Skip to content
containerd 1.7.17

Welcome to the v1.7.17 release of containerd!

The seventeenth patch release for containerd 1.7 contains various fixes and updates.

### Highlights

* Use LOOP_CONFIGURE when creating loop devices ([#10209](https://github.com/containerd/containerd/pull/10209))
* Update unpacker to fetch all provided content ([#10233](https://github.com/containerd/containerd/pull/10233))
* Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts ([#10210](https://github.com/containerd/containerd/pull/10210))
* Update metadata snapshotter to lease on already exists ([#10198](https://github.com/containerd/containerd/pull/10198))
* Handle unsupported config versions ([#10165](https://github.com/containerd/containerd/pull/10165))
* Fix deadlock when writing to pipe blocks ([containerd/ttrpc#168](https://github.com/containerd/ttrpc/pull/168))

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Stefan Berger
* Derek McGowan
* Austin Vazquez
* Alexandru Matei
* Maksym Pavlenko
* Akihiro Suda
* Bryant Biggs
* Kevin Parsons
* Kirtana Ashok
* Phil Estes
* Kazuyoshi Kato
* Kohei Tokunaga
* Swagat Bora

### Changes
<details><summary>43 commits</summary>
<p>

* Prepare release notes for v1.7.17 ([#10235](https://github.com/containerd/containerd/pull/10235))
  * [`114b07b97`](https://github.com/containerd/containerd/commit/114b07b976b0e715c28f82a43d6790ac46bfb53c) Prepare release notes for v1.7.17
* Use LOOP_CONFIGURE when creating loop devices ([#10209](https://github.com/containerd/containerd/pull/10209))
  * [`803aaa680`](https://github.com/containerd/containerd/commit/803aaa6801d808289e9a25a2f05fc9710b2ed39b) Remove internal LoopConfig struct
  * [`7bd3be948`](https://github.com/containerd/containerd/commit/7bd3be9487050fccc29df94bf3f9f005589121bc) Swap internal ioctl implementation with golang.org/x/sys
  * [`a0739dc0e`](https://github.com/containerd/containerd/commit/a0739dc0e800fa002b451ff425cb8aeb9f880d02) Use LOOP_CONFIGURE when creating loop devices
* Update unpacker to fetch all provided content ([#10233](https://github.com/containerd/containerd/pull/10233))
  * [`1573ea598`](https://github.com/containerd/containerd/commit/1573ea598e00c1b942946958ea451062557d74d7) Update ctr image pull all platforms
  * [`32b594f1b`](https://github.com/containerd/containerd/commit/32b594f1b2420fe7633802ee9a2225e9fd7e5c70) Update unpacker to always fetch all
* Update hcsshim tag to v0.11.5 ([#10232](https://github.com/containerd/containerd/pull/10232))
  * [`5a03a3aee`](https://github.com/containerd/containerd/commit/5a03a3aeee0b4be59a556ba145ebe09492812544) Update hcsshim tag to v0.11.5
* Update ttrpc tag to 1.2.4 ([#10221](https://github.com/containerd/containerd/pull/10221))
  * [`9a1eda40f`](https://github.com/containerd/containerd/commit/9a1eda40f8c7cfa1f69642bf66a50a9740fca01f) update ttrpc tag to 1.2.4
* Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts ([#10210](https://github.com/containerd/containerd/pull/10210))
  * [`ad85652fa`](https://github.com/containerd/containerd/commit/ad85652fa17b405b8b6bf97756c65291e97ac5d6) Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts
* Update instrumentation fuzzer with new flag ([#10229](https://github.com/containerd/containerd/pull/10229))
  * [`582f3f43d`](https://github.com/containerd/containerd/commit/582f3f43d5392132d99e6f0cc50e403b7f0d781c) Update instrumentation fuzzer with new flag
* vendor: github.com/containerd/imgcrypt@v1.1.8 ([#10215](https://github.com/containerd/containerd/pull/10215))
