Skip to content

Tags: gilyas/containerd

Tags

v1.7.19

Toggle v1.7.19's commit message

Verified

This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Verified
Learn about vigilant mode 
containerd 1.7.19

Welcome to the v1.7.19 release of containerd!

The nineteenth patch release for containerd 1.7 contains various updates and
splits the main module from the api module in preparation for the same change
in containerd 2.0. Splitting the modules will allow 1.7 and 2.x to both exist
as transitive dependencies without running into API registration errors.
Projects should use this version as the minimum 1.7 version in preparing to
use containerd 2.0 or to be imported alongside it.

### Highlights

* Fix support for OTLP config ([containerd#10360](containerd#10360))
* Add API go module ([containerd#10189](containerd#10189))
* Remove overlayfs volatile option on temp mounts ([containerd#10332](containerd#10332))
* Update runc binary to v1.1.13 ([containerd#10336](containerd#10336))
* Migrate platforms package to github.com/containerd/platforms ([containerd#10292](containerd#10292))
* Migrate reference/docker package to github.com/distribution/reference ([containerd#10316](containerd#10316))

#### Container Runtime Interface (CRI)

* Fix panic in NRI from nil CRI reference ([containerd#10406](containerd#10406))
* Fix Windows HPC working directory ([containerd#10306](containerd#10306))

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Derek McGowan
* Sebastiaan van Stijn
* Wei Fu
* Phil Estes
* Akhil Mohan
* Akihiro Suda
* Brian Goff
* Kirtana Ashok
* Maksym Pavlenko
* Samuel Karp
* Austin Vazquez
* Danny Canter
* Kazuyoshi Kato
* Maksim An
* Yuanyuan Lei
* krglosse

### Changes
<details><summary>70 commits</summary>
<p>

* Prepare release notes for v1.7.19 ([containerd#10391](containerd#10391))
  * [`74a3d2901`](containerd@74a3d29) Prepare release notes for v1.7.19
* Fix panic in NRI from nil CRI reference ([containerd#10406](containerd#10406))
  * [`7f5d3c5f4`](containerd@7f5d3c5) cri: ensure NRI API never has nil CRI
* Windows: Supply windows shim version via file ([containerd#10403](containerd#10403))
  * [`6efc5bb89`](containerd@6efc5bb) update runhcs binary to v0.11.7
  * [`945ae09fd`](containerd@945ae09) Windows: Supply windows shim version via file
* reference: deprecate SplitObject ([containerd#10397](containerd#10397))
  * [`dba53578c`](containerd@dba5357) pkg/reference: deprecate SplitObject
* Updating hcsshim vendoring to 0.11.7 to include an important backported fix ([containerd#10396](containerd#10396))
  * [`415dd74a8`](containerd@415dd74) updating hcsshim to 0.11.7
* reference: reduce allocations and improve GoDoc ([containerd#10395](containerd#10395))
  * [`5ad1d2e75`](containerd@5ad1d2e) pkg/reference: Spec.Digest(): inline SplitObject code
  * [`57ce09b42`](containerd@57ce09b) pkg/reference: SplitObject: add proper GoDoc
  * [`78ac93fed`](containerd@78ac93f) pkg/reference: SplitObject: zero allocations
  * [`b074e3a7c`](containerd@b074e3a) pkg/reference: Spec.String(): use string-concatenation instead of sprintf
* Update api version to v1.7.19 ([containerd#10387](containerd#10387))
  * [`0eb786de6`](containerd@0eb786d) Update api version to v1.7.19
* Prepare release notes for api v1.7.19 ([containerd#10386](containerd#10386))
  * [`436feeb0d`](containerd@436feeb) Prepare api release for v1.7.19
  * [`83822d144`](containerd@83822d1) Add api release action
* : api: update github.com/containerd/ttrpc v1.2.5 to align with containerd 1.7 module ([containerd#10364](containerd#10364))
  * [`2a6aa6ddf`](containerd@2a6aa6d) [release/1.7] api: update github.com/containerd/ttrpc v1.2.5
* vendor: github.com/containerd/ttrpc v1.2.5 ([containerd#10373](containerd#10373))
  * [`37926b10d`](containerd@37926b1) vendor: github.com/containerd/ttrpc v1.2.5
* golangci-lint fix typo in depguard message ([containerd#10371](containerd#10371))
  * [`a522e267e`](containerd@a522e26) golangci-lint fix typo in depguard message
* Fix support for OTLP config ([containerd#10360](containerd#10360))
  * [`1ce1c8f3e`](containerd@1ce1c8f) 1.7: Add back support for OTLP config from toml
* remove imports of errdefs package, and add depguard linter ([containerd#10367](containerd#10367))
  * [`136e1b72d`](containerd@136e1b7) golangci-lint: enable depguard for packages that moved
  * [`f5ce2f204`](containerd@f5ce2f2) remove imports of errdefs package
* Add API go module ([containerd#10189](containerd#10189))
  * [`3be919f3c`](containerd@3be919f) Add support for 1.8 interfaces
  * [`5b87eb502`](containerd@5b87eb5) Add go mod replace when proto changes happen
  * [`a3a7431bc`](containerd@a3a7431) Add api go submodule
  * [`61b3e2261`](containerd@61b3e22) Alias protobuf plugin to new api types package
  * [`4b82470f6`](containerd@4b82470) refactor: move plugin/fieldpath to api/types/
* Remove overlayfs volatile option on temp mounts ([containerd#10332](containerd#10332))
  * [`24ce9e431`](containerd@24ce9e4) integration: backport upgrade testsuite's utils
  * [`79500d5cb`](containerd@79500d5) *: export RemoveVolatileOption for CRI image volumes
  * [`bb80bd768`](containerd@bb80bd7) strip-volatile-option-tmp-mounts
* Update runc binary to v1.1.13 ([containerd#10336](containerd#10336))
  * [`6dce90b15`](containerd@6dce90b) update runc binary to v1.1.13
* Fail integration test early when a plugin load fails ([containerd#10311](containerd#10311))
  * [`884094be8`](containerd@884094b) devmapper plugin: skip plugin when not configured
  * [`40012b644`](containerd@40012b6) Fail integration test early when a plugin load fails
* Migrate platforms package to github.com/containerd/platforms ([containerd#10292](containerd#10292))
  * [`869b78677`](containerd@869b786) vendor: github.com/containerd/platforms v0.2.1
  * [`6ccdf6977`](containerd@6ccdf69) platforms: mark aliases as deprecated
  * [`19a056163`](containerd@19a0561) adjust default platform for backward-compatibility
  * [`6ff3e09d2`](containerd@6ff3e09) migrate platforms package to github.com/containerd/platforms
* go.mod: github.com/klauspost/compress v1.16.7 ([containerd#10326](containerd#10326))
  * [`327a3ac61`](containerd@327a3ac) go.mod: github.com/klauspost/compress v1.16.7
  * [`d0d1264a6`](containerd@d0d1264) vendor: github.com/klauspost/compress v1.16.5
* Use Github Actions to run Vagrant CI ([containerd#10325](containerd#10325))
  * [`02b8dd5ff`](containerd@02b8dd5) Remove cirrus configuration
  * [`31d951bf5`](containerd@31d951b) Run vagrant integration tests as github actions
* Migrate reference/docker package to github.com/distribution/reference ([containerd#10316](containerd#10316))
  * [`97abbe9cb`](containerd@97abbe9) build(deps): bump github.com/distribution/reference from 0.5.0 to 0.6.0
  * [`a00a2d20a`](containerd@a00a2d2) reference/docker: remove deprecated SplitHostname
  * [`b38c0f2ef`](containerd@b38c0f2) replace reference/docker for github.com/distribution/reference v0.5.0
* build(deps): bump go.etcd.io/bbolt from 1.3.9 to 1.3.10 ([containerd#10315](containerd#10315))
  * [`fef432bfe`](containerd@fef432b) build(deps): bump go.etcd.io/bbolt from 1.3.9 to 1.3.10
  * [`487c61bfb`](containerd@487c61b) vendor: go.etcd.io/bbolt v1.3.9
  * [`7211f87c4`](containerd@7211f87) build(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0
  * [`e908c3e6f`](containerd@e908c3e) vendor: golang.org/x/sync v0.4.0
  * [`d814be5ce`](containerd@d814be5) build(deps): bump go.etcd.io/bbolt from 1.3.7 to 1.3.8
* Fix Windows HPC working directory ([containerd#10306](containerd#10306))
  * [`33b62936e`](containerd@33b6293) [release/1.7]: HPC working directory fix in pkg/cri/server code
</p>
</details>

### Changes from containerd/platforms
<details><summary>21 commits</summary>
<p>

* Remove hcsshim import from repo ([containerd/platforms#10](containerd/platforms#10))
  * [`f680838`](containerd/platforms@f680838) Remove hcsshim import from repo
* Fix windows matching when os version is empty ([containerd/platforms#11](containerd/platforms#11))
  * [`983ba15`](containerd/platforms@983ba15) Update windows matcher to not compare empty os version
  * [`17c859f`](containerd/platforms@17c859f) Add tests for osversion matching with no version
* Add format for platform string ([containerd/platforms#6](containerd/platforms#6))
  * [`38a74d2`](containerd/platforms@38a74d2) Add grammar for platform string
* downgrade minimum required version of hcsshim to v0.10.0 ([containerd/platforms#5](containerd/platforms#5))
  * [`724b9f8`](containerd/platforms@724b9f8) downgrade minimum required version of hcsshim to v0.10.0
* enable linter on windows ([containerd/platforms#4](containerd/platforms#4))
  * [`f6dd384`](containerd/platforms@f6dd384) enable linter on windows
* fix grammar and highlights in README ([containerd/platforms#3](containerd/platforms#3))
  * [`cb03428`](containerd/platforms@cb03428) fix grammar and highlights in README
* Fix link in README ([containerd/platforms#1](containerd/platforms#1))
  * [`5b937b0`](containerd/platforms@5b937b0) Fix link in README
* Update Windows linter version ([containerd/platforms#2](containerd/platforms#2))
  * [`129b256`](containerd/platforms@129b256) Update linter to skip Windows
  * [`18e3da6`](containerd/platforms@18e3da6) Add Github actions CI
  * [`ed29dfd`](containerd/platforms@ed29dfd) Remove space at end of readme
  * [`b3f80ee`](containerd/platforms@b3f80ee) Add go module
  * [`8ff004c`](containerd/platforms@8ff004c) Add license and readme
</p>
</details>

### Changes from containerd/ttrpc
<details><summary>4 commits</summary>
<p>

* switch to github.com/containerd/log for logs ([containerd/ttrpc#169](containerd/ttrpc#169))
  * [`4785c70`](containerd/ttrpc@4785c70) switch to github.com/containerd/log for logs
* Fix CI build status badge in readme ([containerd/ttrpc#162](containerd/ttrpc#162))
  * [`e0f3ead`](containerd/ttrpc@e0f3ead) Fix CI build status badge in readme
</p>
</details>

### Dependency Changes

* **github.com/Microsoft/hcsshim**          v0.11.5 -> v0.11.7
* **github.com/containerd/containerd/api**  v1.7.19 **_new_**
* **github.com/containerd/platforms**       v0.2.1 **_new_**
* **github.com/containerd/ttrpc**           v1.2.4 -> v1.2.5
* **github.com/distribution/reference**     v0.6.0 **_new_**
* **github.com/klauspost/compress**         v1.16.0 -> v1.16.7
* **go.etcd.io/bbolt**                      v1.3.7 -> v1.3.10
* **golang.org/x/sync**                     v0.3.0 -> v0.5.0

Previous release can be found at [v1.7.18](https://github.com/containerd/containerd/releases/tag/v1.7.18)

api/v1.7.19

Toggle api/v1.7.19's commit message

Verified

This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Verified
Learn about vigilant mode 
containerd api/v1.7.19

Welcome to the api/v1.7.19 release of containerd!

The first dedicated release for the containerd 1.7 API. This release is
separately tagged from the main 1.7.x releases after the v1.7.18
release but follows the versioning.

### Highlights

* Add API go module ([containerd#10189](containerd#10189))

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Derek McGowan
* Akhil Mohan
* Phil Estes
* Sebastiaan van Stijn

### Changes
<details><summary>8 commits</summary>
<p>

* Prepare release notes for api v1.7.19 ([containerd#10386](containerd#10386))
  * [`436feeb0d`](containerd@436feeb) Prepare api release for v1.7.19
* : api: update github.com/containerd/ttrpc v1.2.5 to align with containerd 1.7 module ([containerd#10364](containerd#10364))
  * [`2a6aa6ddf`](containerd@2a6aa6d) [release/1.7] api: update github.com/containerd/ttrpc v1.2.5
* Add API go module ([containerd#10189](containerd#10189))
  * [`3be919f3c`](containerd@3be919f) Add support for 1.8 interfaces
  * [`a3a7431bc`](containerd@a3a7431) Add api go submodule
  * [`4b82470f6`](containerd@4b82470) refactor: move plugin/fieldpath to api/types/
</p>
</details>

### Dependency Changes

* **github.com/containerd/ttrpc**                v1.2.4 -> v1.2.5
* **github.com/golang/protobuf**                 v1.5.4 -> v1.5.3
* **google.golang.org/genproto/googleapis/rpc**  d307bd883b97 -> b8732ec3820d

Previous release can be found at [v1.7.18](https://github.com/containerd/containerd/releases/tag/v1.7.18)

v2.0.0-rc.3

Toggle v2.0.0-rc.3's commit message

Verified

This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Verified
Learn about vigilant mode 
containerd 2.0.0-rc.3

Welcome to the v2.0.0-rc.3 release of containerd!
*This is a pre-release of containerd*

The first major release of containerd 2.x focuses on the continued stability of
containerd's core feature set with an easy upgrade from containerd 1.x. This
release includes the stabilization of new features added in the last 1.x release
as well as the removal of features which were deprecated in 1.x. The goal is to
support the vast community of containerd users well into the future along with
their ever increasing deployment footprints and variety of use cases.

