github.com/sirupsen/logrus v1.9.0 -> v1.8.1
  • golang.org/x/net v0.7.0 -> v0.21.0
  • golang.org/x/sys v0.6.0 -> v0.17.0
  • golang.org/x/text v0.7.0 -> v0.14.0
  • google.golang.org/genproto/googleapis/rpc c3f982113cda new
  • google.golang.org/grpc v1.53.0 -> v1.59.0
  • google.golang.org/protobuf v1.28.1 -> v1.33.0

Previous release can be found at v1.7.0

Assets 2

containerd 1.7.16

25 Apr 13:53
@github-actions github-actions
v1.7.16
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
8303183
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.7.16 Latest
Latest

Welcome to the v1.7.16 release of containerd!

The sixteenth patch release for containerd 1.7 contains various fixes and updates.

Highlights

  • Update AppArmor template to allow confined runc to kill containers (#10129)
  • Fix config import relative path glob (#9834)
  • Update AppArmor template to better support rootlesskit (#10116)
  • Update HTTP fallback to better account for TLS timeout and previous attempts (#10112)
  • Add support for HPC port forwarding (#10008)
  • Prevent GC from schedule itself with 0 period. (#10102)
  • Fix issue with using invalid token to retry fetching layer (#10065)
  • Automatically decompress archives for transfer service import (#9989)
  • Fix HTTPFallback fails when pushing manifest (#10044)
  • Add support for configuring otel from env and config deprecation notice (#9992)
  • Fix deadlock during NRI plugin registration (containerd/nri#79)

Build and Release Toolchain

  • Update Go to 1.21.9 and 1.22.2 with net/http security fix (#10115)

Container Runtime Interface (CRI)

  • Fix CRI snapshotter root path when not under containerd root (#10096)
  • Fix network creation failure from CreatedAt time as 269 years ago (#10122)
  • Include userns info in PodSandboxStatus (#9865)
  • Fix default working directory Windows HostProcess containers (#10071)
  • Fix ListPodSandboxStats to skip sandboxes with missing tasks (#10042)

Deprecations

  • Add support for configuring otel from env and config deprecation notice (#9992)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Samuel Karp
  • Wei Fu
  • Danny Canter
  • Kazuyoshi Kato
  • Kirtana Ashok
  • Maksym Pavlenko
  • Phil Estes
  • Sebastiaan van Stijn
  • Brian Goff
  • Rodrigo Campos
  • Akihiro Suda
  • Angelos Kolaitis
  • Bin Tang
  • David Porter
  • Edgar Lee
  • Evan Lezar
  • Kirill A. Korinsky
  • Kohei Tokunaga
  • Maksim An
  • Paweł Gronowski
  • Tomáš Virtus
  • 张钰10307750
  • 沈陵

Changes

50 commits

  • Add release notes for v1.7.16 (#10124)
  • Update AppArmor template to allow confined runc to kill containers (#10129)
    • 18a2c36fa apparmor: Allow confined runc to kill containers
  • Fix config import relative path glob (#9834)
    • 62e9535f2 Fix config import relative path glob
  • Fix CRI snapshotter root path when not under containerd root (#10096)
    • a8ebceb97 CRI: "Fix" imageFSPath behavior
    • bd423bf84 Snapshotters: Export the root path
    • 8fb6bfa71 Add exports to proxy plugin config
    • 8916e2cf9 Add platform config to proxy plugins
  • Fix network creation failure from CreatedAt time as 269 years ago (#10122)
    • 293f5151d pod: CreatedAt time will be 269 years ago while creating cri network failed.
  • Update AppArmor template to better support rootlesskit (#10116)
    • af19e746e apparmor: add signal (receive) peer=/usr/local/bin/rootlesskit,
  • Update Go to 1.21.9 and 1.22.2 with net/http security fix (#10115)
  • Update HTTP fallback to better account for TLS timeout and previous attempts (#10112)
    • 794b0c723 Add deprecated HTTPFallback for package compatibility
    • 51c649d9d Update HTTPFallback to handle tls handshake timeout
    • aa14890ed Remove empty default tls configuration in ctr
  • Add support for HPC port forwarding (#10008)
    • 3df5d4445 Add support for HPC port forwarding
  • Prevent GC from schedule itself with 0 period. (#10102)
    • 5c15bf406 Prevent GC from schedule itself with 0 period.
  • Include userns info in PodSandboxStatus (#9865)
    • b57dc9fd3 cri/server: Add userns tests in PodSandboxStatus
    • 6e809ef13 cri: Expose userns in PodSandboxStatus rpc
  • mod: bump github.com/containerd/nri@v0.6.1 (#10097)
    • 395a31901 mod: bump github.com/containerd/nri@v0.6.1
  • Fix issue with using invalid token to retry fetching layer (#10065)
    • f61de0864 fix bug that using invalid token to retry fetching layer
  • Bump tags.cncf.io/container-device-interface to v0.7.2 (#10077)
    • 7a2f49f70 Bump tags.cncf.io/container-device-interface to v0.7.2
  • Fix default working directory Windows HostProcess containers (#10071)
    • 989f1ec54 fix default working directory hostProcess
  • Fix unexpected order of mounts since go 1.19 (#10063)
    • 9f774e438 fix(cri): fix unexpected order of mounts since go 1.19
  • Automatically decompress archives for transfer service import (#9989)
    • 2aec52493 Automatically decompress archives for transfer service import
  • Use different containerd sock address in tests (#10056)
    • 8c76e7948 Use different containerd sock address in tests
  • Fix HTTPFallback fails when pushing manifest (#10044)
    • 18f4ad5ee remote: Fix HTTPFallback fails when pushing manifest
  • Add support for configuring otel from env and config deprecation notice (#9992)
  • Fix ListPodSandboxStats to skip sandboxes with missing tasks (#10042)
    • 90c309fe2 Add IsNotFound case to ListPodSandboxStats

