containerd 1.7.0-beta.1
Welcome to the v1.7.0-beta.1 release of containerd!
*This is a pre-release of containerd*
The eighth major release of containerd includes new functionality alongside many improvements.
This release is intended to be the last major release of containerd 1.x before 2.0.
Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0.
This release still adheres to our backwards compability guarantees and users who do not use or enable new functionality should use this release with the same stability expectations.
The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality.
_This is a beta release and includes some functionality which is not yet complete. While most APIs are finalized before merge, they are subject to change until the official release._
### Highlights
#### Sandbox API _(experimental)_
The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs.
This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients.
* **Sandbox API** ([#6703](https://github.com/containerd/containerd/pull/6703))
* **CRI Sandbox API Implementation** ([#7228](https://github.com/containerd/containerd/pull/7228))
#### Transfer Service _(experimental)_
* **Transfer Service** ([#7320](https://github.com/containerd/containerd/pull/7320))
The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for
pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release
to allow for further plugin development and integration into existing plugins.
See the [Transfer Docs](https://github.com/containerd/containerd/blob/main/docs/transfer.md)
#### NRI _(experimental)_
* **Extend NRI scope** ([nri#16](https://github.com/containerd/nri/pull/16))
* **Support for updated NRI** ([#6019](https://github.com/containerd/containerd/pull/6019))
The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides
basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration.
This release introduces NRI v0.2.0 with an updated plugin interface to cover a wide range of use cases.
See the [NRI Docs](https://github.com/containerd/containerd/blob/main/docs/NRI.md)
#### Platform Support
* **Linux containers on FreeBSD** ([#7000](https://github.com/containerd/containerd/pull/7000))
#### Runtime Features
* **Add support for CDI device injection** ([#6654](https://github.com/containerd/containerd/pull/6654))
* **Support for cgroups blockio** ([#5490](https://github.com/containerd/containerd/pull/5490))
* **Add restart policy for enhanced restart manager** ([#6744](https://github.com/containerd/containerd/pull/6744))
#### Road to 2.0
##### Refactoring
There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points.
The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality
out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independenty. The new sandbox and distribution interfaces provide one example of this,
but it also being done for image and network management.
The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc.
Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability.
* **Remove gogoproto.customtype** ([#6699](https://github.com/containerd/containerd/pull/6699))
* **Remove enumvalue_customname, goproto_enum_prefix and enum_customname** ([#6708](https://github.com/containerd/containerd/pull/6708))
* **Remove all gogoproto extensions** ([#6829](https://github.com/containerd/containerd/pull/6829))
* **Migrate off from github.com/gogo/protobuf** ([#6841](https://github.com/containerd/containerd/pull/6841))
* **ttrpc streaming** ([ttrpc#107](https://github.com/containerd/ttrpc/pull/107))
* **Add unpack interface for client** ([#6749](https://github.com/containerd/containerd/pull/6749))
* **Add collectible resources to metadata gc** ([#6804](https://github.com/containerd/containerd/pull/6804))
##### Configuration
Existing CRI configurations will be supported until 2.0.
Any functionality split out of CRI will have their configuration migrated to new plugins.
Deprecated configuration versions and configurations for deprecated features will be removed in 2.0.
##### Deprecation
The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include.
* **Docker Schema 1 Image Deprecation** ([#6884](https://github.com/containerd/containerd/pull/6884))
#### CRI Updates
* **Support image pull progress timeout** ([#6150](https://github.com/containerd/containerd/pull/6150))
* **Fix CRI plugin to setup pod network after creating the sandbox container** ([#5904](https://github.com/containerd/containerd/pull/5904))
* **Pass all TOML runtime configuration options from CRI to the runtime** ([#7764](https://github.com/containerd/containerd/pull/7764))
#### Other
* **Support shallow content copy by adding reader option to local content reader at** ([#7414](https://github.com/containerd/containerd/pull/7414))
* **Add NoSameOwner option when unpacking tars** ([#7386](https://github.com/containerd/containerd/pull/7386))
* **Add `FetcherByDigest` for fetching blobs without fetching a manifest** ([#7460](https://github.com/containerd/containerd/pull/7460))
* **Update default seccomp profile to block socket calls to AF_VSOCK** ([#7510](https://github.com/containerd/containerd/pull/7510))
* **Replace fork on mount logic with CLONE_FS** ([#7513](https://github.com/containerd/containerd/pull/7513))
* **Add support for default registry host configuration** ([#7607](https://github.com/containerd/containerd/pull/7607))
* **Use github.com/minio/sha256-simd for more efficient sha256 calculation** ([#7732](https://github.com/containerd/containerd/pull/7732))
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
### Contributors
* Kazuyoshi Kato
* Derek McGowan
* Phil Estes
* Maksym Pavlenko
* Wei Fu
* Akihiro Suda
* Sebastiaan van Stijn
* Samuel Karp
* Mike Brown
* Krisztian Litkey
* Daniel Canter
* Ye Sijun
* yanggang
* Adam Korcz
* Ed Bartosh
* Stefan Berger
* Gabriel Adrian Samfira
* Nashwan Azhari
* Paul "TBBle" Hampson
* Luca Comellini
* ruiwen-zhao
* xin.li
* Austin Vazquez
* Brian Goff
* Shengjing Zhu
* zounengren
* Danny Canter
* Gavin Inglis
* Henry Wang
* Iceber Gu
* Justin Terry
* Swagat Bora
* wanglei
* Akhil Mohan
* Kevin Parsons
* lengrongfu
* Michael Crosby
* Paco Xu
* Qiutong Song
* Shiming Zhang
* James Jenkins
* Michael Zappa
* Tobias Klauser
* guodong
* pigletfly
* Amit Barve
* Antonio Ojea
* Cameron Sparr
* Craig Ingram
* Eng Zer Jun
* Eric Lin
* James Sturtevant
* Jess
* Jonny Stoten
* Juan Hoyos
* Kang.Zhang
* Mikko Ylinen
* Paul Cacheux
* Paul S. Schweigert
* Vincent Batts
* Yasin Turan
* bin liu
* cosmoer
* dependabot[bot]
* Abirdcfly
* Aditi Sharma
* Aman Sharma
* Anastassios Nanos
* Andrew G. Morgan
* Andrey Klimentyev
* Antti Kervinen
* Aviral Takkar
* Baoshuo
* Benjamin Elder
* Chao Dai
* Chuanying Du
* Claudiu Belu
* Cory Snider
* Danielle Lancashire
* Dat Nguyen
* Davanum Srinivas
* Dave
* David Porter
* Dmitry Shurupov
* Eric Ernst
* Ethan Lowman
* Fabian Hoffman
* Fabian Hoffmann
* Fahed Dorgaa
* Gabriela Cervantes
* Gijs Peskens
* Hamza El-Saawy
* Hsing-Yu (David) Chen
* Ikko Ashimine
* Jeff Widman
* Jeff Zvier
* Jeremi Piotrowski
* Jin Dong
* Jordan Karaze
* Joseph Sheng
* Joyce Brum
* Jukka Rissanen
* Kate
* Kathryn Baldauf
* Kirtana Ashok
* Kohei Tokunaga
* Kyle L Frisbie
* LongtaoZhang
* Manuel Alejandro de Brito Fontes
* Marc Schwind
* Mark Rossetti
* Marvin Giessing
* Mathis Michel
* Merlin Ran
* Nabeel Rana
* Nguyen Phan Huy
* Nikita Rybak
* Nobel Barakat
* Oleg Atamanenko
* Oleg Zhurakivskyy
* Oliver Radwell
* Qasim Sarfraz
* Quan Tian
* Rodrigo Campos
* Roy Yang
* Serge Logvinov
* Shane Jennings
* Shaun Lawrie
* Shinichi Morimoto
* SilverSoldier
* Sophie Liu
* Su Fei
* Taeho Nam
* Takumasa Sakao
* Tiger Kaovilai
* Tom Godkin
* Tomoya.Fujita
* Tony Fang
* Tõnis Tiigi
* Xinlin Ma
* Yakul Garg
* Zhang Tianyang
* Zhongming Chang
* Zhuchen Wang
* austinvazquez
* calvin0327
* cardy.tang
* dabaooline
* guiyong.ou
* huoqifeng
* jianfei.zhang
* ningmingxiao
* shi yixue
* shuaichang
* songjiang han
* wusong
* xiaoyang zhu
* yanghesong
* yaozhenxiu
* zhang he
### Changes
<details><summary>1256 commits</summary>
<p>
* Prepare release notes for v1.7.0-beta.1 ([#7793](https://github.com/containerd/containerd/pull/7793))
* Prepare release notes for v1.7.0-beta.1
* support fetching containerd from non public GCS buckets ([#7771](https://github.com/containerd/containerd/pull/7771))
* disable tracing while handling token
* support fetching containerd from non public GCS buckets
* images: support specifying SourceDateEpoch via ctx ([#7651](https://github.com/containerd/containerd/pull/7651))
* images: support specifying SourceDateEpoch via ctx
* epoch: propagate SOURCE_DATE_EPOCH via ctx
* fuzzing: improve archive fuzzer ([#7718](https://github.com/containerd/containerd/pull/7718))
* fuzzing: improve archive fuzzer
* fix sdNotify func when debug level ([#7798](https://github.com/containerd/containerd/pull/7798))
* fix sdNotify func when debug level
* Upgrade GitHub actions packages in release workflow ([#7794](https://github.com/containerd/containerd/pull/7794))
* Upgrade GitHub actions packages in release workflow
* Enable GitHub Actions local Linux CI runs ([#7796](https://github.com/containerd/containerd/pull/7796))
* Enable GitHub Actions local Linux CI runs
* integration: increase timeout in container_event_test.go ([#7791](https://github.com/containerd/containerd/pull/7791))
* integration: increase timeout in container_event_test.go
* digest: use github.com/minio/sha256-simd ([#7732](https://github.com/containerd/containerd/pull/7732))
* digest: use github.com/minio/sha256-simd
* allow client to remove created tasks with PID 0 ([#7787](https://github.com/containerd/containerd/pull/7787))
* allow client to remove created tasks with PID 0
* Add container event support to containerd ([#7073](https://github.com/containerd/containerd/pull/7073))
* Add Evented PLEG support to sandbox server
* Add container event support to containerd
* docs: Authorizer.Authorize could return ErrUnexpectedStatus ([#7786](https://github.com/containerd/containerd/pull/7786))
* docs: Authorizer.Authorize could return ErrUnexpectedStatus
* fix: check for tmpfs when evaluating if userxattr is needed ([#7772](https://github.com/containerd/containerd/pull/7772))
* fix: check for tmpfs when evaluating if userxattr should be used
* Pass TOML configuration options for runtimes CRI is not aware of ([#7764](https://github.com/containerd/containerd/pull/7764))
* Pass runtime configuration as TOML blob
* Update runtime options to include bytes blob
* Cleanup build constraints ([#7776](https://github.com/containerd/containerd/pull/7776))
* Respect no_cri constraint
* Cleanup build constraints
* There is no way to disable debug endpoint on Darwin ([#7775](https://github.com/containerd/containerd/pull/7775))
* Fix default config for Darwin
* CI: Vagrant: pin rockylinux/8 to v5.0.0 ([#7777](https://github.com/containerd/containerd/pull/7777))
* CI: Vagrant: pin rockylinux/8 to v5.0.0
* vendor: golang.org/x/net v0.4.0 ([#7774](https://github.com/containerd/containerd/pull/7774))
* vendor: golang.org/x/net v0.4.0
* Fix context when waiting sandbox ([#7773](https://github.com/containerd/containerd/pull/7773))
* Fix context when waiting sandbox
* Github Security Advisory [GHSA-2qjp-425j-52j9](https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9)
* CRI stream server: Fix goroutine leak in Exec
* update to go1.19.4, go1.18.9 ([#7765](https://github.com/containerd/containerd/pull/7765))
* update to go1.19.4, go1.18.9
* Change PushContent to require only Provider ([#7763](https://github.com/containerd/containerd/pull/7763))
* Change PushContent to require only Provider
* sbserver bug fixing ([#7768](https://github.com/containerd/containerd/pull/7768))
* sbserver bug fixing
* Add unit test to Opentelemetry tracing ([#7671](https://github.com/containerd/containerd/pull/7671))
* Adding unit tests to opentelemetry tracing
* remove some (aliases for) deprecated functions ([#7525](https://github.com/containerd/containerd/pull/7525))
* sys: remove unused GetOpenFds()
* remotes/docker: remove deprecated NewAuthorizer alias
* sys: remove aliases for deprecated EpollCreate1, EpollCtl, EpollWait
* pkg/cri/util/: remove deprecated NormalizeImageRef alias
* sys: remove alias for deprecated sys.RunningInUserNS()
* Refactor ctr restore to allow for tty allocation ([#7673](https://github.com/containerd/containerd/pull/7673))
* Refactored ctr to allow for tty allocation when container has {terminal:true} within Spec
* fix panic when containerd-stress density --count 0 ([#7748](https://github.com/containerd/containerd/pull/7748))
* fix panic when containerd-stress density --count 0
* Unwrap proto errors in streaming client ([#7753](https://github.com/containerd/containerd/pull/7753))
* Unwrap proto errors in streaming client
* Fix process_vm_* syscall names in seccomp ([#7755](https://github.com/containerd/containerd/pull/7755))
* Fix process_vm_* syscall names in seccomp
* upgrade the ops.md output for current 1.7 version . ([#7747](https://github.com/containerd/containerd/pull/7747))
* upgrade the ops.md output for current 1.7 version .
* docs: Add extra security instructions ([#7743](https://github.com/containerd/containerd/pull/7743))
* docs: Add extra security instructions
* go.mod: re-vendor NRI from the official repo. ([#7744](https://github.com/containerd/containerd/pull/7744))
* go.mod: re-vendor NRI from the official repo.