### Highlights

* Preserve Unprivileged locked flags during remount of bind mounts ([containerd#10200](containerd#10200))
* Add api Go module and move all protos under api ([containerd#10151](containerd#10151))
* Configure otel from env instead of config.toml ([containerd#8970](containerd#8970))
* Fix config import relative path glob ([containerd#9746](containerd#9746))
* Enable NRI by default ([containerd#9744](containerd#9744))
* Add PluginInfo to introspection API ([containerd#9442](containerd#9442))
* Remove overlayfs volatile option on temp mounts ([containerd#9555](containerd#9555))
* Move packages based on contributing guide ([containerd#9365](containerd#9365))
* Expose usage of deprecated features ([containerd#9258](containerd#9258))
* Use Intel ISA-L's igzip if available ([containerd#9200](containerd#9200))
* Generalize plugin library ([containerd#9214](containerd#9214))
* Introduce top level config migration ([containerd#9223](containerd#9223))
* Add image delete target ([containerd#8989](containerd#8989))
* Remove `LimitNOFILE` from `containerd.service` ([containerd#8924](containerd#8924))
* Use github.com/containerd/log ([containerd#9086](containerd#9086))
* Add support for image expiration during garbage collection ([containerd#9022](containerd#9022))
* Reduce the contention between ref lock and boltdb lock in content store ([containerd#8792](containerd#8792))
* Remove "containerd.io/restart.logpath" label ([containerd#8264](containerd#8264))
* Remove `aufs` snapshotter ([containerd#8263](containerd#8263))
* Fix deadlock during NRI plugin registration ([containerd/nri#79](containerd/nri#79))
* Fix deadlock when writing to pipe blocks ([containerd/ttrpc#168](containerd/ttrpc#168))

#### Container Runtime Interface (CRI)

* Add support to set loopback to up ([containerd#10238](containerd#10238))
* Add support for multiple subscribers to CRI container events ([containerd#9661](containerd#9661))
* Enable CDI by default ([containerd#9621](containerd#9621))
* Remove non-sandboxed CRI implementation ([containerd#9228](containerd#9228))
* Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) ([containerd#8287](containerd#8287))
* Use sandboxed CRI by default ([containerd#8994](containerd#8994))
* Implement RuntimeConfig CRI call ([containerd#8722](containerd#8722))
* Add support for user namespaces (KEP-127) ([containerd#8803](containerd#8803))
* Remove CRI v1alpha2 ([containerd#8276](containerd#8276))

#### Image Distribution

* Skip "unknown" in image platform listing ([containerd#10257](containerd#10257))
* Update unpacker to fetch all provided content ([containerd#10202](containerd#10202))
* Enable Transfer service API to support plain HTTP ([containerd#10024](containerd#10024))
* Enable Transfer service to use registry configuration directory ([containerd#9908](containerd#9908))
* Disable the support for Schema 1 images ([containerd#9765](containerd#9765))
* Update Transfer service to add OCI descriptors to Progress structure ([containerd#9630](containerd#9630))
* Update import and export to allow references to missing content  ([containerd#9554](containerd#9554))
* Add option to perform syncfs after pull ([containerd#9401](containerd#9401))
* Add image verifier transfer service plugin system based on a binary directory ([containerd#8493](containerd#8493))

#### Runtime

* Provide runtime options in plugin info ([containerd#10251](containerd#10251))
* Store bootstrap parameters in sandbox metadata ([containerd#9736](containerd#9736))
* Update apparmor to allow confined runc to kill containers ([containerd#10123](containerd#10123))
* Support vsock connection to task api ([containerd#9738](containerd#9738))
* Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([containerd#9320](containerd#9320))
* Switch runc shim to task service v3 and fix restore ([containerd#9233](containerd#9233))
* Add sandboxer configuration and move sandbox controllers to plugins ([containerd#8268](containerd#8268))
* Add annotations to CreateSandbox request ([containerd#8960](containerd#8960))
* Add SandboxMetrics ([containerd#8680](containerd#8680))
* Publish sandbox events ([containerd#8602](containerd#8602))
* Remove the CriuPath field from runc's options ([containerd#8279](containerd#8279))
* Remove support for config.toml `version = 1` ([containerd#8275](containerd#8275))
* Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([containerd#8262](containerd#8262))

#### Security Advisories

* [medium] RAPL accessible to a container [GHSA-7ww5-4wqc-m92c](GHSA-7ww5-4wqc-m92c)

#### Breaking

* Disable the support for Schema 1 images ([containerd#9765](containerd#9765))
* Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([containerd#9320](containerd#9320))
* Move client to subpackage ([containerd#9316](containerd#9316))
* Remove `LimitNOFILE` from `containerd.service` ([containerd#8924](containerd#8924))
* Remove CRI v1alpha2 ([containerd#8276](containerd#8276))
* Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([containerd#8262](containerd#8262))
* Remove "containerd.io/restart.logpath" label ([containerd#8264](containerd#8264))
* Remove `aufs` snapshotter ([containerd#8263](containerd#8263))

#### Deprecations

* Add type alias for event Envelope ([containerd#10279](containerd#10279))
* Postpone removal of deprecated CRI config properties ([containerd#9966](containerd#9966))
* Deprecate go-plugin configuration option ([containerd#9238](containerd#9238))
* CNI conf_template in CRI is no longer deprecated ([containerd#8637](containerd#8637))

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Derek McGowan
* Akihiro Suda
* Maksym Pavlenko
* Wei Fu
* Phil Estes
* Sebastiaan van Stijn
* Samuel Karp
* Stefan Berger
* Kazuyoshi Kato
* Rodrigo Campos
* Danny Canter
* Abel Feng
* Gabriel Adrian Samfira
* Kirtana Ashok
* Austin Vazquez
* Iceber Gu
* Kohei Tokunaga
* Mike Brown
* Krisztian Litkey
* Akhil Mohan
* Jin Dong
* Bjorn Neergaard
* rongfu.leng
* Justin Chadwell
* James Sturtevant
* Paul "TBBle" Hampson
* Davanum Srinivas
* Enrico Weigelt
* Brian Goff
* Henry Wang
* Paweł Gronowski
* Hsing-Yu (David) Chen
* Ilya Hanov
* Laura Brehm
* Marat Radchenko
* Cardy.Tang
* Shingo Omura
* Aditi Sharma
* Bryant Biggs
* Evan Lezar
* Jordan Liggitt
* Kay Yan
* Markus Lehtonen
* Nashwan Azhari
* Shuaiyi Zhang
* Vinayak Goyal
* helen
* Alexandru Matei
* Amit Barve
* Anthony Nandaa
* Charity Kathure
* Ed Bartosh
* Etienne Champetier
* James Jenkins
* Kevin Parsons
* Milas Bowman
* Swagat Bora
* yanggang
* Aditya Ramani
* Adrian Reber
* Amir M. Ghazanfari
* Artem Khramov
* Avi Deitcher
* Brad Davidson
* Chen Yiyang
* Christian Muehlhaeuser
* Cory Snider
* Djordje Lukic
* Edgar Lee
* Ethan Lowman
* Jiang Liu
* June Rhodes
* Lucas Rattz
* Mahamed Ali
* Maksim An
* Michael Crosby
* Peteris Rudzusiks
* Sam Edwards
* Samruddhi Khandale
* Steve Griffith
* Tony Fang
* VERNOU Cédric
* hang.jiang
* jerryzhuang
* lengrongfu
* ningmingxiao
* roman-kiselenko
* zhanluxianshen
* zounengren
* Aaron Lehmann
* Adrien Delorme
* Alex Couture-Beil
* Alex Ellis
* Alex Rodriguez
* Angelos Kolaitis
* Antonio Huete Jimenez
* Arash Haghighat
* Ben Foster
* Bin Tang
* Bin Xin
* BinBin He
* Brennan Kinney
* Changqing Li
* ChengenH
* ChengyuZhu6
* Christian Stewart
* Craig Ingram
* Daisy Rong
* David Porter
* Derek Nola
* Eng Zer Jun
* Fabiano Fidêncio
* Fahed Dorgaa
* Gary McDonald
* Iain Macdonald
* James Lakin
* Jan Dubois
* Jaroslav Jindrak
* Jiongchi Yu
* Julien Balestra
* Kern Walster
* Kirill A. Korinsky
* Konstantin Khlebnikov
* Michael Zappa
* Pan Yibo
* Qasim Sarfraz
* Qiutong Song
* Reinhard Tartler
* Robbie Buxton
* Robert-André Mauchin
* Ruihua Wen
* Shukui Yang
* Talon
* Tianon Gravi
* Tim Hockin
* Tobias Klauser
* Tomáš Virtus
* Tõnis Tiigi
* Wang Xinwen
* William Chen
* Xinyang Ge
* Yibo Zhuang
* Yury Gargay
* Zechun Chen
* Zhang Tianyang
* Zoe
* baijia
* bzsuni
* charles-chenzz
* chschumacher1994
* guangli.bao
* guangwu
* krglosse
* pigletfly
* rokkiter
* wangxiang
* zhangpeng
* zhaojizhuang
* 吴小白
* 张钰
* 沈陵
* 谭九鼎