Changes from containerd/nri

5 commits<...
Read more
Assets 48

containerd 2.0.0-rc.1

23 Apr 23:05
@github-actions github-actions
v2.0.0-rc.1
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
2d19e9b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 2.0.0-rc.1 Pre-release
Pre-release

Welcome to the v2.0.0-rc.r1 release of containerd!
This is a pre-release of containerd

The first major release of containerd 2.x focuses on the continued stability of
containerd's core feature set with an easy upgrade from containerd 1.x. This
release includes the stabilization of new features added in the last 1.x release
as well as the removal of features which were deprecated in 1.x. The goal is to
support the vast community of containerd users well into the future along with
their ever increasing deployment footprints and variety of use cases.

Highlights

  • Enable Transfer service to use registry configuration directory (#9908)
  • Configure otel from env instead of config.toml (#8970)
  • Disable the support for Schema 1 images (#9765)
  • Fix config import relative path glob (#9746)
  • Enable NRI by default (#9744)
  • Add PluginInfo to introspection API (#9442)
  • Remove overlayfs volatile option on temp mounts (#9555)
  • Move packages based on contributing guide (#9365)
  • Update import and export to allow references to missing content (#9554)
  • Add option to perform syncfs after pull (#9401)
  • Expose usage of deprecated features (#9258)
  • Use Intel ISA-L's igzip if available (#9200)
  • Generalize plugin library (#9214)
  • Introduce top level config migration (#9223)
  • Add image delete target (#8989)
  • Remove LimitNOFILE from containerd.service (#8924)
  • Use github.com/containerd/log (#9086)
  • Add image verifier transfer service plugin system based on a binary directory (#8493)
  • Add support for image expiration during garbage collection (#9022)
  • Reduce the contention between ref lock and boltdb lock in content store (#8792)
  • Remove "containerd.io/restart.logpath" label (#8264)
  • Remove aufs snapshotter (#8263)

Container Runtime Interface (CRI)

  • Add support for multiple subscribers to CRI container events (#9661)
  • Enable CDI by default (#9621)
  • Remove non-sandboxed CRI implementation (#9228)
  • Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) (#8287)
  • Use sandboxed CRI by default (#8994)
  • Implement RuntimeConfig CRI call (#8722)
  • Add support for user namespaces (KEP-127) (#8803)
  • Remove CRI v1alpha2 (#8276)

Runtime

  • Support vsock connection to task api (#9738)
  • Update RuntimeDefault seccomp profile to disallow io_uring related syscalls (#9320)
  • Switch runc shim to task service v3 and fix restore (#9233)
  • Add sandboxer configuration and move sandbox controllers to plugins (#8268)
  • Remove the CriuPath field from runc's options (#8279)
  • Remove support for config.toml version = 1 (#8275)
  • Remove io.containerd.runtime.v1.linux and io.containerd.runc.v1 (#8262)

Security Advisories

Breaking

  • Disable the support for Schema 1 images (#9765)
  • Update RuntimeDefault seccomp profile to disallow io_uring related syscalls (#9320)
  • Move client to subpackage (#9316)
  • Remove LimitNOFILE from containerd.service (#8924)
  • Remove CRI v1alpha2 (#8276)
  • Remove io.containerd.runtime.v1.linux and io.containerd.runc.v1 (#8262)
  • Remove "containerd.io/restart.logpath" label (#8264)
  • Remove aufs snapshotter (#8263)