* [Sandbox API] CRI status cleanup ([#7731](https://github.com/containerd/containerd/pull/7731))
* [sandbox] Fix panic when waiting for sandbox controller
* [sandbox] Specify sandbox ID when using sandboxed shims
* [sandbox] Don't access pause container when creating pod container
* [sandbox] Move sandbox info to podsandbox controller
* [sandbox] Update Controller.Status protos
* Transfer service ([#7320](https://github.com/containerd/containerd/pull/7320))
* Rename transferer to transferrer
* Cleanup code comments and lint fixes
* Update transfer docs
* Rename local transfer plugin
* Add variables names to transfer interface
* Combine stream fuzz tests
* Add media type to export stream
* Update export API types
* Update ctr to make local the default for distribution
* Update import cli to use transfer service
* Update import logic
* Update API for import types
* Update pull command to use filter arguments
* Add filter fields to image store types
* Improve push handler ordering
* Add push progress
* Fixup pull authorization and labeling
* Lint fixes
* Regenerated protobuf files with updated version
* Add transfer docs
* Add transfer integration test
* Update ctr commands to use transfer interface
* Update transfer packages
* Update transfer API
* Add transfer plugin registration
* Add basic import and export handlers
* Add binary stream functionality and helpers
* Implement client interface for transfer service
* Add progress
* Add transfer proxy client
* Transfer interface and plugin work in progress
* Transfer API types
* Add transfer API
* Add streaming service
* NRI: add support for NRI with extended scope. ([#6019](https://github.com/containerd/containerd/pull/6019))
* docs: add NRI-related documentation.
* pkg/cri/server: nuke old v0.1.0 NRI hooks.
* integration: add first NRI integration tests.
* pkg/cri/server: experimental NRI integration for CRI.
* nri: add experimental NRI plugin.
* archive: set WithModTimeUpperBound when WithSourceDateEpoch is set ([#7710](https://github.com/containerd/containerd/pull/7710))
* archive: set WithModTimeUpperBound when WithSourceDateEpoch is set
* Fix order of operations when setting lease labels ([#7702](https://github.com/containerd/containerd/pull/7702))
* Fix order of operations when setting lease labels
* Add ctr image prune command ([#7730](https://github.com/containerd/containerd/pull/7730))
* Add ctr image prune
* Check for nullptr before dereferencing ([#7708](https://github.com/containerd/containerd/pull/7708))
* Added nullptr checks to pkg/cri/server and sbserver
* use MaxConcurrentDownloads instead of MaxConcurrentUploadedLayers ([#7736](https://github.com/containerd/containerd/pull/7736))
* use MaxConcurrentDownloads instead of MaxConcurrentUploadedLayers
* introspection: expose the daemon's PID and PIDNS ([#7694](https://github.com/containerd/containerd/pull/7694))
* introspection: expose the daemon's PID and PIDNS
* reference/docker: synchronize fork with upstream distribution/distribution ([#7635](https://github.com/containerd/containerd/pull/7635))
* registry: support ipv6 addresses
* Replace references to `re` with `regexp.MustCompile`
* Improve how reference regexps are built
* Clarify repo name regex intention
* go.mod: change imports to github.com/distribution/distribution/v3
* Update repo normalize error message to include the name of the repo.
* Fix bug in parsing domain from repository reference
* reference/docker: add unit-tests from upstream distribution/distribution
* reference/docker: align files with original code
* go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions ([#7721](https://github.com/containerd/containerd/pull/7721))
* go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions
* Add ptrace readby and tracedby to default AppArmor profile ([#7714](https://github.com/containerd/containerd/pull/7714))
* Add ptrace readby and tracedby to default AppArmor profile
* Fix sandbox API when calling sandboxed shims ([#7684](https://github.com/containerd/containerd/pull/7684))
* Use sandbox store to retrieve runtime info for sandboxed containers
* Retrieve sandbox creation time from store.
* Remove duplicated helpers
* Specify runtime configuration for sandbox shims
* make status more readable and update easy. ([#7669](https://github.com/containerd/containerd/pull/7669))
* make status more readable and update easy.
* integration/client: fix go.mod grouping, containerd to v1.7.0-beta.0, cgroups back to v1.0.4 ([#7720](https://github.com/containerd/containerd/pull/7720))
* go.mod: roll back github.com/containerd/cgroups to v1.0.4 release
* integration/client: update containerd version to v1.7.0-beta.0
* integration/client: fix go.mod grouping
* Resolve warnings in Windows GitHub Actions periodic workflows ([#7706](https://github.com/containerd/containerd/pull/7706))
* Resolve warnings in Windows GitHub Actions periodic workflows
* Sandbox API: implement Controller.Status for SandboxAPI ([#7470](https://github.com/containerd/containerd/pull/7470))
* feat add sandbox api status func
* [port #5904 to sbserver] Setup pod network after creating the sandbox container ([#7426](https://github.com/containerd/containerd/pull/7426))
* integration: enable CNI slow test for sbserver
* sbserver: save netns in sandbox metadata on create
* integration: enable tests for sbserver
* sbserver: persist sandbox during partial teardown
* fix for OSS-Fuzz infra changes ([#7677](https://github.com/containerd/containerd/pull/7677))
* fix for OSS-Fuzz infra changes
* runtime/v2/shim: clean up the use of containerdBinary ([#7499](https://github.com/containerd/containerd/pull/7499))
* runtime/v2/shim: clean up the use of containerdBinary
* Add process_vm read and write calls to default seccomp profile ([#7693](https://github.com/containerd/containerd/pull/7693))
* Add process_vm read and write calls to default seccomp profile
* Resolve Scorecards GitHub Actions workflow warnings ([#7707](https://github.com/containerd/containerd/pull/7707))
* Resolve Scorecards GitHub Actions workflow warnings
* cri: add pod uid annotation ([#7697](https://github.com/containerd/containerd/pull/7697))
* cri: add pod uid annotation
* Missed out `platform interface` when reused the conn for Client. ([#7699](https://github.com/containerd/containerd/pull/7699))
* Missed out `platform interface` when reused the conn for Client.
* overlayfs: remove duplicated tx rollback ([#7700](https://github.com/containerd/containerd/pull/7700))
* remove duplicated tx rollback
* go.mod: update some dependencies ([#7704](https://github.com/containerd/containerd/pull/7704))
* go.mod: github.com/matttproud/golang_protobuf_extensions v1.0.2
* go.mod: github.com/moby/sys/sequential v0.5.0
* go.mod: github.com/cpuguy83/go-md2man/v2 v2.0.2
* go.mod: github.com/AdaLogics/go-fuzz-headers v0.0.0-20221118232415-3345c89a7c72
* go.mod: golang.org/x/sys v0.2.0
* go.mod: github.com/sirupsen/logrus v1.9.0
* update github.com/cpuguy83/go-md2man/v2 to v2.0.2 ([#7705](https://github.com/containerd/containerd/pull/7705))
* update github.com/cpuguy83/go-md2man/v2 to v2.0.2
* Fsnotify bump and change code ([#7703](https://github.com/containerd/containerd/pull/7703))
* Change fsnotify event status condition.
* Bump fsnotify to v1.6.0
* fix build containerd in centos9 ([#7683](https://github.com/containerd/containerd/pull/7683))
* Fix building.md for btrfs
* Bump urfave-cli to v1.22.10 ([#7701](https://github.com/containerd/containerd/pull/7701))
* Bump urfave-cli to v1.22.10
* can set up the network serially by CNI plugins ([#7685](https://github.com/containerd/containerd/pull/7685))
* can set up the network serially by CNI plugins
* Update cri-api dependency to v0.26.0-beta.0 ([#7656](https://github.com/containerd/containerd/pull/7656))
* Update to cri-api v0.26.0-beta.0
* Copy cri-api v1alpha2 from v0.25.4 to containerd internal directory
* overlay: Remove unused method param ([#7696](https://github.com/containerd/containerd/pull/7696))
* overlay: Remove unused method param
* CI: update Fedora to 37 ([#7691](https://github.com/containerd/containerd/pull/7691))
* CI: update Fedora to 37
* tx rollback when GetInfo return error ([#7678](https://github.com/containerd/containerd/pull/7678))
* tx rollback when GetInfo return error
* Upgrade github.com/containerd/cgroups from v1 to v3 ([#7601](https://github.com/containerd/containerd/pull/7601))
* Remove the outdated comment
* Convert hcsshim's stats to cgroups' stats
* Use github.com/containerd/cgroups/v3 to remove gogo
* Remove OpenTelementry imports from remotes/docker package ([#7675](https://github.com/containerd/containerd/pull/7675))
* Remove OpenTelementry imports from remotes/docker package
* Expose Done and Err in Shutdown service ([#7686](https://github.com/containerd/containerd/pull/7686))
* Expose Done and Err in Shutdown service
* gotestsum match go version 1.19 ([#7688](https://github.com/containerd/containerd/pull/7688))
* gotestsum match go version 1.19
* complement sub-command note for containerd-main ([#7670](https://github.com/containerd/containerd/pull/7670))
* complement sub-command note for containerd-main
* keep the lower case letter for flag info ([#7668](https://github.com/containerd/containerd/pull/7668))
* keep the lower case letter for flag info
* bump critools into ca1571e6edd116b2c95f52e3dfa0b4779b74223a ([#7666](https://github.com/containerd/containerd/pull/7666))
* bump critools into ca1571e6edd116b2c95f52e3dfa0b4779b74223a
* Fix broken link for CRI plugin in docs ([#7667](https://github.com/containerd/containerd/pull/7667))
* Replace broken and redirection link for CRI and kubelet in docs
* add option to resolve symlinks in WithLinuxDevice ([#7523](https://github.com/containerd/containerd/pull/7523))
* add option to resolve symlinks to linux device
* Bump k8s.io deps to v0.25.4 ([#7663](https://github.com/containerd/containerd/pull/7663))
* Bump k8s.io deps to v0.25.4
* Release: add static binaries ([#7659](https://github.com/containerd/containerd/pull/7659))
* Release: add static binaries
* Bump OpenTelemetry contrib to v0.36.4 ([#7662](https://github.com/containerd/containerd/pull/7662))
* Bump OpenTelemetry contrib to v0.36.4
* Fix slice append error (`spec.Linux.Resources.HugepageLimits`) ([#7661](https://github.com/containerd/containerd/pull/7661))
* Fix slice append error
* Bump OpenTelemetry to v1.11.1 ([#7660](https://github.com/containerd/containerd/pull/7660))
* Bump OpenTelemetry to v1.11.1
* feature: add gc scheduler metrics collection count ([#5263](https://github.com/containerd/containerd/pull/5263))
* add gc scheduler metrics: collection count
* Add `--debug` args to all subcommands of `ctr pprof` ([#7629](https://github.com/containerd/containerd/pull/7629))
* Add `--debug` args
* Add a thin wrapper around otel Span object ([#7655](https://github.com/containerd/containerd/pull/7655))
* Add a thin wrapper around otel Span object
* Bump grpc to v1.50.1 ([#7643](https://github.com/containerd/containerd/pull/7643))
* Bump grpc to v1.50.1
* replace strings.Split(N) for strings.Cut() or alternatives ([#7631](https://github.com/containerd/containerd/pull/7631))
* replace strings.Split(N) for strings.Cut() or alternatives
* services/server/config: TestMergeConfigs(): use correctly formatted values
* add oci.WithCPURT ([#7642](https://github.com/containerd/containerd/pull/7642))
* add oci.WithCPURT
* Sandbox API: Add a new mode config for sandbox controller impls ([#7590](https://github.com/containerd/containerd/pull/7590))
* Sandbox API: Add a new mode config for sandbox controller impls
* fuzzing: bump go-fuzz-headers ([#7625](https://github.com/containerd/containerd/pull/7625))
* fuzzing: bump go-fuzz-headers
* Bump k8s.io deps to v0.25.3 ([#7637](https://github.com/containerd/containerd/pull/7637))
* Bump k8s.io deps to v0.25.3
* Remove uses of deprecated go-digest.NewDigestFromHex, go-digest.Digest.Hex ([#7641](https://github.com/containerd/containerd/pull/7641))
* Remove uses of deprecated go-digest.NewDigestFromHex, go-digest.Digest.Hex
* Extra documentation for content interfaces ([#7640](https://github.com/containerd/containerd/pull/7640))
* Extra documentation for content interfaces.
* Fix shim socket permissions on Darwin ([#7638](https://github.com/containerd/containerd/pull/7638))
* Rename darwin-kubelet to containerd
* s390x: build and package s390x bin in release assets ([#7614](https://github.com/containerd/containerd/pull/7614))
* s390x: initial enabler
* Replace mount fork hack with CLONE_FS ([#7513](https://github.com/containerd/containerd/pull/7513))
* Replace mount fork hack with CLONE_FS
* remotes: add `FetcherByDigest` for fetching blobs without foreknown descriptors (useful for general-purpose CAS) ([#7460](https://github.com/containerd/containerd/pull/7460))
* ctr: add `ctr content fetch-blob`
* remotes: add FetcherByDigest for fetching blobs without foreknown descriptors
* Fix "getCPUInfo for OS freebsd: not implemented" on FreeBSD/arm64 ([#7403](https://github.com/containerd/containerd/pull/7403))
* Fix "getCPUInfo for OS freebsd: not implemented" on FreeBSD/arm64
* Support default hosts.toml configuration ([#7607](https://github.com/containerd/containerd/pull/7607))
* Update hosts doc
* Support default hosts.toml configuration
* Add tracing spans in CRI image service and pull.go ([#7453](https://github.com/containerd/containerd/pull/7453))
* add SpanAttribute
* Add tracing spans in CRI image service and pull.go
* Fix missing closed fifo ([#7604](https://github.com/containerd/containerd/pull/7604))
* Fix missing closed fifo
* fix comments ([#7624](https://github.com/containerd/containerd/pull/7624))
* fix comments
* docs: add additional info in backport process ([#7626](https://github.com/containerd/containerd/pull/7626))
* add additional info in backport process
* go.mod: golang.org/x/*: use tagged versions ([#7621](https://github.com/containerd/containerd/pull/7621))
* go.mod: golang.org/x/*: use tagged versions
* Bump go version to 1.19.3 ([#7620](https://github.com/containerd/containerd/pull/7620))
* Bump go version to 1.19.3
* ctr export strictly matching ([#7615](https://github.com/containerd/containerd/pull/7615))
* ctr export strictly match default platform
* Fix ctr crash when pulling with --http-dump and --http-trace simultaneously ([#7617](https://github.com/containerd/containerd/pull/7617))
* Fix ctr crash when pulling with http-trace and http-dump
* Harden GITHUB_TOKEN permissions for OSSF Scorecard ([#7599](https://github.com/containerd/containerd/pull/7599))
* Harden GITHUB_TOKEN permissions
* overlayutils: Add fastpath for userxattr check ([#7611](https://github.com/containerd/containerd/pull/7611))
* overlayutils: Add fastpath for userxattr check
* Add sequence diagram for shim runtime v2 ([#7606](https://github.com/containerd/containerd/pull/7606))
* Add sequence diagram for shim runtime v2
* Sandbox API: Move remote impls to /sandbox/proxy ([#7600](https://github.com/containerd/containerd/pull/7600))
* Sandbox API: Move remote impls to /sandbox/proxy
* fuzzing: improve archive fuzzer ([#7588](https://github.com/containerd/containerd/pull/7588))
* fuzzing: improve archive fuzzer
* Retry client connection in waitForStart ([#7537](https://github.com/containerd/containerd/pull/7537))
* Retry client connection in waitForStart
* Add Workflow for running critest with Hyper-V Containers on Windows. ([#7025](https://github.com/containerd/containerd/pull/7025))
* Add Workflow for running critest with Hyper-V Containers on Windows.
