Tags: containerd/containerd
Tags
containerd 2.2.1 Welcome to the v2.2.1 release of containerd! The first patch release for containerd 2.2 contains various fixes and improvements. ### Highlights #### Container Runtime Interface (CRI) * **Redact all query parameters in CRI error logs** ([#12546](#12546)) #### Image Distribution * **Fix image defaults on Darwin to usable configuration** ([#12544](#12544)) * **Fix possible panic from WithMediaTypeKeyPrefix** ([#12516](#12516)) #### Runtime * **Update runc binary to v1.3.4** ([#12593](#12593)) * **Fix parsing of hugetlb.<size>.events files** ([containerd/cgroups#379](containerd/cgroups#379)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Krisztian Litkey * Markus Lehtonen * Akihiro Suda * Mike Brown * Sebastiaan van Stijn * Derek McGowan * Heran Yang * Wei Fu * Phil Estes * Samuel Karp * Austin Vazquez * Sascha Grunert * Akhil Mohan * Andrey Noskov * Brian Goff * CrazyMax * Davanum Srinivas * Gaurav Ghildiyal * Neeraj Krishna Gopalakrishna * Paweł Gronowski * Tariq Ibrahim * TomerLev * Tõnis Tiigi * bo.jiang * ningmingxiao ### Changes <details><summary>53 commits</summary> <p> * Prepare release notes for v2.2.1 ([#12677](#12677)) * [`f6bae1f88`](f6bae1f) Prepare release notes for v2.2.1 * cri,nri: bump NRI dependencies to v0.11.0 ([#12701](#12701)) * [`c22cf5d49`](c22cf5d) cri,nri: pass any linux security profile to plugins. * [`d7532de75`](d7532de) cri,nri: pass any linux RDT constraints to plugins. * [`ef36e6181`](ef36e61) cri,nri: pass any linux net devices to plugins. * [`d56faf426`](d56faf4) cri,nri: pass any linux scheduler attributes to plugins. * [`e1824d261`](e1824d2) cri,nri: pass any linux I/O priority to plugins. * [`01d5490ae`](01d5490) go.{mod,sum}: bump NRI deps to v0.11.0, re-vendor. * pkg/tracing: HTTPStatusCodeAttributes: remove use of deprecated SemConv const ([#12697](#12697)) * [`58d23ab63`](58d23ab) pkg/tracing: HTTPStatusCodeAttributes: remove use of deprecated SemConv const * cri/nri: short-circuit nil adjustment. ([#12672](#12672)) * [`05ccbb3a7`](05ccbb3) cri/nri: short-circuit nil adjustment. * go.{mod,sum}: bump CDI deps to v1.1.0. ([#12664](#12664)) * [`c166a577d`](c166a57) go.{mod,sum} bump CDI deps to v1.1.0. * go.mod: containerd/zfs v2.0.0; remove exclude rules ([#12654](#12654)) * [`73a08aa00`](73a08aa) go.mod: remove exclude rules * [`cee08c8af`](cee08c8) build(deps): bump github.com/containerd/zfs/v2 from 2.0.0-rc.0 to 2.0.0 * go.mod: github.com/containernetworking/plugins v1.9.0 ([#12658](#12658)) * [`8a5fc8641`](8a5fc86) go.mod: github.com/containernetworking/plugins v1.9.0 * go.mod: golang.org/x/crypto v0.45.0 ([#12638](#12638)) * [`55c93d6fb`](55c93d6) go.mod: golang.org/x/crypto v0.45.0 * ci :bump Go 1.24.11, 1.25.5 ([#12625](#12625)) * [`aedd29bb4`](aedd29b) ci: bump Go 1.24.11, 1.25.5 * [`26628f139`](26628f1) ci: bump Go 1.24.10, 1.25.4 * [`8bb0e9be6`](8bb0e9b) ci(release): set GO_VERSION in Dockerfile * core/runtime/v2: remove uses of otelgrpc.UnaryClientInterceptor ([#12622](#12622)) * [`ed19c5420`](ed19c54) core/runtime/v2: remove uses of otelgrpc.UnaryClientInterceptor * ci: update CIFuzz actions to support Ubuntu 24.04 ([#12632](#12632)) * [`952237d9b`](952237d) ci: update CIFuzz actions to support Ubuntu 24.04 * Update runc binary to v1.3.4 ([#12593](#12593)) * [`fb5b818a9`](fb5b818) runc: Update runc binary to v1.3.4 * : update containerd/cgroups from v3.1.0 to v3.1.2 ([#12598](#12598)) * [`51582ed27`](51582ed) bump containerd/cgroups to v3.1.2 * [`50d0e4fd4`](50d0e4f) build(deps): bump github.com/containerd/cgroups/v3 from 3.1.0 to 3.1.1 * core/mount: should not call removeLoop when set autoclear ([#12587](#12587)) * [`41a69eb0d`](41a69eb) core/mount: should not call removeLoop when set autoclear * build(deps): bump github.com/opencontainers/selinux ([#12589](#12589)) * [`e3bf2b80b`](e3bf2b8) build(deps): bump github.com/opencontainers/selinux * .github: skip 5 critest cases for window-2022 ([#12584](#12584)) * [`da8e846f9`](da8e846) .github: skip 5 critest cases in window CI pipeline * Fix image defaults on Darwin to usable configuration ([#12544](#12544)) * [`d154e234b`](d154e23) Update the ctr pull defaults when using the transfer service * [`09364216d`](0936421) Fix transfer unpack defaults on darwin * [`2055d3c62`](2055d3c) Update default differs on darwin * [`9da97686d`](9da9768) Use default writable size in erofs snapshotter for non-Linux hosts * [`eeb0f889a`](eeb0f88) Update default erofs block size on macOS during erofs diff * Redact all query parameters in CRI error logs ([#12546](#12546)) * [`c707f771a`](c707f77) fix: redact all query parameters in CRI error logs * Revert "Implement io.ReaderAt on docker fetch reader" ([#12542](#12542)) * [`678f944dd`](678f944) Revert "Implement io.ReaderAt on docker fetch reader" * Fix possible panic from WithMediaTypeKeyPrefix ([#12516](#12516)) * [`8b73c2de3`](8b73c2d) remotes: fix possible panic from WithMediaTypeKeyPrefix </p> </details> ### Changes from containerd/cgroups <details><summary>13 commits</summary> <p> * ci: bump golangci-lint to v2.6.2 ([containerd/cgroups#382](containerd/cgroups#382)) * [`a302e56`](containerd/cgroups@a302e56) ci: bump golangci-lint to v2.6.2 * [`731cf7a`](containerd/cgroups@731cf7a) ci: suppress errcheck * [`9bee663`](containerd/cgroups@9bee663) utils: move Close() to defer block * [`9d7647c`](containerd/cgroups@9d7647c) rdma: use strings.Cut in Go 1.18 * [`109f063`](containerd/cgroups@109f063) memory_test: apply De Morgan's law * [`e6fcf3f`](containerd/cgroups@e6fcf3f) memory_test: omit type from declaration * build(deps): bump actions/checkout from 5 to 6 ([containerd/cgroups#381](containerd/cgroups#381)) * [`4e30098`](containerd/cgroups@4e30098) build(deps): bump actions/checkout from 5 to 6 * Fix parsing of hugetlb.<size>.events files ([containerd/cgroups#379](containerd/cgroups#379)) * [`2ad7a12`](containerd/cgroups@2ad7a12) hugetlb: correctly parse hugetlb.<size>.events files * go.mod: github.com/opencontainers/runtime-spec v1.3.0 ([containerd/cgroups#376](containerd/cgroups#376)) * [`34ef430`](containerd/cgroups@34ef430) go.mod: github.com/opencontainers/runtime-spec v1.3.0 </p> </details> ### Changes from containerd/nri <details><summary>79 commits</summary> <p> * adaptation: allow compiling out WASM support altogether. ([containerd/nri#253](containerd/nri#253)) * [`ab88fe6`](containerd/nri@ab88fe6) adaptation: allow compiling out WASM support altogether. * Support direct editing of the intelRdt config ([containerd/nri#215](containerd/nri#215)) * [`8c0c9f6`](containerd/nri@8c0c9f6) Implement removal of RDT * [`dfbae8a`](containerd/nri@dfbae8a) plugins: add sample rdt plugin * [`d05dd81`](containerd/nri@d05dd81) pkg/adaptation: support new RDT fields * [`725289b`](containerd/nri@725289b) pkg/runtime-tools/generate: support new RDT fields * [`a7832a2`](containerd/nri@a7832a2) api: add rdt * update wazero/wazero version to v1.10.1 ([containerd/nri#252](containerd/nri#252)) * [`9eb9a0f`](containerd/nri@9eb9a0f) update tetratelabs/wazero version to v1.10.1 * support specifying a custom NRI socket path ([containerd/nri#249](containerd/nri#249)) * [`2df6565`](containerd/nri@2df6565) [plugins] support specifying a custom NRI socket path * pkg/api: add OptionalRepeatedString type ([containerd/nri#212](containerd/nri#212)) * [`687c1a6`](containerd/nri@687c1a6) pkg/api: add OptionalRepeatedString type * api,adaptation,generate: allow setting kernel scheduling policy attributes. ([containerd/nri#160](containerd/nri#160)) * [`6a371ac`](containerd/nri@6a371ac) device-injector: add scheduling policy adjustment. * [`e06369e`](containerd/nri@e06369e) api,adaptation,generate: allow setting scheduler attributes. * device-injector: always log injection summary. ([containerd/nri#246](containerd/nri#246)) * [`14cc2e2`](containerd/nri@14cc2e2) device-injector: always log injection summary. * api,adaptation,generate: allow adjusting linux net devices ([containerd/nri#157](containerd/nri#157)) * [`5145c92`](containerd/nri@5145c92) device-injector: add network device injection. * [`8a03823`](containerd/nri@8a03823) api,adaptation,generate: allow adjusting linux net devices. * Add support for sysctl adjustment ([containerd/nri#248](containerd/nri#248)) * [`914fbf3`](containerd/nri@914fbf3) default-validator: restrict sysctl adjustment * [`a418956`](containerd/nri@a418956) api: apply sysctl adjustments * [`8705f9b`](containerd/nri@8705f9b) api: add sysctl container adjustment * feat: Make logger a configurable struct member for stub ([containerd/nri#239](containerd/nri#239)) * [`08a891a`](containerd/nri@08a891a) feat: Make logger a configurable struct member for stub * Drop dependency on opencontainers/runtime-tools ([containerd/nri#247](containerd/nri#247)) * [`5e5c2be`](containerd/nri@5e5c2be) Drop dependency on opencontainers/runtime-tools * deps: bump runtime-spec to v1.3.0. ([containerd/nri#243](containerd/nri#243)) * [`29c5811`](containerd/nri@29c5811) (v0.1.0) examples: lock NRI, runtime spec deps. * [`d812952`](containerd/nri@d812952) v010-adapter: lock NRI, runtime spec and tools deps. * [`7dd7c7f`](containerd/nri@7dd7c7f) api,runtime-tools: adjust for runtime-spec v1.3.0. * [`5d5d4c4`](containerd/nri@5d5d4c4) go.{mod,sum}: update runtime-tools, runtime-spec to v1.3.0. * adaptation: ensure sync'ed plugins are fully registered in tests. ([containerd/nri#234](containerd/nri#234)) * [`c840397`](containerd/nri@c840397) adaptation: ensure sync'ed plugins are fully registered in tests. * Fix wasm example ([containerd/nri#237](containerd/nri#237)) * [`44b2861`](containerd/nri@44b2861) Fix wasm example * Makefile: build proto files unconditionally ([containerd/nri#229](containerd/nri#229)) * [`d99f960`](containerd/nri@d99f960) Fix dockerized proto build * [`9623748`](containerd/nri@9623748) Makefile: build proto files unconditionally * [`25d9391`](containerd/nri@25d9391) build: ensure we use correct version of protoc and its deps. * adaptation: test with populated initial resources. ([containerd/nri#231](containerd/nri#231)) * [`b6b98b5`](containerd/nri@b6b98b5) adaptation: test with populated initial resources. * Install protoc locally in the source tree ([containerd/nri#232](containerd/nri#232)) * [`2394daa`](containerd/nri@2394daa) Install protoc locally in the source tree * plugins/logger: fix default event subscription mask. ([containerd/nri#158](containerd/nri#158)) * [`33b1db1`](containerd/nri@33b1db1) logger: fix default event subscription mask. * extract memory and CPU resource helpers ([containerd/nri#210](containerd/nri#210)) * [`7afb32a`](containerd/nri@7afb32a) extract memory and CPU resource helpers * api: expose container user/group ID to plugins. ([containerd/nri#230](containerd/nri#230)) * [`22aeb46`](containerd/nri@22aeb46) docs: update README with container uid/gid info. * [`71b0335`](containerd/nri@71b0335) api,adaptation: add container uid/gid info. * contrib: add example for enabling per-container RDT monitoring ([containerd/nri#228](containerd/nri#228)) * [`91fbf06`](containerd/nri@91fbf06) contrib: add example for enabling per-container RDT monitoring * ci: enable image signing ([containerd/nri#224](containerd/nri#224)) * [`fb54916`](containerd/nri@fb54916) ci: enable image signing * golangci: disable QF1008 from staticcheck linter ([containerd/nri#226](containerd/nri#226)) * [`0b3b577`](containerd/nri@0b3b577) golangci: disable QF1008 from staticcheck linter * ci: bump golangci-lint to v2.4 ([containerd/nri#225](containerd/nri#225)) * [`9787127`](containerd/nri@9787127) Bump golangci-lint to v2.4 * [`1a50ff5`](containerd/nri@1a50ff5) Add nolint directives * [`00fa1a1`](containerd/nri@00fa1a1) Add and fix comments for exported types * [`ac21da7`](containerd/nri@ac21da7) pkg/api/seccomp: add comments for exported functions * [`3aff986`](containerd/nri@3aff986) pkg/runtime-tools/generate: remove embedded field "Generator" * [`c0c4bb6`](containerd/nri@c0c4bb6) pkg/api/validate: add comments for exported methods * [`c0ba9da`](containerd/nri@c0ba9da) adaptation/builtin: add comment for exported symbols * .gitignore: revert hastily reviewed editor-specific addition. ([containerd/nri#221](containerd/nri#221)) * [`02376f3`](containerd/nri@02376f3) .gitignore: add comment about global gitignore. * [`9336a79`](containerd/nri@9336a79) Revert "nit: Add .idea folder to gitignore" * nit: Add .idea folder to gitignore ([containerd/nri#218](containerd/nri#218)) * [`f578ea2`](containerd/nri@f578ea2) nit: Add .idea folder to gitignore * chore: clean and unify nolint directives ([containerd/nri#217](containerd/nri#217)) * [`21741b9`](containerd/nri@21741b9) chore: clean and unify nolint directives * Downgrade go to require 1.24.0 ([containerd/nri#214](containerd/nri#214)) * [`d26e910`](containerd/nri@d26e910) Downgrade go to require 1.24.0 * Add dockerized target for building proto files ([containerd/nri#211](containerd/nri#211)) * [`13fcc07`](containerd/nri@13fcc07) Add dockerized target for building proto files </p> </details> ### Changes from containerd/zfs <details><summary>11 commits</summary> <p> * go.mod: update to stable containerd v2.0 ([containerd/zfs#89](containerd/zfs#89)) * [`f11f891`](containerd/zfs@f11f891) go.mod: update to stable containerd v2.0 * ci: update actions, test against go1.23, fix linting, and update golangci-lint ([containerd/zfs#88](containerd/zfs#88)) * [`662ad3c`](containerd/zfs@662ad3c) gha: update golangci/golangci-lint-action@v9, golangci-lint v2.7 * [`b0b2584`](containerd/zfs@b0b2584) remove nolint comments * [`7c4274b`](containerd/zfs@7c4274b) fix error capitalization * [`24ce1b9`](containerd/zfs@24ce1b9) fix inconsistent receiver name * [`c8545c3`](containerd/zfs@c8545c3) gha: update actions/checkout@v6 * [`d23ec04`](containerd/zfs@d23ec04) gha: update actions/setup-go@v6 * [`bb45f6e`](containerd/zfs@bb45f6e) gha: update containerd/project-checks@v1.2.2 * [`65bc451`](containerd/zfs@65bc451) gha: test against go1.23 </p> </details> ### Dependency Changes * **github.com/containerd/cgroups/v3** v3.1.0 -> v3.1.2 * **github.com/containerd/nri** v0.10.0 -> v0.11.0 * **github.com/containerd/zfs/v2** v2.0.0-rc.0 -> v2.0.0 * **github.com/containernetworking/plugins** v1.8.0 -> v1.9.0 * **github.com/cyphar/filepath-securejoin** v0.5.1 **_new_** * **github.com/opencontainers/runtime-spec** v1.2.1 -> v1.3.0 * **github.com/opencontainers/runtime-tools** 0ea5ed0382a2 -> edf4cb3d2116 * **github.com/opencontainers/selinux** v1.12.0 -> v1.13.1 * **github.com/tetratelabs/wazero** v1.9.0 -> v1.10.1 * **golang.org/x/crypto** v0.41.0 -> v0.45.0 * **golang.org/x/net** v0.43.0 -> v0.47.0 * **golang.org/x/sync** v0.17.0 -> v0.18.0 * **golang.org/x/sys** v0.37.0 -> v0.38.0 * **golang.org/x/term** v0.34.0 -> v0.37.0 * **golang.org/x/text** v0.28.0 -> v0.31.0 * **tags.cncf.io/container-device-interface** v1.0.1 -> v1.1.0 * **tags.cncf.io/container-device-interface/specs-go** v1.0.0 -> v1.1.0 Previous release can be found at [v2.2.0](https://github.com/containerd/containerd/releases/tag/v2.2.0) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