  * [`a5d13689b`](https://github.com/containerd/containerd/commit/a5d13689b97f62ca172636bc2360e6c9f36120e2) vendor: github.com/containerd/imgcrypt@v1.1.8
* vendor: golang.org/x/net@v0.23.0 ([#10211](https://github.com/containerd/containerd/pull/10211))
  * [`f853bc129`](https://github.com/containerd/containerd/commit/f853bc1292751ca7c5e12b9a3faa300039e21e34) vendor: golang.org/x/net@v0.23.0
  * [`837972979`](https://github.com/containerd/containerd/commit/837972979fffd6f0624b354bd68b75906ad530cc) vendor: golang.org/x/net@v0.21.0
  * [`56aa87792`](https://github.com/containerd/containerd/commit/56aa877926c7a2a4be0683bc48c05b0b65ae9c8e) vendor: golang.org/x/net@v0.20.0
  * [`4e6335ebd`](https://github.com/containerd/containerd/commit/4e6335ebdf3ba54bf89d652c326b2127dd88639f) vendor: golang.org/x/net@v0.19.0
  * [`1c6c745c6`](https://github.com/containerd/containerd/commit/1c6c745c60acf808c99644e8bafa3a8d367c076c) vendor: golang.org/x/term@v0.17.0
  * [`1077d38c9`](https://github.com/containerd/containerd/commit/1077d38c9fe83db9720e01aea253de8ff3525b3d) vendor: golang.org/x/sys@v0.18.0
* Update tooling to Go 1.21.10, 1.22.3 for net/http bug fixes ([#10207](https://github.com/containerd/containerd/pull/10207))
  * [`c53b635f9`](https://github.com/containerd/containerd/commit/c53b635f927a905ff431a51d12f42f4f5c36d959) Update toolchain to Go 1.21.10 and 1.22.3
* vendor: golang.org/x/crypto@v0.18.0 ([#10204](https://github.com/containerd/containerd/pull/10204))
  * [`4b52104f0`](https://github.com/containerd/containerd/commit/4b52104f0cfbcb4f6ad3cf4f80bc3c34919b03de) vendor: golang.org/x/crypto@v0.18.0
  * [`2f65c83b0`](https://github.com/containerd/containerd/commit/2f65c83b0b80796f7b3b30bebc5354b293c14a74) vendor: golang.org/x/term@v0.16.0
  * [`8a76171f7`](https://github.com/containerd/containerd/commit/8a76171f76de63dce2f85946fdfeb3d3f79cd2fc) vendor: golang.org/x/sys@v0.16.0
  * [`d45778523`](https://github.com/containerd/containerd/commit/d45778523cb2454fcb57a36c5c0c1c447267ca44) vendor: golang.org/x/term@v0.15.0, golang.org/x/text@v0.14.0
  * [`24038de8c`](https://github.com/containerd/containerd/commit/24038de8c1c285f3ebc7c1c81564409703a03ac9) vendor: golang.org/x/sys@v0.15.0
* Update metadata snapshotter to lease on already exists ([#10198](https://github.com/containerd/containerd/pull/10198))
  * [`eb930375c`](https://github.com/containerd/containerd/commit/eb930375ca25680660e424eeefbcab8920543aa2) Add lease test for metadata snapshotter
  * [`9f6c61ab9`](https://github.com/containerd/containerd/commit/9f6c61ab927bb34136636e3e560831e155bea958) Update metadata snapshotter to lease on exists
* Update grpc and image-spec dependencies ([#10180](https://github.com/containerd/containerd/pull/10180))
  * [`24dd403ab`](https://github.com/containerd/containerd/commit/24dd403abb141917934493ee9170bffee14cb305) Update image-spec to v1.1.0
  * [`189b69e24`](https://github.com/containerd/containerd/commit/189b69e247f0f852ef261421d6730beaecb2502b) go.mod: github.com/opencontainers/image-spec v1.1.0-rc3
  * [`388fb336b`](https://github.com/containerd/containerd/commit/388fb336b0a458e2cf64212072743e622a3f44c7) Update grpc to v1.59.0
* Handle unsupported config versions ([#10165](https://github.com/containerd/containerd/pull/10165))
  * [`00347b7fa`](https://github.com/containerd/containerd/commit/00347b7fa50b73d23399c8197c76a1343c901bf3) Add check for unsupported config versions
</p>
</details>

