|
| 1 | +# commit to be tagged for new release |
| 2 | +commit = "HEAD" |
| 3 | + |
| 4 | +project_name = "containerd" |
| 5 | +github_repo = "containerd/containerd" |
| 6 | +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" |
| 7 | + |
| 8 | +# previous release |
| 9 | +previous = "v1.2.7" |
| 10 | + |
| 11 | +pre_release = false |
| 12 | + |
| 13 | +preface = """\ |
| 14 | +The eighth patch release for `containerd` 1.2 provides a series of bug fixes, many |
| 15 | +of them backported from the master branch to correct several known issues around |
| 16 | +manifest lists/indexes and pulling multi-arch, CVEs related to Golang/http2, |
| 17 | +fd leakage in the Golang runtime, a shim hang, process and image environment config |
| 18 | +handling, and finally mount cleanup related to Cloud Foundry's use of containerd |
| 19 | +with rootless containers. A set of bug fixes/updates for the CRI plugin are also |
| 20 | +included; details for the CRI issues and fixes are shown below. |
| 21 | +
|
| 22 | +### Notable Updates |
| 23 | +* Skip rootfs unmount when no mounts are provided. Fixed by [PR #3148](https://github.com/containerd/containerd/pull/3148) {cherry-picked as [PR #3402](https://github.com/containerd/containerd/pull/3402)}. |
| 24 | +* Close inherited socket file descriptor. Fixed in [PR #3359](https://github.com/containerd/containerd/pull/3359) {cherry-picked as [PR #3364](https://github.com/containerd/containerd/pull/3364)}. |
| 25 | +* Call CloseIO when stdin closes in ctr. Fixed by [PR #3462](https://github.com/containerd/containerd/pull/3462) {cherry-picked as [PR 3490](https://github.com/containerd/containerd/pull/3490)}. |
| 26 | +* Several multi-arch image fixes, including: ARM platform matching, selecting the proper manifest, and limited to best matched manifest to solve discrepancies with multi-arch image operations. Backported [PR #3270](https://github.com/containerd/containerd/pull/3270) as [PR #3404](https://github.com/containerd/containerd/pull/3404), [PR #3484](https://github.com/containerd/containerd/pull/3484) as [PR #3512](https://github.com/containerd/containerd/pull/3512), and added [PR #3421](https://github.com/containerd/containerd/pull/3421). |
| 27 | +* Override image's environment config with process config; including backport of fixes and tests for merging/replacing env variables; fix in [PR #3542](https://github.com/containerd/containerd/pull/3542), backported via [PR #3546](https://github.com/containerd/containerd/pull/3546) which included a backport of [PR #2887](https://github.com/containerd/containerd/pull/2887). Additional fix to logic for override re: image `$PATH` cherry-picked in [PR #3565](https://github.com/containerd/containerd/pull/3565). |
| 28 | +* Shim hang fix in master via [PR #3540](https://github.com/containerd/containerd/pull/3540) backported to `release/1.2` via [PR #3561](https://github.com/containerd/containerd/pull/3561). |
| 29 | +* Updated Golang version to 1.12.9 patch release: |
| 30 | + * Resolves CVE-2019-9512 and CVE-2019-9514 from the 1.12.8 security release. Originally fixed via [PR #3531](https://github.com/containerd/containerd/pull/3531) which lists the details of the Golang CVEs, backported via [PR #3532](https://github.com/containerd/containerd/pull/3532) to `release/1.2`. |
| 31 | + * Resolves fd leaks reported via [golang/go#33405](https://github.com/golang/go/issues/33405) and resolved in the 1.12.9 patch release, updated via [PR #3544](https://github.com/containerd/containerd/pull/3544). This fd leak bug was initially reported in containerd issue [#3481](https://github.com/containerd/containerd/issues/3481). |
| 32 | +* CRI: Fix a bug that if an image is deleted immediately after being pulled, the image may still exist after the deletion finishes successfully. (https://github.com/containerd/cri/issues/1161) |
| 33 | +* CRI: Fix a bug that `runc` and `crictl` binaries shipped in https://storage.googleapis.com/cri-containerd-release are versioned with the containerd version. (https://github.com/containerd/cri/pull/1193) |
| 34 | +* CRI: Fix a bug that the images become unusable if 2 images have the same image ID and RepoTag, but different RepoDigests. (https://github.com/containerd/containerd/issues/3401) |
| 35 | +* CRI: Fix [ProcMount](https://stupefied-goodall-e282f7.netlify.com/contributors/design-proposals/auth/proc-mount-type/) support (https://github.com/containerd/cri/pull/1216). ***NOTE: To use containerd 1.2.8+ with Kubernetes 1.11 or below, you MUST set `disable_proc_mount=true` in the cri plugin config.*** (https://github.com/containerd/cri/issues/1208) |
| 36 | +* CRI: Fix a bug that containerd tries to connect image registry with `https` even if the `http` endpoint is configured. (https://github.com/containerd/cri/issues/1201) |
| 37 | +""" |
| 38 | + |
| 39 | +# notable prs to include in the release notes, 1234 is the pr number |
| 40 | +[notes] |
| 41 | + |
| 42 | +[breaking] |
0 commit comments