Deprecations

  • Postpone removal of deprecated CRI config properties (#9966)
  • Deprecate go-plugin configuration option (#9238)
  • CNI conf_template in CRI is no longer deprecated (#8637)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Akihiro Suda
  • Wei Fu
  • Phil Estes
  • Maksym Pavlenko
  • Sebastiaan van Stijn
  • Samuel Karp
  • Kazuyoshi Kato
  • Rodrigo Campos
  • Danny Canter
  • Gabriel Adrian Samfira
  • Iceber Gu
  • Kirtana Ashok
  • Abel Feng
  • Austin Vazquez
  • Krisztian Litkey
  • Akhil Mohan
  • Kohei Tokunaga
  • Mike Brown
  • Jin Dong
  • Bjorn Neergaard
  • rongfu.leng
  • Justin Chadwell
  • James Sturtevant
  • Paul "TBBle" Hampson
  • Davanum Srinivas
  • Enrico Weigelt
  • Brian Goff
  • Paweł Gronowski
  • Hsing-Yu (David) Chen
  • Ilya Hanov
  • Laura Brehm
  • Marat Radchenko
  • Cardy.Tang
  • Henry Wang
  • Aditi Sharma
  • Bryant Biggs
  • Evan Lezar
  • Jordan Liggitt
  • Kay Yan
  • Markus Lehtonen
  • Nashwan Azhari
  • Shingo Omura
  • Vinayak Goyal
  • helen
  • Alexandru Matei
  • Amit Barve
  • Charity Kathure
  • Ed Bartosh
  • Etienne Champetier
  • James Jenkins
  • Milas Bowman
  • Shuaiyi Zhang
  • yanggang
  • Aditya Ramani
  • Amir M. Ghazanfari
  • Anthony Nandaa
  • Artem Khramov
  • Brad Davidson
  • Chen Yiyang
  • Christian Muehlhaeuser
  • Cory Snider
  • Djordje Lukic
  • Edgar Lee
  • Ethan Lowman
  • Jiang Liu
  • June Rhodes
  • Mahamed Ali
  • Maksim An
  • Michael Crosby
  • Peteris Rudzusiks
  • Sam Edwards
  • Samruddhi Khandale
  • Steve Griffith
  • Swagat Bora
  • Tony Fang
  • VERNOU Cédric
  • hang.jiang
  • jerryzhuang
  • lengrongfu
  • roman-kiselenko
  • zhanluxianshen
  • Aaron Lehmann
  • Adrian Reber
  • Alex Couture-Beil
  • Alex Ellis
  • Alex Rodriguez
  • Angelos Kolaitis
  • Antonio Huete Jimenez
  • Arash Haghighat
  • Avi Deitcher
  • Ben Foster
  • Bin Tang
  • Bin Xin
  • BinBin He
  • Brennan Kinney
  • ChengenH
  • ChengyuZhu6
  • Christian Stewart
  • Craig Ingram
  • Daisy Rong
  • David Porter
  • Derek Nola
  • Eng Zer Jun
  • Fahed Dorgaa
  • Gary McDonald
  • Iain Macdonald
  • James Lakin
  • Jan Dubois
  • Jaroslav Jindrak
  • Jiongchi Yu
  • Julien Balestra
  • Kern Walster
  • Kevin Parsons
  • Kirill A. Korinsky
  • Konstantin Khlebnikov
  • Pan Yibo
  • Qasim Sarfraz
  • Qiutong Song
  • Robbie Buxton
  • Robert-André Mauchin
  • Shukui Yang
  • Talon
  • Tianon Gravi
  • Tim Hockin
  • Tobias Klauser
  • Tõnis Tiigi
  • Wang Xinwen
  • William Chen
  • Yibo Zhuang
  • Yury Gargay
  • Zechun Chen
  • Zhang Tianyang
  • Zoe
  • baijia
  • charles-chenzz
  • chschumacher1994
  • guangli.bao
  • guangwu
  • krglosse
  • ningmingxiao
  • pigletfly
  • rokkiter
  • wangxiang
  • zhangpeng
  • zhaojizhuang
  • zounengren
  • 吴小白
  • 张钰
  • 沈陵
  • 谭九鼎

Dependency Changes

  • dario.cat/mergo v1.0.0 new
  • github.com/AdaLogics/go-fuzz-headers 1f10f66a31bf -> ced1acdcaa24
  • github.com/AdamKorcz/go-118-fuzz-build 5330a85ea652 -> 8075edf89bb0
  • github.com/Masterminds/semver/v3 v3.2.1 new
  • github.com/Microsoft/go-winio v0.6.0 -> v0.6.2
  • github.com/Microsoft/hcsshim v0.10.0-rc.7 -> v0.12.3
  • github.com/cenkalti/backoff/v4 v4.2.0 -> v4.3.0
  • github.com/checkpoint-restore/checkpointctl v1.1.0 new
  • github.com/checkpoint-restore/go-criu/v7 v7.1.0 new
  • github.com/cilium/ebpf v0.9.1 -> v0.11.0
  • github.com/containerd/cgroups/v3 v3.0.1 -> v3.0.3
  • github.com/containerd/console v1.0.3 -> v1.0.4
  • github.com/containerd/continuity v0.3.0 -> v0.4.3
  • github.com/containerd/errdefs v0.1.0 new
  • github.com/containerd/go-runc ...
Read more
Assets 24

containerd 1.7.15

05 Apr 17:19
@github-actions github-actions
v1.7.15
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
926c958
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.7.15

Welcome to the v1.7.15 release of containerd!

The fifteenth patch release for containerd 1.7 contains various fixes; one for a
regression introduced in v1.7.14 in the way process exits were handled.