containerd 2.1.6 Welcome to the v2.1.6 release of containerd! The sixth patch release for containerd 2.1 contains various fixes and updates. ### Highlights #### Runtime * **Update runc binary to v1.3.4** ([#12618](#12618)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Akihiro Suda * Derek McGowan * Mike Brown * Phil Estes * Austin Vazquez * Kirtana Ashok * Andrey Noskov * CrazyMax * Davanum Srinivas * Krisztian Litkey * Maksym Pavlenko * Michael Weibel * Paweł Gronowski * Sebastiaan van Stijn * Wei Fu ### Changes <details><summary>28 commits</summary> <p> * Prepare release notes for v2.1.6 ([#12653](#12653)) * [`93f79087a`](93f7908) Prepare release notes for v2.1.6 * go.mod: containerd/zfs v2.0.0 ([#12655](#12655)) * [`7e75db3a9`](7e75db3) build(deps): bump github.com/containerd/zfs/v2 from 2.0.0-rc.0 to 2.0.0 * cri/nri: short-circuit nil adjustment. ([#12673](#12673)) * [`2b8e11b12`](2b8e11b) cri/nri: short-circuit nil adjustment. * go.mod: github.com/containernetworking/plugins v1.9.0 ([#12659](#12659)) * [`69efd067c`](69efd06) go.mod: github.com/containernetworking/plugins v1.9.0 * go.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) ([#12639](#12639)) * [`e81678853`](e816788) go.mod: golang.org/x/crypto v0.45.0 * [`55a2d8c8d`](55a2d8c) CI: drop Go 1.23 * [`fd8e3c39b`](fd8e3c3) Update Go requirements in BUILDING * core/runtime/v2: remove uses of otelgrpc.UnaryClientInterceptor ([#12623](#12623)) * [`a4454c49a`](a4454c4) core/runtime/v2: remove uses of otelgrpc.UnaryClientInterceptor * Update runc binary to v1.3.4 ([#12618](#12618)) * [`251f0a285`](251f0a2) runc: Update runc binary to v1.3.4 * ci: bump Go 1.24.11, 1.25.5 ([#12626](#12626)) * [`c07c29bca`](c07c29b) ci: bump Go 1.24.11, 1.25.5 * [`e52817652`](e528176) ci: bump Go 1.24.10, 1.25.4 * [`04bbb66e4`](04bbb66) ci(release): set GO_VERSION in Dockerfile * ci: update CIFuzz actions to support Ubuntu 24.04 ([#12633](#12633)) * [`492987ccc`](492987c) ci: update CIFuzz actions to support Ubuntu 24.04 * build(deps): bump github.com/opencontainers/selinux ([#12590](#12590)) * [`55a25ec6e`](55a25ec) build(deps): bump github.com/opencontainers/selinux * Redact all query parameters in CRI error logs ([#12547](#12547)) * [`b72d0dfe0`](b72d0df) fix: redact all query parameters in CRI error logs * Update 2.1 branch to no longer build as latest ([#12487](#12487)) * [`ecd58bd65`](ecd58bd) Update 2.1 branch to no longer build as latest </p> </details> ### Changes from containerd/platforms <details><summary>5 commits</summary> <p> * use windowsMatchComparer for OSVersion match order ([containerd/platforms#25](containerd/platforms#25)) * [`8c0d9f9`](containerd/platforms@8c0d9f9) use windowsMatchComparer for OSVersion match order * Add WS2025 to Windows matcher and code optimizations ([containerd/platforms#24](containerd/platforms#24)) * [`8447b0a`](containerd/platforms@8447b0a) Update ci.yml * [`4549974`](containerd/platforms@4549974) Add WS2025 to Windows matcher and code optimizations </p> </details> ### Dependency Changes * **github.com/containerd/platforms** v1.0.0-rc.1 -> v1.0.0-rc.2 * **github.com/containerd/zfs/v2** v2.0.0-rc.0 -> v2.0.0 * **github.com/containernetworking/plugins** v1.7.1 -> v1.9.0 * **github.com/coreos/go-systemd/v22** v22.5.0 -> v22.6.0 * **github.com/cyphar/filepath-securejoin** v0.5.1 **_new_** * **github.com/go-logr/logr** v1.4.2 -> v1.4.3 * **github.com/opencontainers/selinux** v1.12.0 -> v1.13.1 * **github.com/vishvananda/netlink** 0e7078ed04c8 -> v1.3.1 * **golang.org/x/crypto** v0.36.0 -> v0.45.0 * **golang.org/x/mod** v0.24.0 -> v0.29.0 * **golang.org/x/net** v0.38.0 -> v0.47.0 * **golang.org/x/sync** v0.14.0 -> v0.18.0 * **golang.org/x/sys** v0.33.0 -> v0.38.0 * **golang.org/x/term** v0.30.0 -> v0.37.0 * **golang.org/x/text** v0.23.0 -> v0.31.0 * **google.golang.org/protobuf** v1.36.6 -> v1.36.7 Previous release can be found at [v2.1.5](https://github.com/containerd/containerd/releases/tag/v2.1.5) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
containerd 1.7.30 Welcome to the v1.7.30 release of containerd! The thirtieth patch release for containerd 1.7 contains various fixes and updates. ### Highlights #### Container Runtime Interface (CRI) * **Fix NRI dropping requested CDI devices silently** ([#12650](#12650)) * **Redact all query parameters in CRI error logs** ([#12551](#12551)) #### Runtime * **Update runc binary to v1.3.4** ([#12619](#12619)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Akihiro Suda * Austin Vazquez * Mike Brown * Wei Fu * Andrey Noskov * CrazyMax * Davanum Srinivas * Jin Dong * Krisztian Litkey * Maksym Pavlenko * Paweł Gronowski * Phil Estes * Samuel Karp ### Changes <details><summary>26 commits</summary> <p> * Prepare release notes for v1.7.30 ([#12652](#12652)) * [`3d0ca6d2e`](3d0ca6d) Prepare release notes for v1.7.30 * Fix NRI dropping requested CDI devices silently ([#12650](#12650)) * [`0bc74f47e`](0bc74f4) cri,nri: don't drop requested CDI devices silently. * script/setup/install-cni: install CNI plugins v1.9.0 ([#12660](#12660)) * [`7db16b562`](7db16b5) script/setup/install-cni: install CNI plugins v1.9.0 * go.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) ([#12640](#12640)) * [`bca897b47`](bca897b) go.mod: golang.org/x/crypto v0.45.0 * [`37cbd2224`](37cbd22) CI: drop Go 1.23 * [`ee49d1747`](ee49d17) Update Go requirements in BUILDING * ci: bump Go 1.24.11, 1.25.5 ([#12627](#12627)) * [`145978224`](1459782) ci: bump Go 1.24.11, 1.25.5 * [`3dbadfaa1`](3dbadfa) ci: bump Go 1.24.10, 1.25.4 * [`2bac971f0`](2bac971) ci(release): set GO_VERSION in Dockerfile * Update runc binary to v1.3.4 ([#12619](#12619)) * [`34b89a574`](34b89a5) runc: Update runc binary to v1.3.4 * ci: update CIFuzz actions to support Ubuntu 24.04 ([#12635](#12635)) * [`6e0dd8956`](6e0dd89) ci: update CIFuzz actions to support Ubuntu 24.04 * build(deps): bump github.com/opencontainers/selinux ([#12591](#12591)) * [`3eea2a4af`](3eea2a4) build(deps): bump github.com/opencontainers/selinux * remove sha256-simd ([#12576](#12576)) * [`1194f5128`](1194f51) remove sha256-simd * .github: skip 5 critest cases for window-2022 ([#12586](#12586)) * [`ce2d3a67f`](ce2d3a6) .github: skip 5 critest cases in window CI pipeline * Redact all query parameters in CRI error logs ([#12551](#12551)) * [`65271ea89`](65271ea) fix: redact all query parameters in CRI error logs </p> </details> ### Dependency Changes * **github.com/cyphar/filepath-securejoin** v0.5.1 **_new_** * **github.com/opencontainers/selinux** v1.11.0 -> v1.13.1 * **golang.org/x/crypto** v0.40.0 -> v0.45.0 * **golang.org/x/mod** v0.26.0 -> v0.29.0 * **golang.org/x/net** v0.42.0 -> v0.47.0 * **golang.org/x/sync** v0.16.0 -> v0.18.0 * **golang.org/x/sys** v0.34.0 -> v0.38.0 * **golang.org/x/term** v0.33.0 -> v0.37.0 * **golang.org/x/text** v0.27.0 -> v0.31.0 Previous release can be found at [v1.7.29](https://github.com/containerd/containerd/releases/tag/v1.7.29)