* Add HyperV config in tests
* Add release notes for v1.7.0-beta.0 ([#7575](https://github.com/containerd/containerd/pull/7575))
* Add release notes for v1.7.0-beta.0
* Update mailmap
* Cleanup sandbox interfaces ([#7576](https://github.com/containerd/containerd/pull/7576))
* Cleanup sandbox interfaces
* Update GitHub actions release workflow set output ([#7581](https://github.com/containerd/containerd/pull/7581))
* Migrate away from GitHub actions set-output
* Fix LogURI generation-related tests on Windows. ([#7569](https://github.com/containerd/containerd/pull/7569))
* Fix LogURI generation-related tests on Windows.
* maintenance: Remove WithWindowsNetworkNamespace from pkg/cri ([#7577](https://github.com/containerd/containerd/pull/7577))
* maintenance: Remove WithWindowsNetworkNamespace from pkg/cri
* CRI: implement Controller.Delete for SandboxAPI ([#7457](https://github.com/containerd/containerd/pull/7457))
* CRI: implement Controller.Delete for SandboxAPI
* Configure CDI registry only on start ([#7419](https://github.com/containerd/containerd/pull/7419))
* update go.mod and go.sum
* improve CDI logging
* CDI: configure registry on start
* move WithCDI to pkg/cri/opts
* update codeql-action to v2 ([#7568](https://github.com/containerd/containerd/pull/7568))
* update codeql-action to v2
* Add logging related metrics to Containerd CRI plugin ([#7546](https://github.com/containerd/containerd/pull/7546))
* Add logging volume metrics to Containerd CRI plugin
* sys: optimize and refactor MkdirAllWithACL() ([#7531](https://github.com/containerd/containerd/pull/7531))
* sys: synchronize mkdirall() with latest os.MkDirAll()
* sys: create SecurityAttribute only once (Windows)
* sys: update volumePath regex to allow returning earlier
* sys: compile volume-path regex once, and update GoDoc
* fix install cni script ([#7484](https://github.com/containerd/containerd/pull/7484))
* fix install cni script
* Update 1.5 release support timeframe ([#7560](https://github.com/containerd/containerd/pull/7560))
* Update 1.5 release support timeframe
* bump go-fuzz-headers ([#7503](https://github.com/containerd/containerd/pull/7503))
* bump go-fuzz-headers
* Add long term stable release branches ([#7454](https://github.com/containerd/containerd/pull/7454))
* Add long term stable release branches
* fix pusher concurrent close channel ([#7473](https://github.com/containerd/containerd/pull/7473))
* fix pusher concurrent close channel
* Make tests on GitHub less noisy ([#7530](https://github.com/containerd/containerd/pull/7530))
* Use logtest if possible to clean up logs
* Separate containerd logs in GitHub Actions' console
* Upgrade critools from 1.24.1 to 1.25.0
* Upgrade actions/upload-artifact from v2 to v3
* containerd should not print error log that failed to init a tracing processor while the tracing plugin is not loaded ([#7541](https://github.com/containerd/containerd/pull/7541))
* not init a tracing processor when not loaded
* Update required Go version in BUILDING.md ([#7544](https://github.com/containerd/containerd/pull/7544))
* Update required Go version in BUILDING.md
* go.mod: matttproud/golang_protobuf_extensions v1.0.2 (use tag) ([#7522](https://github.com/containerd/containerd/pull/7522))
* go.mod: matttproud/golang_protobuf_extensions v1.0.2 (use tag)
* Use `go env` to determine GOPATH in Makefile. ([#7542](https://github.com/containerd/containerd/pull/7542))
* Use `go env` to determine GOPATH in Makefile.
* clean-up "nolint" comments, remove unused ones, update golangci-lint ([#7349](https://github.com/containerd/containerd/pull/7349))
* update golangci-lint to v1.49.0
* remove unneeded nolint-comments (nolintlint), disable deprecated linters
* clean-up "nolint" comments, remove unused ones
* pkg/cri/(server|sbserver): criService.getTLSConfig() add TODO to verify nolint
* golangci-lint: sort linters in config file
* linting: address gosec G112/G114
* Don't unmount on Darwin when deleting bundle ([#7534](https://github.com/containerd/containerd/pull/7534))
* Don't unmount on Darwin when deleting bundle
* Add timeouts to all CI jobs ([#7538](https://github.com/containerd/containerd/pull/7538))
* Add timeouts to all CI jobs
* Vagrantfile: explicitly specify rsync as the shared folder driver ([#7539](https://github.com/containerd/containerd/pull/7539))
* Vagrantfile: explicitly specify rsync as the shared folder driver
* sys: remove unused IsAbs() (windows) ([#7527](https://github.com/containerd/containerd/pull/7527))
* sys: remove unused IsAbs() (windows)
* cri: PodSandboxStatus should tolerate missing task ([#7535](https://github.com/containerd/containerd/pull/7535))
* cri: PodSandboxStatus should tolerate missing task
* CI: update GHA instances from Ubuntu 18.04 to 20.04 ([#7489](https://github.com/containerd/containerd/pull/7489))
* CI: update GHA instances from Ubuntu 18.04 to 20.04
* fix the --no-pivot flag being ignored by `ctr tasks start` ([#7519](https://github.com/containerd/containerd/pull/7519))
* fix the --no-pivot flag being ignored by `ctr tasks start`
* Update the default seccomp to block socket calls to AF_VSOCK ([#7510](https://github.com/containerd/containerd/pull/7510))
* Update the default seccomp to block socket calls to AF_VSOCK
* cmd/containerd: use golang.org/x/sys/windows.SetStdHandle() ([#7511](https://github.com/containerd/containerd/pull/7511))
* cmd/containerd: use golang.org/x/sys/windows.SetStdHandle()
* Stats() shouldn't assume s.container is non-nil ([#7517](https://github.com/containerd/containerd/pull/7517))
* Stats() shouldn't assume s.container is non-nil
* Move up actions versions to prep for NodeJS 12 deprecation ([#7516](https://github.com/containerd/containerd/pull/7516))
* Move up actions versions to prep for deprecation
* cmd/containerd: use golang.org/x/sys Service.SetRecoveryActions() ([#7512](https://github.com/containerd/containerd/pull/7512))
* cmd/containerd: use golang.org/x/sys Service.SetRecoveryActions()
* Updates oci image config to support upstream ArgsEscaped ([#7483](https://github.com/containerd/containerd/pull/7483))
* Updates oci image config to support upstream ArgsEscaped
* cmd/containerd: replace deprecated windows.IsAnInteractiveSession() ([#7497](https://github.com/containerd/containerd/pull/7497))
* cmd/containerd: replace deprecated windows.IsAnInteractiveSession()
* Update container with sandbox metadata after NetNS is created ([#7481](https://github.com/containerd/containerd/pull/7481))
* Update container with sandbox metadata after NetNS is created
* archive: add WithSourceDateEpoch() for whiteouts ([#7478](https://github.com/containerd/containerd/pull/7478))
* archive: add WithSourceDateEpoch() for whiteouts
* TestTaskResize must use a terminal ([#7492](https://github.com/containerd/containerd/pull/7492))
* TestTaskResize must use a terminal
* diff/apply.readCounter: check negative size ([#7494](https://github.com/containerd/containerd/pull/7494))
* diff/apply.readCounter: check negative size
* Add new ctr option for discarding unpacked layers ([#7425](https://github.com/containerd/containerd/pull/7425))
* Modify WithDiscardUnpackedLayers
* Add new ctr option for discarding unpacked layers
* archive: windows: chtimes(): remove redundant conversion ([#7491](https://github.com/containerd/containerd/pull/7491))
* archive: windows: chtimes(): remove redundant conversion
* archive: validate digests before use ([#7488](https://github.com/containerd/containerd/pull/7488))
* archive: validate digests before use
* vendor: github.com/opencontainers/selinux v1.10.2 ([#7482](https://github.com/containerd/containerd/pull/7482))
* vendor: github.com/opencontainers/selinux v1.10.2
* fuzzing: create structured tar bytes in archive fuzzer ([#7477](https://github.com/containerd/containerd/pull/7477))
* fuzzing: create structured tar bytes in archive fuzzer
* Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 ([#7474](https://github.com/containerd/containerd/pull/7474))
* Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715
* use raw link to containerd.service config ([#7463](https://github.com/containerd/containerd/pull/7463))
* use raw link to containerd.servic config
* cri doc: Update kata containers reference ([#7466](https://github.com/containerd/containerd/pull/7466))
* cri doc: Update kata containers reference
* Setup pod network after creating the sandbox container ([#5904](https://github.com/containerd/containerd/pull/5904))
* Add integration tests with failpoint
* Persist container and sandbox if resource cleanup fails, like teardownPodNetwork
* cri-integration: pass ENABLE_CRI_SANDBOXES to test
* Swap to net.ErrClosed checks for services ([#7446](https://github.com/containerd/containerd/pull/7446))
* Swap to net.ErrClosed checks for services
* go.mod: Bump go-winio to v0.6.0 ([#7443](https://github.com/containerd/containerd/pull/7443))
* go.mod: Bump go-winio to v0.6.0
* fix retry when writer is reset on push ([#6995](https://github.com/containerd/containerd/pull/6995))
* retry request on writer reset
* CI: Output a summary using GITHUB_SUMMARY ([#7192](https://github.com/containerd/containerd/pull/7192))
* Use jq and only show failed tests on summary
* CI: Output a summary using GITHUB_SUMMARY
* Fix missing close ([#7430](https://github.com/containerd/containerd/pull/7430))
* fix missing close
* Add test flag for skipping shim cgroup test ([#7424](https://github.com/containerd/containerd/pull/7424))
* Add test flag for skipping shim cgroup test
* Refactor CRI fuzzers ([#7405](https://github.com/containerd/containerd/pull/7405))
* Refactor CRI fuzzers
* Fix LogURIGenerator on Windows ([#7351](https://github.com/containerd/containerd/pull/7351))
* Fix LogURIGenerator on Windows
* Set grpc code for unimplemented cri-api methods ([#7417](https://github.com/containerd/containerd/pull/7417))
* Set grpc code for unimplemented cri-api methods
* Add reader option to local content reader at ([#7414](https://github.com/containerd/containerd/pull/7414))
* Add reader option to local content reader at
* Sandbox API: implement Controller.Wait and Controller.Stop ([#7401](https://github.com/containerd/containerd/pull/7401))
* CRI: implement Controller.Stop for SandboxAPI
* CRI: implement Controller.Wait for SandboxAPI
* remove stray .zuul.yaml ([#7416](https://github.com/containerd/containerd/pull/7416))
* remove stray .zuul.yaml
* reference CDI configuration details ([#7408](https://github.com/containerd/containerd/pull/7408))
* reference CDI configuration details
* cri-integration: propagate ENABLE_CRI_SANDBOXES ([#7413](https://github.com/containerd/containerd/pull/7413))
* sbserver: return resources in ContainerStatus
* cri-integration: propagate ENABLE_CRI_SANDBOXES
* Enable OpenSSF Scorecard Github Action ([#7404](https://github.com/containerd/containerd/pull/7404))
* chore: enable Scorecard Github Action
* Add ext2 fs support to devmapper snapshotter ([#7402](https://github.com/containerd/containerd/pull/7402))
* Add ext2 fs support to devmapper snapshotter
* Fuzzing: Instrument with new sanitizers ([#7396](https://github.com/containerd/containerd/pull/7396))
* Fuzzing: Instrument with new sanitizers
* Upgrade fuzzing-related packages to reduce dependencies ([#7397](https://github.com/containerd/containerd/pull/7397))
* Upgrade fuzzing-related packages to reduce dependencies
* remotes/docker/config: Skipping TLS verification for localhost ([#7393](https://github.com/containerd/containerd/pull/7393))
* remotes/docker/config: Skipping TLS verification for localhost
* Replace github.com/emicklei/go-restful package, versions <2.16.0 ([#7395](https://github.com/containerd/containerd/pull/7395))
* github.com/emicklei/go-restful CWE-285: Improper Authorization
* Add NoSameOwner option when unpacking tars ([#7386](https://github.com/containerd/containerd/pull/7386))
* Add NoSameOwner option when unpacking tars
* ctr: add privileged-without-host-devices for run command ([#7328](https://github.com/containerd/containerd/pull/7328))
* ctr: add privileged-without-host-devices for run command
* chore: matching the casing of other flags for ctr's pull command ([#7341](https://github.com/containerd/containerd/pull/7341))
* matching the casing of other flags for ctr's pull command.