Highlights

  • Adds mediatype to OCI index record on export (#9990)

Runtime

  • Fix runc shim to only defer init process exits (#10037)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Phil Estes
  • Austin Vazquez
  • Laura Brehm
  • Sebastiaan van Stijn
  • Talon

Changes

12 commits

  • Prepare for v1.7.15 release (#10039)
  • Fix runc shim to only defer init process exits (#10037)
    • 21df46766 runc-shim: only defer init process exits
  • Fix compile from version control system (source) use case (#10012)
    • 2a054213e Fix compile from version control system (source) use case
  • Adds mediatype to OCI index record on export (#9990)
    • 6605c47a4 adds mediatype to oci index record
  • vendor: google.golang.org/protobuf 1.33.0, github.com/golang/protobuf v1.5.4 (#9975)
    • e6d91d843 vendor: github.com/golang/protobuf v1.5.4
    • 2d136c5f5 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
    • a1a7af7a3 build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0

Dependency Changes

  • github.com/golang/protobuf v1.5.3 -> v1.5.4
  • google.golang.org/protobuf v1.31.0 -> v1.33.0

Previous release can be found at v1.7.14

Assets 48

containerd 1.6.31

05 Apr 17:10
@github-actions github-actions
v1.6.31
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
e377cd5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.6.31

Welcome to the v1.6.31 release of containerd!

The thirty-first patch release for containerd 1.6 contains a few fixes, one for
a regression that was introduced in v1.6.30 in the way process exits were handled.

Highlights

  • Adds mediatype to OCI index record on export (#9991)

Runtime

  • Fix runc shim to only defer init process exits (#10038)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Phil Estes
  • Akihiro Suda
  • Austin Vazquez
  • Laura Brehm
  • Maksym Pavlenko
  • Sebastiaan van Stijn
  • Talon

Changes

14 commits

  • Prepare for v1.6.31 release (#10040)
  • Fix runc shim to only defer init process exits (#10038)
    • 5e53da4a1 runc-shim: only defer init process exits
  • Fix compile from version control system (source) use case (#10011)
    • 7592f87f0 Fix compile from version control system (source) use case
  • Adds mediatype to OCI index record on export (#9991)
    • 8d415fd0e adds mediatype to oci index record
  • vendor: google.golang.org/protobuf 1.33.0, github.com/golang/protobuf v1.5.4 (#9974)
    • 2dbb59b5a vendor: github.com/golang/protobuf v1.5.4
    • 069bb78c9 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
    • 68d395cad build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0
  • Backport test release on PR (#9955)

Dependency Changes

  • github.com/golang/protobuf v1.5.3 -> v1.5.4
  • google.golang.org/protobuf v1.31.0 -> v1.33.0

Previous release can be found at v1.6.30

Assets 32

containerd 2.0.0-rc.0

19 Mar 02:27
@github-actions github-actions
v2.0.0-rc.0
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
93022d8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 2.0.0-rc.0 Pre-release
Pre-release

Welcome to the v2.0.0-rc.0 release of containerd!
This is a pre-release of containerd

The first major release of containerd 2.x focuses on the continued stability of
containerd's core feature set with an easy upgrade from containerd 1.x. This
release includes the stabilization of new features added in the last 1.x release
as well as the removal of features which were deprecated in 1.x. The goal is to
support the vast community of containerd users well into the future along with
their ever increasing deployment footprints and variety of use cases.

Highlights

  • Configure otel from env instead of config.toml (#8970)
  • Disable the support for Schema 1 images (#9765)
  • Fix config import relative path glob (#9746)
  • Enable NRI by default (#9744)
  • Add PluginInfo to introspection API (#9442)
  • Remove overlayfs volatile option on temp mounts (#9555)
  • Move packages based on contributing guide (#9365)
  • Update import and export to allow references to missing content (#9554)
  • Add option to perform syncfs after pull (#9401)
  • Expose usage of deprecated features (#9258)
  • Use Intel ISA-L's igzip if available (#9200)
  • Generalize plugin library (#9214)
  • Introduce top level config migration (#9223)
  • Add image delete target (#8989)
  • Remove LimitNOFILE from containerd.service (#8924)
  • Use github.com/containerd/log (#9086)
  • Add image verifier transfer service plugin system based on a binary directory (#8493)
  • Add support for image expiration during garbage collection (#9022)
  • Reduce the contention between ref lock and boltdb lock in content store (#8792)
  • Remove "containerd.io/restart.logpath" label (#8264)
  • Remove aufs snapshotter (#8263)

Container Runtime Interface (CRI)

  • Add support for multiple subscribers to CRI container events (#9661)
  • Enable CDI by default (#9621)
  • Remove non-sandboxed CRI implementation (#9228)
  • Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) (#8287)
  • Use sandboxed CRI by default (#8994)
  • Implement RuntimeConfig CRI call (#8722)
  • Add support for user namespaces (KEP-127) (#8803)
  • Remove CRI v1alpha2 (#8276)

Runtime

  • Support vsock connection to task api (#9738)
  • Update RuntimeDefault seccomp profile to disallow io_uring related syscalls (#9320)
  • Switch runc shim to task service v3 and fix restore (#9233)
  • Add sandboxer configuration and move sandbox controllers to plugins (#8268)
  • Remove the CriuPath field from runc's options (#8279)
  • Remove support for config.toml version = 1 (#8275)
  • Remove io.containerd.runtime.v1.linux and io.containerd.runc.v1 (#8262)