containerd 2.2.0 Welcome to the v2.2.0 release of containerd! The second minor release of containerd 2.x focuses on continued stability alongside new features and improvements. This is the second time-based released for containerd. ### Highlights * **Add mount manager** ([#12063](#12063)) The mount manager is a new service that provides lifecycle management for filesystem mounts to support more advanced use cases, such as: * **Device formatting** to create formatted filesystems (xfs, ext4) on-demand * **Mount activation** to prepare devices such as loopbacks or network fileystems * **Mount transformation** to allow mount arguments to be filled in dynamically from previous mounts * **Garbage collection** of mounts to ensure temporary mounts are never leaked * **Add conf.d include in the default config** ([#12323](#12323)) * **Add support for back references in the garbage collector** ([#12025](#12025)) #### Container Runtime Interface (CRI) * **Pod Sandbox Metrics** ([#10691](#10691)) Full implementation of Kubernetes CRI pod-level metrics API * **ListPodSandboxMetrics**: Query metrics for running pods/sandboxes * **ListMetricsDescriptors**: Discover available metrics and their descriptions * **Support image volume mount subpath** ([#11578](#11578)) #### Go client * **Update pkg/oci to use fs.FS interface and os.OpenRoot** ([#12245](#12245)) #### Image Distribution * **Parallel Unpack** ([#12332](#12332)) Adds support for unpacking layers in parallel during pull operations. This feature is supported with overlayfs and EROFS snapshotters. * **OCI Referrers Support** ([#12309](#12309)) Adds new referrers fetcher to remote registry interface using the [new referrers endpoint added in OCI distribution-spec 1.1](https://github.com/opencontainers/distribution-spec/blob/v1.1.0/spec.md#listing-referrers) * **Tar unpack progress through transfer service** ([#11921](#11921)) #### Image Storage * **EROFS enhancements using mount manager** ([#12333](#12333)) Improvements to EROFS snapshotter using the new mount manager service * **Quota Support**: Support for sized block devices as the upper layer for overlayfs * **Mount Lifecycle**: Loopback setup, block device creation, and overlayfs argument formatting is moved to the mount manager to be performed on-demand or within the runtime. * **Mount handler**: To allow optimization of EROFS mount types based on the current system * **macOS Support**: EROFS snapshotter can now be used on Darwin to natively allow image pulls * **Tar index mode**: Efficiently generate EROFS metadata backed by original tar content ([#11919](#11919)) * **Add snapshotter and differ for block CIMs** ([#12050](#12050)) #### Node Resource Interface (NRI) * **Enable otel traces in NRI** ([#12082](#12082)) * **Add WASM plugin support** ([containerd/nri#121](containerd/nri#121)) #### Runtime * **Improve shim load time after restart by loading in parallel** ([#12142](#12142)) * **Fix pidfd leak in UnshareAfterEnterUserns** ([#12167](#12167)) #### Deprecations * **Deprecate cgroup v1** ([#12445](#12445)) * **Postpone v2.2 deprecation items to v2.3** ([#12417](#12417)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Phil Estes * Akihiro Suda * Maksym Pavlenko * Wei Fu * Krisztian Litkey * Mike Brown * Akhil Mohan * Markus Lehtonen * Samuel Karp * Sebastiaan van Stijn * ningmingxiao * Austin Vazquez * yashsingh74 * Gao Xiang * Kirtana Ashok * Jin Dong * Chris Henzie * Aadhar Agarwal * Etienne Champetier * Henry Wang * Rodrigo Campos * Sascha Grunert * Aleksa Sarai * Eric Mountain * Keith Mattix II * Paweł Gronowski * Tõnis Tiigi * Adrien Delorme * Apurv Barve * Enji Cooper * Kohei Tokunaga * Max Jonas Werner * Rehan Khan * Yang Yang * jinda.ljd * jokemanfire * Amit Barve * Andrew Halaney * Antonio Ojea * Brian Goff * Carlos Eduardo Arango Gutierrez * Chenyang Yan * Dawei Wei * Divya Rani * Evan Anderson * Fabiano Fidêncio * Iceber Gu * Jared Ledvina * Jonathan Perkin * Jose Fernandez * Karl Baumgartner * Michael Weibel * Osama Abdelkader * Radostin Stoyanov * Ruidong Cao * Sameer * Sergey Kanzhelev * Swagat Bora * Sylvain MOUQUET * Tom Wieczorek * Tycho Andersen * Wuyue (Tony) Sun * suranmiao * tanhuaan * wheat2018 * zounengren ### Dependency Changes * **dario.cat/mergo** v1.0.1 -> v1.0.2 * **github.com/Microsoft/hcsshim** v0.13.0-rc.3 -> v0.14.0-rc.1 * **github.com/StackExchange/wmi** cbe66965904d **_new_** * **github.com/checkpoint-restore/checkpointctl** v1.3.0 -> v1.4.0 * **github.com/containerd/cgroups/v3** v3.0.5 -> v3.1.0 * **github.com/containerd/console** v1.0.4 -> v1.0.5 * **github.com/containerd/containerd/api** v1.9.0 -> v1.10.0 * **github.com/containerd/go-cni** v1.1.12 -> v1.1.13 * **github.com/containerd/nri** v0.8.0 -> v0.10.0 * **github.com/containerd/platforms** v1.0.0-rc.1 -> v1.0.0-rc.2 * **github.com/containernetworking/plugins** v1.7.1 -> v1.8.0 * **github.com/coreos/go-systemd/v22** v22.5.0 -> v22.6.0 * **github.com/cpuguy83/go-md2man/v2** v2.0.5 -> v2.0.7 * **github.com/emicklei/go-restful/v3** v3.11.0 -> v3.13.0 * **github.com/fxamacker/cbor/v2** v2.7.0 -> v2.9.0 * **github.com/go-jose/go-jose/v4** v4.0.5 -> v4.1.2 * **github.com/go-logr/logr** v1.4.2 -> v1.4.3 * **github.com/go-ole/go-ole** v1.2.6 **_new_** * **github.com/golang/groupcache** 41bb18bfe9da -> 2c02b8208cf8 * **github.com/google/certtostore** v1.0.6 **_new_** * **github.com/google/deck** 105ad94aa8ae **_new_** * **github.com/gorilla/websocket** v1.5.0 -> e064f32e3674 * **github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus** v1.0.1 -> v1.1.0 * **github.com/hashicorp/errwrap** v1.1.0 **_new_** * **github.com/intel/goresctrl** v0.8.0 -> v0.10.0 * **github.com/klauspost/compress** v1.18.0 -> v1.18.1 * **github.com/knqyf263/go-plugin** v0.9.0 **_new_** * **github.com/moby/sys/capability** v0.4.0 **_new_** * **github.com/modern-go/reflect2** v1.0.2 -> 35a7c28c31ee * **github.com/opencontainers/runtime-tools** 2e043c6bd626 -> 0ea5ed0382a2 * **github.com/prometheus/client_golang** v1.22.0 -> v1.23.2 * **github.com/prometheus/client_model** v0.6.1 -> v0.6.2 * **github.com/prometheus/common** v0.62.0 -> v0.66.1 * **github.com/prometheus/procfs** v0.15.1 -> v0.16.1 * **github.com/stretchr/testify** v1.10.0 -> v1.11.1 * **github.com/tchap/go-patricia/v2** v2.3.2 -> v2.3.3 * **github.com/tetratelabs/wazero** v1.9.0 **_new_** * **github.com/urfave/cli/v2** v2.27.6 -> v2.27.7 * **github.com/vishvananda/netlink** 0e7078ed04c8 -> v1.3.1 * **go.etcd.io/bbolt** v1.4.0 -> v1.4.3 * **go.opentelemetry.io/otel** v1.35.0 -> v1.37.0 * **go.opentelemetry.io/otel/metric** v1.35.0 -> v1.37.0 * **go.opentelemetry.io/otel/sdk** v1.35.0 -> v1.37.0 * **go.opentelemetry.io/otel/trace** v1.35.0 -> v1.37.0 * **go.uber.org/goleak** v1.3.0 **_new_** * **go.yaml.in/yaml/v2** v2.4.2 **_new_** * **golang.org/x/crypto** v0.36.0 -> v0.41.0 * **golang.org/x/mod** v0.24.0 -> v0.29.0 * **golang.org/x/net** v0.38.0 -> v0.43.0 * **golang.org/x/oauth2** v0.27.0 -> v0.30.0 * **golang.org/x/sync** v0.14.0 -> v0.17.0 * **golang.org/x/sys** v0.33.0 -> v0.37.0 * **golang.org/x/term** v0.30.0 -> v0.34.0 * **golang.org/x/text** v0.23.0 -> v0.28.0 * **golang.org/x/time** v0.7.0 -> v0.14.0 * **google.golang.org/genproto/googleapis/api** 56aae31c358a -> a7a43d27e69b * **google.golang.org/genproto/googleapis/rpc** 56aae31c358a -> a7a43d27e69b * **google.golang.org/grpc** v1.72.0 -> v1.76.0 * **google.golang.org/protobuf** v1.36.6 -> v1.36.10 * **k8s.io/api** v0.32.3 -> v0.34.1 * **k8s.io/apimachinery** v0.32.3 -> v0.34.1 * **k8s.io/client-go** v0.32.3 -> v0.34.1 * **k8s.io/cri-api** v0.32.3 -> v0.34.1 * **k8s.io/utils** 3ea5e8cea738 -> 4c0f3b243397 * **sigs.k8s.io/json** 9aa6b5e7a4b3 -> cfa47c3a1cc8 * **sigs.k8s.io/randfill** v1.0.0 **_new_** * **sigs.k8s.io/structured-merge-diff/v6** v6.3.0 **_new_** * **sigs.k8s.io/yaml** v1.4.0 -> v1.6.0 Previous release can be found at [v2.1.0](https://github.com/containerd/containerd/releases/tag/v2.1.0) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
