This project is mirrored from https://github.com/containerd/containerd.git.
Pull mirroring updated .
-
v1.7.0-rc.3
containerd 1.7.0-rc.3 Welcome to the v1.7.0-rc.3 release of containerd! *This is a pre-release of containerd* The eighth major release of containerd includes new functionality alongside many improvements. This release is the last major release of containerd 1.x before 2.0. Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0. This release still adheres to our backwards compatibility guarantees and users who do not use or enable new functionality should use this release with the same stability expectations. The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality. ### Highlights #### Sandbox API _(experimental)_ The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs. This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients. * **Sandbox API** ([#6703](https://github.com/containerd/containerd/pull/6703)) * **CRI Sandbox API Implementation** ([#7228](https://github.com/containerd/containerd/pull/7228)) #### Transfer Service _(experimental)_ * **Transfer Service** ([#7320](https://github.com/containerd/containerd/pull/7320)) The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release to allow for further plugin development and integration into existing plugins. See the [Transfer Docs](https://github.com/containerd/containerd/blob/main/docs/transfer.md) #### NRI _(experimental)_ * **Extend NRI scope** ([nri#16](https://github.com/containerd/nri/pull/16)) * **Support for updated NRI** ([#6019](https://github.com/containerd/containerd/pull/6019)) The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration. This release introduces NRI v0.3.0 with an updated plugin interface to cover a wide range of use cases. See the [NRI Docs](https://github.com/containerd/containerd/blob/main/docs/NRI.md) #### Platform Support * **Linux containers on FreeBSD** ([#7000](https://github.com/containerd/containerd/pull/7000)) #### Runtime Features * **Add support for CDI device injection** ([#6654](https://github.com/containerd/containerd/pull/6654)) * **Support for cgroups blockio** ([#5490](https://github.com/containerd/containerd/pull/5490)) * **Add restart policy for enhanced restart manager** ([#6744](https://github.com/containerd/containerd/pull/6744)) #### gRPC Shim Support _(experimental)_ * **Initial gRPC shim support** ([#8052](https://github.com/containerd/containerd/pull/8052)) Adds support for shims to use gRPC in addition to ttrpc. Existing ttrpc shim support is not going away and will continue to be recommended for the best performance and lowest shim memory overhead. The gRPC support allows implementation of a wider range of shim implementations which may not have access to a stable ttrpc library in the implementation language. The shim protocol is also updated to allow the shims to specify the protocol which is supported. #### Road to 2.0 ##### Refactoring There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points. The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independently. The new sandbox and distribution interfaces provide one example of this, but it also being done for image and network management. The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc. Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability. * **Remove gogoproto.customtype** ([#6699](https://github.com/containerd/containerd/pull/6699)) * **Remove enumvalue_customname, goproto_enum_prefix and enum_customname** ([#6708](https://github.com/containerd/containerd/pull/6708)) * **Remove all gogoproto extensions** ([#6829](https://github.com/containerd/containerd/pull/6829)) * **Migrate off from github.com/gogo/protobuf** ([#6841](https://github.com/containerd/containerd/pull/6841)) * **ttrpc streaming** ([ttrpc#107](https://github.com/containerd/ttrpc/pull/107)) * **Add unpack interface for client** ([#6749](https://github.com/containerd/containerd/pull/6749)) * **Add collectible resources to metadata gc** ([#6804](https://github.com/containerd/containerd/pull/6804)) * **Add version to shim protocol** ([#8177](https://github.com/containerd/containerd/pull/8177)) ##### Configuration Existing CRI configurations will be supported until 2.0. Any functionality split out of CRI will have their configuration migrated to new plugins. Deprecated configuration versions and configurations for deprecated features will be removed in 2.0. ##### Deprecation The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include. * **Docker Schema 1 Image Deprecation** ([#6884](https://github.com/containerd/containerd/pull/6884)) #### CRI Updates * **Fix CRI plugin to setup pod network after creating the sandbox container** ([#5904](https://github.com/containerd/containerd/pull/5904)) * **Support image pull progress timeout** ([#6150](https://github.com/containerd/containerd/pull/6150)) * **Add experimental support for runtime specific snapshotters** ([#6899](https://github.com/containerd/containerd/pull/6899)) * **Pass all TOML runtime configuration options from CRI to the runtime** ([#7764](https://github.com/containerd/containerd/pull/7764)) * **Support for user namespaces in stateless pods ([KEP-127](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/127-user-namespaces)) _(experimental)_** ([#7679](https://github.com/containerd/containerd/pull/7679)) * **Add timeout option for drain exec io** ([#7832](https://github.com/containerd/containerd/pull/7832)) * **Add network plugin metrics** ([#7858](https://github.com/containerd/containerd/pull/7858)) * **CRI v1alpha2 is deprecated and will be removed from containerd in containerd v2.0; if you are using the CRI API please move up to CRI v1; Kubernetes supports CRI v1 since Kubernetes 1.23** ([#7863](https://github.com/containerd/containerd/pull/7863)) #### Other * **Support shallow content copy by adding reader option to local content reader at** ([#7414](https://github.com/containerd/containerd/pull/7414)) * **Add NoSameOwner option when unpacking tars** ([#7386](https://github.com/containerd/containerd/pull/7386)) * **Add `FetcherByDigest` for fetching blobs without fetching a manifest** ([#7460](https://github.com/containerd/containerd/pull/7460)) * **Update default seccomp profile to block socket calls to AF_VSOCK** ([#7510](https://github.com/containerd/containerd/pull/7510)) * **Replace fork on mount logic with CLONE_FS** ([#7513](https://github.com/containerd/containerd/pull/7513)) * **Add support for default registry host configuration** ([#7607](https://github.com/containerd/containerd/pull/7607)) * **Use github.com/minio/sha256-simd for more efficient sha256 calculation** ([#7732](https://github.com/containerd/containerd/pull/7732)) * **Make OCI options cross-platform** ([#7928](https://github.com/containerd/containerd/pull/7928)) * **Update release builds to build from Ubuntu 20.04 with glibc 2.31** ([#8021](https://github.com/containerd/containerd/pull/8021)) * **Use data field from OCI descriptor when provided for fetch** ([#8076](https://github.com/containerd/containerd/pull/8076)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Kazuyoshi Kato * Maksym Pavlenko * Wei Fu * Phil Estes * Akihiro Suda * Sebastiaan van Stijn * Samuel Karp * Krisztian Litkey * Mike Brown * Stefan Berger * Danny Canter * Austin Vazquez * Daniel Canter * yanggang * Iceber Gu * Ye Sijun * Ed Bartosh * Luca Comellini * Adam Korcz * Nashwan Azhari * Tony Fang * ruiwen-zhao * xin.li * Brian Goff * Gabriel Adrian Samfira * Paul "TBBle" Hampson * Henry Wang * Kevin Parsons * Rodrigo Campos * zounengren * Justin Terry * Paco Xu * Shengjing Zhu * Swagat Bora * wanglei * Gavin Inglis * Akhil Mohan * Zechun Chen * guodong * lengrongfu * Hsing-Yu (David) Chen * James Jenkins * James Sturtevant * Kirtana Ashok * Michael Crosby * Qiutong Song * Shiming Zhang * Vincent Batts * dependabot[bot] * Antonio Ojea * Cameron Sparr * Casey Callendrello * Changwei Ge * Jian Zeng * Josh Seba * Junyu Liu * Kohei Tokunaga * Michael Zappa * Qasim Sarfraz * Tobias Klauser * Zhang Tianyang * pigletfly * yaoyinnan * Abirdcfly * Aditi Sharma * Amit Barve * Bennett-White * Bjorn Neergaard * Cory Snider * Craig Ingram * Eng Zer Jun * Eric Lin * Ethan Lowman * Fabian Hoffmann * Jess * Jiongchi Yu * Jonny Stoten * Juan Hoyos * Kang.Zhang * Kay Yan * Markus Lehtonen * Mikko Ylinen * Mohit Sharma * Paul Cacheux * Paul S. Schweigert * Qian Zhang * Tõnis Tiigi * Yasin Turan * bin liu * helen * yulng * Aman Sharma * Anastassios Nanos * Andrew G. Morgan * Andrey Klimentyev * Aniruddha Basak * Anthony Nandaa * Antti Kervinen * Aviral Takkar * Baoshuo * Benjamin Elder * Benjamin Wang * Brandon Lum * Chao Dai * Chuanying Du * Claudiu Belu * Daniel Lenar * Danielle Lancashire * Dat Nguyen * Davanum Srinivas * Dave * David Leadbeater * David Porter * Dmitry Shurupov * Edgar Lee * Eric Ernst * Fahed Dorgaa * Gabriela Cervantes * Gijs Peskens * Hamza El-Saawy * Ikko Ashimine * Jeff Widman * Jeff Zvier * Jeremi Piotrowski * Jimmy Hsiao * Jin Dong * Jordan Karaze * Joseph Sheng * Joyce Brum * Jukka Rissanen * Justin Chadwell * Kate * Kathryn Baldauf * Kyle L Frisbie * LongtaoZhang * Manuel Alejandro de Brito Fontes * Marc Schwind * Mark Rossetti * Mark Zhang * Marvin Giessing * Mathis Michel * Merlin Ran * Nabeel Rana * Nathan * Nguyen Phan Huy * Nikita Rybak * Nobel Barakat * Oleg Atamanenko * Oleg Zhurakivskyy * Oliver Radwell * Paweł Gronowski * Quan Tian * Roy Yang * Samuel Ortiz * Serge Logvinov * Shane Jennings * Shaun Lawrie * Shinichi Morimoto * SilverSoldier * Sophie Liu * Su Fei * Taeho Nam * Takumasa Sakao * Tiger Kaovilai * Tom Godkin * Tomoya.Fujita * Xinlin Ma * Yakul Garg * Zhongming Chang * Zhuchen Wang * austinvazquez * cardy.tang * chaunceyjiang * dabaooline * guiyong.ou * huoqifeng * jianfei.zhang * liyuxuan.darfux * ningmingxiao * shi yixue * shuaichang * songjiang han * wen chen * wusong * xiaoyang zhu * yanghesong * yaozhenxiu * zhang he ### Changes <details><summary>1745 commits</summary> <p> * Prepare release notes for v1.7.0-rc.3 ([#8233](https://github.com/containerd/containerd/pull/8233)) * Go 1.20.2 ([#8237](https://github.com/containerd/containerd/pull/8237)) * Update ttrpc to v1.2.1 ([#8236](https://github.com/containerd/containerd/pull/8236)) * sandbox: create sandbox with network namespace path ([#8149](https://github.com/containerd/containerd/pull/8149)) * labels: Add LabelDistributionSource ([#8224](https://github.com/containerd/containerd/pull/8224)) * archive: disable looking up usernames and groupnames on the host ([#8220](https://github.com/containerd/containerd/pull/8220)) * go.mod: go.opentelemetry.io/otel/* v1.14.0 ([#8222](https://github.com/containerd/containerd/pull/8222)) * metadata: add comments about `Image.CreatedAt` ([#8225](https://github.com/containerd/containerd/pull/8225)) * Add release notes for v1.7.0-rc.2 ([#8216](https://github.com/containerd/containerd/pull/8216)) * go.mod: {hcsshim, containerd/*, go-restful/v3, mergo, klauspost/compress, opencontainers/*}@latest ([#8221](https://github.com/containerd/containerd/pull/8221)) * Bump k8s.io deps ([#8131](https://github.com/containerd/containerd/pull/8131)) * Update imgcrypt to v1.1.7 ([#8217](https://github.com/containerd/containerd/pull/8217)) * Add ArgsEscaped support for CRI ([#8198](https://github.com/containerd/containerd/pull/8198)) * Sandbox: Delete shim+shutdown sandbox on create failure ([#8204](https://github.com/containerd/containerd/pull/8204)) * [Feature] Transfer tag image ([#8205](https://github.com/containerd/containerd/pull/8205)) * docs: fix typo of shim.RunManager's function comment ([#8214](https://github.com/containerd/containerd/pull/8214)) * [cri] Implement CRI Pod and Container stats for Windows ([#7099](https://github.com/containerd/containerd/pull/7099)) * Sandbox: Fix/enhance error messages for Create ([#8203](https://github.com/containerd/containerd/pull/8203)) * epoch: fix unit test when SOURCE_DATE_EPOCH is set ([#8202](https://github.com/containerd/containerd/pull/8202)) * pkg/cri: add timeout to drain exec io ([#7832](https://github.com/containerd/containerd/pull/7832)) * Prepare release notes for v1.7.0-rc.1 ([#8192](https://github.com/containerd/containerd/pull/8192)) * Transfer export image ([#8191](https://github.com/containerd/containerd/pull/8191)) * Create config struct to take user input ([#8193](https://github.com/containerd/containerd/pull/8193)) * ctr/tasks: support remapped UID/GID ([#7864](https://github.com/containerd/containerd/pull/7864)) * Add experimental section to RELEASES.md ([#8119](https://github.com/containerd/containerd/pull/8119)) * Fix streaming manager deadlock on collection ([#8188](https://github.com/containerd/containerd/pull/8188)) * Update CRI guide link ([#8190](https://github.com/containerd/containerd/pull/8190)) * Add max shim version environment variable ([#8189](https://github.com/containerd/containerd/pull/8189)) * Update README with location of security audits ([#8187](https://github.com/containerd/containerd/pull/8187)) * docs: fix typos in historical/design/data-flow.md ([#8181](https://github.com/containerd/containerd/pull/8181)) * Increase CI workflow timeout on Windows. ([#8183](https://github.com/containerd/containerd/pull/8183)) * releases: mark 1.5 as EOL ([#8178](https://github.com/containerd/containerd/pull/8178)) * Add version to shim protocol ([#8177](https://github.com/containerd/containerd/pull/8177)) * Rework install-protobuf script and add new targets ([#8164](https://github.com/containerd/containerd/pull/8164)) * bump go-cni to v1.1.9 ([#8173](https://github.com/containerd/containerd/pull/8173)) * Treat sandboxes as root gc resources and scan referenced objects ([#8172](https://github.com/containerd/containerd/pull/8172)) * update CDI version to v0.5.4 ([#8152](https://github.com/containerd/containerd/pull/8152)) * Prepare release notes for v1.7.0-rc.0 ([#8162](https://github.com/containerd/containerd/pull/8162)) * pkg/nri: pull in latest NRI, update NRI configuration. ([#8140](https://github.com/containerd/containerd/pull/8140)) * [transfer]Config options followup ([#8165](https://github.com/containerd/containerd/pull/8165)) * Add configuration options to local transfer service ([#8062](https://github.com/containerd/containerd/pull/8062)) * docs: Show how to select GRPC for shims ([#8134](https://github.com/containerd/containerd/pull/8134)) * CRI: remove duplicated snapshotters code ([#8154](https://github.com/containerd/containerd/pull/8154)) * docs: add more comment to logging.LoggerFunc ([#8142](https://github.com/containerd/containerd/pull/8142)) * contrib/apparmor: remove code related to apparmor_parser version ([#8069](https://github.com/containerd/containerd/pull/8069)) * runtime/v2: Call onCloseWithShimLog for grpc shims ([#8120](https://github.com/containerd/containerd/pull/8120)) * Add Fields type alias to log package ([#8143](https://github.com/containerd/containerd/pull/8143)) * Migrate from k8s.gcr.io to registry.k8s.io ([#8125](https://github.com/containerd/containerd/pull/8125)) * sandbox: start sandbox with options ([#8129](https://github.com/containerd/containerd/pull/8129)) * Add macOS build note ([#8115](https://github.com/containerd/containerd/pull/8115)) * Fix concurrent writes for UpdateContainerStats ([#8130](https://github.com/containerd/containerd/pull/8130)) * dependency: bump go.etcd.io/bbolt to v1.3.7 ([#8128](https://github.com/containerd/containerd/pull/8128)) * runtime/v2: Log BootstrapParams ([#8124](https://github.com/containerd/containerd/pull/8124)) * Prepare release notes for v1.7.0 beta.4 ([#8110](https://github.com/containerd/containerd/pull/8110)) * Go 1.20.1 ([#8103](https://github.com/containerd/containerd/pull/8103)) * ctr version: add args check ([#8096](https://github.com/containerd/containerd/pull/8096)) * pkg/cri/config: fix Mirrors deprecation comment ([#8041](https://github.com/containerd/containerd/pull/8041)) * docs: fix function names in fuzzing test documentation ([#8044](https://github.com/containerd/containerd/pull/8044)) * fix: 'go routine' should be 'goroutine' ([#8051](https://github.com/containerd/containerd/pull/8051)) * Github Security Advisory [GHSA-hmfx-3pcx-653p](https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p) * Github Security Advisory [GHSA-259w-8hf6-59c2](https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2) * pkg/cri/sbserver: experimental NRI integration for CRI. ([#7954](https://github.com/containerd/containerd/pull/7954)) * Clean up error strings that start with uppercase ([#8114](https://github.com/containerd/containerd/pull/8114)) * Clean up repeated package import ([#8113](https://github.com/containerd/containerd/pull/8113)) * Go 1.19.6 ([#8109](https://github.com/containerd/containerd/pull/8109)) * Initial GRPC shims support ([#8052](https://github.com/containerd/containerd/pull/8052)) * CRI: Pass sandbox annotations to _other platforms ([#8060](https://github.com/containerd/containerd/pull/8060)) * cmd/ctr/commands/images: support usage subcommand ([#8105](https://github.com/containerd/containerd/pull/8105)) * cni: pass in the cgroupPath capability argument ([#8067](https://github.com/containerd/containerd/pull/8067)) * Add fallback for windows platforms without osversion ([#8101](https://github.com/containerd/containerd/pull/8101)) * release: xx v1.2.1 ([#8104](https://github.com/containerd/containerd/pull/8104)) * [transfer] update imagestore interface to support multiple references ([#7964](https://github.com/containerd/containerd/pull/7964)) * [sandbox] Use options to pass PodSandboxConfig to shims ([#8100](https://github.com/containerd/containerd/pull/8100)) * Send container events with nil PodSandboxStatus ([#8047](https://github.com/containerd/containerd/pull/8047)) * test: add hostNetwork tests for both windows and linux ([#7984](https://github.com/containerd/containerd/pull/7984)) * loadConfig pre-inspection in advance ([#8097](https://github.com/containerd/containerd/pull/8097)) * contrib/apparmor: remove version-dependent rules ([#8068](https://github.com/containerd/containerd/pull/8068)) * *: introduce wrapper pkgs for blockio and rdt ([#8066](https://github.com/containerd/containerd/pull/8066)) * Extract CRI instrument into separate package ([#8093](https://github.com/containerd/containerd/pull/8093)) * CRI: Mirror generic toml runtime config under server ([#8091](https://github.com/containerd/containerd/pull/8091)) * go.mod: github.com/containerd/typeurl/v2 v2.1.0 ([#8092](https://github.com/containerd/containerd/pull/8092)) * Revert `apparmor_parser` regression ([#8086](https://github.com/containerd/containerd/pull/8086)) * [sandbox] refactor controller interface ([#7981](https://github.com/containerd/containerd/pull/7981)) * btrfs: depend on kernel UAPI instead of libbtrfs ([#7933](https://github.com/containerd/containerd/pull/7933)) * CI: skip some jobs when `repo != containerd/containerd` ([#8082](https://github.com/containerd/containerd/pull/8082)) * chore: clean up repeated package import ([#8078](https://github.com/containerd/containerd/pull/8078)) * fetch: Use data from descriptor when available. ([#8076](https://github.com/containerd/containerd/pull/8076)) * chore: use http constants instead of string ([#8077](https://github.com/containerd/containerd/pull/8077)) * Fix retry logic within devmapper device deactivation ([#8075](https://github.com/containerd/containerd/pull/8075)) * Clean CI yaml ([#8071](https://github.com/containerd/containerd/pull/8071)) * Add critest.exe in $PATH ([#8074](https://github.com/containerd/containerd/pull/8074)) * keep the uppercase letter for flag info ([#7976](https://github.com/containerd/containerd/pull/7976)) * go.mod: Bump hcsshim to v0.10.0-rc.5 ([#8049](https://github.com/containerd/containerd/pull/8049)) * Fix sandbox exit monitor ([#8045](https://github.com/containerd/containerd/pull/8045)) * Generate GRPC contracts for runtime APIs ([#7979](https://github.com/containerd/containerd/pull/7979)) * Make argument validation of `mount.UnmountRecursive` compatible to `mount.UnmountAll` ([#8035](https://github.com/containerd/containerd/pull/8035)) * Export remote snapshotter label handler ([#8036](https://github.com/containerd/containerd/pull/8036)) * Adding support to run install hcsshim from local clone ([#7989](https://github.com/containerd/containerd/pull/7989)) * go.mod: github.com/urfave/cli v1.22.12 ([#8040](https://github.com/containerd/containerd/pull/8040)) * cmd/ctr/commands: clean up the func IntToInt32Array in utils.go ([#8039](https://github.com/containerd/containerd/pull/8039)) * pkg/epoch: drop timezone ([#8037](https://github.com/containerd/containerd/pull/8037)) * go.mod: update github.com/containerd/nri. ([#8034](https://github.com/containerd/containerd/pull/8034)) * fix(docs): minor fix on the windows installation steps ([#8013](https://github.com/containerd/containerd/pull/8013)) * Add integration test to opentelemetry tracing on image pull ([#7847](https://github.com/containerd/containerd/pull/7847)) * Use mount.Target to specify subdirectory of rootfs mount ([#7840](https://github.com/containerd/containerd/pull/7840)) * cri: mkdir /etc/cni with 0755, not 0700 ([#8020](https://github.com/containerd/containerd/pull/8020)) * log/logtest: add `testcase` as debug field ([#8025](https://github.com/containerd/containerd/pull/8025)) * go.mod: github.com/containerd/cgroups/v3 v3.0.0 ([#8027](https://github.com/containerd/containerd/pull/8027)) * Update CNI plugins to 1.2.0 ([#7977](https://github.com/containerd/containerd/pull/7977)) * go.mod: go.opentelemetry.io/otel v1.12.0 ([#8026](https://github.com/containerd/containerd/pull/8026)) * Move PLEG events for pause container under podsandbox package ([#8007](https://github.com/containerd/containerd/pull/8007)) * runtime docs: Clarify delete cwd behavior ([#8012](https://github.com/containerd/containerd/pull/8012)) * release: Add "cri-containerd.DEPRECATED.txt" in the deprecated cri-containerd-* bundles ([#8019](https://github.com/containerd/containerd/pull/8019)) * RELEASES.md: update release status ([#8022](https://github.com/containerd/containerd/pull/8022)) * deflake: TestContainerPids ([#8023](https://github.com/containerd/containerd/pull/8023)) * release: Ubuntu 18.04 -> 20.04 (glibc 2.27 -> 2.31) ([#8021](https://github.com/containerd/containerd/pull/8021)) * Update the EOL date for 1.5 release ([#8015](https://github.com/containerd/containerd/pull/8015)) * Prepare release notes for v1.7.0-beta.3 ([#8014](https://github.com/containerd/containerd/pull/8014)) * Fix Memory Limit test ([#7959](https://github.com/containerd/containerd/pull/7959)) * Reused package errdefs for not supported error ([#8005](https://github.com/containerd/containerd/pull/8005)) * pkg/cri: optimize slice initialization ([#7994](https://github.com/containerd/containerd/pull/7994)) * go.mod: update goresctrl to v0.3.0 ([#7987](https://github.com/containerd/containerd/pull/7987)) * pushWriter: correctly propagate errors ([#7985](https://github.com/containerd/containerd/pull/7985)) * CI: test release.yml on every PR ([#7968](https://github.com/containerd/containerd/pull/7968)) * fix incorrect namespace of event when create/update namespace ([#7129](https://github.com/containerd/containerd/pull/7129)) * Backport changes to sandboxed CRI ([#7973](https://github.com/containerd/containerd/pull/7973)) * Fix syntax errors in the document ([#7970](https://github.com/containerd/containerd/pull/7970)) * release/Dockerfile: set DEBIAN_FRONTEND=noninteractive ([#7969](https://github.com/containerd/containerd/pull/7969)) * use local variable for rt when iterating collectors ([#7963](https://github.com/containerd/containerd/pull/7963)) * Add basic spec and mounts for Darwin ([#7960](https://github.com/containerd/containerd/pull/7960)) * go.mod: Bump hcsshim to v0.10.0-rc.4 ([#7810](https://github.com/containerd/containerd/pull/7810)) * Use specs Platform instead of generated API ([#7958](https://github.com/containerd/containerd/pull/7958)) * Make OCI options cross-platform ([#7928](https://github.com/containerd/containerd/pull/7928)) * update to go1.19.5, go1.18.10 ([#7948](https://github.com/containerd/containerd/pull/7948)) * fuzzing: improve archive fuzzer ([#7957](https://github.com/containerd/containerd/pull/7957)) * shim: enable debug logging for delete ([#7943](https://github.com/containerd/containerd/pull/7943)) * cri: Fix TestUpdateOCILinuxResource for host w/o swap controller ([#7946](https://github.com/containerd/containerd/pull/7946)) * ctr/run: flags --detach and --rm cannot be specified together ([#7929](https://github.com/containerd/containerd/pull/7929)) * Fix Flaky Windows CRI Integration test on TestContainerConsumedStats ([#7935](https://github.com/containerd/containerd/pull/7935)) * Refactor snapshotters metastore transaction ([#7917](https://github.com/containerd/containerd/pull/7917)) * mod: update github.com/pelletier/go-toml@v1.9.5 ([#7932](https://github.com/containerd/containerd/pull/7932)) * archive: improve TestSourceDateEpoch ([#7927](https://github.com/containerd/containerd/pull/7927)) * Add tracing plugin test ([#7883](https://github.com/containerd/containerd/pull/7883)) * docs/content-flow: update the description of the content labels ([#7925](https://github.com/containerd/containerd/pull/7925)) * Add cleanup package for context management during cleanup ([#7861](https://github.com/containerd/containerd/pull/7861)) * Fix race between stream registration and use ([#7886](https://github.com/containerd/containerd/pull/7886)) * Prepare release notes for v1.7.0-beta.2 ([#7903](https://github.com/containerd/containerd/pull/7903)) * Cirrus CI (Fedora 37, Rocky 8): enable cri-integration ([#7892](https://github.com/containerd/containerd/pull/7892)) * contrib/Dockerfile.test: add "integration", "cri-integration", "critest" stages ([#7891](https://github.com/containerd/containerd/pull/7891)) * docs: fix a typo in tracing documentation ([#7914](https://github.com/containerd/containerd/pull/7914)) * CI: Pass GITHUB_TOKEN to containerd/project-checks ([#7913](https://github.com/containerd/containerd/pull/7913)) * Enable dupword linter ([#7911](https://github.com/containerd/containerd/pull/7911)) * ctr: Add platform flag to 'oci spec' command ([#7905](https://github.com/containerd/containerd/pull/7905)) * Vagrantfile: fix disk resize error with VirtualBox ([#7907](https://github.com/containerd/containerd/pull/7907)) * Vagrantfile: fix comments about SELinux ([#7908](https://github.com/containerd/containerd/pull/7908)) * Use the const labels.LabelUncompressed ([#7906](https://github.com/containerd/containerd/pull/7906)) * [sandbox] Add sandbox store plugin type ([#7850](https://github.com/containerd/containerd/pull/7850)) * Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts ([#7893](https://github.com/containerd/containerd/pull/7893)) * CRI: Comment cleanup/misc fixes ([#7904](https://github.com/containerd/containerd/pull/7904)) * Move snapshot event publishing into metadata store ([#5674](https://github.com/containerd/containerd/pull/5674)) * Vagrantfile: install-rootless-podman: remove `setenforce 0` ([#7887](https://github.com/containerd/containerd/pull/7887)) * reused package errdefs for error ([#7894](https://github.com/containerd/containerd/pull/7894)) * integration/images: switch away from Docker Hub to avoid rate limit ([#7888](https://github.com/containerd/containerd/pull/7888)) * Validate userns container config is consistent with sandbox userns config ([#7882](https://github.com/containerd/containerd/pull/7882)) * `ctr contents ls` sorts the labels of the content ([#7881](https://github.com/containerd/containerd/pull/7881)) * chore: use `go fix` to cleanup old +build buildtag ([#7879](https://github.com/containerd/containerd/pull/7879)) * cri: Shadow variables to avoid t.Parallel() issues ([#7880](https://github.com/containerd/containerd/pull/7880)) * Add support for user namespaces in stateless pods (KEP-127) ([#7679](https://github.com/containerd/containerd/pull/7679)) * Refactor metastore transaction ([#7529](https://github.com/containerd/containerd/pull/7529)) * oci: appendOSMounts(): remove unused error, and move ([#7874](https://github.com/containerd/containerd/pull/7874)) * add kube v1.26: remove v1alph2 cri support ([#7863](https://github.com/containerd/containerd/pull/7863)) * make runc 1.1 for oss_fuzz_build.sh ([#7875](https://github.com/containerd/containerd/pull/7875)) * CRI sbserver: Prevent server reuse after Shutdown ([#7872](https://github.com/containerd/containerd/pull/7872)) * Fix incorrect defer usage and refactor judgement ([#7521](https://github.com/containerd/containerd/pull/7521)) * oci: Add WithDomainname ([#7869](https://github.com/containerd/containerd/pull/7869)) * Reused errdefs define error ([#7871](https://github.com/containerd/containerd/pull/7871)) * fix `ctr tasks kill` does not remove cni network under windows ([#7866](https://github.com/containerd/containerd/pull/7866)) * add network plugin metrics ([#7858](https://github.com/containerd/containerd/pull/7858)) * Avoid using canceled context in unpacker cleanup ([#7859](https://github.com/containerd/containerd/pull/7859)) * image/label: print more characters of label keys ([#7618](https://github.com/containerd/containerd/pull/7618)) * prevent Server reuse after a Shutdown ([#7165](https://github.com/containerd/containerd/pull/7165)) * Check containerd's readiness before calling critest ([#7851](https://github.com/containerd/containerd/pull/7851)) * Fix grammatical errors in Readme ([#7837](https://github.com/containerd/containerd/pull/7837)) * Fix cpu architecture detection issue on linux/arm ([#7636](https://github.com/containerd/containerd/pull/7636)) * CRI: Fix no CNI info for pod sandbox on restart ([#7845](https://github.com/containerd/containerd/pull/7845)) * Enable checkRename test ([#7081](https://github.com/containerd/containerd/pull/7081)) * metastore: Add WithTransaction convenience method ([#7781](https://github.com/containerd/containerd/pull/7781)) * Prevent a race condition in testHook ([#7831](https://github.com/containerd/containerd/pull/7831)) * cri: fix `memory.memsw.limit_in_bytes: no such file or directory` ([#7836](https://github.com/containerd/containerd/pull/7836)) * go.mod: update fuzz-headers and fuzz-build ([#7824](https://github.com/containerd/containerd/pull/7824)) * Remove github.com/gogo/protobuf again ([#7825](https://github.com/containerd/containerd/pull/7825)) * CRI: Add host networking helper ([#7814](https://github.com/containerd/containerd/pull/7814)) * Support sandbox shutdown in shim runtimes ([#7792](https://github.com/containerd/containerd/pull/7792)) * move up to CRI-TOOLS v1.26.0 ([#7818](https://github.com/containerd/containerd/pull/7818)) * Minor fix when querying pod sandbox status ([#7812](https://github.com/containerd/containerd/pull/7812)) * nil check to avoid panic on upgrade ([#7809](https://github.com/containerd/containerd/pull/7809)) * Bump grpc to v1.51.0 ([#7709](https://github.com/containerd/containerd/pull/7709)) * fatal error: concurrent map iteration and map write ([#7805](https://github.com/containerd/containerd/pull/7805)) * Bump golangci-lint to v1.50.1 ([#7804](https://github.com/containerd/containerd/pull/7804)) * cri: make swapping disabled with memory limit ([#7783](https://github.com/containerd/containerd/pull/7783)) * add metrics for image pulling: error; in progress count; thoughput ([#7313](https://github.com/containerd/containerd/pull/7313)) * Prepare release notes for v1.7.0-beta.1 ([#7793](https://github.com/containerd/containerd/pull/7793)) * support fetching containerd from non public GCS buckets ([#7771](https://github.com/containerd/containerd/pull/7771)) * images: support specifying SourceDateEpoch via ctx ([#7651](https://github.com/containerd/containerd/pull/7651)) * fuzzing: improve archive fuzzer ([#7718](https://github.com/containerd/containerd/pull/7718)) * fix sdNotify func when debug level ([#7798](https://github.com/containerd/containerd/pull/7798)) * Upgrade GitHub actions packages in release workflow ([#7794](https://github.com/containerd/containerd/pull/7794)) * Enable GitHub Actions local Linux CI runs ([#7796](https://github.com/containerd/containerd/pull/7796)) * integration: increase timeout in container_event_test.go ([#7791](https://github.com/containerd/containerd/pull/7791)) * digest: use github.com/minio/sha256-simd ([#7732](https://github.com/containerd/containerd/pull/7732)) * allow client to remove created tasks with PID 0 ([#7787](https://github.com/containerd/containerd/pull/7787)) * Add container event support to containerd ([#7073](https://github.com/containerd/containerd/pull/7073)) * docs: Authorizer.Authorize could return ErrUnexpectedStatus ([#7786](https://github.com/containerd/containerd/pull/7786)) * fix: check for tmpfs when evaluating if userxattr is needed ([#7772](https://github.com/containerd/containerd/pull/7772)) * Pass TOML configuration options for runtimes CRI is not aware of ([#7764](https://github.com/containerd/containerd/pull/7764)) * Cleanup build constraints ([#7776](https://github.com/containerd/containerd/pull/7776)) * There is no way to disable debug endpoint on Darwin ([#7775](https://github.com/containerd/containerd/pull/7775)) * CI: Vagrant: pin rockylinux/8 to v5.0.0 ([#7777](https://github.com/containerd/containerd/pull/7777)) * vendor: golang.org/x/net v0.4.0 ([#7774](https://github.com/containerd/containerd/pull/7774)) * Fix context when waiting sandbox ([#7773](https://github.com/containerd/containerd/pull/7773)) * Github Security Advisory [GHSA-2qjp-425j-52j9](https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9) * update to go1.19.4, go1.18.9 ([#7765](https://github.com/containerd/containerd/pull/7765)) * Change PushContent to require only Provider ([#7763](https://github.com/containerd/containerd/pull/7763)) * sbserver bug fixing ([#7768](https://github.com/containerd/containerd/pull/7768)) * Add unit test to Opentelemetry tracing ([#7671](https://github.com/containerd/containerd/pull/7671)) * remove some (aliases for) deprecated functions ([#7525](https://github.com/containerd/containerd/pull/7525)) * Refactor ctr restore to allow for tty allocation ([#7673](https://github.com/containerd/containerd/pull/7673)) * fix panic when containerd-stress density --count 0 ([#7748](https://github.com/containerd/containerd/pull/7748)) * Unwrap proto errors in streaming client ([#7753](https://github.com/containerd/containerd/pull/7753)) * Fix process_vm_* syscall names in seccomp ([#7755](https://github.com/containerd/containerd/pull/7755)) * upgrade the ops.md output for current 1.7 version . ([#7747](https://github.com/containerd/containerd/pull/7747)) * docs: Add extra security instructions ([#7743](https://github.com/containerd/containerd/pull/7743)) * go.mod: re-vendor NRI from the official repo. ([#7744](https://github.com/containerd/containerd/pull/7744)) * [Sandbox API] CRI status cleanup ([#7731](https://github.com/containerd/containerd/pull/7731)) * Transfer service ([#7320](https://github.com/containerd/containerd/pull/7320)) * NRI: add support for NRI with extended scope. ([#6019](https://github.com/containerd/containerd/pull/6019)) * archive: set WithModTimeUpperBound when WithSourceDateEpoch is set ([#7710](https://github.com/containerd/containerd/pull/7710)) * Fix order of operations when setting lease labels ([#7702](https://github.com/containerd/containerd/pull/7702)) * Add ctr image prune command ([#7730](https://github.com/containerd/containerd/pull/7730)) * Check for nullptr before dereferencing ([#7708](https://github.com/containerd/containerd/pull/7708)) * use MaxConcurrentDownloads instead of MaxConcurrentUploadedLayers ([#7736](https://github.com/containerd/containerd/pull/7736)) * introspection: expose the daemon's PID and PIDNS ([#7694](https://github.com/containerd/containerd/pull/7694)) * reference/docker: synchronize fork with upstream distribution/distribution ([#7635](https://github.com/containerd/containerd/pull/7635)) * go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions ([#7721](https://github.com/containerd/containerd/pull/7721)) * Add ptrace readby and tracedby to default AppArmor profile ([#7714](https://github.com/containerd/containerd/pull/7714)) * Fix sandbox API when calling sandboxed shims ([#7684](https://github.com/containerd/containerd/pull/7684)) * make status more readable and update easy. ([#7669](https://github.com/containerd/containerd/pull/7669)) * integration/client: fix go.mod grouping, containerd to v1.7.0-beta.0, cgroups back to v1.0.4 ([#7720](https://github.com/containerd/containerd/pull/7720)) * Resolve warnings in Windows GitHub Actions periodic workflows ([#7706](https://github.com/containerd/containerd/pull/7706)) * Sandbox API: implement Controller.Status for SandboxAPI ([#7470](https://github.com/containerd/containerd/pull/7470)) * [port #5904 to sbserver] Setup pod network after creating the sandbox container ([#7426](https://github.com/containerd/containerd/pull/7426)) * fix for OSS-Fuzz infra changes ([#7677](https://github.com/containerd/containerd/pull/7677)) * runtime/v2/shim: clean up the use of containerdBinary ([#7499](https://github.com/containerd/containerd/pull/7499)) * Add process_vm read and write calls to default seccomp profile ([#7693](https://github.com/containerd/containerd/pull/7693)) * Resolve Scorecards GitHub Actions workflow warnings ([#7707](https://github.com/containerd/containerd/pull/7707)) * cri: add pod uid annotation ([#7697](https://github.com/containerd/containerd/pull/7697)) * Missed out `platform interface` when reused the conn for Client. ([#7699](https://github.com/containerd/containerd/pull/7699)) * overlayfs: remove duplicated tx rollback ([#7700](https://github.com/containerd/containerd/pull/7700)) * go.mod: update some dependencies ([#7704](https://github.com/containerd/containerd/pull/7704)) * update github.com/cpuguy83/go-md2man/v2 to v2.0.2 ([#7705](https://github.com/containerd/containerd/pull/7705)) * Fsnotify bump and change code ([#7703](https://github.com/containerd/containerd/pull/7703)) * fix build containerd in centos9 ([#7683](https://github.com/containerd/containerd/pull/7683)) * Bump urfave-cli to v1.22.10 ([#7701](https://github.com/containerd/containerd/pull/7701)) * can set up the network serially by CNI plugins ([#7685](https://github.com/containerd/containerd/pull/7685)) * Update cri-api dependency to v0.26.0-beta.0 ([#7656](https://github.com/containerd/containerd/pull/7656)) * overlay: Remove unused method param ([#7696](https://github.com/containerd/containerd/pull/7696)) * CI: update Fedora to 37 ([#7691](https://github.com/containerd/containerd/pull/7691)) * tx rollback when GetInfo return error ([#7678](https://github.com/containerd/containerd/pull/7678)) * Upgrade github.com/containerd/cgroups from v1 to v3 ([#7601](https://github.com/containerd/containerd/pull/7601)) * Remove OpenTelementry imports from remotes/docker package ([#7675](https://github.com/containerd/containerd/pull/7675)) * Expose Done and Err in Shutdown service ([#7686](https://github.com/containerd/containerd/pull/7686)) * gotestsum match go version 1.19 ([#7688](https://github.com/containerd/containerd/pull/7688)) * complement sub-command note for containerd-main ([#7670](https://github.com/containerd/containerd/pull/7670)) * keep the lower case letter for flag info ([#7668](https://github.com/containerd/containerd/pull/7668)) * bump critools into ca1571e6edd116b2c95f52e3dfa0b4779b74223a ([#7666](https://github.com/containerd/containerd/pull/7666)) * Fix broken link for CRI plugin in docs ([#7667](https://github.com/containerd/containerd/pull/7667)) * add option to resolve symlinks in WithLinuxDevice ([#7523](https://github.com/containerd/containerd/pull/7523)) * Bump k8s.io deps to v0.25.4 ([#7663](https://github.com/containerd/containerd/pull/7663)) * Release: add static binaries ([#7659](https://github.com/containerd/containerd/pull/7659)) * Bump OpenTelemetry contrib to v0.36.4 ([#7662](https://github.com/containerd/containerd/pull/7662)) * Fix slice append error (`spec.Linux.Resources.HugepageLimits`) ([#7661](https://github.com/containerd/containerd/pull/7661)) * Bump OpenTelemetry to v1.11.1 ([#7660](https://github.com/containerd/containerd/pull/7660)) * feature: add gc scheduler metrics collection count ([#5263](https://github.com/containerd/containerd/pull/5263)) * Add `--debug` args to all subcommands of `ctr pprof` ([#7629](https://github.com/containerd/containerd/pull/7629)) * Add a thin wrapper around otel Span object ([#7655](https://github.com/containerd/containerd/pull/7655)) * Bump grpc to v1.50.1 ([#7643](https://github.com/containerd/containerd/pull/7643)) * replace strings.Split(N) for strings.Cut() or alternatives ([#7631](https://github.com/containerd/containerd/pull/7631)) * add oci.WithCPURT ([#7642](https://github.com/containerd/containerd/pull/7642)) * Sandbox API: Add a new mode config for sandbox controller impls ([#7590](https://github.com/containerd/containerd/pull/7590)) * fuzzing: bump go-fuzz-headers ([#7625](https://github.com/containerd/containerd/pull/7625)) * Bump k8s.io deps to v0.25.3 ([#7637](https://github.com/containerd/containerd/pull/7637)) * Remove uses of deprecated go-digest.NewDigestFromHex, go-digest.Digest.Hex ([#7641](https://github.com/containerd/containerd/pull/7641)) * Extra documentation for content interfaces ([#7640](https://github.com/containerd/containerd/pull/7640)) * Fix shim socket permissions on Darwin ([#7638](https://github.com/containerd/containerd/pull/7638)) * s390x: build and package s390x bin in release assets ([#7614](https://github.com/containerd/containerd/pull/7614)) * Replace mount fork hack with CLONE_FS ([#7513](https://github.com/containerd/containerd/pull/7513)) * remotes: add `FetcherByDigest` for fetching blobs without foreknown descriptors (useful for general-purpose CAS) ([#7460](https://github.com/containerd/containerd/pull/7460)) * Fix "getCPUInfo for OS freebsd: not implemented" on FreeBSD/arm64 ([#7403](https://github.com/containerd/containerd/pull/7403)) * Support default hosts.toml configuration ([#7607](https://github.com/containerd/containerd/pull/7607)) * Add tracing spans in CRI image service and pull.go ([#7453](https://github.com/containerd/containerd/pull/7453)) * Fix missing closed fifo ([#7604](https://github.com/containerd/containerd/pull/7604)) * fix comments ([#7624](https://github.com/containerd/containerd/pull/7624)) * docs: add additional info in backport process ([#7626](https://github.com/containerd/containerd/pull/7626)) * go.mod: golang.org/x/*: use tagged versions ([#7621](https://github.com/containerd/containerd/pull/7621)) * Bump go version to 1.19.3 ([#7620](https://github.com/containerd/containerd/pull/7620)) * ctr export strictly matching ([#7615](https://github.com/containerd/containerd/pull/7615)) * Fix ctr crash when pulling with --http-dump and --http-trace simultaneously ([#7617](https://github.com/containerd/containerd/pull/7617)) * Harden GITHUB_TOKEN permissions for OSSF Scorecard ([#7599](https://github.com/containerd/containerd/pull/7599)) * overlayutils: Add fastpath for userxattr check ([#7611](https://github.com/containerd/containerd/pull/7611)) * Add sequence diagram for shim runtime v2 ([#7606](https://github.com/containerd/containerd/pull/7606)) * Sandbox API: Move remote impls to /sandbox/proxy ([#7600](https://github.com/containerd/containerd/pull/7600)) * fuzzing: improve archive fuzzer ([#7588](https://github.com/containerd/containerd/pull/7588)) * Retry client connection in waitForStart ([#7537](https://github.com/containerd/containerd/pull/7537)) * Add Workflow for running critest with Hyper-V Containers on Windows. ([#7025](https://github.com/containerd/containerd/pull/7025)) * Add release notes for v1.7.0-beta.0 ([#7575](https://github.com/containerd/containerd/pull/7575)) * Cleanup sandbox interfaces ([#7576](https://github.com/containerd/containerd/pull/7576)) * Update GitHub actions release workflow set output ([#7581](https://github.com/containerd/containerd/pull/7581)) * Fix LogURI generation-related tests on Windows. ([#7569](https://github.com/containerd/containerd/pull/7569)) * maintenance: Remove WithWindowsNetworkNamespace from pkg/cri ([#7577](https://github.com/containerd/containerd/pull/7577)) * CRI: implement Controller.Delete for SandboxAPI ([#7457](https://github.com/containerd/containerd/pull/7457)) * Configure CDI registry only on start ([#7419](https://github.com/containerd/containerd/pull/7419)) * update codeql-action to v2 ([#7568](https://github.com/containerd/containerd/pull/7568)) * Add logging related metrics to Containerd CRI plugin ([#7546](https://github.com/containerd/containerd/pull/7546)) * sys: optimize and refactor MkdirAllWithACL() ([#7531](https://github.com/containerd/containerd/pull/7531)) * fix install cni script ([#7484](https://github.com/containerd/containerd/pull/7484)) * Update 1.5 release support timeframe ([#7560](https://github.com/containerd/containerd/pull/7560)) * bump go-fuzz-headers ([#7503](https://github.com/containerd/containerd/pull/7503)) * Add long term stable release branches ([#7454](https://github.com/containerd/containerd/pull/7454)) * fix pusher concurrent close channel ([#7473](https://github.com/containerd/containerd/pull/7473)) * Make tests on GitHub less noisy ([#7530](https://github.com/containerd/containerd/pull/7530)) * containerd should not print error log that failed to init a tracing processor while the tracing plugin is not loaded ([#7541](https://github.com/containerd/containerd/pull/7541)) * Update required Go version in BUILDING.md ([#7544](https://github.com/containerd/containerd/pull/7544)) * go.mod: matttproud/golang_protobuf_extensions v1.0.2 (use tag) ([#7522](https://github.com/containerd/containerd/pull/7522)) * Use `go env` to determine GOPATH in Makefile. ([#7542](https://github.com/containerd/containerd/pull/7542)) * clean-up "nolint" comments, remove unused ones, update golangci-lint ([#7349](https://github.com/containerd/containerd/pull/7349)) * Don't unmount on Darwin when deleting bundle ([#7534](https://github.com/containerd/containerd/pull/7534)) * Add timeouts to all CI jobs ([#7538](https://github.com/containerd/containerd/pull/7538)) * Vagrantfile: explicitly specify rsync as the shared folder driver ([#7539](https://github.com/containerd/containerd/pull/7539)) * sys: remove unused IsAbs() (windows) ([#7527](https://github.com/containerd/containerd/pull/7527)) * cri: PodSandboxStatus should tolerate missing task ([#7535](https://github.com/containerd/containerd/pull/7535)) * CI: update GHA instances from Ubuntu 18.04 to 20.04 ([#7489](https://github.com/containerd/containerd/pull/7489)) * fix the --no-pivot flag being ignored by `ctr tasks start` ([#7519](https://github.com/containerd/containerd/pull/7519)) * Update the default seccomp to block socket calls to AF_VSOCK ([#7510](https://github.com/containerd/containerd/pull/7510)) * cmd/containerd: use golang.org/x/sys/windows.SetStdHandle() ([#7511](https://github.com/containerd/containerd/pull/7511)) * Stats() shouldn't assume s.container is non-nil ([#7517](https://github.com/containerd/containerd/pull/7517)) * Move up actions versions to prep for NodeJS 12 deprecation ([#7516](https://github.com/containerd/containerd/pull/7516)) * cmd/containerd: use golang.org/x/sys Service.SetRecoveryActions() ([#7512](https://github.com/containerd/containerd/pull/7512)) * Updates oci image config to support upstream ArgsEscaped ([#7483](https://github.com/containerd/containerd/pull/7483)) * cmd/containerd: replace deprecated windows.IsAnInteractiveSession() ([#7497](https://github.com/containerd/containerd/pull/7497)) * Update container with sandbox metadata after NetNS is created ([#7481](https://github.com/containerd/containerd/pull/7481)) * archive: add WithSourceDateEpoch() for whiteouts ([#7478](https://github.com/containerd/containerd/pull/7478)) * TestTaskResize must use a terminal ([#7492](https://github.com/containerd/containerd/pull/7492)) * diff/apply.readCounter: check negative size ([#7494](https://github.com/containerd/containerd/pull/7494)) * Add new ctr option for discarding unpacked layers ([#7425](https://github.com/containerd/containerd/pull/7425)) * archive: windows: chtimes(): remove redundant conversion ([#7491](https://github.com/containerd/containerd/pull/7491)) * archive: validate digests before use ([#7488](https://github.com/containerd/containerd/pull/7488)) * vendor: github.com/opencontainers/selinux v1.10.2 ([#7482](https://github.com/containerd/containerd/pull/7482)) * fuzzing: create structured tar bytes in archive fuzzer ([#7477](https://github.com/containerd/containerd/pull/7477)) * Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 ([#7474](https://github.com/containerd/containerd/pull/7474)) * use raw link to containerd.service config ([#7463](https://github.com/containerd/containerd/pull/7463)) * cri doc: Update kata containers reference ([#7466](https://github.com/containerd/containerd/pull/7466)) * Setup pod network after creating the sandbox container ([#5904](https://github.com/containerd/containerd/pull/5904)) * Swap to net.ErrClosed checks for services ([#7446](https://github.com/containerd/containerd/pull/7446)) * go.mod: Bump go-winio to v0.6.0 ([#7443](https://github.com/containerd/containerd/pull/7443)) * fix retry when writer is reset on push ([#6995](https://github.com/containerd/containerd/pull/6995)) * CI: Output a summary using GITHUB_SUMMARY ([#7192](https://github.com/containerd/containerd/pull/7192)) * Fix missing close ([#7430](https://github.com/containerd/containerd/pull/7430)) * Add test flag for skipping shim cgroup test ([#7424](https://github.com/containerd/containerd/pull/7424)) * Refactor CRI fuzzers ([#7405](https://github.com/containerd/containerd/pull/7405)) * Fix LogURIGenerator on Windows ([#7351](https://github.com/containerd/containerd/pull/7351)) * Set grpc code for unimplemented cri-api methods ([#7417](https://github.com/containerd/containerd/pull/7417)) * Add reader option to local content reader at ([#7414](https://github.com/containerd/containerd/pull/7414)) * Sandbox API: implement Controller.Wait and Controller.Stop ([#7401](https://github.com/containerd/containerd/pull/7401)) * remove stray .zuul.yaml ([#7416](https://github.com/containerd/containerd/pull/7416)) * reference CDI configuration details ([#7408](https://github.com/containerd/containerd/pull/7408)) * cri-integration: propagate ENABLE_CRI_SANDBOXES ([#7413](https://github.com/containerd/containerd/pull/7413)) * Enable OpenSSF Scorecard Github Action ([#7404](https://github.com/containerd/containerd/pull/7404)) * Add ext2 fs support to devmapper snapshotter ([#7402](https://github.com/containerd/containerd/pull/7402)) * Fuzzing: Instrument with new sanitizers ([#7396](https://github.com/containerd/containerd/pull/7396)) * Upgrade fuzzing-related packages to reduce dependencies ([#7397](https://github.com/containerd/containerd/pull/7397)) * remotes/docker/config: Skipping TLS verification for localhost ([#7393](https://github.com/containerd/containerd/pull/7393)) * Replace github.com/emicklei/go-restful package, versions <2.16.0 ([#7395](https://github.com/containerd/containerd/pull/7395)) * Add NoSameOwner option when unpacking tars ([#7386](https://github.com/containerd/containerd/pull/7386)) * ctr: add privileged-without-host-devices for run command ([#7328](https://github.com/containerd/containerd/pull/7328)) * chore: matching the casing of other flags for ctr's pull command ([#7341](https://github.com/containerd/containerd/pull/7341)) * windows: Add runhcs-wcow-hypervisor runtimeclass to the default config ([#6901](https://github.com/containerd/containerd/pull/6901)) * Fix missing close ([#7370](https://github.com/containerd/containerd/pull/7370)) * CRI: update cdi version to v0.5.1 ([#7374](https://github.com/containerd/containerd/pull/7374)) * Update to go 1.19.1, 1.18.6 to address CVE-2022-27664, CVE-2022-32190 ([#7372](https://github.com/containerd/containerd/pull/7372)) * vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c ([#7373](https://github.com/containerd/containerd/pull/7373)) * Remove unused variable from images action ([#7371](https://github.com/containerd/containerd/pull/7371)) * feature: use client default namespace ([#7291](https://github.com/containerd/containerd/pull/7291)) * integration: TestUpdateContainerResources_MemoryLimit: remove TODO comment ([#7367](https://github.com/containerd/containerd/pull/7367)) * feature: upgrade registry.k8s.io/pause version ([#7359](https://github.com/containerd/containerd/pull/7359)) * metrics/cgroups/v1: Remove unused event parameter ([#7361](https://github.com/containerd/containerd/pull/7361)) * .zuul: remove the zuul because it is offline ([#7369](https://github.com/containerd/containerd/pull/7369)) * Update golangci-lint timeout to match config ([#7356](https://github.com/containerd/containerd/pull/7356)) * delete redundent import alias and and type conversion ([#7345](https://github.com/containerd/containerd/pull/7345)) * Make checkContainerTimestamps less strict on Windows ([#7350](https://github.com/containerd/containerd/pull/7350)) * Make oss-fuzz mandatory ([#7346](https://github.com/containerd/containerd/pull/7346)) * Add kubernetes v1.25 supported version as v1.24 ([#7326](https://github.com/containerd/containerd/pull/7326)) * sys: move ForceRemoveAll to integration/client ([#7335](https://github.com/containerd/containerd/pull/7335)) * chore: remove duplicate word in comments ([#7338](https://github.com/containerd/containerd/pull/7338)) * Use ioctl helpers from x/sys/unix ([#7342](https://github.com/containerd/containerd/pull/7342)) * archive: replace tarName() with filepath.ToSlash() ([#7344](https://github.com/containerd/containerd/pull/7344)) * mount: remove unused ErrNotImplementOnWindows ([#7339](https://github.com/containerd/containerd/pull/7339)) * replace sys Sequential funcs with moby/sys/sequential ([#7334](https://github.com/containerd/containerd/pull/7334)) * Clarify containerd 1.5.0+ for k8s 1.20,1.21 ([#7324](https://github.com/containerd/containerd/pull/7324)) * update runc binary to v1.1.4 ([#7315](https://github.com/containerd/containerd/pull/7315)) * Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9 ([#7325](https://github.com/containerd/containerd/pull/7325)) * Update k8s.io/cri-api to v0.25.0 ([#7287](https://github.com/containerd/containerd/pull/7287)) * script/setup: handle cnidir with SUDO ([#7322](https://github.com/containerd/containerd/pull/7322)) * ContainerStatus to return container resources ([#6517](https://github.com/containerd/containerd/pull/6517)) * migrate from k8s.gcr.io to registry.k8s.io ([#7038](https://github.com/containerd/containerd/pull/7038)) * Do not rename test files on-the-fly to share functions ([#7309](https://github.com/containerd/containerd/pull/7309)) * ctr import: strictly match platform ([#6906](https://github.com/containerd/containerd/pull/6906)) * Revert "Downgrade MinGW to version 10.2.0" ([#7308](https://github.com/containerd/containerd/pull/7308)) * Follow up #7254 (Switch to Go 1.19) ([#7286](https://github.com/containerd/containerd/pull/7286)) * Upgrade containerd/cgroups to remove github.com/cilium/ebpf's fuzzer ([#7304](https://github.com/containerd/containerd/pull/7304)) * Adding support of CAP_BPF and CAP_PERFMON ([#7301](https://github.com/containerd/containerd/pull/7301)) * go.mod: Bump hcsshim to v0.10.0-rc.1 ([#7284](https://github.com/containerd/containerd/pull/7284)) * Don't fail test when GOOGLE_APPLICATION_CREDENTIALS is unset ([#7306](https://github.com/containerd/containerd/pull/7306)) * ci: remove GOPROXY environment variable due to https://github.com/go-yaml/yaml/issues/887 ([#7293](https://github.com/containerd/containerd/pull/7293)) * Runtime cleanup (Shim manager and task service) ([#7280](https://github.com/containerd/containerd/pull/7280)) * containerd-stress: add support for running through CRI ([#6931](https://github.com/containerd/containerd/pull/6931)) * Switch to Go 1.19 ([#7254](https://github.com/containerd/containerd/pull/7254)) * Vagrantfile: dump containerd log after critest ([#7265](https://github.com/containerd/containerd/pull/7265)) * oci: skip checking group id for WithAppendAdditionalGroups ([#7257](https://github.com/containerd/containerd/pull/7257)) * release workflow: increase timeout to 30 minutes & remove Go setup action ([#7259](https://github.com/containerd/containerd/pull/7259)) * release: rollback Ubuntu to 18.04 (except for riscv64) ([#7258](https://github.com/containerd/containerd/pull/7258)) * Initial sandbox API CRI integration (implement Controller.Start) ([#7228](https://github.com/containerd/containerd/pull/7228)) * Use environment variable to specify Go version on CI ([#7251](https://github.com/containerd/containerd/pull/7251)) * Update golang to 1.18.5, 1.17.13 ([#7243](https://github.com/containerd/containerd/pull/7243)) * Change os.Stderr reassign for Windows service ([#7023](https://github.com/containerd/containerd/pull/7023)) * script/setup: fix protobuf for aarch64 ([#7237](https://github.com/containerd/containerd/pull/7237)) * Fix cleanup in critest ([#7232](https://github.com/containerd/containerd/pull/7232)) * fix: support simultaneous create diff for same parent snapshot ([#7204](https://github.com/containerd/containerd/pull/7204)) * Windows HostProcess container CRI stats test ([#7223](https://github.com/containerd/containerd/pull/7223)) * Regenerate protos with updated protoc-gen-go ([#7226](https://github.com/containerd/containerd/pull/7226)) * test: error strings should not be capitalized ([#7195](https://github.com/containerd/containerd/pull/7195)) * Add extra context to error when push unauthorized ([#7220](https://github.com/containerd/containerd/pull/7220)) * replace with selinux label ([#7207](https://github.com/containerd/containerd/pull/7207)) * Use `httputil.DumpRequestOut` for dumping client req ([#7221](https://github.com/containerd/containerd/pull/7221)) * Fix CRI image pull timeout test for ppc64le ([#7215](https://github.com/containerd/containerd/pull/7215)) * test: introduce failpoint control to runc-shimv2 and cni ([#7069](https://github.com/containerd/containerd/pull/7069)) * chore: bump macos runner version ([#7206](https://github.com/containerd/containerd/pull/7206)) * Use image lists form integration/client tests ([#7210](https://github.com/containerd/containerd/pull/7210)) * go.mod: Bump hcsshim to v0.9.4 ([#7212](https://github.com/containerd/containerd/pull/7212)) * Drop deprecated `ioutil` ([#7203](https://github.com/containerd/containerd/pull/7203)) * Make getServicesOpts a helper ([#7201](https://github.com/containerd/containerd/pull/7201)) * adds an env var commented out for sandboxed mode ([#7183](https://github.com/containerd/containerd/pull/7183)) * cri_stats: handle missing cpu stats ([#7198](https://github.com/containerd/containerd/pull/7198)) * using ContextDialer instead ([#7189](https://github.com/containerd/containerd/pull/7189)) * test: Add ability to switch between cgroupv1 or cgroupv2 for node e2e ([#7173](https://github.com/containerd/containerd/pull/7173)) * code cleanup ([#7182](https://github.com/containerd/containerd/pull/7182)) * Update k8s.io/cri-api to v0.25.0-alpha2 ([#7114](https://github.com/containerd/containerd/pull/7114)) * Refactor usageNanoCores be to used for all OSes ([#7186](https://github.com/containerd/containerd/pull/7186)) * adds support for using env file for systemd boot ([#7191](https://github.com/containerd/containerd/pull/7191)) * go.mod: github.com/stretchr/testify v1.8.0 ([#7185](https://github.com/containerd/containerd/pull/7185)) * ctr: support --user for run/create ([#7145](https://github.com/containerd/containerd/pull/7145)) * docs: Fix sample config.toml syntax ([#7174](https://github.com/containerd/containerd/pull/7174)) * seccomp: seccomp: add syscalls related to PKU in default policy ([#7163](https://github.com/containerd/containerd/pull/7163)) * Update and align golangci-lint version ([#7168](https://github.com/containerd/containerd/pull/7168)) * adds a comment explaining how to disable experimental sbserver ([#7169](https://github.com/containerd/containerd/pull/7169)) * ci: workaround Cirrus CI's INVALID_ARGUMENT ([#7177](https://github.com/containerd/containerd/pull/7177)) * Update install-protobuf script to install protobuf on Darwin ([#7153](https://github.com/containerd/containerd/pull/7153)) * Fork CRI server for Sandbox API integration work ([#7164](https://github.com/containerd/containerd/pull/7164)) * seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE ([#7167](https://github.com/containerd/containerd/pull/7167)) * cri doc: fix formatting for CDI options ([#7158](https://github.com/containerd/containerd/pull/7158)) * update golang to 1.18.4, 1.17.12 ([#7159](https://github.com/containerd/containerd/pull/7159)) * Fix out of date comments for CRI store packages ([#7152](https://github.com/containerd/containerd/pull/7152)) * update some devmapper docs ([#7124](https://github.com/containerd/containerd/pull/7124)) * seccomp: allow clock_settime64 when CAP_SYS_TIME is added ([#7149](https://github.com/containerd/containerd/pull/7149)) * Copy fuzzers from github.com/cncf/cncf-fuzzing ([#7123](https://github.com/containerd/containerd/pull/7123)) * fix can't edit object by using ctr content edit command ([#6847](https://github.com/containerd/containerd/pull/6847)) * integration/client: fix typo in export_test.go ([#7130](https://github.com/containerd/containerd/pull/7130)) * Fix WWW-Authenticate parsing ([#7126](https://github.com/containerd/containerd/pull/7126)) * LCOW differ return ErrNotImplemented for wrong mount type ([#7112](https://github.com/containerd/containerd/pull/7112)) * Update go-restful/v3 to latest release ([#7117](https://github.com/containerd/containerd/pull/7117)) * pkg/cri: use marshal wrapper for version convertor ([#7108](https://github.com/containerd/containerd/pull/7108)) * Remove hacks around contrib/fuzz ([#7087](https://github.com/containerd/containerd/pull/7087)) * Fix missing closed HTTP Body ([#7107](https://github.com/containerd/containerd/pull/7107)) * Cleanup metadata tests ([#7105](https://github.com/containerd/containerd/pull/7105)) * Downgrade MinGW to version 10.2.0 ([#7106](https://github.com/containerd/containerd/pull/7106)) * ctr: Fix `ctr c create` fails to parse arguments ([#7098](https://github.com/containerd/containerd/pull/7098)) * Fix Documentation Issue ([#7103](https://github.com/containerd/containerd/pull/7103)) * refactor: reduce duplicate code ([#7100](https://github.com/containerd/containerd/pull/7100)) * make xattr EPERM non-fatal in createTarFile ([#7094](https://github.com/containerd/containerd/pull/7094)) * Move metadata plugin registration to seperate package ([#7096](https://github.com/containerd/containerd/pull/7096)) * fix: missing sudo for devmapper doc ([#7092](https://github.com/containerd/containerd/pull/7092)) * Ensure Windows Periodic workflow errors out while still uploading results. ([#7085](https://github.com/containerd/containerd/pull/7085)) * Add snapshotter key to snapshot events ([#7084](https://github.com/containerd/containerd/pull/7084)) * add WithAdditionalGIDs test ([#7072](https://github.com/containerd/containerd/pull/7072)) * Forward ctr snapshotter flags on Windows ([#7086](https://github.com/containerd/containerd/pull/7086)) * add WithAppendAdditionalGroups helper ([#7070](https://github.com/containerd/containerd/pull/7070)) * Make CI Fuzz less noisy ([#7065](https://github.com/containerd/containerd/pull/7065)) * ctr: add --hostname flag to create, run ([#7082](https://github.com/containerd/containerd/pull/7082)) * improve content-flow ([#7077](https://github.com/containerd/containerd/pull/7077)) * Make CI Fuzz optional ([#7067](https://github.com/containerd/containerd/pull/7067)) * Use Go 1.18's testing.F on simple fuzzers ([#7056](https://github.com/containerd/containerd/pull/7056)) * Downgrade MinGW in Windows setup scripts. ([#7062](https://github.com/containerd/containerd/pull/7062)) * Make test path a constant ([#7057](https://github.com/containerd/containerd/pull/7057)) * Run fuzzers in CI ([#7052](https://github.com/containerd/containerd/pull/7052)) * CRI: Improve the /dev/shm mount options in Sandbox. ([#6913](https://github.com/containerd/containerd/pull/6913)) * fix:userattr-unmount unexpected timeout ([#7008](https://github.com/containerd/containerd/pull/7008)) * Port (some) unit tests to FreeBSD ([#7042](https://github.com/containerd/containerd/pull/7042)) * Bump Golang and MinGW versions in Windows setup script. ([#6888](https://github.com/containerd/containerd/pull/6888)) * Windows snapshotter touch ups and new functionality ([#6918](https://github.com/containerd/containerd/pull/6918)) * Improve naming consistencies in comments in snapshotter.go ([#7032](https://github.com/containerd/containerd/pull/7032)) * Make building static binaries simpler ([#7022](https://github.com/containerd/containerd/pull/7022)) * Allow CRI on Darwin ([#7033](https://github.com/containerd/containerd/pull/7033)) * update runc binary to v1.1.3 ([#7034](https://github.com/containerd/containerd/pull/7034)) * Linux containers on FreeBSD ([#7000](https://github.com/containerd/containerd/pull/7000)) * go.mod: github.com/moby/sys/mountinfo v0.6.2 ([#7026](https://github.com/containerd/containerd/pull/7026)) * fix minor spelling mistake: lablel -> label ([#7031](https://github.com/containerd/containerd/pull/7031)) * go.mod: github.com/containerd/cgroups v1.0.4 ([#7027](https://github.com/containerd/containerd/pull/7027)) * go.mod: github.com/containerd/continuity v0.3.0 ([#7028](https://github.com/containerd/containerd/pull/7028)) * Correct spelling mistake ("sanbdox" to "sandbox") ([#7029](https://github.com/containerd/containerd/pull/7029)) * Github Security Advisory [GHSA-5ffw-gxpp-mxpf](https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf) * Bump grpc to v1.47.0 ([#7018](https://github.com/containerd/containerd/pull/7018)) * Bump k8s.io deps to v0.24.1 ([#7017](https://github.com/containerd/containerd/pull/7017)) * Support runtime level snapshotter for issue 6657 ([#6899](https://github.com/containerd/containerd/pull/6899)) * update golang to 1.18.3, 1.17.11 ([#7012](https://github.com/containerd/containerd/pull/7012)) * Fix containerd-stress duration flag ([#7004](https://github.com/containerd/containerd/pull/7004)) * update go-cni/for cni update fixing plugins that don't respond with version ([#7009](https://github.com/containerd/containerd/pull/7009)) * Add validations for Windows HostProcess CRI configs ([#6996](https://github.com/containerd/containerd/pull/6996)) * Move docker reference logic to reference/docker package ([#7007](https://github.com/containerd/containerd/pull/7007)) * promote pause image to 3.7 (sync with kube v1.24) ([#7003](https://github.com/containerd/containerd/pull/7003)) * Makefile: use urfave_cli_no_docs for binaries that don't need it ([#6998](https://github.com/containerd/containerd/pull/6998)) * CRI: cleanup cri/store package ([#6993](https://github.com/containerd/containerd/pull/6993)) * Use t.Run for /pkg/cri tests ([#7001](https://github.com/containerd/containerd/pull/7001)) * vendor: github.com/urfave/cli v1.22.9 and fix "verify-vendor" script ([#6997](https://github.com/containerd/containerd/pull/6997)) * sandbox: replace github.com/pkg/errors with native errors ([#6937](https://github.com/containerd/containerd/pull/6937)) * build: Fix references to check-protos target in Makefile ([#6983](https://github.com/containerd/containerd/pull/6983)) * ctr: fix label args used in NewContainer ([#6954](https://github.com/containerd/containerd/pull/6954)) * ctr sandbox: handle sandbox config ([#6959](https://github.com/containerd/containerd/pull/6959)) * Fix broken oss-fuzz build ([#6975](https://github.com/containerd/containerd/pull/6975)) * archive: add human-readable hint to Lchown error ([#6982](https://github.com/containerd/containerd/pull/6982)) * Fix tx closed error when upperdirlabel specified ([#6978](https://github.com/containerd/containerd/pull/6978)) * config: improve config v1 deprecation message ([#6972](https://github.com/containerd/containerd/pull/6972)) * Fix Windows install powershell script ([#6969](https://github.com/containerd/containerd/pull/6969)) * fix comments on metadata schema and update namespace doc ([#6955](https://github.com/containerd/containerd/pull/6955)) * adjust format in comment ([#6956](https://github.com/containerd/containerd/pull/6956)) * Restore decompression benchmarks ([#6957](https://github.com/containerd/containerd/pull/6957)) * cmd/ctr/commands/content: fix typo in fetch command usage ([#6960](https://github.com/containerd/containerd/pull/6960)) * fix some confusing typos ([#6950](https://github.com/containerd/containerd/pull/6950)) * update doc url about k8s ([#6952](https://github.com/containerd/containerd/pull/6952)) * Separate windows-2019 and windows-2022 test results ([#6946](https://github.com/containerd/containerd/pull/6946)) * shim: fix debug flag not working ([#6910](https://github.com/containerd/containerd/pull/6910)) * Reverts removal of parallel run from critest ([#6938](https://github.com/containerd/containerd/pull/6938)) * Bump OpenTelemetry dependencies ([#6932](https://github.com/containerd/containerd/pull/6932)) * update runc binary and vendor to v1.1.2 ([#6934](https://github.com/containerd/containerd/pull/6934)) * oci: WithDefaultUnixDevices(): remove tun/tap from the default devices ([#6923](https://github.com/containerd/containerd/pull/6923)) * update golang to 1.18.2, 1.17.10 ([#6926](https://github.com/containerd/containerd/pull/6926)) * CI: update Fedora to 36 ([#6925](https://github.com/containerd/containerd/pull/6925)) * Add `Wait` to `binaryProcessor` ([#6916](https://github.com/containerd/containerd/pull/6916)) * go.mod: Bump k8s deps to v0.24.0 ([#6905](https://github.com/containerd/containerd/pull/6905)) * (Vagrant CI) Enable git commands due to git CVE fix ([#6915](https://github.com/containerd/containerd/pull/6915)) * Pass explicit JUnit outfile to critest.exe in Windows workflow. ([#6912](https://github.com/containerd/containerd/pull/6912)) * Update critools to v1.24 ([#6894](https://github.com/containerd/containerd/pull/6894)) * devmapper docs: small fixes ([#6904](https://github.com/containerd/containerd/pull/6904)) * move report dir option to end of line for vagrant cri tests ([#6900](https://github.com/containerd/containerd/pull/6900)) * Update Kubernetes version matrix in release docs ([#6892](https://github.com/containerd/containerd/pull/6892)) * Share container images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy ([#6889](https://github.com/containerd/containerd/pull/6889)) * containerd 1.6.4 k8s 1.24 readme announce ([#6890](https://github.com/containerd/containerd/pull/6890)) * Cleanup leaked shim process ([#6866](https://github.com/containerd/containerd/pull/6866)) * Add collectible resources to metadata gc ([#6804](https://github.com/containerd/containerd/pull/6804)) * Update k8 docurl in file ([#6881](https://github.com/containerd/containerd/pull/6881)) * Support RISC-V 64 ([#6882](https://github.com/containerd/containerd/pull/6882)) * docs: minor fixes in snapshots.Snapshotter comments ([#6885](https://github.com/containerd/containerd/pull/6885)) * Officially deprecate Schema 1 ([#6884](https://github.com/containerd/containerd/pull/6884)) * Make Cirrus CI tests more stable ([#6880](https://github.com/containerd/containerd/pull/6880)) * docs: Adding windows installation steps to getting-started.md ([#6875](https://github.com/containerd/containerd/pull/6875)) * Add ctr support for CPUMax and CPUShares ([#6809](https://github.com/containerd/containerd/pull/6809)) * Support for cgroups blockio ([#5490](https://github.com/containerd/containerd/pull/5490)) * Fix comment for metadata/db.go ([#6871](https://github.com/containerd/containerd/pull/6871)) * Remove github.com/gogo/protobuf and github.com/golang/protobuf from containerd's direct dependencies ([#6867](https://github.com/containerd/containerd/pull/6867)) * Update go-cni to v1.1.5 ([#6868](https://github.com/containerd/containerd/pull/6868)) * Bump opencontainers/selinux from 1.10.0 to 1.10.1 ([#6865](https://github.com/containerd/containerd/pull/6865)) * Upgrade google.golang.org/grpc and google.golang.org/protobuf ([#6864](https://github.com/containerd/containerd/pull/6864)) * Don't use "uname -a" as Cirrus CI's cache key ([#6863](https://github.com/containerd/containerd/pull/6863)) * remove duplicate ([#6856](https://github.com/containerd/containerd/pull/6856)) * Create ppc64le release ([#6858](https://github.com/containerd/containerd/pull/6858)) * Move Vagrant-based tests from GitHub Actions to Cirrus CI ([#6854](https://github.com/containerd/containerd/pull/6854)) * feature: support image pull progress timeout ([#6150](https://github.com/containerd/containerd/pull/6150)) * Add unpack interface to be used by client ([#6749](https://github.com/containerd/containerd/pull/6749)) * Fix undefined error in use of errors package ([#6855](https://github.com/containerd/containerd/pull/6855)) * Migrate off from github.com/gogo/protobuf ([#6841](https://github.com/containerd/containerd/pull/6841)) * images/image.go: typo ([#6851](https://github.com/containerd/containerd/pull/6851)) * Add flag to allow oci.WithAllDevicesAllowed on PrivilegedWithoutHostDevices ([#5686](https://github.com/containerd/containerd/pull/5686)) * integration: Adds Windows equivalent for TestSandboxRemoveWithoutIPLeakage ([#6180](https://github.com/containerd/containerd/pull/6180)) * fix incorrect syntax in comments ([#6845](https://github.com/containerd/containerd/pull/6845)) * cri: close fifos when container is deleted ([#6842](https://github.com/containerd/containerd/pull/6842)) * diff: hide types.Any from clients ([#6832](https://github.com/containerd/containerd/pull/6832)) * Add Container-Optimized OS into Adopters ([#6838](https://github.com/containerd/containerd/pull/6838)) * Prepare for google.golang.org/protobuf ([#6835](https://github.com/containerd/containerd/pull/6835)) * fix the restart desired to running when task not found ([#6833](https://github.com/containerd/containerd/pull/6833)) * Remove all gogoproto extensions ([#6829](https://github.com/containerd/containerd/pull/6829)) * fix nil pointer panic for monitor ([#6830](https://github.com/containerd/containerd/pull/6830)) * remotes/docker: log registry URLs as info instead of debug ([#5681](https://github.com/containerd/containerd/pull/5681)) * Rename runtime/v2/task to api/runtime ([#6827](https://github.com/containerd/containerd/pull/6827)) * Fix protoc-gen-go-fieldpath ([#6828](https://github.com/containerd/containerd/pull/6828)) * Consolidate gogo/protobuf dependencies under our own protobuf package ([#6826](https://github.com/containerd/containerd/pull/6826)) * Add restart policy for enhanced restart manager ([#6744](https://github.com/containerd/containerd/pull/6744)) * Remove gogoproto.stdtime ([#6821](https://github.com/containerd/containerd/pull/6821)) * Set timeout when collecting metrics from shim's Stat ([#6781](https://github.com/containerd/containerd/pull/6781)) * Fuzz filter package with Go 1.18's fuzzer ([#6819](https://github.com/containerd/containerd/pull/6819)) * allow ptrace(2) by default for kernel >= 4.8 ([#6810](https://github.com/containerd/containerd/pull/6810)) * Build bin/gen-manpages instead of using "go run" ([#6820](https://github.com/containerd/containerd/pull/6820)) * update golang to 1.18.1, 1.17.9 ([#6822](https://github.com/containerd/containerd/pull/6822)) * Sandbox API ([#6703](https://github.com/containerd/containerd/pull/6703)) * Move lease manager plugin to separate package ([#6811](https://github.com/containerd/containerd/pull/6811)) * fix pool_device_test ([#6807](https://github.com/containerd/containerd/pull/6807)) * check for duplicate nspath possibilities ([#6806](https://github.com/containerd/containerd/pull/6806)) * Do not append []string{""} to command to preserve Docker compatibility ([#6805](https://github.com/containerd/containerd/pull/6805)) * tracing: fix panic on startup when configured ([#6789](https://github.com/containerd/containerd/pull/6789)) * Optimize loading performance for cri recover ([#6680](https://github.com/containerd/containerd/pull/6680)) * Change architecture path in README.md ([#6798](https://github.com/containerd/containerd/pull/6798)) * make consistent for checkpoint path ([#6792](https://github.com/containerd/containerd/pull/6792)) * metrics/cgroups: fix deadlock issue in Add during Collect ([#6788](https://github.com/containerd/containerd/pull/6788)) * ADOPTERS: Update AKS Info ([#6794](https://github.com/containerd/containerd/pull/6794)) * Pin upload-cloud-storage action to 0.8.0 in Windows workflow. ([#6790](https://github.com/containerd/containerd/pull/6790)) * docs: add Deckhouse to the list of adopters ([#6785](https://github.com/containerd/containerd/pull/6785)) * Add `docs/snapshotters`; simplify `docs/cri` ([#6778](https://github.com/containerd/containerd/pull/6778)) * Turn paths from cmdline into absolute paths ([#6672](https://github.com/containerd/containerd/pull/6672)) * CRI: add support for CDI device injection ([#6654](https://github.com/containerd/containerd/pull/6654)) * Disable writing freelist to make the file robust against data corruptions ([#6761](https://github.com/containerd/containerd/pull/6761)) * mv design docs/historical/design ([#6777](https://github.com/containerd/containerd/pull/6777)) * CRI: improve image pulling performance ([#6702](https://github.com/containerd/containerd/pull/6702)) * docs: remove runtime v1; migrate config v1 to v2 ([#6776](https://github.com/containerd/containerd/pull/6776)) * Skip flaky test on Windows ([#6779](https://github.com/containerd/containerd/pull/6779)) * docs/getting-started.md: typo ([#6775](https://github.com/containerd/containerd/pull/6775)) * Add no_tracing tag ([#6750](https://github.com/containerd/containerd/pull/6750)) * Move historical docs to `docs/historical` ([#6754](https://github.com/containerd/containerd/pull/6754)) * Run go mod tidy in integration tests ([#6768](https://github.com/containerd/containerd/pull/6768)) * go.mod: move indirects, and update integration go.mod to 1.18 ([#6765](https://github.com/containerd/containerd/pull/6765)) * Drop gotest.tools ([#6762](https://github.com/containerd/containerd/pull/6762)) * Use t.Setenv instead of os.Setenv ([#6760](https://github.com/containerd/containerd/pull/6760)) * Upgrade to Go 1.18 ([#6709](https://github.com/containerd/containerd/pull/6709)) * Adding multi-arch support for the configure.sh script ([#6751](https://github.com/containerd/containerd/pull/6751)) * docs/getting-started.md: massive update ([#6758](https://github.com/containerd/containerd/pull/6758)) * Remove unmaintained contrib/linuxkit ([#6755](https://github.com/containerd/containerd/pull/6755)) * [Windows CI] Address some timeout issues ([#6757](https://github.com/containerd/containerd/pull/6757)) * BUILDING.md: update supported Go versions ([#6756](https://github.com/containerd/containerd/pull/6756)) * update runc to 1.1.1 ([#6753](https://github.com/containerd/containerd/pull/6753)) * CI: add Rocky Linux 8 ([#6747](https://github.com/containerd/containerd/pull/6747)) * CI: bump up crun to 1.4.4 ([#6748](https://github.com/containerd/containerd/pull/6748)) * added make help for cri integration ([#6743](https://github.com/containerd/containerd/pull/6743)) * Update README.md cncf landscape url ([#6740](https://github.com/containerd/containerd/pull/6740)) * Fix error message in TestNewBinaryIO ([#6738](https://github.com/containerd/containerd/pull/6738)) * Use typeurl.Any instead of github.com/gogo/protobuf/types.Any ([#6706](https://github.com/containerd/containerd/pull/6706)) * Use cgroups.AddProc() for cgroups v1 ([#5738](https://github.com/containerd/containerd/pull/5738)) * fix: ctr images mount with snapshotter option can't get snapshotter ([#6713](https://github.com/containerd/containerd/pull/6713)) * cgroup2: monitor OOMKill instead of OOM to prevent missing container events ([#6323](https://github.com/containerd/containerd/pull/6323)) * moving up to go-cni v1.1.4 ([#6721](https://github.com/containerd/containerd/pull/6721)) * native: fix deadlock from leaving transactions open ([#6722](https://github.com/containerd/containerd/pull/6722)) * go.mod: remove replace, and update github.com/gogo/googleapis v1.4.1 ([#5390](https://github.com/containerd/containerd/pull/5390)) * Github Security Advisory [GHSA-c9cp-9c75-9v8c](https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c) * runtime: deprecate runc --criu / -criu-path option ([#6496](https://github.com/containerd/containerd/pull/6496)) * Bug fix for mount path handling ([#6651](https://github.com/containerd/containerd/pull/6651)) * Upgrade containerd/imgcrypt and opencontainers/image-spec ([#6711](https://github.com/containerd/containerd/pull/6711)) * Remove enumvalue_customname, goproto_enum_prefix and enum_customname ([#6708](https://github.com/containerd/containerd/pull/6708)) * Remove gogoproto.customtype ([#6699](https://github.com/containerd/containerd/pull/6699)) * Skip tty critest testcase on Windows Server 2022 ([#6698](https://github.com/containerd/containerd/pull/6698)) * Build with Go 1.18 ([#6605](https://github.com/containerd/containerd/pull/6605)) * Update prometheus client vendor ([#6690](https://github.com/containerd/containerd/pull/6690)) * vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd ([#6687](https://github.com/containerd/containerd/pull/6687)) * Make the temp mount as ready only in container WithVolumes ([#6593](https://github.com/containerd/containerd/pull/6593)) * fix: `ctr run --cni` get failed ([#6670](https://github.com/containerd/containerd/pull/6670)) * test: use `T.TempDir` to create temporary test directory ([#6681](https://github.com/containerd/containerd/pull/6681)) * Make OpenLab's CI jobs blocking ([#6679](https://github.com/containerd/containerd/pull/6679)) * document log level and format ([#6683](https://github.com/containerd/containerd/pull/6683)) * Add shared content label to namespaces ([#6660](https://github.com/containerd/containerd/pull/6660)) * Add protoc-gen-go-fieldpath ([#6562](https://github.com/containerd/containerd/pull/6562)) * Enable gosec linter for golangci-lint ([#6669](https://github.com/containerd/containerd/pull/6669)) * Make mkfs.xfs available on OpenLab's CI environment ([#6668](https://github.com/containerd/containerd/pull/6668)) * ctr: improve error relative shim path error msg ([#6519](https://github.com/containerd/containerd/pull/6519)) * typo fixes under cmd. ([#6674](https://github.com/containerd/containerd/pull/6674)) * Handle CRI Device.HostPath on Windows ([#6618](https://github.com/containerd/containerd/pull/6618)) * Upgrade golangci-lint and its GitHub Action ([#6666](https://github.com/containerd/containerd/pull/6666)) * Don't build a second copy of containerd-shim-runhcs-v1.exe ([#6661](https://github.com/containerd/containerd/pull/6661)) * Update TestNormalize to only test Windows platform ([#6569](https://github.com/containerd/containerd/pull/6569)) * Fix link in getting-started.md ([#6663](https://github.com/containerd/containerd/pull/6663)) * Fuzzing: refactor metadata fuzzers ([#6423](https://github.com/containerd/containerd/pull/6423)) * Two xfs file systems with same UUID can not be mounted on the same sy… ([#6650](https://github.com/containerd/containerd/pull/6650)) * [Windows] Fix deadline exceeded in daemon restart ([#6635](https://github.com/containerd/containerd/pull/6635)) * Use temp file for export/import test ([#6658](https://github.com/containerd/containerd/pull/6658)) * strip path-info from `-v` (version) output, and implement -v flag for containerd-shim ([#6495](https://github.com/containerd/containerd/pull/6495)) * Improve unexpected response error handling in resolver ([#6617](https://github.com/containerd/containerd/pull/6617)) * Use the latest tag for azure images ([#6601](https://github.com/containerd/containerd/pull/6601)) * Run CRI integration tests in GitHub Actions (Windows) ([#6626](https://github.com/containerd/containerd/pull/6626)) * cri: fix integration test on cgroupsv2 system ([#6595](https://github.com/containerd/containerd/pull/6595)) * Use version 2 configuration format in docs/PLUGINS.md ([#6613](https://github.com/containerd/containerd/pull/6613)) * update to go 1.16.15, 1.17.8 to address CVE-2022-24921 ([#6619](https://github.com/containerd/containerd/pull/6619)) * Update status of 1.4 release ([#6614](https://github.com/containerd/containerd/pull/6614)) * Update TestContainerSymlinkVolumes to use windows path ([#6568](https://github.com/containerd/containerd/pull/6568)) * Add --user support for ctr run Windows ([#6603](https://github.com/containerd/containerd/pull/6603)) * Update releases ([#6608](https://github.com/containerd/containerd/pull/6608)) * Github Security Advisory [GHSA-crp2-qrr5-8pq7](https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7) * Adds support for Windows ArgsEscaped images ([#6479](https://github.com/containerd/containerd/pull/6479)) * Do not use weak import ([#6558](https://github.com/containerd/containerd/pull/6558)) * cri: relax test for system without hugetlb ([#6596](https://github.com/containerd/containerd/pull/6596)) * Use containerd/protobuild instead of stevvooe/protobuild ([#6578](https://github.com/containerd/containerd/pull/6578)) * integration: remove duplicated util pkg ([#6597](https://github.com/containerd/containerd/pull/6597)) * go.mod: update to github.com/tchap/go-patricia/v2 v2.3.1 ([#6591](https://github.com/containerd/containerd/pull/6591)) * Update Go version recommendation in getting started ([#6585](https://github.com/containerd/containerd/pull/6585)) * go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3 ([#6337](https://github.com/containerd/containerd/pull/6337)) * fix Implicit memory aliasing in for loop ([#6331](https://github.com/containerd/containerd/pull/6331)) * Fix build with gccgo ([#6579](https://github.com/containerd/containerd/pull/6579)) * Replace golang.org/x/net/context with std library ([#6580](https://github.com/containerd/containerd/pull/6580)) * containerd-shim-runc-v1: return init pid when clean dead shim ([#6571](https://github.com/containerd/containerd/pull/6571)) * Use Windows matcher when on Windows platform in all code paths ([#6491](https://github.com/containerd/containerd/pull/6491)) * containerd-shim-runc-v2: return init pid when clean dead shim ([#6452](https://github.com/containerd/containerd/pull/6452)) * [Windows][Integration] Enable TestRestartMonitor ([#6515](https://github.com/containerd/containerd/pull/6515)) * go.mod: fsnotify v1.5.1, moby/sys/mountinfo v0.6.0, moby/sys/signal v0.7.0 ([#6554](https://github.com/containerd/containerd/pull/6554)) </p> </details> ### Changes from containerd/cgroups <details><summary>49 commits</summary> <p> * Upgrade GitHub actions CI workflow ([#249](https://github.com/containerd/cgroups/pull/249)) * Upgrade Go compiler to 1.19 ([#248](https://github.com/containerd/cgroups/pull/248)) * Don't use ioutil ([#246](https://github.com/containerd/cgroups/pull/246)) * Check that cgroup is empty before deleting ([#228](https://github.com/containerd/cgroups/pull/228)) * Support cgroup.AddThread in cgroupv2 manager ([#243](https://github.com/containerd/cgroups/pull/243)) * Support to handle more than 4 fields in cpuacct.stat ([#231](https://github.com/containerd/cgroups/pull/231)) * typo shoulld -> should ([#236](https://github.com/containerd/cgroups/pull/236)) * Upgrade github.com/cilium/ebpf from v0.4.0 to v0.9.1 ([#241](https://github.com/containerd/cgroups/pull/241)) * go.mod: github.com/stretchr/testify v1.8.0 ([#240](https://github.com/containerd/cgroups/pull/240)) * .github: use ubuntu-22.04 to test cgroupv2 ([#237](https://github.com/containerd/cgroups/pull/237)) * feat(v2): Support cgroup.MoveTo in cgroupv2 manager ([#235](https://github.com/containerd/cgroups/pull/235)) * Update README to include usage examples of v2 client ([#233](https://github.com/containerd/cgroups/pull/233)) * ParseCgroupFile: fix wrong comment about unified hierarchy ; add ParseCgroupFileUnified to get the unified path ([#232](https://github.com/containerd/cgroups/pull/232)) * Bump go version to 1.17 in go.mod ([#230](https://github.com/containerd/cgroups/pull/230)) * make cmd/ a separate module (as it's only for testing) ([#226](https://github.com/containerd/cgroups/pull/226)) * feat(v2): add Update method for v2.Manager ([#225](https://github.com/containerd/cgroups/pull/225)) * feat: add memory.min param ([#211](https://github.com/containerd/cgroups/pull/211)) * modified the dereference null pointer value. ([#218](https://github.com/containerd/cgroups/pull/218)) * update readme for cpu cgroup demo ([#217](https://github.com/containerd/cgroups/pull/217)) * Fix systemd full path ([#221](https://github.com/containerd/cgroups/pull/221)) * Update Go version and fedora base ([#223](https://github.com/containerd/cgroups/pull/223)) * Fix panic in NewSystemd on nil values ([#219](https://github.com/containerd/cgroups/pull/219)) </p> </details> ### Changes from containerd/continuity <details><summary>28 commits</summary> <p> * go.mod: update dependencies (take 2) ([#204](https://github.com/containerd/continuity/pull/204)) * Revert "go.mod: update dependencies" ([#205](https://github.com/containerd/continuity/pull/205)) * Various small fix-ups ([#202](https://github.com/containerd/continuity/pull/202)) * update authors and mailmap ([#201](https://github.com/containerd/continuity/pull/201)) * move cmd/continuity to its own go module ([#200](https://github.com/containerd/continuity/pull/200)) * CI: resolve Go path before sudoing ; Remove deprecated io/ioutil (except ioutil.ReadDir) ([#198](https://github.com/containerd/continuity/pull/198)) * fs.CopyDir: support sockets and pipes ([#197](https://github.com/containerd/continuity/pull/197)) * Fix wrapping errors ([#196](https://github.com/containerd/continuity/pull/196)) </p> </details> ### Changes from containerd/fifo <details><summary>26 commits</summary> <p> * Update Go vers, x/sys vendor ([#51](https://github.com/containerd/fifo/pull/51)) * chore: cleanup old buildtags by `go fix` ([#49](https://github.com/containerd/fifo/pull/49)) * Return nil when openFifo returns nil ([#47](https://github.com/containerd/fifo/pull/47)) * Resolve golangci-lint-action package warnings ([#48](https://github.com/containerd/fifo/pull/48)) * Remove references to io/ioutil package ([#45](https://github.com/containerd/fifo/pull/45)) * Update GitHub actions CI workflow ([#46](https://github.com/containerd/fifo/pull/46)) * go.mod: github.com/stretchr/testify v1.8.0, golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8, go 1.18 ([#44](https://github.com/containerd/fifo/pull/44)) * fifo_test: Add 2 tests for closing after reading ([#42](https://github.com/containerd/fifo/pull/42)) * replace pkg/errors ([#41](https://github.com/containerd/fifo/pull/41)) * fifo.Close(): prevent possible panic if fifo is nil ([#32](https://github.com/containerd/fifo/pull/32)) * Update branch name in GitHub Actions ([#40](https://github.com/containerd/fifo/pull/40)) </p> </details> ### Changes from containerd/go-cni <details><summary>38 commits</summary> <p> * Add Go 1.20 support ([#111](https://github.com/containerd/go-cni/pull/111)) * opts: add cgroupPath capability ([#110](https://github.com/containerd/go-cni/pull/110)) * go.mod: github.com/containernetworking/cni v1.1.2 ([#109](https://github.com/containerd/go-cni/pull/109)) * Remove references to io/ioutil package ([#106](https://github.com/containerd/go-cni/pull/106)) * Update golangci/golangci-lint package ([#108](https://github.com/containerd/go-cni/pull/108)) * Update GitHub actions CI workflow ([#107](https://github.com/containerd/go-cni/pull/107)) * Add support for Windows default conf paths ([#103](https://github.com/containerd/go-cni/pull/103)) * go.mod: github.com/stretchr/testify v1.8.0 ([#104](https://github.com/containerd/go-cni/pull/104)) * go.mod: update libcni to v1.1.1 ([#101](https://github.com/containerd/go-cni/pull/101)) * add in some serial setup tests; a little make cleanup ([#100](https://github.com/containerd/go-cni/pull/100)) * Re-introduce serial network setup ([#99](https://github.com/containerd/go-cni/pull/99)) * bump github.com/containernetworking/cni v1.1.0 ([#98](https://github.com/containerd/go-cni/pull/98)) * Revert "Update loopback version to support check" ([#96](https://github.com/containerd/go-cni/pull/96)) * Use revive instead of golint ([#92](https://github.com/containerd/go-cni/pull/92)) * Bump go verion to 1.17 ([#91](https://github.com/containerd/go-cni/pull/91)) * moving up to latest CNI plugin release ([#90](https://github.com/containerd/go-cni/pull/90)) * Fix Loopback Version ([#88](https://github.com/containerd/go-cni/pull/88)) * Update comment for capabilities ([#89](https://github.com/containerd/go-cni/pull/89)) * Add integration test for linux and update go version from 1.16 to 1.17 ([#84](https://github.com/containerd/go-cni/pull/84)) </p> </details> ### Changes from containerd/imgcrypt <details><summary>49 commits</summary> <p> * CHANGES: Updated CHANGES document for 1.1.7 release ([#97](https://github.com/containerd/imgcrypt/pull/97)) * Update to ocicrypt 1.1.6 and add support for zstd type of compressed layers ([#96](https://github.com/containerd/imgcrypt/pull/96)) * build(deps): Update to containerd 1.6.8 ([#92](https://github.com/containerd/imgcrypt/pull/92)) * tests: Add -traditional to OpenSSL command line when OSSL v3 is used ([#90](https://github.com/containerd/imgcrypt/pull/90)) * chore: fix readme typo ([#87](https://github.com/containerd/imgcrypt/pull/87)) * Update to min golang 1.18 ([#88](https://github.com/containerd/imgcrypt/pull/88)) * CHANGES: Updated CHANGES document for 1.1.6 release ([#85](https://github.com/containerd/imgcrypt/pull/85)) * build(deps): bump github.com/containerd/containerd from 1.6.1 to 1.6.6 ([#83](https://github.com/containerd/imgcrypt/pull/83)) * CI: Upgrade to golangci-lint v1.46.2 ([#84](https://github.com/containerd/imgcrypt/pull/84)) * CICD: Rename master branch to main ([#79](https://github.com/containerd/imgcrypt/pull/79)) * Rename any to pbAny ([#78](https://github.com/containerd/imgcrypt/pull/78)) * Use reflect to support diff.ApplyConfig with/without gogo's types.Any ([#75](https://github.com/containerd/imgcrypt/pull/75)) * Upgrade golangci-lint-action and golangci-lint ([#76](https://github.com/containerd/imgcrypt/pull/76)) * CHANGES: Updated CHANGES document for 1.1.4 release ([#74](https://github.com/containerd/imgcrypt/pull/74)) * Bump github.com/containerd/containerd from 1.5.10 to 1.6.1 ([#73](https://github.com/containerd/imgcrypt/pull/73)) * images: prepare for typeurl.Any ([#72](https://github.com/containerd/imgcrypt/pull/72)) * Bump ocicrypt to 1.1.3 ([#71](https://github.com/containerd/imgcrypt/pull/71)) * Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 ([#67](https://github.com/containerd/imgcrypt/pull/67)) </p> </details> ### Changes from containerd/nri <details><summary>56 commits</summary> <p> * Add Go 1.20 support to CI ([#30](https://github.com/containerd/nri/pull/30)) * Add CodeQL Security scan workflow ([#31](https://github.com/containerd/nri/pull/31)) * fixes: sort final adjusted mount slice. ([#29](https://github.com/containerd/nri/pull/29)) * fixes: fix resource adjustment to properly ignore unset/unadjusted fields. ([#28](https://github.com/containerd/nri/pull/28)) * adaptation: fix mount and device adjustment. ([#27](https://github.com/containerd/nri/pull/27)) * Make plugin timeouts configurable, adjust default socket path. ([#26](https://github.com/containerd/nri/pull/26)) * pkg/adaptation: eliminate configuration file. ([#24](https://github.com/containerd/nri/pull/24)) * stub: fix a potential plugin crash. ([#25](https://github.com/containerd/nri/pull/25)) * adaptation: fix a panic for unsolicited updates. ([#23](https://github.com/containerd/nri/pull/23)) * pkg/adaptaton: log errors with %v not %w. ([#22](https://github.com/containerd/nri/pull/22)) * chore: cleanup old buildtags by `go fix` ([#21](https://github.com/containerd/nri/pull/21)) * add back project info ([#20](https://github.com/containerd/nri/pull/20)) * Extend scope to enable common pluggable runtime extensions. ([#16](https://github.com/containerd/nri/pull/16)) * Update GitHub actions CI workflow ([#19](https://github.com/containerd/nri/pull/19)) * replace pkg/errors ([#17](https://github.com/containerd/nri/pull/17)) * Update the examples in README.md ([#15](https://github.com/containerd/nri/pull/15)) * Rename branch from master to main ([#12](https://github.com/containerd/nri/pull/12)) * Update to containerd 1.5.1 ([#11](https://github.com/containerd/nri/pull/11)) </p> </details> ### Changes from containerd/ttrpc <details><summary>62 commits</summary> <p> * Rework deadline assertion logging to be more clear ([#132](https://github.com/containerd/ttrpc/pull/132)) * Fix server shutdown logic ([#130](https://github.com/containerd/ttrpc/pull/130)) * Bump golang.org/x/sys from 0.0.0-20210124154548-22da62e12c0c to 0.1.0 ([#133](https://github.com/containerd/ttrpc/pull/133)) * Make checkServerShutdown verbose ([#128](https://github.com/containerd/ttrpc/pull/128)) * server: Fix connection issues when receiving ECONNRESET ([#123](https://github.com/containerd/ttrpc/pull/123)) * README: protobuild is in containerd org now ([#125](https://github.com/containerd/ttrpc/pull/125)) * stream: fix the map of streams leak ([#120](https://github.com/containerd/ttrpc/pull/120)) * Regenerated pb.go files to fix mismatches ([#122](https://github.com/containerd/ttrpc/pull/122)) * build: Fix references to check-protos target in Makefile ([#118](https://github.com/containerd/ttrpc/pull/118)) * Add service prefix option to generator ([#116](https://github.com/containerd/ttrpc/pull/116)) * doc: ttrpc supports stream ([#121](https://github.com/containerd/ttrpc/pull/121)) * *: remove codecov ([#114](https://github.com/containerd/ttrpc/pull/114)) * Only generate a Go file if the file has some services ([#112](https://github.com/containerd/ttrpc/pull/112)) * *.go: organize errors to one spot ([#113](https://github.com/containerd/ttrpc/pull/113)) * PROTOCOL: slight markdown touchup ([#111](https://github.com/containerd/ttrpc/pull/111)) * Introduce streaming ([#107](https://github.com/containerd/ttrpc/pull/107)) * Update checkout and lint actions ([#109](https://github.com/containerd/ttrpc/pull/109)) * Add Makefile and update protobuf ([#106](https://github.com/containerd/ttrpc/pull/106)) * Add ttrpc protocol definition ([#102](https://github.com/containerd/ttrpc/pull/102)) * Enable Codecov again ([#105](https://github.com/containerd/ttrpc/pull/105)) * Use CR+LF instead of LF regardless of OS ([#103](https://github.com/containerd/ttrpc/pull/103)) * Log the error's underyling errno if there is ([#104](https://github.com/containerd/ttrpc/pull/104)) * Use google.golang.org/protobuf instead of github.com/gogo/protobuf ([#99](https://github.com/containerd/ttrpc/pull/99)) * Wrap correct error on unix.GetsockoptUcred failure ([#100](https://github.com/containerd/ttrpc/pull/100)) * Update CI project checks to use containerd project action ([#101](https://github.com/containerd/ttrpc/pull/101)) </p> </details> ### Dependency Changes * **github.com/AdaLogics/go-fuzz-headers** 6c3934b029d8 -> 1f10f66a31bf * **github.com/AdamKorcz/go-118-fuzz-build** 5330a85ea652 **_new_** * **github.com/Microsoft/go-winio** v0.5.1 -> v0.6.0 * **github.com/Microsoft/hcsshim** v0.9.2 -> v0.10.0-rc.7 * **github.com/blang/semver/v4** v4.0.0 **_new_** * **github.com/cenkalti/backoff/v4** v4.1.2 -> v4.2.0 * **github.com/cespare/xxhash/v2** v2.1.2 -> v2.2.0 * **github.com/cilium/ebpf** v0.7.0 -> v0.9.1 * **github.com/container-orchestrated-devices/container-device-interface** v0.5.4 **_new_** * **github.com/containerd/btrfs/v2** v2.0.0 **_new_** * **github.com/containerd/cgroups** v1.0.3 -> v1.1.0 * **github.com/containerd/cgroups/v3** v3.0.1 **_new_** * **github.com/containerd/continuity** v0.2.2 -> v0.3.0 * **github.com/containerd/fifo** v1.0.0 -> v1.1.0 * **github.com/containerd/go-cni** v1.1.3 -> v1.1.9 * **github.com/containerd/imgcrypt** v1.1.3 -> v1.1.7 * **github.com/containerd/nri** v0.1.0 -> v0.3.0 * **github.com/containerd/ttrpc** v1.1.0 -> v1.2.1 * **github.com/containerd/typeurl/v2** v2.1.0 **_new_** * **github.com/containernetworking/cni** v1.0.1 -> v1.1.2 * **github.com/containernetworking/plugins** v1.0.1 -> v1.2.0 * **github.com/containers/ocicrypt** v1.1.2 -> v1.1.6 * **github.com/coreos/go-systemd/v22** v22.3.2 -> v22.5.0 * **github.com/cpuguy83/go-md2man/v2** v2.0.0 -> v2.0.2 * **github.com/cyphar/filepath-securejoin** v0.2.3 **_new_** * **github.com/docker/go-units** v0.4.0 -> v0.5.0 * **github.com/emicklei/go-restful/v3** v3.10.1 **_new_** * **github.com/fsnotify/fsnotify** v1.4.9 -> v1.6.0 * **github.com/go-logr/logr** v1.2.2 -> v1.2.3 * **github.com/godbus/dbus/v5** v5.0.6 -> v5.1.0 * **github.com/google/go-cmp** v0.5.6 -> v0.5.9 * **github.com/google/uuid** v1.2.0 -> v1.3.0 * **github.com/grpc-ecosystem/grpc-gateway/v2** v2.7.0 **_new_** * **github.com/imdario/mergo** v0.3.12 -> v0.3.13 * **github.com/intel/goresctrl** v0.2.0 -> v0.3.0 * **github.com/klauspost/compress** v1.11.13 -> v1.16.0 * **github.com/klauspost/cpuid/v2** v2.0.4 **_new_** * **github.com/miekg/pkcs11** v1.0.3 -> v1.1.1 * **github.com/minio/sha256-simd** v1.0.0 **_new_** * **github.com/moby/sys/mountinfo** v0.5.0 -> v0.6.2 * **github.com/moby/sys/sequential** v0.5.0 **_new_** * **github.com/moby/sys/signal** v0.6.0 -> v0.7.0 * **github.com/opencontainers/image-spec** 693428a734f5 -> 3a7f492d3f1b * **github.com/opencontainers/runc** v1.1.0 -> v1.1.4 * **github.com/opencontainers/runtime-spec** 1c3f411f0417 -> v1.1.0-rc.1 * **github.com/opencontainers/runtime-tools** 946c877fa809 **_new_** * **github.com/opencontainers/selinux** v1.10.0 -> v1.11.0 * **github.com/pelletier/go-toml** v1.9.3 -> v1.9.5 * **github.com/prometheus/client_golang** v1.11.0 -> v1.14.0 * **github.com/prometheus/client_model** v0.2.0 -> v0.3.0 * **github.com/prometheus/common** v0.30.0 -> v0.37.0 * **github.com/prometheus/procfs** v0.7.3 -> v0.8.0 * **github.com/russross/blackfriday/v2** v2.0.1 -> v2.1.0 * **github.com/sirupsen/logrus** v1.8.1 -> v1.9.0 * **github.com/stretchr/testify** v1.7.0 -> v1.8.2 * **github.com/syndtr/gocapability** 42c35b437635 **_new_** * **github.com/tchap/go-patricia/v2** v2.3.1 **_new_** * **github.com/urfave/cli** v1.22.1 -> v1.22.12 * **github.com/vishvananda/netlink** f5de75959ad5 -> v1.2.1-beta.2 * **go.etcd.io/bbolt** v1.3.6 -> v1.3.7 * **go.opencensus.io** v0.23.0 -> v0.24.0 * **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.28.0 -> v0.40.0 * **go.opentelemetry.io/otel** v1.3.0 -> v1.14.0 * **go.opentelemetry.io/otel/exporters/otlp/internal/retry** v1.3.0 -> v1.14.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.3.0 -> v1.14.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.3.0 -> v1.14.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.3.0 -> v1.14.0 * **go.opentelemetry.io/otel/metric** v0.37.0 **_new_** * **go.opentelemetry.io/otel/sdk** v1.3.0 -> v1.14.0 * **go.opentelemetry.io/otel/trace** v1.3.0 -> v1.14.0 * **go.opentelemetry.io/proto/otlp** v0.11.0 -> v0.19.0 * **golang.org/x/crypto** 32db794688a5 -> v0.1.0 * **golang.org/x/mod** v0.7.0 **_new_** * **golang.org/x/net** fe4d6282115f -> v0.7.0 * **golang.org/x/oauth2** 2bc19b11175f -> v0.4.0 * **golang.org/x/sync** 036812b2e83c -> v0.1.0 * **golang.org/x/sys** 1d35b9e2eb4e -> v0.6.0 * **golang.org/x/term** 6886f2dfbf5b -> v0.5.0 * **golang.org/x/text** v0.3.7 -> v0.7.0 * **golang.org/x/time** 1f47c861a9ac -> 90d013bbcef8 * **golang.org/x/tools** v0.5.0 **_new_** * **google.golang.org/genproto** e50cd9704f63 -> 7f2fa6fef1f4 * **google.golang.org/grpc** v1.43.0 -> v1.53.0 * **google.golang.org/protobuf** v1.27.1 -> v1.28.1 * **gopkg.in/yaml.v3** 496545a6307b -> v3.0.1 * **k8s.io/api** v0.22.5 -> v0.26.2 * **k8s.io/apimachinery** v0.22.5 -> v0.26.2 * **k8s.io/apiserver** v0.22.5 -> v0.26.2 * **k8s.io/client-go** v0.22.5 -> v0.26.2 * **k8s.io/component-base** v0.22.5 -> v0.26.2 * **k8s.io/cri-api** v0.23.1 -> v0.26.2 * **k8s.io/klog/v2** v2.30.0 -> v2.90.1 * **k8s.io/utils** cb0fa318a74b -> a5ecb0141aa5 * **sigs.k8s.io/json** f223a00ba0e2 **_new_** * **sigs.k8s.io/structured-merge-diff/v4** v4.1.2 -> v4.2.3 * **sigs.k8s.io/yaml** v1.2.0 -> v1.3.0 Previous release can be found at [v1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. * `cri-containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: (Deprecated) * `cri-containerd-cni-<VERSION>-<OS>-<ARCH>.tar.gz`: (Deprecated) In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation. -
