Releases: cri-o/cri-o
v1.34.3
CRI-O v1.34.3
The release notes have been generated for the commit range
v1.34.2...v1.34.3 on Tue, 02 Dec 2025 00:25:30 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.34.3.tar.gz
- cri-o.arm64.v1.34.3.tar.gz
- cri-o.ppc64le.v1.34.3.tar.gz
- cri-o.s390x.v1.34.3.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.34.3.tar.gz \
--certificate-identity https://github.com/cri-o/packaging/.github/workflows/obs.yml@refs/heads/main \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/packaging \
--certificate-github-workflow-ref refs/heads/main \
--signature cri-o.amd64.v1.34.3.tar.gz.sig \
--certificate cri-o.amd64.v1.34.3.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.34.3.tar.gz
> bom validate -e cri-o.amd64.v1.34.3.tar.gz.spdx -d cri-oChangelog since v1.34.2
Changes by Kind
Feature
- Add support for the credential provider: https://github.com/cri-o/crio-credential-provider (#9512, @saschagrunert)
Bug or Regression
- Fixed CVE-2025-58183: Updated tar-split to v0.12.2 to fix unbounded memory allocation vulnerability when parsing malicious container images with GNU sparse tar files. (#9590, @saschagrunert)
Uncategorized
- This commit introduces a new
housekeepingvalue for theirq-load-balancing.crio.ioannotation.
When housekeeping is set:
- The housekeeping CPU set is injected into the container's environment variables as
OPENSHIFT_HOUSEKEEPING_CPUS - IRQ SMP affinity bits are not disabled on the housekeeping CPUs when adding a new container
- The housekeeping CPUs are chosen as the first CPU within each container plus its thread siblings (#9564, @openshift-cherrypick-robot)
Dependencies
Added
- github.com/cri-o/crio-credential-provider: v0.1.1
- github.com/joho/godotenv: v1.5.1
- go.podman.io/image/v5: v5.37.0
- go.podman.io/storage: v1.60.0
Changed
- github.com/containers/storage: v1.59.1 → 606f1e4
- github.com/golang-jwt/jwt/v5: v5.2.2 → v5.3.0
- github.com/vbatts/tar-split: v0.12.1 → v0.12.2
- k8s.io/api: v0.34.0 → v0.34.1
- k8s.io/apimachinery: v0.34.0 → v0.34.1
- k8s.io/apiserver: v0.34.0 → v0.34.1
- k8s.io/client-go: v0.34.0 → v0.34.1
- k8s.io/component-base: v0.34.0 → v0.34.1
- k8s.io/cri-api: v0.34.0 → v0.34.1
- k8s.io/kms: v0.34.0 → v0.34.1
- k8s.io/kubelet: v0.34.0 → v0.34.1
Removed
Nothing has changed.
Contributors
Assets 2
v1.33.7
CRI-O v1.33.7
The release notes have been generated for the commit range
v1.33.6...v1.33.7 on Tue, 02 Dec 2025 00:25:28 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.33.7.tar.gz
- cri-o.arm64.v1.33.7.tar.gz
- cri-o.ppc64le.v1.33.7.tar.gz
- cri-o.s390x.v1.33.7.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.33.7.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.33.7 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.33.7 \
--signature cri-o.amd64.v1.33.7.tar.gz.sig \
--certificate cri-o.amd64.v1.33.7.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.33.7.tar.gz
> bom validate -e cri-o.amd64.v1.33.7.tar.gz.spdx -d cri-oChangelog since v1.33.6
Changes by Kind
Bug or Regression
- Fixed CVE-2025-58183: Updated tar-split to v0.12.2 to fix unbounded memory allocation vulnerability when parsing malicious container images with GNU sparse tar files. (#9591, @saschagrunert)
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
Contributors
Assets 2
v1.32.11
CRI-O v1.32.11
The release notes have been generated for the commit range
v1.32.10...v1.32.11 on Tue, 02 Dec 2025 00:25:32 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.32.11.tar.gz
- cri-o.arm64.v1.32.11.tar.gz
- cri-o.ppc64le.v1.32.11.tar.gz
- cri-o.s390x.v1.32.11.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.32.11.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.32.11 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.32.11 \
--signature cri-o.amd64.v1.32.11.tar.gz.sig \
--certificate cri-o.amd64.v1.32.11.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.32.11.tar.gz
> bom validate -e cri-o.amd64.v1.32.11.tar.gz.spdx -d cri-oChangelog since v1.32.10
Changes by Kind
Bug or Regression
- Fixed CVE-2025-58183: Updated tar-split to v0.12.2 to fix unbounded memory allocation vulnerability when parsing malicious container images with GNU sparse tar files. (#9592, @saschagrunert)
Uncategorized
- Server: Fix network cleanup failures when NetNS path is empty (#9617, @openshift-cherrypick-robot)
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
Contributors
Assets 2
v1.34.2
CRI-O v1.34.2
The release notes have been generated for the commit range
v1.34.1...v1.34.2 on Tue, 11 Nov 2025 11:56:19 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.34.2.tar.gz
- cri-o.arm64.v1.34.2.tar.gz
- cri-o.ppc64le.v1.34.2.tar.gz
- cri-o.s390x.v1.34.2.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.34.2.tar.gz \
--certificate-identity https://github.com/cri-o/packaging/.github/workflows/obs.yml@refs/heads/main \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/packaging \
--certificate-github-workflow-ref refs/heads/main \
--signature cri-o.amd64.v1.34.2.tar.gz.sig \
--certificate cri-o.amd64.v1.34.2.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.34.2.tar.gz
> bom validate -e cri-o.amd64.v1.34.2.tar.gz.spdx -d cri-oChangelog since v1.34.1
Changes by Kind
Uncategorized
- Changed GRPC debug log format to be more informative (#9503, @openshift-cherrypick-robot)
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
Contributors
Assets 2
v1.33.6