containerd 2.1.5 Welcome to the v2.1.5 release of containerd! The fifth patch release for containerd 2.1 contains various fixes and updates. ### Security Updates * **containerd** * [**GHSA-pwhc-rpq9-4c8w**](GHSA-pwhc-rpq9-4c8w) * [**GHSA-m6hq-p25p-ffr2**](GHSA-m6hq-p25p-ffr2) * **runc** * [**GHSA-qw9x-cqr3-wc7r**](GHSA-qw9x-cqr3-wc7r) * [**GHSA-cgrx-mc8f-2prm**](GHSA-cgrx-mc8f-2prm) * [**GHSA-9493-h29p-rfm2**](GHSA-9493-h29p-rfm2) ### Highlights #### Container Runtime Interface (CRI) * **Disable event subscriber during task cleanup** ([#12410](#12410)) * **Add SystemdCgroup to default runtime options** ([#12253](#12253)) * **Fix userns with container image VOLUME mounts that need copy** ([#12242](#12242)) #### Image Distribution * **Ensure errContentRangeIgnored error when range-get request is ignored** ([#12312](#12312)) #### Runtime * **Update runc binary to v1.3.3** ([#12478](#12478)) #### Deprecations * **Postpone v2.2 deprecation items to v2.3** ([#12431](#12431)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Phil Estes * Akihiro Suda * Derek McGowan * Austin Vazquez * Rodrigo Campos * Maksym Pavlenko * Wei Fu * ningmingxiao * Akhil Mohan * Henry Wang * Andrew Halaney * Divya Rani * Jose Fernandez * Swagat Bora * wheat2018 ### Changes <details><summary>58 commits</summary> <p> * Prepare release notes for v2.1.5 ([#12483](#12483)) * [`fc5bdfeac`](fc5bdfe) Prepare release notes for v2.1.5 * [`c578c26bf`](c578c26) Update mailmap * [`46a4a03fb`](46a4a03) Merge commit from fork * [`232786c90`](232786c) Fix directory permissions * [`239ab877d`](239ab87) Merge commit from fork * [`0766796e8`](0766796) fix goroutine leak of container Attach * Update runc binary to v1.3.3 ([#12478](#12478)) * [`3d713d3d0`](3d713d3) runc: Update runc binary to v1.3.3 * Update GHA runners to use latest images for basic binaries build ([#12470](#12470)) * [`de4221cb7`](de4221c) Update GHA runners to use latest images for basic binaries build * ci: bump Go 1.24.9, 1.25.3 ([#12467](#12467)) * [`2045b1920`](2045b19) ci: bump Go 1.24.9, 1.25.3 * Update GHA runners to use latest image for most jobs ([#12468](#12468)) * [`21ec7cc7d`](21ec7cc) Update GHA runners to use latest image for most jobs * CI: update Fedora to 43 ([#12449](#12449)) * [`893b5f92e`](893b5f9) CI: update Fedora to 43 * Postpone v2.2 deprecation items to v2.3 ([#12431](#12431)) * [`6374a8f9d`](6374a8f) Postpone v2.2 deprecation items to v2.3 * CI: skip ubuntu-24.04-arm on private repos ([#12427](#12427)) * [`98e0e73de`](98e0e73) CI: skip ubuntu-24.04-arm on private repos * Disable event subscriber during task cleanup ([#12410](#12410)) * [`a3770cf83`](a3770cf) cri/server/podsandbox: disable event subscriber * Fix lost container logs from quickly closing io ([#12377](#12377)) * [`7d9f09ba0`](7d9f09b) bugfix:fix container logs lost because io close too quickly * ci: bump Go 1.24.8 ([#12360](#12360)) * [`d1cab3cc5`](d1cab3c) ci: bump Go 1.24.8 * Prevent goroutine hangs during ProgressTracker shutdown ([#12336](#12336)) * [`9b57a4d35`](9b57a4d) Prevent goroutine hangs during ProgressTracker shutdown * Ensure errContentRangeIgnored error when range-get request is ignored ([#12312](#12312)) * [`ca3de4fe7`](ca3de4f) Ensure errContentRangeIgnored error when range-get request is ignored by registry * Remove additional fuzzers from instrumentation repo ([#12313](#12313)) * [`dfffe3d9c`](dfffe3d) Remove additional fuzzers from CI * update release builds to 1.24.7 and add 1.25.1 to CI ([#12258](#12258)) * [`c54585ba7`](c54585b) update release builds to 1.24.7 and add 1.25.1 to CI * runc:Update runc binary to v1.3.1 ([#12277](#12277)) * [`f0a48ce38`](f0a48ce) runc:Update runc binary to v1.3.1 * Add SystemdCgroup to default runtime options ([#12253](#12253)) * [`f13f8c431`](f13f8c4) add SystemdCgroup to default runtime options * install-runhcs-shim: fetch target commit instead of tags ([#12256](#12256)) * [`42bb71e1e`](42bb71e) install-runhcs-shim: fetch target commit instead of tags * Fix userns with container image VOLUME mounts that need copy ([#12242](#12242)) * [`10944e19f`](10944e1) integration: Add test for directives with userns * [`41d74aee2`](41d74ae) cri: Fix userns with Dockerfile VOLUME mounts that need copy * Fix overlayfs issues related to user namespace ([#12222](#12222)) * [`f40bfc46b`](f40bfc4) core/mount: Retry unmounting idmapped directories * [`1f51d2dea`](1f51d2d) core/mount: Test cleanup of DoPrepareIDMappedOverlay() * [`8fbf8c503`](8fbf8c5) core/mount: Properly cleanup on doPrepareIDMappedOverlay errors * [`b9d678e15`](b9d678e) core/mount: Don't call nil function on errors * [`583fe2d24`](583fe2d) core/mount: Only idmap once per overlayfs, not per layer * Add documentation for cgroup_writable field ([#12229](#12229)) * [`4832b4d15`](4832b4d) Add documentation for cgroup_writable field * fix: create bootstrap.json with 0644 permission ([#12183](#12183)) * [`3c174cf64`](3c174cf) fix: create bootstrap.json with 0644 permission * ci: bump Go 1.23.12, 1.24.6 ([#12186](#12186)) * [`74b0505eb`](74b0505) ci: bump Go 1.23.12, 1.24.6 * sys: fix pidfd leak in UnshareAfterEnterUserns ([#12179](#12179)) * [`5ef6ea747`](5ef6ea7) sys: fix pidfd leak in UnshareAfterEnterUserns </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v2.1.4](https://github.com/containerd/containerd/releases/tag/v2.1.4) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
containerd 2.0.7 Welcome to the v2.0.7 release of containerd! The seventh patch release for containerd 2.0 includes various bug fixes and updates. ### Security Updates * **containerd** * [**GHSA-pwhc-rpq9-4c8w**](GHSA-pwhc-rpq9-4c8w) * [**GHSA-m6hq-p25p-ffr2**](GHSA-m6hq-p25p-ffr2) * **runc** * [**GHSA-qw9x-cqr3-wc7r**](GHSA-qw9x-cqr3-wc7r) * [**GHSA-cgrx-mc8f-2prm**](GHSA-cgrx-mc8f-2prm) * [**GHSA-9493-h29p-rfm2**](GHSA-9493-h29p-rfm2) ### Highlights #### Container Runtime Interface (CRI) * **Disable event subscriber during task cleanup** ([#12406](#12406)) * **Add SystemdCgroup to default runtime options** ([#12254](#12254)) * **Fix userns with container image VOLUME mounts that need copy** ([#12241](#12241)) #### Image Distribution * **Add dial timeout field to hosts toml configuration** ([#12136](#12136)) #### Runtime * **Update runc binary to v1.3.3** ([#12479](#12479)) * **Fix lost container logs from quickly closing io** ([#12376](#12376)) * **Create bootstrap.json with 0644 permission** ([#12184](#12184)) * **Fix pidfd leak in UnshareAfterEnterUserns** ([#12178](#12178)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Austin Vazquez * Phil Estes * Rodrigo Campos * Wei Fu * Akihiro Suda * Derek McGowan * Maksym Pavlenko * ningmingxiao * Kirtana Ashok * Akhil Mohan * Andrew Halaney * Jin Dong * Jose Fernandez * Mike Baynton * Philip Laine * Swagat Bora * wheat2018 ### Changes <details><summary>56 commits</summary> <p> * Prepare