### Dependency Changes

* **dario.cat/mergo**                                                              v1.0.0 **_new_**
* **github.com/AdaLogics/go-fuzz-headers**                                         1f10f66a31bf -> ced1acdcaa24
* **github.com/AdamKorcz/go-118-fuzz-build**                                       5330a85ea652 -> 8075edf89bb0
* **github.com/Masterminds/semver/v3**                                             v3.2.1 **_new_**
* **github.com/Microsoft/go-winio**                                                v0.6.0 -> v0.6.2
* **github.com/Microsoft/hcsshim**                                                 v0.10.0-rc.7 -> v0.12.4
* **github.com/cenkalti/backoff/v4**                                               v4.2.0 -> v4.3.0
* **github.com/checkpoint-restore/checkpointctl**                                  v1.2.0 **_new_**
* **github.com/checkpoint-restore/go-criu/v7**                                     v7.1.0 **_new_**
* **github.com/cilium/ebpf**                                                       v0.9.1 -> v0.11.0
* **github.com/containerd/cgroups/v3**                                             v3.0.1 -> v3.0.3
* **github.com/containerd/console**                                                v1.0.3 -> v1.0.4
* **github.com/containerd/containerd/api**                                         v1.8.0-rc.2 **_new_**
* **github.com/containerd/continuity**                                             v0.3.0 -> v0.4.3
* **github.com/containerd/errdefs**                                                v0.1.0 **_new_**
* **github.com/containerd/go-runc**                                                v1.0.0 -> v1.1.0
* **github.com/containerd/imgcrypt**                                               v1.1.7 -> 3ca09a2db5cd
* **github.com/containerd/log**                                                    v0.1.0 **_new_**
* **github.com/containerd/nri**                                                    v0.3.0 -> v0.6.1
* **github.com/containerd/platforms**                                              v0.2.1 **_new_**
* **github.com/containerd/plugin**                                                 v0.1.0 **_new_**
* **github.com/containerd/ttrpc**                                                  v1.2.1 -> v1.2.4
* **github.com/containerd/typeurl/v2**                                             v2.1.0 -> v2.1.1
* **github.com/containernetworking/cni**                                           v1.1.2 -> v1.2.0
* **github.com/containernetworking/plugins**                                       v1.2.0 -> v1.4.1
* **github.com/containers/ocicrypt**                                               v1.1.6 -> v1.1.10
* **github.com/cpuguy83/go-md2man/v2**                                             v2.0.2 -> v2.0.4
* **github.com/davecgh/go-spew**                                                   v1.1.1 -> d8f796af33cc
* **github.com/distribution/reference**                                            v0.6.0 **_new_**
* **github.com/emicklei/go-restful/v3**                                            v3.10.1 -> v3.11.0
* **github.com/felixge/httpsnoop**                                                 v1.0.4 **_new_**
* **github.com/fsnotify/fsnotify**                                                 v1.6.0 -> v1.7.0
* **github.com/go-jose/go-jose/v3**                                                v3.0.3 **_new_**
* **github.com/go-logr/logr**                                                      v1.2.3 -> v1.4.1
* **github.com/golang/protobuf**                                                   v1.5.2 -> v1.5.4
* **github.com/google/go-cmp**                                                     v0.5.9 -> v0.6.0
* **github.com/google/uuid**                                                       v1.3.0 -> v1.6.0
* **github.com/gorilla/websocket**                                                 v1.5.0 **_new_**
* **github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus**            v1.0.1 **_new_**
* **github.com/grpc-ecosystem/go-grpc-middleware/v2**                              v2.1.0 **_new_**
* **github.com/grpc-ecosystem/grpc-gateway/v2**                                    v2.7.0 -> v2.19.1
* **github.com/intel/goresctrl**                                                   v0.3.0 -> v0.7.0
* **github.com/klauspost/compress**                                                v1.16.0 -> v1.17.8
* **github.com/klauspost/cpuid/v2**                                                v2.0.4 -> v2.2.5
* **github.com/mdlayher/socket**                                                   v0.4.1 **_new_**
* **github.com/mdlayher/vsock**                                                    v1.2.1 **_new_**
* **github.com/minio/sha256-simd**                                                 v1.0.0 -> v1.0.1
* **github.com/moby/sys/mountinfo**                                                v0.6.2 -> v0.7.1
* **github.com/moby/sys/user**                                                     v0.1.0 **_new_**
* **github.com/mxk/go-flowrate**                                                   cca7078d478f **_new_**
* **github.com/opencontainers/image-spec**                                         3a7f492d3f1b -> v1.1.0
* **github.com/opencontainers/runtime-spec**                                       v1.1.0-rc.1 -> v1.2.0
* **github.com/opencontainers/runtime-tools**                                      946c877fa809 -> 2e043c6bd626
* **github.com/pelletier/go-toml/v2**                                              v2.2.2 **_new_**
* **github.com/pmezard/go-difflib**                                                v1.0.0 -> 5d4384ee4fb2
* **github.com/prometheus/client_golang**                                          v1.14.0 -> v1.19.1
* **github.com/prometheus/client_model**                                           v0.3.0 -> v0.5.0
* **github.com/prometheus/common**                                                 v0.37.0 -> v0.48.0
* **github.com/prometheus/procfs**                                                 v0.8.0 -> v0.12.0
* **github.com/sirupsen/logrus**                                                   v1.9.0 -> v1.9.3
* **github.com/stretchr/testify**                                                  v1.8.2 -> v1.9.0
* **github.com/urfave/cli/v2**                                                     v2.27.2 **_new_**
* **github.com/vishvananda/netns**                                                 2eb08e3e575f -> v0.0.4
* **github.com/xrash/smetrics**                                                    5f08fbb34913 **_new_**
* **go.etcd.io/bbolt**                                                             v1.3.7 -> v1.3.10
* **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc**  v0.40.0 -> v0.51.0
* **go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp**                v0.51.0 **_new_**
* **go.opentelemetry.io/otel**                                                     v1.14.0 -> v1.26.0
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace**                            v1.14.0 -> v1.26.0
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc**              v1.14.0 -> v1.26.0
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp**              v1.14.0 -> v1.26.0
* **go.opentelemetry.io/otel/metric**                                              v0.37.0 -> v1.26.0
* **go.opentelemetry.io/otel/sdk**                                                 v1.14.0 -> v1.26.0
* **go.opentelemetry.io/otel/trace**                                               v1.14.0 -> v1.26.0
* **go.opentelemetry.io/proto/otlp**                                               v0.19.0 -> v1.2.0
* **golang.org/x/crypto**                                                          v0.1.0 -> v0.23.0
* **golang.org/x/exp**                                                             aacd6d4b4611 **_new_**
* **golang.org/x/mod**                                                             v0.7.0 -> v0.18.0
* **golang.org/x/net**                                                             v0.7.0 -> v0.25.0
* **golang.org/x/oauth2**                                                          v0.4.0 -> v0.17.0
* **golang.org/x/sync**                                                            v0.1.0 -> v0.7.0
* **golang.org/x/sys**                                                             v0.6.0 -> v0.21.0
* **golang.org/x/term**                                                            v0.5.0 -> v0.20.0
* **golang.org/x/text**                                                            v0.7.0 -> v0.15.0
* **golang.org/x/time**                                                            90d013bbcef8 -> v0.3.0
* **google.golang.org/appengine**                                                  v1.6.7 -> v1.6.8
* **google.golang.org/genproto/googleapis/api**                                    6ceb2ff114de **_new_**
* **google.golang.org/genproto/googleapis/rpc**                                    8c6c420018be **_new_**
* **google.golang.org/grpc**                                                       v1.53.0 -> v1.63.2
* **google.golang.org/protobuf**                                                   v1.28.1 -> v1.34.1
* **k8s.io/api**                                                                   v0.26.2 -> v0.30.0
* **k8s.io/apimachinery**                                                          v0.26.2 -> v0.30.0
* **k8s.io/apiserver**                                                             v0.26.2 -> v0.30.0
* **k8s.io/client-go**                                                             v0.26.2 -> v0.30.0
* **k8s.io/component-base**                                                        v0.26.2 -> v0.30.0
* **k8s.io/cri-api**                                                               v0.26.2 -> 3a66d9d86654
* **k8s.io/klog/v2**                                                               v2.90.1 -> v2.120.1
* **k8s.io/kubelet**                                                               v0.30.0 **_new_**
* **k8s.io/utils**                                                                 a5ecb0141aa5 -> 3b25d923346b
* **sigs.k8s.io/json**                                                             f223a00ba0e2 -> bc3834ca7abd
* **sigs.k8s.io/structured-merge-diff/v4**                                         v4.2.3 -> v4.4.1
* **tags.cncf.io/container-device-interface**                                      v0.7.2 **_new_**
* **tags.cncf.io/container-device-interface/specs-go**                             v0.7.0 **_new_**

Previous release can be found at [v1.7.0](https://github.com/containerd/containerd/releases/tag/v1.7.0)
### Which file should I download?
* `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`:         ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
* `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`:  Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases)
and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too.

See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.

v1.7.18

Toggle v1.7.18's commit message

Verified

This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Verified
Learn about vigilant mode 
containerd 1.7.18

Welcome to the v1.7.18 release of containerd!

The eighteenth patch release for containerd 1.7 contains various updates along
with an updated version of Go. Go 1.22.4 and 1.21.11 include a fix for a symlink
time of check to time of use race condition during directory removal.

### Highlights

* Update Go version to 1.21.11 ([containerd#10298](containerd#10298))
* Remove uses of `platforms.Platform` alias ([containerd#10277](containerd#10277))
* Migrate log imports to `github.com/containerd/log` ([containerd#10269](containerd#10269))
* Migrate errdefs package to `github.com/containerd/errdefs` ([containerd#10266](containerd#10266))
* Fix usage of "unknown" platform ([containerd#10261](containerd#10261))

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Derek McGowan
* Sebastiaan van Stijn
* Akhil Mohan
* Austin Vazquez
* Phil Estes

### Changes
<details><summary>16 commits</summary>
<p>

* Prepare release notes for v1.7.18 ([containerd#10301](containerd#10301))
  * [`9426aab62`](containerd@9426aab) Prepare release notes for v1.7.18
* Update Go version to 1.21.11 ([containerd#10298](containerd#10298))
  * [`cdd3ea913`](containerd@cdd3ea9) Update Go version to 1.21.11
* Remove uses of `platforms.Platform` alias ([containerd#10277](containerd#10277))
  * [`1e3c662d6`](containerd@1e3c662) [release/1.7] remove uses of platforms.Platform alias
* Migrate log imports to `github.com/containerd/log` ([containerd#10269](containerd#10269))
  * [`0af6825b1`](containerd@0af6825) migrate logs imports to github.com/containerd/log module
* Migrate errdefs package to `github.com/containerd/errdefs` ([containerd#10266](containerd#10266))
  * [`308341a44`](containerd@308341a) replace uses of github.com/containerd/containerd/errdefs
  * [`47ff8cfce`](containerd@47ff8cf) migrate errdefs package to github.com/containerd/errdefs module
* Fix usage of "unknown" platform ([containerd#10261](containerd#10261))
  * [`f4d11912a`](containerd@f4d1191) core/image: fix usage of "unknown" platform
* Explicitly set release latest to true ([containerd#10265](containerd#10265))
  * [`5b0480009`](containerd@5b04800) Explicitly set release latest to true
  * [`d669b100d`](containerd@d669b10) build(deps): bump softprops/action-gh-release from 1 to 2
</p>
</details>

### Changes from containerd/errdefs
<details><summary>6 commits</summary>
<p>

* Add common files ([containerd/errdefs#1](containerd/errdefs#1))
  * [`78f3494`](containerd/errdefs@78f3494) Add Github actions configuration
  * [`46f1770`](containerd/errdefs@46f1770) Add go.mod configuration
  * [`959121a`](containerd/errdefs@959121a) Add README.md
* Add LICENSE ([containerd/errdefs#2](containerd/errdefs#2))
  * [`33a2275`](containerd/errdefs@33a2275) Add LICENSE
</p>
</details>

### Dependency Changes

* **github.com/containerd/errdefs**              v0.1.0 **_new_**
* **google.golang.org/genproto**                 b8732ec3820d -> e6e6cdab5c13
* **google.golang.org/genproto/googleapis/api**  b8732ec3820d -> 007df8e322eb
* **google.golang.org/genproto/googleapis/rpc**  b8732ec3820d -> d307bd883b97

Previous release can be found at [v1.7.17](https://github.com/containerd/containerd/releases/tag/v1.7.17)

v1.6.33

Toggle v1.6.33's commit message

Verified

This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Verified
Learn about vigilant mode 
containerd 1.6.33

Welcome to the v1.6.33 release of containerd!

The thirty-third patch release for containerd 1.6 contains various updates along
with an updated version of Go. Go 1.22.4 and 1.21.11 include a fix for a symlink
time of check to time of use race condition during directory removal.

### Highlights

* Update Go version to 1.21.11 ([containerd#10299](containerd#10299))
* Migrate log imports to `github.com/containerd/log` ([containerd#10271](containerd#10271))
* Migrate `errdefs` package to `github.com/containerd/errdefs` ([containerd#10267](containerd#10267))
* Fix usage of "unknown" platform ([containerd#10268](containerd#10268))

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Derek McGowan
* Phil Estes
* Sebastiaan van Stijn
* Akhil Mohan
* Austin Vazquez
* Samuel Karp

### Changes
<details><summary>14 commits</summary>
<p>

* Prepare release notes for v1.6.33 ([containerd#10300](containerd#10300))
  * [`97e059626`](containerd@97e0596) Prepare release notes for v1.6.33
* Update Go version to 1.21.11 ([containerd#10299](containerd#10299))
  * [`da9a04e54`](containerd@da9a04e) Includes fix for a symlink race on remove
* Migrate log imports to `github.com/containerd/log` ([containerd#10271](containerd#10271))
  * [`a389bb305`](containerd@a389bb3) migrate logs imports to github.com/containerd/log module
* Migrate `errdefs` package to `github.com/containerd/errdefs` ([containerd#10267](containerd#10267))
  * [`615fb03e4`](containerd@615fb03) replace uses of github.com/containerd/containerd/errdefs
  * [`c83be1b9e`](containerd@c83be1b) migrate errdefs package to github.com/containerd/errdefs module
* Fix usage of "unknown" platform ([containerd#10268](containerd#10268))
  * [`d4d489496`](containerd@d4d4894) core/image: fix usage of "unknown" platform
* Explicitly set release latest to false ([containerd#10263](containerd#10263))
  * [`5eaf5f881`](containerd@5eaf5f8) Explicitly set release latest to false
  * [`b51f7445d`](containerd@b51f744) build(deps): bump softprops/action-gh-release from 1 to 2
</p>
</details>

### Changes from containerd/errdefs
<details><summary>6 commits</summary>
<p>

* Add common files ([containerd/errdefs#1](containerd/errdefs#1))
  * [`78f3494`](containerd/errdefs@78f3494) Add Github actions configuration
  * [`46f1770`](containerd/errdefs@46f1770) Add go.mod configuration
  * [`959121a`](containerd/errdefs@959121a) Add README.md
* Add LICENSE ([containerd/errdefs#2](containerd/errdefs#2))
  * [`33a2275`](containerd/errdefs@33a2275) Add LICENSE
</p>
</details>

### Dependency Changes

* **github.com/containerd/errdefs**  v0.1.0 **_new_**

Previous release can be found at [v1.6.32](https://github.com/containerd/containerd/releases/tag/v1.6.32)

api/v1.8.0-rc.2

Toggle api/v1.8.0-rc.2's commit message

Verified

This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Verified
Learn about vigilant mode 
containerd api/v1.8.0-rc.2

Welcome to the api/v1.8.0-rc.2 release of containerd!
*This is a pre-release of containerd*

The first dedicated release for the containerd API. This release continues the 1.x
line of API compatibility with the 9th minor release of the 1.x API.