### Changes from containerd/imgcrypt
<details><summary>53 commits</summary>
<p>

* CHANGES: Updated CHANGES document for 1.1.8 release ([containerd/imgcrypt#122](https://github.com/containerd/imgcrypt/pull/122))
  * [`956b4d3`](https://github.com/containerd/imgcrypt/commit/956b4d3fe3ed647032725bf1585f68b2a38b2b13) CHANGES: Updated CHANGES document for 1.1.8 release
* Synchronize enc-ctr with upstream ctr from containerd v1.6.23 and use containerd v1.6.23 in dependency ([containerd/imgcrypt#120](https://github.com/containerd/imgcrypt/pull/120))
  * [`9e8e1c1`](https://github.com/containerd/imgcrypt/commit/9e8e1c1df3660f869c7fbd49135a8cd6bf91fe7c) ctr: Sync code with containerd v1.6.23 ctr
  * [`7d2cca5`](https://github.com/containerd/imgcrypt/commit/7d2cca5efde78e5c5bce11e831d61077cf9166e1) build(deps): bump containerd from 1.6.20 to 1.6.23
* Synchronize enc-ctr with upstream ctr from containerd v1.6.20 ([containerd/imgcrypt#119](https://github.com/containerd/imgcrypt/pull/119))
  * [`0f2559e`](https://github.com/containerd/imgcrypt/commit/0f2559e3c9bb4c80ea422560af2bdb1334d70f88) ctr: Sync code with containerd v1.6.20 ctr
  * [`c48dd78`](https://github.com/containerd/imgcrypt/commit/c48dd787005e197c12e924727ea2b0be75a6e66b) cmd: Copy IntToInt32Array into img package and use it
* Update to ocicrypt 1.1.8 and minimum go 1.20 ([containerd/imgcrypt#118](https://github.com/containerd/imgcrypt/pull/118))
  * [`6d48a4e`](https://github.com/containerd/imgcrypt/commit/6d48a4ecc325e1aaf531110b5aa9beece4eafc4c) build(deps): bump ocicrypt from 1.1.7 to 1.1.8
  * [`1bc94a2`](https://github.com/containerd/imgcrypt/commit/1bc94a206e90d4f79dbb137c922b32b71662c78b) github: Use golangci-lint v1.54.1 and adjust config file
  * [`9065f1d`](https://github.com/containerd/imgcrypt/commit/9065f1da9e4f607df34eff64d6e24530f7b3a136) github: Test with go 1.21 and go 1.20
  * [`74986f3`](https://github.com/containerd/imgcrypt/commit/74986f3687f84523a4612bd7c6975463b68b3b10) go.mod: Require go 1.20
* build(deps): bump google.golang.org/grpc from 1.47.0 to 1.53.0 ([containerd/imgcrypt#117](https://github.com/containerd/imgcrypt/pull/117))
  * [`a2a8273`](https://github.com/containerd/imgcrypt/commit/a2a82731875004f0dd33dff929201456e3f702e1) build(deps): bump google.golang.org/grpc from 1.47.0 to 1.53.0
* test: Test creating and running of container with key file missing ([containerd/imgcrypt#116](https://github.com/containerd/imgcrypt/pull/116))
  * [`286470a`](https://github.com/containerd/imgcrypt/commit/286470a95699ac0cb19a3de79a7a215cafc8f2c7) test: Test creating and running of container with key file missing
* Fix some issues in the test script ([containerd/imgcrypt#115](https://github.com/containerd/imgcrypt/pull/115))
  * [`aa517cc`](https://github.com/containerd/imgcrypt/commit/aa517cc77654cf517cc7bba5529b07da92f033dc) test: Fix order of parameters and remove unnecessary key parameter
  * [`ec72311`](https://github.com/containerd/imgcrypt/commit/ec7231185e276feb10f5b4b974ade62a81d5e9ad) test: Add comments to test case
  * [`2959ec0`](https://github.com/containerd/imgcrypt/commit/2959ec0ec47786956223715812f40eb9e7301786) test: To be able to run testLocalKeys alone add missing env variable
* build(deps): upgrade github.com/containerd/containerd from 1.6.18 to … ([containerd/imgcrypt#112](https://github.com/containerd/imgcrypt/pull/112))
  * [`a7f2760`](https://github.com/containerd/imgcrypt/commit/a7f2760c719863cc015e4638090db4ef23daecd1) build(deps): upgrade github.com/containerd/containerd from 1.6.18 to 1.6.20
* ci: Update golangci-lint to v1.52.2 ([containerd/imgcrypt#113](https://github.com/containerd/imgcrypt/pull/113))
  * [`002abac`](https://github.com/containerd/imgcrypt/commit/002abac5a58aebef74a13bb7e30302b01f07b419) images: Change 'any' to 'anything' to avoid clash with built-in type 'any'
  * [`5780ecc`](https://github.com/containerd/imgcrypt/commit/5780ecc88b4b08c4f1d8e6372869e39ab1fcbf35) images: Replace unused function parameters with '_'