release notes for v2.0.7 ([#12482](#12482)) * [`4931e24f1`](4931e24) Prepare release notes for v2.0.7 * [`205bc4f2d`](205bc4f) Update mailmap * [`5f708b76a`](5f708b7) Merge commit from fork * [`8cd112d82`](8cd112d) Fix directory permissions * [`05290b5bc`](05290b5) Merge commit from fork * [`4d1edf4ad`](4d1edf4) fix goroutine leak of container Attach * Update runc binary to v1.3.3 ([#12479](#12479)) * [`b46dc6a67`](b46dc6a) runc: Update runc binary to v1.3.3 * ci: bump Go 1.24.9; 1.25.3 ([#12361](#12361)) * [`5e9c82178`](5e9c821) Update GHA runners to use latest images for basic binaries build * [`7f59248dc`](7f59248) Update GHA runners to use latest image for most jobs * [`e1373e8a8`](e1373e8) ci: bump Go 1.24.9, 1.25.3 * [`e1a910a6a`](e1a910a) ci: bump Go 1.24.8; 1.25.2 * [`fd04b7f17`](fd04b7f) move exclude-dirs to issues.exclude-dirs * [`b49377975`](b493779) update golangci-lint to v1.64.2 * [`6e45022a1`](6e45022) build(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.5.0 * [`09ce0f2a1`](09ce0f2) build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.2 * [`de63a740b`](de63a74) build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 * Fix lost container logs from quickly closing io ([#12376](#12376)) * [`f953ee8a3`](f953ee8) bugfix:fix container logs lost because io close too quickly * CI: update Fedora to 43 ([#12448](#12448)) * [`f6f15f513`](f6f15f5) CI: update Fedora to 43 * Disable event subscriber during task cleanup ([#12406](#12406)) * [`2a2329cbd`](2a2329c) cri/server/podsandbox: disable event subscriber * CI: skip ubuntu-24.04-arm on private repos ([#12428](#12428)) * [`dfb954743`](dfb9547) CI: skip ubuntu-24.04-arm on private repos * Remove additional fuzzers from instrumentation repo ([#12420](#12420)) * [`f6b02f6bb`](f6b02f6) Remove additional fuzzers from CI * runc:Update runc binary to v1.3.1 ([#12275](#12275)) * [`75c13ee3f`](75c13ee) runc:Update runc binary to v1.3.1 * Add SystemdCgroup to default runtime options ([#12254](#12254)) * [`427cdd06c`](427cdd0) add SystemdCgroup to default runtime options * install-runhcs-shim: fetch target commit instead of tags ([#12255](#12255)) * [`0b35e19fb`](0b35e19) install-runhcs-shim: fetch target commit instead of tags * Fix userns with container image VOLUME mounts that need copy ([#12241](#12241)) * [`3212afc2f`](3212afc) integration: Add test for directives with userns * [`b855c6e10`](b855c6e) cri: Fix userns with Dockerfile VOLUME mounts that need copy * Fix overlayfs issues related to user namespace ([#12223](#12223)) * [`05c0c99f4`](05c0c99) core/mount: Retry unmounting idmapped directories * [`afdede4ce`](afdede4) core/mount: Test cleanup of DoPrepareIDMappedOverlay() * [`47205f814`](47205f8) core/mount: Properly cleanup on doPrepareIDMappedOverlay errors * [`6f4abd970`](6f4abd9) core/mount: Don't call nil function on errors * [`a2f0d65d7`](a2f0d65) core/mount: Only idmap once per overlayfs, not per layer * [`1c32accd7`](1c32acc) Make ovl idmap mounts read-only * ci: bump Go 1.23.12, 1.24.6 ([#12187](#12187)) * [`9e72e91e6`](9e72e91) ci: bump Go 1.23.12, 1.24.6 * Create bootstrap.json with 0644 permission ([#12184](#12184)) * [`009622e04`](009622e) fix: create bootstrap.json with 0644 permission * Fix pidfd leak in UnshareAfterEnterUserns ([#12178](#12178)) * [`5bec0a332`](5bec0a3) sys: fix pidfd leak in UnshareAfterEnterUserns * Fix windows test failures ([#12120](#12120)) * [`2a2488131`](2a24881) Fix intermittent test failures on Windows CIs * [`018470948`](0184709) Remove WS2025 from CIs due to regression * Add dial timeout field to hosts toml configuration ([#12136](#12136)) * [`b50cbbc98`](b50cbbc) Add dial timeout field to hosts toml configuration </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v2.0.6](https://github.com/containerd/containerd/releases/tag/v2.0.6) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
containerd 1.7.29 Welcome to the v1.7.29 release of containerd! The twenty-ninth patch release for containerd 1.7 contains various fixes and updates including security patches. ### Security Updates * **containerd** * [**GHSA-pwhc-rpq9-4c8w**](GHSA-pwhc-rpq9-4c8w) * [**GHSA-m6hq-p25p-ffr2**](GHSA-m6hq-p25p-ffr2) * **runc** * [**GHSA-qw9x-cqr3-wc7r**](GHSA-qw9x-cqr3-wc7r) * [**GHSA-cgrx-mc8f-2prm**](GHSA-cgrx-mc8f-2prm) * [**GHSA-9493-h29p-rfm2**](GHSA-9493-h29p-rfm2) ### Highlights #### Image Distribution * **Update differ to handle zstd media types** ([#12018](#12018)) #### Runtime * **Update runc binary to v1.3.3** ([#12480](#12480)) * **Fix lost container logs from quickly closing io** ([#12375](#12375)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Akihiro Suda * Phil Estes * Austin Vazquez * Sebastiaan van Stijn * ningmingxiao * Maksym Pavlenko * StepSecurity Bot * wheat2018 ### Changes <details><summary>38 commits</summary> <p> * [`442cb34bd`](442cb34) Merge commit from fork * [`0450f046e`](0450f04) Fix directory permissions * [`e5cb6ddb7`](e5cb6dd) Merge commit from fork * [`c575d1b5f`](c575d1b) fix goroutine leak of container Attach * Prepare release notes for v1.7.29 ([#12486](#12486)) * [`1fc2daaf3`](1fc2daa) Prepare release notes for v1.7.29 * Update runc binary to v1.3.3 ([#12480](#12480)) * [`3f5f9f872`](3f5f9f8) runc: Update runc binary to v1.3.3 * Update GHA images and bump Go 1.24.9; 1.25.3 ([#12471](#12471)) * [`667409fb6`](667409f) ci: bump Go 1.24.9, 1.25.3 * [`294f8c027`](294f8c0) Update GHA runners to use latest images for basic binaries build * [`cf66b4141`](cf66b41) Update GHA runners to use latest image for most jobs * [`fa3e6fa18`](fa3e6fa) pkg/epoch: extract parsing SOURCE_DATE_EPOCH to a function * [`ac334bffc`](ac334bf) pkg/epoch: fix tests on macOS * [`d04b8721f`](d04b872) pkg/epoch: replace some fmt.Sprintfs with strconv * CI: update Fedora to 43 ([#12450](#12450)) * [`5cfedbf52`](5cfedbf) CI: update Fedora to 43 * CI: skip ubuntu-24.04-arm on private repos ([#12429](#12429)) * [`cf99a012d`](cf99a01) CI: skip ubuntu-24.04-arm on private repos * runc:Update runc binary to v1.3.1 ([#12276](#12276)) * [`4c77b8d07`](4c77b8d) runc:Update runc binary to v1.3.1 * Fix lost container logs from quickly closing io ([#12375](#12375)) * [`d30024db2`](d30024d) bugfix:fix container logs lost because io close too quickly * ci: bump Go 1.24.8 ([#12362](#12362)) * [`f4b3d96f3`](f4b3d96) ci: bump Go 1.24.8 * [`334fd8e4b`](334fd8e) update golangci-lint to v1.64.2 * [`8a67abc4c`](8a67abc) Drop inactivated linter exportloopref * [`e4dbf08f0`](e4dbf08) build(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.5.0 * [`d7db2ba06`](d7db2ba) build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.2 * [`d7182888f`](d718288) build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 * [`4be6c7e3b`](4be6c7e) build(deps): bump actions/cache from 4.1.2 to 4.2.0 * [`a2e097e86`](a2e097e) build(deps): bump actions/checkout from 4.2.1 to 4.2.2 * [`6de404d11`](6de404d) build(deps): bump actions/cache from 4.1.1 to 4.1.2 * [`038a25584`](038a255) [StepSecurity] ci: Harden GitHub Actions * Update differ to handle zstd media types ([#12018](#12018)) * [`eaeb4b6ac`](eaeb4b6) Update differ to handle zstd media types * ci: bump Go 1.23.12, 1.24.6 ([#12188](#12188)) * [`83c535339`](83c5353) ci: bump Go 1.23.12, 1.24.6 </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.7.28](https://github.com/containerd/containerd/releases/tag/v1.7.28)
