Welcome to the v1.2.11 release of containerd!

The eleventh patch release for containerd 1.2 includes an updated runc with
an additional fix for CVE-2019-16884 and a Golang update.

Notable Updates

• Update the runc vendor to v1.0.0-rc9 which includes an additional mitigation for CVE-2019-16884.

  • More details on the runc CVE in opencontainers/runc#2128, and the additional mitigations in opencontainers/runc#2130.

• Add local-fs.target to service file to fix corrupt image after unexpected host reboot. Reported in containerd/containerd#3671, and fixed by containerd/containerd#3746.

• Update Golang runtime to 1.12.13, which includes security fixes to the crypto/dsa package made in Go 1.12.11 (CVE-2019-17596), and fixes to the go command, runtime, syscall and net packages (Go 1.12.12).

• CRI fixes:

  • Fix shim delete error code to avoid unnecessary retries in the CRI plugin. Discovered in containerd/cri#1309, and fixed by containerd/containerd#3732 and containerd/containerd#3739.

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Sebastiaan van Stijn
• Michael Crosby
• Derek McGowan
• Lantao Liu
• Wei Fu
• Maksym Pavlenko
• Mike Brown
• Phil Estes

Changes

• f772c10a58 Merge pull request #3811 from thaJeztah/release_1.2.11
• 1b4aebd681 Prepare v1.2.11 release
• db4537e43d Merge pull request #3821 from fuweid/cherry-pick-3819-1.2
• 128664b677 snapshots: return error if readSnapshot fails
• a287c087b6 Merge pull request #3809 from thaJeztah/1.2_backport_bump_golang_1.12.13
• 342c953a53 Update to Golang 1.12.13
• 6b94990c11 Revert "[release/1.2] pin travis to go 1.12.12"
• c2383a5f2c Merge pull request #3768 from thaJeztah/1.2_backport_bump_golang_1.12.x
• d1960b4129 Merge pull request #3771 from estesp/update-vndr
• 0b9135f1dc Catch up vndr with state of vendor/ dir
• 435e05fd0d [release/1.2] pin travis to go 1.12.12
• e319caedc4 Update Golang 1.12.12 (CVE-2019-17596)
• b0d7ef6110 Merge pull request #3746 from crosbymichael/localfs2
• c471c95bc5 Add local-fs.target to service file
• c3532a35cc Merge pull request #3739 from estesp/cp-1.2-3736
• 847f74c284 Fix delete error code on the containerd daemon side.
• 445638104e Merge pull request #3732 from Random-Liu/cherrypick-#3730-release-1.2
• 611766aff3 Fix shim delete error code.
• 816dfe3960 Merge pull request #3723 from thaJeztah/1.2_backport_bump_runc_1.0.0-rc9
• 639be35858 bump runc v1.0.0-rc9
• b30190905f Bump runc to 1b8a1eeec3f337ab5d94f28980
• 8fb208fb14 Revert "Revert "bump libseccomp-golang v0.9.1""
• deca8e0e31 Merge pull request #3700 from Random-Liu/automate-cri-tarball-release
• 889f5f8036 Automate CRI tarball release.

Changes from containerd/cri

• bab7348f Merge pull request #1304 from Random-Liu/cherrypick-#1266-release-1.2
• ec7287ac Support local containerd release.

Dependency Changes

Previous release can be found at v1.2.10

• github.com/containerd/cri 40affe7c7402d41618b9791a8cf105ac74ce56d0 -> bab7348fcfcc795e0dda2cc02e8cac6316c85edc
• github.com/opencontainers/runc 3e425f80a8c931f88e6d94a8c831b9d5aa481657 -> d736ef14f0288d6993a1845745d6756cfc9ddd5a
• github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0 -> v0.9.1