Releases: cri-o/cri-o
Releases · cri-o/cri-o
v1.30.10
CRI-O v1.30.10
The release notes have been generated for the commit range
v1.30.9...v1.30.10 on Tue, 04 Feb 2025 00:21:06 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.30.10.tar.gz
- cri-o.arm64.v1.30.10.tar.gz
- cri-o.ppc64le.v1.30.10.tar.gz
- cri-o.s390x.v1.30.10.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.30.10.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.30.10 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.30.10 \
--signature cri-o.amd64.v1.30.10.tar.gz.sig \
--certificate cri-o.amd64.v1.30.10.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.30.10.tar.gz
> bom validate -e cri-o.amd64.v1.30.10.tar.gz.spdx -d cri-oChangelog since v1.30.9
Changes by Kind
Ci
- Fixed build issue with newer golang versions. (#8925, @saschagrunert)
Uncategorized
- Fix path traversal in CRI-O log handling (#8978, @sohankunkerkar)
Dependencies
Added
Nothing has changed.
Changed
- github.com/containers/storage: dfcc633 → e1bc50e
- github.com/cpuguy83/go-md2man/v2: v2.0.3 → v2.0.5
- github.com/urfave/cli: v1.22.14 → v1.22.16
- github.com/vbatts/tar-split: v0.11.5 → v0.11.7
- golang.org/x/sys: v0.21.0 → v0.26.0
Removed
Nothing has changed.
Contributors
saschagrunert and sohankunkerkar
Assets 2
v1.29.13
CRI-O v1.29.13
The release notes have been generated for the commit range
v1.29.12...v1.29.13 on Tue, 04 Feb 2025 00:21:16 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.29.13.tar.gz
- cri-o.arm64.v1.29.13.tar.gz
- cri-o.ppc64le.v1.29.13.tar.gz
- cri-o.s390x.v1.29.13.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.29.13.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.29.13 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.29.13 \
--signature cri-o.amd64.v1.29.13.tar.gz.sig \
--certificate cri-o.amd64.v1.29.13.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.29.13.tar.gz
> bom validate -e cri-o.amd64.v1.29.13.tar.gz.spdx -d cri-oChangelog since v1.29.12
Changes by Kind
Ci
- Fixed build issue with newer golang versions. (#8930, @saschagrunert)
Uncategorized
- Fixed issue when sandbox removal is not possible due to stale or missing network namespace path. (#8818, @openshift-cherrypick-robot)
Dependencies
Added
Nothing has changed.
Changed
- github.com/containers/storage: 9811eb0 → 2d261ce
- github.com/cpuguy83/go-md2man/v2: v2.0.3 → v2.0.5
- github.com/urfave/cli: v1.22.14 → v1.22.16
- github.com/vbatts/tar-split: v0.11.5 → v0.11.7
- golang.org/x/sys: v0.21.0 → v0.26.0
Removed
Nothing has changed.
