[release/2.2] Update runc binary to v1.3.4#12593
[release/2.2] Update runc binary to v1.3.4#12593dmcgowan merged 1 commit intocontainerd:release/2.2from
Conversation
| @@ -1 +1 @@ | |||
| v1.3.3 | |||
| v1.3.4 | |||
There was a problem hiding this comment.
Since runc v1.4.0 is available , we should be switching to that version in main
There was a problem hiding this comment.
Makes sense, I've switched this one to target the 2.2 release branch
vvoland
changed the title
This update includes a fix for a regression introduced in CVE-2025-52881 mitigation patches where the `mode=` argument was incorrectly applied to tmpfs mounts regardless of whether the target path existed. Signed-off-by: Paweł Gronowski <[email protected]>
|
That CI is passing I think validates this, but 1.4.0 has a breaking change regarding the handling of |
|
@samuelkarp the 1.4 change was merged in main, should we create an issue to make sure we are testing that case? Are you ok getting this 1.3.4 change, I don't think we have had much runc version skew between main and release branches but it seems warranted in this case. |
I need to get my eyes checked 👀. I think 1.4 is fine in the release branches as long as we've validated that our spec generation logic doesn't populate 0 when we mean unset (which I don't think it does...I think we're in the clear). Opened #12607 for tracking. |
|
I hope containerd LTS 1.7 will add support for the runc 1.3.4 binary soon right? |
github-project-automation
bot
moved this from Needs Triage
to Review In Progress
in Pull Request Review
It is already supported, runc can be updated independently of containerd. This is for our own testing and the Github release tars but packagers can choose their own version. |
dmcgowan
changed the title
github-project-automation
bot
moved this from Review In Progress
to Done
in Pull Request Review
dmcgowan
added
cherry-pick/1.7.x
|
/cherry-pick release/2.1 |
|
@dmcgowan: new pull request created: #12618 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/cherry-pick release/1.7 |
dmcgowan
added
cherry-picked/1.7.x
|
@dmcgowan: new pull request created: #12619 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Container Runtime Interface (CRI) - Redact all query parameters in CRI error logs (containerd/containerd#12546) Image Distribution - Fix image defaults on Darwin to usable configuration (containerd/containerd#12544) - Fix possible panic from WithMediaTypeKeyPrefix (containerd/containerd#12516) Runtime - Update runc binary to v1.3.4 (containerd/containerd#12593) - Fix parsing of hugetlb..events files (containerd/cgroups#379) Signed-off-by: David Mandy <[email protected]>
8 participants
This update includes a fix for a regression introduced in CVE-2025-52881 mitigation patches where the
mode=argument was incorrectly applied to tmpfs mounts regardless of whether the target path existed.