### Highlights

* Add type alias for event Envelope ([containerd#10279](containerd#10279))
* Add api Go module and move all protos under api ([containerd#10151](containerd#10151))
* Add PluginInfo to introspection API ([containerd#9442](containerd#9442))
* Expose usage of deprecated features ([containerd#9258](containerd#9258))
* Add image delete target ([containerd#8989](containerd#8989))

#### Image Distribution

* Enable Transfer service API to support plain HTTP ([containerd#10024](containerd#10024))
* Enable Transfer service to use registry configuration directory ([containerd#9908](containerd#9908))
* Update Transfer service to add OCI descriptors to Progress structure ([containerd#9630](containerd#9630))
* Add option to perform syncfs after pull ([containerd#9401](containerd#9401))

#### Runtime

* Store bootstrap parameters in sandbox metadata ([containerd#9736](containerd#9736))
* Add sandboxer configuration and move sandbox controllers to plugins ([containerd#8268](containerd#8268))
* Add annotations to CreateSandbox request ([containerd#8960](containerd#8960))
* Add SandboxMetrics ([containerd#8680](containerd#8680))
* Publish sandbox events ([containerd#8602](containerd#8602))

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Derek McGowan
* Maksym Pavlenko
* Akihiro Suda
* Wei Fu
* Abel Feng
* Danny Canter
* Phil Estes
* Samuel Karp
* Kohei Tokunaga
* Akhil Mohan
* Bryant Biggs
* Davanum Srinivas
* Iceber Gu
* Kirtana Ashok
* Sebastiaan van Stijn

### Changes
<details><summary>57 commits</summary>
<p>

* Add type alias for event Envelope ([containerd#10279](containerd#10279))
  * [`3e71ccafc`](containerd@3e71cca) Add type alias for event Envelope
* Update api minimum Go version to 1.21 ([containerd#10276](containerd#10276))
  * [`359d84351`](containerd@359d843) Update api minimum go version to 1.21
* Prepare release notes for api/v1.8.0-rc.0 ([containerd#10167](containerd#10167))
  * [`55fcebffc`](containerd@55fcebf) Prepare release notes for api/v1.8.0
* Add api Go module and move all protos under api ([containerd#10151](containerd#10151))
  * [`2ac2b9c90`](containerd@2ac2b9c) Make api a Go sub-module
  * [`3e9cace72`](containerd@3e9cace) Move runtimeoptions to api directory
  * [`4a4550777`](containerd@4a45507) Move runc options to api directory
* Store bootstrap parameters in sandbox metadata ([containerd#9736](containerd#9736))
  * [`de38490ed`](containerd@de38490) sandbox: merge address and protocol to one url
  * [`f6e0cf189`](containerd@f6e0cf1) sandbox: add address info in Start and Status response
* Enable Transfer service API to support plain HTTP ([containerd#10024](containerd#10024))
  * [`433279438`](containerd@4332794) Transfer: Registry: Enable plain HTTP
* Enable Transfer service to use registry configuration directory ([containerd#9908](containerd#9908))
  * [`7a3b7fba5`](containerd@7a3b7fb) Transfer: Registry: Enable to use registry configuration diretory
* Generate proto services with go-ttrpc ([containerd#7609](containerd#7609))
  * [`f0e874941`](containerd@f0e8749) Add ttrpc generated services
  * [`65031eade`](containerd@65031ea) Update protobuild to build ttrpc services
* Add OSVersion to platform protobuf ([containerd#9733](containerd#9733))
  * [`5aa05481d`](containerd@5aa0548) Add OSVersion to platform protobuf
* Move Message proto to types ([containerd#9742](containerd#9742))
  * [`0facc8592`](containerd@0facc85) Fix proto formatting
  * [`7f2d2c4f4`](containerd@7f2d2c4) Move Message proto to types
* refactor: move plugin/fieldpath to api/types/ ([containerd#9687](containerd#9687))
  * [`b16e3572a`](containerd@b16e357) refactor: move plugin/fieldpath to api/types/
* Add PluginInfo to introspection API ([containerd#9442](containerd#9442))
  * [`22d586e51`](containerd@22d586e) api/services/instrospection: add PluginInfo
* Update Transfer service to add OCI descriptors to Progress structure ([containerd#9630](containerd#9630))
  * [`a2472c0b5`](containerd@a2472c0) transfer: add OCI descriptors to Progress structure
* Add option to perform syncfs after pull ([containerd#9401](containerd#9401))
  * [`bd5c602c4`](containerd@bd5c602) api: introduce sync_fs to diff.ApplyRequest
* Containerd v2 module ([containerd#9306](containerd#9306))
  * [`5fdf55e49`](containerd@5fdf55e) Update go module to github.com/containerd/containerd/v2
* Expose usage of deprecated features ([containerd#9258](containerd#9258))
  * [`57c897f10`](containerd@57c897f) api/introspection: deprecation warnings in server
* Add sandboxer configuration and move sandbox controllers to plugins ([containerd#8268](containerd#8268))
  * [`d2d434b7d`](containerd@d2d434b) sandbox: add all sandbox information to Create method
  * [`f372b3501`](containerd@f372b35) sandbox: add sandboxer field of sandbox requests
* Add image delete target ([containerd#8989](containerd#8989))
  * [`f8fb2dad3`](containerd@f8fb2da) api: update image service to support target in delete request
* fix: Add `containerd` to the message type reference ([containerd#9126](containerd#9126))
  * [`42eee8bf0`](containerd@42eee8b) fix: Add `containerd` to the message type reference
* platforms: isolate from errdefs and api dependencies ([containerd#9095](containerd#9095))
  * [`e916d77c8`](containerd@e916d77) platforms: move ToProto, FromProto to api/types
* Add annotations to CreateSandbox request ([containerd#8960](containerd#8960))
  * [`939ccbed4`](containerd@939ccbe) Sandbox: Add annotations to CreateSandbox surface
* archive: use 1970-01-01 as the whiteout timestamp ([containerd#8764](containerd#8764))
  * [`5dedb6d0d`](containerd@5dedb6d) archive: use 1970-01-01 as the whiteout timestamp
* Add SandboxMetrics ([containerd#8680](containerd#8680))
  * [`d278d37ca`](containerd@d278d37) Sandbox: Add Metrics rpc for controller
  * [`d56722ef2`](containerd@d56722e) Sandbox: Add SandboxMetrics rpc
* Publish sandbox events ([containerd#8602](containerd#8602))
  * [`65906335b`](containerd@6590633) Add sandbox events protos
* Cleanup protobuild config ([containerd#8278](containerd#8278))
  * [`0bbca7f1b`](containerd@0bbca7f) Cleanup protobuild config
</p>
</details>

### Dependency Changes

* **github.com/containerd/ttrpc**                v1.2.1 -> v1.2.3
* **github.com/containerd/typeurl/v2**           v2.1.0 -> v2.1.1
* **github.com/golang/protobuf**                 v1.5.2 -> v1.5.3
* **github.com/opencontainers/image-spec**       3a7f492d3f1b -> v1.1.0
* **github.com/sirupsen/logrus**                 v1.9.0 -> v1.8.1
* **golang.org/x/net**                           v0.7.0 -> v0.21.0
* **golang.org/x/sys**                           v0.6.0 -> v0.17.0
* **golang.org/x/text**                          v0.7.0 -> v0.14.0
* **google.golang.org/genproto/googleapis/rpc**  c3f982113cda **_new_**
* **google.golang.org/grpc**                     v1.53.0 -> v1.59.0
* **google.golang.org/protobuf**                 v1.28.1 -> v1.33.0

Previous release can be found at [v1.7.0](https://github.com/containerd/containerd/releases/tag/v1.7.0)

api/v1.8.0-rc.1

Toggle api/v1.8.0-rc.1's commit message

Verified

This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Verified
Learn about vigilant mode 
containerd api/v1.8.0-rc.1

Welcome to the api/v1.8.0-rc.1 release of containerd!
*This is a pre-release of containerd*

The first dedicated release for the containerd API. This release continues the 1.x
line of API compatibility with the 9th minor release of the 1.x API.

### Highlights

* Add api Go module and move all protos under api ([containerd#10151](containerd#10151))
* Add PluginInfo to introspection API ([containerd#9442](containerd#9442))
* Expose usage of deprecated features ([containerd#9258](containerd#9258))
* Add image delete target ([containerd#8989](containerd#8989))

#### Image Distribution

* Enable Transfer service API to support plain HTTP ([containerd#10024](containerd#10024))
* Enable Transfer service to use registry configuration directory ([containerd#9908](containerd#9908))
* Update Transfer service to add OCI descriptors to Progress structure ([containerd#9630](containerd#9630))
* Add option to perform syncfs after pull ([containerd#9401](containerd#9401))

#### Runtime

* Store bootstrap parameters in sandbox metadata ([containerd#9736](containerd#9736))
* Add sandboxer configuration and move sandbox controllers to plugins ([containerd#8268](containerd#8268))
* Add annotations to CreateSandbox request ([containerd#8960](containerd#8960))
* Add SandboxMetrics ([containerd#8680](containerd#8680))
* Publish sandbox events ([containerd#8602](containerd#8602))

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Derek McGowan
* Maksym Pavlenko
* Akihiro Suda
* Wei Fu
* Abel Feng
* Danny Canter
* Phil Estes
* Samuel Karp
* Kohei Tokunaga
* Akhil Mohan
* Bryant Biggs
* Davanum Srinivas
* Iceber Gu
* Kirtana Ashok
* Sebastiaan van Stijn

### Changes
<details><summary>55 commits</summary>
<p>

* Update api minimum Go version to 1.21 ([containerd#10276](containerd#10276))
  * [`359d84351`](containerd@359d843) Update api minimum go version to 1.21
* Prepare release notes for api/v1.8.0-rc.0 ([containerd#10167](containerd#10167))
  * [`55fcebffc`](containerd@55fcebf) Prepare release notes for api/v1.8.0
* Add api Go module and move all protos under api ([containerd#10151](containerd#10151))
  * [`2ac2b9c90`](containerd@2ac2b9c) Make api a Go sub-module
  * [`3e9cace72`](containerd@3e9cace) Move runtimeoptions to api directory
  * [`4a4550777`](containerd@4a45507) Move runc options to api directory
* Store bootstrap parameters in sandbox metadata ([containerd#9736](containerd#9736))
  * [`de38490ed`](containerd@de38490) sandbox: merge address and protocol to one url
  * [`f6e0cf189`](containerd@f6e0cf1) sandbox: add address info in Start and Status response
* Enable Transfer service API to support plain HTTP ([containerd#10024](containerd#10024))
  * [`433279438`](containerd@4332794) Transfer: Registry: Enable plain HTTP
* Enable Transfer service to use registry configuration directory ([containerd#9908](containerd#9908))
  * [`7a3b7fba5`](containerd@7a3b7fb) Transfer: Registry: Enable to use registry configuration diretory
* Generate proto services with go-ttrpc ([containerd#7609](containerd#7609))
  * [`f0e874941`](containerd@f0e8749) Add ttrpc generated services
  * [`65031eade`](containerd@65031ea) Update protobuild to build ttrpc services
* Add OSVersion to platform protobuf ([containerd#9733](containerd#9733))
  * [`5aa05481d`](containerd@5aa0548) Add OSVersion to platform protobuf
* Move Message proto to types ([containerd#9742](containerd#9742))
  * [`0facc8592`](containerd@0facc85) Fix proto formatting
  * [`7f2d2c4f4`](containerd@7f2d2c4) Move Message proto to types
* refactor: move plugin/fieldpath to api/types/ ([containerd#9687](containerd#9687))
  * [`b16e3572a`](containerd@b16e357) refactor: move plugin/fieldpath to api/types/
* Add PluginInfo to introspection API ([containerd#9442](containerd#9442))
  * [`22d586e51`](containerd@22d586e) api/services/instrospection: add PluginInfo
* Update Transfer service to add OCI descriptors to Progress structure ([containerd#9630](containerd#9630))
  * [`a2472c0b5`](containerd@a2472c0) transfer: add OCI descriptors to Progress structure
* Add option to perform syncfs after pull ([containerd#9401](containerd#9401))
  * [`bd5c602c4`](containerd@bd5c602) api: introduce sync_fs to diff.ApplyRequest
* Containerd v2 module ([containerd#9306](containerd#9306))
  * [`5fdf55e49`](containerd@5fdf55e) Update go module to github.com/containerd/containerd/v2
* Expose usage of deprecated features ([containerd#9258](containerd#9258))
  * [`57c897f10`](containerd@57c897f) api/introspection: deprecation warnings in server
* Add sandboxer configuration and move sandbox controllers to plugins ([containerd#8268](containerd#8268))
  * [`d2d434b7d`](containerd@d2d434b) sandbox: add all sandbox information to Create method
  * [`f372b3501`](containerd@f372b35) sandbox: add sandboxer field of sandbox requests
* Add image delete target ([containerd#8989](containerd#8989))
  * [`f8fb2dad3`](containerd@f8fb2da) api: update image service to support target in delete request
* fix: Add `containerd` to the message type reference ([containerd#9126](containerd#9126))
  * [`42eee8bf0`](containerd@42eee8b) fix: Add `containerd` to the message type reference
* platforms: isolate from errdefs and api dependencies ([containerd#9095](containerd#9095))
  * [`e916d77c8`](containerd@e916d77) platforms: move ToProto, FromProto to api/types
* Add annotations to CreateSandbox request ([containerd#8960](containerd#8960))
  * [`939ccbed4`](containerd@939ccbe) Sandbox: Add annotations to CreateSandbox surface
* archive: use 1970-01-01 as the whiteout timestamp ([containerd#8764](containerd#8764))
  * [`5dedb6d0d`](containerd@5dedb6d) archive: use 1970-01-01 as the whiteout timestamp
* Add SandboxMetrics ([containerd#8680](containerd#8680))
  * [`d278d37ca`](containerd@d278d37) Sandbox: Add Metrics rpc for controller
  * [`d56722ef2`](containerd@d56722e) Sandbox: Add SandboxMetrics rpc
* Publish sandbox events ([containerd#8602](containerd#8602))
  * [`65906335b`](containerd@6590633) Add sandbox events protos
* Cleanup protobuild config ([containerd#8278](containerd#8278))
  * [`0bbca7f1b`](containerd@0bbca7f) Cleanup protobuild config
</p>
</details>

### Dependency Changes

* **github.com/containerd/ttrpc**                v1.2.1 -> v1.2.3
* **github.com/containerd/typeurl/v2**           v2.1.0 -> v2.1.1
* **github.com/golang/protobuf**                 v1.5.2 -> v1.5.3
* **github.com/opencontainers/image-spec**       3a7f492d3f1b -> v1.1.0
* **github.com/sirupsen/logrus**                 v1.9.0 -> v1.8.1
* **golang.org/x/net**                           v0.7.0 -> v0.21.0
* **golang.org/x/sys**                           v0.6.0 -> v0.17.0
* **golang.org/x/text**                          v0.7.0 -> v0.14.0
* **google.golang.org/genproto/googleapis/rpc**  c3f982113cda **_new_**
* **google.golang.org/grpc**                     v1.53.0 -> v1.59.0
* **google.golang.org/protobuf**                 v1.28.1 -> v1.33.0

Previous release can be found at [v1.7.0](https://github.com/containerd/containerd/releases/tag/v1.7.0)

v1.6.32

Toggle v1.6.32's commit message

Verified

This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Verified
Learn about vigilant mode 
containerd 1.6.32

Welcome to the v1.6.32 release of containerd!