* windows: Add runhcs-wcow-hypervisor runtimeclass to the default config ([#6901](https://github.com/containerd/containerd/pull/6901))
* windows: Add runhcs-wcow-hypervisor runtimeclass to the default config
* Fix missing close ([#7370](https://github.com/containerd/containerd/pull/7370))
* Fix missing close
* CRI: update cdi version to v0.5.1 ([#7374](https://github.com/containerd/containerd/pull/7374))
* update cdi version to v0.5.1
* Update to go 1.19.1, 1.18.6 to address CVE-2022-27664, CVE-2022-32190 ([#7372](https://github.com/containerd/containerd/pull/7372))
* Update to go 1.19.1, 1.18.6 to address CVE-2022-27664, CVE-2022-32190
* vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c ([#7373](https://github.com/containerd/containerd/pull/7373))
* vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c
* Remove unused variable from images action ([#7371](https://github.com/containerd/containerd/pull/7371))
* Remove unused variable from images action
* feature: use client default namespace ([#7291](https://github.com/containerd/containerd/pull/7291))
* feature: use client default namespace
* integration: TestUpdateContainerResources_MemoryLimit: remove TODO comment ([#7367](https://github.com/containerd/containerd/pull/7367))
* integration: TestUpdateContainerResources_MemoryLimit: remove TODO comment
* feature: upgrade registry.k8s.io/pause version ([#7359](https://github.com/containerd/containerd/pull/7359))
* feat: upgrade registry.k8s.io/pause version
* metrics/cgroups/v1: Remove unused event parameter ([#7361](https://github.com/containerd/containerd/pull/7361))
* metrics/cgroups/v1: Remove unused event parameter
* .zuul: remove the zuul because it is offline ([#7369](https://github.com/containerd/containerd/pull/7369))
* .zuul: remove the zuul because it is offline
* Update golangci-lint timeout to match config ([#7356](https://github.com/containerd/containerd/pull/7356))
* Update golangci-lint timeout to match config
* delete redundent import alias and and type conversion ([#7345](https://github.com/containerd/containerd/pull/7345))
* delete redundent import alias and and type conversion
* Make checkContainerTimestamps less strict on Windows ([#7350](https://github.com/containerd/containerd/pull/7350))
* Make checkContainerTimestamps less strict on Windows
* Make oss-fuzz mandatory ([#7346](https://github.com/containerd/containerd/pull/7346))
* Pin github.com/AdamKorcz/go-118-fuzz-build
* Make oss-fuzz mandatory
* Add kubernetes v1.25 supported version as v1.24 ([#7326](https://github.com/containerd/containerd/pull/7326))
* Add Kubernetes v1.25 supported version as v1.24
* sys: move ForceRemoveAll to integration/client ([#7335](https://github.com/containerd/containerd/pull/7335))
* sys: move ForceRemoveAll to integration/client
* chore: remove duplicate word in comments ([#7338](https://github.com/containerd/containerd/pull/7338))
* chore: remove duplicate word in comments
* Use ioctl helpers from x/sys/unix ([#7342](https://github.com/containerd/containerd/pull/7342))
* mount: use ioctl helpers from x/sys/unix
* go.mod, vendor: bump golang.org/x/sys to latest version
* archive: replace tarName() with filepath.ToSlash() ([#7344](https://github.com/containerd/containerd/pull/7344))
* archive: replace tarName() with filepath.ToSlash()
* mount: remove unused ErrNotImplementOnWindows ([#7339](https://github.com/containerd/containerd/pull/7339))
* mount: remove unused ErrNotImplementOnWindows
* replace sys Sequential funcs with moby/sys/sequential ([#7334](https://github.com/containerd/containerd/pull/7334))
* replace sys Sequential funcs with moby/sys/sequential
* Clarify containerd 1.5.0+ for k8s 1.20,1.21 ([#7324](https://github.com/containerd/containerd/pull/7324))
* Clarify containerd 1.5.0+ for k8s 1.20,1.21
* update runc binary to v1.1.4 ([#7315](https://github.com/containerd/containerd/pull/7315))
* go.mod: github.com/opencontainers/runc v1.1.4
* update runc binary to v1.1.4
* Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9 ([#7325](https://github.com/containerd/containerd/pull/7325))
* Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9
* Update k8s.io/cri-api to v0.25.0 ([#7287](https://github.com/containerd/containerd/pull/7287))
* update intergration
* bump cri-api
* script/setup: handle cnidir with SUDO ([#7322](https://github.com/containerd/containerd/pull/7322))
* script/setup: handle cnidir with SUDO
* ContainerStatus to return container resources ([#6517](https://github.com/containerd/containerd/pull/6517))
* ContainerStatus to return container resources
* Update CRI-API
* migrate from k8s.gcr.io to registry.k8s.io ([#7038](https://github.com/containerd/containerd/pull/7038))
* migrate from k8s.gcr.io to registry.k8s.io
* Do not rename test files on-the-fly to share functions ([#7309](https://github.com/containerd/containerd/pull/7309))
* Do not rename test files on-the-fly to share functions
* ctr import: strictly match platform ([#6906](https://github.com/containerd/containerd/pull/6906))
* ctr import: strictly match platform
* Revert "Downgrade MinGW to version 10.2.0" ([#7308](https://github.com/containerd/containerd/pull/7308))
* Revert "Downgrade MinGW to version 10.2.0"
* Follow up #7254 (Switch to Go 1.19) ([#7286](https://github.com/containerd/containerd/pull/7286))
* contrib/fuzz/daemon.go: reformat the fileheader
* pkg/cri/streaming: increase ReadHeaderTimeout
* Upgrade containerd/cgroups to remove github.com/cilium/ebpf's fuzzer ([#7304](https://github.com/containerd/containerd/pull/7304))
* crypto/sha256 must be imported
* Don't patch github.com/cilium/ebpf
* Upgrade containerd/cgroups to remove github.com/cilium/ebpf's fuzzer
* Adding support of CAP_BPF and CAP_PERFMON ([#7301](https://github.com/containerd/containerd/pull/7301))
* adding support of CAP_BPF and CAP_PERFMON
* go.mod: Bump hcsshim to v0.10.0-rc.1 ([#7284](https://github.com/containerd/containerd/pull/7284))
* Remove Windows special case in TestContainerdRestart
* go.mod: Bump hcsshim to v0.10.0-rc.1
* Don't fail test when GOOGLE_APPLICATION_CREDENTIALS is unset ([#7306](https://github.com/containerd/containerd/pull/7306))
* Don't fail test when GOOGLE_APPLICATION_CREDENTIALS is unset
* ci: remove GOPROXY environment variable due to https://github.com/go-yaml/yaml/issues/887 ([#7293](https://github.com/containerd/containerd/pull/7293))
* ci: remove GOPROXY environment variable due to https://github.com/go-yaml/yaml/issues/887
* Runtime cleanup (Shim manager and task service) ([#7280](https://github.com/containerd/containerd/pull/7280))
* Cleanup shim manager
* Make TaskList generic
* containerd-stress: add support for running through CRI ([#6931](https://github.com/containerd/containerd/pull/6931))
* containerd-stress: add support for running through CRI
* Switch to Go 1.19 ([#7254](https://github.com/containerd/containerd/pull/7254))
* Fix contrib/ header
* Rework permission handling in scripts
* Update protobuf definitions
* Run gofmt 1.19
* Update golangci-lint to 1.48 with Go 1.19 support
* Switch to Go 1.19
* Vagrantfile: dump containerd log after critest ([#7265](https://github.com/containerd/containerd/pull/7265))
* Vagrantfile: dump containerd log after critest
* oci: skip checking group id for WithAppendAdditionalGroups ([#7257](https://github.com/containerd/containerd/pull/7257))
* oci: skip checking gid for WithAppendAdditionalGroups
* release workflow: increase timeout to 30 minutes & remove Go setup action ([#7259](https://github.com/containerd/containerd/pull/7259))
* release workflow: remove Go setup action
* release workflow: increase timeout to 30 minutes
* release: rollback Ubuntu to 18.04 (except for riscv64) ([#7258](https://github.com/containerd/containerd/pull/7258))
* release: rollback Ubuntu to 18.04 (except for riscv64)
* Initial sandbox API CRI integration (implement Controller.Start) ([#7228](https://github.com/containerd/containerd/pull/7228))
* Add TODOs for the remaining work
* Update sandbox protobuf to match CRI
* Update controller's start response to incldue pid and labels
* Cleanup CRI files
* Move sandbox start behind controller
* Add sandbox to in memory services
* Add sandbox store helpers
* Use environment variable to specify Go version on CI ([#7251](https://github.com/containerd/containerd/pull/7251))
* Use global env variable to specify Go version on CI
* Update golang to 1.18.5, 1.17.13 ([#7243](https://github.com/containerd/containerd/pull/7243))
* Update golang to 1.18.5, 1.17.13
* Change os.Stderr reassign for Windows service ([#7023](https://github.com/containerd/containerd/pull/7023))
* Change os.Stderr reassign for Windows service
* script/setup: fix protobuf for aarch64 ([#7237](https://github.com/containerd/containerd/pull/7237))
* fix protobuf aarch64
* Fix cleanup in critest ([#7232](https://github.com/containerd/containerd/pull/7232))
* Fix cleanup in critest
* fix: support simultaneous create diff for same parent snapshot ([#7204](https://github.com/containerd/containerd/pull/7204))
* fix: support simultaneous create diff for same parent snapshot
* Windows HostProcess container CRI stats test ([#7223](https://github.com/containerd/containerd/pull/7223))
* Windows HostProcess container CRI stats test
* Regenerate protos with updated protoc-gen-go ([#7226](https://github.com/containerd/containerd/pull/7226))
* Regenerate protos with updated protoc-gen-go
* test: error strings should not be capitalized ([#7195](https://github.com/containerd/containerd/pull/7195))
* test: error strings should not be capitalized
* Add extra context to error when push unauthorized ([#7220](https://github.com/containerd/containerd/pull/7220))
* Add extra context to error when push unauthorized
* replace with selinux label ([#7207](https://github.com/containerd/containerd/pull/7207))
* replace with selinux label
* Use `httputil.DumpRequestOut` for dumping client req ([#7221](https://github.com/containerd/containerd/pull/7221))
* Use httputil.DumpRequestOut for dumping client req
* Fix CRI image pull timeout test for ppc64le ([#7215](https://github.com/containerd/containerd/pull/7215))
* Fix CRI image pull timeout test for ppc64le
* test: introduce failpoint control to runc-shimv2 and cni ([#7069](https://github.com/containerd/containerd/pull/7069))
* integration: simplify CNI-fp and add README.md
* pkg/failpoint: add FreeBSD link and update pkg doc
* integration: Add injected failpoint testing for RunPodSandbox
* integration: CNI bridge wrapper with failpoint
* pkg/failpoint: add DelegatedEval API
* runtime/v2/shim: return if error in load plugin
* bin/ctr,integration: new runc-shim with failpoint
* runtime/v2: manager supports server interceptor
* pkg/failpoint: init failpoint package
* chore: bump macos runner version ([#7206](https://github.com/containerd/containerd/pull/7206))
* chore: bump macos runner version
* Use image lists form integration/client tests ([#7210](https://github.com/containerd/containerd/pull/7210))
* Fix command line parsing for image list
* Update image references for Windows tests
* Use image lists instead of hardcoded images
* Use image lists in client tests
* go.mod: Bump hcsshim to v0.9.4 ([#7212](https://github.com/containerd/containerd/pull/7212))
* go.mod: Bump hcsshim to v0.9.4
* go.mod: Bump hcsshim to 0.9.3
* Drop deprecated `ioutil` ([#7203](https://github.com/containerd/containerd/pull/7203))
* Drop deprecated `ioutil`
* Make getServicesOpts a helper ([#7201](https://github.com/containerd/containerd/pull/7201))
* Make getServicesOpts a helper
* adds an env var commented out for sandboxed mode ([#7183](https://github.com/containerd/containerd/pull/7183))
* adds an env var commented out for sandboxed mode
* cri_stats: handle missing cpu stats ([#7198](https://github.com/containerd/containerd/pull/7198))
* cri_stats: handle missing cpu stats
* using ContextDialer instead ([#7189](https://github.com/containerd/containerd/pull/7189))
* using ContextDialer instead
* test: Add ability to switch between cgroupv1 or cgroupv2 for node e2e ([#7173](https://github.com/containerd/containerd/pull/7173))
* test: Add ability to switch between cgroupv1 or cgroupv2
* code cleanup ([#7182](https://github.com/containerd/containerd/pull/7182))
* code cleanup
* Update k8s.io/cri-api to v0.25.0-alpha2 ([#7114](https://github.com/containerd/containerd/pull/7114))
* Update k8s.io/cri-api to v0.25.0-alpha2
* Refactor usageNanoCores be to used for all OSes ([#7186](https://github.com/containerd/containerd/pull/7186))
* Refactor usageNanoCores be to used for all OSes
* adds support for using env file for systemd boot ([#7191](https://github.com/containerd/containerd/pull/7191))
* adds support for using env file for systemd boot
* go.mod: github.com/stretchr/testify v1.8.0 ([#7185](https://github.com/containerd/containerd/pull/7185))
* go.mod: github.com/stretchr/testify v1.8.0
* ctr: support --user for run/create ([#7145](https://github.com/containerd/containerd/pull/7145))
* ctr: support --user for run/create
* docs: Fix sample config.toml syntax ([#7174](https://github.com/containerd/containerd/pull/7174))
* docs: Fix sample config.toml syntax
* seccomp: seccomp: add syscalls related to PKU in default policy ([#7163](https://github.com/containerd/containerd/pull/7163))
* seccomp: seccomp: add syscalls related to PKU in default policy
* Update and align golangci-lint version ([#7168](https://github.com/containerd/containerd/pull/7168))
* Fix linter warnings
* Update and align golangci-lint version
* adds a comment explaining how to disable experimental sbserver ([#7169](https://github.com/containerd/containerd/pull/7169))
* adds a comment explaining how to disable experimental sbserver
* ci: workaround Cirrus CI's INVALID_ARGUMENT ([#7177](https://github.com/containerd/containerd/pull/7177))
* ci: workaround Cirrus CI's INVALID_ARGUMENT
* Update install-protobuf script to install protobuf on Darwin ([#7153](https://github.com/containerd/containerd/pull/7153))
* Fix protobuf script to install protobuf on darwin
* Fork CRI server for Sandbox API integration work ([#7164](https://github.com/containerd/containerd/pull/7164))
* Add log messages when choosing CRI server
* Change metrics namespace for sandboxed CRI to prevent panic
* Enable integration tests against sandboxed CRI
* Fork CRI server package
* seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE ([#7167](https://github.com/containerd/containerd/pull/7167))
* seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE
* cri doc: fix formatting for CDI options ([#7158](https://github.com/containerd/containerd/pull/7158))
* cri doc: fix formatting for CDI options
* update golang to 1.18.4, 1.17.12 ([#7159](https://github.com/containerd/containerd/pull/7159))
* update golang to 1.18.4, 1.17.12
* Fix out of date comments for CRI store packages ([#7152](https://github.com/containerd/containerd/pull/7152))
* Fix out of date comments for CRI store packages
* update some devmapper docs ([#7124](https://github.com/containerd/containerd/pull/7124))
* update some devmapper docs
* seccomp: allow clock_settime64 when CAP_SYS_TIME is added ([#7149](https://github.com/containerd/containerd/pull/7149))
* seccomp: allow clock_settime64 when CAP_SYS_TIME is added
* Copy fuzzers from github.com/cncf/cncf-fuzzing ([#7123](https://github.com/containerd/containerd/pull/7123))
* Copy fuzzers from github.com/cncf/cncf-fuzzing
* Upgrade github.com/AdaLogics/go-fuzz-headers
* fix can't edit object by using ctr content edit command ([#6847](https://github.com/containerd/containerd/pull/6847))
* fix can't edit object by using ctr content edit command
* integration/client: fix typo in export_test.go ([#7130](https://github.com/containerd/containerd/pull/7130))
* integration/client: fix typo in export_test.go
* Fix WWW-Authenticate parsing ([#7126](https://github.com/containerd/containerd/pull/7126))
* Fix WWW-Authenticate parsing
* LCOW differ return ErrNotImplemented for wrong mount type ([#7112](https://github.com/containerd/containerd/pull/7112))
* LCOW differ return ErrNotImplemented for wrong mount type
* Update go-restful/v3 to latest release ([#7117](https://github.com/containerd/containerd/pull/7117))
* Update go-restful/v3 to latest release
* pkg/cri: use marshal wrapper for version convertor ([#7108](https://github.com/containerd/containerd/pull/7108))
* pkg/cri: use marshal wrapper for version convertor
* Remove hacks around contrib/fuzz ([#7087](https://github.com/containerd/containerd/pull/7087))
* Do not hardcode fuzzers
* Move container_fuzzer.go under integration/client/
* Copy FuzzCRI from cncf/cncf-fuzzing
* Remove mainfuzz package and StartDaemonForFuzzing
* Move builtins_*.go to cmd/containerd/builtins to make the files reusable
* Fix missing closed HTTP Body ([#7107](https://github.com/containerd/containerd/pull/7107))
* Fix missing closed HTTP Body
* Cleanup metadata tests ([#7105](https://github.com/containerd/containerd/pull/7105))
* Cleanup metadata tests
* Downgrade MinGW to version 10.2.0 ([#7106](https://github.com/containerd/containerd/pull/7106))
* Downgrade MinGW to version 10.2.0
* ctr: Fix `ctr c create` fails to parse arguments ([#7098](https://github.com/containerd/containerd/pull/7098))
* ctr: Fix `ctr c create` fails to parse arguments
* Fix Documentation Issue ([#7103](https://github.com/containerd/containerd/pull/7103))
* Fix Doc:
* refactor: reduce duplicate code ([#7100](https://github.com/containerd/containerd/pull/7100))
* refactor: reduce duplicate code
* make xattr EPERM non-fatal in createTarFile ([#7094](https://github.com/containerd/containerd/pull/7094))
* make xattr EPERM non-fatal in createTarFile
* Move metadata plugin registration to seperate package ([#7096](https://github.com/containerd/containerd/pull/7096))
* Move metadata plugin registration to seperate package
* fix: missing sudo for devmapper doc ([#7092](https://github.com/containerd/containerd/pull/7092))
* fix: missing sudo for devmapper doc
* Ensure Windows Periodic workflow errors out while still uploading results. ([#7085](https://github.com/containerd/containerd/pull/7085))
* Ensure Windows Periodic workflow errors out while still uploading results.