Contributors
saschagrunert and openshift-cherrypick-robot
Assets 2
v1.30.9
CRI-O v1.30.9
The release notes have been generated for the commit range
v1.30.8...v1.30.9 on Mon, 20 Jan 2025 10:21:30 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.30.9.tar.gz
- cri-o.arm64.v1.30.9.tar.gz
- cri-o.ppc64le.v1.30.9.tar.gz
- cri-o.s390x.v1.30.9.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.30.9.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.30.9 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.30.9 \
--signature cri-o.amd64.v1.30.9.tar.gz.sig \
--certificate cri-o.amd64.v1.30.9.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.30.9.tar.gz
> bom validate -e cri-o.amd64.v1.30.9.tar.gz.spdx -d cri-oChangelog since v1.30.8
Changes by Kind
Uncategorized
- Fixed issue when sandbox removal is not possible due to stale or missing network namespace path. (#8819, @openshift-cherrypick-robot)
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
Contributors
openshift-cherrypick-robot
Assets 2
v1.29.12
CRI-O v1.29.12
The release notes have been generated for the commit range
v1.29.11...v1.29.12 on Thu, 09 Jan 2025 00:21:33 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.29.12.tar.gz
- cri-o.arm64.v1.29.12.tar.gz
- cri-o.ppc64le.v1.29.12.tar.gz
- cri-o.s390x.v1.29.12.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.29.12.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.29.12 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.29.12 \
--signature cri-o.amd64.v1.29.12.tar.gz.sig \
--certificate cri-o.amd64.v1.29.12.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.29.12.tar.gz
> bom validate -e cri-o.amd64.v1.29.12.tar.gz.spdx -d cri-oChangelog since v1.29.11
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
v1.31.4
CRI-O v1.31.4
The release notes have been generated for the commit range
v1.31.3...v1.31.4 on Tue, 07 Jan 2025 00:33:07 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.31.4.tar.gz
- cri-o.arm64.v1.31.4.tar.gz
- cri-o.ppc64le.v1.31.4.tar.gz
- cri-o.s390x.v1.31.4.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.31.4.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.31.4 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.31.4 \
--signature cri-o.amd64.v1.31.4.tar.gz.sig \
--certificate cri-o.amd64.v1.31.4.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.31.4.tar.gz
> bom validate -e cri-o.amd64.v1.31.4.tar.gz.spdx -d cri-oChangelog since v1.31.3
Changes by Kind
Uncategorized
- Add
default_annotationsto the runtime handler configuration field, allowing admins to specify default annotations to pass to pods (#8862, @openshift-cherrypick-robot) - Fix a panic when default_annotations are used (#8885, @openshift-cherrypick-robot)
- Fixed issue when sandbox removal is not possible due to stale or missing network namespace path. (#8820, @openshift-cherrypick-robot)
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
Contributors
openshift-cherrypick-robot
Assets 2
v1.32.0
CRI-O v1.32.0
The release notes have been generated for the commit range
v1.31.0...v1.32.0 on Thu, 19 Dec 2024 16:22:36 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.32.0.tar.gz
- cri-o.arm64.v1.32.0.tar.gz
- cri-o.ppc64le.v1.32.0.tar.gz
- cri-o.s390x.v1.32.0.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.32.0.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.32.0 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.32.0 \
--signature cri-o.amd64.v1.32.0.tar.gz.sig \
--certificate cri-o.amd64.v1.32.0.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.32.0.tar.gz
> bom validate -e cri-o.amd64.v1.32.0.tar.gz.spdx -d cri-oChangelog since v1.31.0
Changes by Kind
Other
- Fixed building CRI-O without libseccomp. (#8686, @michalsieron)
Ci
- Use go 1.23 for nix (static) builds. (#8598, @saschagrunert)
Dependency-Change
Feature
