containerd 1.3.10
Welcome to the v1.3.10 release of containerd!
The tenth patch release for containerd 1.3 contains a fix for CVE-2021-21334
along with various other minor issues. This is the final release for
containerd 1.3.
See GHSA-6g2q-w5j3-fwh4
for more details related to CVE-2021-21334.
Notable Updates
- Fix container create in CRI to prevent possible environment variable leak between containers #1629
- Add bounds on max
oom_score_adjvalue for shim's AdjustOOMScore #4875 - Update task manager to use fresh context when calling shim shutdown #4930
- Fix incorrect usage calculation #5126
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
Contributors
- Derek McGowan
- Phil Estes
- Sebastiaan van Stijn
- Mike Brown
- Akihiro Suda
- Kir Kolyshkin
- Wei Fu
- Shengjing Zhu
- Li Yuxuan
- Michael Crosby
- Phil Estes
- Sam Whited
- Tom Faulhaber
- Brian Goff
- Derek McGowan
- IceberGu
- Ivan Markin
- Maksym Pavlenko
- Michael Crosby
- Samuel Karp
- Simon Kaegi
- Tibor Vass
- Wilbert van de Ridder
- Xiaodong Ye
Changes
16 commits
1c5970efbMerge pull request from GHSA-6g2q-w5j3-fwh49d46f241ePrepare release notes for 1.3.100eb8cbd29Merge pull request #5126 from dmcgowan/backport-1.3-continuity-usage-calculation8f71d98c6Update continuity to fix usage calculationdc49905ceMerge pull request #5121 from fuweid/update-cri-plugin2d9c8aa4bvendor: update CRI plugin with commit ca9c553405c1d61Merge pull request #4992 from Iceber/fix-runc-v2-service-1.3fb872ce79runtime: fix shutdown runc v2 service070cc0129Merge pull request #4930 from fuweid/cherry-pick-1.3-846cb963ce97824177runtime/v2: should use defer ctx to cleanup804621064Merge pull request #4875 from johnathanmdell/release/1.3ff9f916b4Add bounds on max oom_score_adj value for AdjustOOMScore1e683ff22Merge pull request #4755 from thaJeztah/1.3_backport_cancel_shim_log_ctx_by_onclose3f694f1a3v2: Cancel shim log ctx when ttrpc is closed7a2410592v2: Fix missing ns when openShimLog on windowse9518fb31v2: Call shim.Delete at first when create is failed
Changes from containerd/continuity
53 commits
1d9893eMerge pull request #169 from dmcgowan/fix-usage-block-size363153dAdd directory size to usage calculation testb97555eFix incorrect usage calculation91328d7Merge pull request #166 from zhsj/fix-riscv64809d89cgo.mod: golang.org/x/sys to latest62ef0ffMerge pull request #165 from zhsj/fix-arm6425269efFix building on arm64310e183gha: fix invalid workflow definition04c754fMerge pull request #163 from dmcgowan/fix-sparse-file-usagebc5e3edFix usage calculation to account for sparse files03c371agha: replace uses of deprecated "set-env", "add-path"f2cc351Merge pull request #157 from thaJeztah/update_depsaaa8883Merge pull request #160 from thaJeztah/test_go_1.155b95d2dGH Actions: test against Go 1.15c9598eago.mod: github.com/opencontainers/go-digest v1.0.071d065dgo.mod: github.com/dustin/go-humanize v1.0.084c3eb7go.mod: github.com/pkg/errors v0.9.12068663go.mod: logrus v1.6.0efbc448Merge pull request #156 from estesp/disable-travise2d0145Remove travis configdaa8e1cMerge pull request #155 from estesp/gh-actions-ci8c3ce1bUpdate CI to use GitHub Actions6629113Update linting to use golangci-lint9365a1bFix golangci-lint errorsf1c9af8Merge pull request #154 from mikebrow/cleanup-nitsf681eacreduce code complexity6728803update AUTHORSf265cfffix gofmt issuescf53015Merge pull request #153 from tomfaulhaber/empty-file-fix5a33969Add a comment to clarify that we're handling the empty file case11900e8Fix sameFile() to recognize empty files as the samed3ef23fMerge pull request #151 from kolyshkin/readlink-win0f16d7aMerge pull request #150 from kolyshkin/xattr643e66eRemove Windows' Readlink forkda42a30driver: fail to build on Windows with go < 1.13d7961f4travis.yml: rm unsupported go releases, add 1.14bbd0be0sysx/xattr: improve listxattrAll9e256e6sysx/xattr: fix getxattrAll26c1120Merge pull request #109 from nogoegst/fs-openbsd0ec5967Merge pull request #148 from zhsj/fix-gccgoa7f992cfs: don't convert syscall.Timespec to unix.Timespec directly669de92Merge pull request #147 from yeahdongcn/xattrb05c0fdxattr lost when copying directory1097c8bMerge pull request #144 from SamWhited/modules91c91a7Merge branch 'master' into modulesf65d91dMerge pull request #146 from fuweid/me-enable-root-for-testing2f58149test: enable root for RequiresRoot casesabe3784Support Go Modules75bee3eMerge pull request #143 from tiborvass/fix-sockets403b5beMerge pull request #141 from WRidder/patch-1cd143eefstest: have CreateSocket actually create a socket38f9467Add src string to copyDirectory error message.cad9e55fs: support for OpenBSD
Changes from containerd/cri
14 commits
ca9c5533Merge pull request #1629 from fuweid/cherry-pick-cri-16287ea3462fcri: append envs from image config to empty slice to avoid env lost3a1c3b3bMerge pull request #1604 from samuelkarp/backport1.3-runtimesf6f5aef1Merge pull request #1610 from thaJeztah/1.3_bump_containerd7945246evendor: containerd v1.3.7 and dependencies473085cbvendor.conf: sort dependencies87913363reformat vendor.conf, and use tags again, to match containerdfa4724b7Merge pull request #1611 from thaJeztah/1.3_fix_golangci_installc04aabc3Fix golangci-lint installation8c742677enable test-integration target to specify runtime9528e306Merge pull request #1558 from cpuguy83/1.3_no_libseccomp52678022Fix header for new seccomp files.2cc11e5efix for image pull linter change7f1124c9remove libseccomp cgo dependency
Dependency Changes
- github.com/containerd/continuity f2a389ac0a02 -> 1d9893e5674b
- github.com/containerd/cri f864905c93b9 -> ca9c5533489d
Previous release can be found at v1.3.9