* Revert MinGW to oldest known working version in Windows setup script.
* Add snapshotter key to snapshot events ([#7084](https://github.com/containerd/containerd/pull/7084))
* Add snapshotter key to snapshot events
* add WithAdditionalGIDs test ([#7072](https://github.com/containerd/containerd/pull/7072))
* add WithAdditionalGIDs test
* Forward ctr snapshotter flags on Windows ([#7086](https://github.com/containerd/containerd/pull/7086))
* Forward ctr snapshotter flags on Windows
* add WithAppendAdditionalGroups helper ([#7070](https://github.com/containerd/containerd/pull/7070))
* add WithAppendAdditionalGroups helper
* Make CI Fuzz less noisy ([#7065](https://github.com/containerd/containerd/pull/7065))
* Move contrib/fuzz/docker_fuzzer.go to remotes/docker
* Copy FuzzConvertManifest from cncf/cncf-fuzzing
* Do not hardcode fuzzing targets
* Don't log "ignored xattr ..." warnings
* Make oss_fuzz_build.sh quiet
* ctr: add --hostname flag to create, run ([#7082](https://github.com/containerd/containerd/pull/7082))
* ctr: add --hostname flag to create, run
* improve content-flow ([#7077](https://github.com/containerd/containerd/pull/7077))
* improve content-flow
* Make CI Fuzz optional ([#7067](https://github.com/containerd/containerd/pull/7067))
* Make CI Fuzz optional
* Use Go 1.18's testing.F on simple fuzzers ([#7056](https://github.com/containerd/containerd/pull/7056))
* Run fuzzing tests with go test -fuzz
* Use testing.F on FuzzPlatformsParse
* Use testing.F on FuzzParseProcPIDStatus
* Downgrade MinGW in Windows setup scripts. ([#7062](https://github.com/containerd/containerd/pull/7062))
* Downgrade MinGW in Windows setup scripts.
* Make test path a constant ([#7057](https://github.com/containerd/containerd/pull/7057))
* Make test path a constant
* Run fuzzers in CI ([#7052](https://github.com/containerd/containerd/pull/7052))
* Run fuzzers in CI
* CRI: Improve the /dev/shm mount options in Sandbox. ([#6913](https://github.com/containerd/containerd/pull/6913))
* CRI: change the /dev/shm mount options in Sandbox.
* CRI: remove default /dev/shm mount in Sandbox.
* fix:userattr-unmount unexpected timeout ([#7008](https://github.com/containerd/containerd/pull/7008))
* fix add ro mount for userattr-unmount unexpected timeout
* Port (some) unit tests to FreeBSD ([#7042](https://github.com/containerd/containerd/pull/7042))
* archive: Explicitly specify stdio for tar(1)
* platforms: Run goimports for FreeBSD
* cri/server: Disable tests on FreeBSD
* oci: Remove empty mount option slice for FreeBSD
* oci: FreeBSD devices may have major number 0
* archive: use Linkat on FreeBSD for hardlinks
* Bump Golang and MinGW versions in Windows setup script. ([#6888](https://github.com/containerd/containerd/pull/6888))
* Bump Golang and MinGW versions in Windows setup script.
* Windows snapshotter touch ups and new functionality ([#6918](https://github.com/containerd/containerd/pull/6918))
* Windows snapshotter touch ups and new functionality
* Improve naming consistencies in comments in snapshotter.go ([#7032](https://github.com/containerd/containerd/pull/7032))
* Improve naming consistencies in comments in snapshotter.go
* Make building static binaries simpler ([#7022](https://github.com/containerd/containerd/pull/7022))
* Make building static binaries simpler
* Allow CRI on Darwin ([#7033](https://github.com/containerd/containerd/pull/7033))
* Allow CRI on Darwin
* update runc binary to v1.1.3 ([#7034](https://github.com/containerd/containerd/pull/7034))
* update runc binary to v1.1.3
* Linux containers on FreeBSD ([#7000](https://github.com/containerd/containerd/pull/7000))
* Linux containers on FreeBSD
* go.mod: github.com/moby/sys/mountinfo v0.6.2 ([#7026](https://github.com/containerd/containerd/pull/7026))
* go.mod: github.com/moby/sys/mountinfo v0.6.2
* fix minor spelling mistake: lablel -> label ([#7031](https://github.com/containerd/containerd/pull/7031))
* fix minor spelling mistake: lablel -> label
* go.mod: github.com/containerd/cgroups v1.0.4 ([#7027](https://github.com/containerd/containerd/pull/7027))
* go.mod: github.com/containerd/cgroups v1.0.4
* go.mod: github.com/containerd/continuity v0.3.0 ([#7028](https://github.com/containerd/containerd/pull/7028))
* go.mod: github.com/containerd/continuity v0.3.0
* Correct spelling mistake ("sanbdox" to "sandbox") ([#7029](https://github.com/containerd/containerd/pull/7029))
* Correct spelling mistake ("sanbdox" to "sandbox")
* Github Security Advisory [GHSA-5ffw-gxpp-mxpf](https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf)
* Implicitly discard the input to drain the reader
* Limit the response size of ExecSync
* Bump grpc to v1.47.0 ([#7018](https://github.com/containerd/containerd/pull/7018))
* Bump grpc to v1.47.0
* Bump k8s.io deps to v0.24.1 ([#7017](https://github.com/containerd/containerd/pull/7017))
* Bump k8s.io deps to v0.24.1
* Support runtime level snapshotter for issue 6657 ([#6899](https://github.com/containerd/containerd/pull/6899))
* Added support for runtime level snapshotter, issue 6657
* update golang to 1.18.3, 1.17.11 ([#7012](https://github.com/containerd/containerd/pull/7012))
* update golang to 1.18.3, 1.17.11
* Fix containerd-stress duration flag ([#7004](https://github.com/containerd/containerd/pull/7004))
* Fix containerd-stress duration flag
* update go-cni/for cni update fixing plugins that don't respond with version ([#7009](https://github.com/containerd/containerd/pull/7009))
* update go-cni/for cni update fixing plugins that don't respond with version
* Add validations for Windows HostProcess CRI configs ([#6996](https://github.com/containerd/containerd/pull/6996))
* Add validations for Windows HostProcess CRI configs
* Move docker reference logic to reference/docker package ([#7007](https://github.com/containerd/containerd/pull/7007))
* Move docker reference logic to reference/docker package
* promote pause image to 3.7 (sync with kube v1.24) ([#7003](https://github.com/containerd/containerd/pull/7003))
* promote pause image to 3.7
* Makefile: use urfave_cli_no_docs for binaries that don't need it ([#6998](https://github.com/containerd/containerd/pull/6998))
* Makefile: use urfave_cli_no_docs for binaries that don't need it
* CRI: cleanup cri/store package ([#6993](https://github.com/containerd/containerd/pull/6993))
* CRI: Remove deprecated error types and update error msg
* CRI: Move truncindex to pkg
* CRI: Move reference sorting to reference package
* CRI: Retrieve image spec on client
* Use t.Run for /pkg/cri tests ([#7001](https://github.com/containerd/containerd/pull/7001))
* Use t.Run for /pkg/cri tests
* vendor: github.com/urfave/cli v1.22.9 and fix "verify-vendor" script ([#6997](https://github.com/containerd/containerd/pull/6997))
* vendor: github.com/urfave/cli v1.22.9
* fix verify-vendor if go.mod does not contain replace rules
* sandbox: replace github.com/pkg/errors with native errors ([#6937](https://github.com/containerd/containerd/pull/6937))
* sandbox: replace github.com/pkg/errors with native errors
* build: Fix references to check-protos target in Makefile ([#6983](https://github.com/containerd/containerd/pull/6983))
* build: Fix references to check-protos target in Makefile
* ctr: fix label args used in NewContainer ([#6954](https://github.com/containerd/containerd/pull/6954))
* ctr: fix label args used in NewContainer
* ctr sandbox: handle sandbox config ([#6959](https://github.com/containerd/containerd/pull/6959))
* ctr sandbox: handle sandbox config
* Fix broken oss-fuzz build ([#6975](https://github.com/containerd/containerd/pull/6975))
* Fix broken oss-fuzz build
* archive: add human-readable hint to Lchown error ([#6982](https://github.com/containerd/containerd/pull/6982))
* archive: add human-readable hint to Lchown error
* Fix tx closed error when upperdirlabel specified ([#6978](https://github.com/containerd/containerd/pull/6978))
* Fix tx closed error when upperdirlabel specified
* config: improve config v1 deprecation message ([#6972](https://github.com/containerd/containerd/pull/6972))
* config: improve config v1 deprecation message
* Fix Windows install powershell script ([#6969](https://github.com/containerd/containerd/pull/6969))
* Fix Windows install powershell script
* fix comments on metadata schema and update namespace doc ([#6955](https://github.com/containerd/containerd/pull/6955))
* add note that a namespace cannot be named "version"
* fix comments on metadata schema
* adjust format in comment ([#6956](https://github.com/containerd/containerd/pull/6956))
* adjust format in comment
* Restore decompression benchmarks ([#6957](https://github.com/containerd/containerd/pull/6957))
* Restore decompression benchmarks
* cmd/ctr/commands/content: fix typo in fetch command usage ([#6960](https://github.com/containerd/containerd/pull/6960))
* adjust format
* fix some confusing typos ([#6950](https://github.com/containerd/containerd/pull/6950))
* fix some confusing typos
* update doc url about k8s ([#6952](https://github.com/containerd/containerd/pull/6952))
* update doc url
* Separate windows-2019 and windows-2022 test results ([#6946](https://github.com/containerd/containerd/pull/6946))
* Separate windows-2019 and windows-2022 test results
* shim: fix debug flag not working ([#6910](https://github.com/containerd/containerd/pull/6910))
* shim: fix debug flag not working
* Reverts removal of parallel run from critest ([#6938](https://github.com/containerd/containerd/pull/6938))
* reverts removal of parallel run from critest
* Bump OpenTelemetry dependencies ([#6932](https://github.com/containerd/containerd/pull/6932))
* Bump OpenTelemetry dependencies
* update runc binary and vendor to v1.1.2 ([#6934](https://github.com/containerd/containerd/pull/6934))
* vendor: github.com/opencontainers/runc v1.1.2
* update runc binary to v1.1.2
* oci: WithDefaultUnixDevices(): remove tun/tap from the default devices ([#6923](https://github.com/containerd/containerd/pull/6923))
* oci: WithDefaultUnixDevices(): remove tun/tap from the default devices
* update golang to 1.18.2, 1.17.10 ([#6926](https://github.com/containerd/containerd/pull/6926))
* update golang to 1.18.2, 1.17.10
* CI: update Fedora to 36 ([#6925](https://github.com/containerd/containerd/pull/6925))
* CI: update Fedora to 36
* Add `Wait` to `binaryProcessor` ([#6916](https://github.com/containerd/containerd/pull/6916))
* Add `Wait` to `binaryProcessor`
* go.mod: Bump k8s deps to v0.24.0 ([#6905](https://github.com/containerd/containerd/pull/6905))
* go.mod: Bump k8s deps to v0.24.0
* (Vagrant CI) Enable git commands due to git CVE fix ([#6915](https://github.com/containerd/containerd/pull/6915))
* Enable git commands due to git CVE fix
* Pass explicit JUnit outfile to critest.exe in Windows workflow. ([#6912](https://github.com/containerd/containerd/pull/6912))
* Pass explicit JUnit outfile to critest.exe in Windows workflow.
