Skip to content

v1.33.7

Choose a tag to compare

View all tags
@github-actions github-actions released this 02 Dec 00:27
· 431 commits to main since this release
v1.33.7
dfa946a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

CRI-O v1.33.7

The release notes have been generated for the commit range
v1.33.6...v1.33.7 on Tue, 02 Dec 2025 00:25:28 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.33.7.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.33.7 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.33.7 \
    --signature cri-o.amd64.v1.33.7.tar.gz.sig \
    --certificate cri-o.amd64.v1.33.7.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.33.7.tar.gz
> bom validate -e cri-o.amd64.v1.33.7.tar.gz.spdx -d cri-o

Changelog since v1.33.6

Changes by Kind

Bug or Regression

  • Fixed CVE-2025-58183: Updated tar-split to v0.12.2 to fix unbounded memory allocation vulnerability when parsing malicious container images with GNU sparse tar files. (#9591, @saschagrunert)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

Contributors

saschagrunert
Assets 2
Loading