The thirty-second patch release for containerd 1.6 contains various fixes and updates.

### Highlights

* Handle unsupported config versions ([containerd#10234](containerd#10234))
* Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts ([containerd#10212](containerd#10212))
* Update metadata snapshotter to lease on already exists ([containerd#10199](containerd#10199))
* Update apparmor template to allow confined runc to kill containers ([containerd#10130](containerd#10130))
* Prevent GC from schedule itself with 0 period. ([containerd#10103](containerd#10103))
* Configure otel from env instead of config.toml ([containerd#9993](containerd#9993))

#### Container Runtime Interface (CRI)

* Fix snapshotter root path when not under containerd root ([containerd#10127](containerd#10127))
* Fix CreatedAt time set to 269 years ago if create network failed ([containerd#10119](containerd#10119))
* Fix unexpected order of mounts ([containerd#10045](containerd#10045))

#### Image Distribution

* Update HTTP fallback to better account for TLS timeout and previous attempts ([containerd#10113](containerd#10113))
* Fix use of invalid token on retry fetching layer ([containerd#10064](containerd#10064))

#### Deprecations

* Configure otel from env instead of config.toml ([containerd#9993](containerd#9993))

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Stefan Berger
* Derek McGowan
* Austin Vazquez
* Kazuyoshi Kato
* Phil Estes
* Brian Goff
* Akihiro Suda
* Maksym Pavlenko
* Danny Canter
* Samuel Karp
* Alexandru Matei
* Bin Tang
* Brandon Lum
* Bryant Biggs
* Jimmy Hsiao
* Kirill A. Korinsky
* Paweł Gronowski
* Sebastiaan van Stijn
* Swagat Bora
* Tomáš Virtus
* Tony Fang
* 张钰
* 沈陵

### Changes
<details><summary>53 commits</summary>
<p>

* Prepare release notes for v1.6.32 ([containerd#10255](containerd#10255))
  * [`085dc4c0d`](containerd@085dc4c) Prepare release notes for v1.6.32
* Bump hcsshim and go-winio for go1.22 compat ([containerd#10245](containerd#10245))
  * [`06724baad`](containerd@06724ba) Bump go-winio to fix struct alignment on go1.22
  * [`b2fdf63b7`](containerd@b2fdf63) Update hcsshim for go1.22 fixes
* Handle unsupported config versions ([containerd#10234](containerd#10234))
  * [`38607b59c`](containerd@38607b5) Add check for unsupported config versions
* Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts ([containerd#10212](containerd#10212))
  * [`c65da6997`](containerd@c65da69) Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts
* vendor: github.com/containerd/[email protected] ([containerd#10216](containerd#10216))
  * [`6951203b1`](containerd@6951203) vendor: github.com/containerd/[email protected]
* vendor: golang.org/x/[email protected] ([containerd#10214](containerd#10214))
  * [`a14e5ec8b`](containerd@a14e5ec) vendor: golang.org/x/[email protected]
  * [`fd21d7818`](containerd@fd21d78) vendor: golang.org/x/[email protected]
  * [`d276debb0`](containerd@d276deb) vendor: golang.org/x/[email protected]
  * [`f82033dcf`](containerd@f82033d) vendor: golang.org/x/[email protected]
  * [`411c5e5e5`](containerd@411c5e5) vendor: golang.org/x/[email protected]
  * [`6f053bd1f`](containerd@6f053bd) vendor: golang.org/x/[email protected]
  * [`cfd8443cb`](containerd@cfd8443) vendor: golang.org/x/[email protected]
* Update tooling to Go 1.21.10, 1.22.3 for net/http bug fixes ([containerd#10208](containerd#10208))
  * [`5b4facbd6`](containerd@5b4facb) Update toolchain to Go 1.21.10 and 1.22.3
* Update metadata snapshotter to lease on already exists ([containerd#10199](containerd#10199))
  * [`57860c1b6`](containerd@57860c1) Add lease test for metadata snapshotter
  * [`b095401df`](containerd@b095401) Update metadata snapshotter to lease on exists
* Update image-spec ([containerd#10185](containerd#10185))
  * [`fd8d35752`](containerd@fd8d357) Update image-spec to v1.1.0
  * [`89b975d81`](containerd@89b975d) go.mod: github.com/opencontainers/image-spec v1.1.0-rc3
* Fix snapshotter root path when not under containerd root ([containerd#10127](containerd#10127))
  * [`f3e8b2ca1`](containerd@f3e8b2c) CRI: "Fix" imageFSPath behavior
  * [`68db74d19`](containerd@68db74d) Snapshotters: Export the root path
  * [`cd9b74640`](containerd@cd9b746) Add exports to proxy plugin config
  * [`83cf026b2`](containerd@83cf026) Add platform config to proxy plugins
* Update apparmor template to allow confined runc to kill containers ([containerd#10130](containerd#10130))
  * [`63c41d003`](containerd@63c41d0) apparmor: Allow confined runc to kill containers
* Update HTTP fallback to better account for TLS timeout and previous attempts ([containerd#10113](containerd#10113))
  * [`b12c3b0c8`](containerd@b12c3b0) Add deprecated HTTPFallback for package compatibility
  * [`239955890`](containerd@2399558) Update HTTPFallback to handle tls handshake timeout
  * [`b2a0ac0b4`](containerd@b2a0ac0) Remove empty default tls configuration in ctr
* update to go1.21.9, go1.22.2 ([containerd#10117](containerd#10117))
  * [`ea9a8c608`](containerd@ea9a8c6) update to go1.21.9, go1.22.2
* Fix CreatedAt time set to 269 years ago if create network failed ([containerd#10119](containerd#10119))
  * [`c809fa268`](containerd@c809fa2) pod: CreatedAt time will be 269 years ago while creating cri network failed.
* Prevent GC from schedule itself with 0 period. ([containerd#10103](containerd#10103))
  * [`6ddec44bd`](containerd@6ddec44) Prevent GC from schedule itself with 0 period.
* Configure otel from env instead of config.toml ([containerd#9993](containerd#9993))
  * [`86a1a3a82`](containerd@86a1a3a) vendor: revendor OTEL
  * [`e15d4a8b8`](containerd@e15d4a8) Changes to configuring otel from env only
  * [`2fda262a9`](containerd@2fda262) Deprecate otel configs
  * [`c80347ec5`](containerd@c80347e) Adding unit tests to opentelemetry tracing
* Fix use of invalid token on retry fetching layer ([containerd#10064](containerd#10064))
  * [`f1a14a12a`](containerd@f1a14a1) fix bug that using invalid token to retry fetching layer
* Fix unexpected order of mounts ([containerd#10045](containerd#10045))
  * [`9701cf998`](containerd@9701cf9) fix(cri): fix unexpected order of mounts since go 1.19
</p>
</details>

