Skip to content

[release/2.0] Prepare release notes for v2.0.7 #12482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dmcgowan merged 2 commits into from
Nov 6, 2025
Merged

[release/2.0] Prepare release notes for v2.0.7 #12482

dmcgowan merged 2 commits into from
Nov 6, 2025

Conversation

@austinvazquez
Copy link
Member

@austinvazquez austinvazquez commented Nov 5, 2025
edited
Loading

Generated notes

containerd 2.0.7

Welcome to the v2.0.7 release of containerd!

The seventh patch release for containerd 2.0 includes various bug fixes and updates.

Security Updates

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Phil Estes
  • Austin Vazquez
  • Rodrigo Campos
  • Wei Fu
  • Akihiro Suda
  • Derek McGowan
  • Maksym Pavlenko
  • ningmingxiao
  • Kirtana Ashok
  • Akhil Mohan
  • Andrew Halaney
  • Jin Dong
  • Jose Fernandez
  • Mike Baynton
  • Philip Laine
  • Swagat Bora
  • wheat2018

Changes

55 commits

  • 88f2e8cad Prepare release notes for v2.0.7
  • 437d0f653 Update mailmap
  • 5f708b76a Merge commit from fork
  • 8cd112d82 Fix directory permissions
  • 05290b5bc Merge commit from fork
  • 4d1edf4ad fix goroutine leak of container Attach
  • Update runc binary to v1.3.3 (#12479)
    • b46dc6a67 runc: Update runc binary to v1.3.3
  • ci: bump Go 1.24.9; 1.25.3 (#12361)
    • 5e9c82178 Update GHA runners to use latest images for basic binaries build
    • 7f59248dc Update GHA runners to use latest image for most jobs
    • e1373e8a8 ci: bump Go 1.24.9, 1.25.3
    • e1a910a6a ci: bump Go 1.24.8; 1.25.2
    • fd04b7f17 move exclude-dirs to issues.exclude-dirs
    • b49377975 update golangci-lint to v1.64.2
    • 6e45022a1 build(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.5.0
    • 09ce0f2a1 build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.2
    • de63a740b build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0
  • Fix lost container logs from quickly closing io (#12376)
    • f953ee8a3 bugfix:fix container logs lost because io close too quickly
  • CI: update Fedora to 43 (#12448)
  • cri/server/podsandbox: disable event subscriber (#12406)
    • 2a2329cbd cri/server/podsandbox: disable event subscriber
  • CI: skip ubuntu-24.04-arm on private repos (#12428)
    • dfb954743 CI: skip ubuntu-24.04-arm on private repos
  • Remove additional fuzzers from instrumentation repo (#12420)
    • f6b02f6bb Remove additional fuzzers from CI
  • runc:Update runc binary to v1.3.1 (#12275)
    • 75c13ee3f runc:Update runc binary to v1.3.1
  • add SystemdCgroup to default runtime options (#12254)
    • 427cdd06c add SystemdCgroup to default runtime options
  • install-runhcs-shim: fetch target commit instead of tags (#12255)
    • 0b35e19fb install-runhcs-shim: fetch target commit instead of tags
  • Backport userns container image volume with copy-up fixes (#12241)
    • 3212afc2f integration: Add test for directives with userns
    • b855c6e10 cri: Fix userns with Dockerfile VOLUME mounts that need copy
  • Backport various overlayfs related user namespace fixes and improvements (#12223)
    • 05c0c99f4 core/mount: Retry unmounting idmapped directories
    • afdede4ce core/mount: Test cleanup of DoPrepareIDMappedOverlay()
    • 47205f814 core/mount: Properly cleanup on doPrepareIDMappedOverlay errors
    • 6f4abd970 core/mount: Don't call nil function on errors
    • a2f0d65d7 core/mount: Only idmap once per overlayfs, not per layer
    • 1c32accd7 Make ovl idmap mounts read-only
  • ci: bump Go 1.23.12, 1.24.6 (#12187)
  • fix: create bootstrap.json with 0644 permission (#12184)
    • 009622e04 fix: create bootstrap.json with 0644 permission
  • Fix pidfd leak in UnshareAfterEnterUserns (#12178)
    • 5bec0a332 sys: fix pidfd leak in UnshareAfterEnterUserns
  • Backport windows test fixes (#12120)
    • 2a2488131 Fix intermittent test failures on Windows CIs
    • 018470948 Remove WS2025 from CIs due to regression
  • Add dial timeout field to hosts toml configuration (#12136)
    • b50cbbc98 Add dial timeout field to hosts toml configuration

Dependency Changes

This release has no dependency changes

Previous release can be found at v2.0.6

Which file should I download?

  • containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
  • containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install runc
and CNI plugins from their official sites too.