containerd api/v1.10.0 Welcome to the api/v1.10.0 release of containerd! The 11th release for the containerd 1.x API aligns with the containerd 2.2 release. ### Highlights * **Add mount manager** The mount manager is a new service that provides lifecycle management for filesystem mounts to support more advanced use cases, such as: * **Device formatting** to create formatted filesystems (xfs, ext4) on-demand * **Mount activation** to prepare devices such as loopbacks or network fileystems * **Mount transformation** to allow mount arguments to be filled in dynamically from previous mounts * **Garbage collection** of mounts to ensure temporary mounts are never leaked ([#12063](#12063)) #### Image Distribution * **Parallel Unpack** Adds support for unpacking layers in parallel during pull operations. This feature is supported with overlayfs and EROFS snapshotters. ([#12332](#12332)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Akihiro Suda * Henry Wang * Phil Estes * Wei Fu ### Changes <details><summary>14 commits</summary> <p> * Prepare release notes for api/v1.10.0 ([#12472](#12472)) * [`69c855bb5`](69c855b) Prepare release notes for api/v1.10.0 * api/go.mod: golang.org/x/net v0.38.0 ([#12430](#12430)) * [`4c7b94fce`](4c7b94f) api/go.mod: golang.org/x/net v0.38.0 * Prepare release notes for api/v1.10.0-rc.0 ([#12408](#12408)) * [`fbc7848f2`](fbc7848) Prepare release notes for api/v1.10.0-rc.0 * Add parallel unpack support ([#12332](#12332)) * [`0198b87fc`](0198b87) Implement parallel unpack * Prepare release notes for api/v1.10.0-beta.0 ([#12346](#12346)) * [`aa571f63c`](aa571f6) Prepare release notes for api/v1.10.0-beta.0 * Add mount manager ([#12063](#12063)) * [`8db301086`](8db3010) Add mounts api service * [`67fbf9db9`](67fbf9d) Generate and vendor proto changes * [`c5097ac63`](c5097ac) Add mount manager to protobuf services and types </p> </details> ### Dependency Changes * **golang.org/x/net** v0.37.0 -> v0.38.0 Previous release can be found at [api/v1.9.0](https://github.com/containerd/containerd/releases/tag/api/v1.9.0)
containerd 2.2.0-rc.1 Welcome to the v2.2.0-rc.1 release of containerd! *This is a pre-release of containerd* The second minor release of containerd 2.x focuses on continued stability alongside new features and improvements. This is the second time-based released for containerd. ### Highlights * Add mount manager ([#12063](#12063)) * Add conf.d include in the default config ([#12323](#12323)) * Add support for back references in the garbage collector ([#12025](#12025)) #### Container Runtime Interface (CRI) * Implement CRI ListPodSandboxMetrics ([#10691](#10691)) * Support image volume mount subpath ([#11578](#11578)) #### Go client * Update pkg/oci to use fs.FS interface and os.OpenRoot ([#12245](#12245)) #### Image Distribution * Add parallel unpack support ([#12332](#12332)) * Add referrers fetcher to remotes ([#12309](#12309)) * Tar unpack progress through transfer service ([#11921](#11921)) #### Image Storage * Update erofs snapshotter to use mount manager ([#12333](#12333)) * Add snapshotter and differ for block CIMs ([#12050](#12050)) * Add tar index mode to erofs snapshotter ([#11919](#11919)) #### Node Resource Interface (NRI) * Enable otel traces in NRI ([#12082](#12082)) * Add WASM plugin support ([containerd/nri#121](containerd/nri#121)) #### Runtime * Improve shim load time after restart by loading in parallel ([#12142](#12142)) * Fix pidfd leak in UnshareAfterEnterUserns ([#12167](#12167)) #### Deprecations * Deprecate cgroup v1 ([#12445](#12445)) * Postpone v2.2 deprecation items to v2.3 ([#12417](#12417)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Phil Estes * Akihiro Suda * Maksym Pavlenko * Wei Fu * Krisztian Litkey * Mike Brown * Akhil Mohan * Markus Lehtonen * Samuel Karp * Sebastiaan van Stijn * ningmingxiao * Austin Vazquez * yashsingh74 * Gao Xiang * Jin Dong * Chris Henzie * Kirtana Ashok * Aadhar Agarwal * Etienne Champetier * Henry Wang * Rodrigo Campos * Sascha Grunert * Aleksa Sarai * Eric Mountain * Keith Mattix II * Paweł Gronowski * Tõnis Tiigi * Adrien Delorme * Apurv Barve * Enji Cooper * Kohei Tokunaga * Max Jonas Werner * Rehan Khan * Yang Yang * jinda.ljd * jokemanfire * Amit Barve * Andrew Halaney * Antonio Ojea * Brian Goff * Carlos Eduardo Arango Gutierrez * Chenyang Yan * Dawei Wei * Divya Rani * Evan Anderson * Fabiano Fidêncio * Iceber Gu * Jared Ledvina * Jonathan Perkin * Jose Fernandez * Karl Baumgartner * Osama Abdelkader * Radostin Stoyanov * Ruidong Cao * Sameer * Sergey Kanzhelev * Swagat Bora * Sylvain MOUQUET * Tom Wieczorek * Tycho Andersen * Ubuntu * Wuyue (Tony) Sun * suranmiao * tanhuaan * zounengren ### Dependency Changes * **dario.cat/mergo** v1.0.1 -> v1.0.2 * **github.com/Microsoft/hcsshim** v0.13.0-rc.3 -> v0.14.0-rc.1 * **github.com/StackExchange/wmi** cbe66965904d **_new_** * **github.com/checkpoint-restore/checkpointctl** v1.3.0 -> v1.4.0 * **github.com/containerd/cgroups/v3** v3.0.5 -> v3.1.0 * **github.com/containerd/console** v1.0.4 -> v1.0.5 * **github.com/containerd/containerd/api** v1.9.0 -> v1.10.0-rc.0 * **github.com/containerd/go-cni** v1.1.12 -> v1.1.13 * **github.com/containerd/nri** v0.8.0 -> v0.10.0 * **github.com/containernetworking/plugins** v1.7.1 -> v1.8.0 * **github.com/coreos/go-systemd/v22** v22.5.0 -> v22.6.0 * **github.com/cpuguy83/go-md2man/v2** v2.0.5 -> v2.0.7 * **github.com/emicklei/go-restful/v3** v3.11.0 -> v3.13.0 * **github.com/fxamacker/cbor/v2** v2.7.0 -> v2.9.0 * **github.com/go-jose/go-jose/v4** v4.0.5 -> v4.1.2 * **github.com/go-logr/logr** v1.4.2 -> v1.4.3 * **github.com/go-ole/go-ole** v1.2.6 **_new_** * **github.com/golang/groupcache** 41bb18bfe9da -> 2c02b8208cf8 * **github.com/google/certtostore** v1.0.6 **_new_** * **github.com/google/deck** 105ad94aa8ae **_new_** * **github.com/gorilla/websocket** v1.5.0 -> e064f32e3674 * **github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus** v1.0.1 -> v1.1.0 * **github.com/hashicorp/errwrap** v1.1.0 **_new_** * **github.com/intel/goresctrl** v0.8.0 -> v0.9.0 * **github.com/klauspost/compress** v1.18.0 -> v1.18.1 * **github.com/knqyf263/go-plugin** v0.9.0 **_new_** * **github.com/moby/sys/capability** v0.4.0 **_new_** * **github.com/modern-go/reflect2** v1.0.2 -> 35a7c28c31ee * **github.com/opencontainers/runtime-tools** 2e043c6bd626 -> 0ea5ed0382a2 * **github.com/prometheus/client_golang** v1.22.0 -> v1.23.2 * **github.com/prometheus/client_model** v0.6.1 -> v0.6.2 * **github.com/prometheus/common** v0.62.0 -> v0.66.1 * **github.com/prometheus/procfs** v0.15.1 -> v0.16.1 * **github.com/stretchr/testify** v1.10.0 -> v1.11.1 * **github.com/tchap/go-patricia/v2** v2.3.2 -> v2.3.3 * **github.com/tetratelabs/wazero** v1.9.0 **_new_** * **github.com/urfave/cli/v2** v2.27.6 -> v2.27.7 * **github.com/vishvananda/netlink** 0e7078ed04c8 -> v1.3.1 * **go.etcd.io/bbolt** v1.4.0 -> v1.4.3 * **go.opentelemetry.io/otel** v1.35.0 -> v1.37.0 * **go.opentelemetry.io/otel/metric** v1.35.0 -> v1.37.0 * **go.opentelemetry.io/otel/sdk** v1.35.0 -> v1.37.0 * **go.opentelemetry.io/otel/trace** v1.35.0 -> v1.37.0 * **go.uber.org/goleak** v1.3.0 **_new_** * **go.yaml.in/yaml/v2** v2.4.2 **_new_** * **golang.org/x/crypto** v0.36.0 -> v0.41.0 * **golang.org/x/mod** v0.24.0 -> v0.29.0 * **golang.org/x/net** v0.38.0 -> v0.43.0 * **golang.org/x/oauth2** v0.27.0 -> v0.30.0 * **golang.org/x/sync** v0.14.0 -> v0.17.0 * **golang.org/x/sys** v0.33.0 -> v0.37.0 * **golang.org/x/term** v0.30.0 -> v0.34.0 * **golang.org/x/text** v0.23.0 -> v0.28.0 * **golang.org/x/time** v0.7.0 -> v0.14.0 * **google.golang.org/genproto/googleapis/api** 56aae31c358a -> a7a43d27e69b * **google.golang.org/genproto/googleapis/rpc** 56aae31c358a -> a7a43d27e69b * **google.golang.org/grpc** v1.72.0 -> v1.76.0 * **google.golang.org/protobuf** v1.36.6 -> v1.36.10 * **k8s.io/api** v0.32.3 -> v0.34.1 * **k8s.io/apimachinery** v0.32.3 -> v0.34.1 * **k8s.io/client-go** v0.32.3 -> v0.34.1 * **k8s.io/cri-api** v0.32.3 -> v0.34.1 * **k8s.io/utils** 3ea5e8cea738 -> 4c0f3b243397 * **sigs.k8s.io/json** 9aa6b5e7a4b3 -> cfa47c3a1cc8 * **sigs.k8s.io/randfill** v1.0.0 **_new_** * **sigs.k8s.io/structured-merge-diff/v6** v6.3.0 **_new_** * **sigs.k8s.io/yaml** v1.4.0 -> v1.6.0 Previous release can be found at [v2.1.0](https://github.com/containerd/containerd/releases/tag/v2.1.0) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