### Changes from containerd/imgcrypt
<details><summary>89 commits</summary>
<p>

* CHANGES: Updated CHANGES document for 1.1.8 release ([containerd/imgcrypt#122](containerd/imgcrypt#122))
  * [`956b4d3`](containerd/imgcrypt@956b4d3) CHANGES: Updated CHANGES document for 1.1.8 release
* Synchronize enc-ctr with upstream ctr from containerd v1.6.23 and use containerd v1.6.23 in dependency ([containerd/imgcrypt#120](containerd/imgcrypt#120))
  * [`9e8e1c1`](containerd/imgcrypt@9e8e1c1) ctr: Sync code with containerd v1.6.23 ctr
  * [`7d2cca5`](containerd/imgcrypt@7d2cca5) build(deps): bump containerd from 1.6.20 to 1.6.23
* Synchronize enc-ctr with upstream ctr from containerd v1.6.20 ([containerd/imgcrypt#119](containerd/imgcrypt#119))
  * [`0f2559e`](containerd/imgcrypt@0f2559e) ctr: Sync code with containerd v1.6.20 ctr
  * [`c48dd78`](containerd/imgcrypt@c48dd78) cmd: Copy IntToInt32Array into img package and use it
* Update to ocicrypt 1.1.8 and minimum go 1.20 ([containerd/imgcrypt#118](containerd/imgcrypt#118))
  * [`6d48a4e`](containerd/imgcrypt@6d48a4e) build(deps): bump ocicrypt from 1.1.7 to 1.1.8
  * [`1bc94a2`](containerd/imgcrypt@1bc94a2) github: Use golangci-lint v1.54.1 and adjust config file
  * [`9065f1d`](containerd/imgcrypt@9065f1d) github: Test with go 1.21 and go 1.20
  * [`74986f3`](containerd/imgcrypt@74986f3) go.mod: Require go 1.20
* build(deps): bump google.golang.org/grpc from 1.47.0 to 1.53.0 ([containerd/imgcrypt#117](containerd/imgcrypt#117))
  * [`a2a8273`](containerd/imgcrypt@a2a8273) build(deps): bump google.golang.org/grpc from 1.47.0 to 1.53.0
* test: Test creating and running of container with key file missing ([containerd/imgcrypt#116](containerd/imgcrypt#116))
  * [`286470a`](containerd/imgcrypt@286470a) test: Test creating and running of container with key file missing
* Fix some issues in the test script ([containerd/imgcrypt#115](containerd/imgcrypt#115))
  * [`aa517cc`](containerd/imgcrypt@aa517cc) test: Fix order of parameters and remove unnecessary key parameter
  * [`ec72311`](containerd/imgcrypt@ec72311) test: Add comments to test case
  * [`2959ec0`](containerd/imgcrypt@2959ec0) test: To be able to run testLocalKeys alone add missing env variable
* build(deps): upgrade github.com/containerd/containerd from 1.6.18 to … ([containerd/imgcrypt#112](containerd/imgcrypt#112))
  * [`a7f2760`](containerd/imgcrypt@a7f2760) build(deps): upgrade github.com/containerd/containerd from 1.6.18 to 1.6.20
* ci: Update golangci-lint to v1.52.2 ([containerd/imgcrypt#113](containerd/imgcrypt#113))
  * [`002abac`](containerd/imgcrypt@002abac) images: Change 'any' to 'anything' to avoid clash with built-in type 'any'
  * [`5780ecc`](containerd/imgcrypt@5780ecc) images: Replace unused function parameters with '_'
  * [`7dc8592`](containerd/imgcrypt@7dc8592) ci: Update golangci-lint to v1.52.2
* build(deps): bump github.com/opencontainers/runc from 1.1.2 to 1.1.5 ([containerd/imgcrypt#109](containerd/imgcrypt#109))
  * [`90e4f77`](containerd/imgcrypt@90e4f77) build(deps): bump github.com/opencontainers/runc from 1.1.2 to 1.1.5
* Abandon go 1.18 (end-of-life) and use 1.19 and 1.20 in tests ([containerd/imgcrypt#110](containerd/imgcrypt#110))
  * [`8fc037f`](containerd/imgcrypt@8fc037f) tests: Upgrade toml written by test case to version 2
  * [`0b31beb`](containerd/imgcrypt@0b31beb) ci: Run tests with go 1.19 and 1.20 (abandon 1.18)
  * [`523674c`](containerd/imgcrypt@523674c) build(deps): Update to minimum required go v1.19
* Update to golang.org/x/[email protected] and github.com/containers/[email protected] ([containerd/imgcrypt#107](containerd/imgcrypt#107))
  * [`96a2314`](containerd/imgcrypt@96a2314) build(deps): Upgrade to github.com/containers/[email protected]
  * [`1c50555`](containerd/imgcrypt@1c50555) bulid(deps): Update to golang.org/x/[email protected]
  * [`9645d39`](containerd/imgcrypt@9645d39) build(deps): Update to minimum required go v1.18
* build(deps): bump github.com/containerd/containerd from 1.6.12 to 1.6.18 ([containerd/imgcrypt#106](containerd/imgcrypt#106))
  * [`8daaa45`](containerd/imgcrypt@8daaa45) build(deps): bump github.com/containerd/containerd from 1.6.12 to 1.6.18
* README: Fix a typo ([containerd/imgcrypt#105](containerd/imgcrypt#105))
  * [`12e84f5`](containerd/imgcrypt@12e84f5) README: Fix a typo
* build(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.12 ([containerd/imgcrypt#103](containerd/imgcrypt#103))
  * [`4e5a73e`](containerd/imgcrypt@4e5a73e) build(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.12
* Update golangci-lint to v1.50.1 ([containerd/imgcrypt#101](containerd/imgcrypt#101))
  * [`16a071b`](containerd/imgcrypt@16a071b) Update golangci-lint to v1.50.1
* Remove references to package io/ioutil ([containerd/imgcrypt#100](containerd/imgcrypt#100))
  * [`981a3fd`](containerd/imgcrypt@981a3fd) Remove references to package io/ioutil
* Update GitHub actions CI workflow ([containerd/imgcrypt#99](containerd/imgcrypt#99))
  * [`06827a1`](containerd/imgcrypt@06827a1) Update containerd project checks package in CI
  * [`f6a39e1`](containerd/imgcrypt@f6a39e1) Update GitHub actions packages in CI workflow
  * [`6383351`](containerd/imgcrypt@6383351) Update GitHub actions CI workflow OS runner images
* CI/CD: Run CodeQL on PRs and once a month ([containerd/imgcrypt#98](containerd/imgcrypt#98))
  * [`b6e16db`](containerd/imgcrypt@b6e16db) CI/CD: Run CodeQL on PRs and once a month
* CHANGES: Updated CHANGES document for 1.1.7 release ([containerd/imgcrypt#97](containerd/imgcrypt#97))
  * [`17e5e7f`](containerd/imgcrypt@17e5e7f) CHANGES: Updated CHANGES document for 1.1.7 release
* Update to ocicrypt 1.1.6 and add support for zstd type of compressed layers  ([containerd/imgcrypt#96](containerd/imgcrypt#96))
  * [`06da359`](containerd/imgcrypt@06da359) Add support for zstd type of compressed layers
  * [`4a51045`](containerd/imgcrypt@4a51045) build(deps): Update to ocicrypt 1.1.6
  * [`2c93cef`](containerd/imgcrypt@2c93cef) ctr: Document that import of encrypted image requires decryption key
  * [`44f4e18`](containerd/imgcrypt@44f4e18) ctr: Add support for --all-platforms to encrypt command
  * [`d9fccdc`](containerd/imgcrypt@d9fccdc) ctr: Sync with upstream ctr and add --skip-digest-for-named opt to import
  * [`b8f807f`](containerd/imgcrypt@b8f807f) ctr: Sync with upstream ctr and add --platform option to import
* build(deps): Update to containerd 1.6.8 ([containerd/imgcrypt#92](containerd/imgcrypt#92))
  * [`07dd48d`](containerd/imgcrypt@07dd48d) build(deps): Update to containerd 1.6.8
* tests: Add -traditional to OpenSSL command line when OSSL v3 is used ([containerd/imgcrypt#90](containerd/imgcrypt#90))
  * [`67b7b5d`](containerd/imgcrypt@67b7b5d) tests: Add -traditional to OpenSSL command line when OSSL v3 is used
* chore: fix readme typo ([containerd/imgcrypt#87](containerd/imgcrypt#87))
  * [`98e43be`](containerd/imgcrypt@98e43be) chore: fix readme typo
* Update to min golang 1.18 ([containerd/imgcrypt#88](containerd/imgcrypt#88))
  * [`554ec9b`](containerd/imgcrypt@554ec9b) Update to min golang 1.18
* CHANGES: Updated CHANGES document for 1.1.6 release ([containerd/imgcrypt#85](containerd/imgcrypt#85))
  * [`ec7aae5`](containerd/imgcrypt@ec7aae5) CHANGES: Updated CHANGES document for 1.1.6 release
* build(deps): bump github.com/containerd/containerd from 1.6.1 to 1.6.6 ([containerd/imgcrypt#83](containerd/imgcrypt#83))
  * [`5959e8c`](containerd/imgcrypt@5959e8c) build(deps): bump github.com/containerd/containerd from 1.6.1 to 1.6.6
* CI: Upgrade to golangci-lint v1.46.2 ([containerd/imgcrypt#84](containerd/imgcrypt#84))
  * [`ef8596e`](containerd/imgcrypt@ef8596e) CI: Upgrade to golangci-lint v1.46.2
  * [`715ba8c`](containerd/imgcrypt@715ba8c) Update to ocicrypt 1.1.5 to get yaml.v3
  * [`4f79bd6`](containerd/imgcrypt@4f79bd6) CHANGES: Updated CHANGES document for 1.1.5 release
  * [`4c38f10`](containerd/imgcrypt@4c38f10) Bump ocicrypt to 1.1.4
* CICD: Rename master branch to main ([containerd/imgcrypt#79](containerd/imgcrypt#79))
  * [`8abd19d`](containerd/imgcrypt@8abd19d) CICD: Rename master branch to main
* Rename any to pbAny ([containerd/imgcrypt#78](containerd/imgcrypt#78))
  * [`0e5d997`](containerd/imgcrypt@0e5d997) Rename any to pbAny
  * [`cb14b45`](containerd/imgcrypt@cb14b45) Test with Go 1.18
* Use reflect to support diff.ApplyConfig with/without gogo's types.Any ([containerd/imgcrypt#75](containerd/imgcrypt#75))
  * [`9f08722`](containerd/imgcrypt@9f08722) Use reflect to support diff.ApplyConfig with/without gogo's types.Any
* Upgrade golangci-lint-action and golangci-lint ([containerd/imgcrypt#76](containerd/imgcrypt#76))
  * [`6eaeb4a`](containerd/imgcrypt@6eaeb4a) Add build tags to make gofmt happy
  * [`9cba55f`](containerd/imgcrypt@9cba55f) Upgrade golangci-lint-action and golangci-lint
</p>
</details>

### Dependency Changes

* **github.com/Microsoft/go-winio**         v0.5.2 -> v0.5.3
* **github.com/Microsoft/hcsshim**          v0.9.10 -> v0.9.11
* **github.com/containerd/imgcrypt**        v1.1.4 -> v1.1.8
* **github.com/containers/ocicrypt**        v1.1.3 -> v1.1.10
* **github.com/go-jose/go-jose/v3**         v3.0.3 **_new_**
* **github.com/opencontainers/image-spec**  3a7f492d3f1b -> v1.1.0
* **github.com/stefanberger/go-pkcs11uri**  78d3cae3a980 -> 78284954bff6
* **golang.org/x/crypto**                   v0.18.0 -> v0.21.0
* **golang.org/x/net**                      v0.18.0 -> v0.23.0
* **golang.org/x/sys**                      v0.16.0 -> v0.18.0
* **golang.org/x/term**                     v0.16.0 -> v0.18.0

Previous release can be found at [v1.6.31](https://github.com/containerd/containerd/releases/tag/v1.6.31)

v2.0.0-rc.2

Toggle v2.0.0-rc.2's commit message

Verified

This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Verified
Learn about vigilant mode 
containerd 2.0.0-rc.2

Welcome to the v2.0.0-rc.2 release of containerd!
*This is a pre-release of containerd*

The first major release of containerd 2.x focuses on the continued stability of
containerd's core feature set with an easy upgrade from containerd 1.x. This
release includes the stabilization of new features added in the last 1.x release
as well as the removal of features which were deprecated in 1.x. The goal is to
support the vast community of containerd users well into the future along with
their ever increasing deployment footprints and variety of use cases.

### Highlights

* Preserve Unprivileged locked flags during remount of bind mounts ([containerd#10200](containerd#10200))
* Add api Go module and move all protos under api ([containerd#10151](containerd#10151))
* Configure otel from env instead of config.toml ([containerd#8970](containerd#8970))
* Fix config import relative path glob ([containerd#9746](containerd#9746))
* Enable NRI by default ([containerd#9744](containerd#9744))
* Add PluginInfo to introspection API ([containerd#9442](containerd#9442))
* Remove overlayfs volatile option on temp mounts ([containerd#9555](containerd#9555))
* Move packages based on contributing guide ([containerd#9365](containerd#9365))
* Expose usage of deprecated features ([containerd#9258](containerd#9258))
* Use Intel ISA-L's igzip if available ([containerd#9200](containerd#9200))
* Generalize plugin library ([containerd#9214](containerd#9214))
* Introduce top level config migration ([containerd#9223](containerd#9223))
* Add image delete target ([containerd#8989](containerd#8989))
* Remove `LimitNOFILE` from `containerd.service` ([containerd#8924](containerd#8924))
* Use github.com/containerd/log ([containerd#9086](containerd#9086))
* Add support for image expiration during garbage collection ([containerd#9022](containerd#9022))
* Reduce the contention between ref lock and boltdb lock in content store ([containerd#8792](containerd#8792))
* Remove "containerd.io/restart.logpath" label ([containerd#8264](containerd#8264))
* Remove `aufs` snapshotter ([containerd#8263](containerd#8263))
* Fix deadlock during NRI plugin registration ([containerd/nri#79](containerd/nri#79))
* Fix deadlock when writing to pipe blocks ([containerd/ttrpc#168](containerd/ttrpc#168))

#### Container Runtime Interface (CRI)

* Add support for multiple subscribers to CRI container events ([containerd#9661](containerd#9661))
* Enable CDI by default ([containerd#9621](containerd#9621))
* Remove non-sandboxed CRI implementation ([containerd#9228](containerd#9228))
* Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) ([containerd#8287](containerd#8287))
* Use sandboxed CRI by default ([containerd#8994](containerd#8994))
* Implement RuntimeConfig CRI call ([containerd#8722](containerd#8722))
* Add support for user namespaces (KEP-127) ([containerd#8803](containerd#8803))
* Remove CRI v1alpha2 ([containerd#8276](containerd#8276))

#### Image Distribution

* Update unpacker to fetch all provided content ([containerd#10202](containerd#10202))
* Enable Transfer service API to support plain HTTP ([containerd#10024](containerd#10024))
* Enable Transfer service to use registry configuration directory ([containerd#9908](containerd#9908))
* Disable the support for Schema 1 images ([containerd#9765](containerd#9765))
* Update Transfer service to add OCI descriptors to Progress structure ([containerd#9630](containerd#9630))
* Update import and export to allow references to missing content  ([containerd#9554](containerd#9554))
* Add option to perform syncfs after pull ([containerd#9401](containerd#9401))
* Add image verifier transfer service plugin system based on a binary directory ([containerd#8493](containerd#8493))

#### Runtime

* Store bootstrap parameters in sandbox metadata ([containerd#9736](containerd#9736))
* Update apparmor to allow confined runc to kill containers ([containerd#10123](containerd#10123))
* Support vsock connection to task api ([containerd#9738](containerd#9738))
* Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([containerd#9320](containerd#9320))
* Switch runc shim to task service v3 and fix restore ([containerd#9233](containerd#9233))
* Add sandboxer configuration and move sandbox controllers to plugins ([containerd#8268](containerd#8268))
* Add annotations to CreateSandbox request ([containerd#8960](containerd#8960))
* Add SandboxMetrics ([containerd#8680](containerd#8680))
* Publish sandbox events ([containerd#8602](containerd#8602))
* Remove the CriuPath field from runc's options ([containerd#8279](containerd#8279))
* Remove support for config.toml `version = 1` ([containerd#8275](containerd#8275))
* Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([containerd#8262](containerd#8262))

#### Security Advisories

* [medium] RAPL accessible to a container [GHSA-7ww5-4wqc-m92c](GHSA-7ww5-4wqc-m92c)

#### Breaking

* Disable the support for Schema 1 images ([containerd#9765](containerd#9765))
* Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([containerd#9320](containerd#9320))
* Move client to subpackage ([containerd#9316](containerd#9316))
* Remove `LimitNOFILE` from `containerd.service` ([containerd#8924](containerd#8924))
* Remove CRI v1alpha2 ([containerd#8276](containerd#8276))
* Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([containerd#8262](containerd#8262))
* Remove "containerd.io/restart.logpath" label ([containerd#8264](containerd#8264))
* Remove `aufs` snapshotter ([containerd#8263](containerd#8263))

#### Deprecations

* Postpone removal of deprecated CRI config properties ([containerd#9966](containerd#9966))
* Deprecate go-plugin configuration option ([containerd#9238](containerd#9238))
* CNI conf_template in CRI is no longer deprecated ([containerd#8637](containerd#8637))