Security Advisories

Breaking

  • Disable the support for Schema 1 images (#9765)
  • Update RuntimeDefault seccomp profile to disallow io_uring related syscalls (#9320)
  • Move client to subpackage (#9316)
  • Remove LimitNOFILE from containerd.service (#8924)
  • Remove CRI v1alpha2 (#8276)
  • Remove io.containerd.runtime.v1.linux and io.containerd.runc.v1 (#8262)
  • Remove "containerd.io/restart.logpath" label (#8264)
  • Remove aufs snapshotter (#8263)

Deprecations

  • Deprecate go-plugin configuration option (#9238)
  • CNI conf_template in CRI is no longer deprecated (#8637)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Akihiro Suda
  • Wei Fu
  • Phil Estes
  • Maksym Pavlenko
  • Sebastiaan van Stijn
  • Samuel Karp
  • Kazuyoshi Kato
  • Rodrigo Campos
  • Danny Canter
  • Gabriel Adrian Samfira
  • Iceber Gu
  • Abel Feng
  • Kirtana Ashok
  • Austin Vazquez
  • Krisztian Litkey
  • Akhil Mohan
  • Jin Dong
  • Mike Brown
  • Bjorn Neergaard
  • Kohei Tokunaga
  • rongfu.leng
  • Justin Chadwell
  • James Sturtevant
  • Paul "TBBle" Hampson
  • Davanum Srinivas
  • Enrico Weigelt
  • Paweł Gronowski
  • Brian Goff
  • Hsing-Yu (David) Chen
  • Ilya Hanov
  • Marat Radchenko
  • Cardy.Tang
  • Henry Wang
  • Laura Brehm
  • Aditi Sharma
  • Bryant Biggs
  • Jordan Liggitt
  • Kay Yan
  • Markus Lehtonen
  • Nashwan Azhari
  • Shingo Omura
  • Vinayak Goyal
  • helen
  • Alexandru Matei
  • Amit Barve
  • Charity Kathure
  • Ed Bartosh
  • Etienne Champetier
  • Evan Lezar
  • James Jenkins
  • Milas Bowman
  • yanggang
  • Aditya Ramani
  • Amir M. Ghazanfari
  • Anthony Nandaa
  • Artem Khramov
  • Brad Davidson
  • Chen Yiyang
  • Christian Muehlhaeuser
  • Cory Snider
  • Djordje Lukic
  • Ethan Lowman
  • Jiang Liu
  • June Rhodes
  • Mahamed Ali
  • Michael Crosby
  • Peteris Rudzusiks
  • Sam Edwards
  • Samruddhi Khandale
  • Shuaiyi Zhang
  • Steve Griffith
  • Tony Fang
  • VERNOU Cédric
  • hang.jiang
  • jerryzhuang
  • lengrongfu
  • roman-kiselenko
  • Aaron Lehmann
  • Adrian Reber
  • Alex Couture-Beil
  • Alex Ellis
  • Alex Rodriguez
  • Angelos Kolaitis
  • Antonio Huete Jimenez
  • Avi Deitcher
  • Ben Foster
  • Bin Xin
  • BinBin He
  • Brennan Kinney
  • Christian Stewart
  • Craig Ingram
  • Daisy Rong
  • Derek Nola
  • Edgar Lee
  • Eng Zer Jun
  • Fahed Dorgaa
  • Gary McDonald
  • Iain Macdonald
  • James Lakin
  • Jan Dubois
  • Jaroslav Jindrak
  • Jiongchi Yu
  • Julien Balestra
  • Kern Walster
  • Kevin Parsons
  • Kirill A. Korinsky
  • Konstantin Khlebnikov
  • Maksim An
  • Pan Yibo
  • Qasim Sarfraz
  • Qiutong Song
  • Robbie Buxton
  • Robert-André Mauchin
  • Shukui Yang
  • Talon
  • Tianon Gravi
  • Tim Hockin
  • Tõnis Tiigi
  • Wang Xinwen
  • William Chen
  • Yibo Zhuang
  • Yury Gargay
  • Zechun Chen
  • Zhang Tianyang
  • Zoe
  • charles-chenzz
  • chschumacher1994
  • guangli.bao
  • krglosse
  • ningmingxiao
  • pigletfly
  • rokkiter
  • wangxiang
  • zhangpeng
  • zhanluxianshen
  • zhaojizhuang
  • zounengren
  • 吴小白
  • 张钰
  • 沈陵
  • 谭九鼎