containerd 2.2.0-rc.0 Welcome to the v2.2.0-rc.0 release of containerd! *This is a pre-release of containerd* The second minor release of containerd 2.x focuses on continued stability alongside new features and improvements. This is the second time-based released for containerd. ### Highlights * Add mount manager ([#12063](#12063)) * Add conf.d include in the default config ([#12323](#12323)) * Add support for back references in the garbage collector ([#12025](#12025)) #### Container Runtime Interface (CRI) * Implement CRI ListPodSandboxMetrics ([#10691](#10691)) * Support image volume mount subpath ([#11578](#11578)) #### Go client * Update pkg/oci to use fs.FS interface and os.OpenRoot ([#12245](#12245)) #### Image Distribution * Add parallel unpack support ([#12332](#12332)) * Add referrers fetcher to remotes ([#12309](#12309)) * Tar unpack progress through transfer service ([#11921](#11921)) #### Image Storage * Update erofs snapshotter to use mount manager ([#12333](#12333)) * Add snapshotter and differ for block CIMs ([#12050](#12050)) * Add tar index mode to erofs snapshotter ([#11919](#11919)) #### Node Resource Interface (NRI) * Enable otel traces in NRI ([#12082](#12082)) * Add WASM plugin support ([containerd/nri#121](containerd/nri#121)) #### Runtime * Improve shim load time after restart by loading in parallel ([#12142](#12142)) * Fix pidfd leak in UnshareAfterEnterUserns ([#12167](#12167)) #### Deprecations * Postpone v2.2 deprecation items to v2.3 ([#12417](#12417)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Phil Estes * Akihiro Suda * Maksym Pavlenko * Krisztian Litkey * Wei Fu * Mike Brown * Markus Lehtonen * Sebastiaan van Stijn * Samuel Karp * ningmingxiao * Akhil Mohan * Austin Vazquez * yashsingh74 * Gao Xiang * Jin Dong * Chris Henzie * Kirtana Ashok * Aadhar Agarwal * Etienne Champetier * Henry Wang * Rodrigo Campos * Sascha Grunert * Aleksa Sarai * Eric Mountain * Keith Mattix II * Paweł Gronowski * Tõnis Tiigi * Adrien Delorme * Apurv Barve * Enji Cooper * Kohei Tokunaga * Max Jonas Werner * Rehan Khan * Yang Yang * jinda.ljd * jokemanfire * Amit Barve * Andrew Halaney * Antonio Ojea * Brian Goff * Carlos Eduardo Arango Gutierrez * Chenyang Yan * Dawei Wei * Divya Rani * Evan Anderson * Fabiano Fidêncio * Iceber Gu * Jared Ledvina * Jonathan Perkin * Jose Fernandez * Karl Baumgartner * Osama Abdelkader * Radostin Stoyanov * Ruidong Cao * Sameer * Sergey Kanzhelev * Swagat Bora * Sylvain MOUQUET * Tom Wieczorek * Tycho Andersen * Ubuntu * Wuyue (Tony) Sun * suranmiao * tanhuaan * zounengren ### Dependency Changes * **dario.cat/mergo** v1.0.1 -> v1.0.2 * **github.com/Microsoft/hcsshim** v0.13.0-rc.3 -> v0.14.0-rc.1 * **github.com/StackExchange/wmi** cbe66965904d **_new_** * **github.com/checkpoint-restore/checkpointctl** v1.3.0 -> v1.4.0 * **github.com/containerd/cgroups/v3** v3.0.5 -> v3.1.0 * **github.com/containerd/console** v1.0.4 -> v1.0.5 * **github.com/containerd/containerd/api** v1.9.0 -> v1.10.0-rc.0 * **github.com/containerd/go-cni** v1.1.12 -> v1.1.13 * **github.com/containerd/nri** v0.8.0 -> v0.10.0 * **github.com/containernetworking/plugins** v1.7.1 -> v1.8.0 * **github.com/coreos/go-systemd/v22** v22.5.0 -> v22.6.0 * **github.com/cpuguy83/go-md2man/v2** v2.0.5 -> v2.0.7 * **github.com/emicklei/go-restful/v3** v3.11.0 -> v3.13.0 * **github.com/fxamacker/cbor/v2** v2.7.0 -> v2.9.0 * **github.com/go-jose/go-jose/v4** v4.0.5 -> v4.1.2 * **github.com/go-logr/logr** v1.4.2 -> v1.4.3 * **github.com/go-ole/go-ole** v1.2.6 **_new_** * **github.com/golang/groupcache** 41bb18bfe9da -> 2c02b8208cf8 * **github.com/google/certtostore** v1.0.6 **_new_** * **github.com/google/deck** 105ad94aa8ae **_new_** * **github.com/gorilla/websocket** v1.5.0 -> e064f32e3674 * **github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus** v1.0.1 -> v1.1.0 * **github.com/hashicorp/errwrap** v1.1.0 **_new_** * **github.com/intel/goresctrl** v0.8.0 -> v0.9.0 * **github.com/klauspost/compress** v1.18.0 -> v1.18.1 * **github.com/knqyf263/go-plugin** v0.9.0 **_new_** * **github.com/moby/sys/capability** v0.4.0 **_new_** * **github.com/modern-go/reflect2** v1.0.2 -> 35a7c28c31ee * **github.com/opencontainers/runtime-tools** 2e043c6bd626 -> 0ea5ed0382a2 * **github.com/prometheus/client_golang** v1.22.0 -> v1.23.2 * **github.com/prometheus/client_model** v0.6.1 -> v0.6.2 * **github.com/prometheus/common** v0.62.0 -> v0.66.1 * **github.com/prometheus/procfs** v0.15.1 -> v0.16.1 * **github.com/stretchr/testify** v1.10.0 -> v1.11.1 * **github.com/tchap/go-patricia/v2** v2.3.2 -> v2.3.3 * **github.com/tetratelabs/wazero** v1.9.0 **_new_** * **github.com/urfave/cli/v2** v2.27.6 -> v2.27.7 * **github.com/vishvananda/netlink** 0e7078ed04c8 -> v1.3.1 * **go.etcd.io/bbolt** v1.4.0 -> v1.4.3 * **go.opentelemetry.io/otel** v1.35.0 -> v1.37.0 * **go.opentelemetry.io/otel/metric** v1.35.0 -> v1.37.0 * **go.opentelemetry.io/otel/sdk** v1.35.0 -> v1.37.0 * **go.opentelemetry.io/otel/trace** v1.35.0 -> v1.37.0 * **go.uber.org/goleak** v1.3.0 **_new_** * **go.yaml.in/yaml/v2** v2.4.2 **_new_** * **golang.org/x/crypto** v0.36.0 -> v0.41.0 * **golang.org/x/mod** v0.24.0 -> v0.29.0 * **golang.org/x/net** v0.38.0 -> v0.43.0 * **golang.org/x/oauth2** v0.27.0 -> v0.30.0 * **golang.org/x/sync** v0.14.0 -> v0.17.0 * **golang.org/x/sys** v0.33.0 -> v0.37.0 * **golang.org/x/term** v0.30.0 -> v0.34.0 * **golang.org/x/text** v0.23.0 -> v0.28.0 * **golang.org/x/time** v0.7.0 -> v0.14.0 * **google.golang.org/genproto/googleapis/api** 56aae31c358a -> a7a43d27e69b * **google.golang.org/genproto/googleapis/rpc** 56aae31c358a -> a7a43d27e69b * **google.golang.org/grpc** v1.72.0 -> v1.76.0 * **google.golang.org/protobuf** v1.36.6 -> v1.36.10 * **k8s.io/api** v0.32.3 -> v0.34.1 * **k8s.io/apimachinery** v0.32.3 -> v0.34.1 * **k8s.io/client-go** v0.32.3 -> v0.34.1 * **k8s.io/cri-api** v0.32.3 -> v0.34.1 * **k8s.io/utils** 3ea5e8cea738 -> 4c0f3b243397 * **sigs.k8s.io/json** 9aa6b5e7a4b3 -> cfa47c3a1cc8 * **sigs.k8s.io/randfill** v1.0.0 **_new_** * **sigs.k8s.io/structured-merge-diff/v6** v6.3.0 **_new_** * **sigs.k8s.io/yaml** v1.4.0 -> v1.6.0 Previous release can be found at [v2.1.0](https://github.com/containerd/containerd/releases/tag/v2.1.0) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent. In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
PreviousNext