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Derek McGowan
* Akihiro Suda
* Maksym Pavlenko
* Wei Fu
* Phil Estes
* Sebastiaan van Stijn
* Samuel Karp
* Kazuyoshi Kato
* Rodrigo Campos
* Danny Canter
* Abel Feng
* Gabriel Adrian Samfira
* Kirtana Ashok
* Iceber Gu
* Austin Vazquez
* Krisztian Litkey
* Akhil Mohan
* Kohei Tokunaga
* Mike Brown
* Jin Dong
* Bjorn Neergaard
* rongfu.leng
* Justin Chadwell
* James Sturtevant
* Paul "TBBle" Hampson
* Davanum Srinivas
* Enrico Weigelt
* Brian Goff
* Henry Wang
* Paweł Gronowski
* Hsing-Yu (David) Chen
* Ilya Hanov
* Laura Brehm
* Marat Radchenko
* Cardy.Tang
* Aditi Sharma
* Bryant Biggs
* Evan Lezar
* Jordan Liggitt
* Kay Yan
* Markus Lehtonen
* Nashwan Azhari
* Shingo Omura
* Shuaiyi Zhang
* Vinayak Goyal
* helen
* Alexandru Matei
* Amit Barve
* Anthony Nandaa
* Charity Kathure
* Ed Bartosh
* Etienne Champetier
* James Jenkins
* Kevin Parsons
* Milas Bowman
* Swagat Bora
* yanggang
* Aditya Ramani
* Adrian Reber
* Amir M. Ghazanfari
* Artem Khramov
* Avi Deitcher
* Brad Davidson
* Chen Yiyang
* Christian Muehlhaeuser
* Cory Snider
* Djordje Lukic
* Edgar Lee
* Ethan Lowman
* Jiang Liu
* June Rhodes
* Lucas Rattz
* Mahamed Ali
* Maksim An
* Michael Crosby
* Peteris Rudzusiks
* Sam Edwards
* Samruddhi Khandale
* Steve Griffith
* Tony Fang
* VERNOU Cédric
* hang.jiang
* jerryzhuang
* lengrongfu
* ningmingxiao
* roman-kiselenko
* zhanluxianshen
* zounengren
* Aaron Lehmann
* Adrien Delorme
* Alex Couture-Beil
* Alex Ellis
* Alex Rodriguez
* Angelos Kolaitis
* Antonio Huete Jimenez
* Arash Haghighat
* Ben Foster
* Bin Tang
* Bin Xin
* BinBin He
* Brennan Kinney
* Changqing Li
* ChengenH
* ChengyuZhu6
* Christian Stewart
* Craig Ingram
* Daisy Rong
* David Porter
* Derek Nola
* Eng Zer Jun
* Fabiano Fidêncio
* Fahed Dorgaa
* Gary McDonald
* Iain Macdonald
* James Lakin
* Jan Dubois
* Jaroslav Jindrak
* Jiongchi Yu
* Julien Balestra
* Kern Walster
* Kirill A. Korinsky
* Konstantin Khlebnikov
* Pan Yibo
* Qasim Sarfraz
* Qiutong Song
* Robbie Buxton
* Robert-André Mauchin
* Ruihua Wen
* Shukui Yang
* Talon
* Tianon Gravi
* Tim Hockin
* Tobias Klauser
* Tomáš Virtus
* Tõnis Tiigi
* Wang Xinwen
* William Chen
* Xinyang Ge
* Yibo Zhuang
* Yury Gargay
* Zechun Chen
* Zhang Tianyang
* Zoe
* baijia
* charles-chenzz
* chschumacher1994
* guangli.bao
* guangwu
* krglosse
* pigletfly
* rokkiter
* wangxiang
* zhangpeng
* zhaojizhuang
* 吴小白
* 张钰
* 沈陵
* 谭九鼎

### Dependency Changes

* **dario.cat/mergo**                                                              v1.0.0 **_new_**
* **github.com/AdaLogics/go-fuzz-headers**                                         1f10f66a31bf -> ced1acdcaa24
* **github.com/AdamKorcz/go-118-fuzz-build**                                       5330a85ea652 -> 8075edf89bb0
* **github.com/Masterminds/semver/v3**                                             v3.2.1 **_new_**
* **github.com/Microsoft/go-winio**                                                v0.6.0 -> v0.6.2
* **github.com/Microsoft/hcsshim**                                                 v0.10.0-rc.7 -> v0.12.3
* **github.com/cenkalti/backoff/v4**                                               v4.2.0 -> v4.3.0
* **github.com/checkpoint-restore/checkpointctl**                                  v1.1.0 **_new_**
* **github.com/checkpoint-restore/go-criu/v7**                                     v7.1.0 **_new_**
* **github.com/cilium/ebpf**                                                       v0.9.1 -> v0.11.0
* **github.com/containerd/cgroups/v3**                                             v3.0.1 -> v3.0.3
* **github.com/containerd/console**                                                v1.0.3 -> v1.0.4
* **github.com/containerd/containerd/api**                                         v1.8.0-rc.0 **_new_**
* **github.com/containerd/continuity**                                             v0.3.0 -> v0.4.3
* **github.com/containerd/errdefs**                                                v0.1.0 **_new_**
* **github.com/containerd/go-runc**                                                v1.0.0 -> v1.1.0
* **github.com/containerd/log**                                                    v0.1.0 **_new_**
* **github.com/containerd/nri**                                                    v0.3.0 -> v0.6.1
* **github.com/containerd/platforms**                                              v0.2.0 **_new_**
* **github.com/containerd/plugin**                                                 v0.1.0 **_new_**
* **github.com/containerd/ttrpc**                                                  v1.2.1 -> v1.2.4
* **github.com/containerd/typeurl/v2**                                             v2.1.0 -> v2.1.1
* **github.com/containernetworking/cni**                                           v1.1.2 -> v1.2.0
* **github.com/containernetworking/plugins**                                       v1.2.0 -> v1.4.1
* **github.com/cpuguy83/go-md2man/v2**                                             v2.0.2 -> v2.0.4
* **github.com/distribution/reference**                                            v0.6.0 **_new_**
* **github.com/emicklei/go-restful/v3**                                            v3.10.1 -> v3.11.0
* **github.com/felixge/httpsnoop**                                                 v1.0.4 **_new_**
* **github.com/fsnotify/fsnotify**                                                 v1.6.0 -> v1.7.0
* **github.com/go-logr/logr**                                                      v1.2.3 -> v1.4.1
* **github.com/golang/protobuf**                                                   v1.5.2 -> v1.5.4
* **github.com/google/go-cmp**                                                     v0.5.9 -> v0.6.0
* **github.com/google/uuid**                                                       v1.3.0 -> v1.6.0
* **github.com/gorilla/websocket**                                                 v1.5.0 **_new_**
* **github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus**            v1.0.1 **_new_**
* **github.com/grpc-ecosystem/go-grpc-middleware/v2**                              v2.1.0 **_new_**
* **github.com/grpc-ecosystem/grpc-gateway/v2**                                    v2.7.0 -> v2.19.1
* **github.com/intel/goresctrl**                                                   v0.3.0 -> v0.7.0
* **github.com/klauspost/compress**                                                v1.16.0 -> v1.17.8
* **github.com/klauspost/cpuid/v2**                                                v2.0.4 -> v2.2.5
* **github.com/mdlayher/socket**                                                   v0.4.1 **_new_**
* **github.com/mdlayher/vsock**                                                    v1.2.1 **_new_**
* **github.com/minio/sha256-simd**                                                 v1.0.0 -> v1.0.1
* **github.com/moby/sys/mountinfo**                                                v0.6.2 -> v0.7.1
* **github.com/moby/sys/user**                                                     v0.1.0 **_new_**
* **github.com/mxk/go-flowrate**                                                   cca7078d478f **_new_**
* **github.com/opencontainers/image-spec**                                         3a7f492d3f1b -> v1.1.0
* **github.com/opencontainers/runtime-spec**                                       v1.1.0-rc.1 -> v1.2.0
* **github.com/opencontainers/runtime-tools**                                      946c877fa809 -> 2e043c6bd626
* **github.com/pelletier/go-toml/v2**                                              v2.2.2 **_new_**
* **github.com/prometheus/client_golang**                                          v1.14.0 -> v1.19.1
* **github.com/prometheus/client_model**                                           v0.3.0 -> v0.5.0
* **github.com/prometheus/common**                                                 v0.37.0 -> v0.48.0
* **github.com/prometheus/procfs**                                                 v0.8.0 -> v0.12.0
* **github.com/sirupsen/logrus**                                                   v1.9.0 -> v1.9.3
* **github.com/stretchr/testify**                                                  v1.8.2 -> v1.9.0
* **github.com/urfave/cli/v2**                                                     v2.27.2 **_new_**
* **github.com/vishvananda/netns**                                                 2eb08e3e575f -> v0.0.4
* **github.com/xrash/smetrics**                                                    5f08fbb34913 **_new_**
* **go.etcd.io/bbolt**                                                             v1.3.7 -> v1.3.10
* **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc**  v0.40.0 -> v0.51.0
* **go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp**                v0.51.0 **_new_**
* **go.opentelemetry.io/otel**                                                     v1.14.0 -> v1.26.0
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace**                            v1.14.0 -> v1.26.0
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc**              v1.14.0 -> v1.26.0
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp**              v1.14.0 -> v1.26.0
* **go.opentelemetry.io/otel/metric**                                              v0.37.0 -> v1.26.0
* **go.opentelemetry.io/otel/sdk**                                                 v1.14.0 -> v1.26.0
* **go.opentelemetry.io/otel/trace**                                               v1.14.0 -> v1.26.0
* **go.opentelemetry.io/proto/otlp**                                               v0.19.0 -> v1.2.0
* **golang.org/x/exp**                                                             aacd6d4b4611 **_new_**
* **golang.org/x/mod**                                                             v0.7.0 -> v0.17.0
* **golang.org/x/net**                                                             v0.7.0 -> v0.24.0
* **golang.org/x/oauth2**                                                          v0.4.0 -> v0.17.0
* **golang.org/x/sync**                                                            v0.1.0 -> v0.7.0
* **golang.org/x/sys**                                                             v0.6.0 -> v0.20.0
* **golang.org/x/term**                                                            v0.5.0 -> v0.19.0
* **golang.org/x/text**                                                            v0.7.0 -> v0.14.0
* **golang.org/x/time**                                                            90d013bbcef8 -> v0.3.0
* **google.golang.org/appengine**                                                  v1.6.7 -> v1.6.8
* **google.golang.org/genproto/googleapis/api**                                    6ceb2ff114de **_new_**
* **google.golang.org/genproto/googleapis/rpc**                                    8c6c420018be **_new_**
* **google.golang.org/grpc**                                                       v1.53.0 -> v1.63.2
* **google.golang.org/protobuf**                                                   v1.28.1 -> v1.34.1
* **k8s.io/api**                                                                   v0.26.2 -> v0.30.0
* **k8s.io/apimachinery**                                                          v0.26.2 -> v0.30.0
* **k8s.io/apiserver**                                                             v0.26.2 -> v0.30.0
* **k8s.io/client-go**                                                             v0.26.2 -> v0.30.0
* **k8s.io/component-base**                                                        v0.26.2 -> v0.30.0
* **k8s.io/cri-api**                                                               v0.26.2 -> v0.30.0
* **k8s.io/klog/v2**                                                               v2.90.1 -> v2.120.1
* **k8s.io/kubelet**                                                               v0.30.0 **_new_**
* **k8s.io/utils**                                                                 a5ecb0141aa5 -> 3b25d923346b
* **sigs.k8s.io/json**                                                             f223a00ba0e2 -> bc3834ca7abd
* **sigs.k8s.io/structured-merge-diff/v4**                                         v4.2.3 -> v4.4.1
* **tags.cncf.io/container-device-interface**                                      v0.7.2 **_new_**
* **tags.cncf.io/container-device-interface/specs-go**                             v0.7.0 **_new_**

Previous release can be found at [v1.7.0](https://github.com/containerd/containerd/releases/tag/v1.7.0)
### Which file should I download?
* `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`:         ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
* `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`:  Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases)
and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too.

See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.

v1.7.17

Toggle v1.7.17's commit message

Verified

This tag was signed with the committer’s verified signature.
dmcgowan Derek McGowan
GPG key ID: F58C5D0A4405ACDB
Verified
Learn about vigilant mode 
containerd 1.7.17

Welcome to the v1.7.17 release of containerd!

The seventeenth patch release for containerd 1.7 contains various fixes and updates.