v1.7.0-rc.2
containerd 1.7.0-rc.2 Welcome to the v1.7.0-rc.2 release of containerd! *This is a pre-release of containerd* The eighth major release of containerd includes new functionality alongside many improvements. This release is intended to be the last major release of containerd 1.x before 2.0. Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0. This release still adheres to our backwards compatibility guarantees and users who do not use or enable new functionality should use this release with the same stability expectations. The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality. ### Highlights #### Sandbox API _(experimental)_ The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs. This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients. * **Sandbox API** ([#6703](https://github.com/containerd/containerd/pull/6703)) * **CRI Sandbox API Implementation** ([#7228](https://github.com/containerd/containerd/pull/7228)) #### Transfer Service _(experimental)_ * **Transfer Service** ([#7320](https://github.com/containerd/containerd/pull/7320)) The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release to allow for further plugin development and integration into existing plugins. See the [Transfer Docs](https://github.com/containerd/containerd/blob/main/docs/transfer.md) #### NRI _(experimental)_ * **Extend NRI scope** ([nri#16](https://github.com/containerd/nri/pull/16)) * **Support for updated NRI** ([#6019](https://github.com/containerd/containerd/pull/6019)) The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration. This release introduces NRI v0.3.0 with an updated plugin interface to cover a wide range of use cases. See the [NRI Docs](https://github.com/containerd/containerd/blob/main/docs/NRI.md) #### Platform Support * **Linux containers on FreeBSD** ([#7000](https://github.com/containerd/containerd/pull/7000)) #### Runtime Features * **Add support for CDI device injection** ([#6654](https://github.com/containerd/containerd/pull/6654)) * **Support for cgroups blockio** ([#5490](https://github.com/containerd/containerd/pull/5490)) * **Add restart policy for enhanced restart manager** ([#6744](https://github.com/containerd/containerd/pull/6744)) #### gRPC Shim Support _(experimental)_ * **Initial gRPC shim support** ([#8052](https://github.com/containerd/containerd/pull/8052)) Adds support for shims to use gRPC in addition to ttrpc. Existing ttrpc shim support is not going away and will continue to be recommended for the best performance and lowest shim memory overhead. The gRPC support allows implementation of a wider range of shim implementations which may not have access to a stable ttrpc library in the implementation language. The shim protocol is also updated to allow the shims to specify the protocol which is supported. #### Road to 2.0 ##### Refactoring There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points. The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independently. The new sandbox and distribution interfaces provide one example of this, but it also being done for image and network management. The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc. Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability. * **Remove gogoproto.customtype** ([#6699](https://github.com/containerd/containerd/pull/6699)) * **Remove enumvalue_customname, goproto_enum_prefix and enum_customname** ([#6708](https://github.com/containerd/containerd/pull/6708)) * **Remove all gogoproto extensions** ([#6829](https://github.com/containerd/containerd/pull/6829)) * **Migrate off from github.com/gogo/protobuf** ([#6841](https://github.com/containerd/containerd/pull/6841)) * **ttrpc streaming** ([ttrpc#107](https://github.com/containerd/ttrpc/pull/107)) * **Add unpack interface for client** ([#6749](https://github.com/containerd/containerd/pull/6749)) * **Add collectible resources to metadata gc** ([#6804](https://github.com/containerd/containerd/pull/6804)) * **Add version to shim protocol** ([#8177](https://github.com/containerd/containerd/pull/8177)) ##### Configuration Existing CRI configurations will be supported until 2.0. Any functionality split out of CRI will have their configuration migrated to new plugins. Deprecated configuration versions and configurations for deprecated features will be removed in 2.0. ##### Deprecation The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include. * **Docker Schema 1 Image Deprecation** ([#6884](https://github.com/containerd/containerd/pull/6884)) #### CRI Updates * **Fix CRI plugin to setup pod network after creating the sandbox container** ([#5904](https://github.com/containerd/containerd/pull/5904)) * **Support image pull progress timeout** ([#6150](https://github.com/containerd/containerd/pull/6150)) * **Add experimental support for runtime specific snapshotters** ([#6899](https://github.com/containerd/containerd/pull/6899)) * **Pass all TOML runtime configuration options from CRI to the runtime** ([#7764](https://github.com/containerd/containerd/pull/7764)) * **Support for user namespaces in stateless pods ([KEP-127](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/127-user-namespaces)) _(experimental)_** ([#7679](https://github.com/containerd/containerd/pull/7679)) * **Add timeout option for drain exec io** ([#7832](https://github.com/containerd/containerd/pull/7832)) * **Add network plugin metrics** ([#7858](https://github.com/containerd/containerd/pull/7858)) * **CRI v1alpha2 is deprecated and will be removed from containerd in containerd v2.0; if you are using the CRI API please move up to CRI v1; Kubernetes supports CRI v1 since Kubernetes 1.23** ([#7863](https://github.com/containerd/containerd/pull/7863)) #### Other * **Support shallow content copy by adding reader option to local content reader at** ([#7414](https://github.com/containerd/containerd/pull/7414)) * **Add NoSameOwner option when unpacking tars** ([#7386](https://github.com/containerd/containerd/pull/7386)) * **Add `FetcherByDigest` for fetching blobs without fetching a manifest** ([#7460](https://github.com/containerd/containerd/pull/7460)) * **Update default seccomp profile to block socket calls to AF_VSOCK** ([#7510](https://github.com/containerd/containerd/pull/7510)) * **Replace fork on mount logic with CLONE_FS** ([#7513](https://github.com/containerd/containerd/pull/7513)) * **Add support for default registry host configuration** ([#7607](https://github.com/containerd/containerd/pull/7607)) * **Use github.com/minio/sha256-simd for more efficient sha256 calculation** ([#7732](https://github.com/containerd/containerd/pull/7732)) * **Make OCI options cross-platform** ([#7928](https://github.com/containerd/containerd/pull/7928)) * **Update release builds to build from Ubuntu 20.04 with glibc 2.31** ([#8021](https://github.com/containerd/containerd/pull/8021)) * **Use data field from OCI descriptor when provided for fetch** ([#8076](https://github.com/containerd/containerd/pull/8076)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Kazuyoshi Kato * Maksym Pavlenko * Wei Fu * Phil Estes * Akihiro Suda * Sebastiaan van Stijn * Samuel Karp * Krisztian Litkey * Mike Brown * Stefan Berger * Danny Canter * Daniel Canter * Austin Vazquez * yanggang * Iceber Gu * Ye Sijun * Ed Bartosh * Luca Comellini * Adam Korcz * Nashwan Azhari * Tony Fang * ruiwen-zhao * xin.li * Brian Goff * Gabriel Adrian Samfira * Paul "TBBle" Hampson * Henry Wang * Kevin Parsons * Rodrigo Campos * zounengren * Justin Terry * Paco Xu * Shengjing Zhu * Swagat Bora * wanglei * Gavin Inglis * Akhil Mohan * Zechun Chen * guodong * lengrongfu * Hsing-Yu (David) Chen * James Jenkins * James Sturtevant * Kirtana Ashok * Michael Crosby * Qiutong Song * Shiming Zhang * Vincent Batts * Antonio Ojea * Cameron Sparr * Casey Callendrello * Changwei Ge * Jian Zeng * Josh Seba * Junyu Liu * Kohei Tokunaga * Michael Zappa * Qasim Sarfraz * Tobias Klauser * dependabot[bot] * pigletfly * yaoyinnan * Abirdcfly * Aditi Sharma * Amit Barve * Bennett-White * Bjorn Neergaard * Cory Snider * Craig Ingram * Eng Zer Jun * Eric Lin * Ethan Lowman * Fabian Hoffmann * Jess * Jiongchi Yu * Jonny Stoten * Juan Hoyos * Kang.Zhang * Kay Yan * Markus Lehtonen * Mikko Ylinen * Mohit Sharma * Paul Cacheux * Paul S. Schweigert * Qian Zhang * Tõnis Tiigi * Yasin Turan * Zhang Tianyang * bin liu * helen * yulng * Aman Sharma * Anastassios Nanos * Andrew G. Morgan * Andrey Klimentyev * Aniruddha Basak * Anthony Nandaa * Antti Kervinen * Aviral Takkar * Baoshuo * Benjamin Elder * Benjamin Wang * Brandon Lum * Chao Dai * Chuanying Du * Claudiu Belu * Daniel Lenar * Danielle Lancashire * Dat Nguyen * Davanum Srinivas * Dave * David Leadbeater * David Porter * Dmitry Shurupov * Edgar Lee * Eric Ernst * Fahed Dorgaa * Gabriela Cervantes * Gijs Peskens * Hamza El-Saawy * Ikko Ashimine * Jeff Widman * Jeff Zvier * Jeremi Piotrowski * Jimmy Hsiao * Jin Dong * Jordan Karaze * Joseph Sheng * Joyce Brum * Jukka Rissanen * Justin Chadwell * Kate * Kathryn Baldauf * Kyle L Frisbie * LongtaoZhang * Manuel Alejandro de Brito Fontes * Marc Schwind * Mark Rossetti * Mark Zhang * Marvin Giessing * Mathis Michel * Merlin Ran * Nabeel Rana * Nathan * Nguyen Phan Huy * Nikita Rybak * Nobel Barakat * Oleg Atamanenko * Oleg Zhurakivskyy * Oliver Radwell * Quan Tian * Roy Yang * Samuel Ortiz * Serge Logvinov * Shane Jennings * Shaun Lawrie * Shinichi Morimoto * SilverSoldier * Sophie Liu * Su Fei * Taeho Nam * Takumasa Sakao * Tiger Kaovilai * Tom Godkin * Tomoya.Fujita * Xinlin Ma * Yakul Garg * Zhongming Chang * Zhuchen Wang * austinvazquez * cardy.tang * chaunceyjiang * dabaooline * guiyong.ou * huoqifeng * jianfei.zhang * liyuxuan.darfux * ningmingxiao * shi yixue * shuaichang * songjiang han * wen chen * wusong * xiaoyang zhu * yanghesong * yaozhenxiu * zhang he ### Changes <details><summary>1729 commits</summary> <p> * Add release notes for v1.7.0-rc.2 ([#8216](https://github.com/containerd/containerd/pull/8216)) * go.mod: {hcsshim, containerd/*, go-restful/v3, mergo, klauspost/compress, opencontainers/*}@latest ([#8221](https://github.com/containerd/containerd/pull/8221)) * Bump k8s.io deps ([#8131](https://github.com/containerd/containerd/pull/8131)) * Update imgcrypt to v1.1.7 ([#8217](https://github.com/containerd/containerd/pull/8217)) * Add ArgsEscaped support for CRI ([#8198](https://github.com/containerd/containerd/pull/8198)) * Sandbox: Delete shim+shutdown sandbox on create failure ([#8204](https://github.com/containerd/containerd/pull/8204)) * [Feature] Transfer tag image ([#8205](https://github.com/containerd/containerd/pull/8205)) * docs: fix typo of shim.RunManager's function comment ([#8214](https://github.com/containerd/containerd/pull/8214)) * [cri] Implement CRI Pod and Container stats for Windows ([#7099](https://github.com/containerd/containerd/pull/7099)) * Sandbox: Fix/enhance error messages for Create ([#8203](https://github.com/containerd/containerd/pull/8203)) * epoch: fix unit test when SOURCE_DATE_EPOCH is set ([#8202](https://github.com/containerd/containerd/pull/8202)) * pkg/cri: add timeout to drain exec io ([#7832](https://github.com/containerd/containerd/pull/7832)) * Prepare release notes for v1.7.0-rc.1 ([#8192](https://github.com/containerd/containerd/pull/8192)) * Transfer export image ([#8191](https://github.com/containerd/containerd/pull/8191)) * Create config struct to take user input ([#8193](https://github.com/containerd/containerd/pull/8193)) * ctr/tasks: support remapped UID/GID ([#7864](https://github.com/containerd/containerd/pull/7864)) * Add experimental section to RELEASES.md ([#8119](https://github.com/containerd/containerd/pull/8119)) * Fix streaming manager deadlock on collection ([#8188](https://github.com/containerd/containerd/pull/8188)) * Update CRI guide link ([#8190](https://github.com/containerd/containerd/pull/8190)) * Add max shim version environment variable ([#8189](https://github.com/containerd/containerd/pull/8189)) * Update README with location of security audits ([#8187](https://github.com/containerd/containerd/pull/8187)) * docs: fix typos in historical/design/data-flow.md ([#8181](https://github.com/containerd/containerd/pull/8181)) * Increase CI workflow timeout on Windows. ([#8183](https://github.com/containerd/containerd/pull/8183)) * releases: mark 1.5 as EOL ([#8178](https://github.com/containerd/containerd/pull/8178)) * Add version to shim protocol ([#8177](https://github.com/containerd/containerd/pull/8177)) * Rework install-protobuf script and add new targets ([#8164](https://github.com/containerd/containerd/pull/8164)) * bump go-cni to v1.1.9 ([#8173](https://github.com/containerd/containerd/pull/8173)) * Treat sandboxes as root gc resources and scan referenced objects ([#8172](https://github.com/containerd/containerd/pull/8172)) * update CDI version to v0.5.4 ([#8152](https://github.com/containerd/containerd/pull/8152)) * Prepare release notes for v1.7.0-rc.0 ([#8162](https://github.com/containerd/containerd/pull/8162)) * pkg/nri: pull in latest NRI, update NRI configuration. ([#8140](https://github.com/containerd/containerd/pull/8140)) * [transfer]Config options followup ([#8165](https://github.com/containerd/containerd/pull/8165)) * Add configuration options to local transfer service ([#8062](https://github.com/containerd/containerd/pull/8062)) * docs: Show how to select GRPC for shims ([#8134](https://github.com/containerd/containerd/pull/8134)) * CRI: remove duplicated snapshotters code ([#8154](https://github.com/containerd/containerd/pull/8154)) * docs: add more comment to logging.LoggerFunc ([#8142](https://github.com/containerd/containerd/pull/8142)) * contrib/apparmor: remove code related to apparmor_parser version ([#8069](https://github.com/containerd/containerd/pull/8069)) * runtime/v2: Call onCloseWithShimLog for grpc shims ([#8120](https://github.com/containerd/containerd/pull/8120)) * Add Fields type alias to log package ([#8143](https://github.com/containerd/containerd/pull/8143)) * Migrate from k8s.gcr.io to registry.k8s.io ([#8125](https://github.com/containerd/containerd/pull/8125)) * sandbox: start sandbox with options ([#8129](https://github.com/containerd/containerd/pull/8129)) * Add macOS build note ([#8115](https://github.com/containerd/containerd/pull/8115)) * Fix concurrent writes for UpdateContainerStats ([#8130](https://github.com/containerd/containerd/pull/8130)) * dependency: bump go.etcd.io/bbolt to v1.3.7 ([#8128](https://github.com/containerd/containerd/pull/8128)) * runtime/v2: Log BootstrapParams ([#8124](https://github.com/containerd/containerd/pull/8124)) * Prepare release notes for v1.7.0 beta.4 ([#8110](https://github.com/containerd/containerd/pull/8110)) * Go 1.20.1 ([#8103](https://github.com/containerd/containerd/pull/8103)) * ctr version: add args check ([#8096](https://github.com/containerd/containerd/pull/8096)) * pkg/cri/config: fix Mirrors deprecation comment ([#8041](https://github.com/containerd/containerd/pull/8041)) * docs: fix function names in fuzzing test documentation ([#8044](https://github.com/containerd/containerd/pull/8044)) * fix: 'go routine' should be 'goroutine' ([#8051](https://github.com/containerd/containerd/pull/8051)) * Github Security Advisory [GHSA-hmfx-3pcx-653p](https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p) * Github Security Advisory [GHSA-259w-8hf6-59c2](https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2) * pkg/cri/sbserver: experimental NRI integration for CRI. ([#7954](https://github.com/containerd/containerd/pull/7954)) * Clean up error strings that start with uppercase ([#8114](https://github.com/containerd/containerd/pull/8114)) * Clean up repeated package import ([#8113](https://github.com/containerd/containerd/pull/8113)) * Go 1.19.6 ([#8109](https://github.com/containerd/containerd/pull/8109)) * Initial GRPC shims support ([#8052](https://github.com/containerd/containerd/pull/8052)) * CRI: Pass sandbox annotations to _other platforms ([#8060](https://github.com/containerd/containerd/pull/8060)) * cmd/ctr/commands/images: support usage subcommand ([#8105](https://github.com/containerd/containerd/pull/8105)) * cni: pass in the cgroupPath capability argument ([#8067](https://github.com/containerd/containerd/pull/8067)) * Add fallback for windows platforms without osversion ([#8101](https://github.com/containerd/containerd/pull/8101)) * release: xx v1.2.1 ([#8104](https://github.com/containerd/containerd/pull/8104)) * [transfer] update imagestore interface to support multiple references ([#7964](https://github.com/containerd/containerd/pull/7964)) * [sandbox] Use options to pass PodSandboxConfig to shims ([#8100](https://github.com/containerd/containerd/pull/8100)) * Send container events with nil PodSandboxStatus ([#8047](https://github.com/containerd/containerd/pull/8047)) * test: add hostNetwork tests for both windows and linux ([#7984](https://github.com/containerd/containerd/pull/7984)) * loadConfig pre-inspection in advance ([#8097](https://github.com/containerd/containerd/pull/8097)) * contrib/apparmor: remove version-dependent rules ([#8068](https://github.com/containerd/containerd/pull/8068)) * *: introduce wrapper pkgs for blockio and rdt ([#8066](https://github.com/containerd/containerd/pull/8066)) * Extract CRI instrument into separate package ([#8093](https://github.com/containerd/containerd/pull/8093)) * CRI: Mirror generic toml runtime config under server ([#8091](https://github.com/containerd/containerd/pull/8091)) * go.mod: github.com/containerd/typeurl/v2 v2.1.0 ([#8092](https://github.com/containerd/containerd/pull/8092)) * Revert `apparmor_parser` regression ([#8086](https://github.com/containerd/containerd/pull/8086)) * [sandbox] refactor controller interface ([#7981](https://github.com/containerd/containerd/pull/7981)) * btrfs: depend on kernel UAPI instead of libbtrfs ([#7933](https://github.com/containerd/containerd/pull/7933)) * CI: skip some jobs when `repo != containerd/containerd` ([#8082](https://github.com/containerd/containerd/pull/8082)) * chore: clean up repeated package import ([#8078](https://github.com/containerd/containerd/pull/8078)) * fetch: Use data from descriptor when available. ([#8076](https://github.com/containerd/containerd/pull/8076)) * chore: use http constants instead of string ([#8077](https://github.com/containerd/containerd/pull/8077)) * Fix retry logic within devmapper device deactivation ([#8075](https://github.com/containerd/containerd/pull/8075)) * Clean CI yaml ([#8071](https://github.com/containerd/containerd/pull/8071)) * Add critest.exe in $PATH ([#8074](https://github.com/containerd/containerd/pull/8074)) * keep the uppercase letter for flag info ([#7976](https://github.com/containerd/containerd/pull/7976)) * go.mod: Bump hcsshim to v0.10.0-rc.5 ([#8049](https://github.com/containerd/containerd/pull/8049)) * Fix sandbox exit monitor ([#8045](https://github.com/containerd/containerd/pull/8045)) * Generate GRPC contracts for runtime APIs ([#7979](https://github.com/containerd/containerd/pull/7979)) * Make argument validation of `mount.UnmountRecursive` compatible to `mount.UnmountAll` ([#8035](https://github.com/containerd/containerd/pull/8035)) * Export remote snapshotter label handler ([#8036](https://github.com/containerd/containerd/pull/8036)) * Adding support to run install hcsshim from local clone ([#7989](https://github.com/containerd/containerd/pull/7989)) * go.mod: github.com/urfave/cli v1.22.12 ([#8040](https://github.com/containerd/containerd/pull/8040)) * cmd/ctr/commands: clean up the func IntToInt32Array in utils.go ([#8039](https://github.com/containerd/containerd/pull/8039)) * pkg/epoch: drop timezone ([#8037](https://github.com/containerd/containerd/pull/8037)) * go.mod: update github.com/containerd/nri. ([#8034](https://github.com/containerd/containerd/pull/8034)) * fix(docs): minor fix on the windows installation steps ([#8013](https://github.com/containerd/containerd/pull/8013)) * Add integration test to opentelemetry tracing on image pull ([#7847](https://github.com/containerd/containerd/pull/7847)) * Use mount.Target to specify subdirectory of rootfs mount ([#7840](https://github.com/containerd/containerd/pull/7840)) * cri: mkdir /etc/cni with 0755, not 0700 ([#8020](https://github.com/containerd/containerd/pull/8020)) * log/logtest: add `testcase` as debug field ([#8025](https://github.com/containerd/containerd/pull/8025)) * go.mod: github.com/containerd/cgroups/v3 v3.0.0 ([#8027](https://github.com/containerd/containerd/pull/8027)) * Update CNI plugins to 1.2.0 ([#7977](https://github.com/containerd/containerd/pull/7977)) * go.mod: go.opentelemetry.io/otel v1.12.0 ([#8026](https://github.com/containerd/containerd/pull/8026)) * Move PLEG events for pause container under podsandbox package ([#8007](https://github.com/containerd/containerd/pull/8007)) * runtime docs: Clarify delete cwd behavior ([#8012](https://github.com/containerd/containerd/pull/8012)) * release: Add "cri-containerd.DEPRECATED.txt" in the deprecated cri-containerd-* bundles ([#8019](https://github.com/containerd/containerd/pull/8019)) * RELEASES.md: update release status ([#8022](https://github.com/containerd/containerd/pull/8022)) * deflake: TestContainerPids ([#8023](https://github.com/containerd/containerd/pull/8023)) * release: Ubuntu 18.04 -> 20.04 (glibc 2.27 -> 2.31) ([#8021](https://github.com/containerd/containerd/pull/8021)) * Update the EOL date for 1.5 release ([#8015](https://github.com/containerd/containerd/pull/8015)) * Prepare release notes for v1.7.0-beta.3 ([#8014](https://github.com/containerd/containerd/pull/8014)) * Fix Memory Limit test ([#7959](https://github.com/containerd/containerd/pull/7959)) * Reused package errdefs for not supported error ([#8005](https://github.com/containerd/containerd/pull/8005)) * pkg/cri: optimize slice initialization ([#7994](https://github.com/containerd/containerd/pull/7994)) * go.mod: update goresctrl to v0.3.0 ([#7987](https://github.com/containerd/containerd/pull/7987)) * pushWriter: correctly propagate errors ([#7985](https://github.com/containerd/containerd/pull/7985)) * CI: test release.yml on every PR ([#7968](https://github.com/containerd/containerd/pull/7968)) * fix incorrect namespace of event when create/update namespace ([#7129](https://github.com/containerd/containerd/pull/7129)) * Backport changes to sandboxed CRI ([#7973](https://github.com/containerd/containerd/pull/7973)) * Fix syntax errors in the document ([#7970](https://github.com/containerd/containerd/pull/7970)) * release/Dockerfile: set DEBIAN_FRONTEND=noninteractive ([#7969](https://github.com/containerd/containerd/pull/7969)) * use local variable for rt when iterating collectors ([#7963](https://github.com/containerd/containerd/pull/7963)) * Add basic spec and mounts for Darwin ([#7960](https://github.com/containerd/containerd/pull/7960)) * go.mod: Bump hcsshim to v0.10.0-rc.4 ([#7810](https://github.com/containerd/containerd/pull/7810)) * Use specs Platform instead of generated API ([#7958](https://github.com/containerd/containerd/pull/7958)) * Make OCI options cross-platform ([#7928](https://github.com/containerd/containerd/pull/7928)) * update to go1.19.5, go1.18.10 ([#7948](https://github.com/containerd/containerd/pull/7948)) * fuzzing: improve archive fuzzer ([#7957](https://github.com/containerd/containerd/pull/7957)) * shim: enable debug logging for delete ([#7943](https://github.com/containerd/containerd/pull/7943)) * cri: Fix TestUpdateOCILinuxResource for host w/o swap controller ([#7946](https://github.com/containerd/containerd/pull/7946)) * ctr/run: flags --detach and --rm cannot be specified together ([#7929](https://github.com/containerd/containerd/pull/7929)) * Fix Flaky Windows CRI Integration test on TestContainerConsumedStats ([#7935](https://github.com/containerd/containerd/pull/7935)) * Refactor snapshotters metastore transaction ([#7917](https://github.com/containerd/containerd/pull/7917)) * mod: update github.com/pelletier/go-toml@v1.9.5 ([#7932](https://github.com/containerd/containerd/pull/7932)) * archive: improve TestSourceDateEpoch ([#7927](https://github.com/containerd/containerd/pull/7927)) * Add tracing plugin test ([#7883](https://github.com/containerd/containerd/pull/7883)) * docs/content-flow: update the description of the content labels ([#7925](https://github.com/containerd/containerd/pull/7925)) * Add cleanup package for context management during cleanup ([#7861](https://github.com/containerd/containerd/pull/7861)) * Fix race between stream registration and use ([#7886](https://github.com/containerd/containerd/pull/7886)) * Prepare release notes for v1.7.0-beta.2 ([#7903](https://github.com/containerd/containerd/pull/7903)) * Cirrus CI (Fedora 37, Rocky 8): enable cri-integration ([#7892](https://github.com/containerd/containerd/pull/7892)) * contrib/Dockerfile.test: add "integration", "cri-integration", "critest" stages ([#7891](https://github.com/containerd/containerd/pull/7891)) * docs: fix a typo in tracing documentation ([#7914](https://github.com/containerd/containerd/pull/7914)) * CI: Pass GITHUB_TOKEN to containerd/project-checks ([#7913](https://github.com/containerd/containerd/pull/7913)) * Enable dupword linter ([#7911](https://github.com/containerd/containerd/pull/7911)) * ctr: Add platform flag to 'oci spec' command ([#7905](https://github.com/containerd/containerd/pull/7905)) * Vagrantfile: fix disk resize error with VirtualBox ([#7907](https://github.com/containerd/containerd/pull/7907)) * Vagrantfile: fix comments about SELinux ([#7908](https://github.com/containerd/containerd/pull/7908)) * Use the const labels.LabelUncompressed ([#7906](https://github.com/containerd/containerd/pull/7906)) * [sandbox] Add sandbox store plugin type ([#7850](https://github.com/containerd/containerd/pull/7850)) * Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts ([#7893](https://github.com/containerd/containerd/pull/7893)) * CRI: Comment cleanup/misc fixes ([#7904](https://github.com/containerd/containerd/pull/7904)) * Move snapshot event publishing into metadata store ([#5674](https://github.com/containerd/containerd/pull/5674)) * Vagrantfile: install-rootless-podman: remove `setenforce 0` ([#7887](https://github.com/containerd/containerd/pull/7887)) * reused package errdefs for error ([#7894](https://github.com/containerd/containerd/pull/7894)) * integration/images: switch away from Docker Hub to avoid rate limit ([#7888](https://github.com/containerd/containerd/pull/7888)) * Validate userns container config is consistent with sandbox userns config ([#7882](https://github.com/containerd/containerd/pull/7882)) * `ctr contents ls` sorts the labels of the content ([#7881](https://github.com/containerd/containerd/pull/7881)) * chore: use `go fix` to cleanup old +build buildtag ([#7879](https://github.com/containerd/containerd/pull/7879)) * cri: Shadow variables to avoid t.Parallel() issues ([#7880](https://github.com/containerd/containerd/pull/7880)) * Add support for user namespaces in stateless pods (KEP-127) ([#7679](https://github.com/containerd/containerd/pull/7679)) * Refactor metastore transaction ([#7529](https://github.com/containerd/containerd/pull/7529)) * oci: appendOSMounts(): remove unused error, and move ([#7874](https://github.com/containerd/containerd/pull/7874)) * add kube v1.26: remove v1alph2 cri support ([#7863](https://github.com/containerd/containerd/pull/7863)) * make runc 1.1 for oss_fuzz_build.sh ([#7875](https://github.com/containerd/containerd/pull/7875)) * CRI sbserver: Prevent server reuse after Shutdown ([#7872](https://github.com/containerd/containerd/pull/7872)) * Fix incorrect defer usage and refactor judgement ([#7521](https://github.com/containerd/containerd/pull/7521)) * oci: Add WithDomainname ([#7869](https://github.com/containerd/containerd/pull/7869)) * Reused errdefs define error ([#7871](https://github.com/containerd/containerd/pull/7871)) * fix `ctr tasks kill` does not remove cni network under windows ([#7866](https://github.com/containerd/containerd/pull/7866)) * add network plugin metrics ([#7858](https://github.com/containerd/containerd/pull/7858)) * Avoid using canceled context in unpacker cleanup ([#7859](https://github.com/containerd/containerd/pull/7859)) * image/label: print more characters of label keys ([#7618](https://github.com/containerd/containerd/pull/7618)) * prevent Server reuse after a Shutdown ([#7165](https://github.com/containerd/containerd/pull/7165)) * Check containerd's readiness before calling critest ([#7851](https://github.com/containerd/containerd/pull/7851)) * Fix grammatical errors in Readme ([#7837](https://github.com/containerd/containerd/pull/7837)) * Fix cpu architecture detection issue on linux/arm ([#7636](https://github.com/containerd/containerd/pull/7636)) * CRI: Fix no CNI info for pod sandbox on restart ([#7845](https://github.com/containerd/containerd/pull/7845)) * Enable checkRename test ([#7081](https://github.com/containerd/containerd/pull/7081)) * metastore: Add WithTransaction convenience method ([#7781](https://github.com/containerd/containerd/pull/7781)) * Prevent a race condition in testHook ([#7831](https://github.com/containerd/containerd/pull/7831)) * cri: fix `memory.memsw.limit_in_bytes: no such file or directory` ([#7836](https://github.com/containerd/containerd/pull/7836)) * go.mod: update fuzz-headers and fuzz-build ([#7824](https://github.com/containerd/containerd/pull/7824)) * Remove github.com/gogo/protobuf again ([#7825](https://github.com/containerd/containerd/pull/7825)) * CRI: Add host networking helper ([#7814](https://github.com/containerd/containerd/pull/7814)) * Support sandbox shutdown in shim runtimes ([#7792](https://github.com/containerd/containerd/pull/7792)) * move up to CRI-TOOLS v1.26.0 ([#7818](https://github.com/containerd/containerd/pull/7818)) * Minor fix when querying pod sandbox status ([#7812](https://github.com/containerd/containerd/pull/7812)) * nil check to avoid panic on upgrade ([#7809](https://github.com/containerd/containerd/pull/7809)) * Bump grpc to v1.51.0 ([#7709](https://github.com/containerd/containerd/pull/7709)) * fatal error: concurrent map iteration and map write ([#7805](https://github.com/containerd/containerd/pull/7805)) * Bump golangci-lint to v1.50.1 ([#7804](https://github.com/containerd/containerd/pull/7804)) * cri: make swapping disabled with memory limit ([#7783](https://github.com/containerd/containerd/pull/7783)) * add metrics for image pulling: error; in progress count; thoughput ([#7313](https://github.com/containerd/containerd/pull/7313)) * Prepare release notes for v1.7.0-beta.1 ([#7793](https://github.com/containerd/containerd/pull/7793)) * support fetching containerd from non public GCS buckets ([#7771](https://github.com/containerd/containerd/pull/7771)) * images: support specifying SourceDateEpoch via ctx ([#7651](https://github.com/containerd/containerd/pull/7651)) * fuzzing: improve archive fuzzer ([#7718](https://github.com/containerd/containerd/pull/7718)) * fix sdNotify func when debug level ([#7798](https://github.com/containerd/containerd/pull/7798)) * Upgrade GitHub actions packages in release workflow ([#7794](https://github.com/containerd/containerd/pull/7794)) * Enable GitHub Actions local Linux CI runs ([#7796](https://github.com/containerd/containerd/pull/7796)) * integration: increase timeout in container_event_test.go ([#7791](https://github.com/containerd/containerd/pull/7791)) * digest: use github.com/minio/sha256-simd ([#7732](https://github.com/containerd/containerd/pull/7732)) * allow client to remove created tasks with PID 0 ([#7787](https://github.com/containerd/containerd/pull/7787)) * Add container event support to containerd ([#7073](https://github.com/containerd/containerd/pull/7073)) * docs: Authorizer.Authorize could return ErrUnexpectedStatus ([#7786](https://github.com/containerd/containerd/pull/7786)) * fix: check for tmpfs when evaluating if userxattr is needed ([#7772](https://github.com/containerd/containerd/pull/7772)) * Pass TOML configuration options for runtimes CRI is not aware of ([#7764](https://github.com/containerd/containerd/pull/7764)) * Cleanup build constraints ([#7776](https://github.com/containerd/containerd/pull/7776)) * There is no way to disable debug endpoint on Darwin ([#7775](https://github.com/containerd/containerd/pull/7775)) * CI: Vagrant: pin rockylinux/8 to v5.0.0 ([#7777](https://github.com/containerd/containerd/pull/7777)) * vendor: golang.org/x/net v0.4.0 ([#7774](https://github.com/containerd/containerd/pull/7774)) * Fix context when waiting sandbox ([#7773](https://github.com/containerd/containerd/pull/7773)) * Github Security Advisory [GHSA-2qjp-425j-52j9](https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9) * update to go1.19.4, go1.18.9 ([#7765](https://github.com/containerd/containerd/pull/7765)) * Change PushContent to require only Provider ([#7763](https://github.com/containerd/containerd/pull/7763)) * sbserver bug fixing ([#7768](https://github.com/containerd/containerd/pull/7768)) * Add unit test to Opentelemetry tracing ([#7671](https://github.com/containerd/containerd/pull/7671)) * remove some (aliases for) deprecated functions ([#7525](https://github.com/containerd/containerd/pull/7525)) * Refactor ctr restore to allow for tty allocation ([#7673](https://github.com/containerd/containerd/pull/7673)) * fix panic when containerd-stress density --count 0 ([#7748](https://github.com/containerd/containerd/pull/7748)) * Unwrap proto errors in streaming client ([#7753](https://github.com/containerd/containerd/pull/7753)) * Fix process_vm_* syscall names in seccomp ([#7755](https://github.com/containerd/containerd/pull/7755)) * upgrade the ops.md output for current 1.7 version . ([#7747](https://github.com/containerd/containerd/pull/7747)) * docs: Add extra security instructions ([#7743](https://github.com/containerd/containerd/pull/7743)) * go.mod: re-vendor NRI from the official repo. ([#7744](https://github.com/containerd/containerd/pull/7744)) * [Sandbox API] CRI status cleanup ([#7731](https://github.com/containerd/containerd/pull/7731)) * Transfer service ([#7320](https://github.com/containerd/containerd/pull/7320)) * NRI: add support for NRI with extended scope. ([#6019](https://github.com/containerd/containerd/pull/6019)) * archive: set WithModTimeUpperBound when WithSourceDateEpoch is set ([#7710](https://github.com/containerd/containerd/pull/7710)) * Fix order of operations when setting lease labels ([#7702](https://github.com/containerd/containerd/pull/7702)) * Add ctr image prune command ([#7730](https://github.com/containerd/containerd/pull/7730)) * Check for nullptr before dereferencing ([#7708](https://github.com/containerd/containerd/pull/7708)) * use MaxConcurrentDownloads instead of MaxConcurrentUploadedLayers ([#7736](https://github.com/containerd/containerd/pull/7736)) * introspection: expose the daemon's PID and PIDNS ([#7694](https://github.com/containerd/containerd/pull/7694)) * reference/docker: synchronize fork with upstream distribution/distribution ([#7635](https://github.com/containerd/containerd/pull/7635)) * go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions ([#7721](https://github.com/containerd/containerd/pull/7721)) * Add ptrace readby and tracedby to default AppArmor profile ([#7714](https://github.com/containerd/containerd/pull/7714)) * Fix sandbox API when calling sandboxed shims ([#7684](https://github.com/containerd/containerd/pull/7684)) * make status more readable and update easy. ([#7669](https://github.com/containerd/containerd/pull/7669)) * integration/client: fix go.mod grouping, containerd to v1.7.0-beta.0, cgroups back to v1.0.4 ([#7720](https://github.com/containerd/containerd/pull/7720)) * Resolve warnings in Windows GitHub Actions periodic workflows ([#7706](https://github.com/containerd/containerd/pull/7706)) * Sandbox API: implement Controller.Status for SandboxAPI ([#7470](https://github.com/containerd/containerd/pull/7470)) * [port #5904 to sbserver] Setup pod network after creating the sandbox container ([#7426](https://github.com/containerd/containerd/pull/7426)) * fix for OSS-Fuzz infra changes ([#7677](https://github.com/containerd/containerd/pull/7677)) * runtime/v2/shim: clean up the use of containerdBinary ([#7499](https://github.com/containerd/containerd/pull/7499)) * Add process_vm read and write calls to default seccomp profile ([#7693](https://github.com/containerd/containerd/pull/7693)) * Resolve Scorecards GitHub Actions workflow warnings ([#7707](https://github.com/containerd/containerd/pull/7707)) * cri: add pod uid annotation ([#7697](https://github.com/containerd/containerd/pull/7697)) * Missed out `platform interface` when reused the conn for Client. ([#7699](https://github.com/containerd/containerd/pull/7699)) * overlayfs: remove duplicated tx rollback ([#7700](https://github.com/containerd/containerd/pull/7700)) * go.mod: update some dependencies ([#7704](https://github.com/containerd/containerd/pull/7704)) * update github.com/cpuguy83/go-md2man/v2 to v2.0.2 ([#7705](https://github.com/containerd/containerd/pull/7705)) * Fsnotify bump and change code ([#7703](https://github.com/containerd/containerd/pull/7703)) * fix build containerd in centos9 ([#7683](https://github.com/containerd/containerd/pull/7683)) * Bump urfave-cli to v1.22.10 ([#7701](https://github.com/containerd/containerd/pull/7701)) * can set up the network serially by CNI plugins ([#7685](https://github.com/containerd/containerd/pull/7685)) * Update cri-api dependency to v0.26.0-beta.0 ([#7656](https://github.com/containerd/containerd/pull/7656)) * overlay: Remove unused method param ([#7696](https://github.com/containerd/containerd/pull/7696)) * CI: update Fedora to 37 ([#7691](https://github.com/containerd/containerd/pull/7691)) * tx rollback when GetInfo return error ([#7678](https://github.com/containerd/containerd/pull/7678)) * Upgrade github.com/containerd/cgroups from v1 to v3 ([#7601](https://github.com/containerd/containerd/pull/7601)) * Remove OpenTelementry imports from remotes/docker package ([#7675](https://github.com/containerd/containerd/pull/7675)) * Expose Done and Err in Shutdown service ([#7686](https://github.com/containerd/containerd/pull/7686)) * gotestsum match go version 1.19 ([#7688](https://github.com/containerd/containerd/pull/7688)) * complement sub-command note for containerd-main ([#7670](https://github.com/containerd/containerd/pull/7670)) * keep the lower case letter for flag info ([#7668](https://github.com/containerd/containerd/pull/7668)) * bump critools into ca1571e6edd116b2c95f52e3dfa0b4779b74223a ([#7666](https://github.com/containerd/containerd/pull/7666)) * Fix broken link for CRI plugin in docs ([#7667](https://github.com/containerd/containerd/pull/7667)) * add option to resolve symlinks in WithLinuxDevice ([#7523](https://github.com/containerd/containerd/pull/7523)) * Bump k8s.io deps to v0.25.4 ([#7663](https://github.com/containerd/containerd/pull/7663)) * Release: add static binaries ([#7659](https://github.com/containerd/containerd/pull/7659)) * Bump OpenTelemetry contrib to v0.36.4 ([#7662](https://github.com/containerd/containerd/pull/7662)) * Fix slice append error (`spec.Linux.Resources.HugepageLimits`) ([#7661](https://github.com/containerd/containerd/pull/7661)) * Bump OpenTelemetry to v1.11.1 ([#7660](https://github.com/containerd/containerd/pull/7660)) * feature: add gc scheduler metrics collection count ([#5263](https://github.com/containerd/containerd/pull/5263)) * Add `--debug` args to all subcommands of `ctr pprof` ([#7629](https://github.com/containerd/containerd/pull/7629)) * Add a thin wrapper around otel Span object ([#7655](https://github.com/containerd/containerd/pull/7655)) * Bump grpc to v1.50.1 ([#7643](https://github.com/containerd/containerd/pull/7643)) * replace strings.Split(N) for strings.Cut() or alternatives ([#7631](https://github.com/containerd/containerd/pull/7631)) * add oci.WithCPURT ([#7642](https://github.com/containerd/containerd/pull/7642)) * Sandbox API: Add a new mode config for sandbox controller impls ([#7590](https://github.com/containerd/containerd/pull/7590)) * fuzzing: bump go-fuzz-headers ([#7625](https://github.com/containerd/containerd/pull/7625)) * Bump k8s.io deps to v0.25.3 ([#7637](https://github.com/containerd/containerd/pull/7637)) * Remove uses of deprecated go-digest.NewDigestFromHex, go-digest.Digest.Hex ([#7641](https://github.com/containerd/containerd/pull/7641)) * Extra documentation for content interfaces ([#7640](https://github.com/containerd/containerd/pull/7640)) * Fix shim socket permissions on Darwin ([#7638](https://github.com/containerd/containerd/pull/7638)) * s390x: build and package s390x bin in release assets ([#7614](https://github.com/containerd/containerd/pull/7614)) * Replace mount fork hack with CLONE_FS ([#7513](https://github.com/containerd/containerd/pull/7513)) * remotes: add `FetcherByDigest` for fetching blobs without foreknown descriptors (useful for general-purpose CAS) ([#7460](https://github.com/containerd/containerd/pull/7460)) * Fix "getCPUInfo for OS freebsd: not implemented" on FreeBSD/arm64 ([#7403](https://github.com/containerd/containerd/pull/7403)) * Support default hosts.toml configuration ([#7607](https://github.com/containerd/containerd/pull/7607)) * Add tracing spans in CRI image service and pull.go ([#7453](https://github.com/containerd/containerd/pull/7453)) * Fix missing closed fifo ([#7604](https://github.com/containerd/containerd/pull/7604)) * fix comments ([#7624](https://github.com/containerd/containerd/pull/7624)) * docs: add additional info in backport process ([#7626](https://github.com/containerd/containerd/pull/7626)) * go.mod: golang.org/x/*: use tagged versions ([#7621](https://github.com/containerd/containerd/pull/7621)) * Bump go version to 1.19.3 ([#7620](https://github.com/containerd/containerd/pull/7620)) * ctr export strictly matching ([#7615](https://github.com/containerd/containerd/pull/7615)) * Fix ctr crash when pulling with --http-dump and --http-trace simultaneously ([#7617](https://github.com/containerd/containerd/pull/7617)) * Harden GITHUB_TOKEN permissions for OSSF Scorecard ([#7599](https://github.com/containerd/containerd/pull/7599)) * overlayutils: Add fastpath for userxattr check ([#7611](https://github.com/containerd/containerd/pull/7611)) * Add sequence diagram for shim runtime v2 ([#7606](https://github.com/containerd/containerd/pull/7606)) * Sandbox API: Move remote impls to /sandbox/proxy ([#7600](https://github.com/containerd/containerd/pull/7600)) * fuzzing: improve archive fuzzer ([#7588](https://github.com/containerd/containerd/pull/7588)) * Retry client connection in waitForStart ([#7537](https://github.com/containerd/containerd/pull/7537)) * Add Workflow for running critest with Hyper-V Containers on Windows. ([#7025](https://github.com/containerd/containerd/pull/7025)) * Add release notes for v1.7.0-beta.0 ([#7575](https://github.com/containerd/containerd/pull/7575)) * Cleanup sandbox interfaces ([#7576](https://github.com/containerd/containerd/pull/7576)) * Update GitHub actions release workflow set output ([#7581](https://github.com/containerd/containerd/pull/7581)) * Fix LogURI generation-related tests on Windows. ([#7569](https://github.com/containerd/containerd/pull/7569)) * maintenance: Remove WithWindowsNetworkNamespace from pkg/cri ([#7577](https://github.com/containerd/containerd/pull/7577)) * CRI: implement Controller.Delete for SandboxAPI ([#7457](https://github.com/containerd/containerd/pull/7457)) * Configure CDI registry only on start ([#7419](https://github.com/containerd/containerd/pull/7419)) * update codeql-action to v2 ([#7568](https://github.com/containerd/containerd/pull/7568)) * Add logging related metrics to Containerd CRI plugin ([#7546](https://github.com/containerd/containerd/pull/7546)) * sys: optimize and refactor MkdirAllWithACL() ([#7531](https://github.com/containerd/containerd/pull/7531)) * fix install cni script ([#7484](https://github.com/containerd/containerd/pull/7484)) * Update 1.5 release support timeframe ([#7560](https://github.com/containerd/containerd/pull/7560)) * bump go-fuzz-headers ([#7503](https://github.com/containerd/containerd/pull/7503)) * Add long term stable release branches ([#7454](https://github.com/containerd/containerd/pull/7454)) * fix pusher concurrent close channel ([#7473](https://github.com/containerd/containerd/pull/7473)) * Make tests on GitHub less noisy ([#7530](https://github.com/containerd/containerd/pull/7530)) * containerd should not print error log that failed to init a tracing processor while the tracing plugin is not loaded ([#7541](https://github.com/containerd/containerd/pull/7541)) * Update required Go version in BUILDING.md ([#7544](https://github.com/containerd/containerd/pull/7544)) * go.mod: matttproud/golang_protobuf_extensions v1.0.2 (use tag) ([#7522](https://github.com/containerd/containerd/pull/7522)) * Use `go env` to determine GOPATH in Makefile. ([#7542](https://github.com/containerd/containerd/pull/7542)) * clean-up "nolint" comments, remove unused ones, update golangci-lint ([#7349](https://github.com/containerd/containerd/pull/7349)) * Don't unmount on Darwin when deleting bundle ([#7534](https://github.com/containerd/containerd/pull/7534)) * Add timeouts to all CI jobs ([#7538](https://github.com/containerd/containerd/pull/7538)) * Vagrantfile: explicitly specify rsync as the shared folder driver ([#7539](https://github.com/containerd/containerd/pull/7539)) * sys: remove unused IsAbs() (windows) ([#7527](https://github.com/containerd/containerd/pull/7527)) * cri: PodSandboxStatus should tolerate missing task ([#7535](https://github.com/containerd/containerd/pull/7535)) * CI: update GHA instances from Ubuntu 18.04 to 20.04 ([#7489](https://github.com/containerd/containerd/pull/7489)) * fix the --no-pivot flag being ignored by `ctr tasks start` ([#7519](https://github.com/containerd/containerd/pull/7519)) * Update the default seccomp to block socket calls to AF_VSOCK ([#7510](https://github.com/containerd/containerd/pull/7510)) * cmd/containerd: use golang.org/x/sys/windows.SetStdHandle() ([#7511](https://github.com/containerd/containerd/pull/7511)) * Stats() shouldn't assume s.container is non-nil ([#7517](https://github.com/containerd/containerd/pull/7517)) * Move up actions versions to prep for NodeJS 12 deprecation ([#7516](https://github.com/containerd/containerd/pull/7516)) * cmd/containerd: use golang.org/x/sys Service.SetRecoveryActions() ([#7512](https://github.com/containerd/containerd/pull/7512)) * Updates oci image config to support upstream ArgsEscaped ([#7483](https://github.com/containerd/containerd/pull/7483)) * cmd/containerd: replace deprecated windows.IsAnInteractiveSession() ([#7497](https://github.com/containerd/containerd/pull/7497)) * Update container with sandbox metadata after NetNS is created ([#7481](https://github.com/containerd/containerd/pull/7481)) * archive: add WithSourceDateEpoch() for whiteouts ([#7478](https://github.com/containerd/containerd/pull/7478)) * TestTaskResize must use a terminal ([#7492](https://github.com/containerd/containerd/pull/7492)) * diff/apply.readCounter: check negative size ([#7494](https://github.com/containerd/containerd/pull/7494)) * Add new ctr option for discarding unpacked layers ([#7425](https://github.com/containerd/containerd/pull/7425)) * archive: windows: chtimes(): remove redundant conversion ([#7491](https://github.com/containerd/containerd/pull/7491)) * archive: validate digests before use ([#7488](https://github.com/containerd/containerd/pull/7488)) * vendor: github.com/opencontainers/selinux v1.10.2 ([#7482](https://github.com/containerd/containerd/pull/7482)) * fuzzing: create structured tar bytes in archive fuzzer ([#7477](https://github.com/containerd/containerd/pull/7477)) * Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 ([#7474](https://github.com/containerd/containerd/pull/7474)) * use raw link to containerd.service config ([#7463](https://github.com/containerd/containerd/pull/7463)) * cri doc: Update kata containers reference ([#7466](https://github.com/containerd/containerd/pull/7466)) * Setup pod network after creating the sandbox container ([#5904](https://github.com/containerd/containerd/pull/5904)) * Swap to net.ErrClosed checks for services ([#7446](https://github.com/containerd/containerd/pull/7446)) * go.mod: Bump go-winio to v0.6.0 ([#7443](https://github.com/containerd/containerd/pull/7443)) * fix retry when writer is reset on push ([#6995](https://github.com/containerd/containerd/pull/6995)) * CI: Output a summary using GITHUB_SUMMARY ([#7192](https://github.com/containerd/containerd/pull/7192)) * Fix missing close ([#7430](https://github.com/containerd/containerd/pull/7430)) * Add test flag for skipping shim cgroup test ([#7424](https://github.com/containerd/containerd/pull/7424)) * Refactor CRI fuzzers ([#7405](https://github.com/containerd/containerd/pull/7405)) * Fix LogURIGenerator on Windows ([#7351](https://github.com/containerd/containerd/pull/7351)) * Set grpc code for unimplemented cri-api methods ([#7417](https://github.com/containerd/containerd/pull/7417)) * Add reader option to local content reader at ([#7414](https://github.com/containerd/containerd/pull/7414)) * Sandbox API: implement Controller.Wait and Controller.Stop ([#7401](https://github.com/containerd/containerd/pull/7401)) * remove stray .zuul.yaml ([#7416](https://github.com/containerd/containerd/pull/7416)) * reference CDI configuration details ([#7408](https://github.com/containerd/containerd/pull/7408)) * cri-integration: propagate ENABLE_CRI_SANDBOXES ([#7413](https://github.com/containerd/containerd/pull/7413)) * Enable OpenSSF Scorecard Github Action ([#7404](https://github.com/containerd/containerd/pull/7404)) * Add ext2 fs support to devmapper snapshotter ([#7402](https://github.com/containerd/containerd/pull/7402)) * Fuzzing: Instrument with new sanitizers ([#7396](https://github.com/containerd/containerd/pull/7396)) * Upgrade fuzzing-related packages to reduce dependencies ([#7397](https://github.com/containerd/containerd/pull/7397)) * remotes/docker/config: Skipping TLS verification for localhost ([#7393](https://github.com/containerd/containerd/pull/7393)) * Replace github.com/emicklei/go-restful package, versions <2.16.0 ([#7395](https://github.com/containerd/containerd/pull/7395)) * Add NoSameOwner option when unpacking tars ([#7386](https://github.com/containerd/containerd/pull/7386)) * ctr: add privileged-without-host-devices for run command ([#7328](https://github.com/containerd/containerd/pull/7328)) * chore: matching the casing of other flags for ctr's pull command ([#7341](https://github.com/containerd/containerd/pull/7341)) * windows: Add runhcs-wcow-hypervisor runtimeclass to the default config ([#6901](https://github.com/containerd/containerd/pull/6901)) * Fix missing close ([#7370](https://github.com/containerd/containerd/pull/7370)) * CRI: update cdi version to v0.5.1 ([#7374](https://github.com/containerd/containerd/pull/7374)) * Update to go 1.19.1, 1.18.6 to address CVE-2022-27664, CVE-2022-32190 ([#7372](https://github.com/containerd/containerd/pull/7372)) * vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c ([#7373](https://github.com/containerd/containerd/pull/7373)) * Remove unused variable from images action ([#7371](https://github.com/containerd/containerd/pull/7371)) * feature: use client default namespace ([#7291](https://github.com/containerd/containerd/pull/7291)) * integration: TestUpdateContainerResources_MemoryLimit: remove TODO comment ([#7367](https://github.com/containerd/containerd/pull/7367)) * feature: upgrade registry.k8s.io/pause version ([#7359](https://github.com/containerd/containerd/pull/7359)) * metrics/cgroups/v1: Remove unused event parameter ([#7361](https://github.com/containerd/containerd/pull/7361)) * .zuul: remove the zuul because it is offline ([#7369](https://github.com/containerd/containerd/pull/7369)) * Update golangci-lint timeout to match config ([#7356](https://github.com/containerd/containerd/pull/7356)) * delete redundent import alias and and type conversion ([#7345](https://github.com/containerd/containerd/pull/7345)) * Make checkContainerTimestamps less strict on Windows ([#7350](https://github.com/containerd/containerd/pull/7350)) * Make oss-fuzz mandatory ([#7346](https://github.com/containerd/containerd/pull/7346)) * Add kubernetes v1.25 supported version as v1.24 ([#7326](https://github.com/containerd/containerd/pull/7326)) * sys: move ForceRemoveAll to integration/client ([#7335](https://github.com/containerd/containerd/pull/7335)) * chore: remove duplicate word in comments ([#7338](https://github.com/containerd/containerd/pull/7338)) * Use ioctl helpers from x/sys/unix ([#7342](https://github.com/containerd/containerd/pull/7342)) * archive: replace tarName() with filepath.ToSlash() ([#7344](https://github.com/containerd/containerd/pull/7344)) * mount: remove unused ErrNotImplementOnWindows ([#7339](https://github.com/containerd/containerd/pull/7339)) * replace sys Sequential funcs with moby/sys/sequential ([#7334](https://github.com/containerd/containerd/pull/7334)) * Clarify containerd 1.5.0+ for k8s 1.20,1.21 ([#7324](https://github.com/containerd/containerd/pull/7324)) * update runc binary to v1.1.4 ([#7315](https://github.com/containerd/containerd/pull/7315)) * Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9 ([#7325](https://github.com/containerd/containerd/pull/7325)) * Update k8s.io/cri-api to v0.25.0 ([#7287](https://github.com/containerd/containerd/pull/7287)) * script/setup: handle cnidir with SUDO ([#7322](https://github.com/containerd/containerd/pull/7322)) * ContainerStatus to return container resources ([#6517](https://github.com/containerd/containerd/pull/6517)) * migrate from k8s.gcr.io to registry.k8s.io ([#7038](https://github.com/containerd/containerd/pull/7038)) * Do not rename test files on-the-fly to share functions ([#7309](https://github.com/containerd/containerd/pull/7309)) * ctr import: strictly match platform ([#6906](https://github.com/containerd/containerd/pull/6906)) * Revert "Downgrade MinGW to version 10.2.0" ([#7308](https://github.com/containerd/containerd/pull/7308)) * Follow up #7254 (Switch to Go 1.19) ([#7286](https://github.com/containerd/containerd/pull/7286)) * Upgrade containerd/cgroups to remove github.com/cilium/ebpf's fuzzer ([#7304](https://github.com/containerd/containerd/pull/7304)) * Adding support of CAP_BPF and CAP_PERFMON ([#7301](https://github.com/containerd/containerd/pull/7301)) * go.mod: Bump hcsshim to v0.10.0-rc.1 ([#7284](https://github.com/containerd/containerd/pull/7284)) * Don't fail test when GOOGLE_APPLICATION_CREDENTIALS is unset ([#7306](https://github.com/containerd/containerd/pull/7306)) * ci: remove GOPROXY environment variable due to https://github.com/go-yaml/yaml/issues/887 ([#7293](https://github.com/containerd/containerd/pull/7293)) * Runtime cleanup (Shim manager and task service) ([#7280](https://github.com/containerd/containerd/pull/7280)) * containerd-stress: add support for running through CRI ([#6931](https://github.com/containerd/containerd/pull/6931)) * Switch to Go 1.19 ([#7254](https://github.com/containerd/containerd/pull/7254)) * Vagrantfile: dump containerd log after critest ([#7265](https://github.com/containerd/containerd/pull/7265)) * oci: skip checking group id for WithAppendAdditionalGroups ([#7257](https://github.com/containerd/containerd/pull/7257)) * release workflow: increase timeout to 30 minutes & remove Go setup action ([#7259](https://github.com/containerd/containerd/pull/7259)) * release: rollback Ubuntu to 18.04 (except for riscv64) ([#7258](https://github.com/containerd/containerd/pull/7258)) * Initial sandbox API CRI integration (implement Controller.Start) ([#7228](https://github.com/containerd/containerd/pull/7228)) * Use environment variable to specify Go version on CI ([#7251](https://github.com/containerd/containerd/pull/7251)) * Update golang to 1.18.5, 1.17.13 ([#7243](https://github.com/containerd/containerd/pull/7243)) * Change os.Stderr reassign for Windows service ([#7023](https://github.com/containerd/containerd/pull/7023)) * script/setup: fix protobuf for aarch64 ([#7237](https://github.com/containerd/containerd/pull/7237)) * Fix cleanup in critest ([#7232](https://github.com/containerd/containerd/pull/7232)) * fix: support simultaneous create diff for same parent snapshot ([#7204](https://github.com/containerd/containerd/pull/7204)) * Windows HostProcess container CRI stats test ([#7223](https://github.com/containerd/containerd/pull/7223)) * Regenerate protos with updated protoc-gen-go ([#7226](https://github.com/containerd/containerd/pull/7226)) * test: error strings should not be capitalized ([#7195](https://github.com/containerd/containerd/pull/7195)) * Add extra context to error when push unauthorized ([#7220](https://github.com/containerd/containerd/pull/7220)) * replace with selinux label ([#7207](https://github.com/containerd/containerd/pull/7207)) * Use `httputil.DumpRequestOut` for dumping client req ([#7221](https://github.com/containerd/containerd/pull/7221)) * Fix CRI image pull timeout test for ppc64le ([#7215](https://github.com/containerd/containerd/pull/7215)) * test: introduce failpoint control to runc-shimv2 and cni ([#7069](https://github.com/containerd/containerd/pull/7069)) * chore: bump macos runner version ([#7206](https://github.com/containerd/containerd/pull/7206)) * Use image lists form integration/client tests ([#7210](https://github.com/containerd/containerd/pull/7210)) * go.mod: Bump hcsshim to v0.9.4 ([#7212](https://github.com/containerd/containerd/pull/7212)) * Drop deprecated `ioutil` ([#7203](https://github.com/containerd/containerd/pull/7203)) * Make getServicesOpts a helper ([#7201](https://github.com/containerd/containerd/pull/7201)) * adds an env var commented out for sandboxed mode ([#7183](https://github.com/containerd/containerd/pull/7183)) * cri_stats: handle missing cpu stats ([#7198](https://github.com/containerd/containerd/pull/7198)) * using ContextDialer instead ([#7189](https://github.com/containerd/containerd/pull/7189)) * test: Add ability to switch between cgroupv1 or cgroupv2 for node e2e ([#7173](https://github.com/containerd/containerd/pull/7173)) * code cleanup ([#7182](https://github.com/containerd/containerd/pull/7182)) * Update k8s.io/cri-api to v0.25.0-alpha2 ([#7114](https://github.com/containerd/containerd/pull/7114)) * Refactor usageNanoCores be to used for all OSes ([#7186](https://github.com/containerd/containerd/pull/7186)) * adds support for using env file for systemd boot ([#7191](https://github.com/containerd/containerd/pull/7191)) * go.mod: github.com/stretchr/testify v1.8.0 ([#7185](https://github.com/containerd/containerd/pull/7185)) * ctr: support --user for run/create ([#7145](https://github.com/containerd/containerd/pull/7145)) * docs: Fix sample config.toml syntax ([#7174](https://github.com/containerd/containerd/pull/7174)) * seccomp: seccomp: add syscalls related to PKU in default policy ([#7163](https://github.com/containerd/containerd/pull/7163)) * Update and align golangci-lint version ([#7168](https://github.com/containerd/containerd/pull/7168)) * adds a comment explaining how to disable experimental sbserver ([#7169](https://github.com/containerd/containerd/pull/7169)) * ci: workaround Cirrus CI's INVALID_ARGUMENT ([#7177](https://github.com/containerd/containerd/pull/7177)) * Update install-protobuf script to install protobuf on Darwin ([#7153](https://github.com/containerd/containerd/pull/7153)) * Fork CRI server for Sandbox API integration work ([#7164](https://github.com/containerd/containerd/pull/7164)) * seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE ([#7167](https://github.com/containerd/containerd/pull/7167)) * cri doc: fix formatting for CDI options ([#7158](https://github.com/containerd/containerd/pull/7158)) * update golang to 1.18.4, 1.17.12 ([#7159](https://github.com/containerd/containerd/pull/7159)) * Fix out of date comments for CRI store packages ([#7152](https://github.com/containerd/containerd/pull/7152)) * update some devmapper docs ([#7124](https://github.com/containerd/containerd/pull/7124)) * seccomp: allow clock_settime64 when CAP_SYS_TIME is added ([#7149](https://github.com/containerd/containerd/pull/7149)) * Copy fuzzers from github.com/cncf/cncf-fuzzing ([#7123](https://github.com/containerd/containerd/pull/7123)) * fix can't edit object by using ctr content edit command ([#6847](https://github.com/containerd/containerd/pull/6847)) * integration/client: fix typo in export_test.go ([#7130](https://github.com/containerd/containerd/pull/7130)) * Fix WWW-Authenticate parsing ([#7126](https://github.com/containerd/containerd/pull/7126)) * LCOW differ return ErrNotImplemented for wrong mount type ([#7112](https://github.com/containerd/containerd/pull/7112)) * Update go-restful/v3 to latest release ([#7117](https://github.com/containerd/containerd/pull/7117)) * pkg/cri: use marshal wrapper for version convertor ([#7108](https://github.com/containerd/containerd/pull/7108)) * Remove hacks around contrib/fuzz ([#7087](https://github.com/containerd/containerd/pull/7087)) * Fix missing closed HTTP Body ([#7107](https://github.com/containerd/containerd/pull/7107)) * Cleanup metadata tests ([#7105](https://github.com/containerd/containerd/pull/7105)) * Downgrade MinGW to version 10.2.0 ([#7106](https://github.com/containerd/containerd/pull/7106)) * ctr: Fix `ctr c create` fails to parse arguments ([#7098](https://github.com/containerd/containerd/pull/7098)) * Fix Documentation Issue ([#7103](https://github.com/containerd/containerd/pull/7103)) * refactor: reduce duplicate code ([#7100](https://github.com/containerd/containerd/pull/7100)) * make xattr EPERM non-fatal in createTarFile ([#7094](https://github.com/containerd/containerd/pull/7094)) * Move metadata plugin registration to seperate package ([#7096](https://github.com/containerd/containerd/pull/7096)) * fix: missing sudo for devmapper doc ([#7092](https://github.com/containerd/containerd/pull/7092)) * Ensure Windows Periodic workflow errors out while still uploading results. ([#7085](https://github.com/containerd/containerd/pull/7085)) * Add snapshotter key to snapshot events ([#7084](https://github.com/containerd/containerd/pull/7084)) * add WithAdditionalGIDs test ([#7072](https://github.com/containerd/containerd/pull/7072)) * Forward ctr snapshotter flags on Windows ([#7086](https://github.com/containerd/containerd/pull/7086)) * add WithAppendAdditionalGroups helper ([#7070](https://github.com/containerd/containerd/pull/7070)) * Make CI Fuzz less noisy ([#7065](https://github.com/containerd/containerd/pull/7065)) * ctr: add --hostname flag to create, run ([#7082](https://github.com/containerd/containerd/pull/7082)) * improve content-flow ([#7077](https://github.com/containerd/containerd/pull/7077)) * Make CI Fuzz optional ([#7067](https://github.com/containerd/containerd/pull/7067)) * Use Go 1.18's testing.F on simple fuzzers ([#7056](https://github.com/containerd/containerd/pull/7056)) * Downgrade MinGW in Windows setup scripts. ([#7062](https://github.com/containerd/containerd/pull/7062)) * Make test path a constant ([#7057](https://github.com/containerd/containerd/pull/7057)) * Run fuzzers in CI ([#7052](https://github.com/containerd/containerd/pull/7052)) * CRI: Improve the /dev/shm mount options in Sandbox. ([#6913](https://github.com/containerd/containerd/pull/6913)) * fix:userattr-unmount unexpected timeout ([#7008](https://github.com/containerd/containerd/pull/7008)) * Port (some) unit tests to FreeBSD ([#7042](https://github.com/containerd/containerd/pull/7042)) * Bump Golang and MinGW versions in Windows setup script. ([#6888](https://github.com/containerd/containerd/pull/6888)) * Windows snapshotter touch ups and new functionality ([#6918](https://github.com/containerd/containerd/pull/6918)) * Improve naming consistencies in comments in snapshotter.go ([#7032](https://github.com/containerd/containerd/pull/7032)) * Make building static binaries simpler ([#7022](https://github.com/containerd/containerd/pull/7022)) * Allow CRI on Darwin ([#7033](https://github.com/containerd/containerd/pull/7033)) * update runc binary to v1.1.3 ([#7034](https://github.com/containerd/containerd/pull/7034)) * Linux containers on FreeBSD ([#7000](https://github.com/containerd/containerd/pull/7000)) * go.mod: github.com/moby/sys/mountinfo v0.6.2 ([#7026](https://github.com/containerd/containerd/pull/7026)) * fix minor spelling mistake: lablel -> label ([#7031](https://github.com/containerd/containerd/pull/7031)) * go.mod: github.com/containerd/cgroups v1.0.4 ([#7027](https://github.com/containerd/containerd/pull/7027)) * go.mod: github.com/containerd/continuity v0.3.0 ([#7028](https://github.com/containerd/containerd/pull/7028)) * Correct spelling mistake ("sanbdox" to "sandbox") ([#7029](https://github.com/containerd/containerd/pull/7029)) * Github Security Advisory [GHSA-5ffw-gxpp-mxpf](https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf) * Bump grpc to v1.47.0 ([#7018](https://github.com/containerd/containerd/pull/7018)) * Bump k8s.io deps to v0.24.1 ([#7017](https://github.com/containerd/containerd/pull/7017)) * Support runtime level snapshotter for issue 6657 ([#6899](https://github.com/containerd/containerd/pull/6899)) * update golang to 1.18.3, 1.17.11 ([#7012](https://github.com/containerd/containerd/pull/7012)) * Fix containerd-stress duration flag ([#7004](https://github.com/containerd/containerd/pull/7004)) * update go-cni/for cni update fixing plugins that don't respond with version ([#7009](https://github.com/containerd/containerd/pull/7009)) * Add validations for Windows HostProcess CRI configs ([#6996](https://github.com/containerd/containerd/pull/6996)) * Move docker reference logic to reference/docker package ([#7007](https://github.com/containerd/containerd/pull/7007)) * promote pause image to 3.7 (sync with kube v1.24) ([#7003](https://github.com/containerd/containerd/pull/7003)) * Makefile: use urfave_cli_no_docs for binaries that don't need it ([#6998](https://github.com/containerd/containerd/pull/6998)) * CRI: cleanup cri/store package ([#6993](https://github.com/containerd/containerd/pull/6993)) * Use t.Run for /pkg/cri tests ([#7001](https://github.com/containerd/containerd/pull/7001)) * vendor: github.com/urfave/cli v1.22.9 and fix "verify-vendor" script ([#6997](https://github.com/containerd/containerd/pull/6997)) * sandbox: replace github.com/pkg/errors with native errors ([#6937](https://github.com/containerd/containerd/pull/6937)) * build: Fix references to check-protos target in Makefile ([#6983](https://github.com/containerd/containerd/pull/6983)) * ctr: fix label args used in NewContainer ([#6954](https://github.com/containerd/containerd/pull/6954)) * ctr sandbox: handle sandbox config ([#6959](https://github.com/containerd/containerd/pull/6959)) * Fix broken oss-fuzz build ([#6975](https://github.com/containerd/containerd/pull/6975)) * archive: add human-readable hint to Lchown error ([#6982](https://github.com/containerd/containerd/pull/6982)) * Fix tx closed error when upperdirlabel specified ([#6978](https://github.com/containerd/containerd/pull/6978)) * config: improve config v1 deprecation message ([#6972](https://github.com/containerd/containerd/pull/6972)) * Fix Windows install powershell script ([#6969](https://github.com/containerd/containerd/pull/6969)) * fix comments on metadata schema and update namespace doc ([#6955](https://github.com/containerd/containerd/pull/6955)) * adjust format in comment ([#6956](https://github.com/containerd/containerd/pull/6956)) * Restore decompression benchmarks ([#6957](https://github.com/containerd/containerd/pull/6957)) * cmd/ctr/commands/content: fix typo in fetch command usage ([#6960](https://github.com/containerd/containerd/pull/6960)) * fix some confusing typos ([#6950](https://github.com/containerd/containerd/pull/6950)) * update doc url about k8s ([#6952](https://github.com/containerd/containerd/pull/6952)) * Separate windows-2019 and windows-2022 test results ([#6946](https://github.com/containerd/containerd/pull/6946)) * shim: fix debug flag not working ([#6910](https://github.com/containerd/containerd/pull/6910)) * Reverts removal of parallel run from critest ([#6938](https://github.com/containerd/containerd/pull/6938)) * Bump OpenTelemetry dependencies ([#6932](https://github.com/containerd/containerd/pull/6932)) * update runc binary and vendor to v1.1.2 ([#6934](https://github.com/containerd/containerd/pull/6934)) * oci: WithDefaultUnixDevices(): remove tun/tap from the default devices ([#6923](https://github.com/containerd/containerd/pull/6923)) * update golang to 1.18.2, 1.17.10 ([#6926](https://github.com/containerd/containerd/pull/6926)) * CI: update Fedora to 36 ([#6925](https://github.com/containerd/containerd/pull/6925)) * Add `Wait` to `binaryProcessor` ([#6916](https://github.com/containerd/containerd/pull/6916)) * go.mod: Bump k8s deps to v0.24.0 ([#6905](https://github.com/containerd/containerd/pull/6905)) * (Vagrant CI) Enable git commands due to git CVE fix ([#6915](https://github.com/containerd/containerd/pull/6915)) * Pass explicit JUnit outfile to critest.exe in Windows workflow. ([#6912](https://github.com/containerd/containerd/pull/6912)) * Update critools to v1.24 ([#6894](https://github.com/containerd/containerd/pull/6894)) * devmapper docs: small fixes ([#6904](https://github.com/containerd/containerd/pull/6904)) * move report dir option to end of line for vagrant cri tests ([#6900](https://github.com/containerd/containerd/pull/6900)) * Update Kubernetes version matrix in release docs ([#6892](https://github.com/containerd/containerd/pull/6892)) * Share container images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy ([#6889](https://github.com/containerd/containerd/pull/6889)) * containerd 1.6.4 k8s 1.24 readme announce ([#6890](https://github.com/containerd/containerd/pull/6890)) * Cleanup leaked shim process ([#6866](https://github.com/containerd/containerd/pull/6866)) * Add collectible resources to metadata gc ([#6804](https://github.com/containerd/containerd/pull/6804)) * Update k8 docurl in file ([#6881](https://github.com/containerd/containerd/pull/6881)) * Support RISC-V 64 ([#6882](https://github.com/containerd/containerd/pull/6882)) * docs: minor fixes in snapshots.Snapshotter comments ([#6885](https://github.com/containerd/containerd/pull/6885)) * Officially deprecate Schema 1 ([#6884](https://github.com/containerd/containerd/pull/6884)) * Make Cirrus CI tests more stable ([#6880](https://github.com/containerd/containerd/pull/6880)) * docs: Adding windows installation steps to getting-started.md ([#6875](https://github.com/containerd/containerd/pull/6875)) * Add ctr support for CPUMax and CPUShares ([#6809](https://github.com/containerd/containerd/pull/6809)) * Support for cgroups blockio ([#5490](https://github.com/containerd/containerd/pull/5490)) * Fix comment for metadata/db.go ([#6871](https://github.com/containerd/containerd/pull/6871)) * Remove github.com/gogo/protobuf and github.com/golang/protobuf from containerd's direct dependencies ([#6867](https://github.com/containerd/containerd/pull/6867)) * Update go-cni to v1.1.5 ([#6868](https://github.com/containerd/containerd/pull/6868)) * Bump opencontainers/selinux from 1.10.0 to 1.10.1 ([#6865](https://github.com/containerd/containerd/pull/6865)) * Upgrade google.golang.org/grpc and google.golang.org/protobuf ([#6864](https://github.com/containerd/containerd/pull/6864)) * Don't use "uname -a" as Cirrus CI's cache key ([#6863](https://github.com/containerd/containerd/pull/6863)) * remove duplicate ([#6856](https://github.com/containerd/containerd/pull/6856)) * Create ppc64le release ([#6858](https://github.com/containerd/containerd/pull/6858)) * Move Vagrant-based tests from GitHub Actions to Cirrus CI ([#6854](https://github.com/containerd/containerd/pull/6854)) * feature: support image pull progress timeout ([#6150](https://github.com/containerd/containerd/pull/6150)) * Add unpack interface to be used by client ([#6749](https://github.com/containerd/containerd/pull/6749)) * Fix undefined error in use of errors package ([#6855](https://github.com/containerd/containerd/pull/6855)) * Migrate off from github.com/gogo/protobuf ([#6841](https://github.com/containerd/containerd/pull/6841)) * images/image.go: typo ([#6851](https://github.com/containerd/containerd/pull/6851)) * Add flag to allow oci.WithAllDevicesAllowed on PrivilegedWithoutHostDevices ([#5686](https://github.com/containerd/containerd/pull/5686)) * integration: Adds Windows equivalent for TestSandboxRemoveWithoutIPLeakage ([#6180](https://github.com/containerd/containerd/pull/6180)) * fix incorrect syntax in comments ([#6845](https://github.com/containerd/containerd/pull/6845)) * cri: close fifos when container is deleted ([#6842](https://github.com/containerd/containerd/pull/6842)) * diff: hide types.Any from clients ([#6832](https://github.com/containerd/containerd/pull/6832)) * Add Container-Optimized OS into Adopters ([#6838](https://github.com/containerd/containerd/pull/6838)) * Prepare for google.golang.org/protobuf ([#6835](https://github.com/containerd/containerd/pull/6835)) * fix the restart desired to running when task not found ([#6833](https://github.com/containerd/containerd/pull/6833)) * Remove all gogoproto extensions ([#6829](https://github.com/containerd/containerd/pull/6829)) * fix nil pointer panic for monitor ([#6830](https://github.com/containerd/containerd/pull/6830)) * remotes/docker: log registry URLs as info instead of debug ([#5681](https://github.com/containerd/containerd/pull/5681)) * Rename runtime/v2/task to api/runtime ([#6827](https://github.com/containerd/containerd/pull/6827)) * Fix protoc-gen-go-fieldpath ([#6828](https://github.com/containerd/containerd/pull/6828)) * Consolidate gogo/protobuf dependencies under our own protobuf package ([#6826](https://github.com/containerd/containerd/pull/6826)) * Add restart policy for enhanced restart manager ([#6744](https://github.com/containerd/containerd/pull/6744)) * Remove gogoproto.stdtime ([#6821](https://github.com/containerd/containerd/pull/6821)) * Set timeout when collecting metrics from shim's Stat ([#6781](https://github.com/containerd/containerd/pull/6781)) * Fuzz filter package with Go 1.18's fuzzer ([#6819](https://github.com/containerd/containerd/pull/6819)) * allow ptrace(2) by default for kernel >= 4.8 ([#6810](https://github.com/containerd/containerd/pull/6810)) * Build bin/gen-manpages instead of using "go run" ([#6820](https://github.com/containerd/containerd/pull/6820)) * update golang to 1.18.1, 1.17.9 ([#6822](https://github.com/containerd/containerd/pull/6822)) * Sandbox API ([#6703](https://github.com/containerd/containerd/pull/6703)) * Move lease manager plugin to separate package ([#6811](https://github.com/containerd/containerd/pull/6811)) * fix pool_device_test ([#6807](https://github.com/containerd/containerd/pull/6807)) * check for duplicate nspath possibilities ([#6806](https://github.com/containerd/containerd/pull/6806)) * Do not append []string{""} to command to preserve Docker compatibility ([#6805](https://github.com/containerd/containerd/pull/6805)) * tracing: fix panic on startup when configured ([#6789](https://github.com/containerd/containerd/pull/6789)) * Optimize loading performance for cri recover ([#6680](https://github.com/containerd/containerd/pull/6680)) * Change architecture path in README.md ([#6798](https://github.com/containerd/containerd/pull/6798)) * make consistent for checkpoint path ([#6792](https://github.com/containerd/containerd/pull/6792)) * metrics/cgroups: fix deadlock issue in Add during Collect ([#6788](https://github.com/containerd/containerd/pull/6788)) * ADOPTERS: Update AKS Info ([#6794](https://github.com/containerd/containerd/pull/6794)) * Pin upload-cloud-storage action to 0.8.0 in Windows workflow. ([#6790](https://github.com/containerd/containerd/pull/6790)) * docs: add Deckhouse to the list of adopters ([#6785](https://github.com/containerd/containerd/pull/6785)) * Add `docs/snapshotters`; simplify `docs/cri` ([#6778](https://github.com/containerd/containerd/pull/6778)) * Turn paths from cmdline into absolute paths ([#6672](https://github.com/containerd/containerd/pull/6672)) * CRI: add support for CDI device injection ([#6654](https://github.com/containerd/containerd/pull/6654)) * Disable writing freelist to make the file robust against data corruptions ([#6761](https://github.com/containerd/containerd/pull/6761)) * mv design docs/historical/design ([#6777](https://github.com/containerd/containerd/pull/6777)) * CRI: improve image pulling performance ([#6702](https://github.com/containerd/containerd/pull/6702)) * docs: remove runtime v1; migrate config v1 to v2 ([#6776](https://github.com/containerd/containerd/pull/6776)) * Skip flaky test on Windows ([#6779](https://github.com/containerd/containerd/pull/6779)) * docs/getting-started.md: typo ([#6775](https://github.com/containerd/containerd/pull/6775)) * Add no_tracing tag ([#6750](https://github.com/containerd/containerd/pull/6750)) * Move historical docs to `docs/historical` ([#6754](https://github.com/containerd/containerd/pull/6754)) * Run go mod tidy in integration tests ([#6768](https://github.com/containerd/containerd/pull/6768)) * go.mod: move indirects, and update integration go.mod to 1.18 ([#6765](https://github.com/containerd/containerd/pull/6765)) * Drop gotest.tools ([#6762](https://github.com/containerd/containerd/pull/6762)) * Use t.Setenv instead of os.Setenv ([#6760](https://github.com/containerd/containerd/pull/6760)) * Upgrade to Go 1.18 ([#6709](https://github.com/containerd/containerd/pull/6709)) * Adding multi-arch support for the configure.sh script ([#6751](https://github.com/containerd/containerd/pull/6751)) * docs/getting-started.md: massive update ([#6758](https://github.com/containerd/containerd/pull/6758)) * Remove unmaintained contrib/linuxkit ([#6755](https://github.com/containerd/containerd/pull/6755)) * [Windows CI] Address some timeout issues ([#6757](https://github.com/containerd/containerd/pull/6757)) * BUILDING.md: update supported Go versions ([#6756](https://github.com/containerd/containerd/pull/6756)) * update runc to 1.1.1 ([#6753](https://github.com/containerd/containerd/pull/6753)) * CI: add Rocky Linux 8 ([#6747](https://github.com/containerd/containerd/pull/6747)) * CI: bump up crun to 1.4.4 ([#6748](https://github.com/containerd/containerd/pull/6748)) * added make help for cri integration ([#6743](https://github.com/containerd/containerd/pull/6743)) * Update README.md cncf landscape url ([#6740](https://github.com/containerd/containerd/pull/6740)) * Fix error message in TestNewBinaryIO ([#6738](https://github.com/containerd/containerd/pull/6738)) * Use typeurl.Any instead of github.com/gogo/protobuf/types.Any ([#6706](https://github.com/containerd/containerd/pull/6706)) * Use cgroups.AddProc() for cgroups v1 ([#5738](https://github.com/containerd/containerd/pull/5738)) * fix: ctr images mount with snapshotter option can't get snapshotter ([#6713](https://github.com/containerd/containerd/pull/6713)) * cgroup2: monitor OOMKill instead of OOM to prevent missing container events ([#6323](https://github.com/containerd/containerd/pull/6323)) * moving up to go-cni v1.1.4 ([#6721](https://github.com/containerd/containerd/pull/6721)) * native: fix deadlock from leaving transactions open ([#6722](https://github.com/containerd/containerd/pull/6722)) * go.mod: remove replace, and update github.com/gogo/googleapis v1.4.1 ([#5390](https://github.com/containerd/containerd/pull/5390)) * Github Security Advisory [GHSA-c9cp-9c75-9v8c](https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c) * runtime: deprecate runc --criu / -criu-path option ([#6496](https://github.com/containerd/containerd/pull/6496)) * Bug fix for mount path handling ([#6651](https://github.com/containerd/containerd/pull/6651)) * Upgrade containerd/imgcrypt and opencontainers/image-spec ([#6711](https://github.com/containerd/containerd/pull/6711)) * Remove enumvalue_customname, goproto_enum_prefix and enum_customname ([#6708](https://github.com/containerd/containerd/pull/6708)) * Remove gogoproto.customtype ([#6699](https://github.com/containerd/containerd/pull/6699)) * Skip tty critest testcase on Windows Server 2022 ([#6698](https://github.com/containerd/containerd/pull/6698)) * Build with Go 1.18 ([#6605](https://github.com/containerd/containerd/pull/6605)) * Update prometheus client vendor ([#6690](https://github.com/containerd/containerd/pull/6690)) * vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd ([#6687](https://github.com/containerd/containerd/pull/6687)) * Make the temp mount as ready only in container WithVolumes ([#6593](https://github.com/containerd/containerd/pull/6593)) * fix: `ctr run --cni` get failed ([#6670](https://github.com/containerd/containerd/pull/6670)) * test: use `T.TempDir` to create temporary test directory ([#6681](https://github.com/containerd/containerd/pull/6681)) * Make OpenLab's CI jobs blocking ([#6679](https://github.com/containerd/containerd/pull/6679)) * document log level and format ([#6683](https://github.com/containerd/containerd/pull/6683)) * Add shared content label to namespaces ([#6660](https://github.com/containerd/containerd/pull/6660)) * Add protoc-gen-go-fieldpath ([#6562](https://github.com/containerd/containerd/pull/6562)) * Enable gosec linter for golangci-lint ([#6669](https://github.com/containerd/containerd/pull/6669)) * Make mkfs.xfs available on OpenLab's CI environment ([#6668](https://github.com/containerd/containerd/pull/6668)) * ctr: improve error relative shim path error msg ([#6519](https://github.com/containerd/containerd/pull/6519)) * typo fixes under cmd. ([#6674](https://github.com/containerd/containerd/pull/6674)) * Handle CRI Device.HostPath on Windows ([#6618](https://github.com/containerd/containerd/pull/6618)) * Upgrade golangci-lint and its GitHub Action ([#6666](https://github.com/containerd/containerd/pull/6666)) * Don't build a second copy of containerd-shim-runhcs-v1.exe ([#6661](https://github.com/containerd/containerd/pull/6661)) * Update TestNormalize to only test Windows platform ([#6569](https://github.com/containerd/containerd/pull/6569)) * Fix link in getting-started.md ([#6663](https://github.com/containerd/containerd/pull/6663)) * Fuzzing: refactor metadata fuzzers ([#6423](https://github.com/containerd/containerd/pull/6423)) * Two xfs file systems with same UUID can not be mounted on the same sy… ([#6650](https://github.com/containerd/containerd/pull/6650)) * [Windows] Fix deadline exceeded in daemon restart ([#6635](https://github.com/containerd/containerd/pull/6635)) * Use temp file for export/import test ([#6658](https://github.com/containerd/containerd/pull/6658)) * strip path-info from `-v` (version) output, and implement -v flag for containerd-shim ([#6495](https://github.com/containerd/containerd/pull/6495)) * Improve unexpected response error handling in resolver ([#6617](https://github.com/containerd/containerd/pull/6617)) * Use the latest tag for azure images ([#6601](https://github.com/containerd/containerd/pull/6601)) * Run CRI integration tests in GitHub Actions (Windows) ([#6626](https://github.com/containerd/containerd/pull/6626)) * cri: fix integration test on cgroupsv2 system ([#6595](https://github.com/containerd/containerd/pull/6595)) * Use version 2 configuration format in docs/PLUGINS.md ([#6613](https://github.com/containerd/containerd/pull/6613)) * update to go 1.16.15, 1.17.8 to address CVE-2022-24921 ([#6619](https://github.com/containerd/containerd/pull/6619)) * Update status of 1.4 release ([#6614](https://github.com/containerd/containerd/pull/6614)) * Update TestContainerSymlinkVolumes to use windows path ([#6568](https://github.com/containerd/containerd/pull/6568)) * Add --user support for ctr run Windows ([#6603](https://github.com/containerd/containerd/pull/6603)) * Update releases ([#6608](https://github.com/containerd/containerd/pull/6608)) * Github Security Advisory [GHSA-crp2-qrr5-8pq7](https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7) * Adds support for Windows ArgsEscaped images ([#6479](https://github.com/containerd/containerd/pull/6479)) * Do not use weak import ([#6558](https://github.com/containerd/containerd/pull/6558)) * cri: relax test for system without hugetlb ([#6596](https://github.com/containerd/containerd/pull/6596)) * Use containerd/protobuild instead of stevvooe/protobuild ([#6578](https://github.com/containerd/containerd/pull/6578)) * integration: remove duplicated util pkg ([#6597](https://github.com/containerd/containerd/pull/6597)) * go.mod: update to github.com/tchap/go-patricia/v2 v2.3.1 ([#6591](https://github.com/containerd/containerd/pull/6591)) * Update Go version recommendation in getting started ([#6585](https://github.com/containerd/containerd/pull/6585)) * go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3 ([#6337](https://github.com/containerd/containerd/pull/6337)) * fix Implicit memory aliasing in for loop ([#6331](https://github.com/containerd/containerd/pull/6331)) * Fix build with gccgo ([#6579](https://github.com/containerd/containerd/pull/6579)) * Replace golang.org/x/net/context with std library ([#6580](https://github.com/containerd/containerd/pull/6580)) * containerd-shim-runc-v1: return init pid when clean dead shim ([#6571](https://github.com/containerd/containerd/pull/6571)) * Use Windows matcher when on Windows platform in all code paths ([#6491](https://github.com/containerd/containerd/pull/6491)) * containerd-shim-runc-v2: return init pid when clean dead shim ([#6452](https://github.com/containerd/containerd/pull/6452)) * [Windows][Integration] Enable TestRestartMonitor ([#6515](https://github.com/containerd/containerd/pull/6515)) * go.mod: fsnotify v1.5.1, moby/sys/mountinfo v0.6.0, moby/sys/signal v0.7.0 ([#6554](https://github.com/containerd/containerd/pull/6554)) </p> </details> ### Changes from containerd/cgroups <details><summary>49 commits</summary> <p> * Upgrade GitHub actions CI workflow ([#249](https://github.com/containerd/cgroups/pull/249)) * Upgrade Go compiler to 1.19 ([#248](https://github.com/containerd/cgroups/pull/248)) * Don't use ioutil ([#246](https://github.com/containerd/cgroups/pull/246)) * Check that cgroup is empty before deleting ([#228](https://github.com/containerd/cgroups/pull/228)) * Support cgroup.AddThread in cgroupv2 manager ([#243](https://github.com/containerd/cgroups/pull/243)) * Support to handle more than 4 fields in cpuacct.stat ([#231](https://github.com/containerd/cgroups/pull/231)) * typo shoulld -> should ([#236](https://github.com/containerd/cgroups/pull/236)) * Upgrade github.com/cilium/ebpf from v0.4.0 to v0.9.1 ([#241](https://github.com/containerd/cgroups/pull/241)) * go.mod: github.com/stretchr/testify v1.8.0 ([#240](https://github.com/containerd/cgroups/pull/240)) * .github: use ubuntu-22.04 to test cgroupv2 ([#237](https://github.com/containerd/cgroups/pull/237)) * feat(v2): Support cgroup.MoveTo in cgroupv2 manager ([#235](https://github.com/containerd/cgroups/pull/235)) * Update README to include usage examples of v2 client ([#233](https://github.com/containerd/cgroups/pull/233)) * ParseCgroupFile: fix wrong comment about unified hierarchy ; add ParseCgroupFileUnified to get the unified path ([#232](https://github.com/containerd/cgroups/pull/232)) * Bump go version to 1.17 in go.mod ([#230](https://github.com/containerd/cgroups/pull/230)) * make cmd/ a separate module (as it's only for testing) ([#226](https://github.com/containerd/cgroups/pull/226)) * feat(v2): add Update method for v2.Manager ([#225](https://github.com/containerd/cgroups/pull/225)) * feat: add memory.min param ([#211](https://github.com/containerd/cgroups/pull/211)) * modified the dereference null pointer value. ([#218](https://github.com/containerd/cgroups/pull/218)) * update readme for cpu cgroup demo ([#217](https://github.com/containerd/cgroups/pull/217)) * Fix systemd full path ([#221](https://github.com/containerd/cgroups/pull/221)) * Update Go version and fedora base ([#223](https://github.com/containerd/cgroups/pull/223)) * Fix panic in NewSystemd on nil values ([#219](https://github.com/containerd/cgroups/pull/219)) </p> </details> ### Changes from containerd/continuity <details><summary>28 commits</summary> <p> * go.mod: update dependencies (take 2) ([#204](https://github.com/containerd/continuity/pull/204)) * Revert "go.mod: update dependencies" ([#205](https://github.com/containerd/continuity/pull/205)) * Various small fix-ups ([#202](https://github.com/containerd/continuity/pull/202)) * update authors and mailmap ([#201](https://github.com/containerd/continuity/pull/201)) * move cmd/continuity to its own go module ([#200](https://github.com/containerd/continuity/pull/200)) * CI: resolve Go path before sudoing ; Remove deprecated io/ioutil (except ioutil.ReadDir) ([#198](https://github.com/containerd/continuity/pull/198)) * fs.CopyDir: support sockets and pipes ([#197](https://github.com/containerd/continuity/pull/197)) * Fix wrapping errors ([#196](https://github.com/containerd/continuity/pull/196)) </p> </details> ### Changes from containerd/fifo <details><summary>26 commits</summary> <p> * Update Go vers, x/sys vendor ([#51](https://github.com/containerd/fifo/pull/51)) * chore: cleanup old buildtags by `go fix` ([#49](https://github.com/containerd/fifo/pull/49)) * Return nil when openFifo returns nil ([#47](https://github.com/containerd/fifo/pull/47)) * Resolve golangci-lint-action package warnings ([#48](https://github.com/containerd/fifo/pull/48)) * Remove references to io/ioutil package ([#45](https://github.com/containerd/fifo/pull/45)) * Update GitHub actions CI workflow ([#46](https://github.com/containerd/fifo/pull/46)) * go.mod: github.com/stretchr/testify v1.8.0, golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8, go 1.18 ([#44](https://github.com/containerd/fifo/pull/44)) * fifo_test: Add 2 tests for closing after reading ([#42](https://github.com/containerd/fifo/pull/42)) * replace pkg/errors ([#41](https://github.com/containerd/fifo/pull/41)) * fifo.Close(): prevent possible panic if fifo is nil ([#32](https://github.com/containerd/fifo/pull/32)) * Update branch name in GitHub Actions ([#40](https://github.com/containerd/fifo/pull/40)) </p> </details> ### Changes from containerd/go-cni <details><summary>38 commits</summary> <p> * Add Go 1.20 support ([#111](https://github.com/containerd/go-cni/pull/111)) * opts: add cgroupPath capability ([#110](https://github.com/containerd/go-cni/pull/110)) * go.mod: github.com/containernetworking/cni v1.1.2 ([#109](https://github.com/containerd/go-cni/pull/109)) * Remove references to io/ioutil package ([#106](https://github.com/containerd/go-cni/pull/106)) * Update golangci/golangci-lint package ([#108](https://github.com/containerd/go-cni/pull/108)) * Update GitHub actions CI workflow ([#107](https://github.com/containerd/go-cni/pull/107)) * Add support for Windows default conf paths ([#103](https://github.com/containerd/go-cni/pull/103)) * go.mod: github.com/stretchr/testify v1.8.0 ([#104](https://github.com/containerd/go-cni/pull/104)) * go.mod: update libcni to v1.1.1 ([#101](https://github.com/containerd/go-cni/pull/101)) * add in some serial setup tests; a little make cleanup ([#100](https://github.com/containerd/go-cni/pull/100)) * Re-introduce serial network setup ([#99](https://github.com/containerd/go-cni/pull/99)) * bump github.com/containernetworking/cni v1.1.0 ([#98](https://github.com/containerd/go-cni/pull/98)) * Revert "Update loopback version to support check" ([#96](https://github.com/containerd/go-cni/pull/96)) * Use revive instead of golint ([#92](https://github.com/containerd/go-cni/pull/92)) * Bump go verion to 1.17 ([#91](https://github.com/containerd/go-cni/pull/91)) * moving up to latest CNI plugin release ([#90](https://github.com/containerd/go-cni/pull/90)) * Fix Loopback Version ([#88](https://github.com/containerd/go-cni/pull/88)) * Update comment for capabilities ([#89](https://github.com/containerd/go-cni/pull/89)) * Add integration test for linux and update go version from 1.16 to 1.17 ([#84](https://github.com/containerd/go-cni/pull/84)) </p> </details> ### Changes from containerd/imgcrypt <details><summary>49 commits</summary> <p> * CHANGES: Updated CHANGES document for 1.1.7 release ([#97](https://github.com/containerd/imgcrypt/pull/97)) * Update to ocicrypt 1.1.6 and add support for zstd type of compressed layers ([#96](https://github.com/containerd/imgcrypt/pull/96)) * build(deps): Update to containerd 1.6.8 ([#92](https://github.com/containerd/imgcrypt/pull/92)) * tests: Add -traditional to OpenSSL command line when OSSL v3 is used ([#90](https://github.com/containerd/imgcrypt/pull/90)) * chore: fix readme typo ([#87](https://github.com/containerd/imgcrypt/pull/87)) * Update to min golang 1.18 ([#88](https://github.com/containerd/imgcrypt/pull/88)) * CHANGES: Updated CHANGES document for 1.1.6 release ([#85](https://github.com/containerd/imgcrypt/pull/85)) * build(deps): bump github.com/containerd/containerd from 1.6.1 to 1.6.6 ([#83](https://github.com/containerd/imgcrypt/pull/83)) * CI: Upgrade to golangci-lint v1.46.2 ([#84](https://github.com/containerd/imgcrypt/pull/84)) * CICD: Rename master branch to main ([#79](https://github.com/containerd/imgcrypt/pull/79)) * Rename any to pbAny ([#78](https://github.com/containerd/imgcrypt/pull/78)) * Use reflect to support diff.ApplyConfig with/without gogo's types.Any ([#75](https://github.com/containerd/imgcrypt/pull/75)) * Upgrade golangci-lint-action and golangci-lint ([#76](https://github.com/containerd/imgcrypt/pull/76)) * CHANGES: Updated CHANGES document for 1.1.4 release ([#74](https://github.com/containerd/imgcrypt/pull/74)) * Bump github.com/containerd/containerd from 1.5.10 to 1.6.1 ([#73](https://github.com/containerd/imgcrypt/pull/73)) * images: prepare for typeurl.Any ([#72](https://github.com/containerd/imgcrypt/pull/72)) * Bump ocicrypt to 1.1.3 ([#71](https://github.com/containerd/imgcrypt/pull/71)) * Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 ([#67](https://github.com/containerd/imgcrypt/pull/67)) </p> </details> ### Changes from containerd/nri <details><summary>56 commits</summary> <p> * Add Go 1.20 support to CI ([#30](https://github.com/containerd/nri/pull/30)) * Add CodeQL Security scan workflow ([#31](https://github.com/containerd/nri/pull/31)) * fixes: sort final adjusted mount slice. ([#29](https://github.com/containerd/nri/pull/29)) * fixes: fix resource adjustment to properly ignore unset/unadjusted fields. ([#28](https://github.com/containerd/nri/pull/28)) * adaptation: fix mount and device adjustment. ([#27](https://github.com/containerd/nri/pull/27)) * Make plugin timeouts configurable, adjust default socket path. ([#26](https://github.com/containerd/nri/pull/26)) * pkg/adaptation: eliminate configuration file. ([#24](https://github.com/containerd/nri/pull/24)) * stub: fix a potential plugin crash. ([#25](https://github.com/containerd/nri/pull/25)) * adaptation: fix a panic for unsolicited updates. ([#23](https://github.com/containerd/nri/pull/23)) * pkg/adaptaton: log errors with %v not %w. ([#22](https://github.com/containerd/nri/pull/22)) * chore: cleanup old buildtags by `go fix` ([#21](https://github.com/containerd/nri/pull/21)) * add back project info ([#20](https://github.com/containerd/nri/pull/20)) * Extend scope to enable common pluggable runtime extensions. ([#16](https://github.com/containerd/nri/pull/16)) * Update GitHub actions CI workflow ([#19](https://github.com/containerd/nri/pull/19)) * replace pkg/errors ([#17](https://github.com/containerd/nri/pull/17)) * Update the examples in README.md ([#15](https://github.com/containerd/nri/pull/15)) * Rename branch from master to main ([#12](https://github.com/containerd/nri/pull/12)) * Update to containerd 1.5.1 ([#11](https://github.com/containerd/nri/pull/11)) </p> </details> ### Changes from containerd/ttrpc <details><summary>56 commits</summary> <p> * Make checkServerShutdown verbose ([#128](https://github.com/containerd/ttrpc/pull/128)) * server: Fix connection issues when receiving ECONNRESET ([#123](https://github.com/containerd/ttrpc/pull/123)) * README: protobuild is in containerd org now ([#125](https://github.com/containerd/ttrpc/pull/125)) * stream: fix the map of streams leak ([#120](https://github.com/containerd/ttrpc/pull/120)) * Regenerated pb.go files to fix mismatches ([#122](https://github.com/containerd/ttrpc/pull/122)) * build: Fix references to check-protos target in Makefile ([#118](https://github.com/containerd/ttrpc/pull/118)) * Add service prefix option to generator ([#116](https://github.com/containerd/ttrpc/pull/116)) * doc: ttrpc supports stream ([#121](https://github.com/containerd/ttrpc/pull/121)) * *: remove codecov ([#114](https://github.com/containerd/ttrpc/pull/114)) * Only generate a Go file if the file has some services ([#112](https://github.com/containerd/ttrpc/pull/112)) * *.go: organize errors to one spot ([#113](https://github.com/containerd/ttrpc/pull/113)) * PROTOCOL: slight markdown touchup ([#111](https://github.com/containerd/ttrpc/pull/111)) * Introduce streaming ([#107](https://github.com/containerd/ttrpc/pull/107)) * Update checkout and lint actions ([#109](https://github.com/containerd/ttrpc/pull/109)) * Add Makefile and update protobuf ([#106](https://github.com/containerd/ttrpc/pull/106)) * Add ttrpc protocol definition ([#102](https://github.com/containerd/ttrpc/pull/102)) * Enable Codecov again ([#105](https://github.com/containerd/ttrpc/pull/105)) * Use CR+LF instead of LF regardless of OS ([#103](https://github.com/containerd/ttrpc/pull/103)) * Log the error's underyling errno if there is ([#104](https://github.com/containerd/ttrpc/pull/104)) * Use google.golang.org/protobuf instead of github.com/gogo/protobuf ([#99](https://github.com/containerd/ttrpc/pull/99)) * Wrap correct error on unix.GetsockoptUcred failure ([#100](https://github.com/containerd/ttrpc/pull/100)) * Update CI project checks to use containerd project action ([#101](https://github.com/containerd/ttrpc/pull/101)) </p> </details> ### Dependency Changes * **github.com/AdaLogics/go-fuzz-headers** 6c3934b029d8 -> 1f10f66a31bf * **github.com/AdamKorcz/go-118-fuzz-build** 5330a85ea652 **_new_** * **github.com/Microsoft/go-winio** v0.5.1 -> v0.6.0 * **github.com/Microsoft/hcsshim** v0.9.2 -> v0.10.0-rc.7 * **github.com/blang/semver/v4** v4.0.0 **_new_** * **github.com/cenkalti/backoff/v4** v4.1.2 -> v4.2.0 * **github.com/cespare/xxhash/v2** v2.1.2 -> v2.2.0 * **github.com/cilium/ebpf** v0.7.0 -> v0.9.1 * **github.com/container-orchestrated-devices/container-device-interface** v0.5.4 **_new_** * **github.com/containerd/btrfs/v2** v2.0.0 **_new_** * **github.com/containerd/cgroups** v1.0.3 -> v1.1.0 * **github.com/containerd/cgroups/v3** v3.0.1 **_new_** * **github.com/containerd/continuity** v0.2.2 -> v0.3.0 * **github.com/containerd/fifo** v1.0.0 -> v1.1.0 * **github.com/containerd/go-cni** v1.1.3 -> v1.1.9 * **github.com/containerd/imgcrypt** v1.1.3 -> v1.1.7 * **github.com/containerd/nri** v0.1.0 -> v0.3.0 * **github.com/containerd/ttrpc** v1.1.0 -> v1.2.0 * **github.com/containerd/typeurl/v2** v2.1.0 **_new_** * **github.com/containernetworking/cni** v1.0.1 -> v1.1.2 * **github.com/containernetworking/plugins** v1.0.1 -> v1.2.0 * **github.com/containers/ocicrypt** v1.1.2 -> v1.1.6 * **github.com/coreos/go-systemd/v22** v22.3.2 -> v22.5.0 * **github.com/cpuguy83/go-md2man/v2** v2.0.0 -> v2.0.2 * **github.com/cyphar/filepath-securejoin** v0.2.3 **_new_** * **github.com/docker/go-units** v0.4.0 -> v0.5.0 * **github.com/emicklei/go-restful/v3** v3.10.1 **_new_** * **github.com/fsnotify/fsnotify** v1.4.9 -> v1.6.0 * **github.com/go-logr/logr** v1.2.2 -> v1.2.3 * **github.com/godbus/dbus/v5** v5.0.6 -> v5.1.0 * **github.com/google/go-cmp** v0.5.6 -> v0.5.9 * **github.com/google/uuid** v1.2.0 -> v1.3.0 * **github.com/grpc-ecosystem/grpc-gateway/v2** v2.7.0 **_new_** * **github.com/imdario/mergo** v0.3.12 -> v0.3.13 * **github.com/intel/goresctrl** v0.2.0 -> v0.3.0 * **github.com/klauspost/compress** v1.11.13 -> v1.16.0 * **github.com/klauspost/cpuid/v2** v2.0.4 **_new_** * **github.com/miekg/pkcs11** v1.0.3 -> v1.1.1 * **github.com/minio/sha256-simd** v1.0.0 **_new_** * **github.com/moby/sys/mountinfo** v0.5.0 -> v0.6.2 * **github.com/moby/sys/sequential** v0.5.0 **_new_** * **github.com/moby/sys/signal** v0.6.0 -> v0.7.0 * **github.com/opencontainers/image-spec** 693428a734f5 -> 3a7f492d3f1b * **github.com/opencontainers/runc** v1.1.0 -> v1.1.4 * **github.com/opencontainers/runtime-spec** 1c3f411f0417 -> v1.1.0-rc.1 * **github.com/opencontainers/runtime-tools** 946c877fa809 **_new_** * **github.com/opencontainers/selinux** v1.10.0 -> v1.11.0 * **github.com/pelletier/go-toml** v1.9.3 -> v1.9.5 * **github.com/prometheus/client_golang** v1.11.0 -> v1.14.0 * **github.com/prometheus/client_model** v0.2.0 -> v0.3.0 * **github.com/prometheus/common** v0.30.0 -> v0.37.0 * **github.com/prometheus/procfs** v0.7.3 -> v0.8.0 * **github.com/russross/blackfriday/v2** v2.0.1 -> v2.1.0 * **github.com/sirupsen/logrus** v1.8.1 -> v1.9.0 * **github.com/stretchr/testify** v1.7.0 -> v1.8.2 * **github.com/syndtr/gocapability** 42c35b437635 **_new_** * **github.com/tchap/go-patricia/v2** v2.3.1 **_new_** * **github.com/urfave/cli** v1.22.1 -> v1.22.12 * **github.com/vishvananda/netlink** f5de75959ad5 -> v1.2.1-beta.2 * **go.etcd.io/bbolt** v1.3.6 -> v1.3.7 * **go.opencensus.io** v0.23.0 -> v0.24.0 * **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.28.0 -> v0.37.0 * **go.opentelemetry.io/otel** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/exporters/otlp/internal/retry** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/metric** v0.34.0 **_new_** * **go.opentelemetry.io/otel/sdk** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/trace** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/proto/otlp** v0.11.0 -> v0.19.0 * **golang.org/x/crypto** 32db794688a5 -> v0.1.0 * **golang.org/x/mod** v0.7.0 **_new_** * **golang.org/x/net** fe4d6282115f -> v0.7.0 * **golang.org/x/oauth2** 2bc19b11175f -> v0.4.0 * **golang.org/x/sync** 036812b2e83c -> v0.1.0 * **golang.org/x/sys** 1d35b9e2eb4e -> v0.6.0 * **golang.org/x/term** 6886f2dfbf5b -> v0.5.0 * **golang.org/x/text** v0.3.7 -> v0.7.0 * **golang.org/x/time** 1f47c861a9ac -> 90d013bbcef8 * **golang.org/x/tools** v0.5.0 **_new_** * **google.golang.org/genproto** e50cd9704f63 -> 7f2fa6fef1f4 * **google.golang.org/grpc** v1.43.0 -> v1.53.0 * **google.golang.org/protobuf** v1.27.1 -> v1.28.1 * **gopkg.in/yaml.v3** 496545a6307b -> v3.0.1 * **k8s.io/api** v0.22.5 -> v0.26.2 * **k8s.io/apimachinery** v0.22.5 -> v0.26.2 * **k8s.io/apiserver** v0.22.5 -> v0.26.2 * **k8s.io/client-go** v0.22.5 -> v0.26.2 * **k8s.io/component-base** v0.22.5 -> v0.26.2 * **k8s.io/cri-api** v0.23.1 -> v0.26.2 * **k8s.io/klog/v2** v2.30.0 -> v2.90.1 * **k8s.io/utils** cb0fa318a74b -> a5ecb0141aa5 * **sigs.k8s.io/json** f223a00ba0e2 **_new_** * **sigs.k8s.io/structured-merge-diff/v4** v4.1.2 -> v4.2.3 * **sigs.k8s.io/yaml** v1.2.0 -> v1.3.0 Previous release can be found at [v1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. * `cri-containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: (Deprecated) * `cri-containerd-cni-<VERSION>-<OS>-<ARCH>.tar.gz`: (Deprecated) In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation. -