* Update critools to v1.24 ([#6894](https://github.com/containerd/containerd/pull/6894))
* update critools to v1.24
* devmapper docs: small fixes ([#6904](https://github.com/containerd/containerd/pull/6904))
* devmapper docs: small fixes
* move report dir option to end of line for vagrant cri tests ([#6900](https://github.com/containerd/containerd/pull/6900))
* move report dir option to eol
* Update Kubernetes version matrix in release docs ([#6892](https://github.com/containerd/containerd/pull/6892))
* Update Kubernetes version matrix in release docs
* Share container images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy ([#6889](https://github.com/containerd/containerd/pull/6889))
* Share images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy
* containerd 1.6.4 k8s 1.24 readme announce ([#6890](https://github.com/containerd/containerd/pull/6890))
* containerd 1.6.4 k8s 1.24 readme announce
* Cleanup leaked shim process ([#6866](https://github.com/containerd/containerd/pull/6866))
* Cleanup leaked shim process
* Add collectible resources to metadata gc ([#6804](https://github.com/containerd/containerd/pull/6804))
* metadata: use resource max and end on registration
* Add collectible resources to metadata gc
* Update k8 docurl in file ([#6881](https://github.com/containerd/containerd/pull/6881))
* Update k8 docurl in file
* Support RISC-V 64 ([#6882](https://github.com/containerd/containerd/pull/6882))
* CI: add riscv64 builds
* release/Dockerfile: update Ubuntu to 22.04 for supporting riscv64
* seccomp: support riscv64
* docs: minor fixes in snapshots.Snapshotter comments ([#6885](https://github.com/containerd/containerd/pull/6885))
* docs: minor fixes in snapshots.Snapshotter comments
* Officially deprecate Schema 1 ([#6884](https://github.com/containerd/containerd/pull/6884))
* Officially deprecate Schema 1
* Make Cirrus CI tests more stable ([#6880](https://github.com/containerd/containerd/pull/6880))
* Reduce the number of the concurrent HTTP requests in TestUserNamespaces
* Skip TestImagePullWithConcurrencyLimit on Cirrus CI
* docs: Adding windows installation steps to getting-started.md ([#6875](https://github.com/containerd/containerd/pull/6875))
* docs: Adding windows installation steps to getting-started.md
* Add ctr support for CPUMax and CPUShares ([#6809](https://github.com/containerd/containerd/pull/6809))
* Add ctr support for CPUMax and CPUShares
* Support for cgroups blockio ([#5490](https://github.com/containerd/containerd/pull/5490))
* cri: support blockio class in pod and container annotations
* Fix comment for metadata/db.go ([#6871](https://github.com/containerd/containerd/pull/6871))
* Fix comment for metadata/db.go
* Remove github.com/gogo/protobuf and github.com/golang/protobuf from containerd's direct dependencies ([#6867](https://github.com/containerd/containerd/pull/6867))
* Upgrade protoc, protoc-gen-go and protoc-gen-go-grpc
* go mod tidy & go mod vendor
* make protos
* Remove gogo from .proto files
* Update go-cni to v1.1.5 ([#6868](https://github.com/containerd/containerd/pull/6868))
* Update go-cni to v1.1.5
* Bump opencontainers/selinux from 1.10.0 to 1.10.1 ([#6865](https://github.com/containerd/containerd/pull/6865))
* Bump opencontainers/selinux from 1.10.0 to 1.10.1
* Upgrade google.golang.org/grpc and google.golang.org/protobuf ([#6864](https://github.com/containerd/containerd/pull/6864))
* Upgrade google.golang.org/grpc and google.golang.org/protobuf
* Remove kzys/typeurl
* Don't use "uname -a" as Cirrus CI's cache key ([#6863](https://github.com/containerd/containerd/pull/6863))
* Don't use "uname -a" as Cirrus CI's cache key
* remove duplicate ([#6856](https://github.com/containerd/containerd/pull/6856))
* remove duplicate
* Create ppc64le release ([#6858](https://github.com/containerd/containerd/pull/6858))
* Create ppc64le release
* Move Vagrant-based tests from GitHub Actions to Cirrus CI ([#6854](https://github.com/containerd/containerd/pull/6854))
* Move Vagrant-based tests from GitHub Actions to Cirrus CI
* feature: support image pull progress timeout ([#6150](https://github.com/containerd/containerd/pull/6150))
* feature: support image pull progress timeout
* Add unpack interface to be used by client ([#6749](https://github.com/containerd/containerd/pull/6749))
* unpack: return error when no platforms defined
* Add unpack interface to be used by client
* Fix undefined error in use of errors package ([#6855](https://github.com/containerd/containerd/pull/6855))
* Fix undefined error in use of errors package
* Migrate off from github.com/gogo/protobuf ([#6841](https://github.com/containerd/containerd/pull/6841))
* Fix tests
* go mod tidy and go mod vendor
* Upgrade containerd/typeurl
* make protos
* Rename Size_ to Size
* Remove gogo/protobuf and adjust types
* Use protoc-gen-go instead of protoc-gen-gogoctrd
* Upgrade containerd/ttrpc
* images/image.go: typo ([#6851](https://github.com/containerd/containerd/pull/6851))
* images/image.go: typo
* Add flag to allow oci.WithAllDevicesAllowed on PrivilegedWithoutHostDevices ([#5686](https://github.com/containerd/containerd/pull/5686))
* add oci.WithAllDevicesAllowed flag for privileged_without_host_devices
* integration: Adds Windows equivalent for TestSandboxRemoveWithoutIPLeakage ([#6180](https://github.com/containerd/containerd/pull/6180))
* integration: Adds Windows equivalent for TestSandboxRemoveWithoutIPLeakage
* fix incorrect syntax in comments ([#6845](https://github.com/containerd/containerd/pull/6845))
* fix incorrect syntax in comments
* cri: close fifos when container is deleted ([#6842](https://github.com/containerd/containerd/pull/6842))
* cri: close fifos when container is deleted
* diff: hide types.Any from clients ([#6832](https://github.com/containerd/containerd/pull/6832))
* diff: hide types.Any from clients
* Add Container-Optimized OS into Adopters ([#6838](https://github.com/containerd/containerd/pull/6838))
* Add Container-Optimized OS into Adopters
* Prepare for google.golang.org/protobuf ([#6835](https://github.com/containerd/containerd/pull/6835))
* Add go_package on all proto files
* Use proto.Marshal instead of calling Marshal() on objects
* Embed "Unimplemented" structs as proto recommended
* fix the restart desired to running when task not found ([#6833](https://github.com/containerd/containerd/pull/6833))
* fix monitor restart
* Remove all gogoproto extensions ([#6829](https://github.com/containerd/containerd/pull/6829))
* Remove all gogoproto extensions
* fix nil pointer panic for monitor ([#6830](https://github.com/containerd/containerd/pull/6830))
* fix nil pointer panic for monitor
* remotes/docker: log registry URLs as info instead of debug ([#5681](https://github.com/containerd/containerd/pull/5681))
* remotes/docker: log registry URLs as info instead of debug
* Rename runtime/v2/task to api/runtime ([#6827](https://github.com/containerd/containerd/pull/6827))
* Keep shim API backward compatible
* Move runtime v2 proto Move runtime v2 protos to api/runtime package.
* Fix protoc-gen-go-fieldpath ([#6828](https://github.com/containerd/containerd/pull/6828))
* Don't generate a Go file, if that would be empty
* Fix protoc-gen-go-fieldpath
* Consolidate gogo/protobuf dependencies under our own protobuf package ([#6826](https://github.com/containerd/containerd/pull/6826))
* Consolidate gogo/protobuf dependencies under our own protobuf package
* Add restart policy for enhanced restart manager ([#6744](https://github.com/containerd/containerd/pull/6744))
* add restart policy for enhanced restart manager
* Remove gogoproto.stdtime ([#6821](https://github.com/containerd/containerd/pull/6821))
* Remove gogoproto.stdtime
* Set timeout when collecting metrics from shim's Stat ([#6781](https://github.com/containerd/containerd/pull/6781))
* Set timeout when collecting metrics from shim's Stat
* Fuzz filter package with Go 1.18's fuzzer ([#6819](https://github.com/containerd/containerd/pull/6819))
* Fuzz filter package with Go 1.18's fuzzer
* allow ptrace(2) by default for kernel >= 4.8 ([#6810](https://github.com/containerd/containerd/pull/6810))
* allow ptrace(2) by default for kernel >= 4.8
* Build bin/gen-manpages instead of using "go run" ([#6820](https://github.com/containerd/containerd/pull/6820))
* Build bin/gen-manpages instead of using "go run"
* update golang to 1.18.1, 1.17.9 ([#6822](https://github.com/containerd/containerd/pull/6822))
* update golang to 1.18.1, 1.17.9
* Sandbox API ([#6703](https://github.com/containerd/containerd/pull/6703))
* [Sandbox] Remove outdated documentation
* [sandbox] Migrate from gogo to Any
* [sandbox] Cleanup interfaces
* [sandbox] Fix CI
* [Sandbox] Add Wait and PID
* Restore sandboxes on daemon restart
* Fix protobuf after rebase
* [sandbox] Add sandbox shim skeleton
* [sandbox] Register shim plugin after #6301
* [sandbox] Add ctr support
* Launch sandboxed containers from task service
* [sandbox] Address PR review comments
* [sandbox] Implement sandbox controller
* [sandbox] Add clients
* [sandbox] Add controller service
* [sandbox] Update vendor
* [sandbox] Implement store service
* [sandbox] Revendor API changes
* [sandbox] Save sandbox ID to container's store
* [sandbox] Implement metadata store
* [sandbox] Add basic sandbox structures and interfaces
* [sandbox] Add protobuf definitions
* Move lease manager plugin to separate package ([#6811](https://github.com/containerd/containerd/pull/6811))
* Move lease manager plugin to separate package
* fix pool_device_test ([#6807](https://github.com/containerd/containerd/pull/6807))
* fix pool_device_test.go
* check for duplicate nspath possibilities ([#6806](https://github.com/containerd/containerd/pull/6806))
* check for duplicate nspath possibilities
* Do not append []string{""} to command to preserve Docker compatibility ([#6805](https://github.com/containerd/containerd/pull/6805))
* Do not append []string{""} to command to preserve Docker compatibility
* tracing: fix panic on startup when configured ([#6789](https://github.com/containerd/containerd/pull/6789))
* tracing: fix panic on startup when configured
* Optimize loading performance for cri recover ([#6680](https://github.com/containerd/containerd/pull/6680))
* cri: load sandboxes/containers/images in parallel
* Change architecture path in README.md ([#6798](https://github.com/containerd/containerd/pull/6798))
* Change architecture path in README.md
* make consistent for checkpoint path ([#6792](https://github.com/containerd/containerd/pull/6792))
* make consistent for checkpoint path
* metrics/cgroups: fix deadlock issue in Add during Collect ([#6788](https://github.com/containerd/containerd/pull/6788))
* metrics/cgroups: fix deadlock issue in Add during Collect
* ADOPTERS: Update AKS Info ([#6794](https://github.com/containerd/containerd/pull/6794))
* ADOPTERS: Update AKS Info
* Pin upload-cloud-storage action to 0.8.0 in Windows workflow. ([#6790](https://github.com/containerd/containerd/pull/6790))
* Pin upload-cloud-storage action to 0.8.0 in Windows workflow.
* docs: add Deckhouse to the list of adopters ([#6785](https://github.com/containerd/containerd/pull/6785))
* docs: add Deckhouse to the list of adopters
* Add `docs/snapshotters`; simplify `docs/cri` ([#6778](https://github.com/containerd/containerd/pull/6778))
* docs/cri: simplify
* Add docs/snapshots
* Turn paths from cmdline into absolute paths ([#6672](https://github.com/containerd/containerd/pull/6672))
* Turn paths from cmdline into absolute paths
* CRI: add support for CDI device injection ([#6654](https://github.com/containerd/containerd/pull/6654))
* CDI: update go.mod and vendor deps
* move CDI calls to the linux-only code
* add configuration for CDI
* cri: implement CDI device injection
* Disable writing freelist to make the file robust against data corruptions ([#6761](https://github.com/containerd/containerd/pull/6761))
* Disable writing freelist to make the file robust against data corruptions
* mv design docs/historical/design ([#6777](https://github.com/containerd/containerd/pull/6777))
* mv design docs/historical/design
* CRI: improve image pulling performance ([#6702](https://github.com/containerd/containerd/pull/6702))
* CRI: improve image pulling performance
* docs: remove runtime v1; migrate config v1 to v2 ([#6776](https://github.com/containerd/containerd/pull/6776))
* docs: migrate config v1 to v2
* docs: remove deprecated `io.containerd.runtime.v1.linux`
* Skip flaky test on Windows ([#6779](https://github.com/containerd/containerd/pull/6779))
* Skip flaky test on Windows
* docs/getting-started.md: typo ([#6775](https://github.com/containerd/containerd/pull/6775))
* docs/getting-started.md: typo
* Add no_tracing tag ([#6750](https://github.com/containerd/containerd/pull/6750))
* Add no_tracing tag
* Move historical docs to `docs/historical` ([#6754](https://github.com/containerd/containerd/pull/6754))
* Move historical docs to `docs/historical`
* Run go mod tidy in integration tests ([#6768](https://github.com/containerd/containerd/pull/6768))
* Run go mod tidy in integration tests
* go.mod: move indirects, and update integration go.mod to 1.18 ([#6765](https://github.com/containerd/containerd/pull/6765))
* go.mod: move indirects, and update integration go.mod to 1.18
* Drop gotest.tools ([#6762](https://github.com/containerd/containerd/pull/6762))
* Remove gotest.tools
* Use testify
* Use t.Setenv instead of os.Setenv ([#6760](https://github.com/containerd/containerd/pull/6760))
* Update linters to use t.Setenv
* Use t.Setenv instead of os.Setenv
* Upgrade to Go 1.18 ([#6709](https://github.com/containerd/containerd/pull/6709))
* Upgrade to Go 1.18
* Adding multi-arch support for the configure.sh script ([#6751](https://github.com/containerd/containerd/pull/6751))
* Adding multi-arch support for the configure.sh script
* docs/getting-started.md: massive update ([#6758](https://github.com/containerd/containerd/pull/6758))
* docs/getting-started.md: massive update
* Remove unmaintained contrib/linuxkit ([#6755](https://github.com/containerd/containerd/pull/6755))
* Remove unmaintained contrib/linuxkit
* [Windows CI] Address some timeout issues ([#6757](https://github.com/containerd/containerd/pull/6757))
* Address some timeout issues in the Windows CI
* BUILDING.md: update supported Go versions ([#6756](https://github.com/containerd/containerd/pull/6756))
* BUILDING.md: update supported Go versions
* update runc to 1.1.1 ([#6753](https://github.com/containerd/containerd/pull/6753))
* update runc binary to v1.1.1
* go.mod: github.com/opencontainers/runc v1.1.1
* CI: add Rocky Linux 8 ([#6747](https://github.com/containerd/containerd/pull/6747))
* CI: add Rocky Linux 8
* CI: bump up crun to 1.4.4 ([#6748](https://github.com/containerd/containerd/pull/6748))
* CI: bump up crun to 1.4.4
* added make help for cri integration ([#6743](https://github.com/containerd/containerd/pull/6743))
* added make help for cri integration
* Update README.md cncf landscape url ([#6740](https://github.com/containerd/containerd/pull/6740))
* Update README.md
* Fix error message in TestNewBinaryIO ([#6738](https://github.com/containerd/containerd/pull/6738))
* Fix error message in TestNewBinaryIO
* Use typeurl.Any instead of github.com/gogo/protobuf/types.Any ([#6706](https://github.com/containerd/containerd/pull/6706))
* Use typeurl.Any instead of github.com/gogo/protobuf/types.Any
* Use cgroups.AddProc() for cgroups v1 ([#5738](https://github.com/containerd/containerd/pull/5738))
* Use cgroups.AddProc() for cgroups v1
* fix: ctr images mount with snapshotter option can't get snapshotter ([#6713](https://github.com/containerd/containerd/pull/6713))
* fix: ctr images mount with snapshotter option can't get snapshotter
* cgroup2: monitor OOMKill instead of OOM to prevent missing container events ([#6323](https://github.com/containerd/containerd/pull/6323))
* cgroup2: monitor OOMKill instead of OOM to prevent missing container OOM events
* moving up to go-cni v1.1.4 ([#6721](https://github.com/containerd/containerd/pull/6721))
* moving up to go-cni v1.1.4
* native: fix deadlock from leaving transactions open ([#6722](https://github.com/containerd/containerd/pull/6722))
* native: fix deadlock from leaving transactions open
* go.mod: remove replace, and update github.com/gogo/googleapis v1.4.1 ([#5390](https://github.com/containerd/containerd/pull/5390))
* go.mod: remove replace and update github.com/gogo/googleapis v1.4.1
* Github Security Advisory [GHSA-c9cp-9c75-9v8c](https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c)
* Fix the Inheritable capability defaults.