- A runtime handler definition in the configuration file can use a new option
use_default_runtime. Setting it to true causes the values for runtime path, runtime type and runtime root to be inherited from the currently configured default runtime. (#8754, @MarSik) - Add
default_annotationsto the runtime handler configuration field, allowing admins to specify default annotations to pass to pods (#8829, @haircommander) - Added
--pull-progress-timeout/pull_progress_timeoutoption to fine-tune the timeout for making progress on image pull. (#8765, @saschagrunert) - Added crio status
goroutinessubcommand and/debug/goroutinesHTTP endpoint for printing the go routine stack. (#8697, @saschagrunert) - Added crio status
heapsubcommand and/debug/heapHTTP endpoint for creating memory heap dumps. (#8702, @saschagrunert) - Adding support for the systemd watchdog. For now it verifies that the CRI socket is reachable and the runtime reports ready status. (#8791, @saschagrunert)
- Call network plugin GC on startup to attempt cleaning up stale network
resources of pods that could not be restored (#8245, @jcaamano) - Nri plugins can obtain access to the assigned Pod IPs on the PodSandbox hooks (#8731, @aojea)
- Updated NRI to v0.9.0. (#8855, @saschagrunert)
- Use
SignatureValidationFailedCRI error for invalid signatures. (#8656, @saschagrunert) - Use the context timeout / deadline for stopping containers if provided. (#8678, @saschagrunert)
Bug or Regression
- Fix a bug where an
allowed_annotationspecified twice (in either a workload or runtime) couldn't be used (#8628, @haircommander) - Fix a bug where signature checking failed if an image specified both a tag and a digest (#8605, @haircommander)
- Fixed bug to always inherit
monitor_envwhen calling the OCI runtime. (#8808, @saschagrunert) - Fixed evented pleg pod sandbox status timestamp to use a time in nanosecond resolution. (#8582, @saschagrunert)
- Fixed gpgme/gnupg search path in static build binaries. (#8708, @saschagrunert)
- Fixed issue when sandbox removal is not possible due to stale or missing network namespace path. (#8785, @saschagrunert)
Other (Cleanup or Flake)
- Move factory/sandbox to lib/sandbox (#8610, @xw19)
- Require go 1.23 to build CRI-O. (#8597, @saschagrunert)
- Switched to use
RFC3339Nanotimestamp log format (2006-01-02T15:04:05.999999999Z07:00) (#8592, @saschagrunert) - Validate stream server TLS config on startup if TLS should be used. (#8744, @saschagrunert)
Uncategorized
Dependencies
Added
- chainguard.dev/sdk: v0.1.23
- cloud.google.com/go/auth/oauth2adapt: v0.2.4
- cloud.google.com/go/auth: v0.9.1
- cloud.google.com/go/bigtable: v1.29.0
- github.com/chainguard-dev/slogctx: v1.2.2
- github.com/checkpoint-restore/go-criu/v6: v6.3.0
- github.com/containerd/errdefs/pkg: v0.3.0
- github.com/go-logr/zapr: v1.3.0
- github.com/insomniacslk/dhcp: a3a4c1f
- github.com/josharian/native: v1.1.0
- github.com/knqyf263/go-plugin: d8d4205
- github.com/mdlayher/packet: v1.1.2
- github.com/moby/sys/capability: v0.3.0
- github.com/tetratelabs/wazero: v1.8.2
- github.com/u-root/uio: d2acac8
- k8s.io/cri-client: v0.31.4
- sigs.k8s.io/knftables: v0.0.18
Changed
- cel.dev/expr: v0.15.0 → v0.16.1
- chainguard.dev/go-grpc-kit: v0.17.2 → v0.17.5
- cloud.google.com/go/accessapproval: v1.7.5 → v1.7.12
- cloud.google.com/go/accesscontextmanager: v1.8.5 → v1.8.12
- cloud.google.com/go/aiplatform: v1.62.2 → v1.68.0
- cloud.google.com/go/analytics: v0.23.0 → v0.24.0
- cloud.google.com/go/apigateway: v1.6.5 → v1.6.12
- cloud.google.com/go/apigeeconnect: v1.6.5 → v1.6.12
- cloud.google.com/go/apigeeregistry: v0.8.3 → v0.8.10
- cloud.google.com/go/appengine: v1.8.5 → v1.8.12
- cloud.google.com/go/area120: v0.8.5 → v0.8.12
- cloud.google.com/go/artifactregistry: v1.14.7 → v1.14.14
- cloud.google.com/go/asset: v1.18.0 → v1.19.6
- cloud.google.com/go/assuredworkloads: v1.11.5 → v1.11.12
- cloud.google.com/go/auto...