v1.7.0-rc.1
containerd 1.7.0-rc.1 Welcome to the v1.7.0-rc.1 release of containerd! *This is a pre-release of containerd* The eighth major release of containerd includes new functionality alongside many improvements. This release is intended to be the last major release of containerd 1.x before 2.0. Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0. This release still adheres to our backwards compability guarantees and users who do not use or enable new functionality should use this release with the same stability expectations. The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality. ### Highlights #### Sandbox API _(experimental)_ The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs. This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients. * **Sandbox API** ([#6703](https://github.com/containerd/containerd/pull/6703)) * **CRI Sandbox API Implementation** ([#7228](https://github.com/containerd/containerd/pull/7228)) #### Transfer Service _(experimental)_ * **Transfer Service** ([#7320](https://github.com/containerd/containerd/pull/7320)) The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release to allow for further plugin development and integration into existing plugins. See the [Transfer Docs](https://github.com/containerd/containerd/blob/main/docs/transfer.md) #### NRI _(experimental)_ * **Extend NRI scope** ([nri#16](https://github.com/containerd/nri/pull/16)) * **Support for updated NRI** ([#6019](https://github.com/containerd/containerd/pull/6019)) The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration. This release introduces NRI v0.3.0 with an updated plugin interface to cover a wide range of use cases. See the [NRI Docs](https://github.com/containerd/containerd/blob/main/docs/NRI.md) #### Platform Support * **Linux containers on FreeBSD** ([#7000](https://github.com/containerd/containerd/pull/7000)) #### Runtime Features * **Add support for CDI device injection** ([#6654](https://github.com/containerd/containerd/pull/6654)) * **Support for cgroups blockio** ([#5490](https://github.com/containerd/containerd/pull/5490)) * **Add restart policy for enhanced restart manager** ([#6744](https://github.com/containerd/containerd/pull/6744)) #### gRPC Shim Support _(experimental)_ * **Initial gRPC shim support** ([#8052](https://github.com/containerd/containerd/pull/8052)) Adds support for shims to use gRPC in addition to ttrpc. Existing ttrpc shim support is not going away and will continue to be recommended for the best performance and lowest shim memory overhead. The gRPC support allows implementation of a wider range of shim implementations which may not have access to a stable ttrpc library in the implementation language. The shim protocol is also updated to allow the shims to specify the protocol which is supported. #### Road to 2.0 ##### Refactoring There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points. The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independently. The new sandbox and distribution interfaces provide one example of this, but it also being done for image and network management. The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc. Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability. * **Remove gogoproto.customtype** ([#6699](https://github.com/containerd/containerd/pull/6699)) * **Remove enumvalue_customname, goproto_enum_prefix and enum_customname** ([#6708](https://github.com/containerd/containerd/pull/6708)) * **Remove all gogoproto extensions** ([#6829](https://github.com/containerd/containerd/pull/6829)) * **Migrate off from github.com/gogo/protobuf** ([#6841](https://github.com/containerd/containerd/pull/6841)) * **ttrpc streaming** ([ttrpc#107](https://github.com/containerd/ttrpc/pull/107)) * **Add unpack interface for client** ([#6749](https://github.com/containerd/containerd/pull/6749)) * **Add collectible resources to metadata gc** ([#6804](https://github.com/containerd/containerd/pull/6804)) * **Add version to shim protocol** ([#8177](https://github.com/containerd/containerd/pull/8177)) ##### Configuration Existing CRI configurations will be supported until 2.0. Any functionality split out of CRI will have their configuration migrated to new plugins. Deprecated configuration versions and configurations for deprecated features will be removed in 2.0. ##### Deprecation The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include. * **Docker Schema 1 Image Deprecation** ([#6884](https://github.com/containerd/containerd/pull/6884)) #### CRI Updates * **Fix CRI plugin to setup pod network after creating the sandbox container** ([#5904](https://github.com/containerd/containerd/pull/5904)) * **Support image pull progress timeout** ([#6150](https://github.com/containerd/containerd/pull/6150)) * **Add experimental support for runtime specific snapshotters** ([#6899](https://github.com/containerd/containerd/pull/6899)) * **Pass all TOML runtime configuration options from CRI to the runtime** ([#7764](https://github.com/containerd/containerd/pull/7764)) * **Support for user namespaces in stateless pods ([KEP-127](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/127-user-namespaces)) _(experimental)_** ([#7679](https://github.com/containerd/containerd/pull/7679)) * **Add network plugin metrics** ([#7858](https://github.com/containerd/containerd/pull/7858)) * **CRI v1alpha2 is deprecated and will be removed from containerd in containerd v2.0; if you are using the CRI API please move up to CRI v1; Kubernetes supports CRI v1 since Kubernetes 1.23** ([#7863](https://github.com/containerd/containerd/pull/7863)) #### Other * **Support shallow content copy by adding reader option to local content reader at** ([#7414](https://github.com/containerd/containerd/pull/7414)) * **Add NoSameOwner option when unpacking tars** ([#7386](https://github.com/containerd/containerd/pull/7386)) * **Add `FetcherByDigest` for fetching blobs without fetching a manifest** ([#7460](https://github.com/containerd/containerd/pull/7460)) * **Update default seccomp profile to block socket calls to AF_VSOCK** ([#7510](https://github.com/containerd/containerd/pull/7510)) * **Replace fork on mount logic with CLONE_FS** ([#7513](https://github.com/containerd/containerd/pull/7513)) * **Add support for default registry host configuration** ([#7607](https://github.com/containerd/containerd/pull/7607)) * **Use github.com/minio/sha256-simd for more efficient sha256 calculation** ([#7732](https://github.com/containerd/containerd/pull/7732)) * **Make OCI options cross-platform** ([#7928](https://github.com/containerd/containerd/pull/7928)) * **Update release builds to build from Ubuntu 20.04 with glibc 2.31** ([#8021](https://github.com/containerd/containerd/pull/8021)) * **Use data field from OCI descriptor when provided for fetch** ([#8076](https://github.com/containerd/containerd/pull/8076)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Kazuyoshi Kato * Maksym Pavlenko * Phil Estes * Wei Fu * Akihiro Suda * Sebastiaan van Stijn * Samuel Karp * Krisztian Litkey * Mike Brown * Danny Canter * Daniel Canter * Austin Vazquez * yanggang * Iceber Gu * Ye Sijun * Ed Bartosh * Adam Korcz * Luca Comellini * Nashwan Azhari * Stefan Berger * Tony Fang * ruiwen-zhao * xin.li * Brian Goff * Gabriel Adrian Samfira * Paul "TBBle" Hampson * Henry Wang * Rodrigo Campos * Justin Terry * Kevin Parsons * Paco Xu * Shengjing Zhu * Swagat Bora * wanglei * zounengren * Gavin Inglis * Akhil Mohan * Zechun Chen * guodong * lengrongfu * James Jenkins * Michael Crosby * Qiutong Song * Shiming Zhang * Vincent Batts * Antonio Ojea * Cameron Sparr * Casey Callendrello * Changwei Ge * Hsing-Yu (David) Chen * Josh Seba * Junyu Liu * Kirtana Ashok * Kohei Tokunaga * Michael Zappa * Qasim Sarfraz * Tobias Klauser * pigletfly * yaoyinnan * Abirdcfly * Aditi Sharma * Amit Barve * Bennett-White * Bjorn Neergaard * Craig Ingram * Eng Zer Jun * Eric Lin * Ethan Lowman * Fabian Hoffmann * James Sturtevant * Jess * Jian Zeng * Jiongchi Yu * Jonny Stoten * Juan Hoyos * Kang.Zhang * Kay Yan * Markus Lehtonen * Mikko Ylinen * Mohit Sharma * Paul Cacheux * Paul S. Schweigert * Qian Zhang * Yasin Turan * Zhang Tianyang * bin liu * dependabot[bot] * helen * yulng * Aman Sharma * Anastassios Nanos * Andrew G. Morgan * Andrey Klimentyev * Aniruddha Basak * Anthony Nandaa * Antti Kervinen * Aviral Takkar * Baoshuo * Benjamin Elder * Benjamin Wang * Chao Dai * Chuanying Du * Claudiu Belu * Cory Snider * Daniel Lenar * Danielle Lancashire * Dat Nguyen * Davanum Srinivas * Dave * David Leadbeater * David Porter * Dmitry Shurupov * Edgar Lee * Eric Ernst * Fahed Dorgaa * Gabriela Cervantes * Gijs Peskens * Hamza El-Saawy * Ikko Ashimine * Jeff Widman * Jeff Zvier * Jeremi Piotrowski * Jin Dong * Jordan Karaze * Joseph Sheng * Joyce Brum * Jukka Rissanen * Justin Chadwell * Kate * Kathryn Baldauf * Kyle L Frisbie * LongtaoZhang * Manuel Alejandro de Brito Fontes * Marc Schwind * Mark Rossetti * Mark Zhang * Marvin Giessing * Mathis Michel * Merlin Ran * Nabeel Rana * Nathan * Nguyen Phan Huy * Nikita Rybak * Nobel Barakat * Oleg Atamanenko * Oleg Zhurakivskyy * Oliver Radwell * Quan Tian * Roy Yang * Serge Logvinov * Shane Jennings * Shaun Lawrie * Shinichi Morimoto * SilverSoldier * Sophie Liu * Su Fei * Taeho Nam * Takumasa Sakao * Tiger Kaovilai * Tom Godkin * Tomoya.Fujita * Tõnis Tiigi * Xinlin Ma * Yakul Garg * Zhongming Chang * Zhuchen Wang * austinvazquez * cardy.tang * chaunceyjiang * dabaooline * guiyong.ou * huoqifeng * jianfei.zhang * liyuxuan.darfux * ningmingxiao * shi yixue * shuaichang * songjiang han * wen chen * wusong * xiaoyang zhu * yanghesong * yaozhenxiu * zhang he ### Changes <details><summary>1685 commits</summary> <p> * Prepare release notes for v1.7.0-rc.1 ([#8192](https://github.com/containerd/containerd/pull/8192)) * Transfer export image ([#8191](https://github.com/containerd/containerd/pull/8191)) * Create config struct to take user input ([#8193](https://github.com/containerd/containerd/pull/8193)) * ctr/tasks: support remapped UID/GID ([#7864](https://github.com/containerd/containerd/pull/7864)) * Add experimental section to RELEASES.md ([#8119](https://github.com/containerd/containerd/pull/8119)) * Fix streaming manager deadlock on collection ([#8188](https://github.com/containerd/containerd/pull/8188)) * Update CRI guide link ([#8190](https://github.com/containerd/containerd/pull/8190)) * Add max shim version environment variable ([#8189](https://github.com/containerd/containerd/pull/8189)) * Update README with location of security audits ([#8187](https://github.com/containerd/containerd/pull/8187)) * docs: fix typos in historical/design/data-flow.md ([#8181](https://github.com/containerd/containerd/pull/8181)) * Increase CI workflow timeout on Windows. ([#8183](https://github.com/containerd/containerd/pull/8183)) * releases: mark 1.5 as EOL ([#8178](https://github.com/containerd/containerd/pull/8178)) * Add version to shim protocol ([#8177](https://github.com/containerd/containerd/pull/8177)) * Rework install-protobuf script and add new targets ([#8164](https://github.com/containerd/containerd/pull/8164)) * bump go-cni to v1.1.9 ([#8173](https://github.com/containerd/containerd/pull/8173)) * Treat sandboxes as root gc resources and scan referenced objects ([#8172](https://github.com/containerd/containerd/pull/8172)) * update CDI version to v0.5.4 ([#8152](https://github.com/containerd/containerd/pull/8152)) * Prepare release notes for v1.7.0-rc.0 ([#8162](https://github.com/containerd/containerd/pull/8162)) * pkg/nri: pull in latest NRI, update NRI configuration. ([#8140](https://github.com/containerd/containerd/pull/8140)) * [transfer]Config options followup ([#8165](https://github.com/containerd/containerd/pull/8165)) * Add configuration options to local transfer service ([#8062](https://github.com/containerd/containerd/pull/8062)) * docs: Show how to select GRPC for shims ([#8134](https://github.com/containerd/containerd/pull/8134)) * CRI: remove duplicated snapshotters code ([#8154](https://github.com/containerd/containerd/pull/8154)) * docs: add more comment to logging.LoggerFunc ([#8142](https://github.com/containerd/containerd/pull/8142)) * contrib/apparmor: remove code related to apparmor_parser version ([#8069](https://github.com/containerd/containerd/pull/8069)) * runtime/v2: Call onCloseWithShimLog for grpc shims ([#8120](https://github.com/containerd/containerd/pull/8120)) * Add Fields type alias to log package ([#8143](https://github.com/containerd/containerd/pull/8143)) * Migrate from k8s.gcr.io to registry.k8s.io ([#8125](https://github.com/containerd/containerd/pull/8125)) * sandbox: start sandbox with options ([#8129](https://github.com/containerd/containerd/pull/8129)) * Add macOS build note ([#8115](https://github.com/containerd/containerd/pull/8115)) * Fix concurrent writes for UpdateContainerStats ([#8130](https://github.com/containerd/containerd/pull/8130)) * dependency: bump go.etcd.io/bbolt to v1.3.7 ([#8128](https://github.com/containerd/containerd/pull/8128)) * runtime/v2: Log BootstrapParams ([#8124](https://github.com/containerd/containerd/pull/8124)) * Prepare release notes for v1.7.0 beta.4 ([#8110](https://github.com/containerd/containerd/pull/8110)) * Go 1.20.1 ([#8103](https://github.com/containerd/containerd/pull/8103)) * ctr version: add args check ([#8096](https://github.com/containerd/containerd/pull/8096)) * pkg/cri/config: fix Mirrors deprecation comment ([#8041](https://github.com/containerd/containerd/pull/8041)) * docs: fix function names in fuzzing test documentation ([#8044](https://github.com/containerd/containerd/pull/8044)) * fix: 'go routine' should be 'goroutine' ([#8051](https://github.com/containerd/containerd/pull/8051)) * Github Security Advisory [GHSA-hmfx-3pcx-653p](https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p) * Github Security Advisory [GHSA-259w-8hf6-59c2](https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2) * pkg/cri/sbserver: experimental NRI integration for CRI. ([#7954](https://github.com/containerd/containerd/pull/7954)) * Clean up error strings that start with uppercase ([#8114](https://github.com/containerd/containerd/pull/8114)) * Clean up repeated package import ([#8113](https://github.com/containerd/containerd/pull/8113)) * Go 1.19.6 ([#8109](https://github.com/containerd/containerd/pull/8109)) * Initial GRPC shims support ([#8052](https://github.com/containerd/containerd/pull/8052)) * CRI: Pass sandbox annotations to _other platforms ([#8060](https://github.com/containerd/containerd/pull/8060)) * cmd/ctr/commands/images: support usage subcommand ([#8105](https://github.com/containerd/containerd/pull/8105)) * cni: pass in the cgroupPath capability argument ([#8067](https://github.com/containerd/containerd/pull/8067)) * Add fallback for windows platforms without osversion ([#8101](https://github.com/containerd/containerd/pull/8101)) * release: xx v1.2.1 ([#8104](https://github.com/containerd/containerd/pull/8104)) * [transfer] update imagestore interface to support multiple references ([#7964](https://github.com/containerd/containerd/pull/7964)) * [sandbox] Use options to pass PodSandboxConfig to shims ([#8100](https://github.com/containerd/containerd/pull/8100)) * Send container events with nil PodSandboxStatus ([#8047](https://github.com/containerd/containerd/pull/8047)) * test: add hostNetwork tests for both windows and linux ([#7984](https://github.com/containerd/containerd/pull/7984)) * loadConfig pre-inspection in advance ([#8097](https://github.com/containerd/containerd/pull/8097)) * contrib/apparmor: remove version-dependent rules ([#8068](https://github.com/containerd/containerd/pull/8068)) * *: introduce wrapper pkgs for blockio and rdt ([#8066](https://github.com/containerd/containerd/pull/8066)) * Extract CRI instrument into separate package ([#8093](https://github.com/containerd/containerd/pull/8093)) * CRI: Mirror generic toml runtime config under server ([#8091](https://github.com/containerd/containerd/pull/8091)) * go.mod: github.com/containerd/typeurl/v2 v2.1.0 ([#8092](https://github.com/containerd/containerd/pull/8092)) * Revert `apparmor_parser` regression ([#8086](https://github.com/containerd/containerd/pull/8086)) * [sandbox] refactor controller interface ([#7981](https://github.com/containerd/containerd/pull/7981)) * btrfs: depend on kernel UAPI instead of libbtrfs ([#7933](https://github.com/containerd/containerd/pull/7933)) * CI: skip some jobs when `repo != containerd/containerd` ([#8082](https://github.com/containerd/containerd/pull/8082)) * chore: clean up repeated package import ([#8078](https://github.com/containerd/containerd/pull/8078)) * fetch: Use data from descriptor when available. ([#8076](https://github.com/containerd/containerd/pull/8076)) * chore: use http constants instead of string ([#8077](https://github.com/containerd/containerd/pull/8077)) * Fix retry logic within devmapper device deactivation ([#8075](https://github.com/containerd/containerd/pull/8075)) * Clean CI yaml ([#8071](https://github.com/containerd/containerd/pull/8071)) * Add critest.exe in $PATH ([#8074](https://github.com/containerd/containerd/pull/8074)) * keep the uppercase letter for flag info ([#7976](https://github.com/containerd/containerd/pull/7976)) * go.mod: Bump hcsshim to v0.10.0-rc.5 ([#8049](https://github.com/containerd/containerd/pull/8049)) * Fix sandbox exit monitor ([#8045](https://github.com/containerd/containerd/pull/8045)) * Generate GRPC contracts for runtime APIs ([#7979](https://github.com/containerd/containerd/pull/7979)) * Make argument validation of `mount.UnmountRecursive` compatible to `mount.UnmountAll` ([#8035](https://github.com/containerd/containerd/pull/8035)) * Export remote snapshotter label handler ([#8036](https://github.com/containerd/containerd/pull/8036)) * Adding support to run install hcsshim from local clone ([#7989](https://github.com/containerd/containerd/pull/7989)) * go.mod: github.com/urfave/cli v1.22.12 ([#8040](https://github.com/containerd/containerd/pull/8040)) * cmd/ctr/commands: clean up the func IntToInt32Array in utils.go ([#8039](https://github.com/containerd/containerd/pull/8039)) * pkg/epoch: drop timezone ([#8037](https://github.com/containerd/containerd/pull/8037)) * go.mod: update github.com/containerd/nri. ([#8034](https://github.com/containerd/containerd/pull/8034)) * fix(docs): minor fix on the windows installation steps ([#8013](https://github.com/containerd/containerd/pull/8013)) * Add integration test to opentelemetry tracing on image pull ([#7847](https://github.com/containerd/containerd/pull/7847)) * Use mount.Target to specify subdirectory of rootfs mount ([#7840](https://github.com/containerd/containerd/pull/7840)) * cri: mkdir /etc/cni with 0755, not 0700 ([#8020](https://github.com/containerd/containerd/pull/8020)) * log/logtest: add `testcase` as debug field ([#8025](https://github.com/containerd/containerd/pull/8025)) * go.mod: github.com/containerd/cgroups/v3 v3.0.0 ([#8027](https://github.com/containerd/containerd/pull/8027)) * Update CNI plugins to 1.2.0 ([#7977](https://github.com/containerd/containerd/pull/7977)) * go.mod: go.opentelemetry.io/otel v1.12.0 ([#8026](https://github.com/containerd/containerd/pull/8026)) * Move PLEG events for pause container under podsandbox package ([#8007](https://github.com/containerd/containerd/pull/8007)) * runtime docs: Clarify delete cwd behavior ([#8012](https://github.com/containerd/containerd/pull/8012)) * release: Add "cri-containerd.DEPRECATED.txt" in the deprecated cri-containerd-* bundles ([#8019](https://github.com/containerd/containerd/pull/8019)) * RELEASES.md: update release status ([#8022](https://github.com/containerd/containerd/pull/8022)) * deflake: TestContainerPids ([#8023](https://github.com/containerd/containerd/pull/8023)) * release: Ubuntu 18.04 -> 20.04 (glibc 2.27 -> 2.31) ([#8021](https://github.com/containerd/containerd/pull/8021)) * Update the EOL date for 1.5 release ([#8015](https://github.com/containerd/containerd/pull/8015)) * Prepare release notes for v1.7.0-beta.3 ([#8014](https://github.com/containerd/containerd/pull/8014)) * Fix Memory Limit test ([#7959](https://github.com/containerd/containerd/pull/7959)) * Reused package errdefs for not supported error ([#8005](https://github.com/containerd/containerd/pull/8005)) * pkg/cri: optimize slice initialization ([#7994](https://github.com/containerd/containerd/pull/7994)) * go.mod: update goresctrl to v0.3.0 ([#7987](https://github.com/containerd/containerd/pull/7987)) * pushWriter: correctly propagate errors ([#7985](https://github.com/containerd/containerd/pull/7985)) * CI: test release.yml on every PR ([#7968](https://github.com/containerd/containerd/pull/7968)) * fix incorrect namespace of event when create/update namespace ([#7129](https://github.com/containerd/containerd/pull/7129)) * Backport changes to sandboxed CRI ([#7973](https://github.com/containerd/containerd/pull/7973)) * Fix syntax errors in the document ([#7970](https://github.com/containerd/containerd/pull/7970)) * release/Dockerfile: set DEBIAN_FRONTEND=noninteractive ([#7969](https://github.com/containerd/containerd/pull/7969)) * use local variable for rt when iterating collectors ([#7963](https://github.com/containerd/containerd/pull/7963)) * Add basic spec and mounts for Darwin ([#7960](https://github.com/containerd/containerd/pull/7960)) * go.mod: Bump hcsshim to v0.10.0-rc.4 ([#7810](https://github.com/containerd/containerd/pull/7810)) * Use specs Platform instead of generated API ([#7958](https://github.com/containerd/containerd/pull/7958)) * Make OCI options cross-platform ([#7928](https://github.com/containerd/containerd/pull/7928)) * update to go1.19.5, go1.18.10 ([#7948](https://github.com/containerd/containerd/pull/7948)) * fuzzing: improve archive fuzzer ([#7957](https://github.com/containerd/containerd/pull/7957)) * shim: enable debug logging for delete ([#7943](https://github.com/containerd/containerd/pull/7943)) * cri: Fix TestUpdateOCILinuxResource for host w/o swap controller ([#7946](https://github.com/containerd/containerd/pull/7946)) * ctr/run: flags --detach and --rm cannot be specified together ([#7929](https://github.com/containerd/containerd/pull/7929)) * Fix Flaky Windows CRI Integration test on TestContainerConsumedStats ([#7935](https://github.com/containerd/containerd/pull/7935)) * Refactor snapshotters metastore transaction ([#7917](https://github.com/containerd/containerd/pull/7917)) * mod: update github.com/pelletier/go-toml@v1.9.5 ([#7932](https://github.com/containerd/containerd/pull/7932)) * archive: improve TestSourceDateEpoch ([#7927](https://github.com/containerd/containerd/pull/7927)) * Add tracing plugin test ([#7883](https://github.com/containerd/containerd/pull/7883)) * docs/content-flow: update the description of the content labels ([#7925](https://github.com/containerd/containerd/pull/7925)) * Add cleanup package for context management during cleanup ([#7861](https://github.com/containerd/containerd/pull/7861)) * Fix race between stream registration and use ([#7886](https://github.com/containerd/containerd/pull/7886)) * Prepare release notes for v1.7.0-beta.2 ([#7903](https://github.com/containerd/containerd/pull/7903)) * Cirrus CI (Fedora 37, Rocky 8): enable cri-integration ([#7892](https://github.com/containerd/containerd/pull/7892)) * contrib/Dockerfile.test: add "integration", "cri-integration", "critest" stages ([#7891](https://github.com/containerd/containerd/pull/7891)) * docs: fix a typo in tracing documentation ([#7914](https://github.com/containerd/containerd/pull/7914)) * CI: Pass GITHUB_TOKEN to containerd/project-checks ([#7913](https://github.com/containerd/containerd/pull/7913)) * Enable dupword linter ([#7911](https://github.com/containerd/containerd/pull/7911)) * ctr: Add platform flag to 'oci spec' command ([#7905](https://github.com/containerd/containerd/pull/7905)) * Vagrantfile: fix disk resize error with VirtualBox ([#7907](https://github.com/containerd/containerd/pull/7907)) * Vagrantfile: fix comments about SELinux ([#7908](https://github.com/containerd/containerd/pull/7908)) * Use the const labels.LabelUncompressed ([#7906](https://github.com/containerd/containerd/pull/7906)) * [sandbox] Add sandbox store plugin type ([#7850](https://github.com/containerd/containerd/pull/7850)) * Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts ([#7893](https://github.com/containerd/containerd/pull/7893)) * CRI: Comment cleanup/misc fixes ([#7904](https://github.com/containerd/containerd/pull/7904)) * Move snapshot event publishing into metadata store ([#5674](https://github.com/containerd/containerd/pull/5674)) * Vagrantfile: install-rootless-podman: remove `setenforce 0` ([#7887](https://github.com/containerd/containerd/pull/7887)) * reused package errdefs for error ([#7894](https://github.com/containerd/containerd/pull/7894)) * integration/images: switch away from Docker Hub to avoid rate limit ([#7888](https://github.com/containerd/containerd/pull/7888)) * Validate userns container config is consistent with sandbox userns config ([#7882](https://github.com/containerd/containerd/pull/7882)) * `ctr contents ls` sorts the labels of the content ([#7881](https://github.com/containerd/containerd/pull/7881)) * chore: use `go fix` to cleanup old +build buildtag ([#7879](https://github.com/containerd/containerd/pull/7879)) * cri: Shadow variables to avoid t.Parallel() issues ([#7880](https://github.com/containerd/containerd/pull/7880)) * Add support for user namespaces in stateless pods (KEP-127) ([#7679](https://github.com/containerd/containerd/pull/7679)) * Refactor metastore transaction ([#7529](https://github.com/containerd/containerd/pull/7529)) * oci: appendOSMounts(): remove unused error, and move ([#7874](https://github.com/containerd/containerd/pull/7874)) * add kube v1.26: remove v1alph2 cri support ([#7863](https://github.com/containerd/containerd/pull/7863)) * make runc 1.1 for oss_fuzz_build.sh ([#7875](https://github.com/containerd/containerd/pull/7875)) * CRI sbserver: Prevent server reuse after Shutdown ([#7872](https://github.com/containerd/containerd/pull/7872)) * Fix incorrect defer usage and refactor judgement ([#7521](https://github.com/containerd/containerd/pull/7521)) * oci: Add WithDomainname ([#7869](https://github.com/containerd/containerd/pull/7869)) * Reused errdefs define error ([#7871](https://github.com/containerd/containerd/pull/7871)) * fix `ctr tasks kill` does not remove cni network under windows ([#7866](https://github.com/containerd/containerd/pull/7866)) * add network plugin metrics ([#7858](https://github.com/containerd/containerd/pull/7858)) * Avoid using canceled context in unpacker cleanup ([#7859](https://github.com/containerd/containerd/pull/7859)) * image/label: print more characters of label keys ([#7618](https://github.com/containerd/containerd/pull/7618)) * prevent Server reuse after a Shutdown ([#7165](https://github.com/containerd/containerd/pull/7165)) * Check containerd's readiness before calling critest ([#7851](https://github.com/containerd/containerd/pull/7851)) * Fix grammatical errors in Readme ([#7837](https://github.com/containerd/containerd/pull/7837)) * Fix cpu architecture detection issue on linux/arm ([#7636](https://github.com/containerd/containerd/pull/7636)) * CRI: Fix no CNI info for pod sandbox on restart ([#7845](https://github.com/containerd/containerd/pull/7845)) * Enable checkRename test ([#7081](https://github.com/containerd/containerd/pull/7081)) * metastore: Add WithTransaction convenience method ([#7781](https://github.com/containerd/containerd/pull/7781)) * Prevent a race condition in testHook ([#7831](https://github.com/containerd/containerd/pull/7831)) * cri: fix `memory.memsw.limit_in_bytes: no such file or directory` ([#7836](https://github.com/containerd/containerd/pull/7836)) * go.mod: update fuzz-headers and fuzz-build ([#7824](https://github.com/containerd/containerd/pull/7824)) * Remove github.com/gogo/protobuf again ([#7825](https://github.com/containerd/containerd/pull/7825)) * CRI: Add host networking helper ([#7814](https://github.com/containerd/containerd/pull/7814)) * Support sandbox shutdown in shim runtimes ([#7792](https://github.com/containerd/containerd/pull/7792)) * move up to CRI-TOOLS v1.26.0 ([#7818](https://github.com/containerd/containerd/pull/7818)) * Minor fix when querying pod sandbox status ([#7812](https://github.com/containerd/containerd/pull/7812)) * nil check to avoid panic on upgrade ([#7809](https://github.com/containerd/containerd/pull/7809)) * Bump grpc to v1.51.0 ([#7709](https://github.com/containerd/containerd/pull/7709)) * fatal error: concurrent map iteration and map write ([#7805](https://github.com/containerd/containerd/pull/7805)) * Bump golangci-lint to v1.50.1 ([#7804](https://github.com/containerd/containerd/pull/7804)) * cri: make swapping disabled with memory limit ([#7783](https://github.com/containerd/containerd/pull/7783)) * add metrics for image pulling: error; in progress count; thoughput ([#7313](https://github.com/containerd/containerd/pull/7313)) * Prepare release notes for v1.7.0-beta.1 ([#7793](https://github.com/containerd/containerd/pull/7793)) * support fetching containerd from non public GCS buckets ([#7771](https://github.com/containerd/containerd/pull/7771)) * images: support specifying SourceDateEpoch via ctx ([#7651](https://github.com/containerd/containerd/pull/7651)) * fuzzing: improve archive fuzzer ([#7718](https://github.com/containerd/containerd/pull/7718)) * fix sdNotify func when debug level ([#7798](https://github.com/containerd/containerd/pull/7798)) * Upgrade GitHub actions packages in release workflow ([#7794](https://github.com/containerd/containerd/pull/7794)) * Enable GitHub Actions local Linux CI runs ([#7796](https://github.com/containerd/containerd/pull/7796)) * integration: increase timeout in container_event_test.go ([#7791](https://github.com/containerd/containerd/pull/7791)) * digest: use github.com/minio/sha256-simd ([#7732](https://github.com/containerd/containerd/pull/7732)) * allow client to remove created tasks with PID 0 ([#7787](https://github.com/containerd/containerd/pull/7787)) * Add container event support to containerd ([#7073](https://github.com/containerd/containerd/pull/7073)) * docs: Authorizer.Authorize could return ErrUnexpectedStatus ([#7786](https://github.com/containerd/containerd/pull/7786)) * fix: check for tmpfs when evaluating if userxattr is needed ([#7772](https://github.com/containerd/containerd/pull/7772)) * Pass TOML configuration options for runtimes CRI is not aware of ([#7764](https://github.com/containerd/containerd/pull/7764)) * Cleanup build constraints ([#7776](https://github.com/containerd/containerd/pull/7776)) * There is no way to disable debug endpoint on Darwin ([#7775](https://github.com/containerd/containerd/pull/7775)) * CI: Vagrant: pin rockylinux/8 to v5.0.0 ([#7777](https://github.com/containerd/containerd/pull/7777)) * vendor: golang.org/x/net v0.4.0 ([#7774](https://github.com/containerd/containerd/pull/7774)) * Fix context when waiting sandbox ([#7773](https://github.com/containerd/containerd/pull/7773)) * Github Security Advisory [GHSA-2qjp-425j-52j9](https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9) * update to go1.19.4, go1.18.9 ([#7765](https://github.com/containerd/containerd/pull/7765)) * Change PushContent to require only Provider ([#7763](https://github.com/containerd/containerd/pull/7763)) * sbserver bug fixing ([#7768](https://github.com/containerd/containerd/pull/7768)) * Add unit test to Opentelemetry tracing ([#7671](https://github.com/containerd/containerd/pull/7671)) * remove some (aliases for) deprecated functions ([#7525](https://github.com/containerd/containerd/pull/7525)) * Refactor ctr restore to allow for tty allocation ([#7673](https://github.com/containerd/containerd/pull/7673)) * fix panic when containerd-stress density --count 0 ([#7748](https://github.com/containerd/containerd/pull/7748)) * Unwrap proto errors in streaming client ([#7753](https://github.com/containerd/containerd/pull/7753)) * Fix process_vm_* syscall names in seccomp ([#7755](https://github.com/containerd/containerd/pull/7755)) * upgrade the ops.md output for current 1.7 version . ([#7747](https://github.com/containerd/containerd/pull/7747)) * docs: Add extra security instructions ([#7743](https://github.com/containerd/containerd/pull/7743)) * go.mod: re-vendor NRI from the official repo. ([#7744](https://github.com/containerd/containerd/pull/7744)) * [Sandbox API] CRI status cleanup ([#7731](https://github.com/containerd/containerd/pull/7731)) * Transfer service ([#7320](https://github.com/containerd/containerd/pull/7320)) * NRI: add support for NRI with extended scope. ([#6019](https://github.com/containerd/containerd/pull/6019)) * archive: set WithModTimeUpperBound when WithSourceDateEpoch is set ([#7710](https://github.com/containerd/containerd/pull/7710)) * Fix order of operations when setting lease labels ([#7702](https://github.com/containerd/containerd/pull/7702)) * Add ctr image prune command ([#7730](https://github.com/containerd/containerd/pull/7730)) * Check for nullptr before dereferencing ([#7708](https://github.com/containerd/containerd/pull/7708)) * use MaxConcurrentDownloads instead of MaxConcurrentUploadedLayers ([#7736](https://github.com/containerd/containerd/pull/7736)) * introspection: expose the daemon's PID and PIDNS ([#7694](https://github.com/containerd/containerd/pull/7694)) * reference/docker: synchronize fork with upstream distribution/distribution ([#7635](https://github.com/containerd/containerd/pull/7635)) * go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions ([#7721](https://github.com/containerd/containerd/pull/7721)) * Add ptrace readby and tracedby to default AppArmor profile ([#7714](https://github.com/containerd/containerd/pull/7714)) * Fix sandbox API when calling sandboxed shims ([#7684](https://github.com/containerd/containerd/pull/7684)) * make status more readable and update easy. ([#7669](https://github.com/containerd/containerd/pull/7669)) * integration/client: fix go.mod grouping, containerd to v1.7.0-beta.0, cgroups back to v1.0.4 ([#7720](https://github.com/containerd/containerd/pull/7720)) * Resolve warnings in Windows GitHub Actions periodic workflows ([#7706](https://github.com/containerd/containerd/pull/7706)) * Sandbox API: implement Controller.Status for SandboxAPI ([#7470](https://github.com/containerd/containerd/pull/7470)) * [port #5904 to sbserver] Setup pod network after creating the sandbox container ([#7426](https://github.com/containerd/containerd/pull/7426)) * fix for OSS-Fuzz infra changes ([#7677](https://github.com/containerd/containerd/pull/7677)) * runtime/v2/shim: clean up the use of containerdBinary ([#7499](https://github.com/containerd/containerd/pull/7499)) * Add process_vm read and write calls to default seccomp profile ([#7693](https://github.com/containerd/containerd/pull/7693)) * Resolve Scorecards GitHub Actions workflow warnings ([#7707](https://github.com/containerd/containerd/pull/7707)) * cri: add pod uid annotation ([#7697](https://github.com/containerd/containerd/pull/7697)) * Missed out `platform interface` when reused the conn for Client. ([#7699](https://github.com/containerd/containerd/pull/7699)) * overlayfs: remove duplicated tx rollback ([#7700](https://github.com/containerd/containerd/pull/7700)) * go.mod: update some dependencies ([#7704](https://github.com/containerd/containerd/pull/7704)) * update github.com/cpuguy83/go-md2man/v2 to v2.0.2 ([#7705](https://github.com/containerd/containerd/pull/7705)) * Fsnotify bump and change code ([#7703](https://github.com/containerd/containerd/pull/7703)) * fix build containerd in centos9 ([#7683](https://github.com/containerd/containerd/pull/7683)) * Bump urfave-cli to v1.22.10 ([#7701](https://github.com/containerd/containerd/pull/7701)) * can set up the network serially by CNI plugins ([#7685](https://github.com/containerd/containerd/pull/7685)) * Update cri-api dependency to v0.26.0-beta.0 ([#7656](https://github.com/containerd/containerd/pull/7656)) * overlay: Remove unused method param ([#7696](https://github.com/containerd/containerd/pull/7696)) * CI: update Fedora to 37 ([#7691](https://github.com/containerd/containerd/pull/7691)) * tx rollback when GetInfo return error ([#7678](https://github.com/containerd/containerd/pull/7678)) * Upgrade github.com/containerd/cgroups from v1 to v3 ([#7601](https://github.com/containerd/containerd/pull/7601)) * Remove OpenTelementry imports from remotes/docker package ([#7675](https://github.com/containerd/containerd/pull/7675)) * Expose Done and Err in Shutdown service ([#7686](https://github.com/containerd/containerd/pull/7686)) * gotestsum match go version 1.19 ([#7688](https://github.com/containerd/containerd/pull/7688)) * complement sub-command note for containerd-main ([#7670](https://github.com/containerd/containerd/pull/7670)) * keep the lower case letter for flag info ([#7668](https://github.com/containerd/containerd/pull/7668)) * bump critools into ca1571e6edd116b2c95f52e3dfa0b4779b74223a ([#7666](https://github.com/containerd/containerd/pull/7666)) * Fix broken link for CRI plugin in docs ([#7667](https://github.com/containerd/containerd/pull/7667)) * add option to resolve symlinks in WithLinuxDevice ([#7523](https://github.com/containerd/containerd/pull/7523)) * Bump k8s.io deps to v0.25.4 ([#7663](https://github.com/containerd/containerd/pull/7663)) * Release: add static binaries ([#7659](https://github.com/containerd/containerd/pull/7659)) * Bump OpenTelemetry contrib to v0.36.4 ([#7662](https://github.com/containerd/containerd/pull/7662)) * Fix slice append error (`spec.Linux.Resources.HugepageLimits`) ([#7661](https://github.com/containerd/containerd/pull/7661)) * Bump OpenTelemetry to v1.11.1 ([#7660](https://github.com/containerd/containerd/pull/7660)) * feature: add gc scheduler metrics collection count ([#5263](https://github.com/containerd/containerd/pull/5263)) * Add `--debug` args to all subcommands of `ctr pprof` ([#7629](https://github.com/containerd/containerd/pull/7629)) * Add a thin wrapper around otel Span object ([#7655](https://github.com/containerd/containerd/pull/7655)) * Bump grpc to v1.50.1 ([#7643](https://github.com/containerd/containerd/pull/7643)) * replace strings.Split(N) for strings.Cut() or alternatives ([#7631](https://github.com/containerd/containerd/pull/7631)) * add oci.WithCPURT ([#7642](https://github.com/containerd/containerd/pull/7642)) * Sandbox API: Add a new mode config for sandbox controller impls ([#7590](https://github.com/containerd/containerd/pull/7590)) * fuzzing: bump go-fuzz-headers ([#7625](https://github.com/containerd/containerd/pull/7625)) * Bump k8s.io deps to v0.25.3 ([#7637](https://github.com/containerd/containerd/pull/7637)) * Remove uses of deprecated go-digest.NewDigestFromHex, go-digest.Digest.Hex ([#7641](https://github.com/containerd/containerd/pull/7641)) * Extra documentation for content interfaces ([#7640](https://github.com/containerd/containerd/pull/7640)) * Fix shim socket permissions on Darwin ([#7638](https://github.com/containerd/containerd/pull/7638)) * s390x: build and package s390x bin in release assets ([#7614](https://github.com/containerd/containerd/pull/7614)) * Replace mount fork hack with CLONE_FS ([#7513](https://github.com/containerd/containerd/pull/7513)) * remotes: add `FetcherByDigest` for fetching blobs without foreknown descriptors (useful for general-purpose CAS) ([#7460](https://github.com/containerd/containerd/pull/7460)) * Fix "getCPUInfo for OS freebsd: not implemented" on FreeBSD/arm64 ([#7403](https://github.com/containerd/containerd/pull/7403)) * Support default hosts.toml configuration ([#7607](https://github.com/containerd/containerd/pull/7607)) * Add tracing spans in CRI image service and pull.go ([#7453](https://github.com/containerd/containerd/pull/7453)) * Fix missing closed fifo ([#7604](https://github.com/containerd/containerd/pull/7604)) * fix comments ([#7624](https://github.com/containerd/containerd/pull/7624)) * docs: add additional info in backport process ([#7626](https://github.com/containerd/containerd/pull/7626)) * go.mod: golang.org/x/*: use tagged versions ([#7621](https://github.com/containerd/containerd/pull/7621)) * Bump go version to 1.19.3 ([#7620](https://github.com/containerd/containerd/pull/7620)) * ctr export strictly matching ([#7615](https://github.com/containerd/containerd/pull/7615)) * Fix ctr crash when pulling with --http-dump and --http-trace simultaneously ([#7617](https://github.com/containerd/containerd/pull/7617)) * Harden GITHUB_TOKEN permissions for OSSF Scorecard ([#7599](https://github.com/containerd/containerd/pull/7599)) * overlayutils: Add fastpath for userxattr check ([#7611](https://github.com/containerd/containerd/pull/7611)) * Add sequence diagram for shim runtime v2 ([#7606](https://github.com/containerd/containerd/pull/7606)) * Sandbox API: Move remote impls to /sandbox/proxy ([#7600](https://github.com/containerd/containerd/pull/7600)) * fuzzing: improve archive fuzzer ([#7588](https://github.com/containerd/containerd/pull/7588)) * Retry client connection in waitForStart ([#7537](https://github.com/containerd/containerd/pull/7537)) * Add Workflow for running critest with Hyper-V Containers on Windows. ([#7025](https://github.com/containerd/containerd/pull/7025)) * Add release notes for v1.7.0-beta.0 ([#7575](https://github.com/containerd/containerd/pull/7575)) * Cleanup sandbox interfaces ([#7576](https://github.com/containerd/containerd/pull/7576)) * Update GitHub actions release workflow set output ([#7581](https://github.com/containerd/containerd/pull/7581)) * Fix LogURI generation-related tests on Windows. ([#7569](https://github.com/containerd/containerd/pull/7569)) * maintenance: Remove WithWindowsNetworkNamespace from pkg/cri ([#7577](https://github.com/containerd/containerd/pull/7577)) * CRI: implement Controller.Delete for SandboxAPI ([#7457](https://github.com/containerd/containerd/pull/7457)) * Configure CDI registry only on start ([#7419](https://github.com/containerd/containerd/pull/7419)) * update codeql-action to v2 ([#7568](https://github.com/containerd/containerd/pull/7568)) * Add logging related metrics to Containerd CRI plugin ([#7546](https://github.com/containerd/containerd/pull/7546)) * sys: optimize and refactor MkdirAllWithACL() ([#7531](https://github.com/containerd/containerd/pull/7531)) * fix install cni script ([#7484](https://github.com/containerd/containerd/pull/7484)) * Update 1.5 release support timeframe ([#7560](https://github.com/containerd/containerd/pull/7560)) * bump go-fuzz-headers ([#7503](https://github.com/containerd/containerd/pull/7503)) * Add long term stable release branches ([#7454](https://github.com/containerd/containerd/pull/7454)) * fix pusher concurrent close channel ([#7473](https://github.com/containerd/containerd/pull/7473)) * Make tests on GitHub less noisy ([#7530](https://github.com/containerd/containerd/pull/7530)) * containerd should not print error log that failed to init a tracing processor while the tracing plugin is not loaded ([#7541](https://github.com/containerd/containerd/pull/7541)) * Update required Go version in BUILDING.md ([#7544](https://github.com/containerd/containerd/pull/7544)) * go.mod: matttproud/golang_protobuf_extensions v1.0.2 (use tag) ([#7522](https://github.com/containerd/containerd/pull/7522)) * Use `go env` to determine GOPATH in Makefile. ([#7542](https://github.com/containerd/containerd/pull/7542)) * clean-up "nolint" comments, remove unused ones, update golangci-lint ([#7349](https://github.com/containerd/containerd/pull/7349)) * Don't unmount on Darwin when deleting bundle ([#7534](https://github.com/containerd/containerd/pull/7534)) * Add timeouts to all CI jobs ([#7538](https://github.com/containerd/containerd/pull/7538)) * Vagrantfile: explicitly specify rsync as the shared folder driver ([#7539](https://github.com/containerd/containerd/pull/7539)) * sys: remove unused IsAbs() (windows) ([#7527](https://github.com/containerd/containerd/pull/7527)) * cri: PodSandboxStatus should tolerate missing task ([#7535](https://github.com/containerd/containerd/pull/7535)) * CI: update GHA instances from Ubuntu 18.04 to 20.04 ([#7489](https://github.com/containerd/containerd/pull/7489)) * fix the --no-pivot flag being ignored by `ctr tasks start` ([#7519](https://github.com/containerd/containerd/pull/7519)) * Update the default seccomp to block socket calls to AF_VSOCK ([#7510](https://github.com/containerd/containerd/pull/7510)) * cmd/containerd: use golang.org/x/sys/windows.SetStdHandle() ([#7511](https://github.com/containerd/containerd/pull/7511)) * Stats() shouldn't assume s.container is non-nil ([#7517](https://github.com/containerd/containerd/pull/7517)) * Move up actions versions to prep for NodeJS 12 deprecation ([#7516](https://github.com/containerd/containerd/pull/7516)) * cmd/containerd: use golang.org/x/sys Service.SetRecoveryActions() ([#7512](https://github.com/containerd/containerd/pull/7512)) * Updates oci image config to support upstream ArgsEscaped ([#7483](https://github.com/containerd/containerd/pull/7483)) * cmd/containerd: replace deprecated windows.IsAnInteractiveSession() ([#7497](https://github.com/containerd/containerd/pull/7497)) * Update container with sandbox metadata after NetNS is created ([#7481](https://github.com/containerd/containerd/pull/7481)) * archive: add WithSourceDateEpoch() for whiteouts ([#7478](https://github.com/containerd/containerd/pull/7478)) * TestTaskResize must use a terminal ([#7492](https://github.com/containerd/containerd/pull/7492)) * diff/apply.readCounter: check negative size ([#7494](https://github.com/containerd/containerd/pull/7494)) * Add new ctr option for discarding unpacked layers ([#7425](https://github.com/containerd/containerd/pull/7425)) * archive: windows: chtimes(): remove redundant conversion ([#7491](https://github.com/containerd/containerd/pull/7491)) * archive: validate digests before use ([#7488](https://github.com/containerd/containerd/pull/7488)) * vendor: github.com/opencontainers/selinux v1.10.2 ([#7482](https://github.com/containerd/containerd/pull/7482)) * fuzzing: create structured tar bytes in archive fuzzer ([#7477](https://github.com/containerd/containerd/pull/7477)) * Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 ([#7474](https://github.com/containerd/containerd/pull/7474)) * use raw link to containerd.service config ([#7463](https://github.com/containerd/containerd/pull/7463)) * cri doc: Update kata containers reference ([#7466](https://github.com/containerd/containerd/pull/7466)) * Setup pod network after creating the sandbox container ([#5904](https://github.com/containerd/containerd/pull/5904)) * Swap to net.ErrClosed checks for services ([#7446](https://github.com/containerd/containerd/pull/7446)) * go.mod: Bump go-winio to v0.6.0 ([#7443](https://github.com/containerd/containerd/pull/7443)) * fix retry when writer is reset on push ([#6995](https://github.com/containerd/containerd/pull/6995)) * CI: Output a summary using GITHUB_SUMMARY ([#7192](https://github.com/containerd/containerd/pull/7192)) * Fix missing close ([#7430](https://github.com/containerd/containerd/pull/7430)) * Add test flag for skipping shim cgroup test ([#7424](https://github.com/containerd/containerd/pull/7424)) * Refactor CRI fuzzers ([#7405](https://github.com/containerd/containerd/pull/7405)) * Fix LogURIGenerator on Windows ([#7351](https://github.com/containerd/containerd/pull/7351)) * Set grpc code for unimplemented cri-api methods ([#7417](https://github.com/containerd/containerd/pull/7417)) * Add reader option to local content reader at ([#7414](https://github.com/containerd/containerd/pull/7414)) * Sandbox API: implement Controller.Wait and Controller.Stop ([#7401](https://github.com/containerd/containerd/pull/7401)) * remove stray .zuul.yaml ([#7416](https://github.com/containerd/containerd/pull/7416)) * reference CDI configuration details ([#7408](https://github.com/containerd/containerd/pull/7408)) * cri-integration: propagate ENABLE_CRI_SANDBOXES ([#7413](https://github.com/containerd/containerd/pull/7413)) * Enable OpenSSF Scorecard Github Action ([#7404](https://github.com/containerd/containerd/pull/7404)) * Add ext2 fs support to devmapper snapshotter ([#7402](https://github.com/containerd/containerd/pull/7402)) * Fuzzing: Instrument with new sanitizers ([#7396](https://github.com/containerd/containerd/pull/7396)) * Upgrade fuzzing-related packages to reduce dependencies ([#7397](https://github.com/containerd/containerd/pull/7397)) * remotes/docker/config: Skipping TLS verification for localhost ([#7393](https://github.com/containerd/containerd/pull/7393)) * Replace github.com/emicklei/go-restful package, versions <2.16.0 ([#7395](https://github.com/containerd/containerd/pull/7395)) * Add NoSameOwner option when unpacking tars ([#7386](https://github.com/containerd/containerd/pull/7386)) * ctr: add privileged-without-host-devices for run command ([#7328](https://github.com/containerd/containerd/pull/7328)) * chore: matching the casing of other flags for ctr's pull command ([#7341](https://github.com/containerd/containerd/pull/7341)) * windows: Add runhcs-wcow-hypervisor runtimeclass to the default config ([#6901](https://github.com/containerd/containerd/pull/6901)) * Fix missing close ([#7370](https://github.com/containerd/containerd/pull/7370)) * CRI: update cdi version to v0.5.1 ([#7374](https://github.com/containerd/containerd/pull/7374)) * Update to go 1.19.1, 1.18.6 to address CVE-2022-27664, CVE-2022-32190 ([#7372](https://github.com/containerd/containerd/pull/7372)) * vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c ([#7373](https://github.com/containerd/containerd/pull/7373)) * Remove unused variable from images action ([#7371](https://github.com/containerd/containerd/pull/7371)) * feature: use client default namespace ([#7291](https://github.com/containerd/containerd/pull/7291)) * integration: TestUpdateContainerResources_MemoryLimit: remove TODO comment ([#7367](https://github.com/containerd/containerd/pull/7367)) * feature: upgrade registry.k8s.io/pause version ([#7359](https://github.com/containerd/containerd/pull/7359)) * metrics/cgroups/v1: Remove unused event parameter ([#7361](https://github.com/containerd/containerd/pull/7361)) * .zuul: remove the zuul because it is offline ([#7369](https://github.com/containerd/containerd/pull/7369)) * Update golangci-lint timeout to match config ([#7356](https://github.com/containerd/containerd/pull/7356)) * delete redundent import alias and and type conversion ([#7345](https://github.com/containerd/containerd/pull/7345)) * Make checkContainerTimestamps less strict on Windows ([#7350](https://github.com/containerd/containerd/pull/7350)) * Make oss-fuzz mandatory ([#7346](https://github.com/containerd/containerd/pull/7346)) * Add kubernetes v1.25 supported version as v1.24 ([#7326](https://github.com/containerd/containerd/pull/7326)) * sys: move ForceRemoveAll to integration/client ([#7335](https://github.com/containerd/containerd/pull/7335)) * chore: remove duplicate word in comments ([#7338](https://github.com/containerd/containerd/pull/7338)) * Use ioctl helpers from x/sys/unix ([#7342](https://github.com/containerd/containerd/pull/7342)) * archive: replace tarName() with filepath.ToSlash() ([#7344](https://github.com/containerd/containerd/pull/7344)) * mount: remove unused ErrNotImplementOnWindows ([#7339](https://github.com/containerd/containerd/pull/7339)) * replace sys Sequential funcs with moby/sys/sequential ([#7334](https://github.com/containerd/containerd/pull/7334)) * Clarify containerd 1.5.0+ for k8s 1.20,1.21 ([#7324](https://github.com/containerd/containerd/pull/7324)) * update runc binary to v1.1.4 ([#7315](https://github.com/containerd/containerd/pull/7315)) * Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9 ([#7325](https://github.com/containerd/containerd/pull/7325)) * Update k8s.io/cri-api to v0.25.0 ([#7287](https://github.com/containerd/containerd/pull/7287)) * script/setup: handle cnidir with SUDO ([#7322](https://github.com/containerd/containerd/pull/7322)) * ContainerStatus to return container resources ([#6517](https://github.com/containerd/containerd/pull/6517)) * migrate from k8s.gcr.io to registry.k8s.io ([#7038](https://github.com/containerd/containerd/pull/7038)) * Do not rename test files on-the-fly to share functions ([#7309](https://github.com/containerd/containerd/pull/7309)) * ctr import: strictly match platform ([#6906](https://github.com/containerd/containerd/pull/6906)) * Revert "Downgrade MinGW to version 10.2.0" ([#7308](https://github.com/containerd/containerd/pull/7308)) * Follow up #7254 (Switch to Go 1.19) ([#7286](https://github.com/containerd/containerd/pull/7286)) * Upgrade containerd/cgroups to remove github.com/cilium/ebpf's fuzzer ([#7304](https://github.com/containerd/containerd/pull/7304)) * Adding support of CAP_BPF and CAP_PERFMON ([#7301](https://github.com/containerd/containerd/pull/7301)) * go.mod: Bump hcsshim to v0.10.0-rc.1 ([#7284](https://github.com/containerd/containerd/pull/7284)) * Don't fail test when GOOGLE_APPLICATION_CREDENTIALS is unset ([#7306](https://github.com/containerd/containerd/pull/7306)) * ci: remove GOPROXY environment variable due to https://github.com/go-yaml/yaml/issues/887 ([#7293](https://github.com/containerd/containerd/pull/7293)) * Runtime cleanup (Shim manager and task service) ([#7280](https://github.com/containerd/containerd/pull/7280)) * containerd-stress: add support for running through CRI ([#6931](https://github.com/containerd/containerd/pull/6931)) * Switch to Go 1.19 ([#7254](https://github.com/containerd/containerd/pull/7254)) * Vagrantfile: dump containerd log after critest ([#7265](https://github.com/containerd/containerd/pull/7265)) * oci: skip checking group id for WithAppendAdditionalGroups ([#7257](https://github.com/containerd/containerd/pull/7257)) * release workflow: increase timeout to 30 minutes & remove Go setup action ([#7259](https://github.com/containerd/containerd/pull/7259)) * release: rollback Ubuntu to 18.04 (except for riscv64) ([#7258](https://github.com/containerd/containerd/pull/7258)) * Initial sandbox API CRI integration (implement Controller.Start) ([#7228](https://github.com/containerd/containerd/pull/7228)) * Use environment variable to specify Go version on CI ([#7251](https://github.com/containerd/containerd/pull/7251)) * Update golang to 1.18.5, 1.17.13 ([#7243](https://github.com/containerd/containerd/pull/7243)) * Change os.Stderr reassign for Windows service ([#7023](https://github.com/containerd/containerd/pull/7023)) * script/setup: fix protobuf for aarch64 ([#7237](https://github.com/containerd/containerd/pull/7237)) * Fix cleanup in critest ([#7232](https://github.com/containerd/containerd/pull/7232)) * fix: support simultaneous create diff for same parent snapshot ([#7204](https://github.com/containerd/containerd/pull/7204)) * Windows HostProcess container CRI stats test ([#7223](https://github.com/containerd/containerd/pull/7223)) * Regenerate protos with updated protoc-gen-go ([#7226](https://github.com/containerd/containerd/pull/7226)) * test: error strings should not be capitalized ([#7195](https://github.com/containerd/containerd/pull/7195)) * Add extra context to error when push unauthorized ([#7220](https://github.com/containerd/containerd/pull/7220)) * replace with selinux label ([#7207](https://github.com/containerd/containerd/pull/7207)) * Use `httputil.DumpRequestOut` for dumping client req ([#7221](https://github.com/containerd/containerd/pull/7221)) * Fix CRI image pull timeout test for ppc64le ([#7215](https://github.com/containerd/containerd/pull/7215)) * test: introduce failpoint control to runc-shimv2 and cni ([#7069](https://github.com/containerd/containerd/pull/7069)) * chore: bump macos runner version ([#7206](https://github.com/containerd/containerd/pull/7206)) * Use image lists form integration/client tests ([#7210](https://github.com/containerd/containerd/pull/7210)) * go.mod: Bump hcsshim to v0.9.4 ([#7212](https://github.com/containerd/containerd/pull/7212)) * Drop deprecated `ioutil` ([#7203](https://github.com/containerd/containerd/pull/7203)) * Make getServicesOpts a helper ([#7201](https://github.com/containerd/containerd/pull/7201)) * adds an env var commented out for sandboxed mode ([#7183](https://github.com/containerd/containerd/pull/7183)) * cri_stats: handle missing cpu stats ([#7198](https://github.com/containerd/containerd/pull/7198)) * using ContextDialer instead ([#7189](https://github.com/containerd/containerd/pull/7189)) * test: Add ability to switch between cgroupv1 or cgroupv2 for node e2e ([#7173](https://github.com/containerd/containerd/pull/7173)) * code cleanup ([#7182](https://github.com/containerd/containerd/pull/7182)) * Update k8s.io/cri-api to v0.25.0-alpha2 ([#7114](https://github.com/containerd/containerd/pull/7114)) * Refactor usageNanoCores be to used for all OSes ([#7186](https://github.com/containerd/containerd/pull/7186)) * adds support for using env file for systemd boot ([#7191](https://github.com/containerd/containerd/pull/7191)) * go.mod: github.com/stretchr/testify v1.8.0 ([#7185](https://github.com/containerd/containerd/pull/7185)) * ctr: support --user for run/create ([#7145](https://github.com/containerd/containerd/pull/7145)) * docs: Fix sample config.toml syntax ([#7174](https://github.com/containerd/containerd/pull/7174)) * seccomp: seccomp: add syscalls related to PKU in default policy ([#7163](https://github.com/containerd/containerd/pull/7163)) * Update and align golangci-lint version ([#7168](https://github.com/containerd/containerd/pull/7168)) * adds a comment explaining how to disable experimental sbserver ([#7169](https://github.com/containerd/containerd/pull/7169)) * ci: workaround Cirrus CI's INVALID_ARGUMENT ([#7177](https://github.com/containerd/containerd/pull/7177)) * Update install-protobuf script to install protobuf on Darwin ([#7153](https://github.com/containerd/containerd/pull/7153)) * Fork CRI server for Sandbox API integration work ([#7164](https://github.com/containerd/containerd/pull/7164)) * seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE ([#7167](https://github.com/containerd/containerd/pull/7167)) * cri doc: fix formatting for CDI options ([#7158](https://github.com/containerd/containerd/pull/7158)) * update golang to 1.18.4, 1.17.12 ([#7159](https://github.com/containerd/containerd/pull/7159)) * Fix out of date comments for CRI store packages ([#7152](https://github.com/containerd/containerd/pull/7152)) * update some devmapper docs ([#7124](https://github.com/containerd/containerd/pull/7124)) * seccomp: allow clock_settime64 when CAP_SYS_TIME is added ([#7149](https://github.com/containerd/containerd/pull/7149)) * Copy fuzzers from github.com/cncf/cncf-fuzzing ([#7123](https://github.com/containerd/containerd/pull/7123)) * fix can't edit object by using ctr content edit command ([#6847](https://github.com/containerd/containerd/pull/6847)) * integration/client: fix typo in export_test.go ([#7130](https://github.com/containerd/containerd/pull/7130)) * Fix WWW-Authenticate parsing ([#7126](https://github.com/containerd/containerd/pull/7126)) * LCOW differ return ErrNotImplemented for wrong mount type ([#7112](https://github.com/containerd/containerd/pull/7112)) * Update go-restful/v3 to latest release ([#7117](https://github.com/containerd/containerd/pull/7117)) * pkg/cri: use marshal wrapper for version convertor ([#7108](https://github.com/containerd/containerd/pull/7108)) * Remove hacks around contrib/fuzz ([#7087](https://github.com/containerd/containerd/pull/7087)) * Fix missing closed HTTP Body ([#7107](https://github.com/containerd/containerd/pull/7107)) * Cleanup metadata tests ([#7105](https://github.com/containerd/containerd/pull/7105)) * Downgrade MinGW to version 10.2.0 ([#7106](https://github.com/containerd/containerd/pull/7106)) * ctr: Fix `ctr c create` fails to parse arguments ([#7098](https://github.com/containerd/containerd/pull/7098)) * Fix Documentation Issue ([#7103](https://github.com/containerd/containerd/pull/7103)) * refactor: reduce duplicate code ([#7100](https://github.com/containerd/containerd/pull/7100)) * make xattr EPERM non-fatal in createTarFile ([#7094](https://github.com/containerd/containerd/pull/7094)) * Move metadata plugin registration to seperate package ([#7096](https://github.com/containerd/containerd/pull/7096)) * fix: missing sudo for devmapper doc ([#7092](https://github.com/containerd/containerd/pull/7092)) * Ensure Windows Periodic workflow errors out while still uploading results. ([#7085](https://github.com/containerd/containerd/pull/7085)) * Add snapshotter key to snapshot events ([#7084](https://github.com/containerd/containerd/pull/7084)) * add WithAdditionalGIDs test ([#7072](https://github.com/containerd/containerd/pull/7072)) * Forward ctr snapshotter flags on Windows ([#7086](https://github.com/containerd/containerd/pull/7086)) * add WithAppendAdditionalGroups helper ([#7070](https://github.com/containerd/containerd/pull/7070)) * Make CI Fuzz less noisy ([#7065](https://github.com/containerd/containerd/pull/7065)) * ctr: add --hostname flag to create, run ([#7082](https://github.com/containerd/containerd/pull/7082)) * improve content-flow ([#7077](https://github.com/containerd/containerd/pull/7077)) * Make CI Fuzz optional ([#7067](https://github.com/containerd/containerd/pull/7067)) * Use Go 1.18's testing.F on simple fuzzers ([#7056](https://github.com/containerd/containerd/pull/7056)) * Downgrade MinGW in Windows setup scripts. ([#7062](https://github.com/containerd/containerd/pull/7062)) * Make test path a constant ([#7057](https://github.com/containerd/containerd/pull/7057)) * Run fuzzers in CI ([#7052](https://github.com/containerd/containerd/pull/7052)) * CRI: Improve the /dev/shm mount options in Sandbox. ([#6913](https://github.com/containerd/containerd/pull/6913)) * fix:userattr-unmount unexpected timeout ([#7008](https://github.com/containerd/containerd/pull/7008)) * Port (some) unit tests to FreeBSD ([#7042](https://github.com/containerd/containerd/pull/7042)) * Bump Golang and MinGW versions in Windows setup script. ([#6888](https://github.com/containerd/containerd/pull/6888)) * Windows snapshotter touch ups and new functionality ([#6918](https://github.com/containerd/containerd/pull/6918)) * Improve naming consistencies in comments in snapshotter.go ([#7032](https://github.com/containerd/containerd/pull/7032)) * Make building static binaries simpler ([#7022](https://github.com/containerd/containerd/pull/7022)) * Allow CRI on Darwin ([#7033](https://github.com/containerd/containerd/pull/7033)) * update runc binary to v1.1.3 ([#7034](https://github.com/containerd/containerd/pull/7034)) * Linux containers on FreeBSD ([#7000](https://github.com/containerd/containerd/pull/7000)) * go.mod: github.com/moby/sys/mountinfo v0.6.2 ([#7026](https://github.com/containerd/containerd/pull/7026)) * fix minor spelling mistake: lablel -> label ([#7031](https://github.com/containerd/containerd/pull/7031)) * go.mod: github.com/containerd/cgroups v1.0.4 ([#7027](https://github.com/containerd/containerd/pull/7027)) * go.mod: github.com/containerd/continuity v0.3.0 ([#7028](https://github.com/containerd/containerd/pull/7028)) * Correct spelling mistake ("sanbdox" to "sandbox") ([#7029](https://github.com/containerd/containerd/pull/7029)) * Github Security Advisory [GHSA-5ffw-gxpp-mxpf](https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf) * Bump grpc to v1.47.0 ([#7018](https://github.com/containerd/containerd/pull/7018)) * Bump k8s.io deps to v0.24.1 ([#7017](https://github.com/containerd/containerd/pull/7017)) * Support runtime level snapshotter for issue 6657 ([#6899](https://github.com/containerd/containerd/pull/6899)) * update golang to 1.18.3, 1.17.11 ([#7012](https://github.com/containerd/containerd/pull/7012)) * Fix containerd-stress duration flag ([#7004](https://github.com/containerd/containerd/pull/7004)) * update go-cni/for cni update fixing plugins that don't respond with version ([#7009](https://github.com/containerd/containerd/pull/7009)) * Add validations for Windows HostProcess CRI configs ([#6996](https://github.com/containerd/containerd/pull/6996)) * Move docker reference logic to reference/docker package ([#7007](https://github.com/containerd/containerd/pull/7007)) * promote pause image to 3.7 (sync with kube v1.24) ([#7003](https://github.com/containerd/containerd/pull/7003)) * Makefile: use urfave_cli_no_docs for binaries that don't need it ([#6998](https://github.com/containerd/containerd/pull/6998)) * CRI: cleanup cri/store package ([#6993](https://github.com/containerd/containerd/pull/6993)) * Use t.Run for /pkg/cri tests ([#7001](https://github.com/containerd/containerd/pull/7001)) * vendor: github.com/urfave/cli v1.22.9 and fix "verify-vendor" script ([#6997](https://github.com/containerd/containerd/pull/6997)) * sandbox: replace github.com/pkg/errors with native errors ([#6937](https://github.com/containerd/containerd/pull/6937)) * build: Fix references to check-protos target in Makefile ([#6983](https://github.com/containerd/containerd/pull/6983)) * ctr: fix label args used in NewContainer ([#6954](https://github.com/containerd/containerd/pull/6954)) * ctr sandbox: handle sandbox config ([#6959](https://github.com/containerd/containerd/pull/6959)) * Fix broken oss-fuzz build ([#6975](https://github.com/containerd/containerd/pull/6975)) * archive: add human-readable hint to Lchown error ([#6982](https://github.com/containerd/containerd/pull/6982)) * Fix tx closed error when upperdirlabel specified ([#6978](https://github.com/containerd/containerd/pull/6978)) * config: improve config v1 deprecation message ([#6972](https://github.com/containerd/containerd/pull/6972)) * Fix Windows install powershell script ([#6969](https://github.com/containerd/containerd/pull/6969)) * fix comments on metadata schema and update namespace doc ([#6955](https://github.com/containerd/containerd/pull/6955)) * adjust format in comment ([#6956](https://github.com/containerd/containerd/pull/6956)) * Restore decompression benchmarks ([#6957](https://github.com/containerd/containerd/pull/6957)) * cmd/ctr/commands/content: fix typo in fetch command usage ([#6960](https://github.com/containerd/containerd/pull/6960)) * fix some confusing typos ([#6950](https://github.com/containerd/containerd/pull/6950)) * update doc url about k8s ([#6952](https://github.com/containerd/containerd/pull/6952)) * Separate windows-2019 and windows-2022 test results ([#6946](https://github.com/containerd/containerd/pull/6946)) * shim: fix debug flag not working ([#6910](https://github.com/containerd/containerd/pull/6910)) * Reverts removal of parallel run from critest ([#6938](https://github.com/containerd/containerd/pull/6938)) * Bump OpenTelemetry dependencies ([#6932](https://github.com/containerd/containerd/pull/6932)) * update runc binary and vendor to v1.1.2 ([#6934](https://github.com/containerd/containerd/pull/6934)) * oci: WithDefaultUnixDevices(): remove tun/tap from the default devices ([#6923](https://github.com/containerd/containerd/pull/6923)) * update golang to 1.18.2, 1.17.10 ([#6926](https://github.com/containerd/containerd/pull/6926)) * CI: update Fedora to 36 ([#6925](https://github.com/containerd/containerd/pull/6925)) * Add `Wait` to `binaryProcessor` ([#6916](https://github.com/containerd/containerd/pull/6916)) * go.mod: Bump k8s deps to v0.24.0 ([#6905](https://github.com/containerd/containerd/pull/6905)) * (Vagrant CI) Enable git commands due to git CVE fix ([#6915](https://github.com/containerd/containerd/pull/6915)) * Pass explicit JUnit outfile to critest.exe in Windows workflow. ([#6912](https://github.com/containerd/containerd/pull/6912)) * Update critools to v1.24 ([#6894](https://github.com/containerd/containerd/pull/6894)) * devmapper docs: small fixes ([#6904](https://github.com/containerd/containerd/pull/6904)) * move report dir option to end of line for vagrant cri tests ([#6900](https://github.com/containerd/containerd/pull/6900)) * Update Kubernetes version matrix in release docs ([#6892](https://github.com/containerd/containerd/pull/6892)) * Share container images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy ([#6889](https://github.com/containerd/containerd/pull/6889)) * containerd 1.6.4 k8s 1.24 readme announce ([#6890](https://github.com/containerd/containerd/pull/6890)) * Cleanup leaked shim process ([#6866](https://github.com/containerd/containerd/pull/6866)) * Add collectible resources to metadata gc ([#6804](https://github.com/containerd/containerd/pull/6804)) * Update k8 docurl in file ([#6881](https://github.com/containerd/containerd/pull/6881)) * Support RISC-V 64 ([#6882](https://github.com/containerd/containerd/pull/6882)) * docs: minor fixes in snapshots.Snapshotter comments ([#6885](https://github.com/containerd/containerd/pull/6885)) * Officially deprecate Schema 1 ([#6884](https://github.com/containerd/containerd/pull/6884)) * Make Cirrus CI tests more stable ([#6880](https://github.com/containerd/containerd/pull/6880)) * docs: Adding windows installation steps to getting-started.md ([#6875](https://github.com/containerd/containerd/pull/6875)) * Add ctr support for CPUMax and CPUShares ([#6809](https://github.com/containerd/containerd/pull/6809)) * Support for cgroups blockio ([#5490](https://github.com/containerd/containerd/pull/5490)) * Fix comment for metadata/db.go ([#6871](https://github.com/containerd/containerd/pull/6871)) * Remove github.com/gogo/protobuf and github.com/golang/protobuf from containerd's direct dependencies ([#6867](https://github.com/containerd/containerd/pull/6867)) * Update go-cni to v1.1.5 ([#6868](https://github.com/containerd/containerd/pull/6868)) * Bump opencontainers/selinux from 1.10.0 to 1.10.1 ([#6865](https://github.com/containerd/containerd/pull/6865)) * Upgrade google.golang.org/grpc and google.golang.org/protobuf ([#6864](https://github.com/containerd/containerd/pull/6864)) * Don't use "uname -a" as Cirrus CI's cache key ([#6863](https://github.com/containerd/containerd/pull/6863)) * remove duplicate ([#6856](https://github.com/containerd/containerd/pull/6856)) * Create ppc64le release ([#6858](https://github.com/containerd/containerd/pull/6858)) * Move Vagrant-based tests from GitHub Actions to Cirrus CI ([#6854](https://github.com/containerd/containerd/pull/6854)) * feature: support image pull progress timeout ([#6150](https://github.com/containerd/containerd/pull/6150)) * Add unpack interface to be used by client ([#6749](https://github.com/containerd/containerd/pull/6749)) * Fix undefined error in use of errors package ([#6855](https://github.com/containerd/containerd/pull/6855)) * Migrate off from github.com/gogo/protobuf ([#6841](https://github.com/containerd/containerd/pull/6841)) * images/image.go: typo ([#6851](https://github.com/containerd/containerd/pull/6851)) * Add flag to allow oci.WithAllDevicesAllowed on PrivilegedWithoutHostDevices ([#5686](https://github.com/containerd/containerd/pull/5686)) * integration: Adds Windows equivalent for TestSandboxRemoveWithoutIPLeakage ([#6180](https://github.com/containerd/containerd/pull/6180)) * fix incorrect syntax in comments ([#6845](https://github.com/containerd/containerd/pull/6845)) * cri: close fifos when container is deleted ([#6842](https://github.com/containerd/containerd/pull/6842)) * diff: hide types.Any from clients ([#6832](https://github.com/containerd/containerd/pull/6832)) * Add Container-Optimized OS into Adopters ([#6838](https://github.com/containerd/containerd/pull/6838)) * Prepare for google.golang.org/protobuf ([#6835](https://github.com/containerd/containerd/pull/6835)) * fix the restart desired to running when task not found ([#6833](https://github.com/containerd/containerd/pull/6833)) * Remove all gogoproto extensions ([#6829](https://github.com/containerd/containerd/pull/6829)) * fix nil pointer panic for monitor ([#6830](https://github.com/containerd/containerd/pull/6830)) * remotes/docker: log registry URLs as info instead of debug ([#5681](https://github.com/containerd/containerd/pull/5681)) * Rename runtime/v2/task to api/runtime ([#6827](https://github.com/containerd/containerd/pull/6827)) * Fix protoc-gen-go-fieldpath ([#6828](https://github.com/containerd/containerd/pull/6828)) * Consolidate gogo/protobuf dependencies under our own protobuf package ([#6826](https://github.com/containerd/containerd/pull/6826)) * Add restart policy for enhanced restart manager ([#6744](https://github.com/containerd/containerd/pull/6744)) * Remove gogoproto.stdtime ([#6821](https://github.com/containerd/containerd/pull/6821)) * Set timeout when collecting metrics from shim's Stat ([#6781](https://github.com/containerd/containerd/pull/6781)) * Fuzz filter package with Go 1.18's fuzzer ([#6819](https://github.com/containerd/containerd/pull/6819)) * allow ptrace(2) by default for kernel >= 4.8 ([#6810](https://github.com/containerd/containerd/pull/6810)) * Build bin/gen-manpages instead of using "go run" ([#6820](https://github.com/containerd/containerd/pull/6820)) * update golang to 1.18.1, 1.17.9 ([#6822](https://github.com/containerd/containerd/pull/6822)) * Sandbox API ([#6703](https://github.com/containerd/containerd/pull/6703)) * Move lease manager plugin to separate package ([#6811](https://github.com/containerd/containerd/pull/6811)) * fix pool_device_test ([#6807](https://github.com/containerd/containerd/pull/6807)) * check for duplicate nspath possibilities ([#6806](https://github.com/containerd/containerd/pull/6806)) * Do not append []string{""} to command to preserve Docker compatibility ([#6805](https://github.com/containerd/containerd/pull/6805)) * tracing: fix panic on startup when configured ([#6789](https://github.com/containerd/containerd/pull/6789)) * Optimize loading performance for cri recover ([#6680](https://github.com/containerd/containerd/pull/6680)) * Change architecture path in README.md ([#6798](https://github.com/containerd/containerd/pull/6798)) * make consistent for checkpoint path ([#6792](https://github.com/containerd/containerd/pull/6792)) * metrics/cgroups: fix deadlock issue in Add during Collect ([#6788](https://github.com/containerd/containerd/pull/6788)) * ADOPTERS: Update AKS Info ([#6794](https://github.com/containerd/containerd/pull/6794)) * Pin upload-cloud-storage action to 0.8.0 in Windows workflow. ([#6790](https://github.com/containerd/containerd/pull/6790)) * docs: add Deckhouse to the list of adopters ([#6785](https://github.com/containerd/containerd/pull/6785)) * Add `docs/snapshotters`; simplify `docs/cri` ([#6778](https://github.com/containerd/containerd/pull/6778)) * Turn paths from cmdline into absolute paths ([#6672](https://github.com/containerd/containerd/pull/6672)) * CRI: add support for CDI device injection ([#6654](https://github.com/containerd/containerd/pull/6654)) * Disable writing freelist to make the file robust against data corruptions ([#6761](https://github.com/containerd/containerd/pull/6761)) * mv design docs/historical/design ([#6777](https://github.com/containerd/containerd/pull/6777)) * CRI: improve image pulling performance ([#6702](https://github.com/containerd/containerd/pull/6702)) * docs: remove runtime v1; migrate config v1 to v2 ([#6776](https://github.com/containerd/containerd/pull/6776)) * Skip flaky test on Windows ([#6779](https://github.com/containerd/containerd/pull/6779)) * docs/getting-started.md: typo ([#6775](https://github.com/containerd/containerd/pull/6775)) * Add no_tracing tag ([#6750](https://github.com/containerd/containerd/pull/6750)) * Move historical docs to `docs/historical` ([#6754](https://github.com/containerd/containerd/pull/6754)) * Run go mod tidy in integration tests ([#6768](https://github.com/containerd/containerd/pull/6768)) * go.mod: move indirects, and update integration go.mod to 1.18 ([#6765](https://github.com/containerd/containerd/pull/6765)) * Drop gotest.tools ([#6762](https://github.com/containerd/containerd/pull/6762)) * Use t.Setenv instead of os.Setenv ([#6760](https://github.com/containerd/containerd/pull/6760)) * Upgrade to Go 1.18 ([#6709](https://github.com/containerd/containerd/pull/6709)) * Adding multi-arch support for the configure.sh script ([#6751](https://github.com/containerd/containerd/pull/6751)) * docs/getting-started.md: massive update ([#6758](https://github.com/containerd/containerd/pull/6758)) * Remove unmaintained contrib/linuxkit ([#6755](https://github.com/containerd/containerd/pull/6755)) * [Windows CI] Address some timeout issues ([#6757](https://github.com/containerd/containerd/pull/6757)) * BUILDING.md: update supported Go versions ([#6756](https://github.com/containerd/containerd/pull/6756)) * update runc to 1.1.1 ([#6753](https://github.com/containerd/containerd/pull/6753)) * CI: add Rocky Linux 8 ([#6747](https://github.com/containerd/containerd/pull/6747)) * CI: bump up crun to 1.4.4 ([#6748](https://github.com/containerd/containerd/pull/6748)) * added make help for cri integration ([#6743](https://github.com/containerd/containerd/pull/6743)) * Update README.md cncf landscape url ([#6740](https://github.com/containerd/containerd/pull/6740)) * Fix error message in TestNewBinaryIO ([#6738](https://github.com/containerd/containerd/pull/6738)) * Use typeurl.Any instead of github.com/gogo/protobuf/types.Any ([#6706](https://github.com/containerd/containerd/pull/6706)) * Use cgroups.AddProc() for cgroups v1 ([#5738](https://github.com/containerd/containerd/pull/5738)) * fix: ctr images mount with snapshotter option can't get snapshotter ([#6713](https://github.com/containerd/containerd/pull/6713)) * cgroup2: monitor OOMKill instead of OOM to prevent missing container events ([#6323](https://github.com/containerd/containerd/pull/6323)) * moving up to go-cni v1.1.4 ([#6721](https://github.com/containerd/containerd/pull/6721)) * native: fix deadlock from leaving transactions open ([#6722](https://github.com/containerd/containerd/pull/6722)) * go.mod: remove replace, and update github.com/gogo/googleapis v1.4.1 ([#5390](https://github.com/containerd/containerd/pull/5390)) * Github Security Advisory [GHSA-c9cp-9c75-9v8c](https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c) * runtime: deprecate runc --criu / -criu-path option ([#6496](https://github.com/containerd/containerd/pull/6496)) * Bug fix for mount path handling ([#6651](https://github.com/containerd/containerd/pull/6651)) * Upgrade containerd/imgcrypt and opencontainers/image-spec ([#6711](https://github.com/containerd/containerd/pull/6711)) * Remove enumvalue_customname, goproto_enum_prefix and enum_customname ([#6708](https://github.com/containerd/containerd/pull/6708)) * Remove gogoproto.customtype ([#6699](https://github.com/containerd/containerd/pull/6699)) * Skip tty critest testcase on Windows Server 2022 ([#6698](https://github.com/containerd/containerd/pull/6698)) * Build with Go 1.18 ([#6605](https://github.com/containerd/containerd/pull/6605)) * Update prometheus client vendor ([#6690](https://github.com/containerd/containerd/pull/6690)) * vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd ([#6687](https://github.com/containerd/containerd/pull/6687)) * Make the temp mount as ready only in container WithVolumes ([#6593](https://github.com/containerd/containerd/pull/6593)) * fix: `ctr run --cni` get failed ([#6670](https://github.com/containerd/containerd/pull/6670)) * test: use `T.TempDir` to create temporary test directory ([#6681](https://github.com/containerd/containerd/pull/6681)) * Make OpenLab's CI jobs blocking ([#6679](https://github.com/containerd/containerd/pull/6679)) * document log level and format ([#6683](https://github.com/containerd/containerd/pull/6683)) * Add shared content label to namespaces ([#6660](https://github.com/containerd/containerd/pull/6660)) * Add protoc-gen-go-fieldpath ([#6562](https://github.com/containerd/containerd/pull/6562)) * Enable gosec linter for golangci-lint ([#6669](https://github.com/containerd/containerd/pull/6669)) * Make mkfs.xfs available on OpenLab's CI environment ([#6668](https://github.com/containerd/containerd/pull/6668)) * ctr: improve error relative shim path error msg ([#6519](https://github.com/containerd/containerd/pull/6519)) * typo fixes under cmd. ([#6674](https://github.com/containerd/containerd/pull/6674)) * Handle CRI Device.HostPath on Windows ([#6618](https://github.com/containerd/containerd/pull/6618)) * Upgrade golangci-lint and its GitHub Action ([#6666](https://github.com/containerd/containerd/pull/6666)) * Don't build a second copy of containerd-shim-runhcs-v1.exe ([#6661](https://github.com/containerd/containerd/pull/6661)) * Update TestNormalize to only test Windows platform ([#6569](https://github.com/containerd/containerd/pull/6569)) * Fix link in getting-started.md ([#6663](https://github.com/containerd/containerd/pull/6663)) * Fuzzing: refactor metadata fuzzers ([#6423](https://github.com/containerd/containerd/pull/6423)) * Two xfs file systems with same UUID can not be mounted on the same sy… ([#6650](https://github.com/containerd/containerd/pull/6650)) * [Windows] Fix deadline exceeded in daemon restart ([#6635](https://github.com/containerd/containerd/pull/6635)) * Use temp file for export/import test ([#6658](https://github.com/containerd/containerd/pull/6658)) * strip path-info from `-v` (version) output, and implement -v flag for containerd-shim ([#6495](https://github.com/containerd/containerd/pull/6495)) * Improve unexpected response error handling in resolver ([#6617](https://github.com/containerd/containerd/pull/6617)) * Use the latest tag for azure images ([#6601](https://github.com/containerd/containerd/pull/6601)) * Run CRI integration tests in GitHub Actions (Windows) ([#6626](https://github.com/containerd/containerd/pull/6626)) * cri: fix integration test on cgroupsv2 system ([#6595](https://github.com/containerd/containerd/pull/6595)) * Use version 2 configuration format in docs/PLUGINS.md ([#6613](https://github.com/containerd/containerd/pull/6613)) * update to go 1.16.15, 1.17.8 to address CVE-2022-24921 ([#6619](https://github.com/containerd/containerd/pull/6619)) * Update status of 1.4 release ([#6614](https://github.com/containerd/containerd/pull/6614)) * Update TestContainerSymlinkVolumes to use windows path ([#6568](https://github.com/containerd/containerd/pull/6568)) * Add --user support for ctr run Windows ([#6603](https://github.com/containerd/containerd/pull/6603)) * Update releases ([#6608](https://github.com/containerd/containerd/pull/6608)) * Github Security Advisory [GHSA-crp2-qrr5-8pq7](https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7) * Adds support for Windows ArgsEscaped images ([#6479](https://github.com/containerd/containerd/pull/6479)) * Do not use weak import ([#6558](https://github.com/containerd/containerd/pull/6558)) * cri: relax test for system without hugetlb ([#6596](https://github.com/containerd/containerd/pull/6596)) * Use containerd/protobuild instead of stevvooe/protobuild ([#6578](https://github.com/containerd/containerd/pull/6578)) * integration: remove duplicated util pkg ([#6597](https://github.com/containerd/containerd/pull/6597)) * go.mod: update to github.com/tchap/go-patricia/v2 v2.3.1 ([#6591](https://github.com/containerd/containerd/pull/6591)) * Update Go version recommendation in getting started ([#6585](https://github.com/containerd/containerd/pull/6585)) * go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3 ([#6337](https://github.com/containerd/containerd/pull/6337)) * fix Implicit memory aliasing in for loop ([#6331](https://github.com/containerd/containerd/pull/6331)) * Fix build with gccgo ([#6579](https://github.com/containerd/containerd/pull/6579)) * Replace golang.org/x/net/context with std library ([#6580](https://github.com/containerd/containerd/pull/6580)) * containerd-shim-runc-v1: return init pid when clean dead shim ([#6571](https://github.com/containerd/containerd/pull/6571)) * Use Windows matcher when on Windows platform in all code paths ([#6491](https://github.com/containerd/containerd/pull/6491)) * containerd-shim-runc-v2: return init pid when clean dead shim ([#6452](https://github.com/containerd/containerd/pull/6452)) * [Windows][Integration] Enable TestRestartMonitor ([#6515](https://github.com/containerd/containerd/pull/6515)) * go.mod: fsnotify v1.5.1, moby/sys/mountinfo v0.6.0, moby/sys/signal v0.7.0 ([#6554](https://github.com/containerd/containerd/pull/6554)) </p> </details> ### Changes from containerd/cgroups <details><summary>49 commits</summary> <p> * Upgrade GitHub actions CI workflow ([#249](https://github.com/containerd/cgroups/pull/249)) * Upgrade Go compiler to 1.19 ([#248](https://github.com/containerd/cgroups/pull/248)) * Don't use ioutil ([#246](https://github.com/containerd/cgroups/pull/246)) * Check that cgroup is empty before deleting ([#228](https://github.com/containerd/cgroups/pull/228)) * Support cgroup.AddThread in cgroupv2 manager ([#243](https://github.com/containerd/cgroups/pull/243)) * Support to handle more than 4 fields in cpuacct.stat ([#231](https://github.com/containerd/cgroups/pull/231)) * typo shoulld -> should ([#236](https://github.com/containerd/cgroups/pull/236)) * Upgrade github.com/cilium/ebpf from v0.4.0 to v0.9.1 ([#241](https://github.com/containerd/cgroups/pull/241)) * go.mod: github.com/stretchr/testify v1.8.0 ([#240](https://github.com/containerd/cgroups/pull/240)) * .github: use ubuntu-22.04 to test cgroupv2 ([#237](https://github.com/containerd/cgroups/pull/237)) * feat(v2): Support cgroup.MoveTo in cgroupv2 manager ([#235](https://github.com/containerd/cgroups/pull/235)) * Update README to include usage examples of v2 client ([#233](https://github.com/containerd/cgroups/pull/233)) * ParseCgroupFile: fix wrong comment about unified hierarchy ; add ParseCgroupFileUnified to get the unified path ([#232](https://github.com/containerd/cgroups/pull/232)) * Bump go version to 1.17 in go.mod ([#230](https://github.com/containerd/cgroups/pull/230)) * make cmd/ a separate module (as it's only for testing) ([#226](https://github.com/containerd/cgroups/pull/226)) * feat(v2): add Update method for v2.Manager ([#225](https://github.com/containerd/cgroups/pull/225)) * feat: add memory.min param ([#211](https://github.com/containerd/cgroups/pull/211)) * modified the dereference null pointer value. ([#218](https://github.com/containerd/cgroups/pull/218)) * update readme for cpu cgroup demo ([#217](https://github.com/containerd/cgroups/pull/217)) * Fix systemd full path ([#221](https://github.com/containerd/cgroups/pull/221)) * Update Go version and fedora base ([#223](https://github.com/containerd/cgroups/pull/223)) * Fix panic in NewSystemd on nil values ([#219](https://github.com/containerd/cgroups/pull/219)) </p> </details> ### Changes from containerd/continuity <details><summary>28 commits</summary> <p> * go.mod: update dependencies (take 2) ([#204](https://github.com/containerd/continuity/pull/204)) * Revert "go.mod: update dependencies" ([#205](https://github.com/containerd/continuity/pull/205)) * Various small fix-ups ([#202](https://github.com/containerd/continuity/pull/202)) * update authors and mailmap ([#201](https://github.com/containerd/continuity/pull/201)) * move cmd/continuity to its own go module ([#200](https://github.com/containerd/continuity/pull/200)) * CI: resolve Go path before sudoing ; Remove deprecated io/ioutil (except ioutil.ReadDir) ([#198](https://github.com/containerd/continuity/pull/198)) * fs.CopyDir: support sockets and pipes ([#197](https://github.com/containerd/continuity/pull/197)) * Fix wrapping errors ([#196](https://github.com/containerd/continuity/pull/196)) </p> </details> ### Changes from containerd/go-cni <details><summary>38 commits</summary> <p> * Add Go 1.20 support ([#111](https://github.com/containerd/go-cni/pull/111)) * opts: add cgroupPath capability ([#110](https://github.com/containerd/go-cni/pull/110)) * go.mod: github.com/containernetworking/cni v1.1.2 ([#109](https://github.com/containerd/go-cni/pull/109)) * Remove references to io/ioutil package ([#106](https://github.com/containerd/go-cni/pull/106)) * Update golangci/golangci-lint package ([#108](https://github.com/containerd/go-cni/pull/108)) * Update GitHub actions CI workflow ([#107](https://github.com/containerd/go-cni/pull/107)) * Add support for Windows default conf paths ([#103](https://github.com/containerd/go-cni/pull/103)) * go.mod: github.com/stretchr/testify v1.8.0 ([#104](https://github.com/containerd/go-cni/pull/104)) * go.mod: update libcni to v1.1.1 ([#101](https://github.com/containerd/go-cni/pull/101)) * add in some serial setup tests; a little make cleanup ([#100](https://github.com/containerd/go-cni/pull/100)) * Re-introduce serial network setup ([#99](https://github.com/containerd/go-cni/pull/99)) * bump github.com/containernetworking/cni v1.1.0 ([#98](https://github.com/containerd/go-cni/pull/98)) * Revert "Update loopback version to support check" ([#96](https://github.com/containerd/go-cni/pull/96)) * Use revive instead of golint ([#92](https://github.com/containerd/go-cni/pull/92)) * Bump go verion to 1.17 ([#91](https://github.com/containerd/go-cni/pull/91)) * moving up to latest CNI plugin release ([#90](https://github.com/containerd/go-cni/pull/90)) * Fix Loopback Version ([#88](https://github.com/containerd/go-cni/pull/88)) * Update comment for capabilities ([#89](https://github.com/containerd/go-cni/pull/89)) * Add integration test for linux and update go version from 1.16 to 1.17 ([#84](https://github.com/containerd/go-cni/pull/84)) </p> </details> ### Changes from containerd/imgcrypt <details><summary>18 commits</summary> <p> * Use reflect to support diff.ApplyConfig with/without gogo's types.Any ([#75](https://github.com/containerd/imgcrypt/pull/75)) * Upgrade golangci-lint-action and golangci-lint ([#76](https://github.com/containerd/imgcrypt/pull/76)) * CHANGES: Updated CHANGES document for 1.1.4 release ([#74](https://github.com/containerd/imgcrypt/pull/74)) * Bump github.com/containerd/containerd from 1.5.10 to 1.6.1 ([#73](https://github.com/containerd/imgcrypt/pull/73)) * images: prepare for typeurl.Any ([#72](https://github.com/containerd/imgcrypt/pull/72)) * Bump ocicrypt to 1.1.3 ([#71](https://github.com/containerd/imgcrypt/pull/71)) * Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 ([#67](https://github.com/containerd/imgcrypt/pull/67)) </p> </details> ### Changes from containerd/nri <details><summary>56 commits</summary> <p> * Add Go 1.20 support to CI ([#30](https://github.com/containerd/nri/pull/30)) * Add CodeQL Security scan workflow ([#31](https://github.com/containerd/nri/pull/31)) * fixes: sort final adjusted mount slice. ([#29](https://github.com/containerd/nri/pull/29)) * fixes: fix resource adjustment to properly ignore unset/unadjusted fields. ([#28](https://github.com/containerd/nri/pull/28)) * adaptation: fix mount and device adjustment. ([#27](https://github.com/containerd/nri/pull/27)) * Make plugin timeouts configurable, adjust default socket path. ([#26](https://github.com/containerd/nri/pull/26)) * pkg/adaptation: eliminate configuration file. ([#24](https://github.com/containerd/nri/pull/24)) * stub: fix a potential plugin crash. ([#25](https://github.com/containerd/nri/pull/25)) * adaptation: fix a panic for unsolicited updates. ([#23](https://github.com/containerd/nri/pull/23)) * pkg/adaptaton: log errors with %v not %w. ([#22](https://github.com/containerd/nri/pull/22)) * chore: cleanup old buildtags by `go fix` ([#21](https://github.com/containerd/nri/pull/21)) * add back project info ([#20](https://github.com/containerd/nri/pull/20)) * Extend scope to enable common pluggable runtime extensions. ([#16](https://github.com/containerd/nri/pull/16)) * Update GitHub actions CI workflow ([#19](https://github.com/containerd/nri/pull/19)) * replace pkg/errors ([#17](https://github.com/containerd/nri/pull/17)) * Update the examples in README.md ([#15](https://github.com/containerd/nri/pull/15)) * Rename branch from master to main ([#12](https://github.com/containerd/nri/pull/12)) * Update to containerd 1.5.1 ([#11](https://github.com/containerd/nri/pull/11)) </p> </details> ### Changes from containerd/ttrpc <details><summary>56 commits</summary> <p> * Make checkServerShutdown verbose ([#128](https://github.com/containerd/ttrpc/pull/128)) * server: Fix connection issues when receiving ECONNRESET ([#123](https://github.com/containerd/ttrpc/pull/123)) * README: protobuild is in containerd org now ([#125](https://github.com/containerd/ttrpc/pull/125)) * stream: fix the map of streams leak ([#120](https://github.com/containerd/ttrpc/pull/120)) * Regenerated pb.go files to fix mismatches ([#122](https://github.com/containerd/ttrpc/pull/122)) * build: Fix references to check-protos target in Makefile ([#118](https://github.com/containerd/ttrpc/pull/118)) * Add service prefix option to generator ([#116](https://github.com/containerd/ttrpc/pull/116)) * doc: ttrpc supports stream ([#121](https://github.com/containerd/ttrpc/pull/121)) * *: remove codecov ([#114](https://github.com/containerd/ttrpc/pull/114)) * Only generate a Go file if the file has some services ([#112](https://github.com/containerd/ttrpc/pull/112)) * *.go: organize errors to one spot ([#113](https://github.com/containerd/ttrpc/pull/113)) * PROTOCOL: slight markdown touchup ([#111](https://github.com/containerd/ttrpc/pull/111)) * Introduce streaming ([#107](https://github.com/containerd/ttrpc/pull/107)) * Update checkout and lint actions ([#109](https://github.com/containerd/ttrpc/pull/109)) * Add Makefile and update protobuf ([#106](https://github.com/containerd/ttrpc/pull/106)) * Add ttrpc protocol definition ([#102](https://github.com/containerd/ttrpc/pull/102)) * Enable Codecov again ([#105](https://github.com/containerd/ttrpc/pull/105)) * Use CR+LF instead of LF regardless of OS ([#103](https://github.com/containerd/ttrpc/pull/103)) * Log the error's underyling errno if there is ([#104](https://github.com/containerd/ttrpc/pull/104)) * Use google.golang.org/protobuf instead of github.com/gogo/protobuf ([#99](https://github.com/containerd/ttrpc/pull/99)) * Wrap correct error on unix.GetsockoptUcred failure ([#100](https://github.com/containerd/ttrpc/pull/100)) * Update CI project checks to use containerd project action ([#101](https://github.com/containerd/ttrpc/pull/101)) </p> </details> ### Dependency Changes * **github.com/AdaLogics/go-fuzz-headers** 6c3934b029d8 -> 1f10f66a31bf * **github.com/AdamKorcz/go-118-fuzz-build** 5330a85ea652 **_new_** * **github.com/Microsoft/go-winio** v0.5.1 -> v0.6.0 * **github.com/Microsoft/hcsshim** v0.9.2 -> v0.10.0-rc.5 * **github.com/blang/semver/v4** v4.0.0 **_new_** * **github.com/cenkalti/backoff/v4** v4.1.2 -> v4.2.0 * **github.com/cilium/ebpf** v0.7.0 -> v0.9.1 * **github.com/container-orchestrated-devices/container-device-interface** v0.5.4 **_new_** * **github.com/containerd/btrfs/v2** v2.0.0 **_new_** * **github.com/containerd/cgroups** v1.0.3 -> v1.1.0 * **github.com/containerd/cgroups/v3** v3.0.0 **_new_** * **github.com/containerd/continuity** v0.2.2 -> v0.3.0 * **github.com/containerd/go-cni** v1.1.3 -> v1.1.9 * **github.com/containerd/imgcrypt** v1.1.3 -> 8ba028dca028 * **github.com/containerd/nri** v0.1.0 -> v0.3.0 * **github.com/containerd/ttrpc** v1.1.0 -> 32fab2374638 * **github.com/containerd/typeurl/v2** v2.1.0 **_new_** * **github.com/containernetworking/cni** v1.0.1 -> v1.1.2 * **github.com/containernetworking/plugins** v1.0.1 -> v1.2.0 * **github.com/containers/ocicrypt** v1.1.2 -> v1.1.3 * **github.com/coreos/go-systemd/v22** v22.3.2 -> v22.5.0 * **github.com/cpuguy83/go-md2man/v2** v2.0.0 -> v2.0.2 * **github.com/cyphar/filepath-securejoin** v0.2.3 **_new_** * **github.com/docker/go-units** v0.4.0 -> v0.5.0 * **github.com/emicklei/go-restful/v3** v3.8.0 **_new_** * **github.com/fsnotify/fsnotify** v1.4.9 -> v1.6.0 * **github.com/go-logr/logr** v1.2.2 -> v1.2.3 * **github.com/godbus/dbus/v5** v5.0.6 -> v5.1.0 * **github.com/google/go-cmp** v0.5.6 -> v0.5.9 * **github.com/google/uuid** v1.2.0 -> v1.3.0 * **github.com/grpc-ecosystem/grpc-gateway/v2** v2.7.0 **_new_** * **github.com/intel/goresctrl** v0.2.0 -> v0.3.0 * **github.com/klauspost/compress** v1.11.13 -> v1.15.11 * **github.com/klauspost/cpuid/v2** v2.0.4 **_new_** * **github.com/miekg/pkcs11** v1.0.3 -> v1.1.1 * **github.com/minio/sha256-simd** v1.0.0 **_new_** * **github.com/moby/sys/mountinfo** v0.5.0 -> v0.6.2 * **github.com/moby/sys/sequential** v0.5.0 **_new_** * **github.com/moby/sys/signal** v0.6.0 -> v0.7.0 * **github.com/opencontainers/image-spec** 693428a734f5 -> 3a7f492d3f1b * **github.com/opencontainers/runc** v1.1.0 -> v1.1.4 * **github.com/opencontainers/runtime-spec** 1c3f411f0417 -> 86290f6a00fb * **github.com/opencontainers/runtime-tools** 946c877fa809 **_new_** * **github.com/opencontainers/selinux** v1.10.0 -> v1.10.2 * **github.com/pelletier/go-toml** v1.9.3 -> v1.9.5 * **github.com/prometheus/client_golang** v1.11.0 -> v1.13.0 * **github.com/prometheus/common** v0.30.0 -> v0.37.0 * **github.com/prometheus/procfs** v0.7.3 -> v0.8.0 * **github.com/russross/blackfriday/v2** v2.0.1 -> v2.1.0 * **github.com/sirupsen/logrus** v1.8.1 -> v1.9.0 * **github.com/stretchr/testify** v1.7.0 -> v1.8.1 * **github.com/syndtr/gocapability** 42c35b437635 **_new_** * **github.com/tchap/go-patricia/v2** v2.3.1 **_new_** * **github.com/urfave/cli** v1.22.1 -> v1.22.12 * **github.com/vishvananda/netlink** f5de75959ad5 -> v1.2.1-beta.2 * **go.etcd.io/bbolt** v1.3.6 -> v1.3.7 * **go.opencensus.io** v0.23.0 -> v0.24.0 * **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.28.0 -> v0.37.0 * **go.opentelemetry.io/otel** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/exporters/otlp/internal/retry** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/metric** v0.34.0 **_new_** * **go.opentelemetry.io/otel/sdk** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/trace** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/proto/otlp** v0.11.0 -> v0.19.0 * **golang.org/x/crypto** 32db794688a5 -> v0.1.0 * **golang.org/x/mod** v0.7.0 **_new_** * **golang.org/x/net** fe4d6282115f -> v0.5.0 * **golang.org/x/oauth2** 2bc19b11175f -> 6fdb5e3db783 * **golang.org/x/sync** 036812b2e83c -> v0.1.0 * **golang.org/x/sys** 1d35b9e2eb4e -> v0.5.0 * **golang.org/x/term** 6886f2dfbf5b -> v0.4.0 * **golang.org/x/text** v0.3.7 -> v0.6.0 * **golang.org/x/time** 1f47c861a9ac -> 90d013bbcef8 * **golang.org/x/tools** v0.5.0 **_new_** * **google.golang.org/genproto** e50cd9704f63 -> 1c016267d619 * **google.golang.org/grpc** v1.43.0 -> v1.52.3 * **google.golang.org/protobuf** v1.27.1 -> v1.28.1 * **gopkg.in/yaml.v3** 496545a6307b -> v3.0.1 * **k8s.io/api** v0.22.5 -> v0.25.4 * **k8s.io/apimachinery** v0.22.5 -> v0.25.4 * **k8s.io/apiserver** v0.22.5 -> v0.25.4 * **k8s.io/client-go** v0.22.5 -> v0.25.4 * **k8s.io/component-base** v0.22.5 -> v0.25.4 * **k8s.io/cri-api** v0.23.1 -> v0.26.0-beta.0 * **k8s.io/klog/v2** v2.30.0 -> v2.80.1 * **k8s.io/utils** cb0fa318a74b -> 8e77b1f39fe2 * **sigs.k8s.io/json** f223a00ba0e2 **_new_** * **sigs.k8s.io/structured-merge-diff/v4** v4.1.2 -> v4.2.3 * **sigs.k8s.io/yaml** v1.2.0 -> v1.3.0 Previous release can be found at [v1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. * `cri-containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: (Deprecated) * `cri-containerd-cni-<VERSION>-<OS>-<ARCH>.tar.gz`: (Deprecated) In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation. -