See also the Getting Started documentation.

@github-project-automation github-project-automation bot moved this to Needs Triage in Pull Request Review Nov 5, 2025
@austinvazquez austinvazquez marked this pull request as ready for review November 5, 2025 21:35
@austinvazquez austinvazquez force-pushed the prep_2_0_7 branch 3 times, most recently from 88f2e8c to 5486eb2 Compare November 5, 2025 22:24
dmcgowan
dmcgowan reviewed Nov 5, 2025
View reviewed changes
.mailmap Outdated
Andrey Kolomentsev <[email protected]>
Arnaud Porterie <[email protected]>
Arnaud Porterie <[email protected]> <[email protected]>
Austin Vazquez <[email protected]> <[email protected]> <[email protected]>
Copy link
Member

@dmcgowan dmcgowan Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This mailmap format doesn't seem to work

@austinvazquez
Update mailmap
205bc4f 
Signed-off-by: Austin Vazquez <[email protected]>
@austinvazquez
Prepare release notes for v2.0.7
4931e24 
Signed-off-by: Austin Vazquez <[email protected]>
@github-project-automation github-project-automation bot moved this from Needs Triage to Review In Progress in Pull Request Review Nov 5, 2025
@dmcgowan dmcgowan merged commit 4ac6c20 into containerd:release/2.0 Nov 6, 2025
55 checks passed
@github-project-automation github-project-automation bot moved this from Review In Progress to Done in Pull Request Review Nov 6, 2025
mansikulkarni96 added a commit to mansikulkarni96/containerd that referenced this pull request Dec 4, 2025
@mansikulkarni96
Merge tag 'v2.0.7' into pull-v.2.1.0
ae3bb68 
containerd 2.0.7

Welcome to the v2.0.7 release of containerd!

The seventh patch release for containerd 2.0 includes various bug fixes and updates.

* **containerd**
  * [**GHSA-pwhc-rpq9-4c8w**](GHSA-pwhc-rpq9-4c8w)
  * [**GHSA-m6hq-p25p-ffr2**](GHSA-m6hq-p25p-ffr2)

* **runc**
  * [**GHSA-qw9x-cqr3-wc7r**](GHSA-qw9x-cqr3-wc7r)
  * [**GHSA-cgrx-mc8f-2prm**](GHSA-cgrx-mc8f-2prm)
  * [**GHSA-9493-h29p-rfm2**](GHSA-9493-h29p-rfm2)

* **Disable event subscriber during task cleanup** ([containerd#12406](containerd#12406))
* **Add SystemdCgroup to default runtime options** ([containerd#12254](containerd#12254))
* **Fix userns with container image VOLUME mounts that need copy** ([containerd#12241](containerd#12241))

* **Add dial timeout field to hosts toml configuration** ([containerd#12136](containerd#12136))

* **Update runc binary to v1.3.3** ([containerd#12479](containerd#12479))
* **Fix lost container logs from quickly closing io** ([containerd#12376](containerd#12376))
* **Create bootstrap.json with 0644 permission** ([containerd#12184](containerd#12184))
* **Fix pidfd leak in UnshareAfterEnterUserns** ([containerd#12178](containerd#12178))

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

* Austin Vazquez
* Phil Estes
* Rodrigo Campos
* Wei Fu
* Akihiro Suda
* Derek McGowan
* Maksym Pavlenko
* ningmingxiao
* Kirtana Ashok
* Akhil Mohan
* Andrew Halaney
* Jin Dong
* Jose Fernandez
* Mike Baynton
* Philip Laine
* Swagat Bora
* wheat2018