CRI-O v1.33.6
The release notes have been generated for the commit range
v1.33.5...v1.33.6 on Tue, 11 Nov 2025 00:25:26 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.33.6.tar.gz
- cri-o.arm64.v1.33.6.tar.gz
- cri-o.ppc64le.v1.33.6.tar.gz
- cri-o.s390x.v1.33.6.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.33.6.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.33.6 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.33.6 \
--signature cri-o.amd64.v1.33.6.tar.gz.sig \
--certificate cri-o.amd64.v1.33.6.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.33.6.tar.gz
> bom validate -e cri-o.amd64.v1.33.6.tar.gz.spdx -d cri-oChangelog since v1.33.5
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
v1.32.10
CRI-O v1.32.10
The release notes have been generated for the commit range
v1.32.9...v1.32.10 on Tue, 11 Nov 2025 00:25:23 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.32.10.tar.gz
- cri-o.arm64.v1.32.10.tar.gz
- cri-o.ppc64le.v1.32.10.tar.gz
- cri-o.s390x.v1.32.10.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.32.10.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.32.10 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.32.10 \
--signature cri-o.amd64.v1.32.10.tar.gz.sig \
--certificate cri-o.amd64.v1.32.10.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.32.10.tar.gz
> bom validate -e cri-o.amd64.v1.32.10.tar.gz.spdx -d cri-oChangelog since v1.32.9
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
v1.34.1
CRI-O v1.34.1
The release notes have been generated for the commit range
v1.34.0...v1.34.1 on Thu, 02 Oct 2025 00:23:21 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.34.1.tar.gz
- cri-o.arm64.v1.34.1.tar.gz
- cri-o.ppc64le.v1.34.1.tar.gz
- cri-o.s390x.v1.34.1.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.34.1.tar.gz \
--certificate-identity https://github.com/cri-o/packaging/.github/workflows/obs.yml@refs/heads/main \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/packaging \
--certificate-github-workflow-ref refs/heads/main \
--signature cri-o.amd64.v1.34.1.tar.gz.sig \
--certificate cri-o.amd64.v1.34.1.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.34.1.tar.gz
> bom validate -e cri-o.amd64.v1.34.1.tar.gz.spdx -d cri-oChangelog since v1.34.0
Changes by Kind
Uncategorized
- Fixed static build gpgme issue resulting in an "Invalid crypto engine" error on various platforms. (#9487, @openshift-cherrypick-robot)
- Server: Fix network cleanup failures when NetNS path is empty (#9471, @openshift-cherrypick-robot)
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
Contributors
Assets 2
v1.33.5
CRI-O v1.33.5
The release notes have been generated for the commit range
v1.33.4...v1.33.5 on Thu, 02 Oct 2025 00:22:24 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.33.5.tar.gz
- cri-o.arm64.v1.33.5.tar.gz
- cri-o.ppc64le.v1.33.5.tar.gz
- cri-o.s390x.v1.33.5.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.33.5.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.33.5 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.33.5 \
--signature cri-o.amd64.v1.33.5.tar.gz.sig \
--certificate cri-o.amd64.v1.33.5.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.33.5.tar.gz
> bom validate -e cri-o.amd64.v1.33.5.tar.gz.spdx -d cri-oChangelog since v1.33.4
Changes by Kind
Bug or Regression
- Fix log rotation not working for containers running with the kata-containers runtime (#9452, @littlejawa)
Uncategorized
- Server: Fix network cleanup failures when NetNS path is empty (#9472, @openshift-cherrypick-robot)
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
Contributors
Assets 2
v1.32.9
CRI-O v1.32.9
The release notes have been generated for the commit range
v1.32.8...v1.32.9 on Thu, 02 Oct 2025 00:22:23 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.32.9.tar.gz
- cri-o.arm64.v1.32.9.tar.gz
- cri-o.ppc64le.v1.32.9.tar.gz
- cri-o.s390x.v1.32.9.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.32.9.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.32.9 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.32.9 \
--signature cri-o.amd64.v1.32.9.tar.gz.sig \
--certificate cri-o.amd64.v1.32.9.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.32.9.tar.gz
> bom validate -e cri-o.amd64.v1.32.9.tar.gz.spdx -d cri-oChangelog since v1.32.8
Changes by Kind
Bug or Regression
- Fix log rotation not working for containers running with the kata-containers runtime (#9451, @littlejawa)
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
Contributors
Assets 2
v1.31.13
CRI-O v1.31.13
The release notes have been generated for the commit range
v1.31.12...v1.31.13 on Thu, 02 Oct 2025 00:22:29 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.31.13.tar.gz
- cri-o.arm64.v1.31.13.tar.gz
- cri-o.ppc64le.v1.31.13.tar.gz
- cri-o.s390x.v1.31.13.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.31.13.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.31.13 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.31.13 \
--signature cri-o.amd64.v1.31.13.tar.gz.sig \
--certificate cri-o.amd64.v1.31.13.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.31.13.tar.gz
> bom validate -e cri-o.amd64.v1.31.13.tar.gz.spdx -d cri-oChangelog since v1.31.12
Changes by Kind
Bug or Regression
- Fix log rotation not working for containers running with the kata-containers runtime (#9450, @littlejawa)
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.