Dependency Changes

  • dario.cat/mergo v1.0.0 new
  • github.com/AdaLogics/go-fuzz-headers 1f10f66a31bf -> ced1acdcaa24
  • github.com/AdamKorcz/go-118-fuzz-build 5330a85ea652 -> 8075edf89bb0
  • github.com/Microsoft/go-winio v0.6.0 -> v0.6.1
  • github.com/Microsoft/hcsshim v0.10.0-rc.7 -> v0.12.0
  • github.com/cenkalti/backoff/v4 v4.2.0 -> v4.2.1
  • github.com/checkpoint-restore/checkpointctl v1.1.0 new
  • github.com/checkpoint-restore/go-criu/v7 v7.0.0 new
  • github.com/cilium/ebpf v0.9.1 -> v0.11.0
  • github.com/containerd/cgroups/v3 v3.0.1 -> v3.0.3
  • github.com/containerd/console v1.0.3 -> v1.0.4
  • github.com/containerd/continuity v0.3.0 -> v0.4.3
  • github.com/containerd/errdefs v0.1.0 new
  • github.com/containerd/go-runc v1.0.0 -> v1.1.0
  • github.com/containerd/log v0.1.0 new
  • github.com/containerd/nri v0.3.0 -> v0.6.0
  • github.com/containerd/platforms v0.1.1 new
  • github.com/containerd/plugin v0.1.0 new
  • **...
Read more
Assets 24

containerd 1.7.14

11 Mar 15:23
@github-actions github-actions
v1.7.14
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
dcf2847
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.7.14

Welcome to the v1.7.14 release of containerd!

The fourteenth patch release for containerd 1.7 contains various fixes and updates.

Highlights

  • Update builds to use go 1.21.8 (#9933)
  • Fix various timing issues with docker pusher (#9921)
  • Register imagePullThroughput and count with MiB (#9855)
  • Move high volume event logs to Trace level (#9823)

Container Runtime Interface (CRI)

  • Handle pod transition states gracefully while listing pod stats (#9905)

Runtime

  • Update runc-shim to process exec exits before init (#9928)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Wei Fu
  • Derek McGowan
  • Maksym Pavlenko
  • Krisztian Litkey
  • Akihiro Suda
  • Justin Chadwell
  • Sebastiaan van Stijn
  • Phil Estes
  • Kirtana Ashok
  • Akhil Mohan
  • Austin Vazquez
  • Etienne Champetier
  • Jordan Liggitt
  • Kohei Tokunaga
  • Mike Brown
  • Samuel Karp
  • Davanum Srinivas
  • Edgar Lee
  • Henry Wang
  • James Sturtevant
  • Laura Brehm
  • Nashwan Azhari
  • Robbie Buxton
  • Robert-André Mauchin
  • Shukui Yang

Changes

70 commits

  • Prepare release notes for v1.7.14 (#9953)
    • 1babe6b58 Prepare release notes for v1.7.14
  • Backport use Go toolchain in CI matrix to build binaries (#9951)
    • a9bbbefcf Use the Go toolchain in CI matrix to build binaries
  • Update builds to use go 1.21.8 (#9933)
  • Move inline PS scripts into files (#9938)
    • 39caf532e Move inline PS scripts into files
  • Disable OOM set score unpriv test temporarily (#9944)
    • 630226bb4 Disable OOM set score unpriv test temporarily
  • Update runc-shim to process exec exits before init (#9928)
    • de7b6bae9 runc-shim: process exec exits before init
  • update to go 1.21.6, test 1.22.0 (#9860)
    • 3b3e537ea Uninstall mingw before attempting upgrade
    • 9e24388b2 CI: Explicitly upgrade MinGW on Windows 2019 GitHub runners.
    • 5b23a4127 seccomp, apparmor: add go:noinline
    • 753422ac1 Drop go 1.20 and build against 1.22
    • a2d64218c Fix windows integration tests
    • 6379dd6f4 Update workflow files to install Go via composite action
    • a5c0d061c Extract a composite action to install Go
  • Fix various timing issues with docker pusher (#9921)
    • 52a1402df copy: prevent potential deadlock if close before fully written
    • 872746386 copy: setError should imply Close
    • a8004007a copy: remove max number of ErrResets
    • 0465472ed pushWriter: refactor reset pipe logic into separate function
    • 2577207cc copy: improve error detection from closed pipes
    • d081da86b copy: check if writer was closed before setting a pipe
    • 2a25c085b copy: remove wrapping io.NopCloser from push writer pipe
  • Register imagePullThroughput and count with MiB (#9855)
    • 711cebd48 Register imagePullThroughput and count with MiB
  • Update golangci-lint to v1.56.1 (#9900)
  • Handle pod transition states gracefully while listing pod stats (#9905)
    • 39db3f18b adjust test cases to run for windows
    • 579d8b463 [cri] Handle Windows pod transitions gracefully
  • Backport GitHub actions package updates (#9876)
    • 8d6f0f2ae build(deps): bump golangci/golangci-lint-action from 3 to 4
    • 7929592b9 build(deps): bump actions/upload-artifact from 3 to 4
    • e11de777d build(deps): bump crazy-max/ghaction-github-runtime from 2 to 3
    • 2b40a4074 build(deps): bump actions/checkout from 3 to 4
    • 22feefa57 build(deps): bump actions/setup-go from 3 to 5
    • b96aa4012 build(deps): bump actions/upload-artifact from 1 to 3
    • 97763f91d build(deps): bump docker/setup-buildx-action from 2 to 3
    • 6875bb14f build(deps): bump github/codeql-action from 2 to 3
    • 87f9adb6b build(deps): bump actions/download-artifact from 3 to 4
  • .github: windows should use fix critool version (#9874)
    • d9c099a9a .github: windows should use fix critool version
  • ci: update crun version to 1.14.3 (#9850)
    • dc594b01d ci: update crun version to 1.14.3
  • Add WithMetaStore to overlay snapshotter and missing unpacker.Wait for image import (#9837)
    • 8fe0b26f1 Add missing unpacker.Wait for image import
    • 31ea2d7d9 Add WithMetaStore to overlay snapshotter to allow bringing your own
  • Move high volume event logs to Trace level (#9823)
    • 982e0cffb Move high volume event logs to Trace level
  • cri: propagate deprecation list to runtime status (#9818)
    • c79ffa277 cri: propagate deprecation list to runtime status
  • ctr: print deprecation warnings on every invocation (#9820)
Read more
Assets 48