### Highlights

* Use LOOP_CONFIGURE when creating loop devices ([containerd#10209](containerd#10209))
* Update unpacker to fetch all provided content ([containerd#10233](containerd#10233))
* Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts ([containerd#10210](containerd#10210))
* Update metadata snapshotter to lease on already exists ([containerd#10198](containerd#10198))
* Handle unsupported config versions ([containerd#10165](containerd#10165))
* Fix deadlock when writing to pipe blocks ([containerd/ttrpc#168](containerd/ttrpc#168))

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Stefan Berger
* Derek McGowan
* Austin Vazquez
* Alexandru Matei
* Maksym Pavlenko
* Akihiro Suda
* Bryant Biggs
* Kevin Parsons
* Kirtana Ashok
* Phil Estes
* Kazuyoshi Kato
* Kohei Tokunaga
* Swagat Bora

### Changes
<details><summary>43 commits</summary>
<p>

* Prepare release notes for v1.7.17 ([containerd#10235](containerd#10235))
  * [`114b07b97`](containerd@114b07b) Prepare release notes for v1.7.17
* Use LOOP_CONFIGURE when creating loop devices ([containerd#10209](containerd#10209))
  * [`803aaa680`](containerd@803aaa6) Remove internal LoopConfig struct
  * [`7bd3be948`](containerd@7bd3be9) Swap internal ioctl implementation with golang.org/x/sys
  * [`a0739dc0e`](containerd@a0739dc) Use LOOP_CONFIGURE when creating loop devices
* Update unpacker to fetch all provided content ([containerd#10233](containerd#10233))
  * [`1573ea598`](containerd@1573ea5) Update ctr image pull all platforms
  * [`32b594f1b`](containerd@32b594f) Update unpacker to always fetch all
* Update hcsshim tag to v0.11.5 ([containerd#10232](containerd#10232))
  * [`5a03a3aee`](containerd@5a03a3a) Update hcsshim tag to v0.11.5
* Update ttrpc tag to 1.2.4 ([containerd#10221](containerd#10221))
  * [`9a1eda40f`](containerd@9a1eda4) update ttrpc tag to 1.2.4
* Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts ([containerd#10210](containerd#10210))
  * [`ad85652fa`](containerd@ad85652) Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts
* Update instrumentation fuzzer with new flag ([containerd#10229](containerd#10229))
  * [`582f3f43d`](containerd@582f3f4) Update instrumentation fuzzer with new flag
* vendor: github.com/containerd/[email protected] ([containerd#10215](containerd#10215))
  * [`a5d13689b`](containerd@a5d1368) vendor: github.com/containerd/[email protected]
* vendor: golang.org/x/[email protected] ([containerd#10211](containerd#10211))
  * [`f853bc129`](containerd@f853bc1) vendor: golang.org/x/[email protected]
  * [`837972979`](containerd@8379729) vendor: golang.org/x/[email protected]
  * [`56aa87792`](containerd@56aa877) vendor: golang.org/x/[email protected]
  * [`4e6335ebd`](containerd@4e6335e) vendor: golang.org/x/[email protected]
  * [`1c6c745c6`](containerd@1c6c745) vendor: golang.org/x/[email protected]
  * [`1077d38c9`](containerd@1077d38) vendor: golang.org/x/[email protected]
* Update tooling to Go 1.21.10, 1.22.3 for net/http bug fixes ([containerd#10207](containerd#10207))
  * [`c53b635f9`](containerd@c53b635) Update toolchain to Go 1.21.10 and 1.22.3
* vendor: golang.org/x/[email protected] ([containerd#10204](containerd#10204))
  * [`4b52104f0`](containerd@4b52104) vendor: golang.org/x/[email protected]
  * [`2f65c83b0`](containerd@2f65c83) vendor: golang.org/x/[email protected]
  * [`8a76171f7`](containerd@8a76171) vendor: golang.org/x/[email protected]
  * [`d45778523`](containerd@d457785) vendor: golang.org/x/[email protected], golang.org/x/[email protected]
  * [`24038de8c`](containerd@24038de) vendor: golang.org/x/[email protected]
* Update metadata snapshotter to lease on already exists ([containerd#10198](containerd#10198))
  * [`eb930375c`](containerd@eb93037) Add lease test for metadata snapshotter
  * [`9f6c61ab9`](containerd@9f6c61a) Update metadata snapshotter to lease on exists
* Update grpc and image-spec dependencies ([containerd#10180](containerd#10180))
  * [`24dd403ab`](containerd@24dd403) Update image-spec to v1.1.0
  * [`189b69e24`](containerd@189b69e) go.mod: github.com/opencontainers/image-spec v1.1.0-rc3
  * [`388fb336b`](containerd@388fb33) Update grpc to v1.59.0
* Handle unsupported config versions ([containerd#10165](containerd#10165))
  * [`00347b7fa`](containerd@00347b7) Add check for unsupported config versions
</p>
</details>

### Changes from containerd/imgcrypt
<details><summary>53 commits</summary>
<p>

* CHANGES: Updated CHANGES document for 1.1.8 release ([containerd/imgcrypt#122](containerd/imgcrypt#122))
  * [`956b4d3`](containerd/imgcrypt@956b4d3) CHANGES: Updated CHANGES document for 1.1.8 release
* Synchronize enc-ctr with upstream ctr from containerd v1.6.23 and use containerd v1.6.23 in dependency ([containerd/imgcrypt#120](containerd/imgcrypt#120))
  * [`9e8e1c1`](containerd/imgcrypt@9e8e1c1) ctr: Sync code with containerd v1.6.23 ctr
  * [`7d2cca5`](containerd/imgcrypt@7d2cca5) build(deps): bump containerd from 1.6.20 to 1.6.23
* Synchronize enc-ctr with upstream ctr from containerd v1.6.20 ([containerd/imgcrypt#119](containerd/imgcrypt#119))
  * [`0f2559e`](containerd/imgcrypt@0f2559e) ctr: Sync code with containerd v1.6.20 ctr
  * [`c48dd78`](containerd/imgcrypt@c48dd78) cmd: Copy IntToInt32Array into img package and use it
* Update to ocicrypt 1.1.8 and minimum go 1.20 ([containerd/imgcrypt#118](containerd/imgcrypt#118))
  * [`6d48a4e`](containerd/imgcrypt@6d48a4e) build(deps): bump ocicrypt from 1.1.7 to 1.1.8
  * [`1bc94a2`](containerd/imgcrypt@1bc94a2) github: Use golangci-lint v1.54.1 and adjust config file
  * [`9065f1d`](containerd/imgcrypt@9065f1d) github: Test with go 1.21 and go 1.20
  * [`74986f3`](containerd/imgcrypt@74986f3) go.mod: Require go 1.20
* build(deps): bump google.golang.org/grpc from 1.47.0 to 1.53.0 ([containerd/imgcrypt#117](containerd/imgcrypt#117))
  * [`a2a8273`](containerd/imgcrypt@a2a8273) build(deps): bump google.golang.org/grpc from 1.47.0 to 1.53.0
* test: Test creating and running of container with key file missing ([containerd/imgcrypt#116](containerd/imgcrypt#116))
  * [`286470a`](containerd/imgcrypt@286470a) test: Test creating and running of container with key file missing
* Fix some issues in the test script ([containerd/imgcrypt#115](containerd/imgcrypt#115))
  * [`aa517cc`](containerd/imgcrypt@aa517cc) test: Fix order of parameters and remove unnecessary key parameter
  * [`ec72311`](containerd/imgcrypt@ec72311) test: Add comments to test case
  * [`2959ec0`](containerd/imgcrypt@2959ec0) test: To be able to run testLocalKeys alone add missing env variable
* build(deps): upgrade github.com/containerd/containerd from 1.6.18 to … ([containerd/imgcrypt#112](containerd/imgcrypt#112))
  * [`a7f2760`](containerd/imgcrypt@a7f2760) build(deps): upgrade github.com/containerd/containerd from 1.6.18 to 1.6.20
* ci: Update golangci-lint to v1.52.2 ([containerd/imgcrypt#113](containerd/imgcrypt#113))
  * [`002abac`](containerd/imgcrypt@002abac) images: Change 'any' to 'anything' to avoid clash with built-in type 'any'
  * [`5780ecc`](containerd/imgcrypt@5780ecc) images: Replace unused function parameters with '_'
  * [`7dc8592`](containerd/imgcrypt@7dc8592) ci: Update golangci-lint to v1.52.2
* build(deps): bump github.com/opencontainers/runc from 1.1.2 to 1.1.5 ([containerd/imgcrypt#109](containerd/imgcrypt#109))
  * [`90e4f77`](containerd/imgcrypt@90e4f77) build(deps): bump github.com/opencontainers/runc from 1.1.2 to 1.1.5
* Abandon go 1.18 (end-of-life) and use 1.19 and 1.20 in tests ([containerd/imgcrypt#110](containerd/imgcrypt#110))
  * [`8fc037f`](containerd/imgcrypt@8fc037f) tests: Upgrade toml written by test case to version 2
  * [`0b31beb`](containerd/imgcrypt@0b31beb) ci: Run tests with go 1.19 and 1.20 (abandon 1.18)
  * [`523674c`](containerd/imgcrypt@523674c) build(deps): Update to minimum required go v1.19
* Update to golang.org/x/[email protected] and github.com/containers/[email protected] ([containerd/imgcrypt#107](containerd/imgcrypt#107))
  * [`96a2314`](containerd/imgcrypt@96a2314) build(deps): Upgrade to github.com/containers/[email protected]
  * [`1c50555`](containerd/imgcrypt@1c50555) bulid(deps): Update to golang.org/x/[email protected]
  * [`9645d39`](containerd/imgcrypt@9645d39) build(deps): Update to minimum required go v1.18
* build(deps): bump github.com/containerd/containerd from 1.6.12 to 1.6.18 ([containerd/imgcrypt#106](containerd/imgcrypt#106))
  * [`8daaa45`](containerd/imgcrypt@8daaa45) build(deps): bump github.com/containerd/containerd from 1.6.12 to 1.6.18
* README: Fix a typo ([containerd/imgcrypt#105](containerd/imgcrypt#105))
  * [`12e84f5`](containerd/imgcrypt@12e84f5) README: Fix a typo
* build(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.12 ([containerd/imgcrypt#103](containerd/imgcrypt#103))
  * [`4e5a73e`](containerd/imgcrypt@4e5a73e) build(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.12
* Update golangci-lint to v1.50.1 ([containerd/imgcrypt#101](containerd/imgcrypt#101))
  * [`16a071b`](containerd/imgcrypt@16a071b) Update golangci-lint to v1.50.1
* Remove references to package io/ioutil ([containerd/imgcrypt#100](containerd/imgcrypt#100))
  * [`981a3fd`](containerd/imgcrypt@981a3fd) Remove references to package io/ioutil
* Update GitHub actions CI workflow ([containerd/imgcrypt#99](containerd/imgcrypt#99))
  * [`06827a1`](containerd/imgcrypt@06827a1) Update containerd project checks package in CI
  * [`f6a39e1`](containerd/imgcrypt@f6a39e1) Update GitHub actions packages in CI workflow
  * [`6383351`](containerd/imgcrypt@6383351) Update GitHub actions CI workflow OS runner images
* CI/CD: Run CodeQL on PRs and once a month ([containerd/imgcrypt#98](containerd/imgcrypt#98))
  * [`b6e16db`](containerd/imgcrypt@b6e16db) CI/CD: Run CodeQL on PRs and once a month
</p>
</details>

### Changes from containerd/ttrpc
<details><summary>10 commits</summary>
<p>

* Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 ([containerd/ttrpc#166](containerd/ttrpc#166))
  * [`272c857`](containerd/ttrpc@272c857) Bump google.golang.org/protobuf from 1.31.0 to 1.33.0
* Fix deadlock when writing to pipe blocks ([containerd/ttrpc#168](containerd/ttrpc#168))
  * [`1b4f6f8`](containerd/ttrpc@1b4f6f8) client: Fix deadlock when writing to pipe blocks
* Bump golang.org/x/net from 0.17.0 to 0.23.0 ([containerd/ttrpc#167](containerd/ttrpc#167))
  * [`13b8289`](containerd/ttrpc@13b8289) Bump golang.org/x/net from 0.17.0 to 0.23.0
* Update GitHub Actions CI to resolve deprecation warnings ([containerd/ttrpc#161](containerd/ttrpc#161))
  * [`589a593`](containerd/ttrpc@589a593) Update GitHub Actions CI to resolve deprecation warnings
* Fix proto3 generation error ([containerd/ttrpc#158](containerd/ttrpc#158))
  * [`73b6a91`](containerd/ttrpc@73b6a91) Add optional feature in protobuf compiler
</p>
</details>

### Dependency Changes

* **github.com/Microsoft/go-winio**              v0.6.1 -> v0.6.2
* **github.com/Microsoft/hcsshim**               v0.11.4 -> v0.11.5
* **github.com/containerd/imgcrypt**             v1.1.7 -> v1.1.8
* **github.com/containerd/ttrpc**                v1.2.3 -> v1.2.4
* **github.com/containers/ocicrypt**             v1.1.6 -> v1.1.10
* **github.com/go-jose/go-jose/v3**              v3.0.3 **_new_**
* **github.com/google/uuid**                     v1.3.0 -> v1.3.1
* **github.com/opencontainers/image-spec**       3a7f492d3f1b -> v1.1.0
* **github.com/stefanberger/go-pkcs11uri**       78d3cae3a980 -> 78284954bff6
* **golang.org/x/crypto**                        v0.14.0 -> v0.21.0
* **golang.org/x/mod**                           v0.11.0 -> v0.12.0
* **golang.org/x/net**                           v0.17.0 -> v0.23.0
* **golang.org/x/oauth2**                        v0.10.0 -> v0.11.0
* **golang.org/x/sys**                           v0.13.0 -> v0.18.0
* **golang.org/x/term**                          v0.13.0 -> v0.18.0
* **golang.org/x/text**                          v0.13.0 -> v0.14.0
* **google.golang.org/genproto**                 782d3b101e98 -> b8732ec3820d
* **google.golang.org/genproto/googleapis/api**  782d3b101e98 -> b8732ec3820d
* **google.golang.org/genproto/googleapis/rpc**  cbb8c96f2d6d -> b8732ec3820d
* **google.golang.org/grpc**                     v1.58.3 -> v1.59.0

Previous release can be found at [v1.7.16](https://github.com/containerd/containerd/releases/tag/v1.7.16)