  * [`7dc8592`](https://github.com/containerd/imgcrypt/commit/7dc85928e244990cb3371c63d2a8caae5189b757) ci: Update golangci-lint to v1.52.2
* build(deps): bump github.com/opencontainers/runc from 1.1.2 to 1.1.5 ([containerd/imgcrypt#109](https://github.com/containerd/imgcrypt/pull/109))
  * [`90e4f77`](https://github.com/containerd/imgcrypt/commit/90e4f77bdc085a6f6d426380fa7cf0227ea03173) build(deps): bump github.com/opencontainers/runc from 1.1.2 to 1.1.5
* Abandon go 1.18 (end-of-life) and use 1.19 and 1.20 in tests ([containerd/imgcrypt#110](https://github.com/containerd/imgcrypt/pull/110))
  * [`8fc037f`](https://github.com/containerd/imgcrypt/commit/8fc037fd2de0e6106a3e8da655be22a1d4da719c) tests: Upgrade toml written by test case to version 2
  * [`0b31beb`](https://github.com/containerd/imgcrypt/commit/0b31beb1c7b6391b50ff44d9a71bed452bcebf2d) ci: Run tests with go 1.19 and 1.20 (abandon 1.18)
  * [`523674c`](https://github.com/containerd/imgcrypt/commit/523674c781c15e461afe52d8086deb4dd0d61466) build(deps): Update to minimum required go v1.19
* Update to golang.org/x/net@v0.7.0 and github.com/containers/ocicrypt@v1.1.7 ([containerd/imgcrypt#107](https://github.com/containerd/imgcrypt/pull/107))
  * [`96a2314`](https://github.com/containerd/imgcrypt/commit/96a2314e83ba412568800a7dd84789f59f1310ec) build(deps): Upgrade to github.com/containers/ocicrypt@v1.1.7
  * [`1c50555`](https://github.com/containerd/imgcrypt/commit/1c5055514add4b6715cb4da0a127f8200d0d190a) bulid(deps): Update to golang.org/x/net@v0.7.0
  * [`9645d39`](https://github.com/containerd/imgcrypt/commit/9645d39f070c7f6728ec4e1831fbede7ebd512ec) build(deps): Update to minimum required go v1.18
* build(deps): bump github.com/containerd/containerd from 1.6.12 to 1.6.18 ([containerd/imgcrypt#106](https://github.com/containerd/imgcrypt/pull/106))
  * [`8daaa45`](https://github.com/containerd/imgcrypt/commit/8daaa45a63100dc95430fc22eb2b5e95772b245f) build(deps): bump github.com/containerd/containerd from 1.6.12 to 1.6.18
* README: Fix a typo ([containerd/imgcrypt#105](https://github.com/containerd/imgcrypt/pull/105))
  * [`12e84f5`](https://github.com/containerd/imgcrypt/commit/12e84f51fb70e1fb2bcc624206f707b48671b352) README: Fix a typo
* build(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.12 ([containerd/imgcrypt#103](https://github.com/containerd/imgcrypt/pull/103))
  * [`4e5a73e`](https://github.com/containerd/imgcrypt/commit/4e5a73e393254df6091fc9b3bf54371be778060f) build(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.12
* Update golangci-lint to v1.50.1 ([containerd/imgcrypt#101](https://github.com/containerd/imgcrypt/pull/101))
  * [`16a071b`](https://github.com/containerd/imgcrypt/commit/16a071b983f1777ff6391be0d44e80370fd58bf9) Update golangci-lint to v1.50.1
* Remove references to package io/ioutil ([containerd/imgcrypt#100](https://github.com/containerd/imgcrypt/pull/100))
  * [`981a3fd`](https://github.com/containerd/imgcrypt/commit/981a3fdd5a755a1521337010bec47874753508cb) Remove references to package io/ioutil
* Update GitHub actions CI workflow ([containerd/imgcrypt#99](https://github.com/containerd/imgcrypt/pull/99))
  * [`06827a1`](https://github.com/containerd/imgcrypt/commit/06827a1d8664a277fed24a41cd1566c197f58814) Update containerd project checks package in CI
  * [`f6a39e1`](https://github.com/containerd/imgcrypt/commit/f6a39e1bcd21af406254aa5da1e7f89f26e914cd) Update GitHub actions packages in CI workflow
  * [`6383351`](https://github.com/containerd/imgcrypt/commit/6383351756ec706b0f6aeea1a9dfc737c71bece7) Update GitHub actions CI workflow OS runner images
* CI/CD: Run CodeQL on PRs and once a month ([containerd/imgcrypt#98](https://github.com/containerd/imgcrypt/pull/98))
  * [`b6e16db`](https://github.com/containerd/imgcrypt/commit/b6e16db881eef08e0bb58d0885bfad8339c97f2f) CI/CD: Run CodeQL on PRs and once a month
</p>
</details>