<details><summary>56 commits</summary>
<p>

* Prepare release notes for v2.0.7 ([containerd#12482](containerd#12482))
  * [`4931e24f1`](containerd@4931e24) Prepare release notes for v2.0.7
  * [`205bc4f2d`](containerd@205bc4f) Update mailmap
  * [`5f708b76a`](containerd@5f708b7) Merge commit from fork
  * [`8cd112d82`](containerd@8cd112d) Fix directory permissions
  * [`05290b5bc`](containerd@05290b5) Merge commit from fork
  * [`4d1edf4ad`](containerd@4d1edf4) fix goroutine leak of container Attach
* Update runc binary to v1.3.3 ([containerd#12479](containerd#12479))
  * [`b46dc6a67`](containerd@b46dc6a) runc: Update runc binary to v1.3.3
* ci: bump Go 1.24.9; 1.25.3 ([containerd#12361](containerd#12361))
  * [`5e9c82178`](containerd@5e9c821) Update GHA runners to use latest images for basic binaries build
  * [`7f59248dc`](containerd@7f59248) Update GHA runners to use latest image for most jobs
  * [`e1373e8a8`](containerd@e1373e8) ci: bump Go 1.24.9, 1.25.3
  * [`e1a910a6a`](containerd@e1a910a) ci: bump Go 1.24.8; 1.25.2
  * [`fd04b7f17`](containerd@fd04b7f) move exclude-dirs to issues.exclude-dirs
  * [`b49377975`](containerd@b493779) update golangci-lint to v1.64.2
  * [`6e45022a1`](containerd@6e45022) build(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.5.0
  * [`09ce0f2a1`](containerd@09ce0f2) build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.2
  * [`de63a740b`](containerd@de63a74) build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0
* Fix lost container logs from quickly closing io ([containerd#12376](containerd#12376))
  * [`f953ee8a3`](containerd@f953ee8) bugfix:fix container logs lost because io close too quickly
* CI: update Fedora to 43 ([containerd#12448](containerd#12448))
  * [`f6f15f513`](containerd@f6f15f5) CI: update Fedora to 43
* Disable event subscriber during task cleanup ([containerd#12406](containerd#12406))
  * [`2a2329cbd`](containerd@2a2329c) cri/server/podsandbox: disable event subscriber
* CI: skip ubuntu-24.04-arm on private repos ([containerd#12428](containerd#12428))
  * [`dfb954743`](containerd@dfb9547) CI: skip ubuntu-24.04-arm on private repos
* Remove additional fuzzers from instrumentation repo ([containerd#12420](containerd#12420))
  * [`f6b02f6bb`](containerd@f6b02f6) Remove additional fuzzers from CI
* runc:Update runc binary to v1.3.1 ([containerd#12275](containerd#12275))
  * [`75c13ee3f`](containerd@75c13ee) runc:Update runc binary to v1.3.1
* Add SystemdCgroup to default runtime options ([containerd#12254](containerd#12254))
  * [`427cdd06c`](containerd@427cdd0) add SystemdCgroup to default runtime options
* install-runhcs-shim: fetch target commit instead of tags ([containerd#12255](containerd#12255))
  * [`0b35e19fb`](containerd@0b35e19) install-runhcs-shim: fetch target commit instead of tags
* Fix userns with container image VOLUME mounts that need copy ([containerd#12241](containerd#12241))
  * [`3212afc2f`](containerd@3212afc) integration: Add test for directives with userns
  * [`b855c6e10`](containerd@b855c6e) cri: Fix userns with Dockerfile VOLUME mounts that need copy
* Fix overlayfs issues related to user namespace ([containerd#12223](containerd#12223))
  * [`05c0c99f4`](containerd@05c0c99) core/mount: Retry unmounting idmapped directories
  * [`afdede4ce`](containerd@afdede4) core/mount: Test cleanup of DoPrepareIDMappedOverlay()
  * [`47205f814`](containerd@47205f8) core/mount: Properly cleanup on doPrepareIDMappedOverlay errors
  * [`6f4abd970`](containerd@6f4abd9) core/mount: Don't call nil function on errors
  * [`a2f0d65d7`](containerd@a2f0d65) core/mount: Only idmap once per overlayfs, not per layer
  * [`1c32accd7`](containerd@1c32acc) Make ovl idmap mounts read-only
* ci: bump Go 1.23.12, 1.24.6 ([containerd#12187](containerd#12187))
  * [`9e72e91e6`](containerd@9e72e91) ci: bump Go 1.23.12, 1.24.6
* Create bootstrap.json with 0644 permission ([containerd#12184](containerd#12184))
  * [`009622e04`](containerd@009622e) fix: create bootstrap.json with 0644 permission
* Fix pidfd leak in UnshareAfterEnterUserns ([containerd#12178](containerd#12178))
  * [`5bec0a332`](containerd@5bec0a3) sys: fix pidfd leak in UnshareAfterEnterUserns
* Fix windows test failures ([containerd#12120](containerd#12120))
  * [`2a2488131`](containerd@2a24881) Fix intermittent test failures on Windows CIs
  * [`018470948`](containerd@0184709) Remove WS2025 from CIs due to regression
* Add dial timeout field to hosts toml configuration ([containerd#12136](containerd#12136))
  * [`b50cbbc98`](containerd@b50cbbc) Add dial timeout field to hosts toml configuration
</p>
</details>

This release has no dependency changes

Previous release can be found at [v2.0.6](https://github.com/containerd/containerd/releases/tag/v2.0.6)
* `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`:         ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
* `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`:  Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases)
and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too.

See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmcgowan dmcgowan dmcgowan approved these changes

@fuweid fuweid fuweid approved these changes

Assignees

No one assigned

Labels

size/M

Projects

Pull Request Review
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@austinvazquez @dmcgowan @fuweid @k8s-ci-robot