* runtime: deprecate runc --criu / -criu-path option ([#6496](https://github.com/containerd/containerd/pull/6496))
* runtime: deprecate runc --criu / -criu-path option
* Bug fix for mount path handling ([#6651](https://github.com/containerd/containerd/pull/6651))
* Bug fix for mount path handling
* Upgrade containerd/imgcrypt and opencontainers/image-spec ([#6711](https://github.com/containerd/containerd/pull/6711))
* Upgrade containerd/imgcrypt and opencontainers/image-spec
* Remove enumvalue_customname, goproto_enum_prefix and enum_customname ([#6708](https://github.com/containerd/containerd/pull/6708))
* Remove enumvalue_customname, goproto_enum_prefix and enum_customname
* Remove gogoproto.customtype ([#6699](https://github.com/containerd/containerd/pull/6699))
* Remove gogoproto.customtype
* Skip tty critest testcase on Windows Server 2022 ([#6698](https://github.com/containerd/containerd/pull/6698))
* Skip tty critest testcase on Windows Server 2022
* Build with Go 1.18 ([#6605](https://github.com/containerd/containerd/pull/6605))
* Vendor dependencies with module graph pruning
* Use Go 1.18 to build and test containerd
* Update prometheus client vendor ([#6690](https://github.com/containerd/containerd/pull/6690))
* Test turning off golang CI lint cache
* Add nolint:staticcheck to platform-specific calls
* Update prometheus client vendor
* vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd ([#6687](https://github.com/containerd/containerd/pull/6687))
* vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
* Make the temp mount as ready only in container WithVolumes ([#6593](https://github.com/containerd/containerd/pull/6593))
* Make the temp mount as ready only in container WithVolumes
* fix: `ctr run --cni` get failed ([#6670](https://github.com/containerd/containerd/pull/6670))
* fix: ctr run --cni get failed
* test: use `T.TempDir` to create temporary test directory ([#6681](https://github.com/containerd/containerd/pull/6681))
* test: remove redundant `mountPoint`
* test: use `T.TempDir` to create temporary test directory
* Make OpenLab's CI jobs blocking ([#6679](https://github.com/containerd/containerd/pull/6679))
* Make OpenLab's CI jobs blocking
* document log level and format ([#6683](https://github.com/containerd/containerd/pull/6683))
* document log level and format
* Add shared content label to namespaces ([#6660](https://github.com/containerd/containerd/pull/6660))
* Add shared content label to namespaces
* Add protoc-gen-go-fieldpath ([#6562](https://github.com/containerd/containerd/pull/6562))
* Add protoc-gen-go-fieldpath
* Enable gosec linter for golangci-lint ([#6669](https://github.com/containerd/containerd/pull/6669))
* Enable gosec linter for golangci-lint
* Make mkfs.xfs available on OpenLab's CI environment ([#6668](https://github.com/containerd/containerd/pull/6668))
* Make mkfs.xfs available on OpenLab's CI environment
* ctr: improve error relative shim path error msg ([#6519](https://github.com/containerd/containerd/pull/6519))
* ctr: improve error relative shim path error msg
* typo fixes under cmd. ([#6674](https://github.com/containerd/containerd/pull/6674))
* typo fixes under cmd.
* Handle CRI Device.HostPath on Windows ([#6618](https://github.com/containerd/containerd/pull/6618))
* Implement `--device idType://id` for `ctr run` on Windows
* Plumb CRI Devices through to OCI WindowsDevices
* CRI integration test for Windows Device mounts
* Upgrade golangci-lint and its GitHub Action ([#6666](https://github.com/containerd/containerd/pull/6666))
* Upgrade golangci-lint and its GitHub Action
* Don't build a second copy of containerd-shim-runhcs-v1.exe ([#6661](https://github.com/containerd/containerd/pull/6661))
* Don't build a second copy of containerd-shim-runhcs-v1.exe
* Update TestNormalize to only test Windows platform ([#6569](https://github.com/containerd/containerd/pull/6569))
* Update TestNormalize to only test Windows
* Fix link in getting-started.md ([#6663](https://github.com/containerd/containerd/pull/6663))
* Fix link in getting-started.md
* Fuzzing: refactor metadata fuzzers ([#6423](https://github.com/containerd/containerd/pull/6423))
* Fuzzing: refactor metadata fuzzers
* Two xfs file systems with same UUID can not be mounted on the same sy… ([#6650](https://github.com/containerd/containerd/pull/6650))
* Mount devmapper xfs file system with "nouuid" option.
* [Windows] Fix deadline exceeded in daemon restart ([#6635](https://github.com/containerd/containerd/pull/6635))
* Increase wait timeout for TestDaemonRestart
* Use temp file for export/import test ([#6658](https://github.com/containerd/containerd/pull/6658))
* Use temp file for export/import test
* strip path-info from `-v` (version) output, and implement -v flag for containerd-shim ([#6495](https://github.com/containerd/containerd/pull/6495))
* cmd/containerd-shim: add -v (version) flag
* integration/images/volume-ownership: strip path information from usage output
* runtime/v2/shim: strip path information from version output
* Improve unexpected response error handling in resolver ([#6617](https://github.com/containerd/containerd/pull/6617))
* Improve ErrUnexpectedStatus default string
* Add ErrUnexpectedStatus to resolver
* Use the latest tag for azure images ([#6601](https://github.com/containerd/containerd/pull/6601))
* Use the latest image for Windows test workers
* Run CRI integration tests in GitHub Actions (Windows) ([#6626](https://github.com/containerd/containerd/pull/6626))
* Skip most of script/setup/prepare_env_windows.ps1
* Enable cri-tools critest on Windows
* Enable CRI Integration tests on Windows
* Remove hardcoded /tmp in tempfile paths
* cri: fix integration test on cgroupsv2 system ([#6595](https://github.com/containerd/containerd/pull/6595))
* cri: fix integration test on cgroupsv2 system
* Use version 2 configuration format in docs/PLUGINS.md ([#6613](https://github.com/containerd/containerd/pull/6613))
* Use version 2 config and mention containerd config command
* update to go 1.16.15, 1.17.8 to address CVE-2022-24921 ([#6619](https://github.com/containerd/containerd/pull/6619))
* update to go 1.16.15, 1.17.8 to address CVE-2022-24921
* Update status of 1.4 release ([#6614](https://github.com/containerd/containerd/pull/6614))
* Update status of 1.4 release
* Update TestContainerSymlinkVolumes to use windows path ([#6568](https://github.com/containerd/containerd/pull/6568))
* Update TestContainerSymlinkVolumes to use windows path
* Add --user support for ctr run Windows ([#6603](https://github.com/containerd/containerd/pull/6603))
* Add --user support for ctr run Windows
* Update releases ([#6608](https://github.com/containerd/containerd/pull/6608))
* Update latest release versions
* Update release process to include Kubernetes test infrastructure
* Github Security Advisory [GHSA-crp2-qrr5-8pq7](https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7)
* Use fs.RootPath when mounting volumes
* Adds support for Windows ArgsEscaped images ([#6479](https://github.com/containerd/containerd/pull/6479))
* Adds support for Windows ArgsEscaped images
* Do not use weak import ([#6558](https://github.com/containerd/containerd/pull/6558))
* Do not use weak import
* cri: relax test for system without hugetlb ([#6596](https://github.com/containerd/containerd/pull/6596))
* cri: relax test for system without hugetlb
* Use containerd/protobuild instead of stevvooe/protobuild ([#6578](https://github.com/containerd/containerd/pull/6578))
* Use containerd/protobuild instead of stevvooe/protobuild
* integration: remove duplicated util pkg ([#6597](https://github.com/containerd/containerd/pull/6597))
* integration: remove duplicated util pkg
* go.mod: update to github.com/tchap/go-patricia/v2 v2.3.1 ([#6591](https://github.com/containerd/containerd/pull/6591))
* go.mod: update to github.com/tchap/go-patricia/v2 v2.3.1
* Update Go version recommendation in getting started ([#6585](https://github.com/containerd/containerd/pull/6585))
* Update Go version recommendation in getting started
* go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3 ([#6337](https://github.com/containerd/containerd/pull/6337))
* go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3
* fix Implicit memory aliasing in for loop ([#6331](https://github.com/containerd/containerd/pull/6331))
* fix Implicit memory aliasing in for loop
* Fix build with gccgo ([#6579](https://github.com/containerd/containerd/pull/6579))
* Fix build with gccgo
* Replace golang.org/x/net/context with std library ([#6580](https://github.com/containerd/containerd/pull/6580))
* Replace golang.org/x/net/context with std library
* containerd-shim-runc-v1: return init pid when clean dead shim ([#6571](https://github.com/containerd/containerd/pull/6571))
* containerd-shim-runc-v1: return init pid when clean dead shim
* Use Windows matcher when on Windows platform in all code paths ([#6491](https://github.com/containerd/containerd/pull/6491))
* Initialize platform matchers for current platform
* containerd-shim-runc-v2: return init pid when clean dead shim ([#6452](https://github.com/containerd/containerd/pull/6452))
* containerd-shim-runc-v2: return init pid when clean dead shim
* [Windows][Integration] Enable TestRestartMonitor ([#6515](https://github.com/containerd/containerd/pull/6515))
* [Windows][Integration] Enable TestRestartMonitor
* go.mod: fsnotify v1.5.1, moby/sys/mountinfo v0.6.0, moby/sys/signal v0.7.0 ([#6554](https://github.com/containerd/containerd/pull/6554))
* go.mod: github.com/moby/sys/signal v0.7.0
* go.mod: github.com/moby/sys/mountinfo v0.6.0
* go.mod: github.com/fsnotify/fsnotify v1.5.1
</p>
</details>
### Changes from containerd/cgroups
<details><summary>21 commits</summary>
<p>
* ParseCgroupFile: fix wrong comment about unified hierarchy ; add ParseCgroupFileUnified to get the unified path ([#232](https://github.com/containerd/cgroups/pull/232))
* add ParseCgroupFileUnified to get the unified path
* ParseCgroupFile: fix wrong comment about unified hierarchy
* Bump go version to 1.17 in go.mod ([#230](https://github.com/containerd/cgroups/pull/230))
* Bump go version to 1.17 in go.mod
* make cmd/ a separate module (as it's only for testing) ([#226](https://github.com/containerd/cgroups/pull/226))
* make cmd/ a separate module (as it's only for testing)
* feat(v2): add Update method for v2.Manager ([#225](https://github.com/containerd/cgroups/pull/225))
* feat(v2): add Update method for v2.Manager
* feat: add memory.min param ([#211](https://github.com/containerd/cgroups/pull/211))
* feat: add memory.min param
* modified the dereference null pointer value. ([#218](https://github.com/containerd/cgroups/pull/218))
* modified the dereference null pointer value.