v1.6.19
containerd 1.6.19 Welcome to the v1.6.19 release of containerd! The nineteenth patch release for containerd 1.6 contains runtime fixes and additions for Windows platforms ### Notable Updates * **Update hcsshim to v0.9.7 to include fix for graceful termination and pause containers ([#8153](https://github.com/containerd/containerd/pull/8153)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Kirtana Ashok * Derek McGowan * Wei Fu ### Changes <details><summary>4 commits</summary> <p> * [release/1.6] Prepare release notes for v1.6.19 ([#8157](https://github.com/containerd/containerd/pull/8157)) * [`23e94075a`](https://github.com/containerd/containerd/commit/23e94075a5cf42c37c0854d976a5b9c50358f33f) Add release notes for v1.6.19 * [release/1.6] go.mod: Bump hcsshim to v0.9.7 ([#8153](https://github.com/containerd/containerd/pull/8153)) * [`f488a6241`](https://github.com/containerd/containerd/commit/f488a6241b7fa87746026de1a947c57d311751e8) Update hcsshim tag to v0.9.7 </p> </details> ### Dependency Changes * **github.com/Microsoft/hcsshim** v0.9.6 -> v0.9.7 Previous release can be found at [v1.6.18](https://github.com/containerd/containerd/releases/tag/v1.6.18)
-
v1.7.0-rc.0
containerd 1.7.0-rc.0 Welcome to the v1.7.0-rc.0 release of containerd! *This is a pre-release of containerd* The eighth major release of containerd includes new functionality alongside many improvements. This release is intended to be the last major release of containerd 1.x before 2.0. Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0. This release still adheres to our backwards compability guarantees and users who do not use or enable new functionality should use this release with the same stability expectations. The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality. ### Highlights #### Sandbox API _(experimental)_ The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs. This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients. * **Sandbox API** ([#6703](https://github.com/containerd/containerd/pull/6703)) * **CRI Sandbox API Implementation** ([#7228](https://github.com/containerd/containerd/pull/7228)) #### Transfer Service _(experimental)_ * **Transfer Service** ([#7320](https://github.com/containerd/containerd/pull/7320)) The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release to allow for further plugin development and integration into existing plugins. See the [Transfer Docs](https://github.com/containerd/containerd/blob/main/docs/transfer.md) #### NRI _(experimental)_ * **Extend NRI scope** ([nri#16](https://github.com/containerd/nri/pull/16)) * **Support for updated NRI** ([#6019](https://github.com/containerd/containerd/pull/6019)) The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration. This release introduces NRI v0.3.0 with an updated plugin interface to cover a wide range of use cases. See the [NRI Docs](https://github.com/containerd/containerd/blob/main/docs/NRI.md) #### Platform Support * **Linux containers on FreeBSD** ([#7000](https://github.com/containerd/containerd/pull/7000)) #### Runtime Features * **Add support for CDI device injection** ([#6654](https://github.com/containerd/containerd/pull/6654)) * **Support for cgroups blockio** ([#5490](https://github.com/containerd/containerd/pull/5490)) * **Add restart policy for enhanced restart manager** ([#6744](https://github.com/containerd/containerd/pull/6744)) #### gRPC Shim Support _(experimental)_ * **Initial gRPC shim support** ([#8052](https://github.com/containerd/containerd/pull/8052)) Adds support for shims to use gRPC in addition to ttrpc. Existing ttrpc shim support is not going away and will continue to be recommended for the best performance and lowest shim memory overhead. The gRPC support allows implementation of a wider range of shim implementations which may not have access to a stable ttrpc library in the implementation language. The shim protocol is also updated to allow the shims to specify the protocol which is supported. #### Road to 2.0 ##### Refactoring There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points. The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independently. The new sandbox and distribution interfaces provide one example of this, but it also being done for image and network management. The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc. Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability. * **Remove gogoproto.customtype** ([#6699](https://github.com/containerd/containerd/pull/6699)) * **Remove enumvalue_customname, goproto_enum_prefix and enum_customname** ([#6708](https://github.com/containerd/containerd/pull/6708)) * **Remove all gogoproto extensions** ([#6829](https://github.com/containerd/containerd/pull/6829)) * **Migrate off from github.com/gogo/protobuf** ([#6841](https://github.com/containerd/containerd/pull/6841)) * **ttrpc streaming** ([ttrpc#107](https://github.com/containerd/ttrpc/pull/107)) * **Add unpack interface for client** ([#6749](https://github.com/containerd/containerd/pull/6749)) * **Add collectible resources to metadata gc** ([#6804](https://github.com/containerd/containerd/pull/6804)) ##### Configuration Existing CRI configurations will be supported until 2.0. Any functionality split out of CRI will have their configuration migrated to new plugins. Deprecated configuration versions and configurations for deprecated features will be removed in 2.0. ##### Deprecation The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include. * **Docker Schema 1 Image Deprecation** ([#6884](https://github.com/containerd/containerd/pull/6884)) #### CRI Updates * **Fix CRI plugin to setup pod network after creating the sandbox container** ([#5904](https://github.com/containerd/containerd/pull/5904)) * **Support image pull progress timeout** ([#6150](https://github.com/containerd/containerd/pull/6150)) * **Add experimental support for runtime specific snapshotters** ([#6899](https://github.com/containerd/containerd/pull/6899)) * **Pass all TOML runtime configuration options from CRI to the runtime** ([#7764](https://github.com/containerd/containerd/pull/7764)) * **Support for user namespaces in stateless pods ([KEP-127](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/127-user-namespaces)) _(experimental)_** ([#7679](https://github.com/containerd/containerd/pull/7679)) * **Add network plugin metrics** ([#7858](https://github.com/containerd/containerd/pull/7858)) * **CRI v1alpha2 is deprecated and will be removed from containerd in containerd v2.0; if you are using the CRI API please move up to CRI v1; Kubernetes supports CRI v1 since Kubernetes 1.23** ([#7863](https://github.com/containerd/containerd/pull/7863)) #### Other * **Support shallow content copy by adding reader option to local content reader at** ([#7414](https://github.com/containerd/containerd/pull/7414)) * **Add NoSameOwner option when unpacking tars** ([#7386](https://github.com/containerd/containerd/pull/7386)) * **Add `FetcherByDigest` for fetching blobs without fetching a manifest** ([#7460](https://github.com/containerd/containerd/pull/7460)) * **Update default seccomp profile to block socket calls to AF_VSOCK** ([#7510](https://github.com/containerd/containerd/pull/7510)) * **Replace fork on mount logic with CLONE_FS** ([#7513](https://github.com/containerd/containerd/pull/7513)) * **Add support for default registry host configuration** ([#7607](https://github.com/containerd/containerd/pull/7607)) * **Use github.com/minio/sha256-simd for more efficient sha256 calculation** ([#7732](https://github.com/containerd/containerd/pull/7732)) * **Make OCI options cross-platform** ([#7928](https://github.com/containerd/containerd/pull/7928)) * **Update release builds to build from Ubuntu 20.04 with glibc 2.31** ([#8021](https://github.com/containerd/containerd/pull/8021)) * **Use data field from OCI descriptor when provided for fetch** ([#8076](https://github.com/containerd/containerd/pull/8076)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Kazuyoshi Kato * Maksym Pavlenko * Phil Estes * Wei Fu * Akihiro Suda * Sebastiaan van Stijn * Samuel Karp * Krisztian Litkey * Mike Brown * Danny Canter * Daniel Canter * Austin Vazquez * yanggang * Ye Sijun * Iceber Gu * Adam Korcz * Ed Bartosh * Luca Comellini * Stefan Berger * ruiwen-zhao * xin.li * Brian Goff * Gabriel Adrian Samfira * Nashwan Azhari * Paul "TBBle" Hampson * Rodrigo Campos * Henry Wang * Justin Terry * Kevin Parsons * Paco Xu * Shengjing Zhu * Swagat Bora * wanglei * zounengren * Gavin Inglis * Tony Fang * Akhil Mohan * Zechun Chen * guodong * lengrongfu * James Jenkins * Michael Crosby * Qiutong Song * Shiming Zhang * Vincent Batts * Antonio Ojea * Cameron Sparr * Casey Callendrello * Changwei Ge * Josh Seba * Junyu Liu * Kirtana Ashok * Kohei Tokunaga * Michael Zappa * Qasim Sarfraz * Tobias Klauser * Tony Fang * pigletfly * yaoyinnan * Abirdcfly * Amit Barve * Bjorn Neergaard * Craig Ingram * Eng Zer Jun * Eric Lin * Ethan Lowman * Hsing-Yu (David) Chen * James Sturtevant * Jess * Jiongchi Yu * Jonny Stoten * Juan Hoyos * Kang.Zhang * Kay Yan * Markus Lehtonen * Mikko Ylinen * Mohit Sharma * Paul Cacheux * Paul S. Schweigert * Qian Zhang * Yasin Turan * Zhang Tianyang * bin liu * dependabot[bot] * helen * yulng * Aditi * Aditi Sharma * Aman Sharma * Anastassios Nanos * Andrew G. Morgan * Andrey Klimentyev * Aniruddha Basak * Anthony Nandaa * Antti Kervinen * Aviral Takkar * Baoshuo * Benjamin Elder * Benjamin Wang * Bennett-White * Chao Dai * Chuanying Du * Claudiu Belu * Cory Snider * Daniel Lenar * Danielle Lancashire * Dat Nguyen * Davanum Srinivas * Dave * David Leadbeater * David Porter * Dmitry Shurupov * Edgar Lee * Eric Ernst * Fabian Hoffman * Fabian Hoffmann * Fahed Dorgaa * Gabriela Cervantes * Gijs Peskens * Hamza El-Saawy * Ikko Ashimine * Jeff Widman * Jeff Zvier * Jeremi Piotrowski * Jin Dong * Jordan Karaze * Joseph Sheng * Joyce Brum * Jukka Rissanen * Justin Chadwell * Kate * Kathryn Baldauf * Kyle L Frisbie * LongtaoZhang * Manuel Alejandro de Brito Fontes * Marc Schwind * Mark Rossetti * Mark Zhang * Marvin Giessing * Mathis Michel * Merlin Ran * Nabeel Rana * Nathan * Nguyen Phan Huy * Nikita Rybak * Nobel Barakat * Oleg Atamanenko * Oleg Zhurakivskyy * Oliver Radwell * Quan Tian * Roy Yang * Serge Logvinov * Shane Jennings * Shaun Lawrie * Shinichi Morimoto * SilverSoldier * Sophie Liu * Su Fei * Taeho Nam * Takumasa Sakao * Tiger Kaovilai * Tom Godkin * Tomoya.Fujita * Tõnis Tiigi * Xinlin Ma * Yakul Garg * Zhongming Chang * Zhuchen Wang * austinvazquez * cardy.tang * chaunceyjiang * dabaooline * guiyong.ou * huoqifeng * jianfei.zhang * liyuxuan.darfux * ningmingxiao * shi yixue * shuaichang * songjiang han * wen chen * wusong * xiaoyang zhu * yanghesong * yaozhenxiu * zhang he ### Changes <details><summary>1644 commits</summary> <p> * Prepare release notes for v1.7.0-rc.0 ([#8162](https://github.com/containerd/containerd/pull/8162)) * pkg/nri: pull in latest NRI, update NRI configuration. ([#8140](https://github.com/containerd/containerd/pull/8140)) * [transfer]Config options followup ([#8165](https://github.com/containerd/containerd/pull/8165)) * Add configuration options to local transfer service ([#8062](https://github.com/containerd/containerd/pull/8062)) * docs: Show how to select GRPC for shims ([#8134](https://github.com/containerd/containerd/pull/8134)) * CRI: remove duplicated snapshotters code ([#8154](https://github.com/containerd/containerd/pull/8154)) * docs: add more comment to logging.LoggerFunc ([#8142](https://github.com/containerd/containerd/pull/8142)) * contrib/apparmor: remove code related to apparmor_parser version ([#8069](https://github.com/containerd/containerd/pull/8069)) * runtime/v2: Call onCloseWithShimLog for grpc shims ([#8120](https://github.com/containerd/containerd/pull/8120)) * Add Fields type alias to log package ([#8143](https://github.com/containerd/containerd/pull/8143)) * Migrate from k8s.gcr.io to registry.k8s.io ([#8125](https://github.com/containerd/containerd/pull/8125)) * sandbox: start sandbox with options ([#8129](https://github.com/containerd/containerd/pull/8129)) * Add macOS build note ([#8115](https://github.com/containerd/containerd/pull/8115)) * Fix concurrent writes for UpdateContainerStats ([#8130](https://github.com/containerd/containerd/pull/8130)) * dependency: bump go.etcd.io/bbolt to v1.3.7 ([#8128](https://github.com/containerd/containerd/pull/8128)) * runtime/v2: Log BootstrapParams ([#8124](https://github.com/containerd/containerd/pull/8124)) * Prepare release notes for v1.7.0 beta.4 ([#8110](https://github.com/containerd/containerd/pull/8110)) * Go 1.20.1 ([#8103](https://github.com/containerd/containerd/pull/8103)) * ctr version: add args check ([#8096](https://github.com/containerd/containerd/pull/8096)) * pkg/cri/config: fix Mirrors deprecation comment ([#8041](https://github.com/containerd/containerd/pull/8041)) * docs: fix function names in fuzzing test documentation ([#8044](https://github.com/containerd/containerd/pull/8044)) * fix: 'go routine' should be 'goroutine' ([#8051](https://github.com/containerd/containerd/pull/8051)) * Github Security Advisory [GHSA-hmfx-3pcx-653p](https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p) * Github Security Advisory [GHSA-259w-8hf6-59c2](https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2) * pkg/cri/sbserver: experimental NRI integration for CRI. ([#7954](https://github.com/containerd/containerd/pull/7954)) * Clean up error strings that start with uppercase ([#8114](https://github.com/containerd/containerd/pull/8114)) * Clean up repeated package import ([#8113](https://github.com/containerd/containerd/pull/8113)) * Go 1.19.6 ([#8109](https://github.com/containerd/containerd/pull/8109)) * Initial GRPC shims support ([#8052](https://github.com/containerd/containerd/pull/8052)) * CRI: Pass sandbox annotations to _other platforms ([#8060](https://github.com/containerd/containerd/pull/8060)) * cmd/ctr/commands/images: support usage subcommand ([#8105](https://github.com/containerd/containerd/pull/8105)) * cni: pass in the cgroupPath capability argument ([#8067](https://github.com/containerd/containerd/pull/8067)) * Add fallback for windows platforms without osversion ([#8101](https://github.com/containerd/containerd/pull/8101)) * release: xx v1.2.1 ([#8104](https://github.com/containerd/containerd/pull/8104)) * [transfer] update imagestore interface to support multiple references ([#7964](https://github.com/containerd/containerd/pull/7964)) * [sandbox] Use options to pass PodSandboxConfig to shims ([#8100](https://github.com/containerd/containerd/pull/8100)) * Send container events with nil PodSandboxStatus ([#8047](https://github.com/containerd/containerd/pull/8047)) * test: add hostNetwork tests for both windows and linux ([#7984](https://github.com/containerd/containerd/pull/7984)) * loadConfig pre-inspection in advance ([#8097](https://github.com/containerd/containerd/pull/8097)) * contrib/apparmor: remove version-dependent rules ([#8068](https://github.com/containerd/containerd/pull/8068)) * *: introduce wrapper pkgs for blockio and rdt ([#8066](https://github.com/containerd/containerd/pull/8066)) * Extract CRI instrument into separate package ([#8093](https://github.com/containerd/containerd/pull/8093)) * CRI: Mirror generic toml runtime config under server ([#8091](https://github.com/containerd/containerd/pull/8091)) * go.mod: github.com/containerd/typeurl/v2 v2.1.0 ([#8092](https://github.com/containerd/containerd/pull/8092)) * Revert `apparmor_parser` regression ([#8086](https://github.com/containerd/containerd/pull/8086)) * [sandbox] refactor controller interface ([#7981](https://github.com/containerd/containerd/pull/7981)) * btrfs: depend on kernel UAPI instead of libbtrfs ([#7933](https://github.com/containerd/containerd/pull/7933)) * CI: skip some jobs when `repo != containerd/containerd` ([#8082](https://github.com/containerd/containerd/pull/8082)) * chore: clean up repeated package import ([#8078](https://github.com/containerd/containerd/pull/8078)) * fetch: Use data from descriptor when available. ([#8076](https://github.com/containerd/containerd/pull/8076)) * chore: use http constants instead of string ([#8077](https://github.com/containerd/containerd/pull/8077)) * Fix retry logic within devmapper device deactivation ([#8075](https://github.com/containerd/containerd/pull/8075)) * Clean CI yaml ([#8071](https://github.com/containerd/containerd/pull/8071)) * Add critest.exe in $PATH ([#8074](https://github.com/containerd/containerd/pull/8074)) * keep the uppercase letter for flag info ([#7976](https://github.com/containerd/containerd/pull/7976)) * go.mod: Bump hcsshim to v0.10.0-rc.5 ([#8049](https://github.com/containerd/containerd/pull/8049)) * Fix sandbox exit monitor ([#8045](https://github.com/containerd/containerd/pull/8045)) * Generate GRPC contracts for runtime APIs ([#7979](https://github.com/containerd/containerd/pull/7979)) * Make argument validation of `mount.UnmountRecursive` compatible to `mount.UnmountAll` ([#8035](https://github.com/containerd/containerd/pull/8035)) * Export remote snapshotter label handler ([#8036](https://github.com/containerd/containerd/pull/8036)) * Adding support to run install hcsshim from local clone ([#7989](https://github.com/containerd/containerd/pull/7989)) * go.mod: github.com/urfave/cli v1.22.12 ([#8040](https://github.com/containerd/containerd/pull/8040)) * cmd/ctr/commands: clean up the func IntToInt32Array in utils.go ([#8039](https://github.com/containerd/containerd/pull/8039)) * pkg/epoch: drop timezone ([#8037](https://github.com/containerd/containerd/pull/8037)) * go.mod: update github.com/containerd/nri. ([#8034](https://github.com/containerd/containerd/pull/8034)) * fix(docs): minor fix on the windows installation steps ([#8013](https://github.com/containerd/containerd/pull/8013)) * Add integration test to opentelemetry tracing on image pull ([#7847](https://github.com/containerd/containerd/pull/7847)) * Use mount.Target to specify subdirectory of rootfs mount ([#7840](https://github.com/containerd/containerd/pull/7840)) * cri: mkdir /etc/cni with 0755, not 0700 ([#8020](https://github.com/containerd/containerd/pull/8020)) * log/logtest: add `testcase` as debug field ([#8025](https://github.com/containerd/containerd/pull/8025)) * go.mod: github.com/containerd/cgroups/v3 v3.0.0 ([#8027](https://github.com/containerd/containerd/pull/8027)) * Update CNI plugins to 1.2.0 ([#7977](https://github.com/containerd/containerd/pull/7977)) * go.mod: go.opentelemetry.io/otel v1.12.0 ([#8026](https://github.com/containerd/containerd/pull/8026)) * Move PLEG events for pause container under podsandbox package ([#8007](https://github.com/containerd/containerd/pull/8007)) * runtime docs: Clarify delete cwd behavior ([#8012](https://github.com/containerd/containerd/pull/8012)) * release: Add "cri-containerd.DEPRECATED.txt" in the deprecated cri-containerd-* bundles ([#8019](https://github.com/containerd/containerd/pull/8019)) * RELEASES.md: update release status ([#8022](https://github.com/containerd/containerd/pull/8022)) * deflake: TestContainerPids ([#8023](https://github.com/containerd/containerd/pull/8023)) * release: Ubuntu 18.04 -> 20.04 (glibc 2.27 -> 2.31) ([#8021](https://github.com/containerd/containerd/pull/8021)) * Update the EOL date for 1.5 release ([#8015](https://github.com/containerd/containerd/pull/8015)) * Prepare release notes for v1.7.0-beta.3 ([#8014](https://github.com/containerd/containerd/pull/8014)) * Fix Memory Limit test ([#7959](https://github.com/containerd/containerd/pull/7959)) * Reused package errdefs for not supported error ([#8005](https://github.com/containerd/containerd/pull/8005)) * pkg/cri: optimize slice initialization ([#7994](https://github.com/containerd/containerd/pull/7994)) * go.mod: update goresctrl to v0.3.0 ([#7987](https://github.com/containerd/containerd/pull/7987)) * pushWriter: correctly propagate errors ([#7985](https://github.com/containerd/containerd/pull/7985)) * CI: test release.yml on every PR ([#7968](https://github.com/containerd/containerd/pull/7968)) * fix incorrect namespace of event when create/update namespace ([#7129](https://github.com/containerd/containerd/pull/7129)) * Backport changes to sandboxed CRI ([#7973](https://github.com/containerd/containerd/pull/7973)) * Fix syntax errors in the document ([#7970](https://github.com/containerd/containerd/pull/7970)) * release/Dockerfile: set DEBIAN_FRONTEND=noninteractive ([#7969](https://github.com/containerd/containerd/pull/7969)) * use local variable for rt when iterating collectors ([#7963](https://github.com/containerd/containerd/pull/7963)) * Add basic spec and mounts for Darwin ([#7960](https://github.com/containerd/containerd/pull/7960)) * go.mod: Bump hcsshim to v0.10.0-rc.4 ([#7810](https://github.com/containerd/containerd/pull/7810)) * Use specs Platform instead of generated API ([#7958](https://github.com/containerd/containerd/pull/7958)) * Make OCI options cross-platform ([#7928](https://github.com/containerd/containerd/pull/7928)) * update to go1.19.5, go1.18.10 ([#7948](https://github.com/containerd/containerd/pull/7948)) * fuzzing: improve archive fuzzer ([#7957](https://github.com/containerd/containerd/pull/7957)) * shim: enable debug logging for delete ([#7943](https://github.com/containerd/containerd/pull/7943)) * cri: Fix TestUpdateOCILinuxResource for host w/o swap controller ([#7946](https://github.com/containerd/containerd/pull/7946)) * ctr/run: flags --detach and --rm cannot be specified together ([#7929](https://github.com/containerd/containerd/pull/7929)) * Fix Flaky Windows CRI Integration test on TestContainerConsumedStats ([#7935](https://github.com/containerd/containerd/pull/7935)) * Refactor snapshotters metastore transaction ([#7917](https://github.com/containerd/containerd/pull/7917)) * mod: update github.com/pelletier/go-toml@v1.9.5 ([#7932](https://github.com/containerd/containerd/pull/7932)) * archive: improve TestSourceDateEpoch ([#7927](https://github.com/containerd/containerd/pull/7927)) * Add tracing plugin test ([#7883](https://github.com/containerd/containerd/pull/7883)) * docs/content-flow: update the description of the content labels ([#7925](https://github.com/containerd/containerd/pull/7925)) * Add cleanup package for context management during cleanup ([#7861](https://github.com/containerd/containerd/pull/7861)) * Fix race between stream registration and use ([#7886](https://github.com/containerd/containerd/pull/7886)) * Prepare release notes for v1.7.0-beta.2 ([#7903](https://github.com/containerd/containerd/pull/7903)) * Cirrus CI (Fedora 37, Rocky 8): enable cri-integration ([#7892](https://github.com/containerd/containerd/pull/7892)) * contrib/Dockerfile.test: add "integration", "cri-integration", "critest" stages ([#7891](https://github.com/containerd/containerd/pull/7891)) * docs: fix a typo in tracing documentation ([#7914](https://github.com/containerd/containerd/pull/7914)) * CI: Pass GITHUB_TOKEN to containerd/project-checks ([#7913](https://github.com/containerd/containerd/pull/7913)) * Enable dupword linter ([#7911](https://github.com/containerd/containerd/pull/7911)) * ctr: Add platform flag to 'oci spec' command ([#7905](https://github.com/containerd/containerd/pull/7905)) * Vagrantfile: fix disk resize error with VirtualBox ([#7907](https://github.com/containerd/containerd/pull/7907)) * Vagrantfile: fix comments about SELinux ([#7908](https://github.com/containerd/containerd/pull/7908)) * Use the const labels.LabelUncompressed ([#7906](https://github.com/containerd/containerd/pull/7906)) * [sandbox] Add sandbox store plugin type ([#7850](https://github.com/containerd/containerd/pull/7850)) * Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts ([#7893](https://github.com/containerd/containerd/pull/7893)) * CRI: Comment cleanup/misc fixes ([#7904](https://github.com/containerd/containerd/pull/7904)) * Move snapshot event publishing into metadata store ([#5674](https://github.com/containerd/containerd/pull/5674)) * Vagrantfile: install-rootless-podman: remove `setenforce 0` ([#7887](https://github.com/containerd/containerd/pull/7887)) * reused package errdefs for error ([#7894](https://github.com/containerd/containerd/pull/7894)) * integration/images: switch away from Docker Hub to avoid rate limit ([#7888](https://github.com/containerd/containerd/pull/7888)) * Validate userns container config is consistent with sandbox userns config ([#7882](https://github.com/containerd/containerd/pull/7882)) * `ctr contents ls` sorts the labels of the content ([#7881](https://github.com/containerd/containerd/pull/7881)) * chore: use `go fix` to cleanup old +build buildtag ([#7879](https://github.com/containerd/containerd/pull/7879)) * cri: Shadow variables to avoid t.Parallel() issues ([#7880](https://github.com/containerd/containerd/pull/7880)) * Add support for user namespaces in stateless pods (KEP-127) ([#7679](https://github.com/containerd/containerd/pull/7679)) * Refactor metastore transaction ([#7529](https://github.com/containerd/containerd/pull/7529)) * oci: appendOSMounts(): remove unused error, and move ([#7874](https://github.com/containerd/containerd/pull/7874)) * add kube v1.26: remove v1alph2 cri support ([#7863](https://github.com/containerd/containerd/pull/7863)) * make runc 1.1 for oss_fuzz_build.sh ([#7875](https://github.com/containerd/containerd/pull/7875)) * CRI sbserver: Prevent server reuse after Shutdown ([#7872](https://github.com/containerd/containerd/pull/7872)) * Fix incorrect defer usage and refactor judgement ([#7521](https://github.com/containerd/containerd/pull/7521)) * oci: Add WithDomainname ([#7869](https://github.com/containerd/containerd/pull/7869)) * Reused errdefs define error ([#7871](https://github.com/containerd/containerd/pull/7871)) * fix `ctr tasks kill` does not remove cni network under windows ([#7866](https://github.com/containerd/containerd/pull/7866)) * add network plugin metrics ([#7858](https://github.com/containerd/containerd/pull/7858)) * Avoid using canceled context in unpacker cleanup ([#7859](https://github.com/containerd/containerd/pull/7859)) * image/label: print more characters of label keys ([#7618](https://github.com/containerd/containerd/pull/7618)) * prevent Server reuse after a Shutdown ([#7165](https://github.com/containerd/containerd/pull/7165)) * Check containerd's readiness before calling critest ([#7851](https://github.com/containerd/containerd/pull/7851)) * Fix grammatical errors in Readme ([#7837](https://github.com/containerd/containerd/pull/7837)) * Fix cpu architecture detection issue on linux/arm ([#7636](https://github.com/containerd/containerd/pull/7636)) * CRI: Fix no CNI info for pod sandbox on restart ([#7845](https://github.com/containerd/containerd/pull/7845)) * Enable checkRename test ([#7081](https://github.com/containerd/containerd/pull/7081)) * metastore: Add WithTransaction convenience method ([#7781](https://github.com/containerd/containerd/pull/7781)) * Prevent a race condition in testHook ([#7831](https://github.com/containerd/containerd/pull/7831)) * cri: fix `memory.memsw.limit_in_bytes: no such file or directory` ([#7836](https://github.com/containerd/containerd/pull/7836)) * go.mod: update fuzz-headers and fuzz-build ([#7824](https://github.com/containerd/containerd/pull/7824)) * Remove github.com/gogo/protobuf again ([#7825](https://github.com/containerd/containerd/pull/7825)) * CRI: Add host networking helper ([#7814](https://github.com/containerd/containerd/pull/7814)) * Support sandbox shutdown in shim runtimes ([#7792](https://github.com/containerd/containerd/pull/7792)) * move up to CRI-TOOLS v1.26.0 ([#7818](https://github.com/containerd/containerd/pull/7818)) * Minor fix when querying pod sandbox status ([#7812](https://github.com/containerd/containerd/pull/7812)) * nil check to avoid panic on upgrade ([#7809](https://github.com/containerd/containerd/pull/7809)) * Bump grpc to v1.51.0 ([#7709](https://github.com/containerd/containerd/pull/7709)) * fatal error: concurrent map iteration and map write ([#7805](https://github.com/containerd/containerd/pull/7805)) * Bump golangci-lint to v1.50.1 ([#7804](https://github.com/containerd/containerd/pull/7804)) * cri: make swapping disabled with memory limit ([#7783](https://github.com/containerd/containerd/pull/7783)) * add metrics for image pulling: error; in progress count; thoughput ([#7313](https://github.com/containerd/containerd/pull/7313)) * Prepare release notes for v1.7.0-beta.1 ([#7793](https://github.com/containerd/containerd/pull/7793)) * support fetching containerd from non public GCS buckets ([#7771](https://github.com/containerd/containerd/pull/7771)) * images: support specifying SourceDateEpoch via ctx ([#7651](https://github.com/containerd/containerd/pull/7651)) * fuzzing: improve archive fuzzer ([#7718](https://github.com/containerd/containerd/pull/7718)) * fix sdNotify func when debug level ([#7798](https://github.com/containerd/containerd/pull/7798)) * Upgrade GitHub actions packages in release workflow ([#7794](https://github.com/containerd/containerd/pull/7794)) * Enable GitHub Actions local Linux CI runs ([#7796](https://github.com/containerd/containerd/pull/7796)) * integration: increase timeout in container_event_test.go ([#7791](https://github.com/containerd/containerd/pull/7791)) * digest: use github.com/minio/sha256-simd ([#7732](https://github.com/containerd/containerd/pull/7732)) * allow client to remove created tasks with PID 0 ([#7787](https://github.com/containerd/containerd/pull/7787)) * Add container event support to containerd ([#7073](https://github.com/containerd/containerd/pull/7073)) * docs: Authorizer.Authorize could return ErrUnexpectedStatus ([#7786](https://github.com/containerd/containerd/pull/7786)) * fix: check for tmpfs when evaluating if userxattr is needed ([#7772](https://github.com/containerd/containerd/pull/7772)) * Pass TOML configuration options for runtimes CRI is not aware of ([#7764](https://github.com/containerd/containerd/pull/7764)) * Cleanup build constraints ([#7776](https://github.com/containerd/containerd/pull/7776)) * There is no way to disable debug endpoint on Darwin ([#7775](https://github.com/containerd/containerd/pull/7775)) * CI: Vagrant: pin rockylinux/8 to v5.0.0 ([#7777](https://github.com/containerd/containerd/pull/7777)) * vendor: golang.org/x/net v0.4.0 ([#7774](https://github.com/containerd/containerd/pull/7774)) * Fix context when waiting sandbox ([#7773](https://github.com/containerd/containerd/pull/7773)) * Github Security Advisory [GHSA-2qjp-425j-52j9](https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9) * update to go1.19.4, go1.18.9 ([#7765](https://github.com/containerd/containerd/pull/7765)) * Change PushContent to require only Provider ([#7763](https://github.com/containerd/containerd/pull/7763)) * sbserver bug fixing ([#7768](https://github.com/containerd/containerd/pull/7768)) * Add unit test to Opentelemetry tracing ([#7671](https://github.com/containerd/containerd/pull/7671)) * remove some (aliases for) deprecated functions ([#7525](https://github.com/containerd/containerd/pull/7525)) * Refactor ctr restore to allow for tty allocation ([#7673](https://github.com/containerd/containerd/pull/7673)) * fix panic when containerd-stress density --count 0 ([#7748](https://github.com/containerd/containerd/pull/7748)) * Unwrap proto errors in streaming client ([#7753](https://github.com/containerd/containerd/pull/7753)) * Fix process_vm_* syscall names in seccomp ([#7755](https://github.com/containerd/containerd/pull/7755)) * upgrade the ops.md output for current 1.7 version . ([#7747](https://github.com/containerd/containerd/pull/7747)) * docs: Add extra security instructions ([#7743](https://github.com/containerd/containerd/pull/7743)) * go.mod: re-vendor NRI from the official repo. ([#7744](https://github.com/containerd/containerd/pull/7744)) * [Sandbox API] CRI status cleanup ([#7731](https://github.com/containerd/containerd/pull/7731)) * Transfer service ([#7320](https://github.com/containerd/containerd/pull/7320)) * NRI: add support for NRI with extended scope. ([#6019](https://github.com/containerd/containerd/pull/6019)) * archive: set WithModTimeUpperBound when WithSourceDateEpoch is set ([#7710](https://github.com/containerd/containerd/pull/7710)) * Fix order of operations when setting lease labels ([#7702](https://github.com/containerd/containerd/pull/7702)) * Add ctr image prune command ([#7730](https://github.com/containerd/containerd/pull/7730)) * Check for nullptr before dereferencing ([#7708](https://github.com/containerd/containerd/pull/7708)) * use MaxConcurrentDownloads instead of MaxConcurrentUploadedLayers ([#7736](https://github.com/containerd/containerd/pull/7736)) * introspection: expose the daemon's PID and PIDNS ([#7694](https://github.com/containerd/containerd/pull/7694)) * reference/docker: synchronize fork with upstream distribution/distribution ([#7635](https://github.com/containerd/containerd/pull/7635)) * go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions ([#7721](https://github.com/containerd/containerd/pull/7721)) * Add ptrace readby and tracedby to default AppArmor profile ([#7714](https://github.com/containerd/containerd/pull/7714)) * Fix sandbox API when calling sandboxed shims ([#7684](https://github.com/containerd/containerd/pull/7684)) * make status more readable and update easy. ([#7669](https://github.com/containerd/containerd/pull/7669)) * integration/client: fix go.mod grouping, containerd to v1.7.0-beta.0, cgroups back to v1.0.4 ([#7720](https://github.com/containerd/containerd/pull/7720)) * Resolve warnings in Windows GitHub Actions periodic workflows ([#7706](https://github.com/containerd/containerd/pull/7706)) * Sandbox API: implement Controller.Status for SandboxAPI ([#7470](https://github.com/containerd/containerd/pull/7470)) * [port #5904 to sbserver] Setup pod network after creating the sandbox container ([#7426](https://github.com/containerd/containerd/pull/7426)) * fix for OSS-Fuzz infra changes ([#7677](https://github.com/containerd/containerd/pull/7677)) * runtime/v2/shim: clean up the use of containerdBinary ([#7499](https://github.com/containerd/containerd/pull/7499)) * Add process_vm read and write calls to default seccomp profile ([#7693](https://github.com/containerd/containerd/pull/7693)) * Resolve Scorecards GitHub Actions workflow warnings ([#7707](https://github.com/containerd/containerd/pull/7707)) * cri: add pod uid annotation ([#7697](https://github.com/containerd/containerd/pull/7697)) * Missed out `platform interface` when reused the conn for Client. ([#7699](https://github.com/containerd/containerd/pull/7699)) * overlayfs: remove duplicated tx rollback ([#7700](https://github.com/containerd/containerd/pull/7700)) * go.mod: update some dependencies ([#7704](https://github.com/containerd/containerd/pull/7704)) * update github.com/cpuguy83/go-md2man/v2 to v2.0.2 ([#7705](https://github.com/containerd/containerd/pull/7705)) * Fsnotify bump and change code ([#7703](https://github.com/containerd/containerd/pull/7703)) * fix build containerd in centos9 ([#7683](https://github.com/containerd/containerd/pull/7683)) * Bump urfave-cli to v1.22.10 ([#7701](https://github.com/containerd/containerd/pull/7701)) * can set up the network serially by CNI plugins ([#7685](https://github.com/containerd/containerd/pull/7685)) * Update cri-api dependency to v0.26.0-beta.0 ([#7656](https://github.com/containerd/containerd/pull/7656)) * overlay: Remove unused method param ([#7696](https://github.com/containerd/containerd/pull/7696)) * CI: update Fedora to 37 ([#7691](https://github.com/containerd/containerd/pull/7691)) * tx rollback when GetInfo return error ([#7678](https://github.com/containerd/containerd/pull/7678)) * Upgrade github.com/containerd/cgroups from v1 to v3 ([#7601](https://github.com/containerd/containerd/pull/7601)) * Remove OpenTelementry imports from remotes/docker package ([#7675](https://github.com/containerd/containerd/pull/7675)) * Expose Done and Err in Shutdown service ([#7686](https://github.com/containerd/containerd/pull/7686)) * gotestsum match go version 1.19 ([#7688](https://github.com/containerd/containerd/pull/7688)) * complement sub-command note for containerd-main ([#7670](https://github.com/containerd/containerd/pull/7670)) * keep the lower case letter for flag info ([#7668](https://github.com/containerd/containerd/pull/7668)) * bump critools into ca1571e6edd116b2c95f52e3dfa0b4779b74223a ([#7666](https://github.com/containerd/containerd/pull/7666)) * Fix broken link for CRI plugin in docs ([#7667](https://github.com/containerd/containerd/pull/7667)) * add option to resolve symlinks in WithLinuxDevice ([#7523](https://github.com/containerd/containerd/pull/7523)) * Bump k8s.io deps to v0.25.4 ([#7663](https://github.com/containerd/containerd/pull/7663)) * Release: add static binaries ([#7659](https://github.com/containerd/containerd/pull/7659)) * Bump OpenTelemetry contrib to v0.36.4 ([#7662](https://github.com/containerd/containerd/pull/7662)) * Fix slice append error (`spec.Linux.Resources.HugepageLimits`) ([#7661](https://github.com/containerd/containerd/pull/7661)) * Bump OpenTelemetry to v1.11.1 ([#7660](https://github.com/containerd/containerd/pull/7660)) * feature: add gc scheduler metrics collection count ([#5263](https://github.com/containerd/containerd/pull/5263)) * Add `--debug` args to all subcommands of `ctr pprof` ([#7629](https://github.com/containerd/containerd/pull/7629)) * Add a thin wrapper around otel Span object ([#7655](https://github.com/containerd/containerd/pull/7655)) * Bump grpc to v1.50.1 ([#7643](https://github.com/containerd/containerd/pull/7643)) * replace strings.Split(N) for strings.Cut() or alternatives ([#7631](https://github.com/containerd/containerd/pull/7631)) * add oci.WithCPURT ([#7642](https://github.com/containerd/containerd/pull/7642)) * Sandbox API: Add a new mode config for sandbox controller impls ([#7590](https://github.com/containerd/containerd/pull/7590)) * fuzzing: bump go-fuzz-headers ([#7625](https://github.com/containerd/containerd/pull/7625)) * Bump k8s.io deps to v0.25.3 ([#7637](https://github.com/containerd/containerd/pull/7637)) * Remove uses of deprecated go-digest.NewDigestFromHex, go-digest.Digest.Hex ([#7641](https://github.com/containerd/containerd/pull/7641)) * Extra documentation for content interfaces ([#7640](https://github.com/containerd/containerd/pull/7640)) * Fix shim socket permissions on Darwin ([#7638](https://github.com/containerd/containerd/pull/7638)) * s390x: build and package s390x bin in release assets ([#7614](https://github.com/containerd/containerd/pull/7614)) * Replace mount fork hack with CLONE_FS ([#7513](https://github.com/containerd/containerd/pull/7513)) * remotes: add `FetcherByDigest` for fetching blobs without foreknown descriptors (useful for general-purpose CAS) ([#7460](https://github.com/containerd/containerd/pull/7460)) * Fix "getCPUInfo for OS freebsd: not implemented" on FreeBSD/arm64 ([#7403](https://github.com/containerd/containerd/pull/7403)) * Support default hosts.toml configuration ([#7607](https://github.com/containerd/containerd/pull/7607)) * Add tracing spans in CRI image service and pull.go ([#7453](https://github.com/containerd/containerd/pull/7453)) * Fix missing closed fifo ([#7604](https://github.com/containerd/containerd/pull/7604)) * fix comments ([#7624](https://github.com/containerd/containerd/pull/7624)) * docs: add additional info in backport process ([#7626](https://github.com/containerd/containerd/pull/7626)) * go.mod: golang.org/x/*: use tagged versions ([#7621](https://github.com/containerd/containerd/pull/7621)) * Bump go version to 1.19.3 ([#7620](https://github.com/containerd/containerd/pull/7620)) * ctr export strictly matching ([#7615](https://github.com/containerd/containerd/pull/7615)) * Fix ctr crash when pulling with --http-dump and --http-trace simultaneously ([#7617](https://github.com/containerd/containerd/pull/7617)) * Harden GITHUB_TOKEN permissions for OSSF Scorecard ([#7599](https://github.com/containerd/containerd/pull/7599)) * overlayutils: Add fastpath for userxattr check ([#7611](https://github.com/containerd/containerd/pull/7611)) * Add sequence diagram for shim runtime v2 ([#7606](https://github.com/containerd/containerd/pull/7606)) * Sandbox API: Move remote impls to /sandbox/proxy ([#7600](https://github.com/containerd/containerd/pull/7600)) * fuzzing: improve archive fuzzer ([#7588](https://github.com/containerd/containerd/pull/7588)) * Retry client connection in waitForStart ([#7537](https://github.com/containerd/containerd/pull/7537)) * Add Workflow for running critest with Hyper-V Containers on Windows. ([#7025](https://github.com/containerd/containerd/pull/7025)) * Add release notes for v1.7.0-beta.0 ([#7575](https://github.com/containerd/containerd/pull/7575)) * Cleanup sandbox interfaces ([#7576](https://github.com/containerd/containerd/pull/7576)) * Update GitHub actions release workflow set output ([#7581](https://github.com/containerd/containerd/pull/7581)) * Fix LogURI generation-related tests on Windows. ([#7569](https://github.com/containerd/containerd/pull/7569)) * maintenance: Remove WithWindowsNetworkNamespace from pkg/cri ([#7577](https://github.com/containerd/containerd/pull/7577)) * CRI: implement Controller.Delete for SandboxAPI ([#7457](https://github.com/containerd/containerd/pull/7457)) * Configure CDI registry only on start ([#7419](https://github.com/containerd/containerd/pull/7419)) * update codeql-action to v2 ([#7568](https://github.com/containerd/containerd/pull/7568)) * Add logging related metrics to Containerd CRI plugin ([#7546](https://github.com/containerd/containerd/pull/7546)) * sys: optimize and refactor MkdirAllWithACL() ([#7531](https://github.com/containerd/containerd/pull/7531)) * fix install cni script ([#7484](https://github.com/containerd/containerd/pull/7484)) * Update 1.5 release support timeframe ([#7560](https://github.com/containerd/containerd/pull/7560)) * bump go-fuzz-headers ([#7503](https://github.com/containerd/containerd/pull/7503)) * Add long term stable release branches ([#7454](https://github.com/containerd/containerd/pull/7454)) * fix pusher concurrent close channel ([#7473](https://github.com/containerd/containerd/pull/7473)) * Make tests on GitHub less noisy ([#7530](https://github.com/containerd/containerd/pull/7530)) * containerd should not print error log that failed to init a tracing processor while the tracing plugin is not loaded ([#7541](https://github.com/containerd/containerd/pull/7541)) * Update required Go version in BUILDING.md ([#7544](https://github.com/containerd/containerd/pull/7544)) * go.mod: matttproud/golang_protobuf_extensions v1.0.2 (use tag) ([#7522](https://github.com/containerd/containerd/pull/7522)) * Use `go env` to determine GOPATH in Makefile. ([#7542](https://github.com/containerd/containerd/pull/7542)) * clean-up "nolint" comments, remove unused ones, update golangci-lint ([#7349](https://github.com/containerd/containerd/pull/7349)) * Don't unmount on Darwin when deleting bundle ([#7534](https://github.com/containerd/containerd/pull/7534)) * Add timeouts to all CI jobs ([#7538](https://github.com/containerd/containerd/pull/7538)) * Vagrantfile: explicitly specify rsync as the shared folder driver ([#7539](https://github.com/containerd/containerd/pull/7539)) * sys: remove unused IsAbs() (windows) ([#7527](https://github.com/containerd/containerd/pull/7527)) * cri: PodSandboxStatus should tolerate missing task ([#7535](https://github.com/containerd/containerd/pull/7535)) * CI: update GHA instances from Ubuntu 18.04 to 20.04 ([#7489](https://github.com/containerd/containerd/pull/7489)) * fix the --no-pivot flag being ignored by `ctr tasks start` ([#7519](https://github.com/containerd/containerd/pull/7519)) * Update the default seccomp to block socket calls to AF_VSOCK ([#7510](https://github.com/containerd/containerd/pull/7510)) * cmd/containerd: use golang.org/x/sys/windows.SetStdHandle() ([#7511](https://github.com/containerd/containerd/pull/7511)) * Stats() shouldn't assume s.container is non-nil ([#7517](https://github.com/containerd/containerd/pull/7517)) * Move up actions versions to prep for NodeJS 12 deprecation ([#7516](https://github.com/containerd/containerd/pull/7516)) * cmd/containerd: use golang.org/x/sys Service.SetRecoveryActions() ([#7512](https://github.com/containerd/containerd/pull/7512)) * Updates oci image config to support upstream ArgsEscaped ([#7483](https://github.com/containerd/containerd/pull/7483)) * cmd/containerd: replace deprecated windows.IsAnInteractiveSession() ([#7497](https://github.com/containerd/containerd/pull/7497)) * Update container with sandbox metadata after NetNS is created ([#7481](https://github.com/containerd/containerd/pull/7481)) * archive: add WithSourceDateEpoch() for whiteouts ([#7478](https://github.com/containerd/containerd/pull/7478)) * TestTaskResize must use a terminal ([#7492](https://github.com/containerd/containerd/pull/7492)) * diff/apply.readCounter: check negative size ([#7494](https://github.com/containerd/containerd/pull/7494)) * Add new ctr option for discarding unpacked layers ([#7425](https://github.com/containerd/containerd/pull/7425)) * archive: windows: chtimes(): remove redundant conversion ([#7491](https://github.com/containerd/containerd/pull/7491)) * archive: validate digests before use ([#7488](https://github.com/containerd/containerd/pull/7488)) * vendor: github.com/opencontainers/selinux v1.10.2 ([#7482](https://github.com/containerd/containerd/pull/7482)) * fuzzing: create structured tar bytes in archive fuzzer ([#7477](https://github.com/containerd/containerd/pull/7477)) * Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 ([#7474](https://github.com/containerd/containerd/pull/7474)) * use raw link to containerd.service config ([#7463](https://github.com/containerd/containerd/pull/7463)) * cri doc: Update kata containers reference ([#7466](https://github.com/containerd/containerd/pull/7466)) * Setup pod network after creating the sandbox container ([#5904](https://github.com/containerd/containerd/pull/5904)) * Swap to net.ErrClosed checks for services ([#7446](https://github.com/containerd/containerd/pull/7446)) * go.mod: Bump go-winio to v0.6.0 ([#7443](https://github.com/containerd/containerd/pull/7443)) * fix retry when writer is reset on push ([#6995](https://github.com/containerd/containerd/pull/6995)) * CI: Output a summary using GITHUB_SUMMARY ([#7192](https://github.com/containerd/containerd/pull/7192)) * Fix missing close ([#7430](https://github.com/containerd/containerd/pull/7430)) * Add test flag for skipping shim cgroup test ([#7424](https://github.com/containerd/containerd/pull/7424)) * Refactor CRI fuzzers ([#7405](https://github.com/containerd/containerd/pull/7405)) * Fix LogURIGenerator on Windows ([#7351](https://github.com/containerd/containerd/pull/7351)) * Set grpc code for unimplemented cri-api methods ([#7417](https://github.com/containerd/containerd/pull/7417)) * Add reader option to local content reader at ([#7414](https://github.com/containerd/containerd/pull/7414)) * Sandbox API: implement Controller.Wait and Controller.Stop ([#7401](https://github.com/containerd/containerd/pull/7401)) * remove stray .zuul.yaml ([#7416](https://github.com/containerd/containerd/pull/7416)) * reference CDI configuration details ([#7408](https://github.com/containerd/containerd/pull/7408)) * cri-integration: propagate ENABLE_CRI_SANDBOXES ([#7413](https://github.com/containerd/containerd/pull/7413)) * Enable OpenSSF Scorecard Github Action ([#7404](https://github.com/containerd/containerd/pull/7404)) * Add ext2 fs support to devmapper snapshotter ([#7402](https://github.com/containerd/containerd/pull/7402)) * Fuzzing: Instrument with new sanitizers ([#7396](https://github.com/containerd/containerd/pull/7396)) * Upgrade fuzzing-related packages to reduce dependencies ([#7397](https://github.com/containerd/containerd/pull/7397)) * remotes/docker/config: Skipping TLS verification for localhost ([#7393](https://github.com/containerd/containerd/pull/7393)) * Replace github.com/emicklei/go-restful package, versions <2.16.0 ([#7395](https://github.com/containerd/containerd/pull/7395)) * Add NoSameOwner option when unpacking tars ([#7386](https://github.com/containerd/containerd/pull/7386)) * ctr: add privileged-without-host-devices for run command ([#7328](https://github.com/containerd/containerd/pull/7328)) * chore: matching the casing of other flags for ctr's pull command ([#7341](https://github.com/containerd/containerd/pull/7341)) * windows: Add runhcs-wcow-hypervisor runtimeclass to the default config ([#6901](https://github.com/containerd/containerd/pull/6901)) * Fix missing close ([#7370](https://github.com/containerd/containerd/pull/7370)) * CRI: update cdi version to v0.5.1 ([#7374](https://github.com/containerd/containerd/pull/7374)) * Update to go 1.19.1, 1.18.6 to address CVE-2022-27664, CVE-2022-32190 ([#7372](https://github.com/containerd/containerd/pull/7372)) * vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c ([#7373](https://github.com/containerd/containerd/pull/7373)) * Remove unused variable from images action ([#7371](https://github.com/containerd/containerd/pull/7371)) * feature: use client default namespace ([#7291](https://github.com/containerd/containerd/pull/7291)) * integration: TestUpdateContainerResources_MemoryLimit: remove TODO comment ([#7367](https://github.com/containerd/containerd/pull/7367)) * feature: upgrade registry.k8s.io/pause version ([#7359](https://github.com/containerd/containerd/pull/7359)) * metrics/cgroups/v1: Remove unused event parameter ([#7361](https://github.com/containerd/containerd/pull/7361)) * .zuul: remove the zuul because it is offline ([#7369](https://github.com/containerd/containerd/pull/7369)) * Update golangci-lint timeout to match config ([#7356](https://github.com/containerd/containerd/pull/7356)) * delete redundent import alias and and type conversion ([#7345](https://github.com/containerd/containerd/pull/7345)) * Make checkContainerTimestamps less strict on Windows ([#7350](https://github.com/containerd/containerd/pull/7350)) * Make oss-fuzz mandatory ([#7346](https://github.com/containerd/containerd/pull/7346)) * Add kubernetes v1.25 supported version as v1.24 ([#7326](https://github.com/containerd/containerd/pull/7326)) * sys: move ForceRemoveAll to integration/client ([#7335](https://github.com/containerd/containerd/pull/7335)) * chore: remove duplicate word in comments ([#7338](https://github.com/containerd/containerd/pull/7338)) * Use ioctl helpers from x/sys/unix ([#7342](https://github.com/containerd/containerd/pull/7342)) * archive: replace tarName() with filepath.ToSlash() ([#7344](https://github.com/containerd/containerd/pull/7344)) * mount: remove unused ErrNotImplementOnWindows ([#7339](https://github.com/containerd/containerd/pull/7339)) * replace sys Sequential funcs with moby/sys/sequential ([#7334](https://github.com/containerd/containerd/pull/7334)) * Clarify containerd 1.5.0+ for k8s 1.20,1.21 ([#7324](https://github.com/containerd/containerd/pull/7324)) * update runc binary to v1.1.4 ([#7315](https://github.com/containerd/containerd/pull/7315)) * Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9 ([#7325](https://github.com/containerd/containerd/pull/7325)) * Update k8s.io/cri-api to v0.25.0 ([#7287](https://github.com/containerd/containerd/pull/7287)) * script/setup: handle cnidir with SUDO ([#7322](https://github.com/containerd/containerd/pull/7322)) * ContainerStatus to return container resources ([#6517](https://github.com/containerd/containerd/pull/6517)) * migrate from k8s.gcr.io to registry.k8s.io ([#7038](https://github.com/containerd/containerd/pull/7038)) * Do not rename test files on-the-fly to share functions ([#7309](https://github.com/containerd/containerd/pull/7309)) * ctr import: strictly match platform ([#6906](https://github.com/containerd/containerd/pull/6906)) * Revert "Downgrade MinGW to version 10.2.0" ([#7308](https://github.com/containerd/containerd/pull/7308)) * Follow up #7254 (Switch to Go 1.19) ([#7286](https://github.com/containerd/containerd/pull/7286)) * Upgrade containerd/cgroups to remove github.com/cilium/ebpf's fuzzer ([#7304](https://github.com/containerd/containerd/pull/7304)) * Adding support of CAP_BPF and CAP_PERFMON ([#7301](https://github.com/containerd/containerd/pull/7301)) * go.mod: Bump hcsshim to v0.10.0-rc.1 ([#7284](https://github.com/containerd/containerd/pull/7284)) * Don't fail test when GOOGLE_APPLICATION_CREDENTIALS is unset ([#7306](https://github.com/containerd/containerd/pull/7306)) * ci: remove GOPROXY environment variable due to https://github.com/go-yaml/yaml/issues/887 ([#7293](https://github.com/containerd/containerd/pull/7293)) * Runtime cleanup (Shim manager and task service) ([#7280](https://github.com/containerd/containerd/pull/7280)) * containerd-stress: add support for running through CRI ([#6931](https://github.com/containerd/containerd/pull/6931)) * Switch to Go 1.19 ([#7254](https://github.com/containerd/containerd/pull/7254)) * Vagrantfile: dump containerd log after critest ([#7265](https://github.com/containerd/containerd/pull/7265)) * oci: skip checking group id for WithAppendAdditionalGroups ([#7257](https://github.com/containerd/containerd/pull/7257)) * release workflow: increase timeout to 30 minutes & remove Go setup action ([#7259](https://github.com/containerd/containerd/pull/7259)) * release: rollback Ubuntu to 18.04 (except for riscv64) ([#7258](https://github.com/containerd/containerd/pull/7258)) * Initial sandbox API CRI integration (implement Controller.Start) ([#7228](https://github.com/containerd/containerd/pull/7228)) * Use environment variable to specify Go version on CI ([#7251](https://github.com/containerd/containerd/pull/7251)) * Update golang to 1.18.5, 1.17.13 ([#7243](https://github.com/containerd/containerd/pull/7243)) * Change os.Stderr reassign for Windows service ([#7023](https://github.com/containerd/containerd/pull/7023)) * script/setup: fix protobuf for aarch64 ([#7237](https://github.com/containerd/containerd/pull/7237)) * Fix cleanup in critest ([#7232](https://github.com/containerd/containerd/pull/7232)) * fix: support simultaneous create diff for same parent snapshot ([#7204](https://github.com/containerd/containerd/pull/7204)) * Windows HostProcess container CRI stats test ([#7223](https://github.com/containerd/containerd/pull/7223)) * Regenerate protos with updated protoc-gen-go ([#7226](https://github.com/containerd/containerd/pull/7226)) * test: error strings should not be capitalized ([#7195](https://github.com/containerd/containerd/pull/7195)) * Add extra context to error when push unauthorized ([#7220](https://github.com/containerd/containerd/pull/7220)) * replace with selinux label ([#7207](https://github.com/containerd/containerd/pull/7207)) * Use `httputil.DumpRequestOut` for dumping client req ([#7221](https://github.com/containerd/containerd/pull/7221)) * Fix CRI image pull timeout test for ppc64le ([#7215](https://github.com/containerd/containerd/pull/7215)) * test: introduce failpoint control to runc-shimv2 and cni ([#7069](https://github.com/containerd/containerd/pull/7069)) * chore: bump macos runner version ([#7206](https://github.com/containerd/containerd/pull/7206)) * Use image lists form integration/client tests ([#7210](https://github.com/containerd/containerd/pull/7210)) * go.mod: Bump hcsshim to v0.9.4 ([#7212](https://github.com/containerd/containerd/pull/7212)) * Drop deprecated `ioutil` ([#7203](https://github.com/containerd/containerd/pull/7203)) * Make getServicesOpts a helper ([#7201](https://github.com/containerd/containerd/pull/7201)) * adds an env var commented out for sandboxed mode ([#7183](https://github.com/containerd/containerd/pull/7183)) * cri_stats: handle missing cpu stats ([#7198](https://github.com/containerd/containerd/pull/7198)) * using ContextDialer instead ([#7189](https://github.com/containerd/containerd/pull/7189)) * test: Add ability to switch between cgroupv1 or cgroupv2 for node e2e ([#7173](https://github.com/containerd/containerd/pull/7173)) * code cleanup ([#7182](https://github.com/containerd/containerd/pull/7182)) * Update k8s.io/cri-api to v0.25.0-alpha2 ([#7114](https://github.com/containerd/containerd/pull/7114)) * Refactor usageNanoCores be to used for all OSes ([#7186](https://github.com/containerd/containerd/pull/7186)) * adds support for using env file for systemd boot ([#7191](https://github.com/containerd/containerd/pull/7191)) * go.mod: github.com/stretchr/testify v1.8.0 ([#7185](https://github.com/containerd/containerd/pull/7185)) * ctr: support --user for run/create ([#7145](https://github.com/containerd/containerd/pull/7145)) * docs: Fix sample config.toml syntax ([#7174](https://github.com/containerd/containerd/pull/7174)) * seccomp: seccomp: add syscalls related to PKU in default policy ([#7163](https://github.com/containerd/containerd/pull/7163)) * Update and align golangci-lint version ([#7168](https://github.com/containerd/containerd/pull/7168)) * adds a comment explaining how to disable experimental sbserver ([#7169](https://github.com/containerd/containerd/pull/7169)) * ci: workaround Cirrus CI's INVALID_ARGUMENT ([#7177](https://github.com/containerd/containerd/pull/7177)) * Update install-protobuf script to install protobuf on Darwin ([#7153](https://github.com/containerd/containerd/pull/7153)) * Fork CRI server for Sandbox API integration work ([#7164](https://github.com/containerd/containerd/pull/7164)) * seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE ([#7167](https://github.com/containerd/containerd/pull/7167)) * cri doc: fix formatting for CDI options ([#7158](https://github.com/containerd/containerd/pull/7158)) * update golang to 1.18.4, 1.17.12 ([#7159](https://github.com/containerd/containerd/pull/7159)) * Fix out of date comments for CRI store packages ([#7152](https://github.com/containerd/containerd/pull/7152)) * update some devmapper docs ([#7124](https://github.com/containerd/containerd/pull/7124)) * seccomp: allow clock_settime64 when CAP_SYS_TIME is added ([#7149](https://github.com/containerd/containerd/pull/7149)) * Copy fuzzers from github.com/cncf/cncf-fuzzing ([#7123](https://github.com/containerd/containerd/pull/7123)) * fix can't edit object by using ctr content edit command ([#6847](https://github.com/containerd/containerd/pull/6847)) * integration/client: fix typo in export_test.go ([#7130](https://github.com/containerd/containerd/pull/7130)) * Fix WWW-Authenticate parsing ([#7126](https://github.com/containerd/containerd/pull/7126)) * LCOW differ return ErrNotImplemented for wrong mount type ([#7112](https://github.com/containerd/containerd/pull/7112)) * Update go-restful/v3 to latest release ([#7117](https://github.com/containerd/containerd/pull/7117)) * pkg/cri: use marshal wrapper for version convertor ([#7108](https://github.com/containerd/containerd/pull/7108)) * Remove hacks around contrib/fuzz ([#7087](https://github.com/containerd/containerd/pull/7087)) * Fix missing closed HTTP Body ([#7107](https://github.com/containerd/containerd/pull/7107)) * Cleanup metadata tests ([#7105](https://github.com/containerd/containerd/pull/7105)) * Downgrade MinGW to version 10.2.0 ([#7106](https://github.com/containerd/containerd/pull/7106)) * ctr: Fix `ctr c create` fails to parse arguments ([#7098](https://github.com/containerd/containerd/pull/7098)) * Fix Documentation Issue ([#7103](https://github.com/containerd/containerd/pull/7103)) * refactor: reduce duplicate code ([#7100](https://github.com/containerd/containerd/pull/7100)) * make xattr EPERM non-fatal in createTarFile ([#7094](https://github.com/containerd/containerd/pull/7094)) * Move metadata plugin registration to seperate package ([#7096](https://github.com/containerd/containerd/pull/7096)) * fix: missing sudo for devmapper doc ([#7092](https://github.com/containerd/containerd/pull/7092)) * Ensure Windows Periodic workflow errors out while still uploading results. ([#7085](https://github.com/containerd/containerd/pull/7085)) * Add snapshotter key to snapshot events ([#7084](https://github.com/containerd/containerd/pull/7084)) * add WithAdditionalGIDs test ([#7072](https://github.com/containerd/containerd/pull/7072)) * Forward ctr snapshotter flags on Windows ([#7086](https://github.com/containerd/containerd/pull/7086)) * add WithAppendAdditionalGroups helper ([#7070](https://github.com/containerd/containerd/pull/7070)) * Make CI Fuzz less noisy ([#7065](https://github.com/containerd/containerd/pull/7065)) * ctr: add --hostname flag to create, run ([#7082](https://github.com/containerd/containerd/pull/7082)) * improve content-flow ([#7077](https://github.com/containerd/containerd/pull/7077)) * Make CI Fuzz optional ([#7067](https://github.com/containerd/containerd/pull/7067)) * Use Go 1.18's testing.F on simple fuzzers ([#7056](https://github.com/containerd/containerd/pull/7056)) * Downgrade MinGW in Windows setup scripts. ([#7062](https://github.com/containerd/containerd/pull/7062)) * Make test path a constant ([#7057](https://github.com/containerd/containerd/pull/7057)) * Run fuzzers in CI ([#7052](https://github.com/containerd/containerd/pull/7052)) * CRI: Improve the /dev/shm mount options in Sandbox. ([#6913](https://github.com/containerd/containerd/pull/6913)) * fix:userattr-unmount unexpected timeout ([#7008](https://github.com/containerd/containerd/pull/7008)) * Port (some) unit tests to FreeBSD ([#7042](https://github.com/containerd/containerd/pull/7042)) * Bump Golang and MinGW versions in Windows setup script. ([#6888](https://github.com/containerd/containerd/pull/6888)) * Windows snapshotter touch ups and new functionality ([#6918](https://github.com/containerd/containerd/pull/6918)) * Improve naming consistencies in comments in snapshotter.go ([#7032](https://github.com/containerd/containerd/pull/7032)) * Make building static binaries simpler ([#7022](https://github.com/containerd/containerd/pull/7022)) * Allow CRI on Darwin ([#7033](https://github.com/containerd/containerd/pull/7033)) * update runc binary to v1.1.3 ([#7034](https://github.com/containerd/containerd/pull/7034)) * Linux containers on FreeBSD ([#7000](https://github.com/containerd/containerd/pull/7000)) * go.mod: github.com/moby/sys/mountinfo v0.6.2 ([#7026](https://github.com/containerd/containerd/pull/7026)) * fix minor spelling mistake: lablel -> label ([#7031](https://github.com/containerd/containerd/pull/7031)) * go.mod: github.com/containerd/cgroups v1.0.4 ([#7027](https://github.com/containerd/containerd/pull/7027)) * go.mod: github.com/containerd/continuity v0.3.0 ([#7028](https://github.com/containerd/containerd/pull/7028)) * Correct spelling mistake ("sanbdox" to "sandbox") ([#7029](https://github.com/containerd/containerd/pull/7029)) * Github Security Advisory [GHSA-5ffw-gxpp-mxpf](https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf) * Bump grpc to v1.47.0 ([#7018](https://github.com/containerd/containerd/pull/7018)) * Bump k8s.io deps to v0.24.1 ([#7017](https://github.com/containerd/containerd/pull/7017)) * Support runtime level snapshotter for issue 6657 ([#6899](https://github.com/containerd/containerd/pull/6899)) * update golang to 1.18.3, 1.17.11 ([#7012](https://github.com/containerd/containerd/pull/7012)) * Fix containerd-stress duration flag ([#7004](https://github.com/containerd/containerd/pull/7004)) * update go-cni/for cni update fixing plugins that don't respond with version ([#7009](https://github.com/containerd/containerd/pull/7009)) * Add validations for Windows HostProcess CRI configs ([#6996](https://github.com/containerd/containerd/pull/6996)) * Move docker reference logic to reference/docker package ([#7007](https://github.com/containerd/containerd/pull/7007)) * promote pause image to 3.7 (sync with kube v1.24) ([#7003](https://github.com/containerd/containerd/pull/7003)) * Makefile: use urfave_cli_no_docs for binaries that don't need it ([#6998](https://github.com/containerd/containerd/pull/6998)) * CRI: cleanup cri/store package ([#6993](https://github.com/containerd/containerd/pull/6993)) * Use t.Run for /pkg/cri tests ([#7001](https://github.com/containerd/containerd/pull/7001)) * vendor: github.com/urfave/cli v1.22.9 and fix "verify-vendor" script ([#6997](https://github.com/containerd/containerd/pull/6997)) * sandbox: replace github.com/pkg/errors with native errors ([#6937](https://github.com/containerd/containerd/pull/6937)) * build: Fix references to check-protos target in Makefile ([#6983](https://github.com/containerd/containerd/pull/6983)) * ctr: fix label args used in NewContainer ([#6954](https://github.com/containerd/containerd/pull/6954)) * ctr sandbox: handle sandbox config ([#6959](https://github.com/containerd/containerd/pull/6959)) * Fix broken oss-fuzz build ([#6975](https://github.com/containerd/containerd/pull/6975)) * archive: add human-readable hint to Lchown error ([#6982](https://github.com/containerd/containerd/pull/6982)) * Fix tx closed error when upperdirlabel specified ([#6978](https://github.com/containerd/containerd/pull/6978)) * config: improve config v1 deprecation message ([#6972](https://github.com/containerd/containerd/pull/6972)) * Fix Windows install powershell script ([#6969](https://github.com/containerd/containerd/pull/6969)) * fix comments on metadata schema and update namespace doc ([#6955](https://github.com/containerd/containerd/pull/6955)) * adjust format in comment ([#6956](https://github.com/containerd/containerd/pull/6956)) * Restore decompression benchmarks ([#6957](https://github.com/containerd/containerd/pull/6957)) * cmd/ctr/commands/content: fix typo in fetch command usage ([#6960](https://github.com/containerd/containerd/pull/6960)) * fix some confusing typos ([#6950](https://github.com/containerd/containerd/pull/6950)) * update doc url about k8s ([#6952](https://github.com/containerd/containerd/pull/6952)) * Separate windows-2019 and windows-2022 test results ([#6946](https://github.com/containerd/containerd/pull/6946)) * shim: fix debug flag not working ([#6910](https://github.com/containerd/containerd/pull/6910)) * Reverts removal of parallel run from critest ([#6938](https://github.com/containerd/containerd/pull/6938)) * Bump OpenTelemetry dependencies ([#6932](https://github.com/containerd/containerd/pull/6932)) * update runc binary and vendor to v1.1.2 ([#6934](https://github.com/containerd/containerd/pull/6934)) * oci: WithDefaultUnixDevices(): remove tun/tap from the default devices ([#6923](https://github.com/containerd/containerd/pull/6923)) * update golang to 1.18.2, 1.17.10 ([#6926](https://github.com/containerd/containerd/pull/6926)) * CI: update Fedora to 36 ([#6925](https://github.com/containerd/containerd/pull/6925)) * Add `Wait` to `binaryProcessor` ([#6916](https://github.com/containerd/containerd/pull/6916)) * go.mod: Bump k8s deps to v0.24.0 ([#6905](https://github.com/containerd/containerd/pull/6905)) * (Vagrant CI) Enable git commands due to git CVE fix ([#6915](https://github.com/containerd/containerd/pull/6915)) * Pass explicit JUnit outfile to critest.exe in Windows workflow. ([#6912](https://github.com/containerd/containerd/pull/6912)) * Update critools to v1.24 ([#6894](https://github.com/containerd/containerd/pull/6894)) * devmapper docs: small fixes ([#6904](https://github.com/containerd/containerd/pull/6904)) * move report dir option to end of line for vagrant cri tests ([#6900](https://github.com/containerd/containerd/pull/6900)) * Update Kubernetes version matrix in release docs ([#6892](https://github.com/containerd/containerd/pull/6892)) * Share container images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy ([#6889](https://github.com/containerd/containerd/pull/6889)) * containerd 1.6.4 k8s 1.24 readme announce ([#6890](https://github.com/containerd/containerd/pull/6890)) * Cleanup leaked shim process ([#6866](https://github.com/containerd/containerd/pull/6866)) * Add collectible resources to metadata gc ([#6804](https://github.com/containerd/containerd/pull/6804)) * Update k8 docurl in file ([#6881](https://github.com/containerd/containerd/pull/6881)) * Support RISC-V 64 ([#6882](https://github.com/containerd/containerd/pull/6882)) * docs: minor fixes in snapshots.Snapshotter comments ([#6885](https://github.com/containerd/containerd/pull/6885)) * Officially deprecate Schema 1 ([#6884](https://github.com/containerd/containerd/pull/6884)) * Make Cirrus CI tests more stable ([#6880](https://github.com/containerd/containerd/pull/6880)) * docs: Adding windows installation steps to getting-started.md ([#6875](https://github.com/containerd/containerd/pull/6875)) * Add ctr support for CPUMax and CPUShares ([#6809](https://github.com/containerd/containerd/pull/6809)) * Support for cgroups blockio ([#5490](https://github.com/containerd/containerd/pull/5490)) * Fix comment for metadata/db.go ([#6871](https://github.com/containerd/containerd/pull/6871)) * Remove github.com/gogo/protobuf and github.com/golang/protobuf from containerd's direct dependencies ([#6867](https://github.com/containerd/containerd/pull/6867)) * Update go-cni to v1.1.5 ([#6868](https://github.com/containerd/containerd/pull/6868)) * Bump opencontainers/selinux from 1.10.0 to 1.10.1 ([#6865](https://github.com/containerd/containerd/pull/6865)) * Upgrade google.golang.org/grpc and google.golang.org/protobuf ([#6864](https://github.com/containerd/containerd/pull/6864)) * Don't use "uname -a" as Cirrus CI's cache key ([#6863](https://github.com/containerd/containerd/pull/6863)) * remove duplicate ([#6856](https://github.com/containerd/containerd/pull/6856)) * Create ppc64le release ([#6858](https://github.com/containerd/containerd/pull/6858)) * Move Vagrant-based tests from GitHub Actions to Cirrus CI ([#6854](https://github.com/containerd/containerd/pull/6854)) * feature: support image pull progress timeout ([#6150](https://github.com/containerd/containerd/pull/6150)) * Add unpack interface to be used by client ([#6749](https://github.com/containerd/containerd/pull/6749)) * Fix undefined error in use of errors package ([#6855](https://github.com/containerd/containerd/pull/6855)) * Migrate off from github.com/gogo/protobuf ([#6841](https://github.com/containerd/containerd/pull/6841)) * images/image.go: typo ([#6851](https://github.com/containerd/containerd/pull/6851)) * Add flag to allow oci.WithAllDevicesAllowed on PrivilegedWithoutHostDevices ([#5686](https://github.com/containerd/containerd/pull/5686)) * integration: Adds Windows equivalent for TestSandboxRemoveWithoutIPLeakage ([#6180](https://github.com/containerd/containerd/pull/6180)) * fix incorrect syntax in comments ([#6845](https://github.com/containerd/containerd/pull/6845)) * cri: close fifos when container is deleted ([#6842](https://github.com/containerd/containerd/pull/6842)) * diff: hide types.Any from clients ([#6832](https://github.com/containerd/containerd/pull/6832)) * Add Container-Optimized OS into Adopters ([#6838](https://github.com/containerd/containerd/pull/6838)) * Prepare for google.golang.org/protobuf ([#6835](https://github.com/containerd/containerd/pull/6835)) * fix the restart desired to running when task not found ([#6833](https://github.com/containerd/containerd/pull/6833)) * Remove all gogoproto extensions ([#6829](https://github.com/containerd/containerd/pull/6829)) * fix nil pointer panic for monitor ([#6830](https://github.com/containerd/containerd/pull/6830)) * remotes/docker: log registry URLs as info instead of debug ([#5681](https://github.com/containerd/containerd/pull/5681)) * Rename runtime/v2/task to api/runtime ([#6827](https://github.com/containerd/containerd/pull/6827)) * Fix protoc-gen-go-fieldpath ([#6828](https://github.com/containerd/containerd/pull/6828)) * Consolidate gogo/protobuf dependencies under our own protobuf package ([#6826](https://github.com/containerd/containerd/pull/6826)) * Add restart policy for enhanced restart manager ([#6744](https://github.com/containerd/containerd/pull/6744)) * Remove gogoproto.stdtime ([#6821](https://github.com/containerd/containerd/pull/6821)) * Set timeout when collecting metrics from shim's Stat ([#6781](https://github.com/containerd/containerd/pull/6781)) * Fuzz filter package with Go 1.18's fuzzer ([#6819](https://github.com/containerd/containerd/pull/6819)) * allow ptrace(2) by default for kernel >= 4.8 ([#6810](https://github.com/containerd/containerd/pull/6810)) * Build bin/gen-manpages instead of using "go run" ([#6820](https://github.com/containerd/containerd/pull/6820)) * update golang to 1.18.1, 1.17.9 ([#6822](https://github.com/containerd/containerd/pull/6822)) * Sandbox API ([#6703](https://github.com/containerd/containerd/pull/6703)) * Move lease manager plugin to separate package ([#6811](https://github.com/containerd/containerd/pull/6811)) * fix pool_device_test ([#6807](https://github.com/containerd/containerd/pull/6807)) * check for duplicate nspath possibilities ([#6806](https://github.com/containerd/containerd/pull/6806)) * Do not append []string{""} to command to preserve Docker compatibility ([#6805](https://github.com/containerd/containerd/pull/6805)) * tracing: fix panic on startup when configured ([#6789](https://github.com/containerd/containerd/pull/6789)) * Optimize loading performance for cri recover ([#6680](https://github.com/containerd/containerd/pull/6680)) * Change architecture path in README.md ([#6798](https://github.com/containerd/containerd/pull/6798)) * make consistent for checkpoint path ([#6792](https://github.com/containerd/containerd/pull/6792)) * metrics/cgroups: fix deadlock issue in Add during Collect ([#6788](https://github.com/containerd/containerd/pull/6788)) * ADOPTERS: Update AKS Info ([#6794](https://github.com/containerd/containerd/pull/6794)) * Pin upload-cloud-storage action to 0.8.0 in Windows workflow. ([#6790](https://github.com/containerd/containerd/pull/6790)) * docs: add Deckhouse to the list of adopters ([#6785](https://github.com/containerd/containerd/pull/6785)) * Add `docs/snapshotters`; simplify `docs/cri` ([#6778](https://github.com/containerd/containerd/pull/6778)) * Turn paths from cmdline into absolute paths ([#6672](https://github.com/containerd/containerd/pull/6672)) * CRI: add support for CDI device injection ([#6654](https://github.com/containerd/containerd/pull/6654)) * Disable writing freelist to make the file robust against data corruptions ([#6761](https://github.com/containerd/containerd/pull/6761)) * mv design docs/historical/design ([#6777](https://github.com/containerd/containerd/pull/6777)) * CRI: improve image pulling performance ([#6702](https://github.com/containerd/containerd/pull/6702)) * docs: remove runtime v1; migrate config v1 to v2 ([#6776](https://github.com/containerd/containerd/pull/6776)) * Skip flaky test on Windows ([#6779](https://github.com/containerd/containerd/pull/6779)) * docs/getting-started.md: typo ([#6775](https://github.com/containerd/containerd/pull/6775)) * Add no_tracing tag ([#6750](https://github.com/containerd/containerd/pull/6750)) * Move historical docs to `docs/historical` ([#6754](https://github.com/containerd/containerd/pull/6754)) * Run go mod tidy in integration tests ([#6768](https://github.com/containerd/containerd/pull/6768)) * go.mod: move indirects, and update integration go.mod to 1.18 ([#6765](https://github.com/containerd/containerd/pull/6765)) * Drop gotest.tools ([#6762](https://github.com/containerd/containerd/pull/6762)) * Use t.Setenv instead of os.Setenv ([#6760](https://github.com/containerd/containerd/pull/6760)) * Upgrade to Go 1.18 ([#6709](https://github.com/containerd/containerd/pull/6709)) * Adding multi-arch support for the configure.sh script ([#6751](https://github.com/containerd/containerd/pull/6751)) * docs/getting-started.md: massive update ([#6758](https://github.com/containerd/containerd/pull/6758)) * Remove unmaintained contrib/linuxkit ([#6755](https://github.com/containerd/containerd/pull/6755)) * [Windows CI] Address some timeout issues ([#6757](https://github.com/containerd/containerd/pull/6757)) * BUILDING.md: update supported Go versions ([#6756](https://github.com/containerd/containerd/pull/6756)) * update runc to 1.1.1 ([#6753](https://github.com/containerd/containerd/pull/6753)) * CI: add Rocky Linux 8 ([#6747](https://github.com/containerd/containerd/pull/6747)) * CI: bump up crun to 1.4.4 ([#6748](https://github.com/containerd/containerd/pull/6748)) * added make help for cri integration ([#6743](https://github.com/containerd/containerd/pull/6743)) * Update README.md cncf landscape url ([#6740](https://github.com/containerd/containerd/pull/6740)) * Fix error message in TestNewBinaryIO ([#6738](https://github.com/containerd/containerd/pull/6738)) * Use typeurl.Any instead of github.com/gogo/protobuf/types.Any ([#6706](https://github.com/containerd/containerd/pull/6706)) * Use cgroups.AddProc() for cgroups v1 ([#5738](https://github.com/containerd/containerd/pull/5738)) * fix: ctr images mount with snapshotter option can't get snapshotter ([#6713](https://github.com/containerd/containerd/pull/6713)) * cgroup2: monitor OOMKill instead of OOM to prevent missing container events ([#6323](https://github.com/containerd/containerd/pull/6323)) * moving up to go-cni v1.1.4 ([#6721](https://github.com/containerd/containerd/pull/6721)) * native: fix deadlock from leaving transactions open ([#6722](https://github.com/containerd/containerd/pull/6722)) * go.mod: remove replace, and update github.com/gogo/googleapis v1.4.1 ([#5390](https://github.com/containerd/containerd/pull/5390)) * Github Security Advisory [GHSA-c9cp-9c75-9v8c](https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c) * runtime: deprecate runc --criu / -criu-path option ([#6496](https://github.com/containerd/containerd/pull/6496)) * Bug fix for mount path handling ([#6651](https://github.com/containerd/containerd/pull/6651)) * Upgrade containerd/imgcrypt and opencontainers/image-spec ([#6711](https://github.com/containerd/containerd/pull/6711)) * Remove enumvalue_customname, goproto_enum_prefix and enum_customname ([#6708](https://github.com/containerd/containerd/pull/6708)) * Remove gogoproto.customtype ([#6699](https://github.com/containerd/containerd/pull/6699)) * Skip tty critest testcase on Windows Server 2022 ([#6698](https://github.com/containerd/containerd/pull/6698)) * Build with Go 1.18 ([#6605](https://github.com/containerd/containerd/pull/6605)) * Update prometheus client vendor ([#6690](https://github.com/containerd/containerd/pull/6690)) * vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd ([#6687](https://github.com/containerd/containerd/pull/6687)) * Make the temp mount as ready only in container WithVolumes ([#6593](https://github.com/containerd/containerd/pull/6593)) * fix: `ctr run --cni` get failed ([#6670](https://github.com/containerd/containerd/pull/6670)) * test: use `T.TempDir` to create temporary test directory ([#6681](https://github.com/containerd/containerd/pull/6681)) * Make OpenLab's CI jobs blocking ([#6679](https://github.com/containerd/containerd/pull/6679)) * document log level and format ([#6683](https://github.com/containerd/containerd/pull/6683)) * Add shared content label to namespaces ([#6660](https://github.com/containerd/containerd/pull/6660)) * Add protoc-gen-go-fieldpath ([#6562](https://github.com/containerd/containerd/pull/6562)) * Enable gosec linter for golangci-lint ([#6669](https://github.com/containerd/containerd/pull/6669)) * Make mkfs.xfs available on OpenLab's CI environment ([#6668](https://github.com/containerd/containerd/pull/6668)) * ctr: improve error relative shim path error msg ([#6519](https://github.com/containerd/containerd/pull/6519)) * typo fixes under cmd. ([#6674](https://github.com/containerd/containerd/pull/6674)) * Handle CRI Device.HostPath on Windows ([#6618](https://github.com/containerd/containerd/pull/6618)) * Upgrade golangci-lint and its GitHub Action ([#6666](https://github.com/containerd/containerd/pull/6666)) * Don't build a second copy of containerd-shim-runhcs-v1.exe ([#6661](https://github.com/containerd/containerd/pull/6661)) * Update TestNormalize to only test Windows platform ([#6569](https://github.com/containerd/containerd/pull/6569)) * Fix link in getting-started.md ([#6663](https://github.com/containerd/containerd/pull/6663)) * Fuzzing: refactor metadata fuzzers ([#6423](https://github.com/containerd/containerd/pull/6423)) * Two xfs file systems with same UUID can not be mounted on the same sy… ([#6650](https://github.com/containerd/containerd/pull/6650)) * [Windows] Fix deadline exceeded in daemon restart ([#6635](https://github.com/containerd/containerd/pull/6635)) * Use temp file for export/import test ([#6658](https://github.com/containerd/containerd/pull/6658)) * strip path-info from `-v` (version) output, and implement -v flag for containerd-shim ([#6495](https://github.com/containerd/containerd/pull/6495)) * Improve unexpected response error handling in resolver ([#6617](https://github.com/containerd/containerd/pull/6617)) * Use the latest tag for azure images ([#6601](https://github.com/containerd/containerd/pull/6601)) * Run CRI integration tests in GitHub Actions (Windows) ([#6626](https://github.com/containerd/containerd/pull/6626)) * cri: fix integration test on cgroupsv2 system ([#6595](https://github.com/containerd/containerd/pull/6595)) * Use version 2 configuration format in docs/PLUGINS.md ([#6613](https://github.com/containerd/containerd/pull/6613)) * update to go 1.16.15, 1.17.8 to address CVE-2022-24921 ([#6619](https://github.com/containerd/containerd/pull/6619)) * Update status of 1.4 release ([#6614](https://github.com/containerd/containerd/pull/6614)) * Update TestContainerSymlinkVolumes to use windows path ([#6568](https://github.com/containerd/containerd/pull/6568)) * Add --user support for ctr run Windows ([#6603](https://github.com/containerd/containerd/pull/6603)) * Update releases ([#6608](https://github.com/containerd/containerd/pull/6608)) * Github Security Advisory [GHSA-crp2-qrr5-8pq7](https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7) * Adds support for Windows ArgsEscaped images ([#6479](https://github.com/containerd/containerd/pull/6479)) * Do not use weak import ([#6558](https://github.com/containerd/containerd/pull/6558)) * cri: relax test for system without hugetlb ([#6596](https://github.com/containerd/containerd/pull/6596)) * Use containerd/protobuild instead of stevvooe/protobuild ([#6578](https://github.com/containerd/containerd/pull/6578)) * integration: remove duplicated util pkg ([#6597](https://github.com/containerd/containerd/pull/6597)) * go.mod: update to github.com/tchap/go-patricia/v2 v2.3.1 ([#6591](https://github.com/containerd/containerd/pull/6591)) * Update Go version recommendation in getting started ([#6585](https://github.com/containerd/containerd/pull/6585)) * go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3 ([#6337](https://github.com/containerd/containerd/pull/6337)) * fix Implicit memory aliasing in for loop ([#6331](https://github.com/containerd/containerd/pull/6331)) * Fix build with gccgo ([#6579](https://github.com/containerd/containerd/pull/6579)) * Replace golang.org/x/net/context with std library ([#6580](https://github.com/containerd/containerd/pull/6580)) * containerd-shim-runc-v1: return init pid when clean dead shim ([#6571](https://github.com/containerd/containerd/pull/6571)) * Use Windows matcher when on Windows platform in all code paths ([#6491](https://github.com/containerd/containerd/pull/6491)) * containerd-shim-runc-v2: return init pid when clean dead shim ([#6452](https://github.com/containerd/containerd/pull/6452)) * [Windows][Integration] Enable TestRestartMonitor ([#6515](https://github.com/containerd/containerd/pull/6515)) * go.mod: fsnotify v1.5.1, moby/sys/mountinfo v0.6.0, moby/sys/signal v0.7.0 ([#6554](https://github.com/containerd/containerd/pull/6554)) </p> </details> ### Changes from containerd/cgroups <details><summary>49 commits</summary> <p> * Upgrade GitHub actions CI workflow ([#249](https://github.com/containerd/cgroups/pull/249)) * Upgrade Go compiler to 1.19 ([#248](https://github.com/containerd/cgroups/pull/248)) * Don't use ioutil ([#246](https://github.com/containerd/cgroups/pull/246)) * Check that cgroup is empty before deleting ([#228](https://github.com/containerd/cgroups/pull/228)) * Support cgroup.AddThread in cgroupv2 manager ([#243](https://github.com/containerd/cgroups/pull/243)) * Support to handle more than 4 fields in cpuacct.stat ([#231](https://github.com/containerd/cgroups/pull/231)) * typo shoulld -> should ([#236](https://github.com/containerd/cgroups/pull/236)) * Upgrade github.com/cilium/ebpf from v0.4.0 to v0.9.1 ([#241](https://github.com/containerd/cgroups/pull/241)) * go.mod: github.com/stretchr/testify v1.8.0 ([#240](https://github.com/containerd/cgroups/pull/240)) * .github: use ubuntu-22.04 to test cgroupv2 ([#237](https://github.com/containerd/cgroups/pull/237)) * feat(v2): Support cgroup.MoveTo in cgroupv2 manager ([#235](https://github.com/containerd/cgroups/pull/235)) * Update README to include usage examples of v2 client ([#233](https://github.com/containerd/cgroups/pull/233)) * ParseCgroupFile: fix wrong comment about unified hierarchy ; add ParseCgroupFileUnified to get the unified path ([#232](https://github.com/containerd/cgroups/pull/232)) * Bump go version to 1.17 in go.mod ([#230](https://github.com/containerd/cgroups/pull/230)) * make cmd/ a separate module (as it's only for testing) ([#226](https://github.com/containerd/cgroups/pull/226)) * feat(v2): add Update method for v2.Manager ([#225](https://github.com/containerd/cgroups/pull/225)) * feat: add memory.min param ([#211](https://github.com/containerd/cgroups/pull/211)) * modified the dereference null pointer value. ([#218](https://github.com/containerd/cgroups/pull/218)) * update readme for cpu cgroup demo ([#217](https://github.com/containerd/cgroups/pull/217)) * Fix systemd full path ([#221](https://github.com/containerd/cgroups/pull/221)) * Update Go version and fedora base ([#223](https://github.com/containerd/cgroups/pull/223)) * Fix panic in NewSystemd on nil values ([#219](https://github.com/containerd/cgroups/pull/219)) </p> </details> ### Changes from containerd/continuity <details><summary>28 commits</summary> <p> * go.mod: update dependencies (take 2) ([#204](https://github.com/containerd/continuity/pull/204)) * Revert "go.mod: update dependencies" ([#205](https://github.com/containerd/continuity/pull/205)) * Various small fix-ups ([#202](https://github.com/containerd/continuity/pull/202)) * update authors and mailmap ([#201](https://github.com/containerd/continuity/pull/201)) * move cmd/continuity to its own go module ([#200](https://github.com/containerd/continuity/pull/200)) * CI: resolve Go path before sudoing ; Remove deprecated io/ioutil (except ioutil.ReadDir) ([#198](https://github.com/containerd/continuity/pull/198)) * fs.CopyDir: support sockets and pipes ([#197](https://github.com/containerd/continuity/pull/197)) * Fix wrapping errors ([#196](https://github.com/containerd/continuity/pull/196)) </p> </details> ### Changes from containerd/go-cni <details><summary>38 commits</summary> <p> * Add Go 1.20 support ([#111](https://github.com/containerd/go-cni/pull/111)) * opts: add cgroupPath capability ([#110](https://github.com/containerd/go-cni/pull/110)) * go.mod: github.com/containernetworking/cni v1.1.2 ([#109](https://github.com/containerd/go-cni/pull/109)) * Remove references to io/ioutil package ([#106](https://github.com/containerd/go-cni/pull/106)) * Update golangci/golangci-lint package ([#108](https://github.com/containerd/go-cni/pull/108)) * Update GitHub actions CI workflow ([#107](https://github.com/containerd/go-cni/pull/107)) * Add support for Windows default conf paths ([#103](https://github.com/containerd/go-cni/pull/103)) * go.mod: github.com/stretchr/testify v1.8.0 ([#104](https://github.com/containerd/go-cni/pull/104)) * go.mod: update libcni to v1.1.1 ([#101](https://github.com/containerd/go-cni/pull/101)) * add in some serial setup tests; a little make cleanup ([#100](https://github.com/containerd/go-cni/pull/100)) * Re-introduce serial network setup ([#99](https://github.com/containerd/go-cni/pull/99)) * bump github.com/containernetworking/cni v1.1.0 ([#98](https://github.com/containerd/go-cni/pull/98)) * Revert "Update loopback version to support check" ([#96](https://github.com/containerd/go-cni/pull/96)) * Use revive instead of golint ([#92](https://github.com/containerd/go-cni/pull/92)) * Bump go verion to 1.17 ([#91](https://github.com/containerd/go-cni/pull/91)) * moving up to latest CNI plugin release ([#90](https://github.com/containerd/go-cni/pull/90)) * Fix Loopback Version ([#88](https://github.com/containerd/go-cni/pull/88)) * Update comment for capabilities ([#89](https://github.com/containerd/go-cni/pull/89)) * Add integration test for linux and update go version from 1.16 to 1.17 ([#84](https://github.com/containerd/go-cni/pull/84)) </p> </details> ### Changes from containerd/imgcrypt <details><summary>18 commits</summary> <p> * Use reflect to support diff.ApplyConfig with/without gogo's types.Any ([#75](https://github.com/containerd/imgcrypt/pull/75)) * Upgrade golangci-lint-action and golangci-lint ([#76](https://github.com/containerd/imgcrypt/pull/76)) * CHANGES: Updated CHANGES document for 1.1.4 release ([#74](https://github.com/containerd/imgcrypt/pull/74)) * Bump github.com/containerd/containerd from 1.5.10 to 1.6.1 ([#73](https://github.com/containerd/imgcrypt/pull/73)) * images: prepare for typeurl.Any ([#72](https://github.com/containerd/imgcrypt/pull/72)) * Bump ocicrypt to 1.1.3 ([#71](https://github.com/containerd/imgcrypt/pull/71)) * Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 ([#67](https://github.com/containerd/imgcrypt/pull/67)) </p> </details> ### Changes from containerd/nri <details><summary>56 commits</summary> <p> * Add Go 1.20 support to CI ([#30](https://github.com/containerd/nri/pull/30)) * Add CodeQL Security scan workflow ([#31](https://github.com/containerd/nri/pull/31)) * fixes: sort final adjusted mount slice. ([#29](https://github.com/containerd/nri/pull/29)) * fixes: fix resource adjustment to properly ignore unset/unadjusted fields. ([#28](https://github.com/containerd/nri/pull/28)) * adaptation: fix mount and device adjustment. ([#27](https://github.com/containerd/nri/pull/27)) * Make plugin timeouts configurable, adjust default socket path. ([#26](https://github.com/containerd/nri/pull/26)) * pkg/adaptation: eliminate configuration file. ([#24](https://github.com/containerd/nri/pull/24)) * stub: fix a potential plugin crash. ([#25](https://github.com/containerd/nri/pull/25)) * adaptation: fix a panic for unsolicited updates. ([#23](https://github.com/containerd/nri/pull/23)) * pkg/adaptaton: log errors with %v not %w. ([#22](https://github.com/containerd/nri/pull/22)) * chore: cleanup old buildtags by `go fix` ([#21](https://github.com/containerd/nri/pull/21)) * add back project info ([#20](https://github.com/containerd/nri/pull/20)) * Extend scope to enable common pluggable runtime extensions. ([#16](https://github.com/containerd/nri/pull/16)) * Update GitHub actions CI workflow ([#19](https://github.com/containerd/nri/pull/19)) * replace pkg/errors ([#17](https://github.com/containerd/nri/pull/17)) * Update the examples in README.md ([#15](https://github.com/containerd/nri/pull/15)) * Rename branch from master to main ([#12](https://github.com/containerd/nri/pull/12)) * Update to containerd 1.5.1 ([#11](https://github.com/containerd/nri/pull/11)) </p> </details> ### Changes from containerd/ttrpc <details><summary>56 commits</summary> <p> * Make checkServerShutdown verbose ([#128](https://github.com/containerd/ttrpc/pull/128)) * server: Fix connection issues when receiving ECONNRESET ([#123](https://github.com/containerd/ttrpc/pull/123)) * README: protobuild is in containerd org now ([#125](https://github.com/containerd/ttrpc/pull/125)) * stream: fix the map of streams leak ([#120](https://github.com/containerd/ttrpc/pull/120)) * Regenerated pb.go files to fix mismatches ([#122](https://github.com/containerd/ttrpc/pull/122)) * build: Fix references to check-protos target in Makefile ([#118](https://github.com/containerd/ttrpc/pull/118)) * Add service prefix option to generator ([#116](https://github.com/containerd/ttrpc/pull/116)) * doc: ttrpc supports stream ([#121](https://github.com/containerd/ttrpc/pull/121)) * *: remove codecov ([#114](https://github.com/containerd/ttrpc/pull/114)) * Only generate a Go file if the file has some services ([#112](https://github.com/containerd/ttrpc/pull/112)) * *.go: organize errors to one spot ([#113](https://github.com/containerd/ttrpc/pull/113)) * PROTOCOL: slight markdown touchup ([#111](https://github.com/containerd/ttrpc/pull/111)) * Introduce streaming ([#107](https://github.com/containerd/ttrpc/pull/107)) * Update checkout and lint actions ([#109](https://github.com/containerd/ttrpc/pull/109)) * Add Makefile and update protobuf ([#106](https://github.com/containerd/ttrpc/pull/106)) * Add ttrpc protocol definition ([#102](https://github.com/containerd/ttrpc/pull/102)) * Enable Codecov again ([#105](https://github.com/containerd/ttrpc/pull/105)) * Use CR+LF instead of LF regardless of OS ([#103](https://github.com/containerd/ttrpc/pull/103)) * Log the error's underyling errno if there is ([#104](https://github.com/containerd/ttrpc/pull/104)) * Use google.golang.org/protobuf instead of github.com/gogo/protobuf ([#99](https://github.com/containerd/ttrpc/pull/99)) * Wrap correct error on unix.GetsockoptUcred failure ([#100](https://github.com/containerd/ttrpc/pull/100)) * Update CI project checks to use containerd project action ([#101](https://github.com/containerd/ttrpc/pull/101)) </p> </details> ### Dependency Changes * **github.com/AdaLogics/go-fuzz-headers** 6c3934b029d8 -> 1f10f66a31bf * **github.com/AdamKorcz/go-118-fuzz-build** 5330a85ea652 **_new_** * **github.com/Microsoft/go-winio** v0.5.1 -> v0.6.0 * **github.com/Microsoft/hcsshim** v0.9.2 -> v0.10.0-rc.5 * **github.com/blang/semver/v4** v4.0.0 **_new_** * **github.com/cenkalti/backoff/v4** v4.1.2 -> v4.2.0 * **github.com/cilium/ebpf** v0.7.0 -> v0.9.1 * **github.com/container-orchestrated-devices/container-device-interface** v0.5.1 **_new_** * **github.com/containerd/btrfs/v2** v2.0.0 **_new_** * **github.com/containerd/cgroups** v1.0.3 -> v1.1.0 * **github.com/containerd/cgroups/v3** v3.0.0 **_new_** * **github.com/containerd/continuity** v0.2.2 -> v0.3.0 * **github.com/containerd/go-cni** v1.1.3 -> 6603d5bd8941 * **github.com/containerd/imgcrypt** v1.1.3 -> 8ba028dca028 * **github.com/containerd/nri** v0.1.0 -> v0.3.0 * **github.com/containerd/ttrpc** v1.1.0 -> 32fab2374638 * **github.com/containerd/typeurl/v2** v2.1.0 **_new_** * **github.com/containernetworking/cni** v1.0.1 -> v1.1.2 * **github.com/containernetworking/plugins** v1.0.1 -> v1.2.0 * **github.com/containers/ocicrypt** v1.1.2 -> v1.1.3 * **github.com/coreos/go-systemd/v22** v22.3.2 -> v22.5.0 * **github.com/cpuguy83/go-md2man/v2** v2.0.0 -> v2.0.2 * **github.com/cyphar/filepath-securejoin** v0.2.3 **_new_** * **github.com/docker/go-units** v0.4.0 -> v0.5.0 * **github.com/emicklei/go-restful/v3** v3.8.0 **_new_** * **github.com/fsnotify/fsnotify** v1.4.9 -> v1.6.0 * **github.com/go-logr/logr** v1.2.2 -> v1.2.3 * **github.com/godbus/dbus/v5** v5.0.6 -> v5.1.0 * **github.com/google/go-cmp** v0.5.6 -> v0.5.9 * **github.com/google/uuid** v1.2.0 -> v1.3.0 * **github.com/grpc-ecosystem/grpc-gateway/v2** v2.7.0 **_new_** * **github.com/intel/goresctrl** v0.2.0 -> v0.3.0 * **github.com/klauspost/compress** v1.11.13 -> v1.15.11 * **github.com/klauspost/cpuid/v2** v2.0.4 **_new_** * **github.com/miekg/pkcs11** v1.0.3 -> v1.1.1 * **github.com/minio/sha256-simd** v1.0.0 **_new_** * **github.com/moby/sys/mountinfo** v0.5.0 -> v0.6.2 * **github.com/moby/sys/sequential** v0.5.0 **_new_** * **github.com/moby/sys/signal** v0.6.0 -> v0.7.0 * **github.com/opencontainers/image-spec** 693428a734f5 -> 3a7f492d3f1b * **github.com/opencontainers/runc** v1.1.0 -> v1.1.4 * **github.com/opencontainers/runtime-spec** 1c3f411f0417 -> 86290f6a00fb * **github.com/opencontainers/runtime-tools** 946c877fa809 **_new_** * **github.com/opencontainers/selinux** v1.10.0 -> v1.10.2 * **github.com/pelletier/go-toml** v1.9.3 -> v1.9.5 * **github.com/prometheus/client_golang** v1.11.0 -> v1.13.0 * **github.com/prometheus/common** v0.30.0 -> v0.37.0 * **github.com/prometheus/procfs** v0.7.3 -> v0.8.0 * **github.com/russross/blackfriday/v2** v2.0.1 -> v2.1.0 * **github.com/sirupsen/logrus** v1.8.1 -> v1.9.0 * **github.com/stretchr/testify** v1.7.0 -> v1.8.1 * **github.com/syndtr/gocapability** 42c35b437635 **_new_** * **github.com/tchap/go-patricia/v2** v2.3.1 **_new_** * **github.com/urfave/cli** v1.22.1 -> v1.22.12 * **github.com/vishvananda/netlink** f5de75959ad5 -> v1.2.1-beta.2 * **go.etcd.io/bbolt** v1.3.6 -> v1.3.7 * **go.opencensus.io** v0.23.0 -> v0.24.0 * **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.28.0 -> v0.37.0 * **go.opentelemetry.io/otel** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/exporters/otlp/internal/retry** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/metric** v0.34.0 **_new_** * **go.opentelemetry.io/otel/sdk** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/trace** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/proto/otlp** v0.11.0 -> v0.19.0 * **golang.org/x/crypto** 32db794688a5 -> v0.1.0 * **golang.org/x/mod** v0.7.0 **_new_** * **golang.org/x/net** fe4d6282115f -> v0.5.0 * **golang.org/x/oauth2** 2bc19b11175f -> 6fdb5e3db783 * **golang.org/x/sync** 036812b2e83c -> v0.1.0 * **golang.org/x/sys** 1d35b9e2eb4e -> v0.5.0 * **golang.org/x/term** 6886f2dfbf5b -> v0.4.0 * **golang.org/x/text** v0.3.7 -> v0.6.0 * **golang.org/x/time** 1f47c861a9ac -> 90d013bbcef8 * **golang.org/x/tools** v0.5.0 **_new_** * **google.golang.org/genproto** e50cd9704f63 -> 1c016267d619 * **google.golang.org/grpc** v1.43.0 -> v1.52.3 * **google.golang.org/protobuf** v1.27.1 -> v1.28.1 * **gopkg.in/yaml.v3** 496545a6307b -> v3.0.1 * **k8s.io/api** v0.22.5 -> v0.25.4 * **k8s.io/apimachinery** v0.22.5 -> v0.25.4 * **k8s.io/apiserver** v0.22.5 -> v0.25.4 * **k8s.io/client-go** v0.22.5 -> v0.25.4 * **k8s.io/component-base** v0.22.5 -> v0.25.4 * **k8s.io/cri-api** v0.23.1 -> v0.26.0-beta.0 * **k8s.io/klog/v2** v2.30.0 -> v2.80.1 * **k8s.io/utils** cb0fa318a74b -> 8e77b1f39fe2 * **sigs.k8s.io/json** f223a00ba0e2 **_new_** * **sigs.k8s.io/structured-merge-diff/v4** v4.1.2 -> v4.2.3 * **sigs.k8s.io/yaml** v1.2.0 -> v1.3.0 Previous release can be found at [v1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. * `cri-containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: (Deprecated) * `cri-containerd-cni-<VERSION>-<OS>-<ARCH>.tar.gz`: (Deprecated) In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation. -