containerd 1.6.30

11 Mar 15:09
@github-actions github-actions
v1.6.30
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
d68034c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.6.30

Welcome to the v1.6.30 release of containerd!

The thirtieth patch release for containerd 1.6 contains various fixes and updates
as well as a build fix which prevented the v1.6.29 tag from being released.

Highlights

  • Update builds to go 1.21.8 (#9945)
  • Fix config import relative path glob (#9835)
  • Move high volume event logs to Trace level (#9824)
  • Move certain debug logs to trace logs (#9762)

Container Runtime Interface (CRI)

  • Add timeout to drain exec io (#9768)
  • Propagate deprecation list to runtime status (#9819)
  • Fix image pinning when image is not pulled through cri (#9785)

Runtime

  • Update runc-shim to process exec exits before init (#9927)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Akihiro Suda
  • Derek McGowan
  • Wei Fu
  • Maksym Pavlenko
  • Phil Estes
  • Kirtana Ashok
  • Mike Brown
  • Akhil Mohan
  • Angelos Kolaitis
  • Austin Vazquez
  • Henry Wang
  • Laura Brehm
  • Nashwan Azhari
  • Sebastiaan van Stijn
  • Tony Fang

Changes

59 commits

  • Prepare v1.6.30 (#9952)
    • 8268fc6e9 Prepare release notes for v1.6.30
    • 614ca2e12 Revert go version environment removal
  • Prepare release notes for v1.6.29 (#9950)
    • 9ef6d9d03 Add release notes for v1.6.29.toml
  • use a composite action to install Go (#9949)
    • cfbbb510c Use the Go toolchain in CI matrix to build binaries
    • f015dbc5a use composite action in ci workflow
  • Update builds to go 1.21.8 (#9945)
  • Backport easy go install and update go (#9890)
    • f6475ea59 Drop go 1.20 and build against 1.22
    • 7c45ad092 Extract a composite action to install Go
    • 4f7305414 update to go1.21.6, go1.20.13
    • da5a36c37 Use testify
    • afe6efee3 Revert container_stats_test.go change which caused Windows CRI integration test failure
    • 370ef115f container_stats_test.go: avoid checking snapshot size
    • 935720b8c Move inline PS scripts into files
    • 74bae5af8 Uninstall mingw before attempting upgrade
    • 9b9500bb0 CI: Explicitly upgrade MinGW on Windows 2019 GitHub runners.
    • 4814f9e48 seccomp, apparmor: add go:noinline
  • Disable OOM set score unpriv test temporarily (#9943)
    • c7c8ce6bc Disable OOM set score unpriv test temporarily
  • Update runc-shim to process exec exits before init (#9927)
    • 65915f0a2 runc-shim: process exec exits before init
  • Backport GitHub actions package updates (#9877)
    • e552c8898 build(deps): bump golangci/golangci-lint-action from 3 to 4
    • 888ae152c build(deps): bump actions/cache from 3 to 4
    • dd913a0de build(deps): bump actions/upload-artifact from 3 to 4
    • a250c101a build(deps): bump actions/download-artifact from 3 to 4
    • 7c8fd2255 build(deps): bump github/codeql-action from 2 to 3
    • f325e559e build(deps): bump docker/setup-buildx-action from 2 to 3
    • 1bae160de build(deps): bump crazy-max/ghaction-github-runtime from 2 to 3
    • 3c81dc13b build(deps): bump actions/upload-artifact from 1 to 3
    • 9b3b80eea build(deps): bump actions/setup-go from 3 to 5
    • 6b74818d8 build(deps): bump actions/checkout from 3 to 4
  • Fix config import relative path glob (#9835)
    • 0f2068a70 Fix config import relative path glob
  • ci: update crun version to 1.14.3 (#9851)
    • 89d00db95 ci: update crun version to 1.14.3
  • Add timeout to drain exec io (#9768)
    • aac488730 *: fix code style issue
    • 2a38c7e2e cri: add config ut for invalid drain io timeout value
    • ce213431f integration: add testcase to drain exec IO in time
    • b5d52efca cri: disable drain-exec-IO if it is empty timeout
    • 85bed5863 *: update drainExecSyncIO docs and validate the timeout
    • 0438e477c *: add DrainExecSyncIOTimeout config and disable as by default
    • fb262317c *: fix typo and skip exec-io-drain-testcase in win
    • f50c9922b pkg/cri/server: add timeout to drain exec io
  • Move high volume event logs to Trace level (#9824)
    • 99fa35e70 Move high volume event logs to Trace level
  • Propagate deprecation list to runtime status (#9819)
    • 3785deac4 cri: propagate deprecation list to runtime status
  • ctr: print deprecation warnings on every invocation (#9821)
    • b7a0b1b8e ctr: print deprecation warnings on every invocation
  • Fix image pinning when image is not pulled through cri (#9785)
    • 2d43994fb bug fix: make sure cri image is pinned when it is pulled outside cri
  • Move certain debug logs to trace logs (#9762)
    • 195ef7691 Move certain debug logs to trace logs