* update readme for cpu cgroup demo ([#217](https://github.com/containerd/cgroups/pull/217))
* update readme for cpu cgroup demo
* Fix systemd full path ([#221](https://github.com/containerd/cgroups/pull/221))
* Fix systemd full path
* Update Go version and fedora base ([#223](https://github.com/containerd/cgroups/pull/223))
* Update Go version and fedora base
* Fix panic in NewSystemd on nil values ([#219](https://github.com/containerd/cgroups/pull/219))
* Fix panic in NewSystemd on nil values
</p>
</details>
### Changes from containerd/continuity
<details><summary>28 commits</summary>
<p>
* go.mod: update dependencies (take 2) ([#204](https://github.com/containerd/continuity/pull/204))
* go.mod: update dependencies (take 2)
* Revert "go.mod: update dependencies" ([#205](https://github.com/containerd/continuity/pull/205))
* Revert "go.mod: update dependencies"
* go.mod: update dependencies
* cmd/continuity: remove FUSE for macOS
* Various small fix-ups ([#202](https://github.com/containerd/continuity/pull/202))
* README: update badges and links
* golangci-lint: replace "golint" with "revive"
* sysx: remove unused sysx/generate.sh script
* fs: fix minor linting and gofmt issue
* update authors and mailmap ([#201](https://github.com/containerd/continuity/pull/201))
* update authors and mailmap
* move cmd/continuity to its own go module ([#200](https://github.com/containerd/continuity/pull/200))
* move cmd/continuity to its own go module
* remove version package
* move continuityfs -> cmd/continuity/continuityfs
* move commands -> cmd/continuity/commands
* go.mod: update logrus to v1.8.1
* CI: resolve Go path before sudoing ; Remove deprecated io/ioutil (except ioutil.ReadDir) ([#198](https://github.com/containerd/continuity/pull/198))
* CI: resolve Go path before sudoing
* CI: modernize Go setup
* Remove deprecated io/ioutil (except ioutil.ReadDir)
* fs.CopyDir: support sockets and pipes ([#197](https://github.com/containerd/continuity/pull/197))
* fs.CopyDir: support sockets and pipes
* Fix wrapping errors ([#196](https://github.com/containerd/continuity/pull/196))
* fs: fix wrapping nil err
* fmt.Errorf: use %w, not %v to wrap errors
</p>
</details>
### Changes from containerd/go-cni
<details><summary>22 commits</summary>
<p>
* go.mod: update libcni to v1.1.1 ([#101](https://github.com/containerd/go-cni/pull/101))
* go.mod: update libcni to v1.1.1
* add in some serial setup tests; a little make cleanup ([#100](https://github.com/containerd/go-cni/pull/100))
* add in some serial setup tests; a little make cleanup
* Re-introduce serial network setup ([#99](https://github.com/containerd/go-cni/pull/99))
* Re-introduce serial network setup
* bump github.com/containernetworking/cni v1.1.0 ([#98](https://github.com/containerd/go-cni/pull/98))
* bump github.com/containernetworking/cni v1.1.0
* Revert "Update loopback version to support check" ([#96](https://github.com/containerd/go-cni/pull/96))
* Revert "Update loopback version to support check"
* Use revive instead of golint ([#92](https://github.com/containerd/go-cni/pull/92))
* Use revive instead of golint
* Bump go verion to 1.17 ([#91](https://github.com/containerd/go-cni/pull/91))
* Bump go verion to 1.17
* moving up to latest CNI plugin release ([#90](https://github.com/containerd/go-cni/pull/90))
* moving up to latest CNI plugin release
* Fix Loopback Version ([#88](https://github.com/containerd/go-cni/pull/88))
* Update loopback version to support check
* Update comment for capabilities ([#89](https://github.com/containerd/go-cni/pull/89))
* update comment for capabilities
* Add integration test for linux and update go version from 1.16 to 1.17 ([#84](https://github.com/containerd/go-cni/pull/84))
* Add integration test and update go version
</p>
</details>
### Changes from containerd/imgcrypt
<details><summary>18 commits</summary>
<p>
* Use reflect to support diff.ApplyConfig with/without gogo's types.Any ([#75](https://github.com/containerd/imgcrypt/pull/75))
* Use reflect to support diff.ApplyConfig with/without gogo's types.Any
* Upgrade golangci-lint-action and golangci-lint ([#76](https://github.com/containerd/imgcrypt/pull/76))
* Add build tags to make gofmt happy
* Upgrade golangci-lint-action and golangci-lint
* CHANGES: Updated CHANGES document for 1.1.4 release ([#74](https://github.com/containerd/imgcrypt/pull/74))
* CHANGES: Updated CHANGES document for 1.1.4 release
* Bump github.com/containerd/containerd from 1.5.10 to 1.6.1 ([#73](https://github.com/containerd/imgcrypt/pull/73))
* Bump github.com/containerd/containerd from 1.5.10 to 1.6.1
* images: prepare for typeurl.Any ([#72](https://github.com/containerd/imgcrypt/pull/72))
* images: prepare for typeurl.Any
* images: Add list of Platforms to CheckAuthorization()
* test: Test running of encrypted image only pulled for local platform
* Bump ocicrypt to 1.1.3 ([#71](https://github.com/containerd/imgcrypt/pull/71))
* Bump ocicrypt to 1.1.3
* Bump github.com/containerd/containerd from 1.5.9 to 1.5.10
* Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 ([#67](https://github.com/containerd/imgcrypt/pull/67))
* Bump github.com/containerd/containerd from 1.5.8 to 1.5.9
</p>
</details>
### Changes from containerd/nri
<details><summary>29 commits</summary>
<p>
* Extend scope to enable common pluggable runtime extensions. ([#16](https://github.com/containerd/nri/pull/16))
* plugins: fix incorrect go.mod module paths.
* pkg/adaptation: don't log a nil error.
* README*.md: update READMEs.
* plugins: add NRI v0.1.0 adapter plugin.
* examples: update dependencies.
* README.md: add an updated README.
* .github: update CI tests.
* plugins: added template plugin.
* plugins: add differ plugin.
* plugins: add OCI hook injector plugin.
* plugins: add sample device injector plugin.
* plugins: add sample logger plugin.
* pkg/runtime-tools: wrap/extend OCI Spec generator.
* pkg/adaptation: add test suite.
* pkg/stub: add plugin stub.
* pkg/adaptation: add API for runtime integration.
* pkg/api: define updated NRI plugin API.
* Update GitHub actions CI workflow ([#19](https://github.com/containerd/nri/pull/19))
* Update GitHub actions CI workflow
* replace pkg/errors ([#17](https://github.com/containerd/nri/pull/17))
* replace pkg/errors
* Update the examples in README.md ([#15](https://github.com/containerd/nri/pull/15))
* Update the examples in README.md
* Bump containerd to 1.5.2
* Rename branch from master to main ([#12](https://github.com/containerd/nri/pull/12))
* Rename branch from master to main
* Update to containerd 1.5.1 ([#11](https://github.com/containerd/nri/pull/11))
* Bump containerd version v1.5.1
</p>
</details>
### Changes from containerd/ttrpc
<details><summary>37 commits</summary>
<p>
* Only generate a Go file if the file has some services ([#112](https://github.com/containerd/ttrpc/pull/112))
* Only generate a Go file if the file has some services
* *.go: organize errors to one spot ([#113](https://github.com/containerd/ttrpc/pull/113))
* *.go: organize errors to one spot
* PROTOCOL: slight markdown touchup ([#111](https://github.com/containerd/ttrpc/pull/111))
* PROTOCOL: slight markdown touchup
* Introduce streaming ([#107](https://github.com/containerd/ttrpc/pull/107))
* Remove unnecessary ttrpc plugin configuration in Protobuild.toml
* Unwrap syscall error and check
* Update protocol for closed data messages
* Add integration test to github actions
* Add integration test package
* Add streaming support to go-ttrpc generator
* Add stream tests
* Introduce streaming to client and server
* Update checkout and lint actions ([#109](https://github.com/containerd/ttrpc/pull/109))
* Update checkout and lint actions
* Add Makefile and update protobuf ([#106](https://github.com/containerd/ttrpc/pull/106))
* Server test show sys error
* Update github actions ci to use Makefile
* Add makefile and update protoc version
* Add ttrpc protocol definition ([#102](https://github.com/containerd/ttrpc/pull/102))
* Add ttrpc protocol definition
* Enable Codecov again ([#105](https://github.com/containerd/ttrpc/pull/105))
* Enable Codecov again
* Use CR+LF instead of LF regardless of OS ([#103](https://github.com/containerd/ttrpc/pull/103))
* Use CR+LF instead of LF regardless of OS
* Log the error's underyling errno if there is ([#104](https://github.com/containerd/ttrpc/pull/104))
* Log the error's underyling errno if there is
* Use google.golang.org/protobuf instead of github.com/gogo/protobuf ([#99](https://github.com/containerd/ttrpc/pull/99))
* Use google.golang.org/protobuf instead of github.com/gogo/protobuf
* Wrap correct error on unix.GetsockoptUcred failure ([#100](https://github.com/containerd/ttrpc/pull/100))
* Wrap correct error on unix.GetsockoptUcred failure
* Update CI project checks to use containerd project action ([#101](https://github.com/containerd/ttrpc/pull/101))
* Update to latest os for build and test
* Fix lint issues
* Update CI project checks to use containerd project action
</p>
</details>
### Changes from containerd/typeurl
<details><summary>14 commits</summary>
<p>
* Fallback to google.golang.org/protobuf ([#35](https://github.com/containerd/typeurl/pull/35))
* Fallback to google.golang.org/protobuf
* Build with Go 1.17 and Go 1.18 ([#34](https://github.com/containerd/typeurl/pull/34))
* Build with Go 1.17.x and Go 1.18.x
* Make nil handling easier ([#33](https://github.com/containerd/typeurl/pull/33))
* Make nil handling easier
* Make Any type an interface ([#32](https://github.com/containerd/typeurl/pull/32))
* Make Any type an interface
* Add Any type and remove gogo protobuf from interfaces ([#31](https://github.com/containerd/typeurl/pull/31))
* Add Any type and remove gogo protobuf from interfaces
* replace pkg/errors ([#29](https://github.com/containerd/typeurl/pull/29))
* replace pkg/errors
* Update branch name in GH Actions ([#28](https://github.com/containerd/typeurl/pull/28))
* Update branch name in GH Actions
</p>
</details>
### Dependency Changes
* **cloud.google.com/go/compute/metadata** v0.2.1 **_new_**
* **github.com/AdaLogics/go-fuzz-headers** 6c3934b029d8 -> 3345c89a7c72
* **github.com/AdamKorcz/go-118-fuzz-build** b2031950a318 **_new_**
* **github.com/Microsoft/go-winio** v0.5.1 -> v0.6.0
* **github.com/Microsoft/hcsshim** v0.9.2 -> v0.10.0-rc.1
* **github.com/blang/semver/v4** v4.0.0 **_new_**
* **github.com/cenkalti/backoff/v4** v4.1.2 -> v4.1.3
* **github.com/cilium/ebpf** v0.7.0 -> v0.9.1
* **github.com/container-orchestrated-devices/container-device-interface** v0.5.1 **_new_**
* **github.com/containerd/cgroups** v1.0.3 -> v1.0.4
* **github.com/containerd/cgroups/v3** e8802a182774 **_new_**
* **github.com/containerd/continuity** v0.2.2 -> v0.3.0
* **github.com/containerd/go-cni** v1.1.3 -> v1.1.6
* **github.com/containerd/imgcrypt** v1.1.3 -> 8ba028dca028
* **github.com/containerd/nri** v0.1.0 -> v0.2.0
* **github.com/containerd/ttrpc** v1.1.0 -> 944ef4a40df3
* **github.com/containerd/typeurl** v1.0.2 -> 7f6e6d160d67
* **github.com/containernetworking/cni** v1.0.1 -> v1.1.1
* **github.com/containernetworking/plugins** v1.0.1 -> v1.1.1
* **github.com/containers/ocicrypt** v1.1.2 -> v1.1.3
* **github.com/cpuguy83/go-md2man/v2** v2.0.0 -> v2.0.2
* **github.com/cyphar/filepath-securejoin** v0.2.3 **_new_**
* **github.com/emicklei/go-restful/v3** v3.8.0 **_new_**
* **github.com/fsnotify/fsnotify** v1.4.9 -> v1.6.0
* **github.com/go-logr/logr** v1.2.2 -> v1.2.3
* **github.com/google/go-cmp** v0.5.6 -> v0.5.9
* **github.com/google/uuid** v1.2.0 -> v1.3.0
* **github.com/grpc-ecosystem/grpc-gateway/v2** v2.7.0 **_new_**
* **github.com/klauspost/compress** v1.11.13 -> v1.15.9
* **github.com/klauspost/cpuid/v2** v2.0.4 **_new_**
* **github.com/miekg/pkcs11** v1.0.3 -> v1.1.1
* **github.com/minio/sha256-simd** v1.0.0 **_new_**
* **github.com/moby/sys/mountinfo** v0.5.0 -> v0.6.2
* **github.com/moby/sys/sequential** v0.5.0 **_new_**
* **github.com/moby/sys/signal** v0.6.0 -> v0.7.0
* **github.com/opencontainers/image-spec** 693428a734f5 -> 3a7f492d3f1b
* **github.com/opencontainers/runc** v1.1.0 -> v1.1.4
* **github.com/opencontainers/runtime-spec** 1c3f411f0417 -> 86290f6a00fb
* **github.com/opencontainers/runtime-tools** 946c877fa809 **_new_**
* **github.com/opencontainers/selinux** v1.10.0 -> v1.10.2
* **github.com/prometheus/client_golang** v1.11.0 -> v1.12.1
* **github.com/prometheus/common** v0.30.0 -> v0.32.1
* **github.com/russross/blackfriday/v2** v2.0.1 -> v2.1.0
* **github.com/sirupsen/logrus** v1.8.1 -> v1.9.0
* **github.com/stretchr/testify** v1.7.0 -> v1.8.0
* **github.com/syndtr/gocapability** 42c35b437635 **_new_**
* **github.com/tchap/go-patricia/v2** v2.3.1 **_new_**
* **github.com/urfave/cli** v1.22.1 -> v1.22.10
* **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.28.0 -> v0.36.4
* **go.opentelemetry.io/otel** v1.3.0 -> v1.11.1
* **go.opentelemetry.io/otel/exporters/otlp/internal/retry** v1.3.0 -> v1.11.1
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.3.0 -> v1.11.1
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.3.0 -> v1.11.1
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.3.0 -> v1.11.1
* **go.opentelemetry.io/otel/sdk** v1.3.0 -> v1.11.1
* **go.opentelemetry.io/otel/trace** v1.3.0 -> v1.11.1
* **go.opentelemetry.io/proto/otlp** v0.11.0 -> v0.19.0
* **golang.org/x/crypto** 32db794688a5 -> v0.1.0
* **golang.org/x/mod** v0.6.0 **_new_**
* **golang.org/x/net** fe4d6282115f -> v0.4.0
* **golang.org/x/oauth2** 2bc19b11175f -> d3ed0bb246c8
* **golang.org/x/sync** 036812b2e83c -> v0.1.0
* **golang.org/x/sys** 1d35b9e2eb4e -> v0.3.0
* **golang.org/x/term** 6886f2dfbf5b -> v0.3.0
* **golang.org/x/text** v0.3.7 -> v0.5.0
* **golang.org/x/time** 1f47c861a9ac -> 90d013bbcef8
* **golang.org/x/tools** v0.2.0 **_new_**
* **google.golang.org/genproto** e50cd9704f63 -> 2d387536bcdd
* **google.golang.org/grpc** v1.43.0 -> v1.50.1
* **google.golang.org/protobuf** v1.27.1 -> v1.28.1
* **gopkg.in/yaml.v3** 496545a6307b -> v3.0.1
* **k8s.io/api** v0.22.5 -> v0.25.4
* **k8s.io/apimachinery** v0.22.5 -> v0.25.4
* **k8s.io/apiserver** v0.22.5 -> v0.25.4
* **k8s.io/client-go** v0.22.5 -> v0.25.4
* **k8s.io/component-base** v0.22.5 -> v0.25.4
* **k8s.io/cri-api** v0.23.1 -> v0.26.0-beta.0
* **k8s.io/klog/v2** v2.30.0 -> v2.80.1
* **k8s.io/utils** cb0fa318a74b -> 8e77b1f39fe2
* **sigs.k8s.io/json** f223a00ba0e2 **_new_**
* **sigs.k8s.io/structured-merge-diff/v4** v4.1.2 -> v4.2.3
* **sigs.k8s.io/yaml** v1.2.0 -> v1.3.0
Previous release can be found at [v1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0)