### Changes from containerd/ttrpc
<details><summary>10 commits</summary>
<p>

* Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 ([containerd/ttrpc#166](https://github.com/containerd/ttrpc/pull/166))
  * [`272c857`](https://github.com/containerd/ttrpc/commit/272c8575a6e6fd169a08ca94a1b77dbce433119c) Bump google.golang.org/protobuf from 1.31.0 to 1.33.0
* Fix deadlock when writing to pipe blocks ([containerd/ttrpc#168](https://github.com/containerd/ttrpc/pull/168))
  * [`1b4f6f8`](https://github.com/containerd/ttrpc/commit/1b4f6f8edba5f374f1afbf10d7666136286806e7) client: Fix deadlock when writing to pipe blocks
* Bump golang.org/x/net from 0.17.0 to 0.23.0 ([containerd/ttrpc#167](https://github.com/containerd/ttrpc/pull/167))
  * [`13b8289`](https://github.com/containerd/ttrpc/commit/13b8289864f297c6fe1f973016012ce1495ee1b9) Bump golang.org/x/net from 0.17.0 to 0.23.0
* Update GitHub Actions CI to resolve deprecation warnings ([containerd/ttrpc#161](https://github.com/containerd/ttrpc/pull/161))
  * [`589a593`](https://github.com/containerd/ttrpc/commit/589a593abc38264094c47baf83bc69b2cff37524) Update GitHub Actions CI to resolve deprecation warnings
* Fix proto3 generation error ([containerd/ttrpc#158](https://github.com/containerd/ttrpc/pull/158))
  * [`73b6a91`](https://github.com/containerd/ttrpc/commit/73b6a9156d6dc4644c94f5a683219ba8aac9fb18) Add optional feature in protobuf compiler
</p>
</details>

### Dependency Changes

* **github.com/Microsoft/go-winio**              v0.6.1 -> v0.6.2
* **github.com/Microsoft/hcsshim**               v0.11.4 -> v0.11.5
* **github.com/containerd/imgcrypt**             v1.1.7 -> v1.1.8
* **github.com/containerd/ttrpc**                v1.2.3 -> v1.2.4
* **github.com/containers/ocicrypt**             v1.1.6 -> v1.1.10
* **github.com/go-jose/go-jose/v3**              v3.0.3 **_new_**
* **github.com/google/uuid**                     v1.3.0 -> v1.3.1
* **github.com/opencontainers/image-spec**       3a7f492d3f1b -> v1.1.0
* **github.com/stefanberger/go-pkcs11uri**       78d3cae3a980 -> 78284954bff6
* **golang.org/x/crypto**                        v0.14.0 -> v0.21.0
* **golang.org/x/mod**                           v0.11.0 -> v0.12.0
* **golang.org/x/net**                           v0.17.0 -> v0.23.0
* **golang.org/x/oauth2**                        v0.10.0 -> v0.11.0
* **golang.org/x/sys**                           v0.13.0 -> v0.18.0
* **golang.org/x/term**                          v0.13.0 -> v0.18.0
* **golang.org/x/text**                          v0.13.0 -> v0.14.0
* **google.golang.org/genproto**                 782d3b101e98 -> b8732ec3820d
* **google.golang.org/genproto/googleapis/api**  782d3b101e98 -> b8732ec3820d
* **google.golang.org/genproto/googleapis/rpc**  cbb8c96f2d6d -> b8732ec3820d
* **google.golang.org/grpc**                     v1.58.3 -> v1.59.0

Previous release can be found at [v1.7.16](https://github.com/containerd/containerd/releases/tag/v1.7.16)