v1.7.0-beta.4
containerd 1.7.0-beta.4 Welcome to the v1.7.0-beta.4 release of containerd! *This is a pre-release of containerd* The eighth major release of containerd includes new functionality alongside many improvements. This release is intended to be the last major release of containerd 1.x before 2.0. Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0. This release still adheres to our backwards compability guarantees and users who do not use or enable new functionality should use this release with the same stability expectations. The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality. _This is a beta release and includes some functionality which is not yet complete. While most APIs are finalized before merge, they are subject to change until the official release._ ### Highlights #### Sandbox API _(experimental)_ The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs. This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients. * **Sandbox API** ([#6703](https://github.com/containerd/containerd/pull/6703)) * **CRI Sandbox API Implementation** ([#7228](https://github.com/containerd/containerd/pull/7228)) #### Transfer Service _(experimental)_ * **Transfer Service** ([#7320](https://github.com/containerd/containerd/pull/7320)) The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release to allow for further plugin development and integration into existing plugins. See the [Transfer Docs](https://github.com/containerd/containerd/blob/main/docs/transfer.md) #### NRI _(experimental)_ * **Extend NRI scope** ([nri#16](https://github.com/containerd/nri/pull/16)) * **Support for updated NRI** ([#6019](https://github.com/containerd/containerd/pull/6019)) The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration. This release introduces NRI v0.2.0 with an updated plugin interface to cover a wide range of use cases. See the [NRI Docs](https://github.com/containerd/containerd/blob/main/docs/NRI.md) #### Platform Support * **Linux containers on FreeBSD** ([#7000](https://github.com/containerd/containerd/pull/7000)) #### Runtime Features * **Add support for CDI device injection** ([#6654](https://github.com/containerd/containerd/pull/6654)) * **Support for cgroups blockio** ([#5490](https://github.com/containerd/containerd/pull/5490)) * **Add restart policy for enhanced restart manager** ([#6744](https://github.com/containerd/containerd/pull/6744)) #### gRPC Shim Support _(experimental)_ * **Initial gRPC shim support** ([#8052](https://github.com/containerd/containerd/pull/8052)) Adds support for shims to use gRPC in addition to ttrpc. Existing ttrpc shim support is not going away and will continue to be recommended for the best performance and lowest shim memory overhead. The gRPC support allows implementation of a wider range of shim implementations which may not have access to a stable ttrpc library in the implementation language. The shim protocol is also updated to allow the shims to specify the protocol which is supported. #### Road to 2.0 ##### Refactoring There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points. The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independently. The new sandbox and distribution interfaces provide one example of this, but it also being done for image and network management. The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc. Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability. * **Remove gogoproto.customtype** ([#6699](https://github.com/containerd/containerd/pull/6699)) * **Remove enumvalue_customname, goproto_enum_prefix and enum_customname** ([#6708](https://github.com/containerd/containerd/pull/6708)) * **Remove all gogoproto extensions** ([#6829](https://github.com/containerd/containerd/pull/6829)) * **Migrate off from github.com/gogo/protobuf** ([#6841](https://github.com/containerd/containerd/pull/6841)) * **ttrpc streaming** ([ttrpc#107](https://github.com/containerd/ttrpc/pull/107)) * **Add unpack interface for client** ([#6749](https://github.com/containerd/containerd/pull/6749)) * **Add collectible resources to metadata gc** ([#6804](https://github.com/containerd/containerd/pull/6804)) ##### Configuration Existing CRI configurations will be supported until 2.0. Any functionality split out of CRI will have their configuration migrated to new plugins. Deprecated configuration versions and configurations for deprecated features will be removed in 2.0. ##### Deprecation The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include. * **Docker Schema 1 Image Deprecation** ([#6884](https://github.com/containerd/containerd/pull/6884)) #### CRI Updates * **Fix CRI plugin to setup pod network after creating the sandbox container** ([#5904](https://github.com/containerd/containerd/pull/5904)) * **Support image pull progress timeout** ([#6150](https://github.com/containerd/containerd/pull/6150)) * **Add experimental support for runtime specific snapshotters** ([#6899](https://github.com/containerd/containerd/pull/6899)) * **Pass all TOML runtime configuration options from CRI to the runtime** ([#7764](https://github.com/containerd/containerd/pull/7764)) * **Support for user namespaces in stateless pods ([KEP-127](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/127-user-namespaces)) _(experimental)_** ([#7679](https://github.com/containerd/containerd/pull/7679)) * **Add network plugin metrics** ([#7858](https://github.com/containerd/containerd/pull/7858)) * **CRI v1alpha2 is deprecated and will be removed from containerd in containerd v2.0; if you are using the CRI API please move up to CRI v1; Kubernetes supports CRI v1 since Kubernetes 1.23** ([#7863](https://github.com/containerd/containerd/pull/7863)) #### Other * **Support shallow content copy by adding reader option to local content reader at** ([#7414](https://github.com/containerd/containerd/pull/7414)) * **Add NoSameOwner option when unpacking tars** ([#7386](https://github.com/containerd/containerd/pull/7386)) * **Add `FetcherByDigest` for fetching blobs without fetching a manifest** ([#7460](https://github.com/containerd/containerd/pull/7460)) * **Update default seccomp profile to block socket calls to AF_VSOCK** ([#7510](https://github.com/containerd/containerd/pull/7510)) * **Replace fork on mount logic with CLONE_FS** ([#7513](https://github.com/containerd/containerd/pull/7513)) * **Add support for default registry host configuration** ([#7607](https://github.com/containerd/containerd/pull/7607)) * **Use github.com/minio/sha256-simd for more efficient sha256 calculation** ([#7732](https://github.com/containerd/containerd/pull/7732)) * **Make OCI options cross-platform** ([#7928](https://github.com/containerd/containerd/pull/7928)) * **Update release builds to build from Ubuntu 20.04 with glibc 2.31** ([#8021](https://github.com/containerd/containerd/pull/8021)) * **Use data field from OCI descriptor when provided for fetch** ([#8076](https://github.com/containerd/containerd/pull/8076)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Kazuyoshi Kato * Maksym Pavlenko * Phil Estes * Wei Fu * Akihiro Suda * Sebastiaan van Stijn * Samuel Karp * Mike Brown * Krisztian Litkey * Daniel Canter * Danny Canter * yanggang * Austin Vazquez * Ye Sijun * Iceber Gu * Adam Korcz * Ed Bartosh * Luca Comellini * Stefan Berger * ruiwen-zhao * xin.li * Brian Goff * Gabriel Adrian Samfira * Nashwan Azhari * Paul "TBBle" Hampson * Rodrigo Campos * Henry Wang * Justin Terry * Kevin Parsons * Paco Xu * Shengjing Zhu * Swagat Bora * wanglei * zounengren * Gavin Inglis * Tony Fang * Akhil Mohan * Zechun Chen * guodong * lengrongfu * James Jenkins * Michael Crosby * Qiutong Song * Shiming Zhang * Vincent Batts * Antonio Ojea * Cameron Sparr * Casey Callendrello * Josh Seba * Junyu Liu * Kirtana Ashok * Kohei Tokunaga * Michael Zappa * Qasim Sarfraz * Tobias Klauser * pigletfly * yaoyinnan * Abirdcfly * Amit Barve * Bjorn Neergaard * Changwei Ge * Craig Ingram * Eng Zer Jun * Eric Lin * Ethan Lowman * James Sturtevant * Jess * Jonny Stoten * Juan Hoyos * Kang.Zhang * Kay Yan * Markus Lehtonen * Mikko Ylinen * Mohit Sharma * Paul Cacheux * Paul S. Schweigert * Qian Zhang * TTFISH * Yasin Turan * bin liu * dependabot[bot] * helen * yulng * Aditi * Aditi Sharma * Aman Sharma * Anastassios Nanos * Andrew G. Morgan * Andrey Klimentyev * Anthony Nandaa * Antti Kervinen * Aviral Takkar * Baoshuo * Benjamin Elder * Chao Dai * Chuanying Du * Claudiu Belu * Cory Snider * Danielle Lancashire * Dat Nguyen * Davanum Srinivas * Dave * David Leadbeater * David Porter * Dmitry Shurupov * Edgar Lee * Eric Ernst * Fabian Hoffman * Fabian Hoffmann * Fahed Dorgaa * Gabriela Cervantes * Gijs Peskens * Hamza El-Saawy * Hsing-Yu (David) Chen * Ikko Ashimine * Jeff Widman * Jeff Zvier * Jeremi Piotrowski * Jin Dong * Jordan Karaze * Joseph Sheng * Joyce Brum * Jukka Rissanen * Justin Chadwell * Kate * Kathryn Baldauf * Kyle L Frisbie * LongtaoZhang * Manuel Alejandro de Brito Fontes * Marc Schwind * Mark Rossetti * Mark Zhang * Marvin Giessing * Mathis Michel * Merlin Ran * Nabeel Rana * Nathan * Nguyen Phan Huy * Nikita Rybak * Nobel Barakat * Oleg Atamanenko * Oleg Zhurakivskyy * Oliver Radwell * Quan Tian * Roy Yang * Serge Logvinov * Shane Jennings * Shaun Lawrie * Shinichi Morimoto * SilverSoldier * Sophie Liu * Su Fei * Taeho Nam * Takumasa Sakao * Tiger Kaovilai * Tom Godkin * Tomoya.Fujita * Tõnis Tiigi * Xinlin Ma * Yakul Garg * Zhang Tianyang * Zhongming Chang * Zhuchen Wang * austinvazquez * cardy.tang * chaunceyjiang * dabaooline * guiyong.ou * huoqifeng * jianfei.zhang * liyuxuan.darfux * ningmingxiao * shi yixue * shuaichang * songjiang han * wen chen * wusong * xiaoyang zhu * yanghesong * yaozhenxiu * zhang he ### Changes <details><summary>1609 commits</summary> <p> * Prepare release notes for v1.7.0 beta.4 ([#8110](https://github.com/containerd/containerd/pull/8110)) * Go 1.20.1 ([#8103](https://github.com/containerd/containerd/pull/8103)) * ctr version: add args check ([#8096](https://github.com/containerd/containerd/pull/8096)) * pkg/cri/config: fix Mirrors deprecation comment ([#8041](https://github.com/containerd/containerd/pull/8041)) * docs: fix function names in fuzzing test documentation ([#8044](https://github.com/containerd/containerd/pull/8044)) * fix: 'go routine' should be 'goroutine' ([#8051](https://github.com/containerd/containerd/pull/8051)) * Github Security Advisory [GHSA-hmfx-3pcx-653p](https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p) * Github Security Advisory [GHSA-259w-8hf6-59c2](https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2) * pkg/cri/sbserver: experimental NRI integration for CRI. ([#7954](https://github.com/containerd/containerd/pull/7954)) * Clean up error strings that start with uppercase ([#8114](https://github.com/containerd/containerd/pull/8114)) * Clean up repeated package import ([#8113](https://github.com/containerd/containerd/pull/8113)) * Go 1.19.6 ([#8109](https://github.com/containerd/containerd/pull/8109)) * Initial GRPC shims support ([#8052](https://github.com/containerd/containerd/pull/8052)) * CRI: Pass sandbox annotations to _other platforms ([#8060](https://github.com/containerd/containerd/pull/8060)) * cmd/ctr/commands/images: support usage subcommand ([#8105](https://github.com/containerd/containerd/pull/8105)) * cni: pass in the cgroupPath capability argument ([#8067](https://github.com/containerd/containerd/pull/8067)) * Add fallback for windows platforms without osversion ([#8101](https://github.com/containerd/containerd/pull/8101)) * release: xx v1.2.1 ([#8104](https://github.com/containerd/containerd/pull/8104)) * [transfer] update imagestore interface to support multiple references ([#7964](https://github.com/containerd/containerd/pull/7964)) * [sandbox] Use options to pass PodSandboxConfig to shims ([#8100](https://github.com/containerd/containerd/pull/8100)) * Send container events with nil PodSandboxStatus ([#8047](https://github.com/containerd/containerd/pull/8047)) * test: add hostNetwork tests for both windows and linux ([#7984](https://github.com/containerd/containerd/pull/7984)) * loadConfig pre-inspection in advance ([#8097](https://github.com/containerd/containerd/pull/8097)) * contrib/apparmor: remove version-dependent rules ([#8068](https://github.com/containerd/containerd/pull/8068)) * *: introduce wrapper pkgs for blockio and rdt ([#8066](https://github.com/containerd/containerd/pull/8066)) * Extract CRI instrument into separate package ([#8093](https://github.com/containerd/containerd/pull/8093)) * CRI: Mirror generic toml runtime config under server ([#8091](https://github.com/containerd/containerd/pull/8091)) * go.mod: github.com/containerd/typeurl/v2 v2.1.0 ([#8092](https://github.com/containerd/containerd/pull/8092)) * Revert `apparmor_parser` regression ([#8086](https://github.com/containerd/containerd/pull/8086)) * [sandbox] refactor controller interface ([#7981](https://github.com/containerd/containerd/pull/7981)) * btrfs: depend on kernel UAPI instead of libbtrfs ([#7933](https://github.com/containerd/containerd/pull/7933)) * CI: skip some jobs when `repo != containerd/containerd` ([#8082](https://github.com/containerd/containerd/pull/8082)) * chore: clean up repeated package import ([#8078](https://github.com/containerd/containerd/pull/8078)) * fetch: Use data from descriptor when available. ([#8076](https://github.com/containerd/containerd/pull/8076)) * chore: use http constants instead of string ([#8077](https://github.com/containerd/containerd/pull/8077)) * Fix retry logic within devmapper device deactivation ([#8075](https://github.com/containerd/containerd/pull/8075)) * Clean CI yaml ([#8071](https://github.com/containerd/containerd/pull/8071)) * Add critest.exe in $PATH ([#8074](https://github.com/containerd/containerd/pull/8074)) * keep the uppercase letter for flag info ([#7976](https://github.com/containerd/containerd/pull/7976)) * go.mod: Bump hcsshim to v0.10.0-rc.5 ([#8049](https://github.com/containerd/containerd/pull/8049)) * Fix sandbox exit monitor ([#8045](https://github.com/containerd/containerd/pull/8045)) * Generate GRPC contracts for runtime APIs ([#7979](https://github.com/containerd/containerd/pull/7979)) * Make argument validation of `mount.UnmountRecursive` compatible to `mount.UnmountAll` ([#8035](https://github.com/containerd/containerd/pull/8035)) * Export remote snapshotter label handler ([#8036](https://github.com/containerd/containerd/pull/8036)) * Adding support to run install hcsshim from local clone ([#7989](https://github.com/containerd/containerd/pull/7989)) * go.mod: github.com/urfave/cli v1.22.12 ([#8040](https://github.com/containerd/containerd/pull/8040)) * cmd/ctr/commands: clean up the func IntToInt32Array in utils.go ([#8039](https://github.com/containerd/containerd/pull/8039)) * pkg/epoch: drop timezone ([#8037](https://github.com/containerd/containerd/pull/8037)) * go.mod: update github.com/containerd/nri. ([#8034](https://github.com/containerd/containerd/pull/8034)) * fix(docs): minor fix on the windows installation steps ([#8013](https://github.com/containerd/containerd/pull/8013)) * Add integration test to opentelemetry tracing on image pull ([#7847](https://github.com/containerd/containerd/pull/7847)) * Use mount.Target to specify subdirectory of rootfs mount ([#7840](https://github.com/containerd/containerd/pull/7840)) * cri: mkdir /etc/cni with 0755, not 0700 ([#8020](https://github.com/containerd/containerd/pull/8020)) * log/logtest: add `testcase` as debug field ([#8025](https://github.com/containerd/containerd/pull/8025)) * go.mod: github.com/containerd/cgroups/v3 v3.0.0 ([#8027](https://github.com/containerd/containerd/pull/8027)) * Update CNI plugins to 1.2.0 ([#7977](https://github.com/containerd/containerd/pull/7977)) * go.mod: go.opentelemetry.io/otel v1.12.0 ([#8026](https://github.com/containerd/containerd/pull/8026)) * Move PLEG events for pause container under podsandbox package ([#8007](https://github.com/containerd/containerd/pull/8007)) * runtime docs: Clarify delete cwd behavior ([#8012](https://github.com/containerd/containerd/pull/8012)) * release: Add "cri-containerd.DEPRECATED.txt" in the deprecated cri-containerd-* bundles ([#8019](https://github.com/containerd/containerd/pull/8019)) * RELEASES.md: update release status ([#8022](https://github.com/containerd/containerd/pull/8022)) * deflake: TestContainerPids ([#8023](https://github.com/containerd/containerd/pull/8023)) * release: Ubuntu 18.04 -> 20.04 (glibc 2.27 -> 2.31) ([#8021](https://github.com/containerd/containerd/pull/8021)) * Update the EOL date for 1.5 release ([#8015](https://github.com/containerd/containerd/pull/8015)) * Prepare release notes for v1.7.0-beta.3 ([#8014](https://github.com/containerd/containerd/pull/8014)) * Fix Memory Limit test ([#7959](https://github.com/containerd/containerd/pull/7959)) * Reused package errdefs for not supported error ([#8005](https://github.com/containerd/containerd/pull/8005)) * pkg/cri: optimize slice initialization ([#7994](https://github.com/containerd/containerd/pull/7994)) * go.mod: update goresctrl to v0.3.0 ([#7987](https://github.com/containerd/containerd/pull/7987)) * pushWriter: correctly propagate errors ([#7985](https://github.com/containerd/containerd/pull/7985)) * CI: test release.yml on every PR ([#7968](https://github.com/containerd/containerd/pull/7968)) * fix incorrect namespace of event when create/update namespace ([#7129](https://github.com/containerd/containerd/pull/7129)) * Backport changes to sandboxed CRI ([#7973](https://github.com/containerd/containerd/pull/7973)) * Fix syntax errors in the document ([#7970](https://github.com/containerd/containerd/pull/7970)) * release/Dockerfile: set DEBIAN_FRONTEND=noninteractive ([#7969](https://github.com/containerd/containerd/pull/7969)) * use local variable for rt when iterating collectors ([#7963](https://github.com/containerd/containerd/pull/7963)) * Add basic spec and mounts for Darwin ([#7960](https://github.com/containerd/containerd/pull/7960)) * go.mod: Bump hcsshim to v0.10.0-rc.4 ([#7810](https://github.com/containerd/containerd/pull/7810)) * Use specs Platform instead of generated API ([#7958](https://github.com/containerd/containerd/pull/7958)) * Make OCI options cross-platform ([#7928](https://github.com/containerd/containerd/pull/7928)) * update to go1.19.5, go1.18.10 ([#7948](https://github.com/containerd/containerd/pull/7948)) * fuzzing: improve archive fuzzer ([#7957](https://github.com/containerd/containerd/pull/7957)) * shim: enable debug logging for delete ([#7943](https://github.com/containerd/containerd/pull/7943)) * cri: Fix TestUpdateOCILinuxResource for host w/o swap controller ([#7946](https://github.com/containerd/containerd/pull/7946)) * ctr/run: flags --detach and --rm cannot be specified together ([#7929](https://github.com/containerd/containerd/pull/7929)) * Fix Flaky Windows CRI Integration test on TestContainerConsumedStats ([#7935](https://github.com/containerd/containerd/pull/7935)) * Refactor snapshotters metastore transaction ([#7917](https://github.com/containerd/containerd/pull/7917)) * mod: update github.com/pelletier/go-toml@v1.9.5 ([#7932](https://github.com/containerd/containerd/pull/7932)) * archive: improve TestSourceDateEpoch ([#7927](https://github.com/containerd/containerd/pull/7927)) * Add tracing plugin test ([#7883](https://github.com/containerd/containerd/pull/7883)) * docs/content-flow: update the description of the content labels ([#7925](https://github.com/containerd/containerd/pull/7925)) * Add cleanup package for context management during cleanup ([#7861](https://github.com/containerd/containerd/pull/7861)) * Fix race between stream registration and use ([#7886](https://github.com/containerd/containerd/pull/7886)) * Prepare release notes for v1.7.0-beta.2 ([#7903](https://github.com/containerd/containerd/pull/7903)) * Cirrus CI (Fedora 37, Rocky 8): enable cri-integration ([#7892](https://github.com/containerd/containerd/pull/7892)) * contrib/Dockerfile.test: add "integration", "cri-integration", "critest" stages ([#7891](https://github.com/containerd/containerd/pull/7891)) * docs: fix a typo in tracing documentation ([#7914](https://github.com/containerd/containerd/pull/7914)) * CI: Pass GITHUB_TOKEN to containerd/project-checks ([#7913](https://github.com/containerd/containerd/pull/7913)) * Enable dupword linter ([#7911](https://github.com/containerd/containerd/pull/7911)) * ctr: Add platform flag to 'oci spec' command ([#7905](https://github.com/containerd/containerd/pull/7905)) * Vagrantfile: fix disk resize error with VirtualBox ([#7907](https://github.com/containerd/containerd/pull/7907)) * Vagrantfile: fix comments about SELinux ([#7908](https://github.com/containerd/containerd/pull/7908)) * Use the const labels.LabelUncompressed ([#7906](https://github.com/containerd/containerd/pull/7906)) * [sandbox] Add sandbox store plugin type ([#7850](https://github.com/containerd/containerd/pull/7850)) * Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts ([#7893](https://github.com/containerd/containerd/pull/7893)) * CRI: Comment cleanup/misc fixes ([#7904](https://github.com/containerd/containerd/pull/7904)) * Move snapshot event publishing into metadata store ([#5674](https://github.com/containerd/containerd/pull/5674)) * Vagrantfile: install-rootless-podman: remove `setenforce 0` ([#7887](https://github.com/containerd/containerd/pull/7887)) * reused package errdefs for error ([#7894](https://github.com/containerd/containerd/pull/7894)) * integration/images: switch away from Docker Hub to avoid rate limit ([#7888](https://github.com/containerd/containerd/pull/7888)) * Validate userns container config is consistent with sandbox userns config ([#7882](https://github.com/containerd/containerd/pull/7882)) * `ctr contents ls` sorts the labels of the content ([#7881](https://github.com/containerd/containerd/pull/7881)) * chore: use `go fix` to cleanup old +build buildtag ([#7879](https://github.com/containerd/containerd/pull/7879)) * cri: Shadow variables to avoid t.Parallel() issues ([#7880](https://github.com/containerd/containerd/pull/7880)) * Add support for user namespaces in stateless pods (KEP-127) ([#7679](https://github.com/containerd/containerd/pull/7679)) * Refactor metastore transaction ([#7529](https://github.com/containerd/containerd/pull/7529)) * oci: appendOSMounts(): remove unused error, and move ([#7874](https://github.com/containerd/containerd/pull/7874)) * add kube v1.26: remove v1alph2 cri support ([#7863](https://github.com/containerd/containerd/pull/7863)) * make runc 1.1 for oss_fuzz_build.sh ([#7875](https://github.com/containerd/containerd/pull/7875)) * CRI sbserver: Prevent server reuse after Shutdown ([#7872](https://github.com/containerd/containerd/pull/7872)) * Fix incorrect defer usage and refactor judgement ([#7521](https://github.com/containerd/containerd/pull/7521)) * oci: Add WithDomainname ([#7869](https://github.com/containerd/containerd/pull/7869)) * Reused errdefs define error ([#7871](https://github.com/containerd/containerd/pull/7871)) * fix `ctr tasks kill` does not remove cni network under windows ([#7866](https://github.com/containerd/containerd/pull/7866)) * add network plugin metrics ([#7858](https://github.com/containerd/containerd/pull/7858)) * Avoid using canceled context in unpacker cleanup ([#7859](https://github.com/containerd/containerd/pull/7859)) * image/label: print more characters of label keys ([#7618](https://github.com/containerd/containerd/pull/7618)) * prevent Server reuse after a Shutdown ([#7165](https://github.com/containerd/containerd/pull/7165)) * Check containerd's readiness before calling critest ([#7851](https://github.com/containerd/containerd/pull/7851)) * Fix grammatical errors in Readme ([#7837](https://github.com/containerd/containerd/pull/7837)) * Fix cpu architecture detection issue on linux/arm ([#7636](https://github.com/containerd/containerd/pull/7636)) * CRI: Fix no CNI info for pod sandbox on restart ([#7845](https://github.com/containerd/containerd/pull/7845)) * Enable checkRename test ([#7081](https://github.com/containerd/containerd/pull/7081)) * metastore: Add WithTransaction convenience method ([#7781](https://github.com/containerd/containerd/pull/7781)) * Prevent a race condition in testHook ([#7831](https://github.com/containerd/containerd/pull/7831)) * cri: fix `memory.memsw.limit_in_bytes: no such file or directory` ([#7836](https://github.com/containerd/containerd/pull/7836)) * go.mod: update fuzz-headers and fuzz-build ([#7824](https://github.com/containerd/containerd/pull/7824)) * Remove github.com/gogo/protobuf again ([#7825](https://github.com/containerd/containerd/pull/7825)) * CRI: Add host networking helper ([#7814](https://github.com/containerd/containerd/pull/7814)) * Support sandbox shutdown in shim runtimes ([#7792](https://github.com/containerd/containerd/pull/7792)) * move up to CRI-TOOLS v1.26.0 ([#7818](https://github.com/containerd/containerd/pull/7818)) * Minor fix when querying pod sandbox status ([#7812](https://github.com/containerd/containerd/pull/7812)) * nil check to avoid panic on upgrade ([#7809](https://github.com/containerd/containerd/pull/7809)) * Bump grpc to v1.51.0 ([#7709](https://github.com/containerd/containerd/pull/7709)) * fatal error: concurrent map iteration and map write ([#7805](https://github.com/containerd/containerd/pull/7805)) * Bump golangci-lint to v1.50.1 ([#7804](https://github.com/containerd/containerd/pull/7804)) * cri: make swapping disabled with memory limit ([#7783](https://github.com/containerd/containerd/pull/7783)) * add metrics for image pulling: error; in progress count; thoughput ([#7313](https://github.com/containerd/containerd/pull/7313)) * Prepare release notes for v1.7.0-beta.1 ([#7793](https://github.com/containerd/containerd/pull/7793)) * support fetching containerd from non public GCS buckets ([#7771](https://github.com/containerd/containerd/pull/7771)) * images: support specifying SourceDateEpoch via ctx ([#7651](https://github.com/containerd/containerd/pull/7651)) * fuzzing: improve archive fuzzer ([#7718](https://github.com/containerd/containerd/pull/7718)) * fix sdNotify func when debug level ([#7798](https://github.com/containerd/containerd/pull/7798)) * Upgrade GitHub actions packages in release workflow ([#7794](https://github.com/containerd/containerd/pull/7794)) * Enable GitHub Actions local Linux CI runs ([#7796](https://github.com/containerd/containerd/pull/7796)) * integration: increase timeout in container_event_test.go ([#7791](https://github.com/containerd/containerd/pull/7791)) * digest: use github.com/minio/sha256-simd ([#7732](https://github.com/containerd/containerd/pull/7732)) * allow client to remove created tasks with PID 0 ([#7787](https://github.com/containerd/containerd/pull/7787)) * Add container event support to containerd ([#7073](https://github.com/containerd/containerd/pull/7073)) * docs: Authorizer.Authorize could return ErrUnexpectedStatus ([#7786](https://github.com/containerd/containerd/pull/7786)) * fix: check for tmpfs when evaluating if userxattr is needed ([#7772](https://github.com/containerd/containerd/pull/7772)) * Pass TOML configuration options for runtimes CRI is not aware of ([#7764](https://github.com/containerd/containerd/pull/7764)) * Cleanup build constraints ([#7776](https://github.com/containerd/containerd/pull/7776)) * There is no way to disable debug endpoint on Darwin ([#7775](https://github.com/containerd/containerd/pull/7775)) * CI: Vagrant: pin rockylinux/8 to v5.0.0 ([#7777](https://github.com/containerd/containerd/pull/7777)) * vendor: golang.org/x/net v0.4.0 ([#7774](https://github.com/containerd/containerd/pull/7774)) * Fix context when waiting sandbox ([#7773](https://github.com/containerd/containerd/pull/7773)) * Github Security Advisory [GHSA-2qjp-425j-52j9](https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9) * update to go1.19.4, go1.18.9 ([#7765](https://github.com/containerd/containerd/pull/7765)) * Change PushContent to require only Provider ([#7763](https://github.com/containerd/containerd/pull/7763)) * sbserver bug fixing ([#7768](https://github.com/containerd/containerd/pull/7768)) * Add unit test to Opentelemetry tracing ([#7671](https://github.com/containerd/containerd/pull/7671)) * remove some (aliases for) deprecated functions ([#7525](https://github.com/containerd/containerd/pull/7525)) * Refactor ctr restore to allow for tty allocation ([#7673](https://github.com/containerd/containerd/pull/7673)) * fix panic when containerd-stress density --count 0 ([#7748](https://github.com/containerd/containerd/pull/7748)) * Unwrap proto errors in streaming client ([#7753](https://github.com/containerd/containerd/pull/7753)) * Fix process_vm_* syscall names in seccomp ([#7755](https://github.com/containerd/containerd/pull/7755)) * upgrade the ops.md output for current 1.7 version . ([#7747](https://github.com/containerd/containerd/pull/7747)) * docs: Add extra security instructions ([#7743](https://github.com/containerd/containerd/pull/7743)) * go.mod: re-vendor NRI from the official repo. ([#7744](https://github.com/containerd/containerd/pull/7744)) * [Sandbox API] CRI status cleanup ([#7731](https://github.com/containerd/containerd/pull/7731)) * Transfer service ([#7320](https://github.com/containerd/containerd/pull/7320)) * NRI: add support for NRI with extended scope. ([#6019](https://github.com/containerd/containerd/pull/6019)) * archive: set WithModTimeUpperBound when WithSourceDateEpoch is set ([#7710](https://github.com/containerd/containerd/pull/7710)) * Fix order of operations when setting lease labels ([#7702](https://github.com/containerd/containerd/pull/7702)) * Add ctr image prune command ([#7730](https://github.com/containerd/containerd/pull/7730)) * Check for nullptr before dereferencing ([#7708](https://github.com/containerd/containerd/pull/7708)) * use MaxConcurrentDownloads instead of MaxConcurrentUploadedLayers ([#7736](https://github.com/containerd/containerd/pull/7736)) * introspection: expose the daemon's PID and PIDNS ([#7694](https://github.com/containerd/containerd/pull/7694)) * reference/docker: synchronize fork with upstream distribution/distribution ([#7635](https://github.com/containerd/containerd/pull/7635)) * go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions ([#7721](https://github.com/containerd/containerd/pull/7721)) * Add ptrace readby and tracedby to default AppArmor profile ([#7714](https://github.com/containerd/containerd/pull/7714)) * Fix sandbox API when calling sandboxed shims ([#7684](https://github.com/containerd/containerd/pull/7684)) * make status more readable and update easy. ([#7669](https://github.com/containerd/containerd/pull/7669)) * integration/client: fix go.mod grouping, containerd to v1.7.0-beta.0, cgroups back to v1.0.4 ([#7720](https://github.com/containerd/containerd/pull/7720)) * Resolve warnings in Windows GitHub Actions periodic workflows ([#7706](https://github.com/containerd/containerd/pull/7706)) * Sandbox API: implement Controller.Status for SandboxAPI ([#7470](https://github.com/containerd/containerd/pull/7470)) * [port #5904 to sbserver] Setup pod network after creating the sandbox container ([#7426](https://github.com/containerd/containerd/pull/7426)) * fix for OSS-Fuzz infra changes ([#7677](https://github.com/containerd/containerd/pull/7677)) * runtime/v2/shim: clean up the use of containerdBinary ([#7499](https://github.com/containerd/containerd/pull/7499)) * Add process_vm read and write calls to default seccomp profile ([#7693](https://github.com/containerd/containerd/pull/7693)) * Resolve Scorecards GitHub Actions workflow warnings ([#7707](https://github.com/containerd/containerd/pull/7707)) * cri: add pod uid annotation ([#7697](https://github.com/containerd/containerd/pull/7697)) * Missed out `platform interface` when reused the conn for Client. ([#7699](https://github.com/containerd/containerd/pull/7699)) * overlayfs: remove duplicated tx rollback ([#7700](https://github.com/containerd/containerd/pull/7700)) * go.mod: update some dependencies ([#7704](https://github.com/containerd/containerd/pull/7704)) * update github.com/cpuguy83/go-md2man/v2 to v2.0.2 ([#7705](https://github.com/containerd/containerd/pull/7705)) * Fsnotify bump and change code ([#7703](https://github.com/containerd/containerd/pull/7703)) * fix build containerd in centos9 ([#7683](https://github.com/containerd/containerd/pull/7683)) * Bump urfave-cli to v1.22.10 ([#7701](https://github.com/containerd/containerd/pull/7701)) * can set up the network serially by CNI plugins ([#7685](https://github.com/containerd/containerd/pull/7685)) * Update cri-api dependency to v0.26.0-beta.0 ([#7656](https://github.com/containerd/containerd/pull/7656)) * overlay: Remove unused method param ([#7696](https://github.com/containerd/containerd/pull/7696)) * CI: update Fedora to 37 ([#7691](https://github.com/containerd/containerd/pull/7691)) * tx rollback when GetInfo return error ([#7678](https://github.com/containerd/containerd/pull/7678)) * Upgrade github.com/containerd/cgroups from v1 to v3 ([#7601](https://github.com/containerd/containerd/pull/7601)) * Remove OpenTelementry imports from remotes/docker package ([#7675](https://github.com/containerd/containerd/pull/7675)) * Expose Done and Err in Shutdown service ([#7686](https://github.com/containerd/containerd/pull/7686)) * gotestsum match go version 1.19 ([#7688](https://github.com/containerd/containerd/pull/7688)) * complement sub-command note for containerd-main ([#7670](https://github.com/containerd/containerd/pull/7670)) * keep the lower case letter for flag info ([#7668](https://github.com/containerd/containerd/pull/7668)) * bump critools into ca1571e6edd116b2c95f52e3dfa0b4779b74223a ([#7666](https://github.com/containerd/containerd/pull/7666)) * Fix broken link for CRI plugin in docs ([#7667](https://github.com/containerd/containerd/pull/7667)) * add option to resolve symlinks in WithLinuxDevice ([#7523](https://github.com/containerd/containerd/pull/7523)) * Bump k8s.io deps to v0.25.4 ([#7663](https://github.com/containerd/containerd/pull/7663)) * Release: add static binaries ([#7659](https://github.com/containerd/containerd/pull/7659)) * Bump OpenTelemetry contrib to v0.36.4 ([#7662](https://github.com/containerd/containerd/pull/7662)) * Fix slice append error (`spec.Linux.Resources.HugepageLimits`) ([#7661](https://github.com/containerd/containerd/pull/7661)) * Bump OpenTelemetry to v1.11.1 ([#7660](https://github.com/containerd/containerd/pull/7660)) * feature: add gc scheduler metrics collection count ([#5263](https://github.com/containerd/containerd/pull/5263)) * Add `--debug` args to all subcommands of `ctr pprof` ([#7629](https://github.com/containerd/containerd/pull/7629)) * Add a thin wrapper around otel Span object ([#7655](https://github.com/containerd/containerd/pull/7655)) * Bump grpc to v1.50.1 ([#7643](https://github.com/containerd/containerd/pull/7643)) * replace strings.Split(N) for strings.Cut() or alternatives ([#7631](https://github.com/containerd/containerd/pull/7631)) * add oci.WithCPURT ([#7642](https://github.com/containerd/containerd/pull/7642)) * Sandbox API: Add a new mode config for sandbox controller impls ([#7590](https://github.com/containerd/containerd/pull/7590)) * fuzzing: bump go-fuzz-headers ([#7625](https://github.com/containerd/containerd/pull/7625)) * Bump k8s.io deps to v0.25.3 ([#7637](https://github.com/containerd/containerd/pull/7637)) * Remove uses of deprecated go-digest.NewDigestFromHex, go-digest.Digest.Hex ([#7641](https://github.com/containerd/containerd/pull/7641)) * Extra documentation for content interfaces ([#7640](https://github.com/containerd/containerd/pull/7640)) * Fix shim socket permissions on Darwin ([#7638](https://github.com/containerd/containerd/pull/7638)) * s390x: build and package s390x bin in release assets ([#7614](https://github.com/containerd/containerd/pull/7614)) * Replace mount fork hack with CLONE_FS ([#7513](https://github.com/containerd/containerd/pull/7513)) * remotes: add `FetcherByDigest` for fetching blobs without foreknown descriptors (useful for general-purpose CAS) ([#7460](https://github.com/containerd/containerd/pull/7460)) * Fix "getCPUInfo for OS freebsd: not implemented" on FreeBSD/arm64 ([#7403](https://github.com/containerd/containerd/pull/7403)) * Support default hosts.toml configuration ([#7607](https://github.com/containerd/containerd/pull/7607)) * Add tracing spans in CRI image service and pull.go ([#7453](https://github.com/containerd/containerd/pull/7453)) * Fix missing closed fifo ([#7604](https://github.com/containerd/containerd/pull/7604)) * fix comments ([#7624](https://github.com/containerd/containerd/pull/7624)) * docs: add additional info in backport process ([#7626](https://github.com/containerd/containerd/pull/7626)) * go.mod: golang.org/x/*: use tagged versions ([#7621](https://github.com/containerd/containerd/pull/7621)) * Bump go version to 1.19.3 ([#7620](https://github.com/containerd/containerd/pull/7620)) * ctr export strictly matching ([#7615](https://github.com/containerd/containerd/pull/7615)) * Fix ctr crash when pulling with --http-dump and --http-trace simultaneously ([#7617](https://github.com/containerd/containerd/pull/7617)) * Harden GITHUB_TOKEN permissions for OSSF Scorecard ([#7599](https://github.com/containerd/containerd/pull/7599)) * overlayutils: Add fastpath for userxattr check ([#7611](https://github.com/containerd/containerd/pull/7611)) * Add sequence diagram for shim runtime v2 ([#7606](https://github.com/containerd/containerd/pull/7606)) * Sandbox API: Move remote impls to /sandbox/proxy ([#7600](https://github.com/containerd/containerd/pull/7600)) * fuzzing: improve archive fuzzer ([#7588](https://github.com/containerd/containerd/pull/7588)) * Retry client connection in waitForStart ([#7537](https://github.com/containerd/containerd/pull/7537)) * Add Workflow for running critest with Hyper-V Containers on Windows. ([#7025](https://github.com/containerd/containerd/pull/7025)) * Add release notes for v1.7.0-beta.0 ([#7575](https://github.com/containerd/containerd/pull/7575)) * Cleanup sandbox interfaces ([#7576](https://github.com/containerd/containerd/pull/7576)) * Update GitHub actions release workflow set output ([#7581](https://github.com/containerd/containerd/pull/7581)) * Fix LogURI generation-related tests on Windows. ([#7569](https://github.com/containerd/containerd/pull/7569)) * maintenance: Remove WithWindowsNetworkNamespace from pkg/cri ([#7577](https://github.com/containerd/containerd/pull/7577)) * CRI: implement Controller.Delete for SandboxAPI ([#7457](https://github.com/containerd/containerd/pull/7457)) * Configure CDI registry only on start ([#7419](https://github.com/containerd/containerd/pull/7419)) * update codeql-action to v2 ([#7568](https://github.com/containerd/containerd/pull/7568)) * Add logging related metrics to Containerd CRI plugin ([#7546](https://github.com/containerd/containerd/pull/7546)) * sys: optimize and refactor MkdirAllWithACL() ([#7531](https://github.com/containerd/containerd/pull/7531)) * fix install cni script ([#7484](https://github.com/containerd/containerd/pull/7484)) * Update 1.5 release support timeframe ([#7560](https://github.com/containerd/containerd/pull/7560)) * bump go-fuzz-headers ([#7503](https://github.com/containerd/containerd/pull/7503)) * Add long term stable release branches ([#7454](https://github.com/containerd/containerd/pull/7454)) * fix pusher concurrent close channel ([#7473](https://github.com/containerd/containerd/pull/7473)) * Make tests on GitHub less noisy ([#7530](https://github.com/containerd/containerd/pull/7530)) * containerd should not print error log that failed to init a tracing processor while the tracing plugin is not loaded ([#7541](https://github.com/containerd/containerd/pull/7541)) * Update required Go version in BUILDING.md ([#7544](https://github.com/containerd/containerd/pull/7544)) * go.mod: matttproud/golang_protobuf_extensions v1.0.2 (use tag) ([#7522](https://github.com/containerd/containerd/pull/7522)) * Use `go env` to determine GOPATH in Makefile. ([#7542](https://github.com/containerd/containerd/pull/7542)) * clean-up "nolint" comments, remove unused ones, update golangci-lint ([#7349](https://github.com/containerd/containerd/pull/7349)) * Don't unmount on Darwin when deleting bundle ([#7534](https://github.com/containerd/containerd/pull/7534)) * Add timeouts to all CI jobs ([#7538](https://github.com/containerd/containerd/pull/7538)) * Vagrantfile: explicitly specify rsync as the shared folder driver ([#7539](https://github.com/containerd/containerd/pull/7539)) * sys: remove unused IsAbs() (windows) ([#7527](https://github.com/containerd/containerd/pull/7527)) * cri: PodSandboxStatus should tolerate missing task ([#7535](https://github.com/containerd/containerd/pull/7535)) * CI: update GHA instances from Ubuntu 18.04 to 20.04 ([#7489](https://github.com/containerd/containerd/pull/7489)) * fix the --no-pivot flag being ignored by `ctr tasks start` ([#7519](https://github.com/containerd/containerd/pull/7519)) * Update the default seccomp to block socket calls to AF_VSOCK ([#7510](https://github.com/containerd/containerd/pull/7510)) * cmd/containerd: use golang.org/x/sys/windows.SetStdHandle() ([#7511](https://github.com/containerd/containerd/pull/7511)) * Stats() shouldn't assume s.container is non-nil ([#7517](https://github.com/containerd/containerd/pull/7517)) * Move up actions versions to prep for NodeJS 12 deprecation ([#7516](https://github.com/containerd/containerd/pull/7516)) * cmd/containerd: use golang.org/x/sys Service.SetRecoveryActions() ([#7512](https://github.com/containerd/containerd/pull/7512)) * Updates oci image config to support upstream ArgsEscaped ([#7483](https://github.com/containerd/containerd/pull/7483)) * cmd/containerd: replace deprecated windows.IsAnInteractiveSession() ([#7497](https://github.com/containerd/containerd/pull/7497)) * Update container with sandbox metadata after NetNS is created ([#7481](https://github.com/containerd/containerd/pull/7481)) * archive: add WithSourceDateEpoch() for whiteouts ([#7478](https://github.com/containerd/containerd/pull/7478)) * TestTaskResize must use a terminal ([#7492](https://github.com/containerd/containerd/pull/7492)) * diff/apply.readCounter: check negative size ([#7494](https://github.com/containerd/containerd/pull/7494)) * Add new ctr option for discarding unpacked layers ([#7425](https://github.com/containerd/containerd/pull/7425)) * archive: windows: chtimes(): remove redundant conversion ([#7491](https://github.com/containerd/containerd/pull/7491)) * archive: validate digests before use ([#7488](https://github.com/containerd/containerd/pull/7488)) * vendor: github.com/opencontainers/selinux v1.10.2 ([#7482](https://github.com/containerd/containerd/pull/7482)) * fuzzing: create structured tar bytes in archive fuzzer ([#7477](https://github.com/containerd/containerd/pull/7477)) * Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 ([#7474](https://github.com/containerd/containerd/pull/7474)) * use raw link to containerd.service config ([#7463](https://github.com/containerd/containerd/pull/7463)) * cri doc: Update kata containers reference ([#7466](https://github.com/containerd/containerd/pull/7466)) * Setup pod network after creating the sandbox container ([#5904](https://github.com/containerd/containerd/pull/5904)) * Swap to net.ErrClosed checks for services ([#7446](https://github.com/containerd/containerd/pull/7446)) * go.mod: Bump go-winio to v0.6.0 ([#7443](https://github.com/containerd/containerd/pull/7443)) * fix retry when writer is reset on push ([#6995](https://github.com/containerd/containerd/pull/6995)) * CI: Output a summary using GITHUB_SUMMARY ([#7192](https://github.com/containerd/containerd/pull/7192)) * Fix missing close ([#7430](https://github.com/containerd/containerd/pull/7430)) * Add test flag for skipping shim cgroup test ([#7424](https://github.com/containerd/containerd/pull/7424)) * Refactor CRI fuzzers ([#7405](https://github.com/containerd/containerd/pull/7405)) * Fix LogURIGenerator on Windows ([#7351](https://github.com/containerd/containerd/pull/7351)) * Set grpc code for unimplemented cri-api methods ([#7417](https://github.com/containerd/containerd/pull/7417)) * Add reader option to local content reader at ([#7414](https://github.com/containerd/containerd/pull/7414)) * Sandbox API: implement Controller.Wait and Controller.Stop ([#7401](https://github.com/containerd/containerd/pull/7401)) * remove stray .zuul.yaml ([#7416](https://github.com/containerd/containerd/pull/7416)) * reference CDI configuration details ([#7408](https://github.com/containerd/containerd/pull/7408)) * cri-integration: propagate ENABLE_CRI_SANDBOXES ([#7413](https://github.com/containerd/containerd/pull/7413)) * Enable OpenSSF Scorecard Github Action ([#7404](https://github.com/containerd/containerd/pull/7404)) * Add ext2 fs support to devmapper snapshotter ([#7402](https://github.com/containerd/containerd/pull/7402)) * Fuzzing: Instrument with new sanitizers ([#7396](https://github.com/containerd/containerd/pull/7396)) * Upgrade fuzzing-related packages to reduce dependencies ([#7397](https://github.com/containerd/containerd/pull/7397)) * remotes/docker/config: Skipping TLS verification for localhost ([#7393](https://github.com/containerd/containerd/pull/7393)) * Replace github.com/emicklei/go-restful package, versions <2.16.0 ([#7395](https://github.com/containerd/containerd/pull/7395)) * Add NoSameOwner option when unpacking tars ([#7386](https://github.com/containerd/containerd/pull/7386)) * ctr: add privileged-without-host-devices for run command ([#7328](https://github.com/containerd/containerd/pull/7328)) * chore: matching the casing of other flags for ctr's pull command ([#7341](https://github.com/containerd/containerd/pull/7341)) * windows: Add runhcs-wcow-hypervisor runtimeclass to the default config ([#6901](https://github.com/containerd/containerd/pull/6901)) * Fix missing close ([#7370](https://github.com/containerd/containerd/pull/7370)) * CRI: update cdi version to v0.5.1 ([#7374](https://github.com/containerd/containerd/pull/7374)) * Update to go 1.19.1, 1.18.6 to address CVE-2022-27664, CVE-2022-32190 ([#7372](https://github.com/containerd/containerd/pull/7372)) * vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c ([#7373](https://github.com/containerd/containerd/pull/7373)) * Remove unused variable from images action ([#7371](https://github.com/containerd/containerd/pull/7371)) * feature: use client default namespace ([#7291](https://github.com/containerd/containerd/pull/7291)) * integration: TestUpdateContainerResources_MemoryLimit: remove TODO comment ([#7367](https://github.com/containerd/containerd/pull/7367)) * feature: upgrade registry.k8s.io/pause version ([#7359](https://github.com/containerd/containerd/pull/7359)) * metrics/cgroups/v1: Remove unused event parameter ([#7361](https://github.com/containerd/containerd/pull/7361)) * .zuul: remove the zuul because it is offline ([#7369](https://github.com/containerd/containerd/pull/7369)) * Update golangci-lint timeout to match config ([#7356](https://github.com/containerd/containerd/pull/7356)) * delete redundent import alias and and type conversion ([#7345](https://github.com/containerd/containerd/pull/7345)) * Make checkContainerTimestamps less strict on Windows ([#7350](https://github.com/containerd/containerd/pull/7350)) * Make oss-fuzz mandatory ([#7346](https://github.com/containerd/containerd/pull/7346)) * Add kubernetes v1.25 supported version as v1.24 ([#7326](https://github.com/containerd/containerd/pull/7326)) * sys: move ForceRemoveAll to integration/client ([#7335](https://github.com/containerd/containerd/pull/7335)) * chore: remove duplicate word in comments ([#7338](https://github.com/containerd/containerd/pull/7338)) * Use ioctl helpers from x/sys/unix ([#7342](https://github.com/containerd/containerd/pull/7342)) * archive: replace tarName() with filepath.ToSlash() ([#7344](https://github.com/containerd/containerd/pull/7344)) * mount: remove unused ErrNotImplementOnWindows ([#7339](https://github.com/containerd/containerd/pull/7339)) * replace sys Sequential funcs with moby/sys/sequential ([#7334](https://github.com/containerd/containerd/pull/7334)) * Clarify containerd 1.5.0+ for k8s 1.20,1.21 ([#7324](https://github.com/containerd/containerd/pull/7324)) * update runc binary to v1.1.4 ([#7315](https://github.com/containerd/containerd/pull/7315)) * Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9 ([#7325](https://github.com/containerd/containerd/pull/7325)) * Update k8s.io/cri-api to v0.25.0 ([#7287](https://github.com/containerd/containerd/pull/7287)) * script/setup: handle cnidir with SUDO ([#7322](https://github.com/containerd/containerd/pull/7322)) * ContainerStatus to return container resources ([#6517](https://github.com/containerd/containerd/pull/6517)) * migrate from k8s.gcr.io to registry.k8s.io ([#7038](https://github.com/containerd/containerd/pull/7038)) * Do not rename test files on-the-fly to share functions ([#7309](https://github.com/containerd/containerd/pull/7309)) * ctr import: strictly match platform ([#6906](https://github.com/containerd/containerd/pull/6906)) * Revert "Downgrade MinGW to version 10.2.0" ([#7308](https://github.com/containerd/containerd/pull/7308)) * Follow up #7254 (Switch to Go 1.19) ([#7286](https://github.com/containerd/containerd/pull/7286)) * Upgrade containerd/cgroups to remove github.com/cilium/ebpf's fuzzer ([#7304](https://github.com/containerd/containerd/pull/7304)) * Adding support of CAP_BPF and CAP_PERFMON ([#7301](https://github.com/containerd/containerd/pull/7301)) * go.mod: Bump hcsshim to v0.10.0-rc.1 ([#7284](https://github.com/containerd/containerd/pull/7284)) * Don't fail test when GOOGLE_APPLICATION_CREDENTIALS is unset ([#7306](https://github.com/containerd/containerd/pull/7306)) * ci: remove GOPROXY environment variable due to https://github.com/go-yaml/yaml/issues/887 ([#7293](https://github.com/containerd/containerd/pull/7293)) * Runtime cleanup (Shim manager and task service) ([#7280](https://github.com/containerd/containerd/pull/7280)) * containerd-stress: add support for running through CRI ([#6931](https://github.com/containerd/containerd/pull/6931)) * Switch to Go 1.19 ([#7254](https://github.com/containerd/containerd/pull/7254)) * Vagrantfile: dump containerd log after critest ([#7265](https://github.com/containerd/containerd/pull/7265)) * oci: skip checking group id for WithAppendAdditionalGroups ([#7257](https://github.com/containerd/containerd/pull/7257)) * release workflow: increase timeout to 30 minutes & remove Go setup action ([#7259](https://github.com/containerd/containerd/pull/7259)) * release: rollback Ubuntu to 18.04 (except for riscv64) ([#7258](https://github.com/containerd/containerd/pull/7258)) * Initial sandbox API CRI integration (implement Controller.Start) ([#7228](https://github.com/containerd/containerd/pull/7228)) * Use environment variable to specify Go version on CI ([#7251](https://github.com/containerd/containerd/pull/7251)) * Update golang to 1.18.5, 1.17.13 ([#7243](https://github.com/containerd/containerd/pull/7243)) * Change os.Stderr reassign for Windows service ([#7023](https://github.com/containerd/containerd/pull/7023)) * script/setup: fix protobuf for aarch64 ([#7237](https://github.com/containerd/containerd/pull/7237)) * Fix cleanup in critest ([#7232](https://github.com/containerd/containerd/pull/7232)) * fix: support simultaneous create diff for same parent snapshot ([#7204](https://github.com/containerd/containerd/pull/7204)) * Windows HostProcess container CRI stats test ([#7223](https://github.com/containerd/containerd/pull/7223)) * Regenerate protos with updated protoc-gen-go ([#7226](https://github.com/containerd/containerd/pull/7226)) * test: error strings should not be capitalized ([#7195](https://github.com/containerd/containerd/pull/7195)) * Add extra context to error when push unauthorized ([#7220](https://github.com/containerd/containerd/pull/7220)) * replace with selinux label ([#7207](https://github.com/containerd/containerd/pull/7207)) * Use `httputil.DumpRequestOut` for dumping client req ([#7221](https://github.com/containerd/containerd/pull/7221)) * Fix CRI image pull timeout test for ppc64le ([#7215](https://github.com/containerd/containerd/pull/7215)) * test: introduce failpoint control to runc-shimv2 and cni ([#7069](https://github.com/containerd/containerd/pull/7069)) * chore: bump macos runner version ([#7206](https://github.com/containerd/containerd/pull/7206)) * Use image lists form integration/client tests ([#7210](https://github.com/containerd/containerd/pull/7210)) * go.mod: Bump hcsshim to v0.9.4 ([#7212](https://github.com/containerd/containerd/pull/7212)) * Drop deprecated `ioutil` ([#7203](https://github.com/containerd/containerd/pull/7203)) * Make getServicesOpts a helper ([#7201](https://github.com/containerd/containerd/pull/7201)) * adds an env var commented out for sandboxed mode ([#7183](https://github.com/containerd/containerd/pull/7183)) * cri_stats: handle missing cpu stats ([#7198](https://github.com/containerd/containerd/pull/7198)) * using ContextDialer instead ([#7189](https://github.com/containerd/containerd/pull/7189)) * test: Add ability to switch between cgroupv1 or cgroupv2 for node e2e ([#7173](https://github.com/containerd/containerd/pull/7173)) * code cleanup ([#7182](https://github.com/containerd/containerd/pull/7182)) * Update k8s.io/cri-api to v0.25.0-alpha2 ([#7114](https://github.com/containerd/containerd/pull/7114)) * Refactor usageNanoCores be to used for all OSes ([#7186](https://github.com/containerd/containerd/pull/7186)) * adds support for using env file for systemd boot ([#7191](https://github.com/containerd/containerd/pull/7191)) * go.mod: github.com/stretchr/testify v1.8.0 ([#7185](https://github.com/containerd/containerd/pull/7185)) * ctr: support --user for run/create ([#7145](https://github.com/containerd/containerd/pull/7145)) * docs: Fix sample config.toml syntax ([#7174](https://github.com/containerd/containerd/pull/7174)) * seccomp: seccomp: add syscalls related to PKU in default policy ([#7163](https://github.com/containerd/containerd/pull/7163)) * Update and align golangci-lint version ([#7168](https://github.com/containerd/containerd/pull/7168)) * adds a comment explaining how to disable experimental sbserver ([#7169](https://github.com/containerd/containerd/pull/7169)) * ci: workaround Cirrus CI's INVALID_ARGUMENT ([#7177](https://github.com/containerd/containerd/pull/7177)) * Update install-protobuf script to install protobuf on Darwin ([#7153](https://github.com/containerd/containerd/pull/7153)) * Fork CRI server for Sandbox API integration work ([#7164](https://github.com/containerd/containerd/pull/7164)) * seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE ([#7167](https://github.com/containerd/containerd/pull/7167)) * cri doc: fix formatting for CDI options ([#7158](https://github.com/containerd/containerd/pull/7158)) * update golang to 1.18.4, 1.17.12 ([#7159](https://github.com/containerd/containerd/pull/7159)) * Fix out of date comments for CRI store packages ([#7152](https://github.com/containerd/containerd/pull/7152)) * update some devmapper docs ([#7124](https://github.com/containerd/containerd/pull/7124)) * seccomp: allow clock_settime64 when CAP_SYS_TIME is added ([#7149](https://github.com/containerd/containerd/pull/7149)) * Copy fuzzers from github.com/cncf/cncf-fuzzing ([#7123](https://github.com/containerd/containerd/pull/7123)) * fix can't edit object by using ctr content edit command ([#6847](https://github.com/containerd/containerd/pull/6847)) * integration/client: fix typo in export_test.go ([#7130](https://github.com/containerd/containerd/pull/7130)) * Fix WWW-Authenticate parsing ([#7126](https://github.com/containerd/containerd/pull/7126)) * LCOW differ return ErrNotImplemented for wrong mount type ([#7112](https://github.com/containerd/containerd/pull/7112)) * Update go-restful/v3 to latest release ([#7117](https://github.com/containerd/containerd/pull/7117)) * pkg/cri: use marshal wrapper for version convertor ([#7108](https://github.com/containerd/containerd/pull/7108)) * Remove hacks around contrib/fuzz ([#7087](https://github.com/containerd/containerd/pull/7087)) * Fix missing closed HTTP Body ([#7107](https://github.com/containerd/containerd/pull/7107)) * Cleanup metadata tests ([#7105](https://github.com/containerd/containerd/pull/7105)) * Downgrade MinGW to version 10.2.0 ([#7106](https://github.com/containerd/containerd/pull/7106)) * ctr: Fix `ctr c create` fails to parse arguments ([#7098](https://github.com/containerd/containerd/pull/7098)) * Fix Documentation Issue ([#7103](https://github.com/containerd/containerd/pull/7103)) * refactor: reduce duplicate code ([#7100](https://github.com/containerd/containerd/pull/7100)) * make xattr EPERM non-fatal in createTarFile ([#7094](https://github.com/containerd/containerd/pull/7094)) * Move metadata plugin registration to seperate package ([#7096](https://github.com/containerd/containerd/pull/7096)) * fix: missing sudo for devmapper doc ([#7092](https://github.com/containerd/containerd/pull/7092)) * Ensure Windows Periodic workflow errors out while still uploading results. ([#7085](https://github.com/containerd/containerd/pull/7085)) * Add snapshotter key to snapshot events ([#7084](https://github.com/containerd/containerd/pull/7084)) * add WithAdditionalGIDs test ([#7072](https://github.com/containerd/containerd/pull/7072)) * Forward ctr snapshotter flags on Windows ([#7086](https://github.com/containerd/containerd/pull/7086)) * add WithAppendAdditionalGroups helper ([#7070](https://github.com/containerd/containerd/pull/7070)) * Make CI Fuzz less noisy ([#7065](https://github.com/containerd/containerd/pull/7065)) * ctr: add --hostname flag to create, run ([#7082](https://github.com/containerd/containerd/pull/7082)) * improve content-flow ([#7077](https://github.com/containerd/containerd/pull/7077)) * Make CI Fuzz optional ([#7067](https://github.com/containerd/containerd/pull/7067)) * Use Go 1.18's testing.F on simple fuzzers ([#7056](https://github.com/containerd/containerd/pull/7056)) * Downgrade MinGW in Windows setup scripts. ([#7062](https://github.com/containerd/containerd/pull/7062)) * Make test path a constant ([#7057](https://github.com/containerd/containerd/pull/7057)) * Run fuzzers in CI ([#7052](https://github.com/containerd/containerd/pull/7052)) * CRI: Improve the /dev/shm mount options in Sandbox. ([#6913](https://github.com/containerd/containerd/pull/6913)) * fix:userattr-unmount unexpected timeout ([#7008](https://github.com/containerd/containerd/pull/7008)) * Port (some) unit tests to FreeBSD ([#7042](https://github.com/containerd/containerd/pull/7042)) * Bump Golang and MinGW versions in Windows setup script. ([#6888](https://github.com/containerd/containerd/pull/6888)) * Windows snapshotter touch ups and new functionality ([#6918](https://github.com/containerd/containerd/pull/6918)) * Improve naming consistencies in comments in snapshotter.go ([#7032](https://github.com/containerd/containerd/pull/7032)) * Make building static binaries simpler ([#7022](https://github.com/containerd/containerd/pull/7022)) * Allow CRI on Darwin ([#7033](https://github.com/containerd/containerd/pull/7033)) * update runc binary to v1.1.3 ([#7034](https://github.com/containerd/containerd/pull/7034)) * Linux containers on FreeBSD ([#7000](https://github.com/containerd/containerd/pull/7000)) * go.mod: github.com/moby/sys/mountinfo v0.6.2 ([#7026](https://github.com/containerd/containerd/pull/7026)) * fix minor spelling mistake: lablel -> label ([#7031](https://github.com/containerd/containerd/pull/7031)) * go.mod: github.com/containerd/cgroups v1.0.4 ([#7027](https://github.com/containerd/containerd/pull/7027)) * go.mod: github.com/containerd/continuity v0.3.0 ([#7028](https://github.com/containerd/containerd/pull/7028)) * Correct spelling mistake ("sanbdox" to "sandbox") ([#7029](https://github.com/containerd/containerd/pull/7029)) * Github Security Advisory [GHSA-5ffw-gxpp-mxpf](https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf) * Bump grpc to v1.47.0 ([#7018](https://github.com/containerd/containerd/pull/7018)) * Bump k8s.io deps to v0.24.1 ([#7017](https://github.com/containerd/containerd/pull/7017)) * Support runtime level snapshotter for issue 6657 ([#6899](https://github.com/containerd/containerd/pull/6899)) * update golang to 1.18.3, 1.17.11 ([#7012](https://github.com/containerd/containerd/pull/7012)) * Fix containerd-stress duration flag ([#7004](https://github.com/containerd/containerd/pull/7004)) * update go-cni/for cni update fixing plugins that don't respond with version ([#7009](https://github.com/containerd/containerd/pull/7009)) * Add validations for Windows HostProcess CRI configs ([#6996](https://github.com/containerd/containerd/pull/6996)) * Move docker reference logic to reference/docker package ([#7007](https://github.com/containerd/containerd/pull/7007)) * promote pause image to 3.7 (sync with kube v1.24) ([#7003](https://github.com/containerd/containerd/pull/7003)) * Makefile: use urfave_cli_no_docs for binaries that don't need it ([#6998](https://github.com/containerd/containerd/pull/6998)) * CRI: cleanup cri/store package ([#6993](https://github.com/containerd/containerd/pull/6993)) * Use t.Run for /pkg/cri tests ([#7001](https://github.com/containerd/containerd/pull/7001)) * vendor: github.com/urfave/cli v1.22.9 and fix "verify-vendor" script ([#6997](https://github.com/containerd/containerd/pull/6997)) * sandbox: replace github.com/pkg/errors with native errors ([#6937](https://github.com/containerd/containerd/pull/6937)) * build: Fix references to check-protos target in Makefile ([#6983](https://github.com/containerd/containerd/pull/6983)) * ctr: fix label args used in NewContainer ([#6954](https://github.com/containerd/containerd/pull/6954)) * ctr sandbox: handle sandbox config ([#6959](https://github.com/containerd/containerd/pull/6959)) * Fix broken oss-fuzz build ([#6975](https://github.com/containerd/containerd/pull/6975)) * archive: add human-readable hint to Lchown error ([#6982](https://github.com/containerd/containerd/pull/6982)) * Fix tx closed error when upperdirlabel specified ([#6978](https://github.com/containerd/containerd/pull/6978)) * config: improve config v1 deprecation message ([#6972](https://github.com/containerd/containerd/pull/6972)) * Fix Windows install powershell script ([#6969](https://github.com/containerd/containerd/pull/6969)) * fix comments on metadata schema and update namespace doc ([#6955](https://github.com/containerd/containerd/pull/6955)) * adjust format in comment ([#6956](https://github.com/containerd/containerd/pull/6956)) * Restore decompression benchmarks ([#6957](https://github.com/containerd/containerd/pull/6957)) * cmd/ctr/commands/content: fix typo in fetch command usage ([#6960](https://github.com/containerd/containerd/pull/6960)) * fix some confusing typos ([#6950](https://github.com/containerd/containerd/pull/6950)) * update doc url about k8s ([#6952](https://github.com/containerd/containerd/pull/6952)) * Separate windows-2019 and windows-2022 test results ([#6946](https://github.com/containerd/containerd/pull/6946)) * shim: fix debug flag not working ([#6910](https://github.com/containerd/containerd/pull/6910)) * Reverts removal of parallel run from critest ([#6938](https://github.com/containerd/containerd/pull/6938)) * Bump OpenTelemetry dependencies ([#6932](https://github.com/containerd/containerd/pull/6932)) * update runc binary and vendor to v1.1.2 ([#6934](https://github.com/containerd/containerd/pull/6934)) * oci: WithDefaultUnixDevices(): remove tun/tap from the default devices ([#6923](https://github.com/containerd/containerd/pull/6923)) * update golang to 1.18.2, 1.17.10 ([#6926](https://github.com/containerd/containerd/pull/6926)) * CI: update Fedora to 36 ([#6925](https://github.com/containerd/containerd/pull/6925)) * Add `Wait` to `binaryProcessor` ([#6916](https://github.com/containerd/containerd/pull/6916)) * go.mod: Bump k8s deps to v0.24.0 ([#6905](https://github.com/containerd/containerd/pull/6905)) * (Vagrant CI) Enable git commands due to git CVE fix ([#6915](https://github.com/containerd/containerd/pull/6915)) * Pass explicit JUnit outfile to critest.exe in Windows workflow. ([#6912](https://github.com/containerd/containerd/pull/6912)) * Update critools to v1.24 ([#6894](https://github.com/containerd/containerd/pull/6894)) * devmapper docs: small fixes ([#6904](https://github.com/containerd/containerd/pull/6904)) * move report dir option to end of line for vagrant cri tests ([#6900](https://github.com/containerd/containerd/pull/6900)) * Update Kubernetes version matrix in release docs ([#6892](https://github.com/containerd/containerd/pull/6892)) * Share container images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy ([#6889](https://github.com/containerd/containerd/pull/6889)) * containerd 1.6.4 k8s 1.24 readme announce ([#6890](https://github.com/containerd/containerd/pull/6890)) * Cleanup leaked shim process ([#6866](https://github.com/containerd/containerd/pull/6866)) * Add collectible resources to metadata gc ([#6804](https://github.com/containerd/containerd/pull/6804)) * Update k8 docurl in file ([#6881](https://github.com/containerd/containerd/pull/6881)) * Support RISC-V 64 ([#6882](https://github.com/containerd/containerd/pull/6882)) * docs: minor fixes in snapshots.Snapshotter comments ([#6885](https://github.com/containerd/containerd/pull/6885)) * Officially deprecate Schema 1 ([#6884](https://github.com/containerd/containerd/pull/6884)) * Make Cirrus CI tests more stable ([#6880](https://github.com/containerd/containerd/pull/6880)) * docs: Adding windows installation steps to getting-started.md ([#6875](https://github.com/containerd/containerd/pull/6875)) * Add ctr support for CPUMax and CPUShares ([#6809](https://github.com/containerd/containerd/pull/6809)) * Support for cgroups blockio ([#5490](https://github.com/containerd/containerd/pull/5490)) * Fix comment for metadata/db.go ([#6871](https://github.com/containerd/containerd/pull/6871)) * Remove github.com/gogo/protobuf and github.com/golang/protobuf from containerd's direct dependencies ([#6867](https://github.com/containerd/containerd/pull/6867)) * Update go-cni to v1.1.5 ([#6868](https://github.com/containerd/containerd/pull/6868)) * Bump opencontainers/selinux from 1.10.0 to 1.10.1 ([#6865](https://github.com/containerd/containerd/pull/6865)) * Upgrade google.golang.org/grpc and google.golang.org/protobuf ([#6864](https://github.com/containerd/containerd/pull/6864)) * Don't use "uname -a" as Cirrus CI's cache key ([#6863](https://github.com/containerd/containerd/pull/6863)) * remove duplicate ([#6856](https://github.com/containerd/containerd/pull/6856)) * Create ppc64le release ([#6858](https://github.com/containerd/containerd/pull/6858)) * Move Vagrant-based tests from GitHub Actions to Cirrus CI ([#6854](https://github.com/containerd/containerd/pull/6854)) * feature: support image pull progress timeout ([#6150](https://github.com/containerd/containerd/pull/6150)) * Add unpack interface to be used by client ([#6749](https://github.com/containerd/containerd/pull/6749)) * Fix undefined error in use of errors package ([#6855](https://github.com/containerd/containerd/pull/6855)) * Migrate off from github.com/gogo/protobuf ([#6841](https://github.com/containerd/containerd/pull/6841)) * images/image.go: typo ([#6851](https://github.com/containerd/containerd/pull/6851)) * Add flag to allow oci.WithAllDevicesAllowed on PrivilegedWithoutHostDevices ([#5686](https://github.com/containerd/containerd/pull/5686)) * integration: Adds Windows equivalent for TestSandboxRemoveWithoutIPLeakage ([#6180](https://github.com/containerd/containerd/pull/6180)) * fix incorrect syntax in comments ([#6845](https://github.com/containerd/containerd/pull/6845)) * cri: close fifos when container is deleted ([#6842](https://github.com/containerd/containerd/pull/6842)) * diff: hide types.Any from clients ([#6832](https://github.com/containerd/containerd/pull/6832)) * Add Container-Optimized OS into Adopters ([#6838](https://github.com/containerd/containerd/pull/6838)) * Prepare for google.golang.org/protobuf ([#6835](https://github.com/containerd/containerd/pull/6835)) * fix the restart desired to running when task not found ([#6833](https://github.com/containerd/containerd/pull/6833)) * Remove all gogoproto extensions ([#6829](https://github.com/containerd/containerd/pull/6829)) * fix nil pointer panic for monitor ([#6830](https://github.com/containerd/containerd/pull/6830)) * remotes/docker: log registry URLs as info instead of debug ([#5681](https://github.com/containerd/containerd/pull/5681)) * Rename runtime/v2/task to api/runtime ([#6827](https://github.com/containerd/containerd/pull/6827)) * Fix protoc-gen-go-fieldpath ([#6828](https://github.com/containerd/containerd/pull/6828)) * Consolidate gogo/protobuf dependencies under our own protobuf package ([#6826](https://github.com/containerd/containerd/pull/6826)) * Add restart policy for enhanced restart manager ([#6744](https://github.com/containerd/containerd/pull/6744)) * Remove gogoproto.stdtime ([#6821](https://github.com/containerd/containerd/pull/6821)) * Set timeout when collecting metrics from shim's Stat ([#6781](https://github.com/containerd/containerd/pull/6781)) * Fuzz filter package with Go 1.18's fuzzer ([#6819](https://github.com/containerd/containerd/pull/6819)) * allow ptrace(2) by default for kernel >= 4.8 ([#6810](https://github.com/containerd/containerd/pull/6810)) * Build bin/gen-manpages instead of using "go run" ([#6820](https://github.com/containerd/containerd/pull/6820)) * update golang to 1.18.1, 1.17.9 ([#6822](https://github.com/containerd/containerd/pull/6822)) * Sandbox API ([#6703](https://github.com/containerd/containerd/pull/6703)) * Move lease manager plugin to separate package ([#6811](https://github.com/containerd/containerd/pull/6811)) * fix pool_device_test ([#6807](https://github.com/containerd/containerd/pull/6807)) * check for duplicate nspath possibilities ([#6806](https://github.com/containerd/containerd/pull/6806)) * Do not append []string{""} to command to preserve Docker compatibility ([#6805](https://github.com/containerd/containerd/pull/6805)) * tracing: fix panic on startup when configured ([#6789](https://github.com/containerd/containerd/pull/6789)) * Optimize loading performance for cri recover ([#6680](https://github.com/containerd/containerd/pull/6680)) * Change architecture path in README.md ([#6798](https://github.com/containerd/containerd/pull/6798)) * make consistent for checkpoint path ([#6792](https://github.com/containerd/containerd/pull/6792)) * metrics/cgroups: fix deadlock issue in Add during Collect ([#6788](https://github.com/containerd/containerd/pull/6788)) * ADOPTERS: Update AKS Info ([#6794](https://github.com/containerd/containerd/pull/6794)) * Pin upload-cloud-storage action to 0.8.0 in Windows workflow. ([#6790](https://github.com/containerd/containerd/pull/6790)) * docs: add Deckhouse to the list of adopters ([#6785](https://github.com/containerd/containerd/pull/6785)) * Add `docs/snapshotters`; simplify `docs/cri` ([#6778](https://github.com/containerd/containerd/pull/6778)) * Turn paths from cmdline into absolute paths ([#6672](https://github.com/containerd/containerd/pull/6672)) * CRI: add support for CDI device injection ([#6654](https://github.com/containerd/containerd/pull/6654)) * Disable writing freelist to make the file robust against data corruptions ([#6761](https://github.com/containerd/containerd/pull/6761)) * mv design docs/historical/design ([#6777](https://github.com/containerd/containerd/pull/6777)) * CRI: improve image pulling performance ([#6702](https://github.com/containerd/containerd/pull/6702)) * docs: remove runtime v1; migrate config v1 to v2 ([#6776](https://github.com/containerd/containerd/pull/6776)) * Skip flaky test on Windows ([#6779](https://github.com/containerd/containerd/pull/6779)) * docs/getting-started.md: typo ([#6775](https://github.com/containerd/containerd/pull/6775)) * Add no_tracing tag ([#6750](https://github.com/containerd/containerd/pull/6750)) * Move historical docs to `docs/historical` ([#6754](https://github.com/containerd/containerd/pull/6754)) * Run go mod tidy in integration tests ([#6768](https://github.com/containerd/containerd/pull/6768)) * go.mod: move indirects, and update integration go.mod to 1.18 ([#6765](https://github.com/containerd/containerd/pull/6765)) * Drop gotest.tools ([#6762](https://github.com/containerd/containerd/pull/6762)) * Use t.Setenv instead of os.Setenv ([#6760](https://github.com/containerd/containerd/pull/6760)) * Upgrade to Go 1.18 ([#6709](https://github.com/containerd/containerd/pull/6709)) * Adding multi-arch support for the configure.sh script ([#6751](https://github.com/containerd/containerd/pull/6751)) * docs/getting-started.md: massive update ([#6758](https://github.com/containerd/containerd/pull/6758)) * Remove unmaintained contrib/linuxkit ([#6755](https://github.com/containerd/containerd/pull/6755)) * [Windows CI] Address some timeout issues ([#6757](https://github.com/containerd/containerd/pull/6757)) * BUILDING.md: update supported Go versions ([#6756](https://github.com/containerd/containerd/pull/6756)) * update runc to 1.1.1 ([#6753](https://github.com/containerd/containerd/pull/6753)) * CI: add Rocky Linux 8 ([#6747](https://github.com/containerd/containerd/pull/6747)) * CI: bump up crun to 1.4.4 ([#6748](https://github.com/containerd/containerd/pull/6748)) * added make help for cri integration ([#6743](https://github.com/containerd/containerd/pull/6743)) * Update README.md cncf landscape url ([#6740](https://github.com/containerd/containerd/pull/6740)) * Fix error message in TestNewBinaryIO ([#6738](https://github.com/containerd/containerd/pull/6738)) * Use typeurl.Any instead of github.com/gogo/protobuf/types.Any ([#6706](https://github.com/containerd/containerd/pull/6706)) * Use cgroups.AddProc() for cgroups v1 ([#5738](https://github.com/containerd/containerd/pull/5738)) * fix: ctr images mount with snapshotter option can't get snapshotter ([#6713](https://github.com/containerd/containerd/pull/6713)) * cgroup2: monitor OOMKill instead of OOM to prevent missing container events ([#6323](https://github.com/containerd/containerd/pull/6323)) * moving up to go-cni v1.1.4 ([#6721](https://github.com/containerd/containerd/pull/6721)) * native: fix deadlock from leaving transactions open ([#6722](https://github.com/containerd/containerd/pull/6722)) * go.mod: remove replace, and update github.com/gogo/googleapis v1.4.1 ([#5390](https://github.com/containerd/containerd/pull/5390)) * Github Security Advisory [GHSA-c9cp-9c75-9v8c](https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c) * runtime: deprecate runc --criu / -criu-path option ([#6496](https://github.com/containerd/containerd/pull/6496)) * Bug fix for mount path handling ([#6651](https://github.com/containerd/containerd/pull/6651)) * Upgrade containerd/imgcrypt and opencontainers/image-spec ([#6711](https://github.com/containerd/containerd/pull/6711)) * Remove enumvalue_customname, goproto_enum_prefix and enum_customname ([#6708](https://github.com/containerd/containerd/pull/6708)) * Remove gogoproto.customtype ([#6699](https://github.com/containerd/containerd/pull/6699)) * Skip tty critest testcase on Windows Server 2022 ([#6698](https://github.com/containerd/containerd/pull/6698)) * Build with Go 1.18 ([#6605](https://github.com/containerd/containerd/pull/6605)) * Update prometheus client vendor ([#6690](https://github.com/containerd/containerd/pull/6690)) * vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd ([#6687](https://github.com/containerd/containerd/pull/6687)) * Make the temp mount as ready only in container WithVolumes ([#6593](https://github.com/containerd/containerd/pull/6593)) * fix: `ctr run --cni` get failed ([#6670](https://github.com/containerd/containerd/pull/6670)) * test: use `T.TempDir` to create temporary test directory ([#6681](https://github.com/containerd/containerd/pull/6681)) * Make OpenLab's CI jobs blocking ([#6679](https://github.com/containerd/containerd/pull/6679)) * document log level and format ([#6683](https://github.com/containerd/containerd/pull/6683)) * Add shared content label to namespaces ([#6660](https://github.com/containerd/containerd/pull/6660)) * Add protoc-gen-go-fieldpath ([#6562](https://github.com/containerd/containerd/pull/6562)) * Enable gosec linter for golangci-lint ([#6669](https://github.com/containerd/containerd/pull/6669)) * Make mkfs.xfs available on OpenLab's CI environment ([#6668](https://github.com/containerd/containerd/pull/6668)) * ctr: improve error relative shim path error msg ([#6519](https://github.com/containerd/containerd/pull/6519)) * typo fixes under cmd. ([#6674](https://github.com/containerd/containerd/pull/6674)) * Handle CRI Device.HostPath on Windows ([#6618](https://github.com/containerd/containerd/pull/6618)) * Upgrade golangci-lint and its GitHub Action ([#6666](https://github.com/containerd/containerd/pull/6666)) * Don't build a second copy of containerd-shim-runhcs-v1.exe ([#6661](https://github.com/containerd/containerd/pull/6661)) * Update TestNormalize to only test Windows platform ([#6569](https://github.com/containerd/containerd/pull/6569)) * Fix link in getting-started.md ([#6663](https://github.com/containerd/containerd/pull/6663)) * Fuzzing: refactor metadata fuzzers ([#6423](https://github.com/containerd/containerd/pull/6423)) * Two xfs file systems with same UUID can not be mounted on the same sy… ([#6650](https://github.com/containerd/containerd/pull/6650)) * [Windows] Fix deadline exceeded in daemon restart ([#6635](https://github.com/containerd/containerd/pull/6635)) * Use temp file for export/import test ([#6658](https://github.com/containerd/containerd/pull/6658)) * strip path-info from `-v` (version) output, and implement -v flag for containerd-shim ([#6495](https://github.com/containerd/containerd/pull/6495)) * Improve unexpected response error handling in resolver ([#6617](https://github.com/containerd/containerd/pull/6617)) * Use the latest tag for azure images ([#6601](https://github.com/containerd/containerd/pull/6601)) * Run CRI integration tests in GitHub Actions (Windows) ([#6626](https://github.com/containerd/containerd/pull/6626)) * cri: fix integration test on cgroupsv2 system ([#6595](https://github.com/containerd/containerd/pull/6595)) * Use version 2 configuration format in docs/PLUGINS.md ([#6613](https://github.com/containerd/containerd/pull/6613)) * update to go 1.16.15, 1.17.8 to address CVE-2022-24921 ([#6619](https://github.com/containerd/containerd/pull/6619)) * Update status of 1.4 release ([#6614](https://github.com/containerd/containerd/pull/6614)) * Update TestContainerSymlinkVolumes to use windows path ([#6568](https://github.com/containerd/containerd/pull/6568)) * Add --user support for ctr run Windows ([#6603](https://github.com/containerd/containerd/pull/6603)) * Update releases ([#6608](https://github.com/containerd/containerd/pull/6608)) * Github Security Advisory [GHSA-crp2-qrr5-8pq7](https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7) * Adds support for Windows ArgsEscaped images ([#6479](https://github.com/containerd/containerd/pull/6479)) * Do not use weak import ([#6558](https://github.com/containerd/containerd/pull/6558)) * cri: relax test for system without hugetlb ([#6596](https://github.com/containerd/containerd/pull/6596)) * Use containerd/protobuild instead of stevvooe/protobuild ([#6578](https://github.com/containerd/containerd/pull/6578)) * integration: remove duplicated util pkg ([#6597](https://github.com/containerd/containerd/pull/6597)) * go.mod: update to github.com/tchap/go-patricia/v2 v2.3.1 ([#6591](https://github.com/containerd/containerd/pull/6591)) * Update Go version recommendation in getting started ([#6585](https://github.com/containerd/containerd/pull/6585)) * go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3 ([#6337](https://github.com/containerd/containerd/pull/6337)) * fix Implicit memory aliasing in for loop ([#6331](https://github.com/containerd/containerd/pull/6331)) * Fix build with gccgo ([#6579](https://github.com/containerd/containerd/pull/6579)) * Replace golang.org/x/net/context with std library ([#6580](https://github.com/containerd/containerd/pull/6580)) * containerd-shim-runc-v1: return init pid when clean dead shim ([#6571](https://github.com/containerd/containerd/pull/6571)) * Use Windows matcher when on Windows platform in all code paths ([#6491](https://github.com/containerd/containerd/pull/6491)) * containerd-shim-runc-v2: return init pid when clean dead shim ([#6452](https://github.com/containerd/containerd/pull/6452)) * [Windows][Integration] Enable TestRestartMonitor ([#6515](https://github.com/containerd/containerd/pull/6515)) * go.mod: fsnotify v1.5.1, moby/sys/mountinfo v0.6.0, moby/sys/signal v0.7.0 ([#6554](https://github.com/containerd/containerd/pull/6554)) </p> </details> ### Changes from containerd/cgroups <details><summary>49 commits</summary> <p> * Upgrade GitHub actions CI workflow ([#249](https://github.com/containerd/cgroups/pull/249)) * Upgrade Go compiler to 1.19 ([#248](https://github.com/containerd/cgroups/pull/248)) * Don't use ioutil ([#246](https://github.com/containerd/cgroups/pull/246)) * Check that cgroup is empty before deleting ([#228](https://github.com/containerd/cgroups/pull/228)) * Support cgroup.AddThread in cgroupv2 manager ([#243](https://github.com/containerd/cgroups/pull/243)) * Support to handle more than 4 fields in cpuacct.stat ([#231](https://github.com/containerd/cgroups/pull/231)) * typo shoulld -> should ([#236](https://github.com/containerd/cgroups/pull/236)) * Upgrade github.com/cilium/ebpf from v0.4.0 to v0.9.1 ([#241](https://github.com/containerd/cgroups/pull/241)) * go.mod: github.com/stretchr/testify v1.8.0 ([#240](https://github.com/containerd/cgroups/pull/240)) * .github: use ubuntu-22.04 to test cgroupv2 ([#237](https://github.com/containerd/cgroups/pull/237)) * feat(v2): Support cgroup.MoveTo in cgroupv2 manager ([#235](https://github.com/containerd/cgroups/pull/235)) * Update README to include usage examples of v2 client ([#233](https://github.com/containerd/cgroups/pull/233)) * ParseCgroupFile: fix wrong comment about unified hierarchy ; add ParseCgroupFileUnified to get the unified path ([#232](https://github.com/containerd/cgroups/pull/232)) * Bump go version to 1.17 in go.mod ([#230](https://github.com/containerd/cgroups/pull/230)) * make cmd/ a separate module (as it's only for testing) ([#226](https://github.com/containerd/cgroups/pull/226)) * feat(v2): add Update method for v2.Manager ([#225](https://github.com/containerd/cgroups/pull/225)) * feat: add memory.min param ([#211](https://github.com/containerd/cgroups/pull/211)) * modified the dereference null pointer value. ([#218](https://github.com/containerd/cgroups/pull/218)) * update readme for cpu cgroup demo ([#217](https://github.com/containerd/cgroups/pull/217)) * Fix systemd full path ([#221](https://github.com/containerd/cgroups/pull/221)) * Update Go version and fedora base ([#223](https://github.com/containerd/cgroups/pull/223)) * Fix panic in NewSystemd on nil values ([#219](https://github.com/containerd/cgroups/pull/219)) </p> </details> ### Changes from containerd/continuity <details><summary>28 commits</summary> <p> * go.mod: update dependencies (take 2) ([#204](https://github.com/containerd/continuity/pull/204)) * Revert "go.mod: update dependencies" ([#205](https://github.com/containerd/continuity/pull/205)) * Various small fix-ups ([#202](https://github.com/containerd/continuity/pull/202)) * update authors and mailmap ([#201](https://github.com/containerd/continuity/pull/201)) * move cmd/continuity to its own go module ([#200](https://github.com/containerd/continuity/pull/200)) * CI: resolve Go path before sudoing ; Remove deprecated io/ioutil (except ioutil.ReadDir) ([#198](https://github.com/containerd/continuity/pull/198)) * fs.CopyDir: support sockets and pipes ([#197](https://github.com/containerd/continuity/pull/197)) * Fix wrapping errors ([#196](https://github.com/containerd/continuity/pull/196)) </p> </details> ### Changes from containerd/go-cni <details><summary>38 commits</summary> <p> * Add Go 1.20 support ([#111](https://github.com/containerd/go-cni/pull/111)) * opts: add cgroupPath capability ([#110](https://github.com/containerd/go-cni/pull/110)) * go.mod: github.com/containernetworking/cni v1.1.2 ([#109](https://github.com/containerd/go-cni/pull/109)) * Remove references to io/ioutil package ([#106](https://github.com/containerd/go-cni/pull/106)) * Update golangci/golangci-lint package ([#108](https://github.com/containerd/go-cni/pull/108)) * Update GitHub actions CI workflow ([#107](https://github.com/containerd/go-cni/pull/107)) * Add support for Windows default conf paths ([#103](https://github.com/containerd/go-cni/pull/103)) * go.mod: github.com/stretchr/testify v1.8.0 ([#104](https://github.com/containerd/go-cni/pull/104)) * go.mod: update libcni to v1.1.1 ([#101](https://github.com/containerd/go-cni/pull/101)) * add in some serial setup tests; a little make cleanup ([#100](https://github.com/containerd/go-cni/pull/100)) * Re-introduce serial network setup ([#99](https://github.com/containerd/go-cni/pull/99)) * bump github.com/containernetworking/cni v1.1.0 ([#98](https://github.com/containerd/go-cni/pull/98)) * Revert "Update loopback version to support check" ([#96](https://github.com/containerd/go-cni/pull/96)) * Use revive instead of golint ([#92](https://github.com/containerd/go-cni/pull/92)) * Bump go verion to 1.17 ([#91](https://github.com/containerd/go-cni/pull/91)) * moving up to latest CNI plugin release ([#90](https://github.com/containerd/go-cni/pull/90)) * Fix Loopback Version ([#88](https://github.com/containerd/go-cni/pull/88)) * Update comment for capabilities ([#89](https://github.com/containerd/go-cni/pull/89)) * Add integration test for linux and update go version from 1.16 to 1.17 ([#84](https://github.com/containerd/go-cni/pull/84)) </p> </details> ### Changes from containerd/imgcrypt <details><summary>18 commits</summary> <p> * Use reflect to support diff.ApplyConfig with/without gogo's types.Any ([#75](https://github.com/containerd/imgcrypt/pull/75)) * Upgrade golangci-lint-action and golangci-lint ([#76](https://github.com/containerd/imgcrypt/pull/76)) * CHANGES: Updated CHANGES document for 1.1.4 release ([#74](https://github.com/containerd/imgcrypt/pull/74)) * Bump github.com/containerd/containerd from 1.5.10 to 1.6.1 ([#73](https://github.com/containerd/imgcrypt/pull/73)) * images: prepare for typeurl.Any ([#72](https://github.com/containerd/imgcrypt/pull/72)) * Bump ocicrypt to 1.1.3 ([#71](https://github.com/containerd/imgcrypt/pull/71)) * Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 ([#67](https://github.com/containerd/imgcrypt/pull/67)) </p> </details> ### Changes from containerd/nri <details><summary>37 commits</summary> <p> * adaptation: fix a panic for unsolicited updates. ([#23](https://github.com/containerd/nri/pull/23)) * pkg/adaptaton: log errors with %v not %w. ([#22](https://github.com/containerd/nri/pull/22)) * chore: cleanup old buildtags by `go fix` ([#21](https://github.com/containerd/nri/pull/21)) * add back project info ([#20](https://github.com/containerd/nri/pull/20)) * Extend scope to enable common pluggable runtime extensions. ([#16](https://github.com/containerd/nri/pull/16)) * Update GitHub actions CI workflow ([#19](https://github.com/containerd/nri/pull/19)) * replace pkg/errors ([#17](https://github.com/containerd/nri/pull/17)) * Update the examples in README.md ([#15](https://github.com/containerd/nri/pull/15)) * Rename branch from master to main ([#12](https://github.com/containerd/nri/pull/12)) * Update to containerd 1.5.1 ([#11](https://github.com/containerd/nri/pull/11)) </p> </details> ### Changes from containerd/ttrpc <details><summary>56 commits</summary> <p> * Make checkServerShutdown verbose ([#128](https://github.com/containerd/ttrpc/pull/128)) * server: Fix connection issues when receiving ECONNRESET ([#123](https://github.com/containerd/ttrpc/pull/123)) * README: protobuild is in containerd org now ([#125](https://github.com/containerd/ttrpc/pull/125)) * stream: fix the map of streams leak ([#120](https://github.com/containerd/ttrpc/pull/120)) * Regenerated pb.go files to fix mismatches ([#122](https://github.com/containerd/ttrpc/pull/122)) * build: Fix references to check-protos target in Makefile ([#118](https://github.com/containerd/ttrpc/pull/118)) * Add service prefix option to generator ([#116](https://github.com/containerd/ttrpc/pull/116)) * doc: ttrpc supports stream ([#121](https://github.com/containerd/ttrpc/pull/121)) * *: remove codecov ([#114](https://github.com/containerd/ttrpc/pull/114)) * Only generate a Go file if the file has some services ([#112](https://github.com/containerd/ttrpc/pull/112)) * *.go: organize errors to one spot ([#113](https://github.com/containerd/ttrpc/pull/113)) * PROTOCOL: slight markdown touchup ([#111](https://github.com/containerd/ttrpc/pull/111)) * Introduce streaming ([#107](https://github.com/containerd/ttrpc/pull/107)) * Update checkout and lint actions ([#109](https://github.com/containerd/ttrpc/pull/109)) * Add Makefile and update protobuf ([#106](https://github.com/containerd/ttrpc/pull/106)) * Add ttrpc protocol definition ([#102](https://github.com/containerd/ttrpc/pull/102)) * Enable Codecov again ([#105](https://github.com/containerd/ttrpc/pull/105)) * Use CR+LF instead of LF regardless of OS ([#103](https://github.com/containerd/ttrpc/pull/103)) * Log the error's underyling errno if there is ([#104](https://github.com/containerd/ttrpc/pull/104)) * Use google.golang.org/protobuf instead of github.com/gogo/protobuf ([#99](https://github.com/containerd/ttrpc/pull/99)) * Wrap correct error on unix.GetsockoptUcred failure ([#100](https://github.com/containerd/ttrpc/pull/100)) * Update CI project checks to use containerd project action ([#101](https://github.com/containerd/ttrpc/pull/101)) </p> </details> ### Dependency Changes * **github.com/AdaLogics/go-fuzz-headers** 6c3934b029d8 -> 1f10f66a31bf * **github.com/AdamKorcz/go-118-fuzz-build** 5330a85ea652 **_new_** * **github.com/Microsoft/go-winio** v0.5.1 -> v0.6.0 * **github.com/Microsoft/hcsshim** v0.9.2 -> v0.10.0-rc.5 * **github.com/blang/semver/v4** v4.0.0 **_new_** * **github.com/cenkalti/backoff/v4** v4.1.2 -> v4.2.0 * **github.com/cilium/ebpf** v0.7.0 -> v0.9.1 * **github.com/container-orchestrated-devices/container-device-interface** v0.5.1 **_new_** * **github.com/containerd/btrfs/v2** v2.0.0 **_new_** * **github.com/containerd/cgroups** v1.0.3 -> v1.1.0 * **github.com/containerd/cgroups/v3** v3.0.0 **_new_** * **github.com/containerd/continuity** v0.2.2 -> v0.3.0 * **github.com/containerd/go-cni** v1.1.3 -> 6603d5bd8941 * **github.com/containerd/imgcrypt** v1.1.3 -> 8ba028dca028 * **github.com/containerd/nri** v0.1.0 -> b3cabdec0657 * **github.com/containerd/ttrpc** v1.1.0 -> 32fab2374638 * **github.com/containerd/typeurl/v2** v2.1.0 **_new_** * **github.com/containernetworking/cni** v1.0.1 -> v1.1.2 * **github.com/containernetworking/plugins** v1.0.1 -> v1.2.0 * **github.com/containers/ocicrypt** v1.1.2 -> v1.1.3 * **github.com/coreos/go-systemd/v22** v22.3.2 -> v22.5.0 * **github.com/cpuguy83/go-md2man/v2** v2.0.0 -> v2.0.2 * **github.com/cyphar/filepath-securejoin** v0.2.3 **_new_** * **github.com/docker/go-units** v0.4.0 -> v0.5.0 * **github.com/emicklei/go-restful/v3** v3.8.0 **_new_** * **github.com/fsnotify/fsnotify** v1.4.9 -> v1.6.0 * **github.com/go-logr/logr** v1.2.2 -> v1.2.3 * **github.com/godbus/dbus/v5** v5.0.6 -> v5.1.0 * **github.com/google/go-cmp** v0.5.6 -> v0.5.9 * **github.com/google/uuid** v1.2.0 -> v1.3.0 * **github.com/grpc-ecosystem/grpc-gateway/v2** v2.7.0 **_new_** * **github.com/intel/goresctrl** v0.2.0 -> v0.3.0 * **github.com/klauspost/compress** v1.11.13 -> v1.15.11 * **github.com/klauspost/cpuid/v2** v2.0.4 **_new_** * **github.com/miekg/pkcs11** v1.0.3 -> v1.1.1 * **github.com/minio/sha256-simd** v1.0.0 **_new_** * **github.com/moby/sys/mountinfo** v0.5.0 -> v0.6.2 * **github.com/moby/sys/sequential** v0.5.0 **_new_** * **github.com/moby/sys/signal** v0.6.0 -> v0.7.0 * **github.com/opencontainers/image-spec** 693428a734f5 -> 3a7f492d3f1b * **github.com/opencontainers/runc** v1.1.0 -> v1.1.4 * **github.com/opencontainers/runtime-spec** 1c3f411f0417 -> 86290f6a00fb * **github.com/opencontainers/runtime-tools** 946c877fa809 **_new_** * **github.com/opencontainers/selinux** v1.10.0 -> v1.10.2 * **github.com/pelletier/go-toml** v1.9.3 -> v1.9.5 * **github.com/prometheus/client_golang** v1.11.0 -> v1.13.0 * **github.com/prometheus/common** v0.30.0 -> v0.37.0 * **github.com/prometheus/procfs** v0.7.3 -> v0.8.0 * **github.com/russross/blackfriday/v2** v2.0.1 -> v2.1.0 * **github.com/sirupsen/logrus** v1.8.1 -> v1.9.0 * **github.com/stretchr/testify** v1.7.0 -> v1.8.1 * **github.com/syndtr/gocapability** 42c35b437635 **_new_** * **github.com/tchap/go-patricia/v2** v2.3.1 **_new_** * **github.com/urfave/cli** v1.22.1 -> v1.22.12 * **github.com/vishvananda/netlink** f5de75959ad5 -> v1.2.1-beta.2 * **go.opencensus.io** v0.23.0 -> v0.24.0 * **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.28.0 -> v0.37.0 * **go.opentelemetry.io/otel** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/exporters/otlp/internal/retry** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/metric** v0.34.0 **_new_** * **go.opentelemetry.io/otel/sdk** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/otel/trace** v1.3.0 -> v1.12.0 * **go.opentelemetry.io/proto/otlp** v0.11.0 -> v0.19.0 * **golang.org/x/crypto** 32db794688a5 -> v0.1.0 * **golang.org/x/mod** v0.7.0 **_new_** * **golang.org/x/net** fe4d6282115f -> v0.5.0 * **golang.org/x/oauth2** 2bc19b11175f -> 6fdb5e3db783 * **golang.org/x/sync** 036812b2e83c -> v0.1.0 * **golang.org/x/sys** 1d35b9e2eb4e -> v0.5.0 * **golang.org/x/term** 6886f2dfbf5b -> v0.4.0 * **golang.org/x/text** v0.3.7 -> v0.6.0 * **golang.org/x/time** 1f47c861a9ac -> 90d013bbcef8 * **golang.org/x/tools** v0.5.0 **_new_** * **google.golang.org/genproto** e50cd9704f63 -> 1c016267d619 * **google.golang.org/grpc** v1.43.0 -> v1.52.3 * **google.golang.org/protobuf** v1.27.1 -> v1.28.1 * **gopkg.in/yaml.v3** 496545a6307b -> v3.0.1 * **k8s.io/api** v0.22.5 -> v0.25.4 * **k8s.io/apimachinery** v0.22.5 -> v0.25.4 * **k8s.io/apiserver** v0.22.5 -> v0.25.4 * **k8s.io/client-go** v0.22.5 -> v0.25.4 * **k8s.io/component-base** v0.22.5 -> v0.25.4 * **k8s.io/cri-api** v0.23.1 -> v0.26.0-beta.0 * **k8s.io/klog/v2** v2.30.0 -> v2.80.1 * **k8s.io/utils** cb0fa318a74b -> 8e77b1f39fe2 * **sigs.k8s.io/json** f223a00ba0e2 **_new_** * **sigs.k8s.io/structured-merge-diff/v4** v4.1.2 -> v4.2.3 * **sigs.k8s.io/yaml** v1.2.0 -> v1.3.0 Previous release can be found at [v1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. * `cri-containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: (Deprecated) * `cri-containerd-cni-<VERSION>-<OS>-<ARCH>.tar.gz`: (Deprecated) In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation. -
v1.6.18
containerd 1.6.18 Welcome to the v1.6.18 release of containerd! The eighteenth patch release for containerd 1.6 includes fixes for CVE-2023-25153 and CVE-2023-25173 along with a security update for Go. ### Notable Updates * **Fix OCI image importer memory exhaustion** ([GHSA-259w-8hf6-59c2](https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2)) * **Fix supplementary groups not being set up properly** ([GHSA-hmfx-3pcx-653p](https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p)) * **Revert removal of `/sbin/apparmor_parser` check** ([#8087](https://github.com/containerd/containerd/pull/8087)) * **Update Go to 1.19.6** ([#8111](https://github.com/containerd/containerd/pull/8111)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Akihiro Suda * Derek McGowan * Ye Sijun * Samuel Karp * Bjorn Neergaard * Wei Fu * Brian Goff * Iceber Gu * Kazuyoshi Kato * Phil Estes * Swagat Bora ### Changes <details><summary>24 commits</summary> <p> * [release/1.6] Prepare release notes for v1.6.18 ([#8118](https://github.com/containerd/containerd/pull/8118)) * [`44e61d764`](https://github.com/containerd/containerd/commit/44e61d7641f71f44353263306a4967276933173b) Add release notes for v1.6.18 * Github Security Advisory [GHSA-hmfx-3pcx-653p](https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p) * [`286a01f35`](https://github.com/containerd/containerd/commit/286a01f350a2298b4fdd7e2a0b31c04db3937ea8) oci: fix additional GIDs * [`301823453`](https://github.com/containerd/containerd/commit/301823453d788ce409e222e88a27d7faf2c2093d) oci: fix loop iterator aliasing * [`0070ab70f`](https://github.com/containerd/containerd/commit/0070ab70fa58045d25fc6ebab27edcae328e38f1) oci: skip checking gid for WithAppendAdditionalGroups * [`16d52de64`](https://github.com/containerd/containerd/commit/16d52de64d9b0b0e4bf7e11226199281561a3d96) refactor: reduce duplicate code * [`b45e30292`](https://github.com/containerd/containerd/commit/b45e30292ce9b214158fa403a6165aabbf5b23f0) add WithAdditionalGIDs test * [`0a06c284a`](https://github.com/containerd/containerd/commit/0a06c284aec5860a58a803b5da83def3462dc3a0) add WithAppendAdditionalGroups helper * Github Security Advisory [GHSA-259w-8hf6-59c2](https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2) * [`84936fd1f`](https://github.com/containerd/containerd/commit/84936fd1f6a0670ab8c7665cb87fae6b87b0b908) importer: stream oci-layout and manifest.json * [1.6] Add fallback for windows platforms without osversion ([#8106](https://github.com/containerd/containerd/pull/8106)) * [`b327af6a4`](https://github.com/containerd/containerd/commit/b327af6a4f635611d8b59beec94db0beace48063) Add fallback for windows platforms without osversion * [release/1.6] Go 1.19.6 ([#8111](https://github.com/containerd/containerd/pull/8111)) * [`54ead5b7b`](https://github.com/containerd/containerd/commit/54ead5b7b71a0f458566e42eac28eb274286af47) Go 1.19.6 * [release/1.6] ctr/run: flags --detach and --rm cannot be specified together ([#8094](https://github.com/containerd/containerd/pull/8094)) * [`2b4b35ab4`](https://github.com/containerd/containerd/commit/2b4b35ab49b0cea79f76c4f52923c74cfc26ccfb) ctr/run: flags --detach and --rm cannot be specified together * [release/1.6] Fix retry logic within devmapper device deactivation ([#8088](https://github.com/containerd/containerd/pull/8088)) * [`d5284157b`](https://github.com/containerd/containerd/commit/d5284157b8af78a2d85e78bd3106695a4e4c995b) Fix retry logic within devmapper device deactivation * [release/1.6 backport] Revert `apparmor_parser` regression ([#8087](https://github.com/containerd/containerd/pull/8087)) * [`624ff636b`](https://github.com/containerd/containerd/commit/624ff636b8b463fc48e6ba3c861f98a0c00dbb71) pkg/apparmor: clarify Godoc * [`3a0a35b36`](https://github.com/containerd/containerd/commit/3a0a35b36297685d1a38bfa823005a2cb77a40dd) Revert "Don't check for apparmor_parser to be present" * [release/1.6] CI: skip some jobs when `repo != containerd/containerd` ([#8083](https://github.com/containerd/containerd/pull/8083)) * [`664a938a3`](https://github.com/containerd/containerd/commit/664a938a33ccbbc0ab70ca5f9455e452b910e767) CI: skip some jobs when `repo != containerd/containerd` </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.6.17](https://github.com/containerd/containerd/releases/tag/v1.6.17)
-
v1.5.18