Dependency Changes

This release has no dependency changes

Previous release can be found at [v1.6.28](https://github.com/containerd/containerd/releases/tag/v1...

Read more
Assets 32

containerd 1.7.13

31 Jan 20:58
@github-actions github-actions
v1.7.13
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
7c3aca7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.7.13

Welcome to the v1.7.13 release of containerd!

The thirteenth patch release for containerd 1.7 updates the runc binary
in the release builds to address CVE-2024-21626

Notable Updates

  • Update runc binary to v1.1.12 (GHSA-xr7r-f8xq-vfvv)
  • Update seccomp profile for new syscalls added since Linux 5.16 (#9693)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Akihiro Suda
  • Evan Lezar
  • Paweł Gronowski
  • Phil Estes
  • Wei Fu

Changes

9 commits

  • Prepare v1.7.13 and update runc to v1.1.12 (#9724)
  • [release/1.7] seccomp: kernel 6.7 (#9693)
  • [release/1.7] Update container-device-interface to v0.6.2 (#9685)
    • 14628d4aa Update container-device-interface to v0.6.2
  • [release/1.7] content: Add InfoReaderProvider (#9658)

Dependency Changes

  • tags.cncf.io/container-device-interface v0.6.2 new
  • tags.cncf.io/container-device-interface/specs-go v0.6.0 new

Previous release can be found at v1.7.12

Assets 48

containerd 1.6.28

31 Jan 20:43
@github-actions github-actions
v1.6.28
This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Learn about vigilant mode.
ae07eda
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
containerd 1.6.28

Welcome to the v1.6.28 release of containerd!

The twenty-eighth patch release for containerd 1.6 updates the runc binary
in the release builds to address CVE-2024-21626

Notable Updates

  • Update runc binary to v1.1.12 (GHSA-xr7r-f8xq-vfvv)
  • Update seccomp profile for new syscalls added since Linux 5.16 (#9694)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Andrey Epifanov
  • Derek McGowan
  • Akihiro Suda
  • Maksym Pavlenko
  • Phil Estes
  • Shengjing Zhu
  • Wei Fu

Changes

13 commits

  • Prepare v1.6.28 and update runc to v1.1.12 (#9723)
  • 570c7c637 Prepare release notes for v1.6.28
  • b20b9f86b Update runc binary to v1.1.12
  • [release/1.6] upgrade OpenTelemetry to v1.21.0 / v0.46.0 (CVE-2023-47108) etc. (#9707)
    • 19500722a [release/1.6] vendor: golang.org/x/crypto v0.18.0
    • 919928f6b [release/1.6] vendor: golang.org/x/term v0.16.0
    • 7d6a4d23b [release/1.6] vendor: golang.org/x/sys v0.16.0
    • 16ac018ae [release/1.6] vendor: upgrade OpenTelemetry to v1.21.0 / v0.46.0
  • [release/1.6] seccomp: kernel 6.7 (#9694)
  • [release/1.6] carry #9557 - enable ARM CI (#9636)
    • 65e1656f2 cri: fix integration test on cgroupsv2 system
    • 9cf1e1a39 *: enable ARM64 runner

Dependency Changes

  • github.com/go-logr/logr v1.2.2 -> v1.3.0
  • github.com/google/go-cmp v0.5.9 -> v0.6.0
  • github.com/google/uuid v1.3.0 -> v1.3.1
  • go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0 -> v0.46.0
  • go.opentelemetry.io/otel v1.3.0 -> v1.21.0
  • go.opentelemetry.io/otel/metric v1.21.0 new
  • go.opentelemetry.io/otel/sdk v1.3.0 -> v1.21.0
  • go.opentelemetry.io/otel/trace v1.3.0 -> v1.21.0
  • golang.org/x/crypto v0.14.0 -> v0.18.0
  • golang.org/x/net v0.17.0 -> v0.18.0
  • golang.org/x/oauth2 v0.10.0 -> v0.11.0
  • golang.org/x/sys v0.13.0 -> v0.16.0
  • golang.org/x/term v0.13.0 -> v0.16.0
  • golang.org/x/text v0.13.0 -> v0.14.0
  • google.golang.org/grpc v1.58.3 -> v1.59.0

Previous release can be found at v1.6.27

Assets 32