Contributors
MarSik, saschagrunert, and 7 other contributors
Assets 2
v1.31.3
CRI-O v1.31.3
The release notes have been generated for the commit range
v1.31.2...v1.31.3 on Tue, 03 Dec 2024 00:23:41 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.31.3.tar.gz
- cri-o.arm64.v1.31.3.tar.gz
- cri-o.ppc64le.v1.31.3.tar.gz
- cri-o.s390x.v1.31.3.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.31.3.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.31.3 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.31.3 \
--signature cri-o.amd64.v1.31.3.tar.gz.sig \
--certificate cri-o.amd64.v1.31.3.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.31.3.tar.gz
> bom validate -e cri-o.amd64.v1.31.3.tar.gz.spdx -d cri-oChangelog since v1.31.2
Changes by Kind
Uncategorized
- A runtime handler definition in the configuration file can use a new option
use_default_runtime. Setting it to true causes the values for runtime path, runtime type and runtime root to be inherited from the currently configured default runtime. (#8762, @openshift-cherrypick-robot) - Added
--pull-progress-timeout/pull_progress_timeoutoption to fine-tune the timeout for making progress on image pull. (#8776, @openshift-cherrypick-robot) - Fixed gpgme/gnupg search path in static build binaries. (#8745, @openshift-cherrypick-robot)
- Only restore container if all bind mounts are defined. (#8792, @kwilczynski)
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
Contributors
kwilczynski and openshift-cherrypick-robot
Assets 2
v1.30.8
CRI-O v1.30.8
The release notes have been generated for the commit range
v1.30.7...v1.30.8 on Tue, 03 Dec 2024 00:23:43 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.30.8.tar.gz
- cri-o.arm64.v1.30.8.tar.gz
- cri-o.ppc64le.v1.30.8.tar.gz
- cri-o.s390x.v1.30.8.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.30.8.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.30.8 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.30.8 \
--signature cri-o.amd64.v1.30.8.tar.gz.sig \
--certificate cri-o.amd64.v1.30.8.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.30.8.tar.gz
> bom validate -e cri-o.amd64.v1.30.8.tar.gz.spdx -d cri-oChangelog since v1.30.7
Changes by Kind
Uncategorized
- Only restore container if all bind mounts are defined. (#8793, @kwilczynski)
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
Contributors
kwilczynski
Assets 2
v1.29.11
CRI-O v1.29.11
The release notes have been generated for the commit range
v1.29.10...v1.29.11 on Tue, 03 Dec 2024 00:23:49 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.29.11.tar.gz
- cri-o.arm64.v1.29.11.tar.gz
- cri-o.ppc64le.v1.29.11.tar.gz
- cri-o.s390x.v1.29.11.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.29.11.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.29.11 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.29.11 \
--signature cri-o.amd64.v1.29.11.tar.gz.sig \
--certificate cri-o.amd64.v1.29.11.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.29.11.tar.gz
> bom validate -e cri-o.amd64.v1.29.11.tar.gz.spdx -d cri-oChangelog since v1.29.10
Changes by Kind
Uncategorized
- Only restore container if all bind mounts are defined. (#8795, @kwilczynski)
Dependencies
Added
Nothing has changed.
Changed
Nothing has changed.
Removed
Nothing has changed.
Contributors
kwilczynski
Assets 2
v1.31.2
CRI-O v1.31.2
The release notes have been generated for the commit range
v1.31.1...v1.31.2 on Sat, 02 Nov 2024 00:21:02 UTC.
Downloads
Download one of our static release bundles via our Google Cloud Bucket:
- cri-o.amd64.v1.31.2.tar.gz
- cri-o.arm64.v1.31.2.tar.gz
- cri-o.ppc64le.v1.31.2.tar.gz
- cri-o.s390x.v1.31.2.tar.gz
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.31.2.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.31.2 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.31.2 \
--signature cri-o.amd64.v1.31.2.tar.gz.sig \
--certificate cri-o.amd64.v1.31.2.tar.gz.certTo verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.31.2.tar.gz
> bom validate -e cri-o.amd64.v1.31.2.tar.gz.spdx -d cri-oChangelog since v1.31.1
Changes by Kind
Uncategorized
- Fix a bug where an
allowed_annotationspecified twice (in either a workload or runtime) couldn't be used (#8710, @openshift-cherrypick-robot)
Dependencies
Added
Nothing has changed.
Changed
- github.com/containers/storage: v1.55.0 → 02f1845
Removed
Nothing has changed.
Contributors
openshift-cherrypick-robot