containerd 1.5.18 Welcome to the v1.5.18 release of containerd! The eighteenth patch release for containerd 1.5 includes fixes for CVE-2023-25153 and CVE-2023-25173 along with a security update for Go. ### Notable Updates * **Fix supplementary groups not being set up properly** ([GHSA-hmfx-3pcx-653p](https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p)) * **Fix OCI image importer memory exhaustion** ([GHSA-259w-8hf6-59c2](https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2)) * **Update Go to 1.19.6** ([#8112](https://github.com/containerd/containerd/pull/8112)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Akihiro Suda * Derek McGowan * Ye Sijun * Samuel Karp * Phil Estes * Swagat Bora * Wei Fu ### Changes <details><summary>17 commits</summary> <p> * [release/1.5] Prepare release notes for v1.5.18 ([#8117](https://github.com/containerd/containerd/pull/8117)) * [`ddf9de6cb`](https://github.com/containerd/containerd/commit/ddf9de6cbb30f9edf1b04d304eac67d1383e406b) Prepare release notes for v1.5.18 * Github Security Advisory [GHSA-hmfx-3pcx-653p](https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p) * [`a62c38bf2`](https://github.com/containerd/containerd/commit/a62c38bf2173faa813018939710fc8491e4f7dba) oci: fix additional GIDs * [`3b89da580`](https://github.com/containerd/containerd/commit/3b89da580b76471d6c03cb1fc6c14db6aa23d3db) oci: fix loop iterator aliasing * [`b07ec6b25`](https://github.com/containerd/containerd/commit/b07ec6b251bd51f06bc72ef408f31e3f6e6e87f9) oci: skip checking gid for WithAppendAdditionalGroups * [`356672cb5`](https://github.com/containerd/containerd/commit/356672cb56fd5a0eed11e5089ac824c7ab09ffac) refactor: reduce duplicate code * [`6a7b7617c`](https://github.com/containerd/containerd/commit/6a7b7617cfbd90009a2e05e0e5eff4ef92028d7b) add WithAdditionalGIDs test * [`832bcf300`](https://github.com/containerd/containerd/commit/832bcf300b1ec29c9b08326aab2d4eafee58dd85) add WithAppendAdditionalGroups helper * Github Security Advisory [GHSA-259w-8hf6-59c2](https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2) * [`19a347e45`](https://github.com/containerd/containerd/commit/19a347e456f3ab66909edca5351aa6f4ed1be177) importer: stream oci-layout and manifest.json * [release/1.5] Go 1.19.6 ([#8112](https://github.com/containerd/containerd/pull/8112)) * [`4209dc243`](https://github.com/containerd/containerd/commit/4209dc243005af926fbd0382cbd6cf4cd26beeef) Go 1.19.6 * [release/1.5] Fix retry logic within devmapper device deactivation ([#8089](https://github.com/containerd/containerd/pull/8089)) * [`0d16d045d`](https://github.com/containerd/containerd/commit/0d16d045dfd0d800a00dc362736b815f6cc96de8) Fix retry logic within devmapper device deactivation * [release/1.5] CI: skip some jobs when `repo != containerd/containerd` ([#8084](https://github.com/containerd/containerd/pull/8084)) * [`34451bc66`](https://github.com/containerd/containerd/commit/34451bc66453aad2f911aa8bffa6817061e4a72b) CI: skip some jobs when `repo != containerd/containerd` </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.5.17](https://github.com/containerd/containerd/releases/tag/v1.5.17)
-
v1.6.17
containerd 1.6.17 Welcome to the v1.6.17 release of containerd! The seventeenth patch release for containerd 1.6 includes various updates. ### Notable Updates * **Add network plugin metrics** ([#8018](https://github.com/containerd/containerd/pull/8018)) * **Update mkdir permission on /etc/cni to 0755 instead of 0700** ([#8030](https://github.com/containerd/containerd/pull/8030)) * **Export remote snapshotter label handler** ([#8054](https://github.com/containerd/containerd/pull/8054)) * **Add support for default hosts.toml configuration** ([#8065](https://github.com/containerd/containerd/pull/8065)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Akihiro Suda * Jess * Antonio Ojea * Kohei Tokunaga * Phil Estes * Wei Fu ### Changes <details><summary>11 commits</summary> <p> * [release/1.6] Prepare release notes for v1.6.17 ([#8080](https://github.com/containerd/containerd/pull/8080)) * [`a1aa9b900`](https://github.com/containerd/containerd/commit/a1aa9b900ce9e276a210a48aa5dc8b8832a44c2e) Prepare release notes for v1.6.17 * [1.6] Backport default registry hosts config ([#8065](https://github.com/containerd/containerd/pull/8065)) * [`1436641b8`](https://github.com/containerd/containerd/commit/1436641b8dc77f24f4ec57d238344bc6bb857081) Support default hosts.toml configuration * [`87acecd04`](https://github.com/containerd/containerd/commit/87acecd0409103c266c5eda932e809e6717e7859) Update hosts doc * [release/1.6 backport] Export remote snapshotter label handler ([#8054](https://github.com/containerd/containerd/pull/8054)) * [`a6544ed7d`](https://github.com/containerd/containerd/commit/a6544ed7dc114b7542041eea91abbc7fe9a466a0) Export remote snapshotter label handler * [release/1.6] cri: mkdir /etc/cni with 0755, not 0700 ([#8030](https://github.com/containerd/containerd/pull/8030)) * [`ae02a24a3`](https://github.com/containerd/containerd/commit/ae02a24a39ddd6764eb7f98de677f11d8bdd1919) cri: mkdir /etc/cni with 0755, not 0700 * [release/1.6] add network plugin metrics ([#8018](https://github.com/containerd/containerd/pull/8018)) * [`6c6cc5ec1`](https://github.com/containerd/containerd/commit/6c6cc5ec107f10ccf4d4acbfe89d572a52d58a92) add network plugin metrics </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.6.16](https://github.com/containerd/containerd/releases/tag/v1.6.16)
-
v1.6.16
containerd 1.6.16 Welcome to the v1.6.16 release of containerd! The sixteenth patch release for containerd 1.6 includes various bug fixes and updates. ### Notable Updates * **Fix push error propagation** ([#7990](https://github.com/containerd/containerd/pull/7990)) * **Fix slice append error with HugepageLimits for Linux** ([#7995](https://github.com/containerd/containerd/pull/7995)) * **Update default seccomp profile for PKU and CAP_SYS_NICE** ([#8001](https://github.com/containerd/containerd/pull/8001)) * **Fix overlayfs error when upperdirlabel option is set** ([#8002](https://github.com/containerd/containerd/pull/8002)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Akihiro Suda * Derek McGowan * Samuel Karp * Sebastiaan van Stijn * Phil Estes * Craig Ingram * Justin Chadwell * Qasim Sarfraz * Wei Fu * bin liu * cardy.tang * rongfu.leng ### Changes <details><summary>30 commits</summary> <p> * [release/1.6] Prepare v1.6.16 ([#8016](https://github.com/containerd/containerd/pull/8016)) * [`d3c595aa3`](https://github.com/containerd/containerd/commit/d3c595aa387e2d7ad3cd08313579ec86c876f738) Prepare release notes for v1.6.16 * [release/1.6 backport] Fix tx closed error when upperdirlabel specified ([#8002](https://github.com/containerd/containerd/pull/8002)) * [`8c704036a`](https://github.com/containerd/containerd/commit/8c704036a81b13b25ab7073e2715075b6ec39e94) Fix tx closed error when upperdirlabel specified * [release/1.6 backport] assorted test-fixes ([#8000](https://github.com/containerd/containerd/pull/8000)) * [`91a68edd7`](https://github.com/containerd/containerd/commit/91a68edd775bba554a9eac7e04898b22069db5aa) cri: Fix TestUpdateOCILinuxResource for host w/o swap controller * [`5594f706e`](https://github.com/containerd/containerd/commit/5594f706e67462c4a29f68e6958341ba35d06826) Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts * [release/1.6 backport] seccomp updates ([#8001](https://github.com/containerd/containerd/pull/8001)) * [`7037f5313`](https://github.com/containerd/containerd/commit/7037f531304821b7b1943f2c7821d94035b54d76) seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE * [`d22919a1c`](https://github.com/containerd/containerd/commit/d22919a1cb8180885a6f38fa7851a487aebd2440) seccomp: seccomp: add syscalls related to PKU in default policy * [release/1.6 backport] Harden GITHUB_TOKEN permissions ([#7999](https://github.com/containerd/containerd/pull/7999)) * [`8b8a21fe4`](https://github.com/containerd/containerd/commit/8b8a21fe4dbc7b940a802cb8d099a4084dae6ee9) Harden GITHUB_TOKEN permissions * [release/1.6 backport] assorted updates to Vagrantfile ([#7996](https://github.com/containerd/containerd/pull/7996)) * [`8009948bb`](https://github.com/containerd/containerd/commit/8009948bb2dee8eb2c021d8a467572927ed0657d) Vagrantfile: fix comments about SELinux * [`550424f92`](https://github.com/containerd/containerd/commit/550424f929d7f9ae8fd59bd520719d0d8f00f2b3) Vagrantfile: install-rootless-podman: remove `setenforce 0` * [`2c32f8559`](https://github.com/containerd/containerd/commit/2c32f85599ec121702329ffddd50f99dbe491370) CI: update Fedora to 37 * [`556bb0cc8`](https://github.com/containerd/containerd/commit/556bb0cc8a01ece740d28749bcc6d76360117167) Vagrantfile: explicitly specify rsync as the shared folder driver * [`edfac1834`](https://github.com/containerd/containerd/commit/edfac183479d3a98147d1652b4ee198f522330a5) fix install cni script * [`91d5e53fb`](https://github.com/containerd/containerd/commit/91d5e53fbc3d5acfdd8ca4328cec1a20359b22f8) Vagrantfile: dump containerd log after critest * [release/1.6 backport] Fix slice append error ([#7995](https://github.com/containerd/containerd/pull/7995)) * [`ab193eb20`](https://github.com/containerd/containerd/commit/ab193eb20bade0c7fff74a33a3b91f2517af05c6) pkg/cri: optimize slice initialization * [`e6cf5ec58`](https://github.com/containerd/containerd/commit/e6cf5ec58d395332985f15084527676d70b21f1c) Fix slice append error * [release/1.6] update to go1.18.10 ([#7992](https://github.com/containerd/containerd/pull/7992)) * [`6a8a6531f`](https://github.com/containerd/containerd/commit/6a8a6531fd4f778089376749386c934b436484f7) [release/1.6] update to go1.18.10 * [release/1.6 backport] release/Dockerfile: set DEBIAN_FRONTEND=noninteractive ([#7991](https://github.com/containerd/containerd/pull/7991)) * [`d0dc7988a`](https://github.com/containerd/containerd/commit/d0dc7988ab9b30be8a05fae1fc064164418e653d) release/Dockerfile: set DEBIAN_FRONTEND=noninteractive * [release/1.6 backport] pushWriter: correctly propagate errors ([#7990](https://github.com/containerd/containerd/pull/7990)) * [`1584c2581`](https://github.com/containerd/containerd/commit/1584c2581017414e673e4df05f63bc6b67edd424) pushWriter: correctly propagate errors * [release/1.6] mod: update github.com/pelletier/go-toml@v1.9.5 ([#7942](https://github.com/containerd/containerd/pull/7942)) * [`545f22091`](https://github.com/containerd/containerd/commit/545f220910082c4236a8751854c640e7f7dc3e69) mod: update github.com/pelletier/go-toml@v1.9.5 </p> </details> ### Dependency Changes * **github.com/pelletier/go-toml** v1.9.3 -> v1.9.5 Previous release can be found at [v1.6.15](https://github.com/containerd/containerd/releases/tag/v1.6.15)
-
v1.5.17
containerd 1.5.17 Welcome to the v1.5.17 release of containerd! The seventeenth patch release for containerd 1.5 includes various fixes and updates. ### Notable Updates * **Update shim to fail fast on dial error** ([#7953](https://github.com/containerd/containerd/pull/7953)) * **Fix no CNI info for pod sandbox on restart** ([#7849](https://github.com/containerd/containerd/pull/7849)) * **Fix push error propagation** ([#7998](https://github.com/containerd/containerd/pull/7998)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Akihiro Suda * Wei Fu * Danny Canter * Justin Chadwell * Kirtana Ashok * Phil Estes * Samuel Karp * Sebastiaan van Stijn ### Changes <details><summary>14 commits</summary> <p> * [release/1.5] Prepare release notes for v1.5.17 ([#8017](https://github.com/containerd/containerd/pull/8017)) * [`40a4d58de`](https://github.com/containerd/containerd/commit/40a4d58def141d5ed970dc9f4cf85d11bb91b67c) Prepare release notes for v1.5.17 * [release/1.5] integration/images: switch away from Docker Hub to avoid rate limit ([#8009](https://github.com/containerd/containerd/pull/8009)) * [`d44769ad6`](https://github.com/containerd/containerd/commit/d44769ad6d7cc54595732ee145c4a69036500c6d) integration/images: switch away from Docker Hub to avoid rate limit * [release/1.5 backport] pushWriter: correctly propagate errors ([#7998](https://github.com/containerd/containerd/pull/7998)) * [`1e848038d`](https://github.com/containerd/containerd/commit/1e848038df0df71c5aa60cca856378ac7031d298) pushWriter: correctly propagate errors * [release/1.5] update to go1.18.10 ([#7993](https://github.com/containerd/containerd/pull/7993)) * [`464c2fb7a`](https://github.com/containerd/containerd/commit/464c2fb7adeb1bdac5f53d5b1bd6dd051c698c77) [release/1.5] update to go1.18.10 * [release/1.5] runtime: should fail fast if dial error on shim ([#7953](https://github.com/containerd/containerd/pull/7953)) * [`7473711de`](https://github.com/containerd/containerd/commit/7473711debe58363d53c9fb5b4b7937ac5123712) runtime: should fail fast if dial error on shim * [release/1.5] CRI: Fix no CNI info for pod sandbox on restart ([#7849](https://github.com/containerd/containerd/pull/7849)) * [`23c2a863e`](https://github.com/containerd/containerd/commit/23c2a863e338c6e1ddb2bb56d1b2e35f118f5284) CRI: Fix no CNI info for pod sandbox on restart * [release/1.5] go.mod: Bump hcsshim to v0.8.25 ([#7817](https://github.com/containerd/containerd/pull/7817)) * [`1c5d8d142`](https://github.com/containerd/containerd/commit/1c5d8d1422c0226d4b9b0814af124bb0ef61b9aa) [release/1.5] Bump shim tag to v0.8.25 </p> </details> ### Dependency Changes * **github.com/Microsoft/hcsshim** v0.8.24 -> v0.8.25 Previous release can be found at [v1.5.16](https://github.com/containerd/containerd/releases/tag/v1.5.16)
-
v1.7.0-beta.3
containerd 1.7.0-beta.3 Welcome to the v1.7.0-beta.3 release of containerd! *This is a pre-release of containerd* The eighth major release of containerd includes new functionality alongside many improvements. This release is intended to be the last major release of containerd 1.x before 2.0. Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0. This release still adheres to our backwards compability guarantees and users who do not use or enable new functionality should use this release with the same stability expectations. The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality. _This is a beta release and includes some functionality which is not yet complete. While most APIs are finalized before merge, they are subject to change until the official release._ ### Highlights #### Sandbox API _(experimental)_ The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs. This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients. * **Sandbox API** ([#6703](https://github.com/containerd/containerd/pull/6703)) * **CRI Sandbox API Implementation** ([#7228](https://github.com/containerd/containerd/pull/7228)) #### Transfer Service _(experimental)_ * **Transfer Service** ([#7320](https://github.com/containerd/containerd/pull/7320)) The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release to allow for further plugin development and integration into existing plugins. See the [Transfer Docs](https://github.com/containerd/containerd/blob/main/docs/transfer.md) #### NRI _(experimental)_ * **Extend NRI scope** ([nri#16](https://github.com/containerd/nri/pull/16)) * **Support for updated NRI** ([#6019](https://github.com/containerd/containerd/pull/6019)) The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration. This release introduces NRI v0.2.0 with an updated plugin interface to cover a wide range of use cases. See the [NRI Docs](https://github.com/containerd/containerd/blob/main/docs/NRI.md) #### Platform Support * **Linux containers on FreeBSD** ([#7000](https://github.com/containerd/containerd/pull/7000)) #### Runtime Features * **Add support for CDI device injection** ([#6654](https://github.com/containerd/containerd/pull/6654)) * **Support for cgroups blockio** ([#5490](https://github.com/containerd/containerd/pull/5490)) * **Add restart policy for enhanced restart manager** ([#6744](https://github.com/containerd/containerd/pull/6744)) #### Road to 2.0 ##### Refactoring There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points. The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independenty. The new sandbox and distribution interfaces provide one example of this, but it also being done for image and network management. The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc. Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability. * **Remove gogoproto.customtype** ([#6699](https://github.com/containerd/containerd/pull/6699)) * **Remove enumvalue_customname, goproto_enum_prefix and enum_customname** ([#6708](https://github.com/containerd/containerd/pull/6708)) * **Remove all gogoproto extensions** ([#6829](https://github.com/containerd/containerd/pull/6829)) * **Migrate off from github.com/gogo/protobuf** ([#6841](https://github.com/containerd/containerd/pull/6841)) * **ttrpc streaming** ([ttrpc#107](https://github.com/containerd/ttrpc/pull/107)) * **Add unpack interface for client** ([#6749](https://github.com/containerd/containerd/pull/6749)) * **Add collectible resources to metadata gc** ([#6804](https://github.com/containerd/containerd/pull/6804)) ##### Configuration Existing CRI configurations will be supported until 2.0. Any functionality split out of CRI will have their configuration migrated to new plugins. Deprecated configuration versions and configurations for deprecated features will be removed in 2.0. ##### Deprecation The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include. * **Docker Schema 1 Image Deprecation** ([#6884](https://github.com/containerd/containerd/pull/6884)) #### CRI Updates * **Support image pull progress timeout** ([#6150](https://github.com/containerd/containerd/pull/6150)) * **Fix CRI plugin to setup pod network after creating the sandbox container** ([#5904](https://github.com/containerd/containerd/pull/5904)) * **Pass all TOML runtime configuration options from CRI to the runtime** ([#7764](https://github.com/containerd/containerd/pull/7764)) * **Support for user namespaces in stateless pods ([KEP-127](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/127-user-namespaces)) _(experimental)_** ([#7679](https://github.com/containerd/containerd/pull/7679)) * **Add network plugin metrics** ([#7858](https://github.com/containerd/containerd/pull/7858)) * **CRI v1alpha2 is deprecated and will be removed from containerd in containerd v2.0; if you are using the CRI API please move up to CRI v1; Kubernetes supports CRI v1 since Kubernetes 1.23** ([#7863](https://github.com/containerd/containerd/pull/7863)) #### Other * **Support shallow content copy by adding reader option to local content reader at** ([#7414](https://github.com/containerd/containerd/pull/7414)) * **Add NoSameOwner option when unpacking tars** ([#7386](https://github.com/containerd/containerd/pull/7386)) * **Add `FetcherByDigest` for fetching blobs without fetching a manifest** ([#7460](https://github.com/containerd/containerd/pull/7460)) * **Update default seccomp profile to block socket calls to AF_VSOCK** ([#7510](https://github.com/containerd/containerd/pull/7510)) * **Replace fork on mount logic with CLONE_FS** ([#7513](https://github.com/containerd/containerd/pull/7513)) * **Add support for default registry host configuration** ([#7607](https://github.com/containerd/containerd/pull/7607)) * **Use github.com/minio/sha256-simd for more efficient sha256 calculation** ([#7732](https://github.com/containerd/containerd/pull/7732)) * **Make OCI options cross-platform** ([#7928](https://github.com/containerd/containerd/pull/7928)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Kazuyoshi Kato * Maksym Pavlenko * Phil Estes * Wei Fu * Akihiro Suda * Sebastiaan van Stijn * Samuel Karp * Mike Brown * Krisztian Litkey * Daniel Canter * yanggang * Danny Canter * Ye Sijun * Iceber Gu * Adam Korcz * Ed Bartosh * Luca Comellini * Stefan Berger * xin.li * Gabriel Adrian Samfira * Nashwan Azhari * Paul "TBBle" Hampson * Rodrigo Campos * ruiwen-zhao * zounengren * Austin Vazquez * Brian Goff * Henry Wang * Shengjing Zhu * Gavin Inglis * Justin Terry * Kevin Parsons * Paco Xu * Swagat Bora * wanglei * Akhil Mohan * Tony Fang * lengrongfu * James Jenkins * Michael Crosby * Qiutong Song * Shiming Zhang * Antonio Ojea * Junyu Liu * Michael Zappa * Qasim Sarfraz * Tobias Klauser * guodong * pigletfly * Amit Barve * Cameron Sparr * Changwei Ge * Craig Ingram * Eng Zer Jun * Eric Lin * James Sturtevant * Jess * Jonny Stoten * Juan Hoyos * Kang.Zhang * Kirtana Ashok * Markus Lehtonen * Mikko Ylinen * Paul Cacheux * Paul S. Schweigert * Qian Zhang * Vincent Batts * Yasin Turan * bin liu * dependabot[bot] * Abirdcfly * Aditi Sharma * Aman Sharma * Anastassios Nanos * Andrew G. Morgan * Andrey Klimentyev * Antti Kervinen * Aviral Takkar * Baoshuo * Benjamin Elder * Chao Dai * Chuanying Du * Claudiu Belu * Cory Snider * Danielle Lancashire * Dat Nguyen * Davanum Srinivas * Dave * David Leadbeater * David Porter * Dmitry Shurupov * Eric Ernst * Ethan Lowman * Fabian Hoffman * Fabian Hoffmann * Fahed Dorgaa * Fish-pro * Gabriela Cervantes * Gijs Peskens * Hamza El-Saawy * Hsing-Yu (David) Chen * Ikko Ashimine * Jeff Widman * Jeff Zvier * Jeremi Piotrowski * Jin Dong * Jordan Karaze * Joseph Sheng * Joyce Brum * Jukka Rissanen * Justin Chadwell * Kate * Kathryn Baldauf * Kohei Tokunaga * Kyle L Frisbie * LongtaoZhang * Manuel Alejandro de Brito Fontes * Marc Schwind * Mark Rossetti * Mark Zhang * Marvin Giessing * Mathis Michel * Merlin Ran * Nabeel Rana * Nguyen Phan Huy * Nikita Rybak * Nobel Barakat * Oleg Atamanenko * Oleg Zhurakivskyy * Oliver Radwell * Quan Tian * Roy Yang * Serge Logvinov * Shane Jennings * Shaun Lawrie * Shinichi Morimoto * SilverSoldier * Sophie Liu * Su Fei * Taeho Nam * Takumasa Sakao * Tiger Kaovilai * Tom Godkin * Tomoya.Fujita * Tõnis Tiigi * Xinlin Ma * Yakul Garg * Zhang Tianyang * Zhongming Chang * Zhuchen Wang * austinvazquez * cardy.tang * chaunceyjiang * dabaooline * guiyong.ou * huoqifeng * jianfei.zhang * ningmingxiao * shi yixue * shuaichang * songjiang han * wen chen * wusong * xiaoyang zhu * yanghesong * yaozhenxiu * zhang he ### Changes <details><summary>1453 commits</summary> <p> * Prepare release notes for v1.7.0-beta.3 ([#8014](https://github.com/containerd/containerd/pull/8014)) * Fix Memory Limit test ([#7959](https://github.com/containerd/containerd/pull/7959)) * Reused package errdefs for not supported error ([#8005](https://github.com/containerd/containerd/pull/8005)) * pkg/cri: optimize slice initialization ([#7994](https://github.com/containerd/containerd/pull/7994)) * go.mod: update goresctrl to v0.3.0 ([#7987](https://github.com/containerd/containerd/pull/7987)) * pushWriter: correctly propagate errors ([#7985](https://github.com/containerd/containerd/pull/7985)) * CI: test release.yml on every PR ([#7968](https://github.com/containerd/containerd/pull/7968)) * fix incorrect namespace of event when create/update namespace ([#7129](https://github.com/containerd/containerd/pull/7129)) * Backport changes to sandboxed CRI ([#7973](https://github.com/containerd/containerd/pull/7973)) * Fix syntax errors in the document ([#7970](https://github.com/containerd/containerd/pull/7970)) * release/Dockerfile: set DEBIAN_FRONTEND=noninteractive ([#7969](https://github.com/containerd/containerd/pull/7969)) * use local variable for rt when iterating collectors ([#7963](https://github.com/containerd/containerd/pull/7963)) * Add basic spec and mounts for Darwin ([#7960](https://github.com/containerd/containerd/pull/7960)) * go.mod: Bump hcsshim to v0.10.0-rc.4 ([#7810](https://github.com/containerd/containerd/pull/7810)) * Use specs Platform instead of generated API ([#7958](https://github.com/containerd/containerd/pull/7958)) * Make OCI options cross-platform ([#7928](https://github.com/containerd/containerd/pull/7928)) * update to go1.19.5, go1.18.10 ([#7948](https://github.com/containerd/containerd/pull/7948)) * fuzzing: improve archive fuzzer ([#7957](https://github.com/containerd/containerd/pull/7957)) * shim: enable debug logging for delete ([#7943](https://github.com/containerd/containerd/pull/7943)) * cri: Fix TestUpdateOCILinuxResource for host w/o swap controller ([#7946](https://github.com/containerd/containerd/pull/7946)) * ctr/run: flags --detach and --rm cannot be specified together ([#7929](https://github.com/containerd/containerd/pull/7929)) * Fix Flaky Windows CRI Integration test on TestContainerConsumedStats ([#7935](https://github.com/containerd/containerd/pull/7935)) * Refactor snapshotters metastore transaction ([#7917](https://github.com/containerd/containerd/pull/7917)) * mod: update github.com/pelletier/go-toml@v1.9.5 ([#7932](https://github.com/containerd/containerd/pull/7932)) * archive: improve TestSourceDateEpoch ([#7927](https://github.com/containerd/containerd/pull/7927)) * Add tracing plugin test ([#7883](https://github.com/containerd/containerd/pull/7883)) * docs/content-flow: update the description of the content labels ([#7925](https://github.com/containerd/containerd/pull/7925)) * Add cleanup package for context management during cleanup ([#7861](https://github.com/containerd/containerd/pull/7861)) * Fix race between stream registration and use ([#7886](https://github.com/containerd/containerd/pull/7886)) * Prepare release notes for v1.7.0-beta.2 ([#7903](https://github.com/containerd/containerd/pull/7903)) * Cirrus CI (Fedora 37, Rocky 8): enable cri-integration ([#7892](https://github.com/containerd/containerd/pull/7892)) * contrib/Dockerfile.test: add "integration", "cri-integration", "critest" stages ([#7891](https://github.com/containerd/containerd/pull/7891)) * docs: fix a typo in tracing documentation ([#7914](https://github.com/containerd/containerd/pull/7914)) * CI: Pass GITHUB_TOKEN to containerd/project-checks ([#7913](https://github.com/containerd/containerd/pull/7913)) * Enable dupword linter ([#7911](https://github.com/containerd/containerd/pull/7911)) * ctr: Add platform flag to 'oci spec' command ([#7905](https://github.com/containerd/containerd/pull/7905)) * Vagrantfile: fix disk resize error with VirtualBox ([#7907](https://github.com/containerd/containerd/pull/7907)) * Vagrantfile: fix comments about SELinux ([#7908](https://github.com/containerd/containerd/pull/7908)) * Use the const labels.LabelUncompressed ([#7906](https://github.com/containerd/containerd/pull/7906)) * [sandbox] Add sandbox store plugin type ([#7850](https://github.com/containerd/containerd/pull/7850)) * Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts ([#7893](https://github.com/containerd/containerd/pull/7893)) * CRI: Comment cleanup/misc fixes ([#7904](https://github.com/containerd/containerd/pull/7904)) * Move snapshot event publishing into metadata store ([#5674](https://github.com/containerd/containerd/pull/5674)) * Vagrantfile: install-rootless-podman: remove `setenforce 0` ([#7887](https://github.com/containerd/containerd/pull/7887)) * reused package errdefs for error ([#7894](https://github.com/containerd/containerd/pull/7894)) * integration/images: switch away from Docker Hub to avoid rate limit ([#7888](https://github.com/containerd/containerd/pull/7888)) * Validate userns container config is consistent with sandbox userns config ([#7882](https://github.com/containerd/containerd/pull/7882)) * `ctr contents ls` sorts the labels of the content ([#7881](https://github.com/containerd/containerd/pull/7881)) * chore: use `go fix` to cleanup old +build buildtag ([#7879](https://github.com/containerd/containerd/pull/7879)) * cri: Shadow variables to avoid t.Parallel() issues ([#7880](https://github.com/containerd/containerd/pull/7880)) * Add support for user namespaces in stateless pods (KEP-127) ([#7679](https://github.com/containerd/containerd/pull/7679)) * Refactor metastore transaction ([#7529](https://github.com/containerd/containerd/pull/7529)) * oci: appendOSMounts(): remove unused error, and move ([#7874](https://github.com/containerd/containerd/pull/7874)) * add kube v1.26: remove v1alph2 cri support ([#7863](https://github.com/containerd/containerd/pull/7863)) * make runc 1.1 for oss_fuzz_build.sh ([#7875](https://github.com/containerd/containerd/pull/7875)) * CRI sbserver: Prevent server reuse after Shutdown ([#7872](https://github.com/containerd/containerd/pull/7872)) * Fix incorrect defer usage and refactor judgement ([#7521](https://github.com/containerd/containerd/pull/7521)) * oci: Add WithDomainname ([#7869](https://github.com/containerd/containerd/pull/7869)) * Reused errdefs define error ([#7871](https://github.com/containerd/containerd/pull/7871)) * fix `ctr tasks kill` does not remove cni network under windows ([#7866](https://github.com/containerd/containerd/pull/7866)) * add network plugin metrics ([#7858](https://github.com/containerd/containerd/pull/7858)) * Avoid using canceled context in unpacker cleanup ([#7859](https://github.com/containerd/containerd/pull/7859)) * image/label: print more characters of label keys ([#7618](https://github.com/containerd/containerd/pull/7618)) * prevent Server reuse after a Shutdown ([#7165](https://github.com/containerd/containerd/pull/7165)) * Check containerd's readiness before calling critest ([#7851](https://github.com/containerd/containerd/pull/7851)) * Fix grammatical errors in Readme ([#7837](https://github.com/containerd/containerd/pull/7837)) * Fix cpu architecture detection issue on linux/arm ([#7636](https://github.com/containerd/containerd/pull/7636)) * CRI: Fix no CNI info for pod sandbox on restart ([#7845](https://github.com/containerd/containerd/pull/7845)) * Enable checkRename test ([#7081](https://github.com/containerd/containerd/pull/7081)) * metastore: Add WithTransaction convenience method ([#7781](https://github.com/containerd/containerd/pull/7781)) * Prevent a race condition in testHook ([#7831](https://github.com/containerd/containerd/pull/7831)) * cri: fix `memory.memsw.limit_in_bytes: no such file or directory` ([#7836](https://github.com/containerd/containerd/pull/7836)) * go.mod: update fuzz-headers and fuzz-build ([#7824](https://github.com/containerd/containerd/pull/7824)) * Remove github.com/gogo/protobuf again ([#7825](https://github.com/containerd/containerd/pull/7825)) * CRI: Add host networking helper ([#7814](https://github.com/containerd/containerd/pull/7814)) * Support sandbox shutdown in shim runtimes ([#7792](https://github.com/containerd/containerd/pull/7792)) * move up to CRI-TOOLS v1.26.0 ([#7818](https://github.com/containerd/containerd/pull/7818)) * Minor fix when querying pod sandbox status ([#7812](https://github.com/containerd/containerd/pull/7812)) * nil check to avoid panic on upgrade ([#7809](https://github.com/containerd/containerd/pull/7809)) * Bump grpc to v1.51.0 ([#7709](https://github.com/containerd/containerd/pull/7709)) * fatal error: concurrent map iteration and map write ([#7805](https://github.com/containerd/containerd/pull/7805)) * Bump golangci-lint to v1.50.1 ([#7804](https://github.com/containerd/containerd/pull/7804)) * cri: make swapping disabled with memory limit ([#7783](https://github.com/containerd/containerd/pull/7783)) * add metrics for image pulling: error; in progress count; thoughput ([#7313](https://github.com/containerd/containerd/pull/7313)) * Prepare release notes for v1.7.0-beta.1 ([#7793](https://github.com/containerd/containerd/pull/7793)) * support fetching containerd from non public GCS buckets ([#7771](https://github.com/containerd/containerd/pull/7771)) * images: support specifying SourceDateEpoch via ctx ([#7651](https://github.com/containerd/containerd/pull/7651)) * fuzzing: improve archive fuzzer ([#7718](https://github.com/containerd/containerd/pull/7718)) * fix sdNotify func when debug level ([#7798](https://github.com/containerd/containerd/pull/7798)) * Upgrade GitHub actions packages in release workflow ([#7794](https://github.com/containerd/containerd/pull/7794)) * Enable GitHub Actions local Linux CI runs ([#7796](https://github.com/containerd/containerd/pull/7796)) * integration: increase timeout in container_event_test.go ([#7791](https://github.com/containerd/containerd/pull/7791)) * digest: use github.com/minio/sha256-simd ([#7732](https://github.com/containerd/containerd/pull/7732)) * allow client to remove created tasks with PID 0 ([#7787](https://github.com/containerd/containerd/pull/7787)) * Add container event support to containerd ([#7073](https://github.com/containerd/containerd/pull/7073)) * docs: Authorizer.Authorize could return ErrUnexpectedStatus ([#7786](https://github.com/containerd/containerd/pull/7786)) * fix: check for tmpfs when evaluating if userxattr is needed ([#7772](https://github.com/containerd/containerd/pull/7772)) * Pass TOML configuration options for runtimes CRI is not aware of ([#7764](https://github.com/containerd/containerd/pull/7764)) * Cleanup build constraints ([#7776](https://github.com/containerd/containerd/pull/7776)) * There is no way to disable debug endpoint on Darwin ([#7775](https://github.com/containerd/containerd/pull/7775)) * CI: Vagrant: pin rockylinux/8 to v5.0.0 ([#7777](https://github.com/containerd/containerd/pull/7777)) * vendor: golang.org/x/net v0.4.0 ([#7774](https://github.com/containerd/containerd/pull/7774)) * Fix context when waiting sandbox ([#7773](https://github.com/containerd/containerd/pull/7773)) * Github Security Advisory [GHSA-2qjp-425j-52j9](https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9) * update to go1.19.4, go1.18.9 ([#7765](https://github.com/containerd/containerd/pull/7765)) * Change PushContent to require only Provider ([#7763](https://github.com/containerd/containerd/pull/7763)) * sbserver bug fixing ([#7768](https://github.com/containerd/containerd/pull/7768)) * Add unit test to Opentelemetry tracing ([#7671](https://github.com/containerd/containerd/pull/7671)) * remove some (aliases for) deprecated functions ([#7525](https://github.com/containerd/containerd/pull/7525)) * Refactor ctr restore to allow for tty allocation ([#7673](https://github.com/containerd/containerd/pull/7673)) * fix panic when containerd-stress density --count 0 ([#7748](https://github.com/containerd/containerd/pull/7748)) * Unwrap proto errors in streaming client ([#7753](https://github.com/containerd/containerd/pull/7753)) * Fix process_vm_* syscall names in seccomp ([#7755](https://github.com/containerd/containerd/pull/7755)) * upgrade the ops.md output for current 1.7 version . ([#7747](https://github.com/containerd/containerd/pull/7747)) * docs: Add extra security instructions ([#7743](https://github.com/containerd/containerd/pull/7743)) * go.mod: re-vendor NRI from the official repo. ([#7744](https://github.com/containerd/containerd/pull/7744)) * [Sandbox API] CRI status cleanup ([#7731](https://github.com/containerd/containerd/pull/7731)) * Transfer service ([#7320](https://github.com/containerd/containerd/pull/7320)) * NRI: add support for NRI with extended scope. ([#6019](https://github.com/containerd/containerd/pull/6019)) * archive: set WithModTimeUpperBound when WithSourceDateEpoch is set ([#7710](https://github.com/containerd/containerd/pull/7710)) * Fix order of operations when setting lease labels ([#7702](https://github.com/containerd/containerd/pull/7702)) * Add ctr image prune command ([#7730](https://github.com/containerd/containerd/pull/7730)) * Check for nullptr before dereferencing ([#7708](https://github.com/containerd/containerd/pull/7708)) * use MaxConcurrentDownloads instead of MaxConcurrentUploadedLayers ([#7736](https://github.com/containerd/containerd/pull/7736)) * introspection: expose the daemon's PID and PIDNS ([#7694](https://github.com/containerd/containerd/pull/7694)) * reference/docker: synchronize fork with upstream distribution/distribution ([#7635](https://github.com/containerd/containerd/pull/7635)) * go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions ([#7721](https://github.com/containerd/containerd/pull/7721)) * Add ptrace readby and tracedby to default AppArmor profile ([#7714](https://github.com/containerd/containerd/pull/7714)) * Fix sandbox API when calling sandboxed shims ([#7684](https://github.com/containerd/containerd/pull/7684)) * make status more readable and update easy. ([#7669](https://github.com/containerd/containerd/pull/7669)) * integration/client: fix go.mod grouping, containerd to v1.7.0-beta.0, cgroups back to v1.0.4 ([#7720](https://github.com/containerd/containerd/pull/7720)) * Resolve warnings in Windows GitHub Actions periodic workflows ([#7706](https://github.com/containerd/containerd/pull/7706)) * Sandbox API: implement Controller.Status for SandboxAPI ([#7470](https://github.com/containerd/containerd/pull/7470)) * [port #5904 to sbserver] Setup pod network after creating the sandbox container ([#7426](https://github.com/containerd/containerd/pull/7426)) * fix for OSS-Fuzz infra changes ([#7677](https://github.com/containerd/containerd/pull/7677)) * runtime/v2/shim: clean up the use of containerdBinary ([#7499](https://github.com/containerd/containerd/pull/7499)) * Add process_vm read and write calls to default seccomp profile ([#7693](https://github.com/containerd/containerd/pull/7693)) * Resolve Scorecards GitHub Actions workflow warnings ([#7707](https://github.com/containerd/containerd/pull/7707)) * cri: add pod uid annotation ([#7697](https://github.com/containerd/containerd/pull/7697)) * Missed out `platform interface` when reused the conn for Client. ([#7699](https://github.com/containerd/containerd/pull/7699)) * overlayfs: remove duplicated tx rollback ([#7700](https://github.com/containerd/containerd/pull/7700)) * go.mod: update some dependencies ([#7704](https://github.com/containerd/containerd/pull/7704)) * update github.com/cpuguy83/go-md2man/v2 to v2.0.2 ([#7705](https://github.com/containerd/containerd/pull/7705)) * Fsnotify bump and change code ([#7703](https://github.com/containerd/containerd/pull/7703)) * fix build containerd in centos9 ([#7683](https://github.com/containerd/containerd/pull/7683)) * Bump urfave-cli to v1.22.10 ([#7701](https://github.com/containerd/containerd/pull/7701)) * can set up the network serially by CNI plugins ([#7685](https://github.com/containerd/containerd/pull/7685)) * Update cri-api dependency to v0.26.0-beta.0 ([#7656](https://github.com/containerd/containerd/pull/7656)) * overlay: Remove unused method param ([#7696](https://github.com/containerd/containerd/pull/7696)) * CI: update Fedora to 37 ([#7691](https://github.com/containerd/containerd/pull/7691)) * tx rollback when GetInfo return error ([#7678](https://github.com/containerd/containerd/pull/7678)) * Upgrade github.com/containerd/cgroups from v1 to v3 ([#7601](https://github.com/containerd/containerd/pull/7601)) * Remove OpenTelementry imports from remotes/docker package ([#7675](https://github.com/containerd/containerd/pull/7675)) * Expose Done and Err in Shutdown service ([#7686](https://github.com/containerd/containerd/pull/7686)) * gotestsum match go version 1.19 ([#7688](https://github.com/containerd/containerd/pull/7688)) * complement sub-command note for containerd-main ([#7670](https://github.com/containerd/containerd/pull/7670)) * keep the lower case letter for flag info ([#7668](https://github.com/containerd/containerd/pull/7668)) * bump critools into ca1571e6edd116b2c95f52e3dfa0b4779b74223a ([#7666](https://github.com/containerd/containerd/pull/7666)) * Fix broken link for CRI plugin in docs ([#7667](https://github.com/containerd/containerd/pull/7667)) * add option to resolve symlinks in WithLinuxDevice ([#7523](https://github.com/containerd/containerd/pull/7523)) * Bump k8s.io deps to v0.25.4 ([#7663](https://github.com/containerd/containerd/pull/7663)) * Release: add static binaries ([#7659](https://github.com/containerd/containerd/pull/7659)) * Bump OpenTelemetry contrib to v0.36.4 ([#7662](https://github.com/containerd/containerd/pull/7662)) * Fix slice append error (`spec.Linux.Resources.HugepageLimits`) ([#7661](https://github.com/containerd/containerd/pull/7661)) * Bump OpenTelemetry to v1.11.1 ([#7660](https://github.com/containerd/containerd/pull/7660)) * feature: add gc scheduler metrics collection count ([#5263](https://github.com/containerd/containerd/pull/5263)) * Add `--debug` args to all subcommands of `ctr pprof` ([#7629](https://github.com/containerd/containerd/pull/7629)) * Add a thin wrapper around otel Span object ([#7655](https://github.com/containerd/containerd/pull/7655)) * Bump grpc to v1.50.1 ([#7643](https://github.com/containerd/containerd/pull/7643)) * replace strings.Split(N) for strings.Cut() or alternatives ([#7631](https://github.com/containerd/containerd/pull/7631)) * add oci.WithCPURT ([#7642](https://github.com/containerd/containerd/pull/7642)) * Sandbox API: Add a new mode config for sandbox controller impls ([#7590](https://github.com/containerd/containerd/pull/7590)) * fuzzing: bump go-fuzz-headers ([#7625](https://github.com/containerd/containerd/pull/7625)) * Bump k8s.io deps to v0.25.3 ([#7637](https://github.com/containerd/containerd/pull/7637)) * Remove uses of deprecated go-digest.NewDigestFromHex, go-digest.Digest.Hex ([#7641](https://github.com/containerd/containerd/pull/7641)) * Extra documentation for content interfaces ([#7640](https://github.com/containerd/containerd/pull/7640)) * Fix shim socket permissions on Darwin ([#7638](https://github.com/containerd/containerd/pull/7638)) * s390x: build and package s390x bin in release assets ([#7614](https://github.com/containerd/containerd/pull/7614)) * Replace mount fork hack with CLONE_FS ([#7513](https://github.com/containerd/containerd/pull/7513)) * remotes: add `FetcherByDigest` for fetching blobs without foreknown descriptors (useful for general-purpose CAS) ([#7460](https://github.com/containerd/containerd/pull/7460)) * Fix "getCPUInfo for OS freebsd: not implemented" on FreeBSD/arm64 ([#7403](https://github.com/containerd/containerd/pull/7403)) * Support default hosts.toml configuration ([#7607](https://github.com/containerd/containerd/pull/7607)) * Add tracing spans in CRI image service and pull.go ([#7453](https://github.com/containerd/containerd/pull/7453)) * Fix missing closed fifo ([#7604](https://github.com/containerd/containerd/pull/7604)) * fix comments ([#7624](https://github.com/containerd/containerd/pull/7624)) * docs: add additional info in backport process ([#7626](https://github.com/containerd/containerd/pull/7626)) * go.mod: golang.org/x/*: use tagged versions ([#7621](https://github.com/containerd/containerd/pull/7621)) * Bump go version to 1.19.3 ([#7620](https://github.com/containerd/containerd/pull/7620)) * ctr export strictly matching ([#7615](https://github.com/containerd/containerd/pull/7615)) * Fix ctr crash when pulling with --http-dump and --http-trace simultaneously ([#7617](https://github.com/containerd/containerd/pull/7617)) * Harden GITHUB_TOKEN permissions for OSSF Scorecard ([#7599](https://github.com/containerd/containerd/pull/7599)) * overlayutils: Add fastpath for userxattr check ([#7611](https://github.com/containerd/containerd/pull/7611)) * Add sequence diagram for shim runtime v2 ([#7606](https://github.com/containerd/containerd/pull/7606)) * Sandbox API: Move remote impls to /sandbox/proxy ([#7600](https://github.com/containerd/containerd/pull/7600)) * fuzzing: improve archive fuzzer ([#7588](https://github.com/containerd/containerd/pull/7588)) * Retry client connection in waitForStart ([#7537](https://github.com/containerd/containerd/pull/7537)) * Add Workflow for running critest with Hyper-V Containers on Windows. ([#7025](https://github.com/containerd/containerd/pull/7025)) * Add release notes for v1.7.0-beta.0 ([#7575](https://github.com/containerd/containerd/pull/7575)) * Cleanup sandbox interfaces ([#7576](https://github.com/containerd/containerd/pull/7576)) * Update GitHub actions release workflow set output ([#7581](https://github.com/containerd/containerd/pull/7581)) * Fix LogURI generation-related tests on Windows. ([#7569](https://github.com/containerd/containerd/pull/7569)) * maintenance: Remove WithWindowsNetworkNamespace from pkg/cri ([#7577](https://github.com/containerd/containerd/pull/7577)) * CRI: implement Controller.Delete for SandboxAPI ([#7457](https://github.com/containerd/containerd/pull/7457)) * Configure CDI registry only on start ([#7419](https://github.com/containerd/containerd/pull/7419)) * update codeql-action to v2 ([#7568](https://github.com/containerd/containerd/pull/7568)) * Add logging related metrics to Containerd CRI plugin ([#7546](https://github.com/containerd/containerd/pull/7546)) * sys: optimize and refactor MkdirAllWithACL() ([#7531](https://github.com/containerd/containerd/pull/7531)) * fix install cni script ([#7484](https://github.com/containerd/containerd/pull/7484)) * Update 1.5 release support timeframe ([#7560](https://github.com/containerd/containerd/pull/7560)) * bump go-fuzz-headers ([#7503](https://github.com/containerd/containerd/pull/7503)) * Add long term stable release branches ([#7454](https://github.com/containerd/containerd/pull/7454)) * fix pusher concurrent close channel ([#7473](https://github.com/containerd/containerd/pull/7473)) * Make tests on GitHub less noisy ([#7530](https://github.com/containerd/containerd/pull/7530)) * containerd should not print error log that failed to init a tracing processor while the tracing plugin is not loaded ([#7541](https://github.com/containerd/containerd/pull/7541)) * Update required Go version in BUILDING.md ([#7544](https://github.com/containerd/containerd/pull/7544)) * go.mod: matttproud/golang_protobuf_extensions v1.0.2 (use tag) ([#7522](https://github.com/containerd/containerd/pull/7522)) * Use `go env` to determine GOPATH in Makefile. ([#7542](https://github.com/containerd/containerd/pull/7542)) * clean-up "nolint" comments, remove unused ones, update golangci-lint ([#7349](https://github.com/containerd/containerd/pull/7349)) * Don't unmount on Darwin when deleting bundle ([#7534](https://github.com/containerd/containerd/pull/7534)) * Add timeouts to all CI jobs ([#7538](https://github.com/containerd/containerd/pull/7538)) * Vagrantfile: explicitly specify rsync as the shared folder driver ([#7539](https://github.com/containerd/containerd/pull/7539)) * sys: remove unused IsAbs() (windows) ([#7527](https://github.com/containerd/containerd/pull/7527)) * cri: PodSandboxStatus should tolerate missing task ([#7535](https://github.com/containerd/containerd/pull/7535)) * CI: update GHA instances from Ubuntu 18.04 to 20.04 ([#7489](https://github.com/containerd/containerd/pull/7489)) * fix the --no-pivot flag being ignored by `ctr tasks start` ([#7519](https://github.com/containerd/containerd/pull/7519)) * Update the default seccomp to block socket calls to AF_VSOCK ([#7510](https://github.com/containerd/containerd/pull/7510)) * cmd/containerd: use golang.org/x/sys/windows.SetStdHandle() ([#7511](https://github.com/containerd/containerd/pull/7511)) * Stats() shouldn't assume s.container is non-nil ([#7517](https://github.com/containerd/containerd/pull/7517)) * Move up actions versions to prep for NodeJS 12 deprecation ([#7516](https://github.com/containerd/containerd/pull/7516)) * cmd/containerd: use golang.org/x/sys Service.SetRecoveryActions() ([#7512](https://github.com/containerd/containerd/pull/7512)) * Updates oci image config to support upstream ArgsEscaped ([#7483](https://github.com/containerd/containerd/pull/7483)) * cmd/containerd: replace deprecated windows.IsAnInteractiveSession() ([#7497](https://github.com/containerd/containerd/pull/7497)) * Update container with sandbox metadata after NetNS is created ([#7481](https://github.com/containerd/containerd/pull/7481)) * archive: add WithSourceDateEpoch() for whiteouts ([#7478](https://github.com/containerd/containerd/pull/7478)) * TestTaskResize must use a terminal ([#7492](https://github.com/containerd/containerd/pull/7492)) * diff/apply.readCounter: check negative size ([#7494](https://github.com/containerd/containerd/pull/7494)) * Add new ctr option for discarding unpacked layers ([#7425](https://github.com/containerd/containerd/pull/7425)) * archive: windows: chtimes(): remove redundant conversion ([#7491](https://github.com/containerd/containerd/pull/7491)) * archive: validate digests before use ([#7488](https://github.com/containerd/containerd/pull/7488)) * vendor: github.com/opencontainers/selinux v1.10.2 ([#7482](https://github.com/containerd/containerd/pull/7482)) * fuzzing: create structured tar bytes in archive fuzzer ([#7477](https://github.com/containerd/containerd/pull/7477)) * Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 ([#7474](https://github.com/containerd/containerd/pull/7474)) * use raw link to containerd.service config ([#7463](https://github.com/containerd/containerd/pull/7463)) * cri doc: Update kata containers reference ([#7466](https://github.com/containerd/containerd/pull/7466)) * Setup pod network after creating the sandbox container ([#5904](https://github.com/containerd/containerd/pull/5904)) * Swap to net.ErrClosed checks for services ([#7446](https://github.com/containerd/containerd/pull/7446)) * go.mod: Bump go-winio to v0.6.0 ([#7443](https://github.com/containerd/containerd/pull/7443)) * fix retry when writer is reset on push ([#6995](https://github.com/containerd/containerd/pull/6995)) * CI: Output a summary using GITHUB_SUMMARY ([#7192](https://github.com/containerd/containerd/pull/7192)) * Fix missing close ([#7430](https://github.com/containerd/containerd/pull/7430)) * Add test flag for skipping shim cgroup test ([#7424](https://github.com/containerd/containerd/pull/7424)) * Refactor CRI fuzzers ([#7405](https://github.com/containerd/containerd/pull/7405)) * Fix LogURIGenerator on Windows ([#7351](https://github.com/containerd/containerd/pull/7351)) * Set grpc code for unimplemented cri-api methods ([#7417](https://github.com/containerd/containerd/pull/7417)) * Add reader option to local content reader at ([#7414](https://github.com/containerd/containerd/pull/7414)) * Sandbox API: implement Controller.Wait and Controller.Stop ([#7401](https://github.com/containerd/containerd/pull/7401)) * remove stray .zuul.yaml ([#7416](https://github.com/containerd/containerd/pull/7416)) * reference CDI configuration details ([#7408](https://github.com/containerd/containerd/pull/7408)) * cri-integration: propagate ENABLE_CRI_SANDBOXES ([#7413](https://github.com/containerd/containerd/pull/7413)) * Enable OpenSSF Scorecard Github Action ([#7404](https://github.com/containerd/containerd/pull/7404)) * Add ext2 fs support to devmapper snapshotter ([#7402](https://github.com/containerd/containerd/pull/7402)) * Fuzzing: Instrument with new sanitizers ([#7396](https://github.com/containerd/containerd/pull/7396)) * Upgrade fuzzing-related packages to reduce dependencies ([#7397](https://github.com/containerd/containerd/pull/7397)) * remotes/docker/config: Skipping TLS verification for localhost ([#7393](https://github.com/containerd/containerd/pull/7393)) * Replace github.com/emicklei/go-restful package, versions <2.16.0 ([#7395](https://github.com/containerd/containerd/pull/7395)) * Add NoSameOwner option when unpacking tars ([#7386](https://github.com/containerd/containerd/pull/7386)) * ctr: add privileged-without-host-devices for run command ([#7328](https://github.com/containerd/containerd/pull/7328)) * chore: matching the casing of other flags for ctr's pull command ([#7341](https://github.com/containerd/containerd/pull/7341)) * windows: Add runhcs-wcow-hypervisor runtimeclass to the default config ([#6901](https://github.com/containerd/containerd/pull/6901)) * Fix missing close ([#7370](https://github.com/containerd/containerd/pull/7370)) * CRI: update cdi version to v0.5.1 ([#7374](https://github.com/containerd/containerd/pull/7374)) * Update to go 1.19.1, 1.18.6 to address CVE-2022-27664, CVE-2022-32190 ([#7372](https://github.com/containerd/containerd/pull/7372)) * vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c ([#7373](https://github.com/containerd/containerd/pull/7373)) * Remove unused variable from images action ([#7371](https://github.com/containerd/containerd/pull/7371)) * feature: use client default namespace ([#7291](https://github.com/containerd/containerd/pull/7291)) * integration: TestUpdateContainerResources_MemoryLimit: remove TODO comment ([#7367](https://github.com/containerd/containerd/pull/7367)) * feature: upgrade registry.k8s.io/pause version ([#7359](https://github.com/containerd/containerd/pull/7359)) * metrics/cgroups/v1: Remove unused event parameter ([#7361](https://github.com/containerd/containerd/pull/7361)) * .zuul: remove the zuul because it is offline ([#7369](https://github.com/containerd/containerd/pull/7369)) * Update golangci-lint timeout to match config ([#7356](https://github.com/containerd/containerd/pull/7356)) * delete redundent import alias and and type conversion ([#7345](https://github.com/containerd/containerd/pull/7345)) * Make checkContainerTimestamps less strict on Windows ([#7350](https://github.com/containerd/containerd/pull/7350)) * Make oss-fuzz mandatory ([#7346](https://github.com/containerd/containerd/pull/7346)) * Add kubernetes v1.25 supported version as v1.24 ([#7326](https://github.com/containerd/containerd/pull/7326)) * sys: move ForceRemoveAll to integration/client ([#7335](https://github.com/containerd/containerd/pull/7335)) * chore: remove duplicate word in comments ([#7338](https://github.com/containerd/containerd/pull/7338)) * Use ioctl helpers from x/sys/unix ([#7342](https://github.com/containerd/containerd/pull/7342)) * archive: replace tarName() with filepath.ToSlash() ([#7344](https://github.com/containerd/containerd/pull/7344)) * mount: remove unused ErrNotImplementOnWindows ([#7339](https://github.com/containerd/containerd/pull/7339)) * replace sys Sequential funcs with moby/sys/sequential ([#7334](https://github.com/containerd/containerd/pull/7334)) * Clarify containerd 1.5.0+ for k8s 1.20,1.21 ([#7324](https://github.com/containerd/containerd/pull/7324)) * update runc binary to v1.1.4 ([#7315](https://github.com/containerd/containerd/pull/7315)) * Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9 ([#7325](https://github.com/containerd/containerd/pull/7325)) * Update k8s.io/cri-api to v0.25.0 ([#7287](https://github.com/containerd/containerd/pull/7287)) * script/setup: handle cnidir with SUDO ([#7322](https://github.com/containerd/containerd/pull/7322)) * ContainerStatus to return container resources ([#6517](https://github.com/containerd/containerd/pull/6517)) * migrate from k8s.gcr.io to registry.k8s.io ([#7038](https://github.com/containerd/containerd/pull/7038)) * Do not rename test files on-the-fly to share functions ([#7309](https://github.com/containerd/containerd/pull/7309)) * ctr import: strictly match platform ([#6906](https://github.com/containerd/containerd/pull/6906)) * Revert "Downgrade MinGW to version 10.2.0" ([#7308](https://github.com/containerd/containerd/pull/7308)) * Follow up #7254 (Switch to Go 1.19) ([#7286](https://github.com/containerd/containerd/pull/7286)) * Upgrade containerd/cgroups to remove github.com/cilium/ebpf's fuzzer ([#7304](https://github.com/containerd/containerd/pull/7304)) * Adding support of CAP_BPF and CAP_PERFMON ([#7301](https://github.com/containerd/containerd/pull/7301)) * go.mod: Bump hcsshim to v0.10.0-rc.1 ([#7284](https://github.com/containerd/containerd/pull/7284)) * Don't fail test when GOOGLE_APPLICATION_CREDENTIALS is unset ([#7306](https://github.com/containerd/containerd/pull/7306)) * ci: remove GOPROXY environment variable due to https://github.com/go-yaml/yaml/issues/887 ([#7293](https://github.com/containerd/containerd/pull/7293)) * Runtime cleanup (Shim manager and task service) ([#7280](https://github.com/containerd/containerd/pull/7280)) * containerd-stress: add support for running through CRI ([#6931](https://github.com/containerd/containerd/pull/6931)) * Switch to Go 1.19 ([#7254](https://github.com/containerd/containerd/pull/7254)) * Vagrantfile: dump containerd log after critest ([#7265](https://github.com/containerd/containerd/pull/7265)) * oci: skip checking group id for WithAppendAdditionalGroups ([#7257](https://github.com/containerd/containerd/pull/7257)) * release workflow: increase timeout to 30 minutes & remove Go setup action ([#7259](https://github.com/containerd/containerd/pull/7259)) * release: rollback Ubuntu to 18.04 (except for riscv64) ([#7258](https://github.com/containerd/containerd/pull/7258)) * Initial sandbox API CRI integration (implement Controller.Start) ([#7228](https://github.com/containerd/containerd/pull/7228)) * Use environment variable to specify Go version on CI ([#7251](https://github.com/containerd/containerd/pull/7251)) * Update golang to 1.18.5, 1.17.13 ([#7243](https://github.com/containerd/containerd/pull/7243)) * Change os.Stderr reassign for Windows service ([#7023](https://github.com/containerd/containerd/pull/7023)) * script/setup: fix protobuf for aarch64 ([#7237](https://github.com/containerd/containerd/pull/7237)) * Fix cleanup in critest ([#7232](https://github.com/containerd/containerd/pull/7232)) * fix: support simultaneous create diff for same parent snapshot ([#7204](https://github.com/containerd/containerd/pull/7204)) * Windows HostProcess container CRI stats test ([#7223](https://github.com/containerd/containerd/pull/7223)) * Regenerate protos with updated protoc-gen-go ([#7226](https://github.com/containerd/containerd/pull/7226)) * test: error strings should not be capitalized ([#7195](https://github.com/containerd/containerd/pull/7195)) * Add extra context to error when push unauthorized ([#7220](https://github.com/containerd/containerd/pull/7220)) * replace with selinux label ([#7207](https://github.com/containerd/containerd/pull/7207)) * Use `httputil.DumpRequestOut` for dumping client req ([#7221](https://github.com/containerd/containerd/pull/7221)) * Fix CRI image pull timeout test for ppc64le ([#7215](https://github.com/containerd/containerd/pull/7215)) * test: introduce failpoint control to runc-shimv2 and cni ([#7069](https://github.com/containerd/containerd/pull/7069)) * chore: bump macos runner version ([#7206](https://github.com/containerd/containerd/pull/7206)) * Use image lists form integration/client tests ([#7210](https://github.com/containerd/containerd/pull/7210)) * go.mod: Bump hcsshim to v0.9.4 ([#7212](https://github.com/containerd/containerd/pull/7212)) * Drop deprecated `ioutil` ([#7203](https://github.com/containerd/containerd/pull/7203)) * Make getServicesOpts a helper ([#7201](https://github.com/containerd/containerd/pull/7201)) * adds an env var commented out for sandboxed mode ([#7183](https://github.com/containerd/containerd/pull/7183)) * cri_stats: handle missing cpu stats ([#7198](https://github.com/containerd/containerd/pull/7198)) * using ContextDialer instead ([#7189](https://github.com/containerd/containerd/pull/7189)) * test: Add ability to switch between cgroupv1 or cgroupv2 for node e2e ([#7173](https://github.com/containerd/containerd/pull/7173)) * code cleanup ([#7182](https://github.com/containerd/containerd/pull/7182)) * Update k8s.io/cri-api to v0.25.0-alpha2 ([#7114](https://github.com/containerd/containerd/pull/7114)) * Refactor usageNanoCores be to used for all OSes ([#7186](https://github.com/containerd/containerd/pull/7186)) * adds support for using env file for systemd boot ([#7191](https://github.com/containerd/containerd/pull/7191)) * go.mod: github.com/stretchr/testify v1.8.0 ([#7185](https://github.com/containerd/containerd/pull/7185)) * ctr: support --user for run/create ([#7145](https://github.com/containerd/containerd/pull/7145)) * docs: Fix sample config.toml syntax ([#7174](https://github.com/containerd/containerd/pull/7174)) * seccomp: seccomp: add syscalls related to PKU in default policy ([#7163](https://github.com/containerd/containerd/pull/7163)) * Update and align golangci-lint version ([#7168](https://github.com/containerd/containerd/pull/7168)) * adds a comment explaining how to disable experimental sbserver ([#7169](https://github.com/containerd/containerd/pull/7169)) * ci: workaround Cirrus CI's INVALID_ARGUMENT ([#7177](https://github.com/containerd/containerd/pull/7177)) * Update install-protobuf script to install protobuf on Darwin ([#7153](https://github.com/containerd/containerd/pull/7153)) * Fork CRI server for Sandbox API integration work ([#7164](https://github.com/containerd/containerd/pull/7164)) * seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE ([#7167](https://github.com/containerd/containerd/pull/7167)) * cri doc: fix formatting for CDI options ([#7158](https://github.com/containerd/containerd/pull/7158)) * update golang to 1.18.4, 1.17.12 ([#7159](https://github.com/containerd/containerd/pull/7159)) * Fix out of date comments for CRI store packages ([#7152](https://github.com/containerd/containerd/pull/7152)) * update some devmapper docs ([#7124](https://github.com/containerd/containerd/pull/7124)) * seccomp: allow clock_settime64 when CAP_SYS_TIME is added ([#7149](https://github.com/containerd/containerd/pull/7149)) * Copy fuzzers from github.com/cncf/cncf-fuzzing ([#7123](https://github.com/containerd/containerd/pull/7123)) * fix can't edit object by using ctr content edit command ([#6847](https://github.com/containerd/containerd/pull/6847)) * integration/client: fix typo in export_test.go ([#7130](https://github.com/containerd/containerd/pull/7130)) * Fix WWW-Authenticate parsing ([#7126](https://github.com/containerd/containerd/pull/7126)) * LCOW differ return ErrNotImplemented for wrong mount type ([#7112](https://github.com/containerd/containerd/pull/7112)) * Update go-restful/v3 to latest release ([#7117](https://github.com/containerd/containerd/pull/7117)) * pkg/cri: use marshal wrapper for version convertor ([#7108](https://github.com/containerd/containerd/pull/7108)) * Remove hacks around contrib/fuzz ([#7087](https://github.com/containerd/containerd/pull/7087)) * Fix missing closed HTTP Body ([#7107](https://github.com/containerd/containerd/pull/7107)) * Cleanup metadata tests ([#7105](https://github.com/containerd/containerd/pull/7105)) * Downgrade MinGW to version 10.2.0 ([#7106](https://github.com/containerd/containerd/pull/7106)) * ctr: Fix `ctr c create` fails to parse arguments ([#7098](https://github.com/containerd/containerd/pull/7098)) * Fix Documentation Issue ([#7103](https://github.com/containerd/containerd/pull/7103)) * refactor: reduce duplicate code ([#7100](https://github.com/containerd/containerd/pull/7100)) * make xattr EPERM non-fatal in createTarFile ([#7094](https://github.com/containerd/containerd/pull/7094)) * Move metadata plugin registration to seperate package ([#7096](https://github.com/containerd/containerd/pull/7096)) * fix: missing sudo for devmapper doc ([#7092](https://github.com/containerd/containerd/pull/7092)) * Ensure Windows Periodic workflow errors out while still uploading results. ([#7085](https://github.com/containerd/containerd/pull/7085)) * Add snapshotter key to snapshot events ([#7084](https://github.com/containerd/containerd/pull/7084)) * add WithAdditionalGIDs test ([#7072](https://github.com/containerd/containerd/pull/7072)) * Forward ctr snapshotter flags on Windows ([#7086](https://github.com/containerd/containerd/pull/7086)) * add WithAppendAdditionalGroups helper ([#7070](https://github.com/containerd/containerd/pull/7070)) * Make CI Fuzz less noisy ([#7065](https://github.com/containerd/containerd/pull/7065)) * ctr: add --hostname flag to create, run ([#7082](https://github.com/containerd/containerd/pull/7082)) * improve content-flow ([#7077](https://github.com/containerd/containerd/pull/7077)) * Make CI Fuzz optional ([#7067](https://github.com/containerd/containerd/pull/7067)) * Use Go 1.18's testing.F on simple fuzzers ([#7056](https://github.com/containerd/containerd/pull/7056)) * Downgrade MinGW in Windows setup scripts. ([#7062](https://github.com/containerd/containerd/pull/7062)) * Make test path a constant ([#7057](https://github.com/containerd/containerd/pull/7057)) * Run fuzzers in CI ([#7052](https://github.com/containerd/containerd/pull/7052)) * CRI: Improve the /dev/shm mount options in Sandbox. ([#6913](https://github.com/containerd/containerd/pull/6913)) * fix:userattr-unmount unexpected timeout ([#7008](https://github.com/containerd/containerd/pull/7008)) * Port (some) unit tests to FreeBSD ([#7042](https://github.com/containerd/containerd/pull/7042)) * Bump Golang and MinGW versions in Windows setup script. ([#6888](https://github.com/containerd/containerd/pull/6888)) * Windows snapshotter touch ups and new functionality ([#6918](https://github.com/containerd/containerd/pull/6918)) * Improve naming consistencies in comments in snapshotter.go ([#7032](https://github.com/containerd/containerd/pull/7032)) * Make building static binaries simpler ([#7022](https://github.com/containerd/containerd/pull/7022)) * Allow CRI on Darwin ([#7033](https://github.com/containerd/containerd/pull/7033)) * update runc binary to v1.1.3 ([#7034](https://github.com/containerd/containerd/pull/7034)) * Linux containers on FreeBSD ([#7000](https://github.com/containerd/containerd/pull/7000)) * go.mod: github.com/moby/sys/mountinfo v0.6.2 ([#7026](https://github.com/containerd/containerd/pull/7026)) * fix minor spelling mistake: lablel -> label ([#7031](https://github.com/containerd/containerd/pull/7031)) * go.mod: github.com/containerd/cgroups v1.0.4 ([#7027](https://github.com/containerd/containerd/pull/7027)) * go.mod: github.com/containerd/continuity v0.3.0 ([#7028](https://github.com/containerd/containerd/pull/7028)) * Correct spelling mistake ("sanbdox" to "sandbox") ([#7029](https://github.com/containerd/containerd/pull/7029)) * Github Security Advisory [GHSA-5ffw-gxpp-mxpf](https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf) * Bump grpc to v1.47.0 ([#7018](https://github.com/containerd/containerd/pull/7018)) * Bump k8s.io deps to v0.24.1 ([#7017](https://github.com/containerd/containerd/pull/7017)) * Support runtime level snapshotter for issue 6657 ([#6899](https://github.com/containerd/containerd/pull/6899)) * update golang to 1.18.3, 1.17.11 ([#7012](https://github.com/containerd/containerd/pull/7012)) * Fix containerd-stress duration flag ([#7004](https://github.com/containerd/containerd/pull/7004)) * update go-cni/for cni update fixing plugins that don't respond with version ([#7009](https://github.com/containerd/containerd/pull/7009)) * Add validations for Windows HostProcess CRI configs ([#6996](https://github.com/containerd/containerd/pull/6996)) * Move docker reference logic to reference/docker package ([#7007](https://github.com/containerd/containerd/pull/7007)) * promote pause image to 3.7 (sync with kube v1.24) ([#7003](https://github.com/containerd/containerd/pull/7003)) * Makefile: use urfave_cli_no_docs for binaries that don't need it ([#6998](https://github.com/containerd/containerd/pull/6998)) * CRI: cleanup cri/store package ([#6993](https://github.com/containerd/containerd/pull/6993)) * Use t.Run for /pkg/cri tests ([#7001](https://github.com/containerd/containerd/pull/7001)) * vendor: github.com/urfave/cli v1.22.9 and fix "verify-vendor" script ([#6997](https://github.com/containerd/containerd/pull/6997)) * sandbox: replace github.com/pkg/errors with native errors ([#6937](https://github.com/containerd/containerd/pull/6937)) * build: Fix references to check-protos target in Makefile ([#6983](https://github.com/containerd/containerd/pull/6983)) * ctr: fix label args used in NewContainer ([#6954](https://github.com/containerd/containerd/pull/6954)) * ctr sandbox: handle sandbox config ([#6959](https://github.com/containerd/containerd/pull/6959)) * Fix broken oss-fuzz build ([#6975](https://github.com/containerd/containerd/pull/6975)) * archive: add human-readable hint to Lchown error ([#6982](https://github.com/containerd/containerd/pull/6982)) * Fix tx closed error when upperdirlabel specified ([#6978](https://github.com/containerd/containerd/pull/6978)) * config: improve config v1 deprecation message ([#6972](https://github.com/containerd/containerd/pull/6972)) * Fix Windows install powershell script ([#6969](https://github.com/containerd/containerd/pull/6969)) * fix comments on metadata schema and update namespace doc ([#6955](https://github.com/containerd/containerd/pull/6955)) * adjust format in comment ([#6956](https://github.com/containerd/containerd/pull/6956)) * Restore decompression benchmarks ([#6957](https://github.com/containerd/containerd/pull/6957)) * cmd/ctr/commands/content: fix typo in fetch command usage ([#6960](https://github.com/containerd/containerd/pull/6960)) * fix some confusing typos ([#6950](https://github.com/containerd/containerd/pull/6950)) * update doc url about k8s ([#6952](https://github.com/containerd/containerd/pull/6952)) * Separate windows-2019 and windows-2022 test results ([#6946](https://github.com/containerd/containerd/pull/6946)) * shim: fix debug flag not working ([#6910](https://github.com/containerd/containerd/pull/6910)) * Reverts removal of parallel run from critest ([#6938](https://github.com/containerd/containerd/pull/6938)) * Bump OpenTelemetry dependencies ([#6932](https://github.com/containerd/containerd/pull/6932)) * update runc binary and vendor to v1.1.2 ([#6934](https://github.com/containerd/containerd/pull/6934)) * oci: WithDefaultUnixDevices(): remove tun/tap from the default devices ([#6923](https://github.com/containerd/containerd/pull/6923)) * update golang to 1.18.2, 1.17.10 ([#6926](https://github.com/containerd/containerd/pull/6926)) * CI: update Fedora to 36 ([#6925](https://github.com/containerd/containerd/pull/6925)) * Add `Wait` to `binaryProcessor` ([#6916](https://github.com/containerd/containerd/pull/6916)) * go.mod: Bump k8s deps to v0.24.0 ([#6905](https://github.com/containerd/containerd/pull/6905)) * (Vagrant CI) Enable git commands due to git CVE fix ([#6915](https://github.com/containerd/containerd/pull/6915)) * Pass explicit JUnit outfile to critest.exe in Windows workflow. ([#6912](https://github.com/containerd/containerd/pull/6912)) * Update critools to v1.24 ([#6894](https://github.com/containerd/containerd/pull/6894)) * devmapper docs: small fixes ([#6904](https://github.com/containerd/containerd/pull/6904)) * move report dir option to end of line for vagrant cri tests ([#6900](https://github.com/containerd/containerd/pull/6900)) * Update Kubernetes version matrix in release docs ([#6892](https://github.com/containerd/containerd/pull/6892)) * Share container images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy ([#6889](https://github.com/containerd/containerd/pull/6889)) * containerd 1.6.4 k8s 1.24 readme announce ([#6890](https://github.com/containerd/containerd/pull/6890)) * Cleanup leaked shim process ([#6866](https://github.com/containerd/containerd/pull/6866)) * Add collectible resources to metadata gc ([#6804](https://github.com/containerd/containerd/pull/6804)) * Update k8 docurl in file ([#6881](https://github.com/containerd/containerd/pull/6881)) * Support RISC-V 64 ([#6882](https://github.com/containerd/containerd/pull/6882)) * docs: minor fixes in snapshots.Snapshotter comments ([#6885](https://github.com/containerd/containerd/pull/6885)) * Officially deprecate Schema 1 ([#6884](https://github.com/containerd/containerd/pull/6884)) * Make Cirrus CI tests more stable ([#6880](https://github.com/containerd/containerd/pull/6880)) * docs: Adding windows installation steps to getting-started.md ([#6875](https://github.com/containerd/containerd/pull/6875)) * Add ctr support for CPUMax and CPUShares ([#6809](https://github.com/containerd/containerd/pull/6809)) * Support for cgroups blockio ([#5490](https://github.com/containerd/containerd/pull/5490)) * Fix comment for metadata/db.go ([#6871](https://github.com/containerd/containerd/pull/6871)) * Remove github.com/gogo/protobuf and github.com/golang/protobuf from containerd's direct dependencies ([#6867](https://github.com/containerd/containerd/pull/6867)) * Update go-cni to v1.1.5 ([#6868](https://github.com/containerd/containerd/pull/6868)) * Bump opencontainers/selinux from 1.10.0 to 1.10.1 ([#6865](https://github.com/containerd/containerd/pull/6865)) * Upgrade google.golang.org/grpc and google.golang.org/protobuf ([#6864](https://github.com/containerd/containerd/pull/6864)) * Don't use "uname -a" as Cirrus CI's cache key ([#6863](https://github.com/containerd/containerd/pull/6863)) * remove duplicate ([#6856](https://github.com/containerd/containerd/pull/6856)) * Create ppc64le release ([#6858](https://github.com/containerd/containerd/pull/6858)) * Move Vagrant-based tests from GitHub Actions to Cirrus CI ([#6854](https://github.com/containerd/containerd/pull/6854)) * feature: support image pull progress timeout ([#6150](https://github.com/containerd/containerd/pull/6150)) * Add unpack interface to be used by client ([#6749](https://github.com/containerd/containerd/pull/6749)) * Fix undefined error in use of errors package ([#6855](https://github.com/containerd/containerd/pull/6855)) * Migrate off from github.com/gogo/protobuf ([#6841](https://github.com/containerd/containerd/pull/6841)) * images/image.go: typo ([#6851](https://github.com/containerd/containerd/pull/6851)) * Add flag to allow oci.WithAllDevicesAllowed on PrivilegedWithoutHostDevices ([#5686](https://github.com/containerd/containerd/pull/5686)) * integration: Adds Windows equivalent for TestSandboxRemoveWithoutIPLeakage ([#6180](https://github.com/containerd/containerd/pull/6180)) * fix incorrect syntax in comments ([#6845](https://github.com/containerd/containerd/pull/6845)) * cri: close fifos when container is deleted ([#6842](https://github.com/containerd/containerd/pull/6842)) * diff: hide types.Any from clients ([#6832](https://github.com/containerd/containerd/pull/6832)) * Add Container-Optimized OS into Adopters ([#6838](https://github.com/containerd/containerd/pull/6838)) * Prepare for google.golang.org/protobuf ([#6835](https://github.com/containerd/containerd/pull/6835)) * fix the restart desired to running when task not found ([#6833](https://github.com/containerd/containerd/pull/6833)) * Remove all gogoproto extensions ([#6829](https://github.com/containerd/containerd/pull/6829)) * fix nil pointer panic for monitor ([#6830](https://github.com/containerd/containerd/pull/6830)) * remotes/docker: log registry URLs as info instead of debug ([#5681](https://github.com/containerd/containerd/pull/5681)) * Rename runtime/v2/task to api/runtime ([#6827](https://github.com/containerd/containerd/pull/6827)) * Fix protoc-gen-go-fieldpath ([#6828](https://github.com/containerd/containerd/pull/6828)) * Consolidate gogo/protobuf dependencies under our own protobuf package ([#6826](https://github.com/containerd/containerd/pull/6826)) * Add restart policy for enhanced restart manager ([#6744](https://github.com/containerd/containerd/pull/6744)) * Remove gogoproto.stdtime ([#6821](https://github.com/containerd/containerd/pull/6821)) * Set timeout when collecting metrics from shim's Stat ([#6781](https://github.com/containerd/containerd/pull/6781)) * Fuzz filter package with Go 1.18's fuzzer ([#6819](https://github.com/containerd/containerd/pull/6819)) * allow ptrace(2) by default for kernel >= 4.8 ([#6810](https://github.com/containerd/containerd/pull/6810)) * Build bin/gen-manpages instead of using "go run" ([#6820](https://github.com/containerd/containerd/pull/6820)) * update golang to 1.18.1, 1.17.9 ([#6822](https://github.com/containerd/containerd/pull/6822)) * Sandbox API ([#6703](https://github.com/containerd/containerd/pull/6703)) * Move lease manager plugin to separate package ([#6811](https://github.com/containerd/containerd/pull/6811)) * fix pool_device_test ([#6807](https://github.com/containerd/containerd/pull/6807)) * check for duplicate nspath possibilities ([#6806](https://github.com/containerd/containerd/pull/6806)) * Do not append []string{""} to command to preserve Docker compatibility ([#6805](https://github.com/containerd/containerd/pull/6805)) * tracing: fix panic on startup when configured ([#6789](https://github.com/containerd/containerd/pull/6789)) * Optimize loading performance for cri recover ([#6680](https://github.com/containerd/containerd/pull/6680)) * Change architecture path in README.md ([#6798](https://github.com/containerd/containerd/pull/6798)) * make consistent for checkpoint path ([#6792](https://github.com/containerd/containerd/pull/6792)) * metrics/cgroups: fix deadlock issue in Add during Collect ([#6788](https://github.com/containerd/containerd/pull/6788)) * ADOPTERS: Update AKS Info ([#6794](https://github.com/containerd/containerd/pull/6794)) * Pin upload-cloud-storage action to 0.8.0 in Windows workflow. ([#6790](https://github.com/containerd/containerd/pull/6790)) * docs: add Deckhouse to the list of adopters ([#6785](https://github.com/containerd/containerd/pull/6785)) * Add `docs/snapshotters`; simplify `docs/cri` ([#6778](https://github.com/containerd/containerd/pull/6778)) * Turn paths from cmdline into absolute paths ([#6672](https://github.com/containerd/containerd/pull/6672)) * CRI: add support for CDI device injection ([#6654](https://github.com/containerd/containerd/pull/6654)) * Disable writing freelist to make the file robust against data corruptions ([#6761](https://github.com/containerd/containerd/pull/6761)) * mv design docs/historical/design ([#6777](https://github.com/containerd/containerd/pull/6777)) * CRI: improve image pulling performance ([#6702](https://github.com/containerd/containerd/pull/6702)) * docs: remove runtime v1; migrate config v1 to v2 ([#6776](https://github.com/containerd/containerd/pull/6776)) * Skip flaky test on Windows ([#6779](https://github.com/containerd/containerd/pull/6779)) * docs/getting-started.md: typo ([#6775](https://github.com/containerd/containerd/pull/6775)) * Add no_tracing tag ([#6750](https://github.com/containerd/containerd/pull/6750)) * Move historical docs to `docs/historical` ([#6754](https://github.com/containerd/containerd/pull/6754)) * Run go mod tidy in integration tests ([#6768](https://github.com/containerd/containerd/pull/6768)) * go.mod: move indirects, and update integration go.mod to 1.18 ([#6765](https://github.com/containerd/containerd/pull/6765)) * Drop gotest.tools ([#6762](https://github.com/containerd/containerd/pull/6762)) * Use t.Setenv instead of os.Setenv ([#6760](https://github.com/containerd/containerd/pull/6760)) * Upgrade to Go 1.18 ([#6709](https://github.com/containerd/containerd/pull/6709)) * Adding multi-arch support for the configure.sh script ([#6751](https://github.com/containerd/containerd/pull/6751)) * docs/getting-started.md: massive update ([#6758](https://github.com/containerd/containerd/pull/6758)) * Remove unmaintained contrib/linuxkit ([#6755](https://github.com/containerd/containerd/pull/6755)) * [Windows CI] Address some timeout issues ([#6757](https://github.com/containerd/containerd/pull/6757)) * BUILDING.md: update supported Go versions ([#6756](https://github.com/containerd/containerd/pull/6756)) * update runc to 1.1.1 ([#6753](https://github.com/containerd/containerd/pull/6753)) * CI: add Rocky Linux 8 ([#6747](https://github.com/containerd/containerd/pull/6747)) * CI: bump up crun to 1.4.4 ([#6748](https://github.com/containerd/containerd/pull/6748)) * added make help for cri integration ([#6743](https://github.com/containerd/containerd/pull/6743)) * Update README.md cncf landscape url ([#6740](https://github.com/containerd/containerd/pull/6740)) * Fix error message in TestNewBinaryIO ([#6738](https://github.com/containerd/containerd/pull/6738)) * Use typeurl.Any instead of github.com/gogo/protobuf/types.Any ([#6706](https://github.com/containerd/containerd/pull/6706)) * Use cgroups.AddProc() for cgroups v1 ([#5738](https://github.com/containerd/containerd/pull/5738)) * fix: ctr images mount with snapshotter option can't get snapshotter ([#6713](https://github.com/containerd/containerd/pull/6713)) * cgroup2: monitor OOMKill instead of OOM to prevent missing container events ([#6323](https://github.com/containerd/containerd/pull/6323)) * moving up to go-cni v1.1.4 ([#6721](https://github.com/containerd/containerd/pull/6721)) * native: fix deadlock from leaving transactions open ([#6722](https://github.com/containerd/containerd/pull/6722)) * go.mod: remove replace, and update github.com/gogo/googleapis v1.4.1 ([#5390](https://github.com/containerd/containerd/pull/5390)) * Github Security Advisory [GHSA-c9cp-9c75-9v8c](https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c) * runtime: deprecate runc --criu / -criu-path option ([#6496](https://github.com/containerd/containerd/pull/6496)) * Bug fix for mount path handling ([#6651](https://github.com/containerd/containerd/pull/6651)) * Upgrade containerd/imgcrypt and opencontainers/image-spec ([#6711](https://github.com/containerd/containerd/pull/6711)) * Remove enumvalue_customname, goproto_enum_prefix and enum_customname ([#6708](https://github.com/containerd/containerd/pull/6708)) * Remove gogoproto.customtype ([#6699](https://github.com/containerd/containerd/pull/6699)) * Skip tty critest testcase on Windows Server 2022 ([#6698](https://github.com/containerd/containerd/pull/6698)) * Build with Go 1.18 ([#6605](https://github.com/containerd/containerd/pull/6605)) * Update prometheus client vendor ([#6690](https://github.com/containerd/containerd/pull/6690)) * vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd ([#6687](https://github.com/containerd/containerd/pull/6687)) * Make the temp mount as ready only in container WithVolumes ([#6593](https://github.com/containerd/containerd/pull/6593)) * fix: `ctr run --cni` get failed ([#6670](https://github.com/containerd/containerd/pull/6670)) * test: use `T.TempDir` to create temporary test directory ([#6681](https://github.com/containerd/containerd/pull/6681)) * Make OpenLab's CI jobs blocking ([#6679](https://github.com/containerd/containerd/pull/6679)) * document log level and format ([#6683](https://github.com/containerd/containerd/pull/6683)) * Add shared content label to namespaces ([#6660](https://github.com/containerd/containerd/pull/6660)) * Add protoc-gen-go-fieldpath ([#6562](https://github.com/containerd/containerd/pull/6562)) * Enable gosec linter for golangci-lint ([#6669](https://github.com/containerd/containerd/pull/6669)) * Make mkfs.xfs available on OpenLab's CI environment ([#6668](https://github.com/containerd/containerd/pull/6668)) * ctr: improve error relative shim path error msg ([#6519](https://github.com/containerd/containerd/pull/6519)) * typo fixes under cmd. ([#6674](https://github.com/containerd/containerd/pull/6674)) * Handle CRI Device.HostPath on Windows ([#6618](https://github.com/containerd/containerd/pull/6618)) * Upgrade golangci-lint and its GitHub Action ([#6666](https://github.com/containerd/containerd/pull/6666)) * Don't build a second copy of containerd-shim-runhcs-v1.exe ([#6661](https://github.com/containerd/containerd/pull/6661)) * Update TestNormalize to only test Windows platform ([#6569](https://github.com/containerd/containerd/pull/6569)) * Fix link in getting-started.md ([#6663](https://github.com/containerd/containerd/pull/6663)) * Fuzzing: refactor metadata fuzzers ([#6423](https://github.com/containerd/containerd/pull/6423)) * Two xfs file systems with same UUID can not be mounted on the same sy… ([#6650](https://github.com/containerd/containerd/pull/6650)) * [Windows] Fix deadline exceeded in daemon restart ([#6635](https://github.com/containerd/containerd/pull/6635)) * Use temp file for export/import test ([#6658](https://github.com/containerd/containerd/pull/6658)) * strip path-info from `-v` (version) output, and implement -v flag for containerd-shim ([#6495](https://github.com/containerd/containerd/pull/6495)) * Improve unexpected response error handling in resolver ([#6617](https://github.com/containerd/containerd/pull/6617)) * Use the latest tag for azure images ([#6601](https://github.com/containerd/containerd/pull/6601)) * Run CRI integration tests in GitHub Actions (Windows) ([#6626](https://github.com/containerd/containerd/pull/6626)) * cri: fix integration test on cgroupsv2 system ([#6595](https://github.com/containerd/containerd/pull/6595)) * Use version 2 configuration format in docs/PLUGINS.md ([#6613](https://github.com/containerd/containerd/pull/6613)) * update to go 1.16.15, 1.17.8 to address CVE-2022-24921 ([#6619](https://github.com/containerd/containerd/pull/6619)) * Update status of 1.4 release ([#6614](https://github.com/containerd/containerd/pull/6614)) * Update TestContainerSymlinkVolumes to use windows path ([#6568](https://github.com/containerd/containerd/pull/6568)) * Add --user support for ctr run Windows ([#6603](https://github.com/containerd/containerd/pull/6603)) * Update releases ([#6608](https://github.com/containerd/containerd/pull/6608)) * Github Security Advisory [GHSA-crp2-qrr5-8pq7](https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7) * Adds support for Windows ArgsEscaped images ([#6479](https://github.com/containerd/containerd/pull/6479)) * Do not use weak import ([#6558](https://github.com/containerd/containerd/pull/6558)) * cri: relax test for system without hugetlb ([#6596](https://github.com/containerd/containerd/pull/6596)) * Use containerd/protobuild instead of stevvooe/protobuild ([#6578](https://github.com/containerd/containerd/pull/6578)) * integration: remove duplicated util pkg ([#6597](https://github.com/containerd/containerd/pull/6597)) * go.mod: update to github.com/tchap/go-patricia/v2 v2.3.1 ([#6591](https://github.com/containerd/containerd/pull/6591)) * Update Go version recommendation in getting started ([#6585](https://github.com/containerd/containerd/pull/6585)) * go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3 ([#6337](https://github.com/containerd/containerd/pull/6337)) * fix Implicit memory aliasing in for loop ([#6331](https://github.com/containerd/containerd/pull/6331)) * Fix build with gccgo ([#6579](https://github.com/containerd/containerd/pull/6579)) * Replace golang.org/x/net/context with std library ([#6580](https://github.com/containerd/containerd/pull/6580)) * containerd-shim-runc-v1: return init pid when clean dead shim ([#6571](https://github.com/containerd/containerd/pull/6571)) * Use Windows matcher when on Windows platform in all code paths ([#6491](https://github.com/containerd/containerd/pull/6491)) * containerd-shim-runc-v2: return init pid when clean dead shim ([#6452](https://github.com/containerd/containerd/pull/6452)) * [Windows][Integration] Enable TestRestartMonitor ([#6515](https://github.com/containerd/containerd/pull/6515)) * go.mod: fsnotify v1.5.1, moby/sys/mountinfo v0.6.0, moby/sys/signal v0.7.0 ([#6554](https://github.com/containerd/containerd/pull/6554)) </p> </details> ### Changes from containerd/cgroups <details><summary>21 commits</summary> <p> * ParseCgroupFile: fix wrong comment about unified hierarchy ; add ParseCgroupFileUnified to get the unified path ([#232](https://github.com/containerd/cgroups/pull/232)) * Bump go version to 1.17 in go.mod ([#230](https://github.com/containerd/cgroups/pull/230)) * make cmd/ a separate module (as it's only for testing) ([#226](https://github.com/containerd/cgroups/pull/226)) * feat(v2): add Update method for v2.Manager ([#225](https://github.com/containerd/cgroups/pull/225)) * feat: add memory.min param ([#211](https://github.com/containerd/cgroups/pull/211)) * modified the dereference null pointer value. ([#218](https://github.com/containerd/cgroups/pull/218)) * update readme for cpu cgroup demo ([#217](https://github.com/containerd/cgroups/pull/217)) * Fix systemd full path ([#221](https://github.com/containerd/cgroups/pull/221)) * Update Go version and fedora base ([#223](https://github.com/containerd/cgroups/pull/223)) * Fix panic in NewSystemd on nil values ([#219](https://github.com/containerd/cgroups/pull/219)) </p> </details> ### Changes from containerd/continuity <details><summary>28 commits</summary> <p> * go.mod: update dependencies (take 2) ([#204](https://github.com/containerd/continuity/pull/204)) * Revert "go.mod: update dependencies" ([#205](https://github.com/containerd/continuity/pull/205)) * Various small fix-ups ([#202](https://github.com/containerd/continuity/pull/202)) * update authors and mailmap ([#201](https://github.com/containerd/continuity/pull/201)) * move cmd/continuity to its own go module ([#200](https://github.com/containerd/continuity/pull/200)) * CI: resolve Go path before sudoing ; Remove deprecated io/ioutil (except ioutil.ReadDir) ([#198](https://github.com/containerd/continuity/pull/198)) * fs.CopyDir: support sockets and pipes ([#197](https://github.com/containerd/continuity/pull/197)) * Fix wrapping errors ([#196](https://github.com/containerd/continuity/pull/196)) </p> </details> ### Changes from containerd/go-cni <details><summary>22 commits</summary> <p> * go.mod: update libcni to v1.1.1 ([#101](https://github.com/containerd/go-cni/pull/101)) * add in some serial setup tests; a little make cleanup ([#100](https://github.com/containerd/go-cni/pull/100)) * Re-introduce serial network setup ([#99](https://github.com/containerd/go-cni/pull/99)) * bump github.com/containernetworking/cni v1.1.0 ([#98](https://github.com/containerd/go-cni/pull/98)) * Revert "Update loopback version to support check" ([#96](https://github.com/containerd/go-cni/pull/96)) * Use revive instead of golint ([#92](https://github.com/containerd/go-cni/pull/92)) * Bump go verion to 1.17 ([#91](https://github.com/containerd/go-cni/pull/91)) * moving up to latest CNI plugin release ([#90](https://github.com/containerd/go-cni/pull/90)) * Fix Loopback Version ([#88](https://github.com/containerd/go-cni/pull/88)) * Update comment for capabilities ([#89](https://github.com/containerd/go-cni/pull/89)) * Add integration test for linux and update go version from 1.16 to 1.17 ([#84](https://github.com/containerd/go-cni/pull/84)) </p> </details> ### Changes from containerd/imgcrypt <details><summary>18 commits</summary> <p> * Use reflect to support diff.ApplyConfig with/without gogo's types.Any ([#75](https://github.com/containerd/imgcrypt/pull/75)) * Upgrade golangci-lint-action and golangci-lint ([#76](https://github.com/containerd/imgcrypt/pull/76)) * CHANGES: Updated CHANGES document for 1.1.4 release ([#74](https://github.com/containerd/imgcrypt/pull/74)) * Bump github.com/containerd/containerd from 1.5.10 to 1.6.1 ([#73](https://github.com/containerd/imgcrypt/pull/73)) * images: prepare for typeurl.Any ([#72](https://github.com/containerd/imgcrypt/pull/72)) * Bump ocicrypt to 1.1.3 ([#71](https://github.com/containerd/imgcrypt/pull/71)) * Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 ([#67](https://github.com/containerd/imgcrypt/pull/67)) </p> </details> ### Changes from containerd/nri <details><summary>29 commits</summary> <p> * Extend scope to enable common pluggable runtime extensions. ([#16](https://github.com/containerd/nri/pull/16)) * Update GitHub actions CI workflow ([#19](https://github.com/containerd/nri/pull/19)) * replace pkg/errors ([#17](https://github.com/containerd/nri/pull/17)) * Update the examples in README.md ([#15](https://github.com/containerd/nri/pull/15)) * Rename branch from master to main ([#12](https://github.com/containerd/nri/pull/12)) * Update to containerd 1.5.1 ([#11](https://github.com/containerd/nri/pull/11)) </p> </details> ### Changes from containerd/ttrpc <details><summary>37 commits</summary> <p> * Only generate a Go file if the file has some services ([#112](https://github.com/containerd/ttrpc/pull/112)) * *.go: organize errors to one spot ([#113](https://github.com/containerd/ttrpc/pull/113)) * PROTOCOL: slight markdown touchup ([#111](https://github.com/containerd/ttrpc/pull/111)) * Introduce streaming ([#107](https://github.com/containerd/ttrpc/pull/107)) * Update checkout and lint actions ([#109](https://github.com/containerd/ttrpc/pull/109)) * Add Makefile and update protobuf ([#106](https://github.com/containerd/ttrpc/pull/106)) * Add ttrpc protocol definition ([#102](https://github.com/containerd/ttrpc/pull/102)) * Enable Codecov again ([#105](https://github.com/containerd/ttrpc/pull/105)) * Use CR+LF instead of LF regardless of OS ([#103](https://github.com/containerd/ttrpc/pull/103)) * Log the error's underyling errno if there is ([#104](https://github.com/containerd/ttrpc/pull/104)) * Use google.golang.org/protobuf instead of github.com/gogo/protobuf ([#99](https://github.com/containerd/ttrpc/pull/99)) * Wrap correct error on unix.GetsockoptUcred failure ([#100](https://github.com/containerd/ttrpc/pull/100)) * Update CI project checks to use containerd project action ([#101](https://github.com/containerd/ttrpc/pull/101)) </p> </details> ### Changes from containerd/typeurl <details><summary>14 commits</summary> <p> * Fallback to google.golang.org/protobuf ([#35](https://github.com/containerd/typeurl/pull/35)) * Build with Go 1.17 and Go 1.18 ([#34](https://github.com/containerd/typeurl/pull/34)) * Make nil handling easier ([#33](https://github.com/containerd/typeurl/pull/33)) * Make Any type an interface ([#32](https://github.com/containerd/typeurl/pull/32)) * Add Any type and remove gogo protobuf from interfaces ([#31](https://github.com/containerd/typeurl/pull/31)) * replace pkg/errors ([#29](https://github.com/containerd/typeurl/pull/29)) * Update branch name in GH Actions ([#28](https://github.com/containerd/typeurl/pull/28)) </p> </details> ### Dependency Changes * **cloud.google.com/go/compute/metadata** v0.2.1 **_new_** * **github.com/AdaLogics/go-fuzz-headers** 6c3934b029d8 -> 1f10f66a31bf * **github.com/AdamKorcz/go-118-fuzz-build** 5330a85ea652 **_new_** * **github.com/Microsoft/go-winio** v0.5.1 -> v0.6.0 * **github.com/Microsoft/hcsshim** v0.9.2 -> v0.10.0-rc.4 * **github.com/blang/semver/v4** v4.0.0 **_new_** * **github.com/cenkalti/backoff/v4** v4.1.2 -> v4.2.0 * **github.com/cilium/ebpf** v0.7.0 -> v0.9.1 * **github.com/container-orchestrated-devices/container-device-interface** v0.5.1 **_new_** * **github.com/containerd/cgroups** v1.0.3 -> v1.0.4 * **github.com/containerd/cgroups/v3** e8802a182774 **_new_** * **github.com/containerd/continuity** v0.2.2 -> v0.3.0 * **github.com/containerd/go-cni** v1.1.3 -> v1.1.6 * **github.com/containerd/imgcrypt** v1.1.3 -> 8ba028dca028 * **github.com/containerd/nri** v0.1.0 -> v0.2.0 * **github.com/containerd/ttrpc** v1.1.0 -> 944ef4a40df3 * **github.com/containerd/typeurl** v1.0.2 -> 7f6e6d160d67 * **github.com/containernetworking/cni** v1.0.1 -> v1.1.1 * **github.com/containernetworking/plugins** v1.0.1 -> v1.1.1 * **github.com/containers/ocicrypt** v1.1.2 -> v1.1.3 * **github.com/cpuguy83/go-md2man/v2** v2.0.0 -> v2.0.2 * **github.com/cyphar/filepath-securejoin** v0.2.3 **_new_** * **github.com/docker/go-units** v0.4.0 -> v0.5.0 * **github.com/emicklei/go-restful/v3** v3.8.0 **_new_** * **github.com/fsnotify/fsnotify** v1.4.9 -> v1.6.0 * **github.com/go-logr/logr** v1.2.2 -> v1.2.3 * **github.com/google/go-cmp** v0.5.6 -> v0.5.9 * **github.com/google/uuid** v1.2.0 -> v1.3.0 * **github.com/grpc-ecosystem/grpc-gateway/v2** v2.7.0 **_new_** * **github.com/intel/goresctrl** v0.2.0 -> v0.3.0 * **github.com/klauspost/compress** v1.11.13 -> v1.15.11 * **github.com/klauspost/cpuid/v2** v2.0.4 **_new_** * **github.com/miekg/pkcs11** v1.0.3 -> v1.1.1 * **github.com/minio/sha256-simd** v1.0.0 **_new_** * **github.com/moby/sys/mountinfo** v0.5.0 -> v0.6.2 * **github.com/moby/sys/sequential** v0.5.0 **_new_** * **github.com/moby/sys/signal** v0.6.0 -> v0.7.0 * **github.com/opencontainers/image-spec** 693428a734f5 -> 3a7f492d3f1b * **github.com/opencontainers/runc** v1.1.0 -> v1.1.4 * **github.com/opencontainers/runtime-spec** 1c3f411f0417 -> 86290f6a00fb * **github.com/opencontainers/runtime-tools** 946c877fa809 **_new_** * **github.com/opencontainers/selinux** v1.10.0 -> v1.10.2 * **github.com/pelletier/go-toml** v1.9.3 -> v1.9.5 * **github.com/prometheus/client_golang** v1.11.0 -> v1.13.0 * **github.com/prometheus/common** v0.30.0 -> v0.37.0 * **github.com/prometheus/procfs** v0.7.3 -> v0.8.0 * **github.com/russross/blackfriday/v2** v2.0.1 -> v2.1.0 * **github.com/sirupsen/logrus** v1.8.1 -> v1.9.0 * **github.com/stretchr/testify** v1.7.0 -> v1.8.1 * **github.com/syndtr/gocapability** 42c35b437635 **_new_** * **github.com/tchap/go-patricia/v2** v2.3.1 **_new_** * **github.com/urfave/cli** v1.22.1 -> v1.22.10 * **go.opencensus.io** v0.23.0 -> v0.24.0 * **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.28.0 -> v0.36.4 * **go.opentelemetry.io/otel** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/exporters/otlp/internal/retry** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/sdk** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/trace** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/proto/otlp** v0.11.0 -> v0.19.0 * **golang.org/x/crypto** 32db794688a5 -> v0.1.0 * **golang.org/x/mod** v0.6.0 **_new_** * **golang.org/x/net** fe4d6282115f -> v0.4.0 * **golang.org/x/oauth2** 2bc19b11175f -> ee480838109b * **golang.org/x/sync** 036812b2e83c -> v0.1.0 * **golang.org/x/sys** 1d35b9e2eb4e -> v0.3.0 * **golang.org/x/term** 6886f2dfbf5b -> v0.3.0 * **golang.org/x/text** v0.3.7 -> v0.5.0 * **golang.org/x/time** 1f47c861a9ac -> 90d013bbcef8 * **golang.org/x/tools** v0.2.0 **_new_** * **google.golang.org/genproto** e50cd9704f63 -> b1a01be3a5f6 * **google.golang.org/grpc** v1.43.0 -> v1.51.0 * **google.golang.org/protobuf** v1.27.1 -> v1.28.1 * **gopkg.in/yaml.v3** 496545a6307b -> v3.0.1 * **k8s.io/api** v0.22.5 -> v0.25.4 * **k8s.io/apimachinery** v0.22.5 -> v0.25.4 * **k8s.io/apiserver** v0.22.5 -> v0.25.4 * **k8s.io/client-go** v0.22.5 -> v0.25.4 * **k8s.io/component-base** v0.22.5 -> v0.25.4 * **k8s.io/cri-api** v0.23.1 -> v0.26.0-beta.0 * **k8s.io/klog/v2** v2.30.0 -> v2.80.1 * **k8s.io/utils** cb0fa318a74b -> 8e77b1f39fe2 * **sigs.k8s.io/json** f223a00ba0e2 **_new_** * **sigs.k8s.io/structured-merge-diff/v4** v4.1.2 -> v4.2.3 * **sigs.k8s.io/yaml** v1.2.0 -> v1.3.0 Previous release can be found at [v1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.27 (Ubuntu 18.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. * `cri-containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: (Deprecated) * `cri-containerd-cni-<VERSION>-<OS>-<ARCH>.tar.gz`: (Deprecated) In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation. -
v1.6.15
containerd 1.6.15 Welcome to the v1.6.15 release of containerd! The fifteenth patch release for containerd 1.6 fixes an issue with CNI in the CRI plugin ### Notable Updates * **Fix no CNI info for pod sandbox on restart in CRI plugin** ([#7848](https://github.com/containerd/containerd/pull/7848)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Akihiro Suda * Danny Canter * Kevin Parsons * Samuel Karp * Wei Fu ### Changes <details><summary>8 commits</summary> <p> * [release/1.6] Prepare release notes for v1.6.15 ([#7924](https://github.com/containerd/containerd/pull/7924)) * [`883899eae`](https://github.com/containerd/containerd/commit/883899eaed4ab95e3c415b5937438b4439796bfc) Prepare release notes for v1.6.15 * [release/1.6] CI: Pass GITHUB_TOKEN to containerd/project-checks ([#7919](https://github.com/containerd/containerd/pull/7919)) * [`b57367020`](https://github.com/containerd/containerd/commit/b57367020abc53f6e757b9eaadfe96ae7cf7e695) CI: Pass GITHUB_TOKEN to containerd/project-checks * [release/1.6] integration/images: switch away from Docker Hub to avoid rate limit ([#7900](https://github.com/containerd/containerd/pull/7900)) * [`0f4062c9b`](https://github.com/containerd/containerd/commit/0f4062c9be0155861a1907dd1e1fe54b38c1d5ac) integration/images: switch away from Docker Hub to avoid rate limit * [release/1.6] CRI: Fix no CNI info for pod sandbox on restart ([#7848](https://github.com/containerd/containerd/pull/7848)) * [`f16447e2d`](https://github.com/containerd/containerd/commit/f16447e2d495d77c03c6644e78877cd3596ef523) CRI: Fix no CNI info for pod sandbox on restart </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.6.14](https://github.com/containerd/containerd/releases/tag/v1.6.14)
-
v1.7.0-beta.2
containerd 1.7.0-beta.2 Welcome to the v1.7.0-beta.2 release of containerd! *This is a pre-release of containerd* The eighth major release of containerd includes new functionality alongside many improvements. This release is intended to be the last major release of containerd 1.x before 2.0. Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0. This release still adheres to our backwards compability guarantees and users who do not use or enable new functionality should use this release with the same stability expectations. The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality. _This is a beta release and includes some functionality which is not yet complete. While most APIs are finalized before merge, they are subject to change until the official release._ ### Highlights #### Sandbox API _(experimental)_ The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs. This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients. * **Sandbox API** ([#6703](https://github.com/containerd/containerd/pull/6703)) * **CRI Sandbox API Implementation** ([#7228](https://github.com/containerd/containerd/pull/7228)) #### Transfer Service _(experimental)_ * **Transfer Service** ([#7320](https://github.com/containerd/containerd/pull/7320)) The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release to allow for further plugin development and integration into existing plugins. See the [Transfer Docs](https://github.com/containerd/containerd/blob/main/docs/transfer.md) #### NRI _(experimental)_ * **Extend NRI scope** ([nri#16](https://github.com/containerd/nri/pull/16)) * **Support for updated NRI** ([#6019](https://github.com/containerd/containerd/pull/6019)) The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration. This release introduces NRI v0.2.0 with an updated plugin interface to cover a wide range of use cases. See the [NRI Docs](https://github.com/containerd/containerd/blob/main/docs/NRI.md) #### Platform Support * **Linux containers on FreeBSD** ([#7000](https://github.com/containerd/containerd/pull/7000)) #### Runtime Features * **Add support for CDI device injection** ([#6654](https://github.com/containerd/containerd/pull/6654)) * **Support for cgroups blockio** ([#5490](https://github.com/containerd/containerd/pull/5490)) * **Add restart policy for enhanced restart manager** ([#6744](https://github.com/containerd/containerd/pull/6744)) #### Road to 2.0 ##### Refactoring There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points. The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independenty. The new sandbox and distribution interfaces provide one example of this, but it also being done for image and network management. The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc. Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability. * **Remove gogoproto.customtype** ([#6699](https://github.com/containerd/containerd/pull/6699)) * **Remove enumvalue_customname, goproto_enum_prefix and enum_customname** ([#6708](https://github.com/containerd/containerd/pull/6708)) * **Remove all gogoproto extensions** ([#6829](https://github.com/containerd/containerd/pull/6829)) * **Migrate off from github.com/gogo/protobuf** ([#6841](https://github.com/containerd/containerd/pull/6841)) * **ttrpc streaming** ([ttrpc#107](https://github.com/containerd/ttrpc/pull/107)) * **Add unpack interface for client** ([#6749](https://github.com/containerd/containerd/pull/6749)) * **Add collectible resources to metadata gc** ([#6804](https://github.com/containerd/containerd/pull/6804)) ##### Configuration Existing CRI configurations will be supported until 2.0. Any functionality split out of CRI will have their configuration migrated to new plugins. Deprecated configuration versions and configurations for deprecated features will be removed in 2.0. ##### Deprecation The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include. * **Docker Schema 1 Image Deprecation** ([#6884](https://github.com/containerd/containerd/pull/6884)) #### CRI Updates * **Support image pull progress timeout** ([#6150](https://github.com/containerd/containerd/pull/6150)) * **Fix CRI plugin to setup pod network after creating the sandbox container** ([#5904](https://github.com/containerd/containerd/pull/5904)) * **Pass all TOML runtime configuration options from CRI to the runtime** ([#7764](https://github.com/containerd/containerd/pull/7764)) * **Support for user namespaces in stateless pods ([KEP-127](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/127-user-namespaces)) _(experimental)_** ([#7679](https://github.com/containerd/containerd/pull/7679)) * **Add network plugin metrics** ([#7858](https://github.com/containerd/containerd/pull/7858)) * **CRI v1alpha2 is deprecated and will be removed from containerd in containerd v2.0; if you are using the CRI API please move up to CRI v1; Kubernetes supports CRI v1 since Kubernetes 1.23** ([#7863](https://github.com/containerd/containerd/pull/7863)) #### Other * **Support shallow content copy by adding reader option to local content reader at** ([#7414](https://github.com/containerd/containerd/pull/7414)) * **Add NoSameOwner option when unpacking tars** ([#7386](https://github.com/containerd/containerd/pull/7386)) * **Add `FetcherByDigest` for fetching blobs without fetching a manifest** ([#7460](https://github.com/containerd/containerd/pull/7460)) * **Update default seccomp profile to block socket calls to AF_VSOCK** ([#7510](https://github.com/containerd/containerd/pull/7510)) * **Replace fork on mount logic with CLONE_FS** ([#7513](https://github.com/containerd/containerd/pull/7513)) * **Add support for default registry host configuration** ([#7607](https://github.com/containerd/containerd/pull/7607)) * **Use github.com/minio/sha256-simd for more efficient sha256 calculation** ([#7732](https://github.com/containerd/containerd/pull/7732)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Kazuyoshi Kato * Derek McGowan * Phil Estes * Maksym Pavlenko * Wei Fu * Akihiro Suda * Sebastiaan van Stijn * Samuel Karp * Mike Brown * Krisztian Litkey * Daniel Canter * yanggang * Danny Canter * Ye Sijun * Adam Korcz * Ed Bartosh * Luca Comellini * Stefan Berger * Gabriel Adrian Samfira * Iceber Gu * Nashwan Azhari * Paul "TBBle" Hampson * xin.li * Rodrigo Campos * ruiwen-zhao * zounengren * Austin Vazquez * Brian Goff * Shengjing Zhu * Gavin Inglis * Henry Wang * Justin Terry * Kevin Parsons * Paco Xu * Swagat Bora * wanglei * Akhil Mohan * lengrongfu * Michael Crosby * Qiutong Song * Shiming Zhang * Antonio Ojea * James Jenkins * Michael Zappa * Tobias Klauser * Tony Fang * guodong * pigletfly * Amit Barve * Cameron Sparr * Changwei Ge * Craig Ingram * Eng Zer Jun * Eric Lin * James Sturtevant * Jess * Jonny Stoten * Juan Hoyos * Junyu Liu * Kang.Zhang * Mikko Ylinen * Paul Cacheux * Paul S. Schweigert * Qasim Sarfraz * Qian Zhang * Vincent Batts * Yasin Turan * bin liu * dependabot[bot] * Abirdcfly * Aditi Sharma * Aman Sharma * Anastassios Nanos * Andrew G. Morgan * Andrey Klimentyev * Antti Kervinen * Aviral Takkar * Baoshuo * Benjamin Elder * Chao Dai * Chuanying Du * Claudiu Belu * Cory Snider * Danielle Lancashire * Dat Nguyen * Davanum Srinivas * Dave * David Leadbeater * David Porter * Dmitry Shurupov * Eric Ernst * Ethan Lowman * Fabian Hoffman * Fabian Hoffmann * Fahed Dorgaa * Gabriela Cervantes * Gijs Peskens * Hamza El-Saawy * Hsing-Yu (David) Chen * Ikko Ashimine * Jeff Widman * Jeff Zvier * Jeremi Piotrowski * Jin Dong * Jordan Karaze * Joseph Sheng * Joyce Brum * Jukka Rissanen * Kate * Kathryn Baldauf * Kirtana Ashok * Kohei Tokunaga * Kyle L Frisbie * LongtaoZhang * Manuel Alejandro de Brito Fontes * Marc Schwind * Mark Rossetti * Mark Zhang * Marvin Giessing * Mathis Michel * Merlin Ran * Nabeel Rana * Nguyen Phan Huy * Nikita Rybak * Nobel Barakat * Oleg Atamanenko * Oleg Zhurakivskyy * Oliver Radwell * Quan Tian * Roy Yang * Serge Logvinov * Shane Jennings * Shaun Lawrie * Shinichi Morimoto * SilverSoldier * Sophie Liu * Su Fei * Taeho Nam * Takumasa Sakao * Tiger Kaovilai * Tom Godkin * Tomoya.Fujita * Tõnis Tiigi * Xinlin Ma * Yakul Garg * Zhang Tianyang * Zhongming Chang * Zhuchen Wang * austinvazquez * cardy.tang * chaunceyjiang * dabaooline * guiyong.ou * huoqifeng * jianfei.zhang * ningmingxiao * shi yixue * shuaichang * songjiang han * wen chen * wusong * xiaoyang zhu * yanghesong * yaozhenxiu * zhang he ### Changes <details><summary>1379 commits</summary> <p> * Prepare release notes for v1.7.0-beta.2 ([#7903](https://github.com/containerd/containerd/pull/7903)) * Cirrus CI (Fedora 37, Rocky 8): enable cri-integration ([#7892](https://github.com/containerd/containerd/pull/7892)) * contrib/Dockerfile.test: add "integration", "cri-integration", "critest" stages ([#7891](https://github.com/containerd/containerd/pull/7891)) * docs: fix a typo in tracing documentation ([#7914](https://github.com/containerd/containerd/pull/7914)) * CI: Pass GITHUB_TOKEN to containerd/project-checks ([#7913](https://github.com/containerd/containerd/pull/7913)) * Enable dupword linter ([#7911](https://github.com/containerd/containerd/pull/7911)) * ctr: Add platform flag to 'oci spec' command ([#7905](https://github.com/containerd/containerd/pull/7905)) * Vagrantfile: fix disk resize error with VirtualBox ([#7907](https://github.com/containerd/containerd/pull/7907)) * Vagrantfile: fix comments about SELinux ([#7908](https://github.com/containerd/containerd/pull/7908)) * Use the const labels.LabelUncompressed ([#7906](https://github.com/containerd/containerd/pull/7906)) * [sandbox] Add sandbox store plugin type ([#7850](https://github.com/containerd/containerd/pull/7850)) * Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts ([#7893](https://github.com/containerd/containerd/pull/7893)) * CRI: Comment cleanup/misc fixes ([#7904](https://github.com/containerd/containerd/pull/7904)) * Move snapshot event publishing into metadata store ([#5674](https://github.com/containerd/containerd/pull/5674)) * Vagrantfile: install-rootless-podman: remove `setenforce 0` ([#7887](https://github.com/containerd/containerd/pull/7887)) * reused package errdefs for error ([#7894](https://github.com/containerd/containerd/pull/7894)) * integration/images: switch away from Docker Hub to avoid rate limit ([#7888](https://github.com/containerd/containerd/pull/7888)) * Validate userns container config is consistent with sandbox userns config ([#7882](https://github.com/containerd/containerd/pull/7882)) * `ctr contents ls` sorts the labels of the content ([#7881](https://github.com/containerd/containerd/pull/7881)) * chore: use `go fix` to cleanup old +build buildtag ([#7879](https://github.com/containerd/containerd/pull/7879)) * cri: Shadow variables to avoid t.Parallel() issues ([#7880](https://github.com/containerd/containerd/pull/7880)) * Add support for user namespaces in stateless pods (KEP-127) ([#7679](https://github.com/containerd/containerd/pull/7679)) * Refactor metastore transaction ([#7529](https://github.com/containerd/containerd/pull/7529)) * oci: appendOSMounts(): remove unused error, and move ([#7874](https://github.com/containerd/containerd/pull/7874)) * add kube v1.26: remove v1alph2 cri support ([#7863](https://github.com/containerd/containerd/pull/7863)) * make runc 1.1 for oss_fuzz_build.sh ([#7875](https://github.com/containerd/containerd/pull/7875)) * CRI sbserver: Prevent server reuse after Shutdown ([#7872](https://github.com/containerd/containerd/pull/7872)) * Fix incorrect defer usage and refactor judgement ([#7521](https://github.com/containerd/containerd/pull/7521)) * oci: Add WithDomainname ([#7869](https://github.com/containerd/containerd/pull/7869)) * Reused errdefs define error ([#7871](https://github.com/containerd/containerd/pull/7871)) * fix `ctr tasks kill` does not remove cni network under windows ([#7866](https://github.com/containerd/containerd/pull/7866)) * add network plugin metrics ([#7858](https://github.com/containerd/containerd/pull/7858)) * Avoid using canceled context in unpacker cleanup ([#7859](https://github.com/containerd/containerd/pull/7859)) * image/label: print more characters of label keys ([#7618](https://github.com/containerd/containerd/pull/7618)) * prevent Server reuse after a Shutdown ([#7165](https://github.com/containerd/containerd/pull/7165)) * Check containerd's readiness before calling critest ([#7851](https://github.com/containerd/containerd/pull/7851)) * Fix grammatical errors in Readme ([#7837](https://github.com/containerd/containerd/pull/7837)) * Fix cpu architecture detection issue on linux/arm ([#7636](https://github.com/containerd/containerd/pull/7636)) * CRI: Fix no CNI info for pod sandbox on restart ([#7845](https://github.com/containerd/containerd/pull/7845)) * Enable checkRename test ([#7081](https://github.com/containerd/containerd/pull/7081)) * metastore: Add WithTransaction convenience method ([#7781](https://github.com/containerd/containerd/pull/7781)) * Prevent a race condition in testHook ([#7831](https://github.com/containerd/containerd/pull/7831)) * cri: fix `memory.memsw.limit_in_bytes: no such file or directory` ([#7836](https://github.com/containerd/containerd/pull/7836)) * go.mod: update fuzz-headers and fuzz-build ([#7824](https://github.com/containerd/containerd/pull/7824)) * Remove github.com/gogo/protobuf again ([#7825](https://github.com/containerd/containerd/pull/7825)) * CRI: Add host networking helper ([#7814](https://github.com/containerd/containerd/pull/7814)) * Support sandbox shutdown in shim runtimes ([#7792](https://github.com/containerd/containerd/pull/7792)) * move up to CRI-TOOLS v1.26.0 ([#7818](https://github.com/containerd/containerd/pull/7818)) * Minor fix when querying pod sandbox status ([#7812](https://github.com/containerd/containerd/pull/7812)) * nil check to avoid panic on upgrade ([#7809](https://github.com/containerd/containerd/pull/7809)) * Bump grpc to v1.51.0 ([#7709](https://github.com/containerd/containerd/pull/7709)) * fatal error: concurrent map iteration and map write ([#7805](https://github.com/containerd/containerd/pull/7805)) * Bump golangci-lint to v1.50.1 ([#7804](https://github.com/containerd/containerd/pull/7804)) * cri: make swapping disabled with memory limit ([#7783](https://github.com/containerd/containerd/pull/7783)) * add metrics for image pulling: error; in progress count; thoughput ([#7313](https://github.com/containerd/containerd/pull/7313)) * Prepare release notes for v1.7.0-beta.1 ([#7793](https://github.com/containerd/containerd/pull/7793)) * support fetching containerd from non public GCS buckets ([#7771](https://github.com/containerd/containerd/pull/7771)) * images: support specifying SourceDateEpoch via ctx ([#7651](https://github.com/containerd/containerd/pull/7651)) * fuzzing: improve archive fuzzer ([#7718](https://github.com/containerd/containerd/pull/7718)) * fix sdNotify func when debug level ([#7798](https://github.com/containerd/containerd/pull/7798)) * Upgrade GitHub actions packages in release workflow ([#7794](https://github.com/containerd/containerd/pull/7794)) * Enable GitHub Actions local Linux CI runs ([#7796](https://github.com/containerd/containerd/pull/7796)) * integration: increase timeout in container_event_test.go ([#7791](https://github.com/containerd/containerd/pull/7791)) * digest: use github.com/minio/sha256-simd ([#7732](https://github.com/containerd/containerd/pull/7732)) * allow client to remove created tasks with PID 0 ([#7787](https://github.com/containerd/containerd/pull/7787)) * Add container event support to containerd ([#7073](https://github.com/containerd/containerd/pull/7073)) * docs: Authorizer.Authorize could return ErrUnexpectedStatus ([#7786](https://github.com/containerd/containerd/pull/7786)) * fix: check for tmpfs when evaluating if userxattr is needed ([#7772](https://github.com/containerd/containerd/pull/7772)) * Pass TOML configuration options for runtimes CRI is not aware of ([#7764](https://github.com/containerd/containerd/pull/7764)) * Cleanup build constraints ([#7776](https://github.com/containerd/containerd/pull/7776)) * There is no way to disable debug endpoint on Darwin ([#7775](https://github.com/containerd/containerd/pull/7775)) * CI: Vagrant: pin rockylinux/8 to v5.0.0 ([#7777](https://github.com/containerd/containerd/pull/7777)) * vendor: golang.org/x/net v0.4.0 ([#7774](https://github.com/containerd/containerd/pull/7774)) * Fix context when waiting sandbox ([#7773](https://github.com/containerd/containerd/pull/7773)) * Github Security Advisory [GHSA-2qjp-425j-52j9](https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9) * update to go1.19.4, go1.18.9 ([#7765](https://github.com/containerd/containerd/pull/7765)) * Change PushContent to require only Provider ([#7763](https://github.com/containerd/containerd/pull/7763)) * sbserver bug fixing ([#7768](https://github.com/containerd/containerd/pull/7768)) * Add unit test to Opentelemetry tracing ([#7671](https://github.com/containerd/containerd/pull/7671)) * remove some (aliases for) deprecated functions ([#7525](https://github.com/containerd/containerd/pull/7525)) * Refactor ctr restore to allow for tty allocation ([#7673](https://github.com/containerd/containerd/pull/7673)) * fix panic when containerd-stress density --count 0 ([#7748](https://github.com/containerd/containerd/pull/7748)) * Unwrap proto errors in streaming client ([#7753](https://github.com/containerd/containerd/pull/7753)) * Fix process_vm_* syscall names in seccomp ([#7755](https://github.com/containerd/containerd/pull/7755)) * upgrade the ops.md output for current 1.7 version . ([#7747](https://github.com/containerd/containerd/pull/7747)) * docs: Add extra security instructions ([#7743](https://github.com/containerd/containerd/pull/7743)) * go.mod: re-vendor NRI from the official repo. ([#7744](https://github.com/containerd/containerd/pull/7744)) * [Sandbox API] CRI status cleanup ([#7731](https://github.com/containerd/containerd/pull/7731)) * Transfer service ([#7320](https://github.com/containerd/containerd/pull/7320)) * NRI: add support for NRI with extended scope. ([#6019](https://github.com/containerd/containerd/pull/6019)) * archive: set WithModTimeUpperBound when WithSourceDateEpoch is set ([#7710](https://github.com/containerd/containerd/pull/7710)) * Fix order of operations when setting lease labels ([#7702](https://github.com/containerd/containerd/pull/7702)) * Add ctr image prune command ([#7730](https://github.com/containerd/containerd/pull/7730)) * Check for nullptr before dereferencing ([#7708](https://github.com/containerd/containerd/pull/7708)) * use MaxConcurrentDownloads instead of MaxConcurrentUploadedLayers ([#7736](https://github.com/containerd/containerd/pull/7736)) * introspection: expose the daemon's PID and PIDNS ([#7694](https://github.com/containerd/containerd/pull/7694)) * reference/docker: synchronize fork with upstream distribution/distribution ([#7635](https://github.com/containerd/containerd/pull/7635)) * go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions ([#7721](https://github.com/containerd/containerd/pull/7721)) * Add ptrace readby and tracedby to default AppArmor profile ([#7714](https://github.com/containerd/containerd/pull/7714)) * Fix sandbox API when calling sandboxed shims ([#7684](https://github.com/containerd/containerd/pull/7684)) * make status more readable and update easy. ([#7669](https://github.com/containerd/containerd/pull/7669)) * integration/client: fix go.mod grouping, containerd to v1.7.0-beta.0, cgroups back to v1.0.4 ([#7720](https://github.com/containerd/containerd/pull/7720)) * Resolve warnings in Windows GitHub Actions periodic workflows ([#7706](https://github.com/containerd/containerd/pull/7706)) * Sandbox API: implement Controller.Status for SandboxAPI ([#7470](https://github.com/containerd/containerd/pull/7470)) * [port #5904 to sbserver] Setup pod network after creating the sandbox container ([#7426](https://github.com/containerd/containerd/pull/7426)) * fix for OSS-Fuzz infra changes ([#7677](https://github.com/containerd/containerd/pull/7677)) * runtime/v2/shim: clean up the use of containerdBinary ([#7499](https://github.com/containerd/containerd/pull/7499)) * Add process_vm read and write calls to default seccomp profile ([#7693](https://github.com/containerd/containerd/pull/7693)) * Resolve Scorecards GitHub Actions workflow warnings ([#7707](https://github.com/containerd/containerd/pull/7707)) * cri: add pod uid annotation ([#7697](https://github.com/containerd/containerd/pull/7697)) * Missed out `platform interface` when reused the conn for Client. ([#7699](https://github.com/containerd/containerd/pull/7699)) * overlayfs: remove duplicated tx rollback ([#7700](https://github.com/containerd/containerd/pull/7700)) * go.mod: update some dependencies ([#7704](https://github.com/containerd/containerd/pull/7704)) * update github.com/cpuguy83/go-md2man/v2 to v2.0.2 ([#7705](https://github.com/containerd/containerd/pull/7705)) * Fsnotify bump and change code ([#7703](https://github.com/containerd/containerd/pull/7703)) * fix build containerd in centos9 ([#7683](https://github.com/containerd/containerd/pull/7683)) * Bump urfave-cli to v1.22.10 ([#7701](https://github.com/containerd/containerd/pull/7701)) * can set up the network serially by CNI plugins ([#7685](https://github.com/containerd/containerd/pull/7685)) * Update cri-api dependency to v0.26.0-beta.0 ([#7656](https://github.com/containerd/containerd/pull/7656)) * overlay: Remove unused method param ([#7696](https://github.com/containerd/containerd/pull/7696)) * CI: update Fedora to 37 ([#7691](https://github.com/containerd/containerd/pull/7691)) * tx rollback when GetInfo return error ([#7678](https://github.com/containerd/containerd/pull/7678)) * Upgrade github.com/containerd/cgroups from v1 to v3 ([#7601](https://github.com/containerd/containerd/pull/7601)) * Remove OpenTelementry imports from remotes/docker package ([#7675](https://github.com/containerd/containerd/pull/7675)) * Expose Done and Err in Shutdown service ([#7686](https://github.com/containerd/containerd/pull/7686)) * gotestsum match go version 1.19 ([#7688](https://github.com/containerd/containerd/pull/7688)) * complement sub-command note for containerd-main ([#7670](https://github.com/containerd/containerd/pull/7670)) * keep the lower case letter for flag info ([#7668](https://github.com/containerd/containerd/pull/7668)) * bump critools into ca1571e6edd116b2c95f52e3dfa0b4779b74223a ([#7666](https://github.com/containerd/containerd/pull/7666)) * Fix broken link for CRI plugin in docs ([#7667](https://github.com/containerd/containerd/pull/7667)) * add option to resolve symlinks in WithLinuxDevice ([#7523](https://github.com/containerd/containerd/pull/7523)) * Bump k8s.io deps to v0.25.4 ([#7663](https://github.com/containerd/containerd/pull/7663)) * Release: add static binaries ([#7659](https://github.com/containerd/containerd/pull/7659)) * Bump OpenTelemetry contrib to v0.36.4 ([#7662](https://github.com/containerd/containerd/pull/7662)) * Fix slice append error (`spec.Linux.Resources.HugepageLimits`) ([#7661](https://github.com/containerd/containerd/pull/7661)) * Bump OpenTelemetry to v1.11.1 ([#7660](https://github.com/containerd/containerd/pull/7660)) * feature: add gc scheduler metrics collection count ([#5263](https://github.com/containerd/containerd/pull/5263)) * Add `--debug` args to all subcommands of `ctr pprof` ([#7629](https://github.com/containerd/containerd/pull/7629)) * Add a thin wrapper around otel Span object ([#7655](https://github.com/containerd/containerd/pull/7655)) * Bump grpc to v1.50.1 ([#7643](https://github.com/containerd/containerd/pull/7643)) * replace strings.Split(N) for strings.Cut() or alternatives ([#7631](https://github.com/containerd/containerd/pull/7631)) * add oci.WithCPURT ([#7642](https://github.com/containerd/containerd/pull/7642)) * Sandbox API: Add a new mode config for sandbox controller impls ([#7590](https://github.com/containerd/containerd/pull/7590)) * fuzzing: bump go-fuzz-headers ([#7625](https://github.com/containerd/containerd/pull/7625)) * Bump k8s.io deps to v0.25.3 ([#7637](https://github.com/containerd/containerd/pull/7637)) * Remove uses of deprecated go-digest.NewDigestFromHex, go-digest.Digest.Hex ([#7641](https://github.com/containerd/containerd/pull/7641)) * Extra documentation for content interfaces ([#7640](https://github.com/containerd/containerd/pull/7640)) * Fix shim socket permissions on Darwin ([#7638](https://github.com/containerd/containerd/pull/7638)) * s390x: build and package s390x bin in release assets ([#7614](https://github.com/containerd/containerd/pull/7614)) * Replace mount fork hack with CLONE_FS ([#7513](https://github.com/containerd/containerd/pull/7513)) * remotes: add `FetcherByDigest` for fetching blobs without foreknown descriptors (useful for general-purpose CAS) ([#7460](https://github.com/containerd/containerd/pull/7460)) * Fix "getCPUInfo for OS freebsd: not implemented" on FreeBSD/arm64 ([#7403](https://github.com/containerd/containerd/pull/7403)) * Support default hosts.toml configuration ([#7607](https://github.com/containerd/containerd/pull/7607)) * Add tracing spans in CRI image service and pull.go ([#7453](https://github.com/containerd/containerd/pull/7453)) * Fix missing closed fifo ([#7604](https://github.com/containerd/containerd/pull/7604)) * fix comments ([#7624](https://github.com/containerd/containerd/pull/7624)) * docs: add additional info in backport process ([#7626](https://github.com/containerd/containerd/pull/7626)) * go.mod: golang.org/x/*: use tagged versions ([#7621](https://github.com/containerd/containerd/pull/7621)) * Bump go version to 1.19.3 ([#7620](https://github.com/containerd/containerd/pull/7620)) * ctr export strictly matching ([#7615](https://github.com/containerd/containerd/pull/7615)) * Fix ctr crash when pulling with --http-dump and --http-trace simultaneously ([#7617](https://github.com/containerd/containerd/pull/7617)) * Harden GITHUB_TOKEN permissions for OSSF Scorecard ([#7599](https://github.com/containerd/containerd/pull/7599)) * overlayutils: Add fastpath for userxattr check ([#7611](https://github.com/containerd/containerd/pull/7611)) * Add sequence diagram for shim runtime v2 ([#7606](https://github.com/containerd/containerd/pull/7606)) * Sandbox API: Move remote impls to /sandbox/proxy ([#7600](https://github.com/containerd/containerd/pull/7600)) * fuzzing: improve archive fuzzer ([#7588](https://github.com/containerd/containerd/pull/7588)) * Retry client connection in waitForStart ([#7537](https://github.com/containerd/containerd/pull/7537)) * Add Workflow for running critest with Hyper-V Containers on Windows. ([#7025](https://github.com/containerd/containerd/pull/7025)) * Add release notes for v1.7.0-beta.0 ([#7575](https://github.com/containerd/containerd/pull/7575)) * Cleanup sandbox interfaces ([#7576](https://github.com/containerd/containerd/pull/7576)) * Update GitHub actions release workflow set output ([#7581](https://github.com/containerd/containerd/pull/7581)) * Fix LogURI generation-related tests on Windows. ([#7569](https://github.com/containerd/containerd/pull/7569)) * maintenance: Remove WithWindowsNetworkNamespace from pkg/cri ([#7577](https://github.com/containerd/containerd/pull/7577)) * CRI: implement Controller.Delete for SandboxAPI ([#7457](https://github.com/containerd/containerd/pull/7457)) * Configure CDI registry only on start ([#7419](https://github.com/containerd/containerd/pull/7419)) * update codeql-action to v2 ([#7568](https://github.com/containerd/containerd/pull/7568)) * Add logging related metrics to Containerd CRI plugin ([#7546](https://github.com/containerd/containerd/pull/7546)) * sys: optimize and refactor MkdirAllWithACL() ([#7531](https://github.com/containerd/containerd/pull/7531)) * fix install cni script ([#7484](https://github.com/containerd/containerd/pull/7484)) * Update 1.5 release support timeframe ([#7560](https://github.com/containerd/containerd/pull/7560)) * bump go-fuzz-headers ([#7503](https://github.com/containerd/containerd/pull/7503)) * Add long term stable release branches ([#7454](https://github.com/containerd/containerd/pull/7454)) * fix pusher concurrent close channel ([#7473](https://github.com/containerd/containerd/pull/7473)) * Make tests on GitHub less noisy ([#7530](https://github.com/containerd/containerd/pull/7530)) * containerd should not print error log that failed to init a tracing processor while the tracing plugin is not loaded ([#7541](https://github.com/containerd/containerd/pull/7541)) * Update required Go version in BUILDING.md ([#7544](https://github.com/containerd/containerd/pull/7544)) * go.mod: matttproud/golang_protobuf_extensions v1.0.2 (use tag) ([#7522](https://github.com/containerd/containerd/pull/7522)) * Use `go env` to determine GOPATH in Makefile. ([#7542](https://github.com/containerd/containerd/pull/7542)) * clean-up "nolint" comments, remove unused ones, update golangci-lint ([#7349](https://github.com/containerd/containerd/pull/7349)) * Don't unmount on Darwin when deleting bundle ([#7534](https://github.com/containerd/containerd/pull/7534)) * Add timeouts to all CI jobs ([#7538](https://github.com/containerd/containerd/pull/7538)) * Vagrantfile: explicitly specify rsync as the shared folder driver ([#7539](https://github.com/containerd/containerd/pull/7539)) * sys: remove unused IsAbs() (windows) ([#7527](https://github.com/containerd/containerd/pull/7527)) * cri: PodSandboxStatus should tolerate missing task ([#7535](https://github.com/containerd/containerd/pull/7535)) * CI: update GHA instances from Ubuntu 18.04 to 20.04 ([#7489](https://github.com/containerd/containerd/pull/7489)) * fix the --no-pivot flag being ignored by `ctr tasks start` ([#7519](https://github.com/containerd/containerd/pull/7519)) * Update the default seccomp to block socket calls to AF_VSOCK ([#7510](https://github.com/containerd/containerd/pull/7510)) * cmd/containerd: use golang.org/x/sys/windows.SetStdHandle() ([#7511](https://github.com/containerd/containerd/pull/7511)) * Stats() shouldn't assume s.container is non-nil ([#7517](https://github.com/containerd/containerd/pull/7517)) * Move up actions versions to prep for NodeJS 12 deprecation ([#7516](https://github.com/containerd/containerd/pull/7516)) * cmd/containerd: use golang.org/x/sys Service.SetRecoveryActions() ([#7512](https://github.com/containerd/containerd/pull/7512)) * Updates oci image config to support upstream ArgsEscaped ([#7483](https://github.com/containerd/containerd/pull/7483)) * cmd/containerd: replace deprecated windows.IsAnInteractiveSession() ([#7497](https://github.com/containerd/containerd/pull/7497)) * Update container with sandbox metadata after NetNS is created ([#7481](https://github.com/containerd/containerd/pull/7481)) * archive: add WithSourceDateEpoch() for whiteouts ([#7478](https://github.com/containerd/containerd/pull/7478)) * TestTaskResize must use a terminal ([#7492](https://github.com/containerd/containerd/pull/7492)) * diff/apply.readCounter: check negative size ([#7494](https://github.com/containerd/containerd/pull/7494)) * Add new ctr option for discarding unpacked layers ([#7425](https://github.com/containerd/containerd/pull/7425)) * archive: windows: chtimes(): remove redundant conversion ([#7491](https://github.com/containerd/containerd/pull/7491)) * archive: validate digests before use ([#7488](https://github.com/containerd/containerd/pull/7488)) * vendor: github.com/opencontainers/selinux v1.10.2 ([#7482](https://github.com/containerd/containerd/pull/7482)) * fuzzing: create structured tar bytes in archive fuzzer ([#7477](https://github.com/containerd/containerd/pull/7477)) * Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 ([#7474](https://github.com/containerd/containerd/pull/7474)) * use raw link to containerd.service config ([#7463](https://github.com/containerd/containerd/pull/7463)) * cri doc: Update kata containers reference ([#7466](https://github.com/containerd/containerd/pull/7466)) * Setup pod network after creating the sandbox container ([#5904](https://github.com/containerd/containerd/pull/5904)) * Swap to net.ErrClosed checks for services ([#7446](https://github.com/containerd/containerd/pull/7446)) * go.mod: Bump go-winio to v0.6.0 ([#7443](https://github.com/containerd/containerd/pull/7443)) * fix retry when writer is reset on push ([#6995](https://github.com/containerd/containerd/pull/6995)) * CI: Output a summary using GITHUB_SUMMARY ([#7192](https://github.com/containerd/containerd/pull/7192)) * Fix missing close ([#7430](https://github.com/containerd/containerd/pull/7430)) * Add test flag for skipping shim cgroup test ([#7424](https://github.com/containerd/containerd/pull/7424)) * Refactor CRI fuzzers ([#7405](https://github.com/containerd/containerd/pull/7405)) * Fix LogURIGenerator on Windows ([#7351](https://github.com/containerd/containerd/pull/7351)) * Set grpc code for unimplemented cri-api methods ([#7417](https://github.com/containerd/containerd/pull/7417)) * Add reader option to local content reader at ([#7414](https://github.com/containerd/containerd/pull/7414)) * Sandbox API: implement Controller.Wait and Controller.Stop ([#7401](https://github.com/containerd/containerd/pull/7401)) * remove stray .zuul.yaml ([#7416](https://github.com/containerd/containerd/pull/7416)) * reference CDI configuration details ([#7408](https://github.com/containerd/containerd/pull/7408)) * cri-integration: propagate ENABLE_CRI_SANDBOXES ([#7413](https://github.com/containerd/containerd/pull/7413)) * Enable OpenSSF Scorecard Github Action ([#7404](https://github.com/containerd/containerd/pull/7404)) * Add ext2 fs support to devmapper snapshotter ([#7402](https://github.com/containerd/containerd/pull/7402)) * Fuzzing: Instrument with new sanitizers ([#7396](https://github.com/containerd/containerd/pull/7396)) * Upgrade fuzzing-related packages to reduce dependencies ([#7397](https://github.com/containerd/containerd/pull/7397)) * remotes/docker/config: Skipping TLS verification for localhost ([#7393](https://github.com/containerd/containerd/pull/7393)) * Replace github.com/emicklei/go-restful package, versions <2.16.0 ([#7395](https://github.com/containerd/containerd/pull/7395)) * Add NoSameOwner option when unpacking tars ([#7386](https://github.com/containerd/containerd/pull/7386)) * ctr: add privileged-without-host-devices for run command ([#7328](https://github.com/containerd/containerd/pull/7328)) * chore: matching the casing of other flags for ctr's pull command ([#7341](https://github.com/containerd/containerd/pull/7341)) * windows: Add runhcs-wcow-hypervisor runtimeclass to the default config ([#6901](https://github.com/containerd/containerd/pull/6901)) * Fix missing close ([#7370](https://github.com/containerd/containerd/pull/7370)) * CRI: update cdi version to v0.5.1 ([#7374](https://github.com/containerd/containerd/pull/7374)) * Update to go 1.19.1, 1.18.6 to address CVE-2022-27664, CVE-2022-32190 ([#7372](https://github.com/containerd/containerd/pull/7372)) * vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c ([#7373](https://github.com/containerd/containerd/pull/7373)) * Remove unused variable from images action ([#7371](https://github.com/containerd/containerd/pull/7371)) * feature: use client default namespace ([#7291](https://github.com/containerd/containerd/pull/7291)) * integration: TestUpdateContainerResources_MemoryLimit: remove TODO comment ([#7367](https://github.com/containerd/containerd/pull/7367)) * feature: upgrade registry.k8s.io/pause version ([#7359](https://github.com/containerd/containerd/pull/7359)) * metrics/cgroups/v1: Remove unused event parameter ([#7361](https://github.com/containerd/containerd/pull/7361)) * .zuul: remove the zuul because it is offline ([#7369](https://github.com/containerd/containerd/pull/7369)) * Update golangci-lint timeout to match config ([#7356](https://github.com/containerd/containerd/pull/7356)) * delete redundent import alias and and type conversion ([#7345](https://github.com/containerd/containerd/pull/7345)) * Make checkContainerTimestamps less strict on Windows ([#7350](https://github.com/containerd/containerd/pull/7350)) * Make oss-fuzz mandatory ([#7346](https://github.com/containerd/containerd/pull/7346)) * Add kubernetes v1.25 supported version as v1.24 ([#7326](https://github.com/containerd/containerd/pull/7326)) * sys: move ForceRemoveAll to integration/client ([#7335](https://github.com/containerd/containerd/pull/7335)) * chore: remove duplicate word in comments ([#7338](https://github.com/containerd/containerd/pull/7338)) * Use ioctl helpers from x/sys/unix ([#7342](https://github.com/containerd/containerd/pull/7342)) * archive: replace tarName() with filepath.ToSlash() ([#7344](https://github.com/containerd/containerd/pull/7344)) * mount: remove unused ErrNotImplementOnWindows ([#7339](https://github.com/containerd/containerd/pull/7339)) * replace sys Sequential funcs with moby/sys/sequential ([#7334](https://github.com/containerd/containerd/pull/7334)) * Clarify containerd 1.5.0+ for k8s 1.20,1.21 ([#7324](https://github.com/containerd/containerd/pull/7324)) * update runc binary to v1.1.4 ([#7315](https://github.com/containerd/containerd/pull/7315)) * Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9 ([#7325](https://github.com/containerd/containerd/pull/7325)) * Update k8s.io/cri-api to v0.25.0 ([#7287](https://github.com/containerd/containerd/pull/7287)) * script/setup: handle cnidir with SUDO ([#7322](https://github.com/containerd/containerd/pull/7322)) * ContainerStatus to return container resources ([#6517](https://github.com/containerd/containerd/pull/6517)) * migrate from k8s.gcr.io to registry.k8s.io ([#7038](https://github.com/containerd/containerd/pull/7038)) * Do not rename test files on-the-fly to share functions ([#7309](https://github.com/containerd/containerd/pull/7309)) * ctr import: strictly match platform ([#6906](https://github.com/containerd/containerd/pull/6906)) * Revert "Downgrade MinGW to version 10.2.0" ([#7308](https://github.com/containerd/containerd/pull/7308)) * Follow up #7254 (Switch to Go 1.19) ([#7286](https://github.com/containerd/containerd/pull/7286)) * Upgrade containerd/cgroups to remove github.com/cilium/ebpf's fuzzer ([#7304](https://github.com/containerd/containerd/pull/7304)) * Adding support of CAP_BPF and CAP_PERFMON ([#7301](https://github.com/containerd/containerd/pull/7301)) * go.mod: Bump hcsshim to v0.10.0-rc.1 ([#7284](https://github.com/containerd/containerd/pull/7284)) * Don't fail test when GOOGLE_APPLICATION_CREDENTIALS is unset ([#7306](https://github.com/containerd/containerd/pull/7306)) * ci: remove GOPROXY environment variable due to https://github.com/go-yaml/yaml/issues/887 ([#7293](https://github.com/containerd/containerd/pull/7293)) * Runtime cleanup (Shim manager and task service) ([#7280](https://github.com/containerd/containerd/pull/7280)) * containerd-stress: add support for running through CRI ([#6931](https://github.com/containerd/containerd/pull/6931)) * Switch to Go 1.19 ([#7254](https://github.com/containerd/containerd/pull/7254)) * Vagrantfile: dump containerd log after critest ([#7265](https://github.com/containerd/containerd/pull/7265)) * oci: skip checking group id for WithAppendAdditionalGroups ([#7257](https://github.com/containerd/containerd/pull/7257)) * release workflow: increase timeout to 30 minutes & remove Go setup action ([#7259](https://github.com/containerd/containerd/pull/7259)) * release: rollback Ubuntu to 18.04 (except for riscv64) ([#7258](https://github.com/containerd/containerd/pull/7258)) * Initial sandbox API CRI integration (implement Controller.Start) ([#7228](https://github.com/containerd/containerd/pull/7228)) * Use environment variable to specify Go version on CI ([#7251](https://github.com/containerd/containerd/pull/7251)) * Update golang to 1.18.5, 1.17.13 ([#7243](https://github.com/containerd/containerd/pull/7243)) * Change os.Stderr reassign for Windows service ([#7023](https://github.com/containerd/containerd/pull/7023)) * script/setup: fix protobuf for aarch64 ([#7237](https://github.com/containerd/containerd/pull/7237)) * Fix cleanup in critest ([#7232](https://github.com/containerd/containerd/pull/7232)) * fix: support simultaneous create diff for same parent snapshot ([#7204](https://github.com/containerd/containerd/pull/7204)) * Windows HostProcess container CRI stats test ([#7223](https://github.com/containerd/containerd/pull/7223)) * Regenerate protos with updated protoc-gen-go ([#7226](https://github.com/containerd/containerd/pull/7226)) * test: error strings should not be capitalized ([#7195](https://github.com/containerd/containerd/pull/7195)) * Add extra context to error when push unauthorized ([#7220](https://github.com/containerd/containerd/pull/7220)) * replace with selinux label ([#7207](https://github.com/containerd/containerd/pull/7207)) * Use `httputil.DumpRequestOut` for dumping client req ([#7221](https://github.com/containerd/containerd/pull/7221)) * Fix CRI image pull timeout test for ppc64le ([#7215](https://github.com/containerd/containerd/pull/7215)) * test: introduce failpoint control to runc-shimv2 and cni ([#7069](https://github.com/containerd/containerd/pull/7069)) * chore: bump macos runner version ([#7206](https://github.com/containerd/containerd/pull/7206)) * Use image lists form integration/client tests ([#7210](https://github.com/containerd/containerd/pull/7210)) * go.mod: Bump hcsshim to v0.9.4 ([#7212](https://github.com/containerd/containerd/pull/7212)) * Drop deprecated `ioutil` ([#7203](https://github.com/containerd/containerd/pull/7203)) * Make getServicesOpts a helper ([#7201](https://github.com/containerd/containerd/pull/7201)) * adds an env var commented out for sandboxed mode ([#7183](https://github.com/containerd/containerd/pull/7183)) * cri_stats: handle missing cpu stats ([#7198](https://github.com/containerd/containerd/pull/7198)) * using ContextDialer instead ([#7189](https://github.com/containerd/containerd/pull/7189)) * test: Add ability to switch between cgroupv1 or cgroupv2 for node e2e ([#7173](https://github.com/containerd/containerd/pull/7173)) * code cleanup ([#7182](https://github.com/containerd/containerd/pull/7182)) * Update k8s.io/cri-api to v0.25.0-alpha2 ([#7114](https://github.com/containerd/containerd/pull/7114)) * Refactor usageNanoCores be to used for all OSes ([#7186](https://github.com/containerd/containerd/pull/7186)) * adds support for using env file for systemd boot ([#7191](https://github.com/containerd/containerd/pull/7191)) * go.mod: github.com/stretchr/testify v1.8.0 ([#7185](https://github.com/containerd/containerd/pull/7185)) * ctr: support --user for run/create ([#7145](https://github.com/containerd/containerd/pull/7145)) * docs: Fix sample config.toml syntax ([#7174](https://github.com/containerd/containerd/pull/7174)) * seccomp: seccomp: add syscalls related to PKU in default policy ([#7163](https://github.com/containerd/containerd/pull/7163)) * Update and align golangci-lint version ([#7168](https://github.com/containerd/containerd/pull/7168)) * adds a comment explaining how to disable experimental sbserver ([#7169](https://github.com/containerd/containerd/pull/7169)) * ci: workaround Cirrus CI's INVALID_ARGUMENT ([#7177](https://github.com/containerd/containerd/pull/7177)) * Update install-protobuf script to install protobuf on Darwin ([#7153](https://github.com/containerd/containerd/pull/7153)) * Fork CRI server for Sandbox API integration work ([#7164](https://github.com/containerd/containerd/pull/7164)) * seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE ([#7167](https://github.com/containerd/containerd/pull/7167)) * cri doc: fix formatting for CDI options ([#7158](https://github.com/containerd/containerd/pull/7158)) * update golang to 1.18.4, 1.17.12 ([#7159](https://github.com/containerd/containerd/pull/7159)) * Fix out of date comments for CRI store packages ([#7152](https://github.com/containerd/containerd/pull/7152)) * update some devmapper docs ([#7124](https://github.com/containerd/containerd/pull/7124)) * seccomp: allow clock_settime64 when CAP_SYS_TIME is added ([#7149](https://github.com/containerd/containerd/pull/7149)) * Copy fuzzers from github.com/cncf/cncf-fuzzing ([#7123](https://github.com/containerd/containerd/pull/7123)) * fix can't edit object by using ctr content edit command ([#6847](https://github.com/containerd/containerd/pull/6847)) * integration/client: fix typo in export_test.go ([#7130](https://github.com/containerd/containerd/pull/7130)) * Fix WWW-Authenticate parsing ([#7126](https://github.com/containerd/containerd/pull/7126)) * LCOW differ return ErrNotImplemented for wrong mount type ([#7112](https://github.com/containerd/containerd/pull/7112)) * Update go-restful/v3 to latest release ([#7117](https://github.com/containerd/containerd/pull/7117)) * pkg/cri: use marshal wrapper for version convertor ([#7108](https://github.com/containerd/containerd/pull/7108)) * Remove hacks around contrib/fuzz ([#7087](https://github.com/containerd/containerd/pull/7087)) * Fix missing closed HTTP Body ([#7107](https://github.com/containerd/containerd/pull/7107)) * Cleanup metadata tests ([#7105](https://github.com/containerd/containerd/pull/7105)) * Downgrade MinGW to version 10.2.0 ([#7106](https://github.com/containerd/containerd/pull/7106)) * ctr: Fix `ctr c create` fails to parse arguments ([#7098](https://github.com/containerd/containerd/pull/7098)) * Fix Documentation Issue ([#7103](https://github.com/containerd/containerd/pull/7103)) * refactor: reduce duplicate code ([#7100](https://github.com/containerd/containerd/pull/7100)) * make xattr EPERM non-fatal in createTarFile ([#7094](https://github.com/containerd/containerd/pull/7094)) * Move metadata plugin registration to seperate package ([#7096](https://github.com/containerd/containerd/pull/7096)) * fix: missing sudo for devmapper doc ([#7092](https://github.com/containerd/containerd/pull/7092)) * Ensure Windows Periodic workflow errors out while still uploading results. ([#7085](https://github.com/containerd/containerd/pull/7085)) * Add snapshotter key to snapshot events ([#7084](https://github.com/containerd/containerd/pull/7084)) * add WithAdditionalGIDs test ([#7072](https://github.com/containerd/containerd/pull/7072)) * Forward ctr snapshotter flags on Windows ([#7086](https://github.com/containerd/containerd/pull/7086)) * add WithAppendAdditionalGroups helper ([#7070](https://github.com/containerd/containerd/pull/7070)) * Make CI Fuzz less noisy ([#7065](https://github.com/containerd/containerd/pull/7065)) * ctr: add --hostname flag to create, run ([#7082](https://github.com/containerd/containerd/pull/7082)) * improve content-flow ([#7077](https://github.com/containerd/containerd/pull/7077)) * Make CI Fuzz optional ([#7067](https://github.com/containerd/containerd/pull/7067)) * Use Go 1.18's testing.F on simple fuzzers ([#7056](https://github.com/containerd/containerd/pull/7056)) * Downgrade MinGW in Windows setup scripts. ([#7062](https://github.com/containerd/containerd/pull/7062)) * Make test path a constant ([#7057](https://github.com/containerd/containerd/pull/7057)) * Run fuzzers in CI ([#7052](https://github.com/containerd/containerd/pull/7052)) * CRI: Improve the /dev/shm mount options in Sandbox. ([#6913](https://github.com/containerd/containerd/pull/6913)) * fix:userattr-unmount unexpected timeout ([#7008](https://github.com/containerd/containerd/pull/7008)) * Port (some) unit tests to FreeBSD ([#7042](https://github.com/containerd/containerd/pull/7042)) * Bump Golang and MinGW versions in Windows setup script. ([#6888](https://github.com/containerd/containerd/pull/6888)) * Windows snapshotter touch ups and new functionality ([#6918](https://github.com/containerd/containerd/pull/6918)) * Improve naming consistencies in comments in snapshotter.go ([#7032](https://github.com/containerd/containerd/pull/7032)) * Make building static binaries simpler ([#7022](https://github.com/containerd/containerd/pull/7022)) * Allow CRI on Darwin ([#7033](https://github.com/containerd/containerd/pull/7033)) * update runc binary to v1.1.3 ([#7034](https://github.com/containerd/containerd/pull/7034)) * Linux containers on FreeBSD ([#7000](https://github.com/containerd/containerd/pull/7000)) * go.mod: github.com/moby/sys/mountinfo v0.6.2 ([#7026](https://github.com/containerd/containerd/pull/7026)) * fix minor spelling mistake: lablel -> label ([#7031](https://github.com/containerd/containerd/pull/7031)) * go.mod: github.com/containerd/cgroups v1.0.4 ([#7027](https://github.com/containerd/containerd/pull/7027)) * go.mod: github.com/containerd/continuity v0.3.0 ([#7028](https://github.com/containerd/containerd/pull/7028)) * Correct spelling mistake ("sanbdox" to "sandbox") ([#7029](https://github.com/containerd/containerd/pull/7029)) * Github Security Advisory [GHSA-5ffw-gxpp-mxpf](https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf) * Bump grpc to v1.47.0 ([#7018](https://github.com/containerd/containerd/pull/7018)) * Bump k8s.io deps to v0.24.1 ([#7017](https://github.com/containerd/containerd/pull/7017)) * Support runtime level snapshotter for issue 6657 ([#6899](https://github.com/containerd/containerd/pull/6899)) * update golang to 1.18.3, 1.17.11 ([#7012](https://github.com/containerd/containerd/pull/7012)) * Fix containerd-stress duration flag ([#7004](https://github.com/containerd/containerd/pull/7004)) * update go-cni/for cni update fixing plugins that don't respond with version ([#7009](https://github.com/containerd/containerd/pull/7009)) * Add validations for Windows HostProcess CRI configs ([#6996](https://github.com/containerd/containerd/pull/6996)) * Move docker reference logic to reference/docker package ([#7007](https://github.com/containerd/containerd/pull/7007)) * promote pause image to 3.7 (sync with kube v1.24) ([#7003](https://github.com/containerd/containerd/pull/7003)) * Makefile: use urfave_cli_no_docs for binaries that don't need it ([#6998](https://github.com/containerd/containerd/pull/6998)) * CRI: cleanup cri/store package ([#6993](https://github.com/containerd/containerd/pull/6993)) * Use t.Run for /pkg/cri tests ([#7001](https://github.com/containerd/containerd/pull/7001)) * vendor: github.com/urfave/cli v1.22.9 and fix "verify-vendor" script ([#6997](https://github.com/containerd/containerd/pull/6997)) * sandbox: replace github.com/pkg/errors with native errors ([#6937](https://github.com/containerd/containerd/pull/6937)) * build: Fix references to check-protos target in Makefile ([#6983](https://github.com/containerd/containerd/pull/6983)) * ctr: fix label args used in NewContainer ([#6954](https://github.com/containerd/containerd/pull/6954)) * ctr sandbox: handle sandbox config ([#6959](https://github.com/containerd/containerd/pull/6959)) * Fix broken oss-fuzz build ([#6975](https://github.com/containerd/containerd/pull/6975)) * archive: add human-readable hint to Lchown error ([#6982](https://github.com/containerd/containerd/pull/6982)) * Fix tx closed error when upperdirlabel specified ([#6978](https://github.com/containerd/containerd/pull/6978)) * config: improve config v1 deprecation message ([#6972](https://github.com/containerd/containerd/pull/6972)) * Fix Windows install powershell script ([#6969](https://github.com/containerd/containerd/pull/6969)) * fix comments on metadata schema and update namespace doc ([#6955](https://github.com/containerd/containerd/pull/6955)) * adjust format in comment ([#6956](https://github.com/containerd/containerd/pull/6956)) * Restore decompression benchmarks ([#6957](https://github.com/containerd/containerd/pull/6957)) * cmd/ctr/commands/content: fix typo in fetch command usage ([#6960](https://github.com/containerd/containerd/pull/6960)) * fix some confusing typos ([#6950](https://github.com/containerd/containerd/pull/6950)) * update doc url about k8s ([#6952](https://github.com/containerd/containerd/pull/6952)) * Separate windows-2019 and windows-2022 test results ([#6946](https://github.com/containerd/containerd/pull/6946)) * shim: fix debug flag not working ([#6910](https://github.com/containerd/containerd/pull/6910)) * Reverts removal of parallel run from critest ([#6938](https://github.com/containerd/containerd/pull/6938)) * Bump OpenTelemetry dependencies ([#6932](https://github.com/containerd/containerd/pull/6932)) * update runc binary and vendor to v1.1.2 ([#6934](https://github.com/containerd/containerd/pull/6934)) * oci: WithDefaultUnixDevices(): remove tun/tap from the default devices ([#6923](https://github.com/containerd/containerd/pull/6923)) * update golang to 1.18.2, 1.17.10 ([#6926](https://github.com/containerd/containerd/pull/6926)) * CI: update Fedora to 36 ([#6925](https://github.com/containerd/containerd/pull/6925)) * Add `Wait` to `binaryProcessor` ([#6916](https://github.com/containerd/containerd/pull/6916)) * go.mod: Bump k8s deps to v0.24.0 ([#6905](https://github.com/containerd/containerd/pull/6905)) * (Vagrant CI) Enable git commands due to git CVE fix ([#6915](https://github.com/containerd/containerd/pull/6915)) * Pass explicit JUnit outfile to critest.exe in Windows workflow. ([#6912](https://github.com/containerd/containerd/pull/6912)) * Update critools to v1.24 ([#6894](https://github.com/containerd/containerd/pull/6894)) * devmapper docs: small fixes ([#6904](https://github.com/containerd/containerd/pull/6904)) * move report dir option to end of line for vagrant cri tests ([#6900](https://github.com/containerd/containerd/pull/6900)) * Update Kubernetes version matrix in release docs ([#6892](https://github.com/containerd/containerd/pull/6892)) * Share container images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy ([#6889](https://github.com/containerd/containerd/pull/6889)) * containerd 1.6.4 k8s 1.24 readme announce ([#6890](https://github.com/containerd/containerd/pull/6890)) * Cleanup leaked shim process ([#6866](https://github.com/containerd/containerd/pull/6866)) * Add collectible resources to metadata gc ([#6804](https://github.com/containerd/containerd/pull/6804)) * Update k8 docurl in file ([#6881](https://github.com/containerd/containerd/pull/6881)) * Support RISC-V 64 ([#6882](https://github.com/containerd/containerd/pull/6882)) * docs: minor fixes in snapshots.Snapshotter comments ([#6885](https://github.com/containerd/containerd/pull/6885)) * Officially deprecate Schema 1 ([#6884](https://github.com/containerd/containerd/pull/6884)) * Make Cirrus CI tests more stable ([#6880](https://github.com/containerd/containerd/pull/6880)) * docs: Adding windows installation steps to getting-started.md ([#6875](https://github.com/containerd/containerd/pull/6875)) * Add ctr support for CPUMax and CPUShares ([#6809](https://github.com/containerd/containerd/pull/6809)) * Support for cgroups blockio ([#5490](https://github.com/containerd/containerd/pull/5490)) * Fix comment for metadata/db.go ([#6871](https://github.com/containerd/containerd/pull/6871)) * Remove github.com/gogo/protobuf and github.com/golang/protobuf from containerd's direct dependencies ([#6867](https://github.com/containerd/containerd/pull/6867)) * Update go-cni to v1.1.5 ([#6868](https://github.com/containerd/containerd/pull/6868)) * Bump opencontainers/selinux from 1.10.0 to 1.10.1 ([#6865](https://github.com/containerd/containerd/pull/6865)) * Upgrade google.golang.org/grpc and google.golang.org/protobuf ([#6864](https://github.com/containerd/containerd/pull/6864)) * Don't use "uname -a" as Cirrus CI's cache key ([#6863](https://github.com/containerd/containerd/pull/6863)) * remove duplicate ([#6856](https://github.com/containerd/containerd/pull/6856)) * Create ppc64le release ([#6858](https://github.com/containerd/containerd/pull/6858)) * Move Vagrant-based tests from GitHub Actions to Cirrus CI ([#6854](https://github.com/containerd/containerd/pull/6854)) * feature: support image pull progress timeout ([#6150](https://github.com/containerd/containerd/pull/6150)) * Add unpack interface to be used by client ([#6749](https://github.com/containerd/containerd/pull/6749)) * Fix undefined error in use of errors package ([#6855](https://github.com/containerd/containerd/pull/6855)) * Migrate off from github.com/gogo/protobuf ([#6841](https://github.com/containerd/containerd/pull/6841)) * images/image.go: typo ([#6851](https://github.com/containerd/containerd/pull/6851)) * Add flag to allow oci.WithAllDevicesAllowed on PrivilegedWithoutHostDevices ([#5686](https://github.com/containerd/containerd/pull/5686)) * integration: Adds Windows equivalent for TestSandboxRemoveWithoutIPLeakage ([#6180](https://github.com/containerd/containerd/pull/6180)) * fix incorrect syntax in comments ([#6845](https://github.com/containerd/containerd/pull/6845)) * cri: close fifos when container is deleted ([#6842](https://github.com/containerd/containerd/pull/6842)) * diff: hide types.Any from clients ([#6832](https://github.com/containerd/containerd/pull/6832)) * Add Container-Optimized OS into Adopters ([#6838](https://github.com/containerd/containerd/pull/6838)) * Prepare for google.golang.org/protobuf ([#6835](https://github.com/containerd/containerd/pull/6835)) * fix the restart desired to running when task not found ([#6833](https://github.com/containerd/containerd/pull/6833)) * Remove all gogoproto extensions ([#6829](https://github.com/containerd/containerd/pull/6829)) * fix nil pointer panic for monitor ([#6830](https://github.com/containerd/containerd/pull/6830)) * remotes/docker: log registry URLs as info instead of debug ([#5681](https://github.com/containerd/containerd/pull/5681)) * Rename runtime/v2/task to api/runtime ([#6827](https://github.com/containerd/containerd/pull/6827)) * Fix protoc-gen-go-fieldpath ([#6828](https://github.com/containerd/containerd/pull/6828)) * Consolidate gogo/protobuf dependencies under our own protobuf package ([#6826](https://github.com/containerd/containerd/pull/6826)) * Add restart policy for enhanced restart manager ([#6744](https://github.com/containerd/containerd/pull/6744)) * Remove gogoproto.stdtime ([#6821](https://github.com/containerd/containerd/pull/6821)) * Set timeout when collecting metrics from shim's Stat ([#6781](https://github.com/containerd/containerd/pull/6781)) * Fuzz filter package with Go 1.18's fuzzer ([#6819](https://github.com/containerd/containerd/pull/6819)) * allow ptrace(2) by default for kernel >= 4.8 ([#6810](https://github.com/containerd/containerd/pull/6810)) * Build bin/gen-manpages instead of using "go run" ([#6820](https://github.com/containerd/containerd/pull/6820)) * update golang to 1.18.1, 1.17.9 ([#6822](https://github.com/containerd/containerd/pull/6822)) * Sandbox API ([#6703](https://github.com/containerd/containerd/pull/6703)) * Move lease manager plugin to separate package ([#6811](https://github.com/containerd/containerd/pull/6811)) * fix pool_device_test ([#6807](https://github.com/containerd/containerd/pull/6807)) * check for duplicate nspath possibilities ([#6806](https://github.com/containerd/containerd/pull/6806)) * Do not append []string{""} to command to preserve Docker compatibility ([#6805](https://github.com/containerd/containerd/pull/6805)) * tracing: fix panic on startup when configured ([#6789](https://github.com/containerd/containerd/pull/6789)) * Optimize loading performance for cri recover ([#6680](https://github.com/containerd/containerd/pull/6680)) * Change architecture path in README.md ([#6798](https://github.com/containerd/containerd/pull/6798)) * make consistent for checkpoint path ([#6792](https://github.com/containerd/containerd/pull/6792)) * metrics/cgroups: fix deadlock issue in Add during Collect ([#6788](https://github.com/containerd/containerd/pull/6788)) * ADOPTERS: Update AKS Info ([#6794](https://github.com/containerd/containerd/pull/6794)) * Pin upload-cloud-storage action to 0.8.0 in Windows workflow. ([#6790](https://github.com/containerd/containerd/pull/6790)) * docs: add Deckhouse to the list of adopters ([#6785](https://github.com/containerd/containerd/pull/6785)) * Add `docs/snapshotters`; simplify `docs/cri` ([#6778](https://github.com/containerd/containerd/pull/6778)) * Turn paths from cmdline into absolute paths ([#6672](https://github.com/containerd/containerd/pull/6672)) * CRI: add support for CDI device injection ([#6654](https://github.com/containerd/containerd/pull/6654)) * Disable writing freelist to make the file robust against data corruptions ([#6761](https://github.com/containerd/containerd/pull/6761)) * mv design docs/historical/design ([#6777](https://github.com/containerd/containerd/pull/6777)) * CRI: improve image pulling performance ([#6702](https://github.com/containerd/containerd/pull/6702)) * docs: remove runtime v1; migrate config v1 to v2 ([#6776](https://github.com/containerd/containerd/pull/6776)) * Skip flaky test on Windows ([#6779](https://github.com/containerd/containerd/pull/6779)) * docs/getting-started.md: typo ([#6775](https://github.com/containerd/containerd/pull/6775)) * Add no_tracing tag ([#6750](https://github.com/containerd/containerd/pull/6750)) * Move historical docs to `docs/historical` ([#6754](https://github.com/containerd/containerd/pull/6754)) * Run go mod tidy in integration tests ([#6768](https://github.com/containerd/containerd/pull/6768)) * go.mod: move indirects, and update integration go.mod to 1.18 ([#6765](https://github.com/containerd/containerd/pull/6765)) * Drop gotest.tools ([#6762](https://github.com/containerd/containerd/pull/6762)) * Use t.Setenv instead of os.Setenv ([#6760](https://github.com/containerd/containerd/pull/6760)) * Upgrade to Go 1.18 ([#6709](https://github.com/containerd/containerd/pull/6709)) * Adding multi-arch support for the configure.sh script ([#6751](https://github.com/containerd/containerd/pull/6751)) * docs/getting-started.md: massive update ([#6758](https://github.com/containerd/containerd/pull/6758)) * Remove unmaintained contrib/linuxkit ([#6755](https://github.com/containerd/containerd/pull/6755)) * [Windows CI] Address some timeout issues ([#6757](https://github.com/containerd/containerd/pull/6757)) * BUILDING.md: update supported Go versions ([#6756](https://github.com/containerd/containerd/pull/6756)) * update runc to 1.1.1 ([#6753](https://github.com/containerd/containerd/pull/6753)) * CI: add Rocky Linux 8 ([#6747](https://github.com/containerd/containerd/pull/6747)) * CI: bump up crun to 1.4.4 ([#6748](https://github.com/containerd/containerd/pull/6748)) * added make help for cri integration ([#6743](https://github.com/containerd/containerd/pull/6743)) * Update README.md cncf landscape url ([#6740](https://github.com/containerd/containerd/pull/6740)) * Fix error message in TestNewBinaryIO ([#6738](https://github.com/containerd/containerd/pull/6738)) * Use typeurl.Any instead of github.com/gogo/protobuf/types.Any ([#6706](https://github.com/containerd/containerd/pull/6706)) * Use cgroups.AddProc() for cgroups v1 ([#5738](https://github.com/containerd/containerd/pull/5738)) * fix: ctr images mount with snapshotter option can't get snapshotter ([#6713](https://github.com/containerd/containerd/pull/6713)) * cgroup2: monitor OOMKill instead of OOM to prevent missing container events ([#6323](https://github.com/containerd/containerd/pull/6323)) * moving up to go-cni v1.1.4 ([#6721](https://github.com/containerd/containerd/pull/6721)) * native: fix deadlock from leaving transactions open ([#6722](https://github.com/containerd/containerd/pull/6722)) * go.mod: remove replace, and update github.com/gogo/googleapis v1.4.1 ([#5390](https://github.com/containerd/containerd/pull/5390)) * Github Security Advisory [GHSA-c9cp-9c75-9v8c](https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c) * runtime: deprecate runc --criu / -criu-path option ([#6496](https://github.com/containerd/containerd/pull/6496)) * Bug fix for mount path handling ([#6651](https://github.com/containerd/containerd/pull/6651)) * Upgrade containerd/imgcrypt and opencontainers/image-spec ([#6711](https://github.com/containerd/containerd/pull/6711)) * Remove enumvalue_customname, goproto_enum_prefix and enum_customname ([#6708](https://github.com/containerd/containerd/pull/6708)) * Remove gogoproto.customtype ([#6699](https://github.com/containerd/containerd/pull/6699)) * Skip tty critest testcase on Windows Server 2022 ([#6698](https://github.com/containerd/containerd/pull/6698)) * Build with Go 1.18 ([#6605](https://github.com/containerd/containerd/pull/6605)) * Update prometheus client vendor ([#6690](https://github.com/containerd/containerd/pull/6690)) * vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd ([#6687](https://github.com/containerd/containerd/pull/6687)) * Make the temp mount as ready only in container WithVolumes ([#6593](https://github.com/containerd/containerd/pull/6593)) * fix: `ctr run --cni` get failed ([#6670](https://github.com/containerd/containerd/pull/6670)) * test: use `T.TempDir` to create temporary test directory ([#6681](https://github.com/containerd/containerd/pull/6681)) * Make OpenLab's CI jobs blocking ([#6679](https://github.com/containerd/containerd/pull/6679)) * document log level and format ([#6683](https://github.com/containerd/containerd/pull/6683)) * Add shared content label to namespaces ([#6660](https://github.com/containerd/containerd/pull/6660)) * Add protoc-gen-go-fieldpath ([#6562](https://github.com/containerd/containerd/pull/6562)) * Enable gosec linter for golangci-lint ([#6669](https://github.com/containerd/containerd/pull/6669)) * Make mkfs.xfs available on OpenLab's CI environment ([#6668](https://github.com/containerd/containerd/pull/6668)) * ctr: improve error relative shim path error msg ([#6519](https://github.com/containerd/containerd/pull/6519)) * typo fixes under cmd. ([#6674](https://github.com/containerd/containerd/pull/6674)) * Handle CRI Device.HostPath on Windows ([#6618](https://github.com/containerd/containerd/pull/6618)) * Upgrade golangci-lint and its GitHub Action ([#6666](https://github.com/containerd/containerd/pull/6666)) * Don't build a second copy of containerd-shim-runhcs-v1.exe ([#6661](https://github.com/containerd/containerd/pull/6661)) * Update TestNormalize to only test Windows platform ([#6569](https://github.com/containerd/containerd/pull/6569)) * Fix link in getting-started.md ([#6663](https://github.com/containerd/containerd/pull/6663)) * Fuzzing: refactor metadata fuzzers ([#6423](https://github.com/containerd/containerd/pull/6423)) * Two xfs file systems with same UUID can not be mounted on the same sy… ([#6650](https://github.com/containerd/containerd/pull/6650)) * [Windows] Fix deadline exceeded in daemon restart ([#6635](https://github.com/containerd/containerd/pull/6635)) * Use temp file for export/import test ([#6658](https://github.com/containerd/containerd/pull/6658)) * strip path-info from `-v` (version) output, and implement -v flag for containerd-shim ([#6495](https://github.com/containerd/containerd/pull/6495)) * Improve unexpected response error handling in resolver ([#6617](https://github.com/containerd/containerd/pull/6617)) * Use the latest tag for azure images ([#6601](https://github.com/containerd/containerd/pull/6601)) * Run CRI integration tests in GitHub Actions (Windows) ([#6626](https://github.com/containerd/containerd/pull/6626)) * cri: fix integration test on cgroupsv2 system ([#6595](https://github.com/containerd/containerd/pull/6595)) * Use version 2 configuration format in docs/PLUGINS.md ([#6613](https://github.com/containerd/containerd/pull/6613)) * update to go 1.16.15, 1.17.8 to address CVE-2022-24921 ([#6619](https://github.com/containerd/containerd/pull/6619)) * Update status of 1.4 release ([#6614](https://github.com/containerd/containerd/pull/6614)) * Update TestContainerSymlinkVolumes to use windows path ([#6568](https://github.com/containerd/containerd/pull/6568)) * Add --user support for ctr run Windows ([#6603](https://github.com/containerd/containerd/pull/6603)) * Update releases ([#6608](https://github.com/containerd/containerd/pull/6608)) * Github Security Advisory [GHSA-crp2-qrr5-8pq7](https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7) * Adds support for Windows ArgsEscaped images ([#6479](https://github.com/containerd/containerd/pull/6479)) * Do not use weak import ([#6558](https://github.com/containerd/containerd/pull/6558)) * cri: relax test for system without hugetlb ([#6596](https://github.com/containerd/containerd/pull/6596)) * Use containerd/protobuild instead of stevvooe/protobuild ([#6578](https://github.com/containerd/containerd/pull/6578)) * integration: remove duplicated util pkg ([#6597](https://github.com/containerd/containerd/pull/6597)) * go.mod: update to github.com/tchap/go-patricia/v2 v2.3.1 ([#6591](https://github.com/containerd/containerd/pull/6591)) * Update Go version recommendation in getting started ([#6585](https://github.com/containerd/containerd/pull/6585)) * go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3 ([#6337](https://github.com/containerd/containerd/pull/6337)) * fix Implicit memory aliasing in for loop ([#6331](https://github.com/containerd/containerd/pull/6331)) * Fix build with gccgo ([#6579](https://github.com/containerd/containerd/pull/6579)) * Replace golang.org/x/net/context with std library ([#6580](https://github.com/containerd/containerd/pull/6580)) * containerd-shim-runc-v1: return init pid when clean dead shim ([#6571](https://github.com/containerd/containerd/pull/6571)) * Use Windows matcher when on Windows platform in all code paths ([#6491](https://github.com/containerd/containerd/pull/6491)) * containerd-shim-runc-v2: return init pid when clean dead shim ([#6452](https://github.com/containerd/containerd/pull/6452)) * [Windows][Integration] Enable TestRestartMonitor ([#6515](https://github.com/containerd/containerd/pull/6515)) * go.mod: fsnotify v1.5.1, moby/sys/mountinfo v0.6.0, moby/sys/signal v0.7.0 ([#6554](https://github.com/containerd/containerd/pull/6554)) </p> </details> ### Changes from containerd/cgroups <details><summary>21 commits</summary> <p> * ParseCgroupFile: fix wrong comment about unified hierarchy ; add ParseCgroupFileUnified to get the unified path ([#232](https://github.com/containerd/cgroups/pull/232)) * Bump go version to 1.17 in go.mod ([#230](https://github.com/containerd/cgroups/pull/230)) * make cmd/ a separate module (as it's only for testing) ([#226](https://github.com/containerd/cgroups/pull/226)) * feat(v2): add Update method for v2.Manager ([#225](https://github.com/containerd/cgroups/pull/225)) * feat: add memory.min param ([#211](https://github.com/containerd/cgroups/pull/211)) * modified the dereference null pointer value. ([#218](https://github.com/containerd/cgroups/pull/218)) * update readme for cpu cgroup demo ([#217](https://github.com/containerd/cgroups/pull/217)) * Fix systemd full path ([#221](https://github.com/containerd/cgroups/pull/221)) * Update Go version and fedora base ([#223](https://github.com/containerd/cgroups/pull/223)) * Fix panic in NewSystemd on nil values ([#219](https://github.com/containerd/cgroups/pull/219)) </p> </details> ### Changes from containerd/continuity <details><summary>28 commits</summary> <p> * go.mod: update dependencies (take 2) ([#204](https://github.com/containerd/continuity/pull/204)) * Revert "go.mod: update dependencies" ([#205](https://github.com/containerd/continuity/pull/205)) * Various small fix-ups ([#202](https://github.com/containerd/continuity/pull/202)) * update authors and mailmap ([#201](https://github.com/containerd/continuity/pull/201)) * move cmd/continuity to its own go module ([#200](https://github.com/containerd/continuity/pull/200)) * CI: resolve Go path before sudoing ; Remove deprecated io/ioutil (except ioutil.ReadDir) ([#198](https://github.com/containerd/continuity/pull/198)) * fs.CopyDir: support sockets and pipes ([#197](https://github.com/containerd/continuity/pull/197)) * Fix wrapping errors ([#196](https://github.com/containerd/continuity/pull/196)) </p> </details> ### Changes from containerd/go-cni <details><summary>22 commits</summary> <p> * go.mod: update libcni to v1.1.1 ([#101](https://github.com/containerd/go-cni/pull/101)) * add in some serial setup tests; a little make cleanup ([#100](https://github.com/containerd/go-cni/pull/100)) * Re-introduce serial network setup ([#99](https://github.com/containerd/go-cni/pull/99)) * bump github.com/containernetworking/cni v1.1.0 ([#98](https://github.com/containerd/go-cni/pull/98)) * Revert "Update loopback version to support check" ([#96](https://github.com/containerd/go-cni/pull/96)) * Use revive instead of golint ([#92](https://github.com/containerd/go-cni/pull/92)) * Bump go verion to 1.17 ([#91](https://github.com/containerd/go-cni/pull/91)) * moving up to latest CNI plugin release ([#90](https://github.com/containerd/go-cni/pull/90)) * Fix Loopback Version ([#88](https://github.com/containerd/go-cni/pull/88)) * Update comment for capabilities ([#89](https://github.com/containerd/go-cni/pull/89)) * Add integration test for linux and update go version from 1.16 to 1.17 ([#84](https://github.com/containerd/go-cni/pull/84)) </p> </details> ### Changes from containerd/imgcrypt <details><summary>18 commits</summary> <p> * Use reflect to support diff.ApplyConfig with/without gogo's types.Any ([#75](https://github.com/containerd/imgcrypt/pull/75)) * Upgrade golangci-lint-action and golangci-lint ([#76](https://github.com/containerd/imgcrypt/pull/76)) * CHANGES: Updated CHANGES document for 1.1.4 release ([#74](https://github.com/containerd/imgcrypt/pull/74)) * Bump github.com/containerd/containerd from 1.5.10 to 1.6.1 ([#73](https://github.com/containerd/imgcrypt/pull/73)) * images: prepare for typeurl.Any ([#72](https://github.com/containerd/imgcrypt/pull/72)) * Bump ocicrypt to 1.1.3 ([#71](https://github.com/containerd/imgcrypt/pull/71)) * Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 ([#67](https://github.com/containerd/imgcrypt/pull/67)) </p> </details> ### Changes from containerd/nri <details><summary>29 commits</summary> <p> * Extend scope to enable common pluggable runtime extensions. ([#16](https://github.com/containerd/nri/pull/16)) * Update GitHub actions CI workflow ([#19](https://github.com/containerd/nri/pull/19)) * replace pkg/errors ([#17](https://github.com/containerd/nri/pull/17)) * Update the examples in README.md ([#15](https://github.com/containerd/nri/pull/15)) * Rename branch from master to main ([#12](https://github.com/containerd/nri/pull/12)) * Update to containerd 1.5.1 ([#11](https://github.com/containerd/nri/pull/11)) </p> </details> ### Changes from containerd/ttrpc <details><summary>37 commits</summary> <p> * Only generate a Go file if the file has some services ([#112](https://github.com/containerd/ttrpc/pull/112)) * *.go: organize errors to one spot ([#113](https://github.com/containerd/ttrpc/pull/113)) * PROTOCOL: slight markdown touchup ([#111](https://github.com/containerd/ttrpc/pull/111)) * Introduce streaming ([#107](https://github.com/containerd/ttrpc/pull/107)) * Update checkout and lint actions ([#109](https://github.com/containerd/ttrpc/pull/109)) * Add Makefile and update protobuf ([#106](https://github.com/containerd/ttrpc/pull/106)) * Add ttrpc protocol definition ([#102](https://github.com/containerd/ttrpc/pull/102)) * Enable Codecov again ([#105](https://github.com/containerd/ttrpc/pull/105)) * Use CR+LF instead of LF regardless of OS ([#103](https://github.com/containerd/ttrpc/pull/103)) * Log the error's underyling errno if there is ([#104](https://github.com/containerd/ttrpc/pull/104)) * Use google.golang.org/protobuf instead of github.com/gogo/protobuf ([#99](https://github.com/containerd/ttrpc/pull/99)) * Wrap correct error on unix.GetsockoptUcred failure ([#100](https://github.com/containerd/ttrpc/pull/100)) * Update CI project checks to use containerd project action ([#101](https://github.com/containerd/ttrpc/pull/101)) </p> </details> ### Changes from containerd/typeurl <details><summary>14 commits</summary> <p> * Fallback to google.golang.org/protobuf ([#35](https://github.com/containerd/typeurl/pull/35)) * Build with Go 1.17 and Go 1.18 ([#34](https://github.com/containerd/typeurl/pull/34)) * Make nil handling easier ([#33](https://github.com/containerd/typeurl/pull/33)) * Make Any type an interface ([#32](https://github.com/containerd/typeurl/pull/32)) * Add Any type and remove gogo protobuf from interfaces ([#31](https://github.com/containerd/typeurl/pull/31)) * replace pkg/errors ([#29](https://github.com/containerd/typeurl/pull/29)) * Update branch name in GH Actions ([#28](https://github.com/containerd/typeurl/pull/28)) </p> </details> ### Dependency Changes * **cloud.google.com/go/compute/metadata** v0.2.1 **_new_** * **github.com/AdaLogics/go-fuzz-headers** 6c3934b029d8 -> d395f97c4830 * **github.com/AdamKorcz/go-118-fuzz-build** 5330a85ea652 **_new_** * **github.com/Microsoft/go-winio** v0.5.1 -> v0.6.0 * **github.com/Microsoft/hcsshim** v0.9.2 -> v0.10.0-rc.1 * **github.com/blang/semver/v4** v4.0.0 **_new_** * **github.com/cenkalti/backoff/v4** v4.1.2 -> v4.1.3 * **github.com/cilium/ebpf** v0.7.0 -> v0.9.1 * **github.com/container-orchestrated-devices/container-device-interface** v0.5.1 **_new_** * **github.com/containerd/cgroups** v1.0.3 -> v1.0.4 * **github.com/containerd/cgroups/v3** e8802a182774 **_new_** * **github.com/containerd/continuity** v0.2.2 -> v0.3.0 * **github.com/containerd/go-cni** v1.1.3 -> v1.1.6 * **github.com/containerd/imgcrypt** v1.1.3 -> 8ba028dca028 * **github.com/containerd/nri** v0.1.0 -> v0.2.0 * **github.com/containerd/ttrpc** v1.1.0 -> 944ef4a40df3 * **github.com/containerd/typeurl** v1.0.2 -> 7f6e6d160d67 * **github.com/containernetworking/cni** v1.0.1 -> v1.1.1 * **github.com/containernetworking/plugins** v1.0.1 -> v1.1.1 * **github.com/containers/ocicrypt** v1.1.2 -> v1.1.3 * **github.com/cpuguy83/go-md2man/v2** v2.0.0 -> v2.0.2 * **github.com/cyphar/filepath-securejoin** v0.2.3 **_new_** * **github.com/emicklei/go-restful/v3** v3.8.0 **_new_** * **github.com/fsnotify/fsnotify** v1.4.9 -> v1.6.0 * **github.com/go-logr/logr** v1.2.2 -> v1.2.3 * **github.com/google/go-cmp** v0.5.6 -> v0.5.9 * **github.com/google/uuid** v1.2.0 -> v1.3.0 * **github.com/grpc-ecosystem/grpc-gateway/v2** v2.7.0 **_new_** * **github.com/klauspost/compress** v1.11.13 -> v1.15.9 * **github.com/klauspost/cpuid/v2** v2.0.4 **_new_** * **github.com/miekg/pkcs11** v1.0.3 -> v1.1.1 * **github.com/minio/sha256-simd** v1.0.0 **_new_** * **github.com/moby/sys/mountinfo** v0.5.0 -> v0.6.2 * **github.com/moby/sys/sequential** v0.5.0 **_new_** * **github.com/moby/sys/signal** v0.6.0 -> v0.7.0 * **github.com/opencontainers/image-spec** 693428a734f5 -> 3a7f492d3f1b * **github.com/opencontainers/runc** v1.1.0 -> v1.1.4 * **github.com/opencontainers/runtime-spec** 1c3f411f0417 -> 86290f6a00fb * **github.com/opencontainers/runtime-tools** 946c877fa809 **_new_** * **github.com/opencontainers/selinux** v1.10.0 -> v1.10.2 * **github.com/prometheus/client_golang** v1.11.0 -> v1.12.1 * **github.com/prometheus/common** v0.30.0 -> v0.32.1 * **github.com/russross/blackfriday/v2** v2.0.1 -> v2.1.0 * **github.com/sirupsen/logrus** v1.8.1 -> v1.9.0 * **github.com/stretchr/testify** v1.7.0 -> v1.8.1 * **github.com/syndtr/gocapability** 42c35b437635 **_new_** * **github.com/tchap/go-patricia/v2** v2.3.1 **_new_** * **github.com/urfave/cli** v1.22.1 -> v1.22.10 * **go.opencensus.io** v0.23.0 -> v0.24.0 * **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.28.0 -> v0.36.4 * **go.opentelemetry.io/otel** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/exporters/otlp/internal/retry** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/sdk** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/trace** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/proto/otlp** v0.11.0 -> v0.19.0 * **golang.org/x/crypto** 32db794688a5 -> v0.1.0 * **golang.org/x/mod** v0.6.0 **_new_** * **golang.org/x/net** fe4d6282115f -> v0.4.0 * **golang.org/x/oauth2** 2bc19b11175f -> d3ed0bb246c8 * **golang.org/x/sync** 036812b2e83c -> v0.1.0 * **golang.org/x/sys** 1d35b9e2eb4e -> v0.3.0 * **golang.org/x/term** 6886f2dfbf5b -> v0.3.0 * **golang.org/x/text** v0.3.7 -> v0.5.0 * **golang.org/x/time** 1f47c861a9ac -> 90d013bbcef8 * **golang.org/x/tools** v0.2.0 **_new_** * **google.golang.org/genproto** e50cd9704f63 -> b1a01be3a5f6 * **google.golang.org/grpc** v1.43.0 -> v1.51.0 * **google.golang.org/protobuf** v1.27.1 -> v1.28.1 * **gopkg.in/yaml.v3** 496545a6307b -> v3.0.1 * **k8s.io/api** v0.22.5 -> v0.25.4 * **k8s.io/apimachinery** v0.22.5 -> v0.25.4 * **k8s.io/apiserver** v0.22.5 -> v0.25.4 * **k8s.io/client-go** v0.22.5 -> v0.25.4 * **k8s.io/component-base** v0.22.5 -> v0.25.4 * **k8s.io/cri-api** v0.23.1 -> v0.26.0-beta.0 * **k8s.io/klog/v2** v2.30.0 -> v2.80.1 * **k8s.io/utils** cb0fa318a74b -> 8e77b1f39fe2 * **sigs.k8s.io/json** f223a00ba0e2 **_new_** * **sigs.k8s.io/structured-merge-diff/v4** v4.1.2 -> v4.2.3 * **sigs.k8s.io/yaml** v1.2.0 -> v1.3.0 Previous release can be found at [v1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0) ### Which file should I download? * `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: ✅Recommended. Dynamically linked with glibc 2.27 (Ubuntu 18.04). * `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent. * `cri-containerd-<VERSION>-<OS>-<ARCH>.tar.gz`: (Deprecated) * `cri-containerd-cni-<VERSION>-<OS>-<ARCH>.tar.gz`: (Deprecated) In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases) and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too. See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation. -
v1.6.14
containerd 1.6.14 Welcome to the v1.6.14 release of containerd! The fourteenth patch release for containerd 1.6 fixes a regression in the CRI plugin related to swap ### Notable Updates * **Fix `memory.memsw.limit_in_bytes: no such file or directory` error in CRI plugin** ([#7838](https://github.com/containerd/containerd/pull/7838)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Phil Estes * Derek McGowan * Akihiro Suda * Cameron Sparr * Akhil Mohan * Kazuyoshi Kato * Sebastiaan van Stijn * Serge Logvinov * Wang Bing * Wei Fu * cathaysia * shi yixue * wusong ### Changes <details><summary>6 commits</summary> <p> * Prepare release notes for v1.6.14 ([#7841](https://github.com/containerd/containerd/pull/7841)) * [`1347d7c87`](https://github.com/containerd/containerd/commit/1347d7c87b01fb27b44a8c3f16b1e8c18ca656bc) Prepare release notes for v1.6.14 * [release/1.6] cri: fix `memory.memsw.limit_in_bytes: no such file or directory` ([#7838](https://github.com/containerd/containerd/pull/7838)) * [`53c733e0b`](https://github.com/containerd/containerd/commit/53c733e0bacd44d52cbe58a31dbc1ff2ca0d5403) cri: fix `memory.memsw.limit_in_bytes: no such file or directory` * Revert "[release/1.6] support fetching containerd from non public GCS buckets" ([#7830](https://github.com/containerd/containerd/pull/7830)) * [`e8b22c100`](https://github.com/containerd/containerd/commit/e8b22c100b33e4f9eab68050a2b75deb7f0fadf1) Revert "[release/1.6] support fetching containerd from non public GCS buckets" </p> </details> ### Changes from containerd/cgroups <details><summary>21 commits</summary> <p> * ParseCgroupFile: fix wrong comment about unified hierarchy ; add ParseCgroupFileUnified to get the unified path ([#232](https://github.com/containerd/cgroups/pull/232)) * [`dd81920`](https://github.com/containerd/cgroups/commit/dd81920d1b44d7d9f75d93e40a74333e9afd4b92) add ParseCgroupFileUnified to get the unified path * [`dae6735`](https://github.com/containerd/cgroups/commit/dae6735f2be5a4dbeb43eb726a26419aef9e2185) ParseCgroupFile: fix wrong comment about unified hierarchy * Bump go version to 1.17 in go.mod ([#230](https://github.com/containerd/cgroups/pull/230)) * [`e5baf6b`](https://github.com/containerd/cgroups/commit/e5baf6bb07db038eab23afc4b3a2898632f2f47c) Bump go version to 1.17 in go.mod * make cmd/ a separate module (as it's only for testing) ([#226](https://github.com/containerd/cgroups/pull/226)) * [`66f3f56`](https://github.com/containerd/cgroups/commit/66f3f5679fb06642a202997239499dec009d199d) make cmd/ a separate module (as it's only for testing) * feat(v2): add Update method for v2.Manager ([#225](https://github.com/containerd/cgroups/pull/225)) * [`0592512`](https://github.com/containerd/cgroups/commit/059251245e46cb46e51254ef754cf3556c31a5fc) feat(v2): add Update method for v2.Manager * feat: add memory.min param ([#211](https://github.com/containerd/cgroups/pull/211)) * [`8276db2`](https://github.com/containerd/cgroups/commit/8276db2ebe5a9d7124287d208413aac93c3e59ac) feat: add memory.min param * modified the dereference null pointer value. ([#218](https://github.com/containerd/cgroups/pull/218)) * [`a76c4fb`](https://github.com/containerd/cgroups/commit/a76c4fbd5b9656aaad856a3684d22116cf9e08bd) modified the dereference null pointer value. * update readme for cpu cgroup demo ([#217](https://github.com/containerd/cgroups/pull/217)) * [`f39d7da`](https://github.com/containerd/cgroups/commit/f39d7dad9bd533a205ff5e2094615aa22a3f2d1f) update readme for cpu cgroup demo * Fix systemd full path ([#221](https://github.com/containerd/cgroups/pull/221)) * [`aa8003c`](https://github.com/containerd/cgroups/commit/aa8003ca79589e6ab8a1d081b2d768eb9f35b5c8) Fix systemd full path * Update Go version and fedora base ([#223](https://github.com/containerd/cgroups/pull/223)) * [`d7918f2`](https://github.com/containerd/cgroups/commit/d7918f21b96761cb4d69c7f42e3f8ce54d9a2a9a) Update Go version and fedora base * Fix panic in NewSystemd on nil values ([#219](https://github.com/containerd/cgroups/pull/219)) * [`65478b8`](https://github.com/containerd/cgroups/commit/65478b8fddda44862ebb6bb2b69122a22e61eba5) Fix panic in NewSystemd on nil values </p> </details> ### Dependency Changes * **github.com/containerd/cgroups** v1.0.3 -> v1.0.4 Previous release can be found at [v1.6.13](https://github.com/containerd/containerd/releases/tag/v1.6.13)
-
v1.6.13
containerd 1.6.13 Welcome to the v1.6.13 release of containerd! The thirteenth patch release for containerd 1.6 contains various fixes and updates. ### Notable Updates * **Update overlay snapshotter to check for tmpfs when evaluating usage of userxattr** ([#7788](https://github.com/containerd/containerd/pull/7788)) * **Update hcsschim to v0.9.6 to fix resource leak on exec** ([#7808](https://github.com/containerd/containerd/pull/7808)) * **Make swapping disabled with memory limit in CRI plugin** ([#7815](https://github.com/containerd/containerd/pull/7815)) * **Allow clients to remove created tasks with PID 0** ([#7816](https://github.com/containerd/containerd/pull/7816)) * **Fix concurrent map iteration and map write in CRI port forwarding** ([#7819](https://github.com/containerd/containerd/pull/7819)) * **Check for nil `HugepageLimits` to avoid panic in CRI plugin** ([#7820](https://github.com/containerd/containerd/pull/7820)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Akhil Mohan * Phil Estes * Kazuyoshi Kato * Maksym Pavlenko * Akihiro Suda * Gavin Inglis * Kirtana Ashok * Mike Brown * Qasim Sarfraz * Shinichi Morimoto * chaunceyjiang * mathis-m ### Changes <details><summary>25 commits</summary> <p> * [release/1.6] Prepare release notes for v1.6.13 ([#7821](https://github.com/containerd/containerd/pull/7821)) * Prepare release notes for v1.6.13 * [release/1.6] support fetching containerd from non public GCS buckets ([#7823](https://github.com/containerd/containerd/pull/7823)) * disable tracing while handling token * support fetching containerd from non public GCS buckets * [release/1.6] nil check to avoid panic on upgrade ([#7820](https://github.com/containerd/containerd/pull/7820)) * nil check to avoid panic on upgrade * [release/1.6] concurrent map iteration and map write ([#7819](https://github.com/containerd/containerd/pull/7819)) * fatal error: concurrent map iteration and map write * [release/1.6] allow client to remove created tasks with PID 0 ([#7816](https://github.com/containerd/containerd/pull/7816)) * allow client to remove created tasks with PID 0 * [release/1.6] cri: make swapping disabled with memory limit ([#7815](https://github.com/containerd/containerd/pull/7815)) * cri: make swapping disabled with memory limit * [release/1.6] go.mod: Bump hcsshim to v0.9.6 ([#7808](https://github.com/containerd/containerd/pull/7808)) * Bump hcsshim to v0.9.6 * [release/1.6] Cherry pick GitHub actions workflow updates 1.6 ([#7713](https://github.com/containerd/containerd/pull/7713)) * update codeql-action to v2 * Upgrade actions/upload-artifact from v2 to v3 * Move up actions versions to prep for deprecation * CI: update GHA instances from Ubuntu 18.04 to 20.04 * Use global env variable to specify Go version on CI * Rework permission handling in scripts * fix pool_device_test.go * [release/1.6] fix: check for tmpfs when evaluating if userxattr should be used ([#7788](https://github.com/containerd/containerd/pull/7788)) * fix: check for tmpfs when evaluating if userxattr should be used </p> </details> ### Dependency Changes * **github.com/Microsoft/hcsshim** v0.9.5 -> v0.9.6 Previous release can be found at [v1.6.12](https://github.com/containerd/containerd/releases/tag/v1.6.12)
-
v1.7.0-beta.1
containerd 1.7.0-beta.1 Welcome to the v1.7.0-beta.1 release of containerd! *This is a pre-release of containerd* The eighth major release of containerd includes new functionality alongside many improvements. This release is intended to be the last major release of containerd 1.x before 2.0. Some functionality in this release may be considered experimental or unstable, but will become stable or default in 2.0. This release still adheres to our backwards compability guarantees and users who do not use or enable new functionality should use this release with the same stability expectations. The previous 1.6 release has also become a long term stable release for users who prefer releases with mostly stability improvements and wish to wait a few releases for new functionality. _This is a beta release and includes some functionality which is not yet complete. While most APIs are finalized before merge, they are subject to change until the official release._ ### Highlights #### Sandbox API _(experimental)_ The sandbox API provides a new way of managing containerd's shim, providing more flexibility and functionality for multi-container environments such as Pods and VMs. This API makes it easier to manage these groups of containers at a higher level and offers new extension points for shim implementations and clients. * **Sandbox API** ([#6703](https://github.com/containerd/containerd/pull/6703)) * **CRI Sandbox API Implementation** ([#7228](https://github.com/containerd/containerd/pull/7228)) #### Transfer Service _(experimental)_ * **Transfer Service** ([#7320](https://github.com/containerd/containerd/pull/7320)) The transfer service provides a simple interface to transfer artifact objects between any source and destination. This allows for pull and push operations to be done in containerd whether requested from clients or plugins. It is experimental in this release to allow for further plugin development and integration into existing plugins. See the [Transfer Docs](https://github.com/containerd/containerd/blob/main/docs/transfer.md) #### NRI _(experimental)_ * **Extend NRI scope** ([nri#16](https://github.com/containerd/nri/pull/16)) * **Support for updated NRI** ([#6019](https://github.com/containerd/containerd/pull/6019)) The Node Resource Interface is a common framework for plugging extensions into OCI-compatible container runtimes. It provides basic mechanisms for plugins to track the state of containers and to make limited changes to their configuration. This release introduces NRI v0.2.0 with an updated plugin interface to cover a wide range of use cases. See the [NRI Docs](https://github.com/containerd/containerd/blob/main/docs/NRI.md) #### Platform Support * **Linux containers on FreeBSD** ([#7000](https://github.com/containerd/containerd/pull/7000)) #### Runtime Features * **Add support for CDI device injection** ([#6654](https://github.com/containerd/containerd/pull/6654)) * **Support for cgroups blockio** ([#5490](https://github.com/containerd/containerd/pull/5490)) * **Add restart policy for enhanced restart manager** ([#6744](https://github.com/containerd/containerd/pull/6744)) #### Road to 2.0 ##### Refactoring There are multiple places in the code today which are being targeted for refactoring to make long term support easier and to provide more extension points. The CRI plugin is the most complex containerd plugin with a wide range of functionality. A major effort in this release and before 2.0 involves moving functionality out of the single CRI plugin into smaller-scoped containerd plugins, such that they can be used and tested independenty. The new sandbox and distribution interfaces provide one example of this, but it also being done for image and network management. The version of ttrpc has been updated this release to support streaming, allowing existing grpc services to use ttrpc. Services are being refactored to allow ttrpc implementations, which can be served via shim and accessed using the new sandbox management capability. * **Remove gogoproto.customtype** ([#6699](https://github.com/containerd/containerd/pull/6699)) * **Remove enumvalue_customname, goproto_enum_prefix and enum_customname** ([#6708](https://github.com/containerd/containerd/pull/6708)) * **Remove all gogoproto extensions** ([#6829](https://github.com/containerd/containerd/pull/6829)) * **Migrate off from github.com/gogo/protobuf** ([#6841](https://github.com/containerd/containerd/pull/6841)) * **ttrpc streaming** ([ttrpc#107](https://github.com/containerd/ttrpc/pull/107)) * **Add unpack interface for client** ([#6749](https://github.com/containerd/containerd/pull/6749)) * **Add collectible resources to metadata gc** ([#6804](https://github.com/containerd/containerd/pull/6804)) ##### Configuration Existing CRI configurations will be supported until 2.0. Any functionality split out of CRI will have their configuration migrated to new plugins. Deprecated configuration versions and configurations for deprecated features will be removed in 2.0. ##### Deprecation The 2.0 release will remove any feature deprecated in 1.x. Features deprecated in this release include. * **Docker Schema 1 Image Deprecation** ([#6884](https://github.com/containerd/containerd/pull/6884)) #### CRI Updates * **Support image pull progress timeout** ([#6150](https://github.com/containerd/containerd/pull/6150)) * **Fix CRI plugin to setup pod network after creating the sandbox container** ([#5904](https://github.com/containerd/containerd/pull/5904)) * **Pass all TOML runtime configuration options from CRI to the runtime** ([#7764](https://github.com/containerd/containerd/pull/7764)) #### Other * **Support shallow content copy by adding reader option to local content reader at** ([#7414](https://github.com/containerd/containerd/pull/7414)) * **Add NoSameOwner option when unpacking tars** ([#7386](https://github.com/containerd/containerd/pull/7386)) * **Add `FetcherByDigest` for fetching blobs without fetching a manifest** ([#7460](https://github.com/containerd/containerd/pull/7460)) * **Update default seccomp profile to block socket calls to AF_VSOCK** ([#7510](https://github.com/containerd/containerd/pull/7510)) * **Replace fork on mount logic with CLONE_FS** ([#7513](https://github.com/containerd/containerd/pull/7513)) * **Add support for default registry host configuration** ([#7607](https://github.com/containerd/containerd/pull/7607)) * **Use github.com/minio/sha256-simd for more efficient sha256 calculation** ([#7732](https://github.com/containerd/containerd/pull/7732)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Kazuyoshi Kato * Derek McGowan * Phil Estes * Maksym Pavlenko * Wei Fu * Akihiro Suda * Sebastiaan van Stijn * Samuel Karp * Mike Brown * Krisztian Litkey * Daniel Canter * Ye Sijun * yanggang * Adam Korcz * Ed Bartosh * Stefan Berger * Gabriel Adrian Samfira * Nashwan Azhari * Paul "TBBle" Hampson * Luca Comellini * ruiwen-zhao * xin.li * Austin Vazquez * Brian Goff * Shengjing Zhu * zounengren * Danny Canter * Gavin Inglis * Henry Wang * Iceber Gu * Justin Terry * Swagat Bora * wanglei * Akhil Mohan * Kevin Parsons * lengrongfu * Michael Crosby * Paco Xu * Qiutong Song * Shiming Zhang * James Jenkins * Michael Zappa * Tobias Klauser * guodong * pigletfly * Amit Barve * Antonio Ojea * Cameron Sparr * Craig Ingram * Eng Zer Jun * Eric Lin * James Sturtevant * Jess * Jonny Stoten * Juan Hoyos * Kang.Zhang * Mikko Ylinen * Paul Cacheux * Paul S. Schweigert * Vincent Batts * Yasin Turan * bin liu * cosmoer * dependabot[bot] * Abirdcfly * Aditi Sharma * Aman Sharma * Anastassios Nanos * Andrew G. Morgan * Andrey Klimentyev * Antti Kervinen * Aviral Takkar * Baoshuo * Benjamin Elder * Chao Dai * Chuanying Du * Claudiu Belu * Cory Snider * Danielle Lancashire * Dat Nguyen * Davanum Srinivas * Dave * David Porter * Dmitry Shurupov * Eric Ernst * Ethan Lowman * Fabian Hoffman * Fabian Hoffmann * Fahed Dorgaa * Gabriela Cervantes * Gijs Peskens * Hamza El-Saawy * Hsing-Yu (David) Chen * Ikko Ashimine * Jeff Widman * Jeff Zvier * Jeremi Piotrowski * Jin Dong * Jordan Karaze * Joseph Sheng * Joyce Brum * Jukka Rissanen * Kate * Kathryn Baldauf * Kirtana Ashok * Kohei Tokunaga * Kyle L Frisbie * LongtaoZhang * Manuel Alejandro de Brito Fontes * Marc Schwind * Mark Rossetti * Marvin Giessing * Mathis Michel * Merlin Ran * Nabeel Rana * Nguyen Phan Huy * Nikita Rybak * Nobel Barakat * Oleg Atamanenko * Oleg Zhurakivskyy * Oliver Radwell * Qasim Sarfraz * Quan Tian * Rodrigo Campos * Roy Yang * Serge Logvinov * Shane Jennings * Shaun Lawrie * Shinichi Morimoto * SilverSoldier * Sophie Liu * Su Fei * Taeho Nam * Takumasa Sakao * Tiger Kaovilai * Tom Godkin * Tomoya.Fujita * Tony Fang * Tõnis Tiigi * Xinlin Ma * Yakul Garg * Zhang Tianyang * Zhongming Chang * Zhuchen Wang * austinvazquez * calvin0327 * cardy.tang * dabaooline * guiyong.ou * huoqifeng * jianfei.zhang * ningmingxiao * shi yixue * shuaichang * songjiang han * wusong * xiaoyang zhu * yanghesong * yaozhenxiu * zhang he ### Changes <details><summary>1256 commits</summary> <p> * Prepare release notes for v1.7.0-beta.1 ([#7793](https://github.com/containerd/containerd/pull/7793)) * Prepare release notes for v1.7.0-beta.1 * support fetching containerd from non public GCS buckets ([#7771](https://github.com/containerd/containerd/pull/7771)) * disable tracing while handling token * support fetching containerd from non public GCS buckets * images: support specifying SourceDateEpoch via ctx ([#7651](https://github.com/containerd/containerd/pull/7651)) * images: support specifying SourceDateEpoch via ctx * epoch: propagate SOURCE_DATE_EPOCH via ctx * fuzzing: improve archive fuzzer ([#7718](https://github.com/containerd/containerd/pull/7718)) * fuzzing: improve archive fuzzer * fix sdNotify func when debug level ([#7798](https://github.com/containerd/containerd/pull/7798)) * fix sdNotify func when debug level * Upgrade GitHub actions packages in release workflow ([#7794](https://github.com/containerd/containerd/pull/7794)) * Upgrade GitHub actions packages in release workflow * Enable GitHub Actions local Linux CI runs ([#7796](https://github.com/containerd/containerd/pull/7796)) * Enable GitHub Actions local Linux CI runs * integration: increase timeout in container_event_test.go ([#7791](https://github.com/containerd/containerd/pull/7791)) * integration: increase timeout in container_event_test.go * digest: use github.com/minio/sha256-simd ([#7732](https://github.com/containerd/containerd/pull/7732)) * digest: use github.com/minio/sha256-simd * allow client to remove created tasks with PID 0 ([#7787](https://github.com/containerd/containerd/pull/7787)) * allow client to remove created tasks with PID 0 * Add container event support to containerd ([#7073](https://github.com/containerd/containerd/pull/7073)) * Add Evented PLEG support to sandbox server * Add container event support to containerd * docs: Authorizer.Authorize could return ErrUnexpectedStatus ([#7786](https://github.com/containerd/containerd/pull/7786)) * docs: Authorizer.Authorize could return ErrUnexpectedStatus * fix: check for tmpfs when evaluating if userxattr is needed ([#7772](https://github.com/containerd/containerd/pull/7772)) * fix: check for tmpfs when evaluating if userxattr should be used * Pass TOML configuration options for runtimes CRI is not aware of ([#7764](https://github.com/containerd/containerd/pull/7764)) * Pass runtime configuration as TOML blob * Update runtime options to include bytes blob * Cleanup build constraints ([#7776](https://github.com/containerd/containerd/pull/7776)) * Respect no_cri constraint * Cleanup build constraints * There is no way to disable debug endpoint on Darwin ([#7775](https://github.com/containerd/containerd/pull/7775)) * Fix default config for Darwin * CI: Vagrant: pin rockylinux/8 to v5.0.0 ([#7777](https://github.com/containerd/containerd/pull/7777)) * CI: Vagrant: pin rockylinux/8 to v5.0.0 * vendor: golang.org/x/net v0.4.0 ([#7774](https://github.com/containerd/containerd/pull/7774)) * vendor: golang.org/x/net v0.4.0 * Fix context when waiting sandbox ([#7773](https://github.com/containerd/containerd/pull/7773)) * Fix context when waiting sandbox * Github Security Advisory [GHSA-2qjp-425j-52j9](https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9) * CRI stream server: Fix goroutine leak in Exec * update to go1.19.4, go1.18.9 ([#7765](https://github.com/containerd/containerd/pull/7765)) * update to go1.19.4, go1.18.9 * Change PushContent to require only Provider ([#7763](https://github.com/containerd/containerd/pull/7763)) * Change PushContent to require only Provider * sbserver bug fixing ([#7768](https://github.com/containerd/containerd/pull/7768)) * sbserver bug fixing * Add unit test to Opentelemetry tracing ([#7671](https://github.com/containerd/containerd/pull/7671)) * Adding unit tests to opentelemetry tracing * remove some (aliases for) deprecated functions ([#7525](https://github.com/containerd/containerd/pull/7525)) * sys: remove unused GetOpenFds() * remotes/docker: remove deprecated NewAuthorizer alias * sys: remove aliases for deprecated EpollCreate1, EpollCtl, EpollWait * pkg/cri/util/: remove deprecated NormalizeImageRef alias * sys: remove alias for deprecated sys.RunningInUserNS() * Refactor ctr restore to allow for tty allocation ([#7673](https://github.com/containerd/containerd/pull/7673)) * Refactored ctr to allow for tty allocation when container has {terminal:true} within Spec * fix panic when containerd-stress density --count 0 ([#7748](https://github.com/containerd/containerd/pull/7748)) * fix panic when containerd-stress density --count 0 * Unwrap proto errors in streaming client ([#7753](https://github.com/containerd/containerd/pull/7753)) * Unwrap proto errors in streaming client * Fix process_vm_* syscall names in seccomp ([#7755](https://github.com/containerd/containerd/pull/7755)) * Fix process_vm_* syscall names in seccomp * upgrade the ops.md output for current 1.7 version . ([#7747](https://github.com/containerd/containerd/pull/7747)) * upgrade the ops.md output for current 1.7 version . * docs: Add extra security instructions ([#7743](https://github.com/containerd/containerd/pull/7743)) * docs: Add extra security instructions * go.mod: re-vendor NRI from the official repo. ([#7744](https://github.com/containerd/containerd/pull/7744)) * go.mod: re-vendor NRI from the official repo. * [Sandbox API] CRI status cleanup ([#7731](https://github.com/containerd/containerd/pull/7731)) * [sandbox] Fix panic when waiting for sandbox controller * [sandbox] Specify sandbox ID when using sandboxed shims * [sandbox] Don't access pause container when creating pod container * [sandbox] Move sandbox info to podsandbox controller * [sandbox] Update Controller.Status protos * Transfer service ([#7320](https://github.com/containerd/containerd/pull/7320)) * Rename transferer to transferrer * Cleanup code comments and lint fixes * Update transfer docs * Rename local transfer plugin * Add variables names to transfer interface * Combine stream fuzz tests * Add media type to export stream * Update export API types * Update ctr to make local the default for distribution * Update import cli to use transfer service * Update import logic * Update API for import types * Update pull command to use filter arguments * Add filter fields to image store types * Improve push handler ordering * Add push progress * Fixup pull authorization and labeling * Lint fixes * Regenerated protobuf files with updated version * Add transfer docs * Add transfer integration test * Update ctr commands to use transfer interface * Update transfer packages * Update transfer API * Add transfer plugin registration * Add basic import and export handlers * Add binary stream functionality and helpers * Implement client interface for transfer service * Add progress * Add transfer proxy client * Transfer interface and plugin work in progress * Transfer API types * Add transfer API * Add streaming service * NRI: add support for NRI with extended scope. ([#6019](https://github.com/containerd/containerd/pull/6019)) * docs: add NRI-related documentation. * pkg/cri/server: nuke old v0.1.0 NRI hooks. * integration: add first NRI integration tests. * pkg/cri/server: experimental NRI integration for CRI. * nri: add experimental NRI plugin. * archive: set WithModTimeUpperBound when WithSourceDateEpoch is set ([#7710](https://github.com/containerd/containerd/pull/7710)) * archive: set WithModTimeUpperBound when WithSourceDateEpoch is set * Fix order of operations when setting lease labels ([#7702](https://github.com/containerd/containerd/pull/7702)) * Fix order of operations when setting lease labels * Add ctr image prune command ([#7730](https://github.com/containerd/containerd/pull/7730)) * Add ctr image prune * Check for nullptr before dereferencing ([#7708](https://github.com/containerd/containerd/pull/7708)) * Added nullptr checks to pkg/cri/server and sbserver * use MaxConcurrentDownloads instead of MaxConcurrentUploadedLayers ([#7736](https://github.com/containerd/containerd/pull/7736)) * use MaxConcurrentDownloads instead of MaxConcurrentUploadedLayers * introspection: expose the daemon's PID and PIDNS ([#7694](https://github.com/containerd/containerd/pull/7694)) * introspection: expose the daemon's PID and PIDNS * reference/docker: synchronize fork with upstream distribution/distribution ([#7635](https://github.com/containerd/containerd/pull/7635)) * registry: support ipv6 addresses * Replace references to `re` with `regexp.MustCompile` * Improve how reference regexps are built * Clarify repo name regex intention * go.mod: change imports to github.com/distribution/distribution/v3 * Update repo normalize error message to include the name of the repo. * Fix bug in parsing domain from repository reference * reference/docker: add unit-tests from upstream distribution/distribution * reference/docker: align files with original code * go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions ([#7721](https://github.com/containerd/containerd/pull/7721)) * go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions * Add ptrace readby and tracedby to default AppArmor profile ([#7714](https://github.com/containerd/containerd/pull/7714)) * Add ptrace readby and tracedby to default AppArmor profile * Fix sandbox API when calling sandboxed shims ([#7684](https://github.com/containerd/containerd/pull/7684)) * Use sandbox store to retrieve runtime info for sandboxed containers * Retrieve sandbox creation time from store. * Remove duplicated helpers * Specify runtime configuration for sandbox shims * make status more readable and update easy. ([#7669](https://github.com/containerd/containerd/pull/7669)) * make status more readable and update easy. * integration/client: fix go.mod grouping, containerd to v1.7.0-beta.0, cgroups back to v1.0.4 ([#7720](https://github.com/containerd/containerd/pull/7720)) * go.mod: roll back github.com/containerd/cgroups to v1.0.4 release * integration/client: update containerd version to v1.7.0-beta.0 * integration/client: fix go.mod grouping * Resolve warnings in Windows GitHub Actions periodic workflows ([#7706](https://github.com/containerd/containerd/pull/7706)) * Resolve warnings in Windows GitHub Actions periodic workflows * Sandbox API: implement Controller.Status for SandboxAPI ([#7470](https://github.com/containerd/containerd/pull/7470)) * feat add sandbox api status func * [port #5904 to sbserver] Setup pod network after creating the sandbox container ([#7426](https://github.com/containerd/containerd/pull/7426)) * integration: enable CNI slow test for sbserver * sbserver: save netns in sandbox metadata on create * integration: enable tests for sbserver * sbserver: persist sandbox during partial teardown * fix for OSS-Fuzz infra changes ([#7677](https://github.com/containerd/containerd/pull/7677)) * fix for OSS-Fuzz infra changes * runtime/v2/shim: clean up the use of containerdBinary ([#7499](https://github.com/containerd/containerd/pull/7499)) * runtime/v2/shim: clean up the use of containerdBinary * Add process_vm read and write calls to default seccomp profile ([#7693](https://github.com/containerd/containerd/pull/7693)) * Add process_vm read and write calls to default seccomp profile * Resolve Scorecards GitHub Actions workflow warnings ([#7707](https://github.com/containerd/containerd/pull/7707)) * Resolve Scorecards GitHub Actions workflow warnings * cri: add pod uid annotation ([#7697](https://github.com/containerd/containerd/pull/7697)) * cri: add pod uid annotation * Missed out `platform interface` when reused the conn for Client. ([#7699](https://github.com/containerd/containerd/pull/7699)) * Missed out `platform interface` when reused the conn for Client. * overlayfs: remove duplicated tx rollback ([#7700](https://github.com/containerd/containerd/pull/7700)) * remove duplicated tx rollback * go.mod: update some dependencies ([#7704](https://github.com/containerd/containerd/pull/7704)) * go.mod: github.com/matttproud/golang_protobuf_extensions v1.0.2 * go.mod: github.com/moby/sys/sequential v0.5.0 * go.mod: github.com/cpuguy83/go-md2man/v2 v2.0.2 * go.mod: github.com/AdaLogics/go-fuzz-headers v0.0.0-20221118232415-3345c89a7c72 * go.mod: golang.org/x/sys v0.2.0 * go.mod: github.com/sirupsen/logrus v1.9.0 * update github.com/cpuguy83/go-md2man/v2 to v2.0.2 ([#7705](https://github.com/containerd/containerd/pull/7705)) * update github.com/cpuguy83/go-md2man/v2 to v2.0.2 * Fsnotify bump and change code ([#7703](https://github.com/containerd/containerd/pull/7703)) * Change fsnotify event status condition. * Bump fsnotify to v1.6.0 * fix build containerd in centos9 ([#7683](https://github.com/containerd/containerd/pull/7683)) * Fix building.md for btrfs * Bump urfave-cli to v1.22.10 ([#7701](https://github.com/containerd/containerd/pull/7701)) * Bump urfave-cli to v1.22.10 * can set up the network serially by CNI plugins ([#7685](https://github.com/containerd/containerd/pull/7685)) * can set up the network serially by CNI plugins * Update cri-api dependency to v0.26.0-beta.0 ([#7656](https://github.com/containerd/containerd/pull/7656)) * Update to cri-api v0.26.0-beta.0 * Copy cri-api v1alpha2 from v0.25.4 to containerd internal directory * overlay: Remove unused method param ([#7696](https://github.com/containerd/containerd/pull/7696)) * overlay: Remove unused method param * CI: update Fedora to 37 ([#7691](https://github.com/containerd/containerd/pull/7691)) * CI: update Fedora to 37 * tx rollback when GetInfo return error ([#7678](https://github.com/containerd/containerd/pull/7678)) * tx rollback when GetInfo return error * Upgrade github.com/containerd/cgroups from v1 to v3 ([#7601](https://github.com/containerd/containerd/pull/7601)) * Remove the outdated comment * Convert hcsshim's stats to cgroups' stats * Use github.com/containerd/cgroups/v3 to remove gogo * Remove OpenTelementry imports from remotes/docker package ([#7675](https://github.com/containerd/containerd/pull/7675)) * Remove OpenTelementry imports from remotes/docker package * Expose Done and Err in Shutdown service ([#7686](https://github.com/containerd/containerd/pull/7686)) * Expose Done and Err in Shutdown service * gotestsum match go version 1.19 ([#7688](https://github.com/containerd/containerd/pull/7688)) * gotestsum match go version 1.19 * complement sub-command note for containerd-main ([#7670](https://github.com/containerd/containerd/pull/7670)) * complement sub-command note for containerd-main * keep the lower case letter for flag info ([#7668](https://github.com/containerd/containerd/pull/7668)) * keep the lower case letter for flag info * bump critools into ca1571e6edd116b2c95f52e3dfa0b4779b74223a ([#7666](https://github.com/containerd/containerd/pull/7666)) * bump critools into ca1571e6edd116b2c95f52e3dfa0b4779b74223a * Fix broken link for CRI plugin in docs ([#7667](https://github.com/containerd/containerd/pull/7667)) * Replace broken and redirection link for CRI and kubelet in docs * add option to resolve symlinks in WithLinuxDevice ([#7523](https://github.com/containerd/containerd/pull/7523)) * add option to resolve symlinks to linux device * Bump k8s.io deps to v0.25.4 ([#7663](https://github.com/containerd/containerd/pull/7663)) * Bump k8s.io deps to v0.25.4 * Release: add static binaries ([#7659](https://github.com/containerd/containerd/pull/7659)) * Release: add static binaries * Bump OpenTelemetry contrib to v0.36.4 ([#7662](https://github.com/containerd/containerd/pull/7662)) * Bump OpenTelemetry contrib to v0.36.4 * Fix slice append error (`spec.Linux.Resources.HugepageLimits`) ([#7661](https://github.com/containerd/containerd/pull/7661)) * Fix slice append error * Bump OpenTelemetry to v1.11.1 ([#7660](https://github.com/containerd/containerd/pull/7660)) * Bump OpenTelemetry to v1.11.1 * feature: add gc scheduler metrics collection count ([#5263](https://github.com/containerd/containerd/pull/5263)) * add gc scheduler metrics: collection count * Add `--debug` args to all subcommands of `ctr pprof` ([#7629](https://github.com/containerd/containerd/pull/7629)) * Add `--debug` args * Add a thin wrapper around otel Span object ([#7655](https://github.com/containerd/containerd/pull/7655)) * Add a thin wrapper around otel Span object * Bump grpc to v1.50.1 ([#7643](https://github.com/containerd/containerd/pull/7643)) * Bump grpc to v1.50.1 * replace strings.Split(N) for strings.Cut() or alternatives ([#7631](https://github.com/containerd/containerd/pull/7631)) * replace strings.Split(N) for strings.Cut() or alternatives * services/server/config: TestMergeConfigs(): use correctly formatted values * add oci.WithCPURT ([#7642](https://github.com/containerd/containerd/pull/7642)) * add oci.WithCPURT * Sandbox API: Add a new mode config for sandbox controller impls ([#7590](https://github.com/containerd/containerd/pull/7590)) * Sandbox API: Add a new mode config for sandbox controller impls * fuzzing: bump go-fuzz-headers ([#7625](https://github.com/containerd/containerd/pull/7625)) * fuzzing: bump go-fuzz-headers * Bump k8s.io deps to v0.25.3 ([#7637](https://github.com/containerd/containerd/pull/7637)) * Bump k8s.io deps to v0.25.3 * Remove uses of deprecated go-digest.NewDigestFromHex, go-digest.Digest.Hex ([#7641](https://github.com/containerd/containerd/pull/7641)) * Remove uses of deprecated go-digest.NewDigestFromHex, go-digest.Digest.Hex * Extra documentation for content interfaces ([#7640](https://github.com/containerd/containerd/pull/7640)) * Extra documentation for content interfaces. * Fix shim socket permissions on Darwin ([#7638](https://github.com/containerd/containerd/pull/7638)) * Rename darwin-kubelet to containerd * s390x: build and package s390x bin in release assets ([#7614](https://github.com/containerd/containerd/pull/7614)) * s390x: initial enabler * Replace mount fork hack with CLONE_FS ([#7513](https://github.com/containerd/containerd/pull/7513)) * Replace mount fork hack with CLONE_FS * remotes: add `FetcherByDigest` for fetching blobs without foreknown descriptors (useful for general-purpose CAS) ([#7460](https://github.com/containerd/containerd/pull/7460)) * ctr: add `ctr content fetch-blob` * remotes: add FetcherByDigest for fetching blobs without foreknown descriptors * Fix "getCPUInfo for OS freebsd: not implemented" on FreeBSD/arm64 ([#7403](https://github.com/containerd/containerd/pull/7403)) * Fix "getCPUInfo for OS freebsd: not implemented" on FreeBSD/arm64 * Support default hosts.toml configuration ([#7607](https://github.com/containerd/containerd/pull/7607)) * Update hosts doc * Support default hosts.toml configuration * Add tracing spans in CRI image service and pull.go ([#7453](https://github.com/containerd/containerd/pull/7453)) * add SpanAttribute * Add tracing spans in CRI image service and pull.go * Fix missing closed fifo ([#7604](https://github.com/containerd/containerd/pull/7604)) * Fix missing closed fifo * fix comments ([#7624](https://github.com/containerd/containerd/pull/7624)) * fix comments * docs: add additional info in backport process ([#7626](https://github.com/containerd/containerd/pull/7626)) * add additional info in backport process * go.mod: golang.org/x/*: use tagged versions ([#7621](https://github.com/containerd/containerd/pull/7621)) * go.mod: golang.org/x/*: use tagged versions * Bump go version to 1.19.3 ([#7620](https://github.com/containerd/containerd/pull/7620)) * Bump go version to 1.19.3 * ctr export strictly matching ([#7615](https://github.com/containerd/containerd/pull/7615)) * ctr export strictly match default platform * Fix ctr crash when pulling with --http-dump and --http-trace simultaneously ([#7617](https://github.com/containerd/containerd/pull/7617)) * Fix ctr crash when pulling with http-trace and http-dump * Harden GITHUB_TOKEN permissions for OSSF Scorecard ([#7599](https://github.com/containerd/containerd/pull/7599)) * Harden GITHUB_TOKEN permissions * overlayutils: Add fastpath for userxattr check ([#7611](https://github.com/containerd/containerd/pull/7611)) * overlayutils: Add fastpath for userxattr check * Add sequence diagram for shim runtime v2 ([#7606](https://github.com/containerd/containerd/pull/7606)) * Add sequence diagram for shim runtime v2 * Sandbox API: Move remote impls to /sandbox/proxy ([#7600](https://github.com/containerd/containerd/pull/7600)) * Sandbox API: Move remote impls to /sandbox/proxy * fuzzing: improve archive fuzzer ([#7588](https://github.com/containerd/containerd/pull/7588)) * fuzzing: improve archive fuzzer * Retry client connection in waitForStart ([#7537](https://github.com/containerd/containerd/pull/7537)) * Retry client connection in waitForStart * Add Workflow for running critest with Hyper-V Containers on Windows. ([#7025](https://github.com/containerd/containerd/pull/7025)) * Add Workflow for running critest with Hyper-V Containers on Windows. * Add HyperV config in tests * Add release notes for v1.7.0-beta.0 ([#7575](https://github.com/containerd/containerd/pull/7575)) * Add release notes for v1.7.0-beta.0 * Update mailmap * Cleanup sandbox interfaces ([#7576](https://github.com/containerd/containerd/pull/7576)) * Cleanup sandbox interfaces * Update GitHub actions release workflow set output ([#7581](https://github.com/containerd/containerd/pull/7581)) * Migrate away from GitHub actions set-output * Fix LogURI generation-related tests on Windows. ([#7569](https://github.com/containerd/containerd/pull/7569)) * Fix LogURI generation-related tests on Windows. * maintenance: Remove WithWindowsNetworkNamespace from pkg/cri ([#7577](https://github.com/containerd/containerd/pull/7577)) * maintenance: Remove WithWindowsNetworkNamespace from pkg/cri * CRI: implement Controller.Delete for SandboxAPI ([#7457](https://github.com/containerd/containerd/pull/7457)) * CRI: implement Controller.Delete for SandboxAPI * Configure CDI registry only on start ([#7419](https://github.com/containerd/containerd/pull/7419)) * update go.mod and go.sum * improve CDI logging * CDI: configure registry on start * move WithCDI to pkg/cri/opts * update codeql-action to v2 ([#7568](https://github.com/containerd/containerd/pull/7568)) * update codeql-action to v2 * Add logging related metrics to Containerd CRI plugin ([#7546](https://github.com/containerd/containerd/pull/7546)) * Add logging volume metrics to Containerd CRI plugin * sys: optimize and refactor MkdirAllWithACL() ([#7531](https://github.com/containerd/containerd/pull/7531)) * sys: synchronize mkdirall() with latest os.MkDirAll() * sys: create SecurityAttribute only once (Windows) * sys: update volumePath regex to allow returning earlier * sys: compile volume-path regex once, and update GoDoc * fix install cni script ([#7484](https://github.com/containerd/containerd/pull/7484)) * fix install cni script * Update 1.5 release support timeframe ([#7560](https://github.com/containerd/containerd/pull/7560)) * Update 1.5 release support timeframe * bump go-fuzz-headers ([#7503](https://github.com/containerd/containerd/pull/7503)) * bump go-fuzz-headers * Add long term stable release branches ([#7454](https://github.com/containerd/containerd/pull/7454)) * Add long term stable release branches * fix pusher concurrent close channel ([#7473](https://github.com/containerd/containerd/pull/7473)) * fix pusher concurrent close channel * Make tests on GitHub less noisy ([#7530](https://github.com/containerd/containerd/pull/7530)) * Use logtest if possible to clean up logs * Separate containerd logs in GitHub Actions' console * Upgrade critools from 1.24.1 to 1.25.0 * Upgrade actions/upload-artifact from v2 to v3 * containerd should not print error log that failed to init a tracing processor while the tracing plugin is not loaded ([#7541](https://github.com/containerd/containerd/pull/7541)) * not init a tracing processor when not loaded * Update required Go version in BUILDING.md ([#7544](https://github.com/containerd/containerd/pull/7544)) * Update required Go version in BUILDING.md * go.mod: matttproud/golang_protobuf_extensions v1.0.2 (use tag) ([#7522](https://github.com/containerd/containerd/pull/7522)) * go.mod: matttproud/golang_protobuf_extensions v1.0.2 (use tag) * Use `go env` to determine GOPATH in Makefile. ([#7542](https://github.com/containerd/containerd/pull/7542)) * Use `go env` to determine GOPATH in Makefile. * clean-up "nolint" comments, remove unused ones, update golangci-lint ([#7349](https://github.com/containerd/containerd/pull/7349)) * update golangci-lint to v1.49.0 * remove unneeded nolint-comments (nolintlint), disable deprecated linters * clean-up "nolint" comments, remove unused ones * pkg/cri/(server|sbserver): criService.getTLSConfig() add TODO to verify nolint * golangci-lint: sort linters in config file * linting: address gosec G112/G114 * Don't unmount on Darwin when deleting bundle ([#7534](https://github.com/containerd/containerd/pull/7534)) * Don't unmount on Darwin when deleting bundle * Add timeouts to all CI jobs ([#7538](https://github.com/containerd/containerd/pull/7538)) * Add timeouts to all CI jobs * Vagrantfile: explicitly specify rsync as the shared folder driver ([#7539](https://github.com/containerd/containerd/pull/7539)) * Vagrantfile: explicitly specify rsync as the shared folder driver * sys: remove unused IsAbs() (windows) ([#7527](https://github.com/containerd/containerd/pull/7527)) * sys: remove unused IsAbs() (windows) * cri: PodSandboxStatus should tolerate missing task ([#7535](https://github.com/containerd/containerd/pull/7535)) * cri: PodSandboxStatus should tolerate missing task * CI: update GHA instances from Ubuntu 18.04 to 20.04 ([#7489](https://github.com/containerd/containerd/pull/7489)) * CI: update GHA instances from Ubuntu 18.04 to 20.04 * fix the --no-pivot flag being ignored by `ctr tasks start` ([#7519](https://github.com/containerd/containerd/pull/7519)) * fix the --no-pivot flag being ignored by `ctr tasks start` * Update the default seccomp to block socket calls to AF_VSOCK ([#7510](https://github.com/containerd/containerd/pull/7510)) * Update the default seccomp to block socket calls to AF_VSOCK * cmd/containerd: use golang.org/x/sys/windows.SetStdHandle() ([#7511](https://github.com/containerd/containerd/pull/7511)) * cmd/containerd: use golang.org/x/sys/windows.SetStdHandle() * Stats() shouldn't assume s.container is non-nil ([#7517](https://github.com/containerd/containerd/pull/7517)) * Stats() shouldn't assume s.container is non-nil * Move up actions versions to prep for NodeJS 12 deprecation ([#7516](https://github.com/containerd/containerd/pull/7516)) * Move up actions versions to prep for deprecation * cmd/containerd: use golang.org/x/sys Service.SetRecoveryActions() ([#7512](https://github.com/containerd/containerd/pull/7512)) * cmd/containerd: use golang.org/x/sys Service.SetRecoveryActions() * Updates oci image config to support upstream ArgsEscaped ([#7483](https://github.com/containerd/containerd/pull/7483)) * Updates oci image config to support upstream ArgsEscaped * cmd/containerd: replace deprecated windows.IsAnInteractiveSession() ([#7497](https://github.com/containerd/containerd/pull/7497)) * cmd/containerd: replace deprecated windows.IsAnInteractiveSession() * Update container with sandbox metadata after NetNS is created ([#7481](https://github.com/containerd/containerd/pull/7481)) * Update container with sandbox metadata after NetNS is created * archive: add WithSourceDateEpoch() for whiteouts ([#7478](https://github.com/containerd/containerd/pull/7478)) * archive: add WithSourceDateEpoch() for whiteouts * TestTaskResize must use a terminal ([#7492](https://github.com/containerd/containerd/pull/7492)) * TestTaskResize must use a terminal * diff/apply.readCounter: check negative size ([#7494](https://github.com/containerd/containerd/pull/7494)) * diff/apply.readCounter: check negative size * Add new ctr option for discarding unpacked layers ([#7425](https://github.com/containerd/containerd/pull/7425)) * Modify WithDiscardUnpackedLayers * Add new ctr option for discarding unpacked layers * archive: windows: chtimes(): remove redundant conversion ([#7491](https://github.com/containerd/containerd/pull/7491)) * archive: windows: chtimes(): remove redundant conversion * archive: validate digests before use ([#7488](https://github.com/containerd/containerd/pull/7488)) * archive: validate digests before use * vendor: github.com/opencontainers/selinux v1.10.2 ([#7482](https://github.com/containerd/containerd/pull/7482)) * vendor: github.com/opencontainers/selinux v1.10.2 * fuzzing: create structured tar bytes in archive fuzzer ([#7477](https://github.com/containerd/containerd/pull/7477)) * fuzzing: create structured tar bytes in archive fuzzer * Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 ([#7474](https://github.com/containerd/containerd/pull/7474)) * Update to go 1.19.2 to address CVE-2022-2879, CVE-2022-2880, CVE-2022-41715 * use raw link to containerd.service config ([#7463](https://github.com/containerd/containerd/pull/7463)) * use raw link to containerd.servic config * cri doc: Update kata containers reference ([#7466](https://github.com/containerd/containerd/pull/7466)) * cri doc: Update kata containers reference * Setup pod network after creating the sandbox container ([#5904](https://github.com/containerd/containerd/pull/5904)) * Add integration tests with failpoint * Persist container and sandbox if resource cleanup fails, like teardownPodNetwork * cri-integration: pass ENABLE_CRI_SANDBOXES to test * Swap to net.ErrClosed checks for services ([#7446](https://github.com/containerd/containerd/pull/7446)) * Swap to net.ErrClosed checks for services * go.mod: Bump go-winio to v0.6.0 ([#7443](https://github.com/containerd/containerd/pull/7443)) * go.mod: Bump go-winio to v0.6.0 * fix retry when writer is reset on push ([#6995](https://github.com/containerd/containerd/pull/6995)) * retry request on writer reset * CI: Output a summary using GITHUB_SUMMARY ([#7192](https://github.com/containerd/containerd/pull/7192)) * Use jq and only show failed tests on summary * CI: Output a summary using GITHUB_SUMMARY * Fix missing close ([#7430](https://github.com/containerd/containerd/pull/7430)) * fix missing close * Add test flag for skipping shim cgroup test ([#7424](https://github.com/containerd/containerd/pull/7424)) * Add test flag for skipping shim cgroup test * Refactor CRI fuzzers ([#7405](https://github.com/containerd/containerd/pull/7405)) * Refactor CRI fuzzers * Fix LogURIGenerator on Windows ([#7351](https://github.com/containerd/containerd/pull/7351)) * Fix LogURIGenerator on Windows * Set grpc code for unimplemented cri-api methods ([#7417](https://github.com/containerd/containerd/pull/7417)) * Set grpc code for unimplemented cri-api methods * Add reader option to local content reader at ([#7414](https://github.com/containerd/containerd/pull/7414)) * Add reader option to local content reader at * Sandbox API: implement Controller.Wait and Controller.Stop ([#7401](https://github.com/containerd/containerd/pull/7401)) * CRI: implement Controller.Stop for SandboxAPI * CRI: implement Controller.Wait for SandboxAPI * remove stray .zuul.yaml ([#7416](https://github.com/containerd/containerd/pull/7416)) * remove stray .zuul.yaml * reference CDI configuration details ([#7408](https://github.com/containerd/containerd/pull/7408)) * reference CDI configuration details * cri-integration: propagate ENABLE_CRI_SANDBOXES ([#7413](https://github.com/containerd/containerd/pull/7413)) * sbserver: return resources in ContainerStatus * cri-integration: propagate ENABLE_CRI_SANDBOXES * Enable OpenSSF Scorecard Github Action ([#7404](https://github.com/containerd/containerd/pull/7404)) * chore: enable Scorecard Github Action * Add ext2 fs support to devmapper snapshotter ([#7402](https://github.com/containerd/containerd/pull/7402)) * Add ext2 fs support to devmapper snapshotter * Fuzzing: Instrument with new sanitizers ([#7396](https://github.com/containerd/containerd/pull/7396)) * Fuzzing: Instrument with new sanitizers * Upgrade fuzzing-related packages to reduce dependencies ([#7397](https://github.com/containerd/containerd/pull/7397)) * Upgrade fuzzing-related packages to reduce dependencies * remotes/docker/config: Skipping TLS verification for localhost ([#7393](https://github.com/containerd/containerd/pull/7393)) * remotes/docker/config: Skipping TLS verification for localhost * Replace github.com/emicklei/go-restful package, versions <2.16.0 ([#7395](https://github.com/containerd/containerd/pull/7395)) * github.com/emicklei/go-restful CWE-285: Improper Authorization * Add NoSameOwner option when unpacking tars ([#7386](https://github.com/containerd/containerd/pull/7386)) * Add NoSameOwner option when unpacking tars * ctr: add privileged-without-host-devices for run command ([#7328](https://github.com/containerd/containerd/pull/7328)) * ctr: add privileged-without-host-devices for run command * chore: matching the casing of other flags for ctr's pull command ([#7341](https://github.com/containerd/containerd/pull/7341)) * matching the casing of other flags for ctr's pull command. * windows: Add runhcs-wcow-hypervisor runtimeclass to the default config ([#6901](https://github.com/containerd/containerd/pull/6901)) * windows: Add runhcs-wcow-hypervisor runtimeclass to the default config * Fix missing close ([#7370](https://github.com/containerd/containerd/pull/7370)) * Fix missing close * CRI: update cdi version to v0.5.1 ([#7374](https://github.com/containerd/containerd/pull/7374)) * update cdi version to v0.5.1 * Update to go 1.19.1, 1.18.6 to address CVE-2022-27664, CVE-2022-32190 ([#7372](https://github.com/containerd/containerd/pull/7372)) * Update to go 1.19.1, 1.18.6 to address CVE-2022-27664, CVE-2022-32190 * vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c ([#7373](https://github.com/containerd/containerd/pull/7373)) * vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c * Remove unused variable from images action ([#7371](https://github.com/containerd/containerd/pull/7371)) * Remove unused variable from images action * feature: use client default namespace ([#7291](https://github.com/containerd/containerd/pull/7291)) * feature: use client default namespace * integration: TestUpdateContainerResources_MemoryLimit: remove TODO comment ([#7367](https://github.com/containerd/containerd/pull/7367)) * integration: TestUpdateContainerResources_MemoryLimit: remove TODO comment * feature: upgrade registry.k8s.io/pause version ([#7359](https://github.com/containerd/containerd/pull/7359)) * feat: upgrade registry.k8s.io/pause version * metrics/cgroups/v1: Remove unused event parameter ([#7361](https://github.com/containerd/containerd/pull/7361)) * metrics/cgroups/v1: Remove unused event parameter * .zuul: remove the zuul because it is offline ([#7369](https://github.com/containerd/containerd/pull/7369)) * .zuul: remove the zuul because it is offline * Update golangci-lint timeout to match config ([#7356](https://github.com/containerd/containerd/pull/7356)) * Update golangci-lint timeout to match config * delete redundent import alias and and type conversion ([#7345](https://github.com/containerd/containerd/pull/7345)) * delete redundent import alias and and type conversion * Make checkContainerTimestamps less strict on Windows ([#7350](https://github.com/containerd/containerd/pull/7350)) * Make checkContainerTimestamps less strict on Windows * Make oss-fuzz mandatory ([#7346](https://github.com/containerd/containerd/pull/7346)) * Pin github.com/AdamKorcz/go-118-fuzz-build * Make oss-fuzz mandatory * Add kubernetes v1.25 supported version as v1.24 ([#7326](https://github.com/containerd/containerd/pull/7326)) * Add Kubernetes v1.25 supported version as v1.24 * sys: move ForceRemoveAll to integration/client ([#7335](https://github.com/containerd/containerd/pull/7335)) * sys: move ForceRemoveAll to integration/client * chore: remove duplicate word in comments ([#7338](https://github.com/containerd/containerd/pull/7338)) * chore: remove duplicate word in comments * Use ioctl helpers from x/sys/unix ([#7342](https://github.com/containerd/containerd/pull/7342)) * mount: use ioctl helpers from x/sys/unix * go.mod, vendor: bump golang.org/x/sys to latest version * archive: replace tarName() with filepath.ToSlash() ([#7344](https://github.com/containerd/containerd/pull/7344)) * archive: replace tarName() with filepath.ToSlash() * mount: remove unused ErrNotImplementOnWindows ([#7339](https://github.com/containerd/containerd/pull/7339)) * mount: remove unused ErrNotImplementOnWindows * replace sys Sequential funcs with moby/sys/sequential ([#7334](https://github.com/containerd/containerd/pull/7334)) * replace sys Sequential funcs with moby/sys/sequential * Clarify containerd 1.5.0+ for k8s 1.20,1.21 ([#7324](https://github.com/containerd/containerd/pull/7324)) * Clarify containerd 1.5.0+ for k8s 1.20,1.21 * update runc binary to v1.1.4 ([#7315](https://github.com/containerd/containerd/pull/7315)) * go.mod: github.com/opencontainers/runc v1.1.4 * update runc binary to v1.1.4 * Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9 ([#7325](https://github.com/containerd/containerd/pull/7325)) * Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9 * Update k8s.io/cri-api to v0.25.0 ([#7287](https://github.com/containerd/containerd/pull/7287)) * update intergration * bump cri-api * script/setup: handle cnidir with SUDO ([#7322](https://github.com/containerd/containerd/pull/7322)) * script/setup: handle cnidir with SUDO * ContainerStatus to return container resources ([#6517](https://github.com/containerd/containerd/pull/6517)) * ContainerStatus to return container resources * Update CRI-API * migrate from k8s.gcr.io to registry.k8s.io ([#7038](https://github.com/containerd/containerd/pull/7038)) * migrate from k8s.gcr.io to registry.k8s.io * Do not rename test files on-the-fly to share functions ([#7309](https://github.com/containerd/containerd/pull/7309)) * Do not rename test files on-the-fly to share functions * ctr import: strictly match platform ([#6906](https://github.com/containerd/containerd/pull/6906)) * ctr import: strictly match platform * Revert "Downgrade MinGW to version 10.2.0" ([#7308](https://github.com/containerd/containerd/pull/7308)) * Revert "Downgrade MinGW to version 10.2.0" * Follow up #7254 (Switch to Go 1.19) ([#7286](https://github.com/containerd/containerd/pull/7286)) * contrib/fuzz/daemon.go: reformat the fileheader * pkg/cri/streaming: increase ReadHeaderTimeout * Upgrade containerd/cgroups to remove github.com/cilium/ebpf's fuzzer ([#7304](https://github.com/containerd/containerd/pull/7304)) * crypto/sha256 must be imported * Don't patch github.com/cilium/ebpf * Upgrade containerd/cgroups to remove github.com/cilium/ebpf's fuzzer * Adding support of CAP_BPF and CAP_PERFMON ([#7301](https://github.com/containerd/containerd/pull/7301)) * adding support of CAP_BPF and CAP_PERFMON * go.mod: Bump hcsshim to v0.10.0-rc.1 ([#7284](https://github.com/containerd/containerd/pull/7284)) * Remove Windows special case in TestContainerdRestart * go.mod: Bump hcsshim to v0.10.0-rc.1 * Don't fail test when GOOGLE_APPLICATION_CREDENTIALS is unset ([#7306](https://github.com/containerd/containerd/pull/7306)) * Don't fail test when GOOGLE_APPLICATION_CREDENTIALS is unset * ci: remove GOPROXY environment variable due to https://github.com/go-yaml/yaml/issues/887 ([#7293](https://github.com/containerd/containerd/pull/7293)) * ci: remove GOPROXY environment variable due to https://github.com/go-yaml/yaml/issues/887 * Runtime cleanup (Shim manager and task service) ([#7280](https://github.com/containerd/containerd/pull/7280)) * Cleanup shim manager * Make TaskList generic * containerd-stress: add support for running through CRI ([#6931](https://github.com/containerd/containerd/pull/6931)) * containerd-stress: add support for running through CRI * Switch to Go 1.19 ([#7254](https://github.com/containerd/containerd/pull/7254)) * Fix contrib/ header * Rework permission handling in scripts * Update protobuf definitions * Run gofmt 1.19 * Update golangci-lint to 1.48 with Go 1.19 support * Switch to Go 1.19 * Vagrantfile: dump containerd log after critest ([#7265](https://github.com/containerd/containerd/pull/7265)) * Vagrantfile: dump containerd log after critest * oci: skip checking group id for WithAppendAdditionalGroups ([#7257](https://github.com/containerd/containerd/pull/7257)) * oci: skip checking gid for WithAppendAdditionalGroups * release workflow: increase timeout to 30 minutes & remove Go setup action ([#7259](https://github.com/containerd/containerd/pull/7259)) * release workflow: remove Go setup action * release workflow: increase timeout to 30 minutes * release: rollback Ubuntu to 18.04 (except for riscv64) ([#7258](https://github.com/containerd/containerd/pull/7258)) * release: rollback Ubuntu to 18.04 (except for riscv64) * Initial sandbox API CRI integration (implement Controller.Start) ([#7228](https://github.com/containerd/containerd/pull/7228)) * Add TODOs for the remaining work * Update sandbox protobuf to match CRI * Update controller's start response to incldue pid and labels * Cleanup CRI files * Move sandbox start behind controller * Add sandbox to in memory services * Add sandbox store helpers * Use environment variable to specify Go version on CI ([#7251](https://github.com/containerd/containerd/pull/7251)) * Use global env variable to specify Go version on CI * Update golang to 1.18.5, 1.17.13 ([#7243](https://github.com/containerd/containerd/pull/7243)) * Update golang to 1.18.5, 1.17.13 * Change os.Stderr reassign for Windows service ([#7023](https://github.com/containerd/containerd/pull/7023)) * Change os.Stderr reassign for Windows service * script/setup: fix protobuf for aarch64 ([#7237](https://github.com/containerd/containerd/pull/7237)) * fix protobuf aarch64 * Fix cleanup in critest ([#7232](https://github.com/containerd/containerd/pull/7232)) * Fix cleanup in critest * fix: support simultaneous create diff for same parent snapshot ([#7204](https://github.com/containerd/containerd/pull/7204)) * fix: support simultaneous create diff for same parent snapshot * Windows HostProcess container CRI stats test ([#7223](https://github.com/containerd/containerd/pull/7223)) * Windows HostProcess container CRI stats test * Regenerate protos with updated protoc-gen-go ([#7226](https://github.com/containerd/containerd/pull/7226)) * Regenerate protos with updated protoc-gen-go * test: error strings should not be capitalized ([#7195](https://github.com/containerd/containerd/pull/7195)) * test: error strings should not be capitalized * Add extra context to error when push unauthorized ([#7220](https://github.com/containerd/containerd/pull/7220)) * Add extra context to error when push unauthorized * replace with selinux label ([#7207](https://github.com/containerd/containerd/pull/7207)) * replace with selinux label * Use `httputil.DumpRequestOut` for dumping client req ([#7221](https://github.com/containerd/containerd/pull/7221)) * Use httputil.DumpRequestOut for dumping client req * Fix CRI image pull timeout test for ppc64le ([#7215](https://github.com/containerd/containerd/pull/7215)) * Fix CRI image pull timeout test for ppc64le * test: introduce failpoint control to runc-shimv2 and cni ([#7069](https://github.com/containerd/containerd/pull/7069)) * integration: simplify CNI-fp and add README.md * pkg/failpoint: add FreeBSD link and update pkg doc * integration: Add injected failpoint testing for RunPodSandbox * integration: CNI bridge wrapper with failpoint * pkg/failpoint: add DelegatedEval API * runtime/v2/shim: return if error in load plugin * bin/ctr,integration: new runc-shim with failpoint * runtime/v2: manager supports server interceptor * pkg/failpoint: init failpoint package * chore: bump macos runner version ([#7206](https://github.com/containerd/containerd/pull/7206)) * chore: bump macos runner version * Use image lists form integration/client tests ([#7210](https://github.com/containerd/containerd/pull/7210)) * Fix command line parsing for image list * Update image references for Windows tests * Use image lists instead of hardcoded images * Use image lists in client tests * go.mod: Bump hcsshim to v0.9.4 ([#7212](https://github.com/containerd/containerd/pull/7212)) * go.mod: Bump hcsshim to v0.9.4 * go.mod: Bump hcsshim to 0.9.3 * Drop deprecated `ioutil` ([#7203](https://github.com/containerd/containerd/pull/7203)) * Drop deprecated `ioutil` * Make getServicesOpts a helper ([#7201](https://github.com/containerd/containerd/pull/7201)) * Make getServicesOpts a helper * adds an env var commented out for sandboxed mode ([#7183](https://github.com/containerd/containerd/pull/7183)) * adds an env var commented out for sandboxed mode * cri_stats: handle missing cpu stats ([#7198](https://github.com/containerd/containerd/pull/7198)) * cri_stats: handle missing cpu stats * using ContextDialer instead ([#7189](https://github.com/containerd/containerd/pull/7189)) * using ContextDialer instead * test: Add ability to switch between cgroupv1 or cgroupv2 for node e2e ([#7173](https://github.com/containerd/containerd/pull/7173)) * test: Add ability to switch between cgroupv1 or cgroupv2 * code cleanup ([#7182](https://github.com/containerd/containerd/pull/7182)) * code cleanup * Update k8s.io/cri-api to v0.25.0-alpha2 ([#7114](https://github.com/containerd/containerd/pull/7114)) * Update k8s.io/cri-api to v0.25.0-alpha2 * Refactor usageNanoCores be to used for all OSes ([#7186](https://github.com/containerd/containerd/pull/7186)) * Refactor usageNanoCores be to used for all OSes * adds support for using env file for systemd boot ([#7191](https://github.com/containerd/containerd/pull/7191)) * adds support for using env file for systemd boot * go.mod: github.com/stretchr/testify v1.8.0 ([#7185](https://github.com/containerd/containerd/pull/7185)) * go.mod: github.com/stretchr/testify v1.8.0 * ctr: support --user for run/create ([#7145](https://github.com/containerd/containerd/pull/7145)) * ctr: support --user for run/create * docs: Fix sample config.toml syntax ([#7174](https://github.com/containerd/containerd/pull/7174)) * docs: Fix sample config.toml syntax * seccomp: seccomp: add syscalls related to PKU in default policy ([#7163](https://github.com/containerd/containerd/pull/7163)) * seccomp: seccomp: add syscalls related to PKU in default policy * Update and align golangci-lint version ([#7168](https://github.com/containerd/containerd/pull/7168)) * Fix linter warnings * Update and align golangci-lint version * adds a comment explaining how to disable experimental sbserver ([#7169](https://github.com/containerd/containerd/pull/7169)) * adds a comment explaining how to disable experimental sbserver * ci: workaround Cirrus CI's INVALID_ARGUMENT ([#7177](https://github.com/containerd/containerd/pull/7177)) * ci: workaround Cirrus CI's INVALID_ARGUMENT * Update install-protobuf script to install protobuf on Darwin ([#7153](https://github.com/containerd/containerd/pull/7153)) * Fix protobuf script to install protobuf on darwin * Fork CRI server for Sandbox API integration work ([#7164](https://github.com/containerd/containerd/pull/7164)) * Add log messages when choosing CRI server * Change metrics namespace for sandboxed CRI to prevent panic * Enable integration tests against sandboxed CRI * Fork CRI server package * seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE ([#7167](https://github.com/containerd/containerd/pull/7167)) * seccomp: add get_mempolicy, mbind, set_mempolicy, with CAP_SYS_NICE * cri doc: fix formatting for CDI options ([#7158](https://github.com/containerd/containerd/pull/7158)) * cri doc: fix formatting for CDI options * update golang to 1.18.4, 1.17.12 ([#7159](https://github.com/containerd/containerd/pull/7159)) * update golang to 1.18.4, 1.17.12 * Fix out of date comments for CRI store packages ([#7152](https://github.com/containerd/containerd/pull/7152)) * Fix out of date comments for CRI store packages * update some devmapper docs ([#7124](https://github.com/containerd/containerd/pull/7124)) * update some devmapper docs * seccomp: allow clock_settime64 when CAP_SYS_TIME is added ([#7149](https://github.com/containerd/containerd/pull/7149)) * seccomp: allow clock_settime64 when CAP_SYS_TIME is added * Copy fuzzers from github.com/cncf/cncf-fuzzing ([#7123](https://github.com/containerd/containerd/pull/7123)) * Copy fuzzers from github.com/cncf/cncf-fuzzing * Upgrade github.com/AdaLogics/go-fuzz-headers * fix can't edit object by using ctr content edit command ([#6847](https://github.com/containerd/containerd/pull/6847)) * fix can't edit object by using ctr content edit command * integration/client: fix typo in export_test.go ([#7130](https://github.com/containerd/containerd/pull/7130)) * integration/client: fix typo in export_test.go * Fix WWW-Authenticate parsing ([#7126](https://github.com/containerd/containerd/pull/7126)) * Fix WWW-Authenticate parsing * LCOW differ return ErrNotImplemented for wrong mount type ([#7112](https://github.com/containerd/containerd/pull/7112)) * LCOW differ return ErrNotImplemented for wrong mount type * Update go-restful/v3 to latest release ([#7117](https://github.com/containerd/containerd/pull/7117)) * Update go-restful/v3 to latest release * pkg/cri: use marshal wrapper for version convertor ([#7108](https://github.com/containerd/containerd/pull/7108)) * pkg/cri: use marshal wrapper for version convertor * Remove hacks around contrib/fuzz ([#7087](https://github.com/containerd/containerd/pull/7087)) * Do not hardcode fuzzers * Move container_fuzzer.go under integration/client/ * Copy FuzzCRI from cncf/cncf-fuzzing * Remove mainfuzz package and StartDaemonForFuzzing * Move builtins_*.go to cmd/containerd/builtins to make the files reusable * Fix missing closed HTTP Body ([#7107](https://github.com/containerd/containerd/pull/7107)) * Fix missing closed HTTP Body * Cleanup metadata tests ([#7105](https://github.com/containerd/containerd/pull/7105)) * Cleanup metadata tests * Downgrade MinGW to version 10.2.0 ([#7106](https://github.com/containerd/containerd/pull/7106)) * Downgrade MinGW to version 10.2.0 * ctr: Fix `ctr c create` fails to parse arguments ([#7098](https://github.com/containerd/containerd/pull/7098)) * ctr: Fix `ctr c create` fails to parse arguments * Fix Documentation Issue ([#7103](https://github.com/containerd/containerd/pull/7103)) * Fix Doc: * refactor: reduce duplicate code ([#7100](https://github.com/containerd/containerd/pull/7100)) * refactor: reduce duplicate code * make xattr EPERM non-fatal in createTarFile ([#7094](https://github.com/containerd/containerd/pull/7094)) * make xattr EPERM non-fatal in createTarFile * Move metadata plugin registration to seperate package ([#7096](https://github.com/containerd/containerd/pull/7096)) * Move metadata plugin registration to seperate package * fix: missing sudo for devmapper doc ([#7092](https://github.com/containerd/containerd/pull/7092)) * fix: missing sudo for devmapper doc * Ensure Windows Periodic workflow errors out while still uploading results. ([#7085](https://github.com/containerd/containerd/pull/7085)) * Ensure Windows Periodic workflow errors out while still uploading results. * Revert MinGW to oldest known working version in Windows setup script. * Add snapshotter key to snapshot events ([#7084](https://github.com/containerd/containerd/pull/7084)) * Add snapshotter key to snapshot events * add WithAdditionalGIDs test ([#7072](https://github.com/containerd/containerd/pull/7072)) * add WithAdditionalGIDs test * Forward ctr snapshotter flags on Windows ([#7086](https://github.com/containerd/containerd/pull/7086)) * Forward ctr snapshotter flags on Windows * add WithAppendAdditionalGroups helper ([#7070](https://github.com/containerd/containerd/pull/7070)) * add WithAppendAdditionalGroups helper * Make CI Fuzz less noisy ([#7065](https://github.com/containerd/containerd/pull/7065)) * Move contrib/fuzz/docker_fuzzer.go to remotes/docker * Copy FuzzConvertManifest from cncf/cncf-fuzzing * Do not hardcode fuzzing targets * Don't log "ignored xattr ..." warnings * Make oss_fuzz_build.sh quiet * ctr: add --hostname flag to create, run ([#7082](https://github.com/containerd/containerd/pull/7082)) * ctr: add --hostname flag to create, run * improve content-flow ([#7077](https://github.com/containerd/containerd/pull/7077)) * improve content-flow * Make CI Fuzz optional ([#7067](https://github.com/containerd/containerd/pull/7067)) * Make CI Fuzz optional * Use Go 1.18's testing.F on simple fuzzers ([#7056](https://github.com/containerd/containerd/pull/7056)) * Run fuzzing tests with go test -fuzz * Use testing.F on FuzzPlatformsParse * Use testing.F on FuzzParseProcPIDStatus * Downgrade MinGW in Windows setup scripts. ([#7062](https://github.com/containerd/containerd/pull/7062)) * Downgrade MinGW in Windows setup scripts. * Make test path a constant ([#7057](https://github.com/containerd/containerd/pull/7057)) * Make test path a constant * Run fuzzers in CI ([#7052](https://github.com/containerd/containerd/pull/7052)) * Run fuzzers in CI * CRI: Improve the /dev/shm mount options in Sandbox. ([#6913](https://github.com/containerd/containerd/pull/6913)) * CRI: change the /dev/shm mount options in Sandbox. * CRI: remove default /dev/shm mount in Sandbox. * fix:userattr-unmount unexpected timeout ([#7008](https://github.com/containerd/containerd/pull/7008)) * fix add ro mount for userattr-unmount unexpected timeout * Port (some) unit tests to FreeBSD ([#7042](https://github.com/containerd/containerd/pull/7042)) * archive: Explicitly specify stdio for tar(1) * platforms: Run goimports for FreeBSD * cri/server: Disable tests on FreeBSD * oci: Remove empty mount option slice for FreeBSD * oci: FreeBSD devices may have major number 0 * archive: use Linkat on FreeBSD for hardlinks * Bump Golang and MinGW versions in Windows setup script. ([#6888](https://github.com/containerd/containerd/pull/6888)) * Bump Golang and MinGW versions in Windows setup script. * Windows snapshotter touch ups and new functionality ([#6918](https://github.com/containerd/containerd/pull/6918)) * Windows snapshotter touch ups and new functionality * Improve naming consistencies in comments in snapshotter.go ([#7032](https://github.com/containerd/containerd/pull/7032)) * Improve naming consistencies in comments in snapshotter.go * Make building static binaries simpler ([#7022](https://github.com/containerd/containerd/pull/7022)) * Make building static binaries simpler * Allow CRI on Darwin ([#7033](https://github.com/containerd/containerd/pull/7033)) * Allow CRI on Darwin * update runc binary to v1.1.3 ([#7034](https://github.com/containerd/containerd/pull/7034)) * update runc binary to v1.1.3 * Linux containers on FreeBSD ([#7000](https://github.com/containerd/containerd/pull/7000)) * Linux containers on FreeBSD * go.mod: github.com/moby/sys/mountinfo v0.6.2 ([#7026](https://github.com/containerd/containerd/pull/7026)) * go.mod: github.com/moby/sys/mountinfo v0.6.2 * fix minor spelling mistake: lablel -> label ([#7031](https://github.com/containerd/containerd/pull/7031)) * fix minor spelling mistake: lablel -> label * go.mod: github.com/containerd/cgroups v1.0.4 ([#7027](https://github.com/containerd/containerd/pull/7027)) * go.mod: github.com/containerd/cgroups v1.0.4 * go.mod: github.com/containerd/continuity v0.3.0 ([#7028](https://github.com/containerd/containerd/pull/7028)) * go.mod: github.com/containerd/continuity v0.3.0 * Correct spelling mistake ("sanbdox" to "sandbox") ([#7029](https://github.com/containerd/containerd/pull/7029)) * Correct spelling mistake ("sanbdox" to "sandbox") * Github Security Advisory [GHSA-5ffw-gxpp-mxpf](https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf) * Implicitly discard the input to drain the reader * Limit the response size of ExecSync * Bump grpc to v1.47.0 ([#7018](https://github.com/containerd/containerd/pull/7018)) * Bump grpc to v1.47.0 * Bump k8s.io deps to v0.24.1 ([#7017](https://github.com/containerd/containerd/pull/7017)) * Bump k8s.io deps to v0.24.1 * Support runtime level snapshotter for issue 6657 ([#6899](https://github.com/containerd/containerd/pull/6899)) * Added support for runtime level snapshotter, issue 6657 * update golang to 1.18.3, 1.17.11 ([#7012](https://github.com/containerd/containerd/pull/7012)) * update golang to 1.18.3, 1.17.11 * Fix containerd-stress duration flag ([#7004](https://github.com/containerd/containerd/pull/7004)) * Fix containerd-stress duration flag * update go-cni/for cni update fixing plugins that don't respond with version ([#7009](https://github.com/containerd/containerd/pull/7009)) * update go-cni/for cni update fixing plugins that don't respond with version * Add validations for Windows HostProcess CRI configs ([#6996](https://github.com/containerd/containerd/pull/6996)) * Add validations for Windows HostProcess CRI configs * Move docker reference logic to reference/docker package ([#7007](https://github.com/containerd/containerd/pull/7007)) * Move docker reference logic to reference/docker package * promote pause image to 3.7 (sync with kube v1.24) ([#7003](https://github.com/containerd/containerd/pull/7003)) * promote pause image to 3.7 * Makefile: use urfave_cli_no_docs for binaries that don't need it ([#6998](https://github.com/containerd/containerd/pull/6998)) * Makefile: use urfave_cli_no_docs for binaries that don't need it * CRI: cleanup cri/store package ([#6993](https://github.com/containerd/containerd/pull/6993)) * CRI: Remove deprecated error types and update error msg * CRI: Move truncindex to pkg * CRI: Move reference sorting to reference package * CRI: Retrieve image spec on client * Use t.Run for /pkg/cri tests ([#7001](https://github.com/containerd/containerd/pull/7001)) * Use t.Run for /pkg/cri tests * vendor: github.com/urfave/cli v1.22.9 and fix "verify-vendor" script ([#6997](https://github.com/containerd/containerd/pull/6997)) * vendor: github.com/urfave/cli v1.22.9 * fix verify-vendor if go.mod does not contain replace rules * sandbox: replace github.com/pkg/errors with native errors ([#6937](https://github.com/containerd/containerd/pull/6937)) * sandbox: replace github.com/pkg/errors with native errors * build: Fix references to check-protos target in Makefile ([#6983](https://github.com/containerd/containerd/pull/6983)) * build: Fix references to check-protos target in Makefile * ctr: fix label args used in NewContainer ([#6954](https://github.com/containerd/containerd/pull/6954)) * ctr: fix label args used in NewContainer * ctr sandbox: handle sandbox config ([#6959](https://github.com/containerd/containerd/pull/6959)) * ctr sandbox: handle sandbox config * Fix broken oss-fuzz build ([#6975](https://github.com/containerd/containerd/pull/6975)) * Fix broken oss-fuzz build * archive: add human-readable hint to Lchown error ([#6982](https://github.com/containerd/containerd/pull/6982)) * archive: add human-readable hint to Lchown error * Fix tx closed error when upperdirlabel specified ([#6978](https://github.com/containerd/containerd/pull/6978)) * Fix tx closed error when upperdirlabel specified * config: improve config v1 deprecation message ([#6972](https://github.com/containerd/containerd/pull/6972)) * config: improve config v1 deprecation message * Fix Windows install powershell script ([#6969](https://github.com/containerd/containerd/pull/6969)) * Fix Windows install powershell script * fix comments on metadata schema and update namespace doc ([#6955](https://github.com/containerd/containerd/pull/6955)) * add note that a namespace cannot be named "version" * fix comments on metadata schema * adjust format in comment ([#6956](https://github.com/containerd/containerd/pull/6956)) * adjust format in comment * Restore decompression benchmarks ([#6957](https://github.com/containerd/containerd/pull/6957)) * Restore decompression benchmarks * cmd/ctr/commands/content: fix typo in fetch command usage ([#6960](https://github.com/containerd/containerd/pull/6960)) * adjust format * fix some confusing typos ([#6950](https://github.com/containerd/containerd/pull/6950)) * fix some confusing typos * update doc url about k8s ([#6952](https://github.com/containerd/containerd/pull/6952)) * update doc url * Separate windows-2019 and windows-2022 test results ([#6946](https://github.com/containerd/containerd/pull/6946)) * Separate windows-2019 and windows-2022 test results * shim: fix debug flag not working ([#6910](https://github.com/containerd/containerd/pull/6910)) * shim: fix debug flag not working * Reverts removal of parallel run from critest ([#6938](https://github.com/containerd/containerd/pull/6938)) * reverts removal of parallel run from critest * Bump OpenTelemetry dependencies ([#6932](https://github.com/containerd/containerd/pull/6932)) * Bump OpenTelemetry dependencies * update runc binary and vendor to v1.1.2 ([#6934](https://github.com/containerd/containerd/pull/6934)) * vendor: github.com/opencontainers/runc v1.1.2 * update runc binary to v1.1.2 * oci: WithDefaultUnixDevices(): remove tun/tap from the default devices ([#6923](https://github.com/containerd/containerd/pull/6923)) * oci: WithDefaultUnixDevices(): remove tun/tap from the default devices * update golang to 1.18.2, 1.17.10 ([#6926](https://github.com/containerd/containerd/pull/6926)) * update golang to 1.18.2, 1.17.10 * CI: update Fedora to 36 ([#6925](https://github.com/containerd/containerd/pull/6925)) * CI: update Fedora to 36 * Add `Wait` to `binaryProcessor` ([#6916](https://github.com/containerd/containerd/pull/6916)) * Add `Wait` to `binaryProcessor` * go.mod: Bump k8s deps to v0.24.0 ([#6905](https://github.com/containerd/containerd/pull/6905)) * go.mod: Bump k8s deps to v0.24.0 * (Vagrant CI) Enable git commands due to git CVE fix ([#6915](https://github.com/containerd/containerd/pull/6915)) * Enable git commands due to git CVE fix * Pass explicit JUnit outfile to critest.exe in Windows workflow. ([#6912](https://github.com/containerd/containerd/pull/6912)) * Pass explicit JUnit outfile to critest.exe in Windows workflow. * Update critools to v1.24 ([#6894](https://github.com/containerd/containerd/pull/6894)) * update critools to v1.24 * devmapper docs: small fixes ([#6904](https://github.com/containerd/containerd/pull/6904)) * devmapper docs: small fixes * move report dir option to end of line for vagrant cri tests ([#6900](https://github.com/containerd/containerd/pull/6900)) * move report dir option to eol * Update Kubernetes version matrix in release docs ([#6892](https://github.com/containerd/containerd/pull/6892)) * Update Kubernetes version matrix in release docs * Share container images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy ([#6889](https://github.com/containerd/containerd/pull/6889)) * Share images between TestRestartMonitor and TestRestartMonitorWithOnFailurePolicy * containerd 1.6.4 k8s 1.24 readme announce ([#6890](https://github.com/containerd/containerd/pull/6890)) * containerd 1.6.4 k8s 1.24 readme announce * Cleanup leaked shim process ([#6866](https://github.com/containerd/containerd/pull/6866)) * Cleanup leaked shim process * Add collectible resources to metadata gc ([#6804](https://github.com/containerd/containerd/pull/6804)) * metadata: use resource max and end on registration * Add collectible resources to metadata gc * Update k8 docurl in file ([#6881](https://github.com/containerd/containerd/pull/6881)) * Update k8 docurl in file * Support RISC-V 64 ([#6882](https://github.com/containerd/containerd/pull/6882)) * CI: add riscv64 builds * release/Dockerfile: update Ubuntu to 22.04 for supporting riscv64 * seccomp: support riscv64 * docs: minor fixes in snapshots.Snapshotter comments ([#6885](https://github.com/containerd/containerd/pull/6885)) * docs: minor fixes in snapshots.Snapshotter comments * Officially deprecate Schema 1 ([#6884](https://github.com/containerd/containerd/pull/6884)) * Officially deprecate Schema 1 * Make Cirrus CI tests more stable ([#6880](https://github.com/containerd/containerd/pull/6880)) * Reduce the number of the concurrent HTTP requests in TestUserNamespaces * Skip TestImagePullWithConcurrencyLimit on Cirrus CI * docs: Adding windows installation steps to getting-started.md ([#6875](https://github.com/containerd/containerd/pull/6875)) * docs: Adding windows installation steps to getting-started.md * Add ctr support for CPUMax and CPUShares ([#6809](https://github.com/containerd/containerd/pull/6809)) * Add ctr support for CPUMax and CPUShares * Support for cgroups blockio ([#5490](https://github.com/containerd/containerd/pull/5490)) * cri: support blockio class in pod and container annotations * Fix comment for metadata/db.go ([#6871](https://github.com/containerd/containerd/pull/6871)) * Fix comment for metadata/db.go * Remove github.com/gogo/protobuf and github.com/golang/protobuf from containerd's direct dependencies ([#6867](https://github.com/containerd/containerd/pull/6867)) * Upgrade protoc, protoc-gen-go and protoc-gen-go-grpc * go mod tidy & go mod vendor * make protos * Remove gogo from .proto files * Update go-cni to v1.1.5 ([#6868](https://github.com/containerd/containerd/pull/6868)) * Update go-cni to v1.1.5 * Bump opencontainers/selinux from 1.10.0 to 1.10.1 ([#6865](https://github.com/containerd/containerd/pull/6865)) * Bump opencontainers/selinux from 1.10.0 to 1.10.1 * Upgrade google.golang.org/grpc and google.golang.org/protobuf ([#6864](https://github.com/containerd/containerd/pull/6864)) * Upgrade google.golang.org/grpc and google.golang.org/protobuf * Remove kzys/typeurl * Don't use "uname -a" as Cirrus CI's cache key ([#6863](https://github.com/containerd/containerd/pull/6863)) * Don't use "uname -a" as Cirrus CI's cache key * remove duplicate ([#6856](https://github.com/containerd/containerd/pull/6856)) * remove duplicate * Create ppc64le release ([#6858](https://github.com/containerd/containerd/pull/6858)) * Create ppc64le release * Move Vagrant-based tests from GitHub Actions to Cirrus CI ([#6854](https://github.com/containerd/containerd/pull/6854)) * Move Vagrant-based tests from GitHub Actions to Cirrus CI * feature: support image pull progress timeout ([#6150](https://github.com/containerd/containerd/pull/6150)) * feature: support image pull progress timeout * Add unpack interface to be used by client ([#6749](https://github.com/containerd/containerd/pull/6749)) * unpack: return error when no platforms defined * Add unpack interface to be used by client * Fix undefined error in use of errors package ([#6855](https://github.com/containerd/containerd/pull/6855)) * Fix undefined error in use of errors package * Migrate off from github.com/gogo/protobuf ([#6841](https://github.com/containerd/containerd/pull/6841)) * Fix tests * go mod tidy and go mod vendor * Upgrade containerd/typeurl * make protos * Rename Size_ to Size * Remove gogo/protobuf and adjust types * Use protoc-gen-go instead of protoc-gen-gogoctrd * Upgrade containerd/ttrpc * images/image.go: typo ([#6851](https://github.com/containerd/containerd/pull/6851)) * images/image.go: typo * Add flag to allow oci.WithAllDevicesAllowed on PrivilegedWithoutHostDevices ([#5686](https://github.com/containerd/containerd/pull/5686)) * add oci.WithAllDevicesAllowed flag for privileged_without_host_devices * integration: Adds Windows equivalent for TestSandboxRemoveWithoutIPLeakage ([#6180](https://github.com/containerd/containerd/pull/6180)) * integration: Adds Windows equivalent for TestSandboxRemoveWithoutIPLeakage * fix incorrect syntax in comments ([#6845](https://github.com/containerd/containerd/pull/6845)) * fix incorrect syntax in comments * cri: close fifos when container is deleted ([#6842](https://github.com/containerd/containerd/pull/6842)) * cri: close fifos when container is deleted * diff: hide types.Any from clients ([#6832](https://github.com/containerd/containerd/pull/6832)) * diff: hide types.Any from clients * Add Container-Optimized OS into Adopters ([#6838](https://github.com/containerd/containerd/pull/6838)) * Add Container-Optimized OS into Adopters * Prepare for google.golang.org/protobuf ([#6835](https://github.com/containerd/containerd/pull/6835)) * Add go_package on all proto files * Use proto.Marshal instead of calling Marshal() on objects * Embed "Unimplemented" structs as proto recommended * fix the restart desired to running when task not found ([#6833](https://github.com/containerd/containerd/pull/6833)) * fix monitor restart * Remove all gogoproto extensions ([#6829](https://github.com/containerd/containerd/pull/6829)) * Remove all gogoproto extensions * fix nil pointer panic for monitor ([#6830](https://github.com/containerd/containerd/pull/6830)) * fix nil pointer panic for monitor * remotes/docker: log registry URLs as info instead of debug ([#5681](https://github.com/containerd/containerd/pull/5681)) * remotes/docker: log registry URLs as info instead of debug * Rename runtime/v2/task to api/runtime ([#6827](https://github.com/containerd/containerd/pull/6827)) * Keep shim API backward compatible * Move runtime v2 proto Move runtime v2 protos to api/runtime package. * Fix protoc-gen-go-fieldpath ([#6828](https://github.com/containerd/containerd/pull/6828)) * Don't generate a Go file, if that would be empty * Fix protoc-gen-go-fieldpath * Consolidate gogo/protobuf dependencies under our own protobuf package ([#6826](https://github.com/containerd/containerd/pull/6826)) * Consolidate gogo/protobuf dependencies under our own protobuf package * Add restart policy for enhanced restart manager ([#6744](https://github.com/containerd/containerd/pull/6744)) * add restart policy for enhanced restart manager * Remove gogoproto.stdtime ([#6821](https://github.com/containerd/containerd/pull/6821)) * Remove gogoproto.stdtime * Set timeout when collecting metrics from shim's Stat ([#6781](https://github.com/containerd/containerd/pull/6781)) * Set timeout when collecting metrics from shim's Stat * Fuzz filter package with Go 1.18's fuzzer ([#6819](https://github.com/containerd/containerd/pull/6819)) * Fuzz filter package with Go 1.18's fuzzer * allow ptrace(2) by default for kernel >= 4.8 ([#6810](https://github.com/containerd/containerd/pull/6810)) * allow ptrace(2) by default for kernel >= 4.8 * Build bin/gen-manpages instead of using "go run" ([#6820](https://github.com/containerd/containerd/pull/6820)) * Build bin/gen-manpages instead of using "go run" * update golang to 1.18.1, 1.17.9 ([#6822](https://github.com/containerd/containerd/pull/6822)) * update golang to 1.18.1, 1.17.9 * Sandbox API ([#6703](https://github.com/containerd/containerd/pull/6703)) * [Sandbox] Remove outdated documentation * [sandbox] Migrate from gogo to Any * [sandbox] Cleanup interfaces * [sandbox] Fix CI * [Sandbox] Add Wait and PID * Restore sandboxes on daemon restart * Fix protobuf after rebase * [sandbox] Add sandbox shim skeleton * [sandbox] Register shim plugin after #6301 * [sandbox] Add ctr support * Launch sandboxed containers from task service * [sandbox] Address PR review comments * [sandbox] Implement sandbox controller * [sandbox] Add clients * [sandbox] Add controller service * [sandbox] Update vendor * [sandbox] Implement store service * [sandbox] Revendor API changes * [sandbox] Save sandbox ID to container's store * [sandbox] Implement metadata store * [sandbox] Add basic sandbox structures and interfaces * [sandbox] Add protobuf definitions * Move lease manager plugin to separate package ([#6811](https://github.com/containerd/containerd/pull/6811)) * Move lease manager plugin to separate package * fix pool_device_test ([#6807](https://github.com/containerd/containerd/pull/6807)) * fix pool_device_test.go * check for duplicate nspath possibilities ([#6806](https://github.com/containerd/containerd/pull/6806)) * check for duplicate nspath possibilities * Do not append []string{""} to command to preserve Docker compatibility ([#6805](https://github.com/containerd/containerd/pull/6805)) * Do not append []string{""} to command to preserve Docker compatibility * tracing: fix panic on startup when configured ([#6789](https://github.com/containerd/containerd/pull/6789)) * tracing: fix panic on startup when configured * Optimize loading performance for cri recover ([#6680](https://github.com/containerd/containerd/pull/6680)) * cri: load sandboxes/containers/images in parallel * Change architecture path in README.md ([#6798](https://github.com/containerd/containerd/pull/6798)) * Change architecture path in README.md * make consistent for checkpoint path ([#6792](https://github.com/containerd/containerd/pull/6792)) * make consistent for checkpoint path * metrics/cgroups: fix deadlock issue in Add during Collect ([#6788](https://github.com/containerd/containerd/pull/6788)) * metrics/cgroups: fix deadlock issue in Add during Collect * ADOPTERS: Update AKS Info ([#6794](https://github.com/containerd/containerd/pull/6794)) * ADOPTERS: Update AKS Info * Pin upload-cloud-storage action to 0.8.0 in Windows workflow. ([#6790](https://github.com/containerd/containerd/pull/6790)) * Pin upload-cloud-storage action to 0.8.0 in Windows workflow. * docs: add Deckhouse to the list of adopters ([#6785](https://github.com/containerd/containerd/pull/6785)) * docs: add Deckhouse to the list of adopters * Add `docs/snapshotters`; simplify `docs/cri` ([#6778](https://github.com/containerd/containerd/pull/6778)) * docs/cri: simplify * Add docs/snapshots * Turn paths from cmdline into absolute paths ([#6672](https://github.com/containerd/containerd/pull/6672)) * Turn paths from cmdline into absolute paths * CRI: add support for CDI device injection ([#6654](https://github.com/containerd/containerd/pull/6654)) * CDI: update go.mod and vendor deps * move CDI calls to the linux-only code * add configuration for CDI * cri: implement CDI device injection * Disable writing freelist to make the file robust against data corruptions ([#6761](https://github.com/containerd/containerd/pull/6761)) * Disable writing freelist to make the file robust against data corruptions * mv design docs/historical/design ([#6777](https://github.com/containerd/containerd/pull/6777)) * mv design docs/historical/design * CRI: improve image pulling performance ([#6702](https://github.com/containerd/containerd/pull/6702)) * CRI: improve image pulling performance * docs: remove runtime v1; migrate config v1 to v2 ([#6776](https://github.com/containerd/containerd/pull/6776)) * docs: migrate config v1 to v2 * docs: remove deprecated `io.containerd.runtime.v1.linux` * Skip flaky test on Windows ([#6779](https://github.com/containerd/containerd/pull/6779)) * Skip flaky test on Windows * docs/getting-started.md: typo ([#6775](https://github.com/containerd/containerd/pull/6775)) * docs/getting-started.md: typo * Add no_tracing tag ([#6750](https://github.com/containerd/containerd/pull/6750)) * Add no_tracing tag * Move historical docs to `docs/historical` ([#6754](https://github.com/containerd/containerd/pull/6754)) * Move historical docs to `docs/historical` * Run go mod tidy in integration tests ([#6768](https://github.com/containerd/containerd/pull/6768)) * Run go mod tidy in integration tests * go.mod: move indirects, and update integration go.mod to 1.18 ([#6765](https://github.com/containerd/containerd/pull/6765)) * go.mod: move indirects, and update integration go.mod to 1.18 * Drop gotest.tools ([#6762](https://github.com/containerd/containerd/pull/6762)) * Remove gotest.tools * Use testify * Use t.Setenv instead of os.Setenv ([#6760](https://github.com/containerd/containerd/pull/6760)) * Update linters to use t.Setenv * Use t.Setenv instead of os.Setenv * Upgrade to Go 1.18 ([#6709](https://github.com/containerd/containerd/pull/6709)) * Upgrade to Go 1.18 * Adding multi-arch support for the configure.sh script ([#6751](https://github.com/containerd/containerd/pull/6751)) * Adding multi-arch support for the configure.sh script * docs/getting-started.md: massive update ([#6758](https://github.com/containerd/containerd/pull/6758)) * docs/getting-started.md: massive update * Remove unmaintained contrib/linuxkit ([#6755](https://github.com/containerd/containerd/pull/6755)) * Remove unmaintained contrib/linuxkit * [Windows CI] Address some timeout issues ([#6757](https://github.com/containerd/containerd/pull/6757)) * Address some timeout issues in the Windows CI * BUILDING.md: update supported Go versions ([#6756](https://github.com/containerd/containerd/pull/6756)) * BUILDING.md: update supported Go versions * update runc to 1.1.1 ([#6753](https://github.com/containerd/containerd/pull/6753)) * update runc binary to v1.1.1 * go.mod: github.com/opencontainers/runc v1.1.1 * CI: add Rocky Linux 8 ([#6747](https://github.com/containerd/containerd/pull/6747)) * CI: add Rocky Linux 8 * CI: bump up crun to 1.4.4 ([#6748](https://github.com/containerd/containerd/pull/6748)) * CI: bump up crun to 1.4.4 * added make help for cri integration ([#6743](https://github.com/containerd/containerd/pull/6743)) * added make help for cri integration * Update README.md cncf landscape url ([#6740](https://github.com/containerd/containerd/pull/6740)) * Update README.md * Fix error message in TestNewBinaryIO ([#6738](https://github.com/containerd/containerd/pull/6738)) * Fix error message in TestNewBinaryIO * Use typeurl.Any instead of github.com/gogo/protobuf/types.Any ([#6706](https://github.com/containerd/containerd/pull/6706)) * Use typeurl.Any instead of github.com/gogo/protobuf/types.Any * Use cgroups.AddProc() for cgroups v1 ([#5738](https://github.com/containerd/containerd/pull/5738)) * Use cgroups.AddProc() for cgroups v1 * fix: ctr images mount with snapshotter option can't get snapshotter ([#6713](https://github.com/containerd/containerd/pull/6713)) * fix: ctr images mount with snapshotter option can't get snapshotter * cgroup2: monitor OOMKill instead of OOM to prevent missing container events ([#6323](https://github.com/containerd/containerd/pull/6323)) * cgroup2: monitor OOMKill instead of OOM to prevent missing container OOM events * moving up to go-cni v1.1.4 ([#6721](https://github.com/containerd/containerd/pull/6721)) * moving up to go-cni v1.1.4 * native: fix deadlock from leaving transactions open ([#6722](https://github.com/containerd/containerd/pull/6722)) * native: fix deadlock from leaving transactions open * go.mod: remove replace, and update github.com/gogo/googleapis v1.4.1 ([#5390](https://github.com/containerd/containerd/pull/5390)) * go.mod: remove replace and update github.com/gogo/googleapis v1.4.1 * Github Security Advisory [GHSA-c9cp-9c75-9v8c](https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c) * Fix the Inheritable capability defaults. * runtime: deprecate runc --criu / -criu-path option ([#6496](https://github.com/containerd/containerd/pull/6496)) * runtime: deprecate runc --criu / -criu-path option * Bug fix for mount path handling ([#6651](https://github.com/containerd/containerd/pull/6651)) * Bug fix for mount path handling * Upgrade containerd/imgcrypt and opencontainers/image-spec ([#6711](https://github.com/containerd/containerd/pull/6711)) * Upgrade containerd/imgcrypt and opencontainers/image-spec * Remove enumvalue_customname, goproto_enum_prefix and enum_customname ([#6708](https://github.com/containerd/containerd/pull/6708)) * Remove enumvalue_customname, goproto_enum_prefix and enum_customname * Remove gogoproto.customtype ([#6699](https://github.com/containerd/containerd/pull/6699)) * Remove gogoproto.customtype * Skip tty critest testcase on Windows Server 2022 ([#6698](https://github.com/containerd/containerd/pull/6698)) * Skip tty critest testcase on Windows Server 2022 * Build with Go 1.18 ([#6605](https://github.com/containerd/containerd/pull/6605)) * Vendor dependencies with module graph pruning * Use Go 1.18 to build and test containerd * Update prometheus client vendor ([#6690](https://github.com/containerd/containerd/pull/6690)) * Test turning off golang CI lint cache * Add nolint:staticcheck to platform-specific calls * Update prometheus client vendor * vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd ([#6687](https://github.com/containerd/containerd/pull/6687)) * vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd * Make the temp mount as ready only in container WithVolumes ([#6593](https://github.com/containerd/containerd/pull/6593)) * Make the temp mount as ready only in container WithVolumes * fix: `ctr run --cni` get failed ([#6670](https://github.com/containerd/containerd/pull/6670)) * fix: ctr run --cni get failed * test: use `T.TempDir` to create temporary test directory ([#6681](https://github.com/containerd/containerd/pull/6681)) * test: remove redundant `mountPoint` * test: use `T.TempDir` to create temporary test directory * Make OpenLab's CI jobs blocking ([#6679](https://github.com/containerd/containerd/pull/6679)) * Make OpenLab's CI jobs blocking * document log level and format ([#6683](https://github.com/containerd/containerd/pull/6683)) * document log level and format * Add shared content label to namespaces ([#6660](https://github.com/containerd/containerd/pull/6660)) * Add shared content label to namespaces * Add protoc-gen-go-fieldpath ([#6562](https://github.com/containerd/containerd/pull/6562)) * Add protoc-gen-go-fieldpath * Enable gosec linter for golangci-lint ([#6669](https://github.com/containerd/containerd/pull/6669)) * Enable gosec linter for golangci-lint * Make mkfs.xfs available on OpenLab's CI environment ([#6668](https://github.com/containerd/containerd/pull/6668)) * Make mkfs.xfs available on OpenLab's CI environment * ctr: improve error relative shim path error msg ([#6519](https://github.com/containerd/containerd/pull/6519)) * ctr: improve error relative shim path error msg * typo fixes under cmd. ([#6674](https://github.com/containerd/containerd/pull/6674)) * typo fixes under cmd. * Handle CRI Device.HostPath on Windows ([#6618](https://github.com/containerd/containerd/pull/6618)) * Implement `--device idType://id` for `ctr run` on Windows * Plumb CRI Devices through to OCI WindowsDevices * CRI integration test for Windows Device mounts * Upgrade golangci-lint and its GitHub Action ([#6666](https://github.com/containerd/containerd/pull/6666)) * Upgrade golangci-lint and its GitHub Action * Don't build a second copy of containerd-shim-runhcs-v1.exe ([#6661](https://github.com/containerd/containerd/pull/6661)) * Don't build a second copy of containerd-shim-runhcs-v1.exe * Update TestNormalize to only test Windows platform ([#6569](https://github.com/containerd/containerd/pull/6569)) * Update TestNormalize to only test Windows * Fix link in getting-started.md ([#6663](https://github.com/containerd/containerd/pull/6663)) * Fix link in getting-started.md * Fuzzing: refactor metadata fuzzers ([#6423](https://github.com/containerd/containerd/pull/6423)) * Fuzzing: refactor metadata fuzzers * Two xfs file systems with same UUID can not be mounted on the same sy… ([#6650](https://github.com/containerd/containerd/pull/6650)) * Mount devmapper xfs file system with "nouuid" option. * [Windows] Fix deadline exceeded in daemon restart ([#6635](https://github.com/containerd/containerd/pull/6635)) * Increase wait timeout for TestDaemonRestart * Use temp file for export/import test ([#6658](https://github.com/containerd/containerd/pull/6658)) * Use temp file for export/import test * strip path-info from `-v` (version) output, and implement -v flag for containerd-shim ([#6495](https://github.com/containerd/containerd/pull/6495)) * cmd/containerd-shim: add -v (version) flag * integration/images/volume-ownership: strip path information from usage output * runtime/v2/shim: strip path information from version output * Improve unexpected response error handling in resolver ([#6617](https://github.com/containerd/containerd/pull/6617)) * Improve ErrUnexpectedStatus default string * Add ErrUnexpectedStatus to resolver * Use the latest tag for azure images ([#6601](https://github.com/containerd/containerd/pull/6601)) * Use the latest image for Windows test workers * Run CRI integration tests in GitHub Actions (Windows) ([#6626](https://github.com/containerd/containerd/pull/6626)) * Skip most of script/setup/prepare_env_windows.ps1 * Enable cri-tools critest on Windows * Enable CRI Integration tests on Windows * Remove hardcoded /tmp in tempfile paths * cri: fix integration test on cgroupsv2 system ([#6595](https://github.com/containerd/containerd/pull/6595)) * cri: fix integration test on cgroupsv2 system * Use version 2 configuration format in docs/PLUGINS.md ([#6613](https://github.com/containerd/containerd/pull/6613)) * Use version 2 config and mention containerd config command * update to go 1.16.15, 1.17.8 to address CVE-2022-24921 ([#6619](https://github.com/containerd/containerd/pull/6619)) * update to go 1.16.15, 1.17.8 to address CVE-2022-24921 * Update status of 1.4 release ([#6614](https://github.com/containerd/containerd/pull/6614)) * Update status of 1.4 release * Update TestContainerSymlinkVolumes to use windows path ([#6568](https://github.com/containerd/containerd/pull/6568)) * Update TestContainerSymlinkVolumes to use windows path * Add --user support for ctr run Windows ([#6603](https://github.com/containerd/containerd/pull/6603)) * Add --user support for ctr run Windows * Update releases ([#6608](https://github.com/containerd/containerd/pull/6608)) * Update latest release versions * Update release process to include Kubernetes test infrastructure * Github Security Advisory [GHSA-crp2-qrr5-8pq7](https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7) * Use fs.RootPath when mounting volumes * Adds support for Windows ArgsEscaped images ([#6479](https://github.com/containerd/containerd/pull/6479)) * Adds support for Windows ArgsEscaped images * Do not use weak import ([#6558](https://github.com/containerd/containerd/pull/6558)) * Do not use weak import * cri: relax test for system without hugetlb ([#6596](https://github.com/containerd/containerd/pull/6596)) * cri: relax test for system without hugetlb * Use containerd/protobuild instead of stevvooe/protobuild ([#6578](https://github.com/containerd/containerd/pull/6578)) * Use containerd/protobuild instead of stevvooe/protobuild * integration: remove duplicated util pkg ([#6597](https://github.com/containerd/containerd/pull/6597)) * integration: remove duplicated util pkg * go.mod: update to github.com/tchap/go-patricia/v2 v2.3.1 ([#6591](https://github.com/containerd/containerd/pull/6591)) * go.mod: update to github.com/tchap/go-patricia/v2 v2.3.1 * Update Go version recommendation in getting started ([#6585](https://github.com/containerd/containerd/pull/6585)) * Update Go version recommendation in getting started * go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3 ([#6337](https://github.com/containerd/containerd/pull/6337)) * go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3 * fix Implicit memory aliasing in for loop ([#6331](https://github.com/containerd/containerd/pull/6331)) * fix Implicit memory aliasing in for loop * Fix build with gccgo ([#6579](https://github.com/containerd/containerd/pull/6579)) * Fix build with gccgo * Replace golang.org/x/net/context with std library ([#6580](https://github.com/containerd/containerd/pull/6580)) * Replace golang.org/x/net/context with std library * containerd-shim-runc-v1: return init pid when clean dead shim ([#6571](https://github.com/containerd/containerd/pull/6571)) * containerd-shim-runc-v1: return init pid when clean dead shim * Use Windows matcher when on Windows platform in all code paths ([#6491](https://github.com/containerd/containerd/pull/6491)) * Initialize platform matchers for current platform * containerd-shim-runc-v2: return init pid when clean dead shim ([#6452](https://github.com/containerd/containerd/pull/6452)) * containerd-shim-runc-v2: return init pid when clean dead shim * [Windows][Integration] Enable TestRestartMonitor ([#6515](https://github.com/containerd/containerd/pull/6515)) * [Windows][Integration] Enable TestRestartMonitor * go.mod: fsnotify v1.5.1, moby/sys/mountinfo v0.6.0, moby/sys/signal v0.7.0 ([#6554](https://github.com/containerd/containerd/pull/6554)) * go.mod: github.com/moby/sys/signal v0.7.0 * go.mod: github.com/moby/sys/mountinfo v0.6.0 * go.mod: github.com/fsnotify/fsnotify v1.5.1 </p> </details> ### Changes from containerd/cgroups <details><summary>21 commits</summary> <p> * ParseCgroupFile: fix wrong comment about unified hierarchy ; add ParseCgroupFileUnified to get the unified path ([#232](https://github.com/containerd/cgroups/pull/232)) * add ParseCgroupFileUnified to get the unified path * ParseCgroupFile: fix wrong comment about unified hierarchy * Bump go version to 1.17 in go.mod ([#230](https://github.com/containerd/cgroups/pull/230)) * Bump go version to 1.17 in go.mod * make cmd/ a separate module (as it's only for testing) ([#226](https://github.com/containerd/cgroups/pull/226)) * make cmd/ a separate module (as it's only for testing) * feat(v2): add Update method for v2.Manager ([#225](https://github.com/containerd/cgroups/pull/225)) * feat(v2): add Update method for v2.Manager * feat: add memory.min param ([#211](https://github.com/containerd/cgroups/pull/211)) * feat: add memory.min param * modified the dereference null pointer value. ([#218](https://github.com/containerd/cgroups/pull/218)) * modified the dereference null pointer value. * update readme for cpu cgroup demo ([#217](https://github.com/containerd/cgroups/pull/217)) * update readme for cpu cgroup demo * Fix systemd full path ([#221](https://github.com/containerd/cgroups/pull/221)) * Fix systemd full path * Update Go version and fedora base ([#223](https://github.com/containerd/cgroups/pull/223)) * Update Go version and fedora base * Fix panic in NewSystemd on nil values ([#219](https://github.com/containerd/cgroups/pull/219)) * Fix panic in NewSystemd on nil values </p> </details> ### Changes from containerd/continuity <details><summary>28 commits</summary> <p> * go.mod: update dependencies (take 2) ([#204](https://github.com/containerd/continuity/pull/204)) * go.mod: update dependencies (take 2) * Revert "go.mod: update dependencies" ([#205](https://github.com/containerd/continuity/pull/205)) * Revert "go.mod: update dependencies" * go.mod: update dependencies * cmd/continuity: remove FUSE for macOS * Various small fix-ups ([#202](https://github.com/containerd/continuity/pull/202)) * README: update badges and links * golangci-lint: replace "golint" with "revive" * sysx: remove unused sysx/generate.sh script * fs: fix minor linting and gofmt issue * update authors and mailmap ([#201](https://github.com/containerd/continuity/pull/201)) * update authors and mailmap * move cmd/continuity to its own go module ([#200](https://github.com/containerd/continuity/pull/200)) * move cmd/continuity to its own go module * remove version package * move continuityfs -> cmd/continuity/continuityfs * move commands -> cmd/continuity/commands * go.mod: update logrus to v1.8.1 * CI: resolve Go path before sudoing ; Remove deprecated io/ioutil (except ioutil.ReadDir) ([#198](https://github.com/containerd/continuity/pull/198)) * CI: resolve Go path before sudoing * CI: modernize Go setup * Remove deprecated io/ioutil (except ioutil.ReadDir) * fs.CopyDir: support sockets and pipes ([#197](https://github.com/containerd/continuity/pull/197)) * fs.CopyDir: support sockets and pipes * Fix wrapping errors ([#196](https://github.com/containerd/continuity/pull/196)) * fs: fix wrapping nil err * fmt.Errorf: use %w, not %v to wrap errors </p> </details> ### Changes from containerd/go-cni <details><summary>22 commits</summary> <p> * go.mod: update libcni to v1.1.1 ([#101](https://github.com/containerd/go-cni/pull/101)) * go.mod: update libcni to v1.1.1 * add in some serial setup tests; a little make cleanup ([#100](https://github.com/containerd/go-cni/pull/100)) * add in some serial setup tests; a little make cleanup * Re-introduce serial network setup ([#99](https://github.com/containerd/go-cni/pull/99)) * Re-introduce serial network setup * bump github.com/containernetworking/cni v1.1.0 ([#98](https://github.com/containerd/go-cni/pull/98)) * bump github.com/containernetworking/cni v1.1.0 * Revert "Update loopback version to support check" ([#96](https://github.com/containerd/go-cni/pull/96)) * Revert "Update loopback version to support check" * Use revive instead of golint ([#92](https://github.com/containerd/go-cni/pull/92)) * Use revive instead of golint * Bump go verion to 1.17 ([#91](https://github.com/containerd/go-cni/pull/91)) * Bump go verion to 1.17 * moving up to latest CNI plugin release ([#90](https://github.com/containerd/go-cni/pull/90)) * moving up to latest CNI plugin release * Fix Loopback Version ([#88](https://github.com/containerd/go-cni/pull/88)) * Update loopback version to support check * Update comment for capabilities ([#89](https://github.com/containerd/go-cni/pull/89)) * update comment for capabilities * Add integration test for linux and update go version from 1.16 to 1.17 ([#84](https://github.com/containerd/go-cni/pull/84)) * Add integration test and update go version </p> </details> ### Changes from containerd/imgcrypt <details><summary>18 commits</summary> <p> * Use reflect to support diff.ApplyConfig with/without gogo's types.Any ([#75](https://github.com/containerd/imgcrypt/pull/75)) * Use reflect to support diff.ApplyConfig with/without gogo's types.Any * Upgrade golangci-lint-action and golangci-lint ([#76](https://github.com/containerd/imgcrypt/pull/76)) * Add build tags to make gofmt happy * Upgrade golangci-lint-action and golangci-lint * CHANGES: Updated CHANGES document for 1.1.4 release ([#74](https://github.com/containerd/imgcrypt/pull/74)) * CHANGES: Updated CHANGES document for 1.1.4 release * Bump github.com/containerd/containerd from 1.5.10 to 1.6.1 ([#73](https://github.com/containerd/imgcrypt/pull/73)) * Bump github.com/containerd/containerd from 1.5.10 to 1.6.1 * images: prepare for typeurl.Any ([#72](https://github.com/containerd/imgcrypt/pull/72)) * images: prepare for typeurl.Any * images: Add list of Platforms to CheckAuthorization() * test: Test running of encrypted image only pulled for local platform * Bump ocicrypt to 1.1.3 ([#71](https://github.com/containerd/imgcrypt/pull/71)) * Bump ocicrypt to 1.1.3 * Bump github.com/containerd/containerd from 1.5.9 to 1.5.10 * Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 ([#67](https://github.com/containerd/imgcrypt/pull/67)) * Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 </p> </details> ### Changes from containerd/nri <details><summary>29 commits</summary> <p> * Extend scope to enable common pluggable runtime extensions. ([#16](https://github.com/containerd/nri/pull/16)) * plugins: fix incorrect go.mod module paths. * pkg/adaptation: don't log a nil error. * README*.md: update READMEs. * plugins: add NRI v0.1.0 adapter plugin. * examples: update dependencies. * README.md: add an updated README. * .github: update CI tests. * plugins: added template plugin. * plugins: add differ plugin. * plugins: add OCI hook injector plugin. * plugins: add sample device injector plugin. * plugins: add sample logger plugin. * pkg/runtime-tools: wrap/extend OCI Spec generator. * pkg/adaptation: add test suite. * pkg/stub: add plugin stub. * pkg/adaptation: add API for runtime integration. * pkg/api: define updated NRI plugin API. * Update GitHub actions CI workflow ([#19](https://github.com/containerd/nri/pull/19)) * Update GitHub actions CI workflow * replace pkg/errors ([#17](https://github.com/containerd/nri/pull/17)) * replace pkg/errors * Update the examples in README.md ([#15](https://github.com/containerd/nri/pull/15)) * Update the examples in README.md * Bump containerd to 1.5.2 * Rename branch from master to main ([#12](https://github.com/containerd/nri/pull/12)) * Rename branch from master to main * Update to containerd 1.5.1 ([#11](https://github.com/containerd/nri/pull/11)) * Bump containerd version v1.5.1 </p> </details> ### Changes from containerd/ttrpc <details><summary>37 commits</summary> <p> * Only generate a Go file if the file has some services ([#112](https://github.com/containerd/ttrpc/pull/112)) * Only generate a Go file if the file has some services * *.go: organize errors to one spot ([#113](https://github.com/containerd/ttrpc/pull/113)) * *.go: organize errors to one spot * PROTOCOL: slight markdown touchup ([#111](https://github.com/containerd/ttrpc/pull/111)) * PROTOCOL: slight markdown touchup * Introduce streaming ([#107](https://github.com/containerd/ttrpc/pull/107)) * Remove unnecessary ttrpc plugin configuration in Protobuild.toml * Unwrap syscall error and check * Update protocol for closed data messages * Add integration test to github actions * Add integration test package * Add streaming support to go-ttrpc generator * Add stream tests * Introduce streaming to client and server * Update checkout and lint actions ([#109](https://github.com/containerd/ttrpc/pull/109)) * Update checkout and lint actions * Add Makefile and update protobuf ([#106](https://github.com/containerd/ttrpc/pull/106)) * Server test show sys error * Update github actions ci to use Makefile * Add makefile and update protoc version * Add ttrpc protocol definition ([#102](https://github.com/containerd/ttrpc/pull/102)) * Add ttrpc protocol definition * Enable Codecov again ([#105](https://github.com/containerd/ttrpc/pull/105)) * Enable Codecov again * Use CR+LF instead of LF regardless of OS ([#103](https://github.com/containerd/ttrpc/pull/103)) * Use CR+LF instead of LF regardless of OS * Log the error's underyling errno if there is ([#104](https://github.com/containerd/ttrpc/pull/104)) * Log the error's underyling errno if there is * Use google.golang.org/protobuf instead of github.com/gogo/protobuf ([#99](https://github.com/containerd/ttrpc/pull/99)) * Use google.golang.org/protobuf instead of github.com/gogo/protobuf * Wrap correct error on unix.GetsockoptUcred failure ([#100](https://github.com/containerd/ttrpc/pull/100)) * Wrap correct error on unix.GetsockoptUcred failure * Update CI project checks to use containerd project action ([#101](https://github.com/containerd/ttrpc/pull/101)) * Update to latest os for build and test * Fix lint issues * Update CI project checks to use containerd project action </p> </details> ### Changes from containerd/typeurl <details><summary>14 commits</summary> <p> * Fallback to google.golang.org/protobuf ([#35](https://github.com/containerd/typeurl/pull/35)) * Fallback to google.golang.org/protobuf * Build with Go 1.17 and Go 1.18 ([#34](https://github.com/containerd/typeurl/pull/34)) * Build with Go 1.17.x and Go 1.18.x * Make nil handling easier ([#33](https://github.com/containerd/typeurl/pull/33)) * Make nil handling easier * Make Any type an interface ([#32](https://github.com/containerd/typeurl/pull/32)) * Make Any type an interface * Add Any type and remove gogo protobuf from interfaces ([#31](https://github.com/containerd/typeurl/pull/31)) * Add Any type and remove gogo protobuf from interfaces * replace pkg/errors ([#29](https://github.com/containerd/typeurl/pull/29)) * replace pkg/errors * Update branch name in GH Actions ([#28](https://github.com/containerd/typeurl/pull/28)) * Update branch name in GH Actions </p> </details> ### Dependency Changes * **cloud.google.com/go/compute/metadata** v0.2.1 **_new_** * **github.com/AdaLogics/go-fuzz-headers** 6c3934b029d8 -> 3345c89a7c72 * **github.com/AdamKorcz/go-118-fuzz-build** b2031950a318 **_new_** * **github.com/Microsoft/go-winio** v0.5.1 -> v0.6.0 * **github.com/Microsoft/hcsshim** v0.9.2 -> v0.10.0-rc.1 * **github.com/blang/semver/v4** v4.0.0 **_new_** * **github.com/cenkalti/backoff/v4** v4.1.2 -> v4.1.3 * **github.com/cilium/ebpf** v0.7.0 -> v0.9.1 * **github.com/container-orchestrated-devices/container-device-interface** v0.5.1 **_new_** * **github.com/containerd/cgroups** v1.0.3 -> v1.0.4 * **github.com/containerd/cgroups/v3** e8802a182774 **_new_** * **github.com/containerd/continuity** v0.2.2 -> v0.3.0 * **github.com/containerd/go-cni** v1.1.3 -> v1.1.6 * **github.com/containerd/imgcrypt** v1.1.3 -> 8ba028dca028 * **github.com/containerd/nri** v0.1.0 -> v0.2.0 * **github.com/containerd/ttrpc** v1.1.0 -> 944ef4a40df3 * **github.com/containerd/typeurl** v1.0.2 -> 7f6e6d160d67 * **github.com/containernetworking/cni** v1.0.1 -> v1.1.1 * **github.com/containernetworking/plugins** v1.0.1 -> v1.1.1 * **github.com/containers/ocicrypt** v1.1.2 -> v1.1.3 * **github.com/cpuguy83/go-md2man/v2** v2.0.0 -> v2.0.2 * **github.com/cyphar/filepath-securejoin** v0.2.3 **_new_** * **github.com/emicklei/go-restful/v3** v3.8.0 **_new_** * **github.com/fsnotify/fsnotify** v1.4.9 -> v1.6.0 * **github.com/go-logr/logr** v1.2.2 -> v1.2.3 * **github.com/google/go-cmp** v0.5.6 -> v0.5.9 * **github.com/google/uuid** v1.2.0 -> v1.3.0 * **github.com/grpc-ecosystem/grpc-gateway/v2** v2.7.0 **_new_** * **github.com/klauspost/compress** v1.11.13 -> v1.15.9 * **github.com/klauspost/cpuid/v2** v2.0.4 **_new_** * **github.com/miekg/pkcs11** v1.0.3 -> v1.1.1 * **github.com/minio/sha256-simd** v1.0.0 **_new_** * **github.com/moby/sys/mountinfo** v0.5.0 -> v0.6.2 * **github.com/moby/sys/sequential** v0.5.0 **_new_** * **github.com/moby/sys/signal** v0.6.0 -> v0.7.0 * **github.com/opencontainers/image-spec** 693428a734f5 -> 3a7f492d3f1b * **github.com/opencontainers/runc** v1.1.0 -> v1.1.4 * **github.com/opencontainers/runtime-spec** 1c3f411f0417 -> 86290f6a00fb * **github.com/opencontainers/runtime-tools** 946c877fa809 **_new_** * **github.com/opencontainers/selinux** v1.10.0 -> v1.10.2 * **github.com/prometheus/client_golang** v1.11.0 -> v1.12.1 * **github.com/prometheus/common** v0.30.0 -> v0.32.1 * **github.com/russross/blackfriday/v2** v2.0.1 -> v2.1.0 * **github.com/sirupsen/logrus** v1.8.1 -> v1.9.0 * **github.com/stretchr/testify** v1.7.0 -> v1.8.0 * **github.com/syndtr/gocapability** 42c35b437635 **_new_** * **github.com/tchap/go-patricia/v2** v2.3.1 **_new_** * **github.com/urfave/cli** v1.22.1 -> v1.22.10 * **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.28.0 -> v0.36.4 * **go.opentelemetry.io/otel** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/exporters/otlp/internal/retry** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/sdk** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/otel/trace** v1.3.0 -> v1.11.1 * **go.opentelemetry.io/proto/otlp** v0.11.0 -> v0.19.0 * **golang.org/x/crypto** 32db794688a5 -> v0.1.0 * **golang.org/x/mod** v0.6.0 **_new_** * **golang.org/x/net** fe4d6282115f -> v0.4.0 * **golang.org/x/oauth2** 2bc19b11175f -> d3ed0bb246c8 * **golang.org/x/sync** 036812b2e83c -> v0.1.0 * **golang.org/x/sys** 1d35b9e2eb4e -> v0.3.0 * **golang.org/x/term** 6886f2dfbf5b -> v0.3.0 * **golang.org/x/text** v0.3.7 -> v0.5.0 * **golang.org/x/time** 1f47c861a9ac -> 90d013bbcef8 * **golang.org/x/tools** v0.2.0 **_new_** * **google.golang.org/genproto** e50cd9704f63 -> 2d387536bcdd * **google.golang.org/grpc** v1.43.0 -> v1.50.1 * **google.golang.org/protobuf** v1.27.1 -> v1.28.1 * **gopkg.in/yaml.v3** 496545a6307b -> v3.0.1 * **k8s.io/api** v0.22.5 -> v0.25.4 * **k8s.io/apimachinery** v0.22.5 -> v0.25.4 * **k8s.io/apiserver** v0.22.5 -> v0.25.4 * **k8s.io/client-go** v0.22.5 -> v0.25.4 * **k8s.io/component-base** v0.22.5 -> v0.25.4 * **k8s.io/cri-api** v0.23.1 -> v0.26.0-beta.0 * **k8s.io/klog/v2** v2.30.0 -> v2.80.1 * **k8s.io/utils** cb0fa318a74b -> 8e77b1f39fe2 * **sigs.k8s.io/json** f223a00ba0e2 **_new_** * **sigs.k8s.io/structured-merge-diff/v4** v4.1.2 -> v4.2.3 * **sigs.k8s.io/yaml** v1.2.0 -> v1.3.0 Previous release can be found at [v1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0) -
v1.6.12
containerd 1.6.12 Welcome to the v1.6.12 release of containerd! The twelfth patch release for containerd 1.6 contains a fix for CVE-2022-23471. ### Notable Updates * **Fix goroutine leak during Exec in CRI plugin** ([GHSA-2qjp-425j-52j9](https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Danny Canter * Phil Estes * Sebastiaan van Stijn ### Changes <details><summary>5 commits</summary> <p> * Github Security Advisory [GHSA-2qjp-425j-52j9](https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9) * Prepare release notes for v1.6.12 * CRI stream server: Fix goroutine leak in Exec * [release/1.6] update to go1.18.9 ([#7766](https://github.com/containerd/containerd/pull/7766)) * [release/1.6] update to go1.18.9 </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.6.11](https://github.com/containerd/containerd/releases/tag/v1.6.11)
-
v1.5.16
containerd 1.5.16 Welcome to the v1.5.16 release of containerd! The sixteenth patch release for containerd 1.5 contains a fix for CVE-2022-23471. ### Notable Updates * **Fix goroutine leak during Exec in CRI plugin** ([GHSA-2qjp-425j-52j9](https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Danny Canter * Phil Estes * Sebastiaan van Stijn ### Changes <details><summary>5 commits</summary> <p> * Github Security Advisory [GHSA-2qjp-425j-52j9](https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9) * Prepare release notes for v1.5.16 * CRI stream server: Fix goroutine leak in Exec * [release/1.5] update to go1.18.9 ([#7767](https://github.com/containerd/containerd/pull/7767)) * [release/1.5] update to go1.18.9 </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.5.15](https://github.com/containerd/containerd/releases/tag/v1.5.15)
-
v1.6.11
containerd 1.6.11 Welcome to the v1.6.11 release of containerd! The eleventh patch release for containerd 1.6 contains a various fixes and updates. ### Notable Updates * **Add pod UID annotation in CRI plugin** ([#7735](https://github.com/containerd/containerd/pull/7735)) * **Fix nil pointer deference for Windows containers in CRI plugin** ([#7737](https://github.com/containerd/containerd/pull/7737)) * **Fix lease labels unexpectedly overwriting expiration** ([#7745](https://github.com/containerd/containerd/pull/7745)) * **Fix for simultaneous diff creation using the same parent snapshot** ([#7756](https://github.com/containerd/containerd/pull/7756)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Wei Fu * Austin Vazquez * Kirtana Ashok * Maksym Pavlenko * Phil Estes * Qasim Sarfraz * Sebastiaan van Stijn * cosmoer ### Changes <details><summary>12 commits</summary> <p> * Prepare release notes for v1.6.11 ([#7760](https://github.com/containerd/containerd/pull/7760)) * Prepare release notes for v1.6.11 * [release/1.6] fix: support simultaneous create diff for same parent snapshot ([#7756](https://github.com/containerd/containerd/pull/7756)) * fix: support simultaneous create diff for same parent snapshot * [release/1.6] cherry-pick: Fix order of operations when setting lease labels ([#7745](https://github.com/containerd/containerd/pull/7745)) * Fix order of operations when setting lease labels * [release/1.6] Added nullptr checks to pkg/cri/server and sbserver ([#7737](https://github.com/containerd/containerd/pull/7737)) * Added nullptr checks to pkg/cri/server and sbserver * [release/1.6] cri: add pod uid annotation ([#7735](https://github.com/containerd/containerd/pull/7735)) * cri: add pod uid annotation * [release/1.6] go.mod: use golang_protobuf_extensions v1.0.4 to prevent incompatible versions ([#7723](https://github.com/containerd/containerd/pull/7723)) * [release/1.6] go.mod: use golang_protobuf_extensions v1.0.4 </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.6.10](https://github.com/containerd/containerd/releases/tag/v1.6.10)