containerd 1.3.3 Welcome to the v1.3.3 release of containerd! The third patch release for `containerd` 1.3 includes a few runtime fixes and important dependency updates. ### Runtime * Close platform in runc's shim Shutdown method [containerd/containerd#3907](https://github.com/containerd/containerd/pull/3907) * Fix eventfd leak [containerd/containerd#3961](https://github.com/containerd/containerd/pull/3961) ### API * Fix API filters to properly handle and return parse errors [containerd/containerd#3950](https://github.com/containerd/containerd/pull/3950) ### Other Updates * Update the runc vendor to v1.0.0-rc10 which includes a mitigation for [CVE-2019-19921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19921). * Update the opencontainers/selinux which includes a mitigation for [CVE-2019-16884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16884). * Update Golang runtime to 1.12.16, mitigating the [CVE-2020-0601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0601) certificate verification bypass on Windows, and [CVE-2020-7919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7919), which only affects 32-bit architectures. * Update Golang runtime to 1.12.15, which includes a fix to the runtime (Go 1.12.14, Go 1.12.15) and and the `net/http` package (Go 1.12.15) * Update the `gopkg.in/yaml.v2` vendor to v2.2.8 with a mitigation for [CVE-2019-11253](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11253) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Phil Estes * Derek McGowan * Sebastiaan van Stijn * Akihiro Suda * Davanum Srinivas * Lantao Liu * Mike Brown * Seth Pellegrino * Michael Crosby * Erik Sipsma * Maksym Pavlenko * Shengjing Zhu ### Changes * [`d76c121f76`](https://github.com/containerd/containerd/commit/d76c121f76a5fc8a462dc64594aea72fe18e1178) Merge pull request [#4004](https://github.com/containerd/containerd/pull/4004) from dmcgowan/prepare-1.3.3 * [`5f15602214`](https://github.com/containerd/containerd/commit/5f15602214249a41648e1c465d33a4712a0ab123) Add release notes for v1.3.3 * [`7eac412007`](https://github.com/containerd/containerd/commit/7eac412007f378ad3198c4b900403fa1dfc100fa) Update mailmap * [`163fb0bd28`](https://github.com/containerd/containerd/commit/163fb0bd28750a521be5991cf81b19a15686fec1) Merge pull request [#4003](https://github.com/containerd/containerd/pull/4003) from dmcgowan/1.3-update-yaml * [`d4345c335c`](https://github.com/containerd/containerd/commit/d4345c335ca4e0abd794315985ddbba3a842dd8d) Update yaml dependency * [`aa877d788e`](https://github.com/containerd/containerd/commit/aa877d788ed4837922ce6286ec90841e9d26500f) Merge pull request [#3998](https://github.com/containerd/containerd/pull/3998) from dmcgowan/bump-cri-1.3 * [`db4c58b8c1`](https://github.com/containerd/containerd/commit/db4c58b8c1cbfa5276a7bdad2b7ef97040a485d3) Update CRI vendor for 1.3 * [`8366042ca3`](https://github.com/containerd/containerd/commit/8366042ca3aed4d9400b8ce9c10b530a1a4a87b2) Merge pull request [#3989](https://github.com/containerd/containerd/pull/3989) from thaJeztah/1.3_bump_golang_1.12.16 * [`14d166c632`](https://github.com/containerd/containerd/commit/14d166c632b2ca56a1460ebdf12959bfea2ef0ac) [release/1.3] vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 * [`d1e31f9f2d`](https://github.com/containerd/containerd/commit/d1e31f9f2deadc1816da1bfcdf0dbff85818a28d) Update Golang 1.12.16 (CVE-2020-0601, CVE-2020-7919) * [`9cf15235d0`](https://github.com/containerd/containerd/commit/9cf15235d04a1a3fe9903402fbc4460ab1c7fffe) Merge pull request [#3980](https://github.com/containerd/containerd/pull/3980) from dims/bump-opencontainers/selinux-for-CVE-2019-16884-release-1.3 * [`3074db3a4b`](https://github.com/containerd/containerd/commit/3074db3a4b5d57b891d3d86105df1be357a758e1) Pick up fix for CVE-2019-16884 in opencontainers/selinux * [`da15d825c0`](https://github.com/containerd/containerd/commit/da15d825c098e936da815c4b24e0e0f6e6533216) Merge pull request [#3976](https://github.com/containerd/containerd/pull/3976) from dims/update-to-new-rc10-of-opencontainers/runc-release-1.3 * [`0db3c9b780`](https://github.com/containerd/containerd/commit/0db3c9b78007f1c7fab5d358a95f3dd086258251) Bump to opencontainers/runc new version - v1.0.0-rc10 * [`a375ee006e`](https://github.com/containerd/containerd/commit/a375ee006e2f8aad940d889246ed5f7abb07ebd1) Merge pull request [#3967](https://github.com/containerd/containerd/pull/3967) from thaJeztah/1.3_bump_golang_1.12.15 * [`72d9dd9bb4`](https://github.com/containerd/containerd/commit/72d9dd9bb42d2fbe7d49197a9ef4737ddd47d223) Update Golang 1.12.15 * [`92dc96af08`](https://github.com/containerd/containerd/commit/92dc96af086472b443be9b89beb9d4d1c1bd1e30) Merge pull request [#3961](https://github.com/containerd/containerd/pull/3961) from sethp-nr/fix/eventfd-leak-1.3-backport * [`03ee836eea`](https://github.com/containerd/containerd/commit/03ee836eea38c46d798af63d5b10ab3256c9a056) fix: repair bad merge * [`c458f2fb41`](https://github.com/containerd/containerd/commit/c458f2fb41ecf5d122ec06674aaafa5c6d92e9c1) fix: eventfd leak for v2 runtime with v1 cgroups * [`258e10ddd6`](https://github.com/containerd/containerd/commit/258e10ddd6c112c646cd49e5084e292d1702ecdd) fix: eventfd leak * [`eb5e164812`](https://github.com/containerd/containerd/commit/eb5e1648125d9387df7f6e0b72193d7389e169a3) Merge pull request [#3953](https://github.com/containerd/containerd/pull/3953) from dmcgowan/backport-1.3-filters-fix * [`7d0e217f53`](https://github.com/containerd/containerd/commit/7d0e217f534165d3902d03763ec25f99b8824dff) Fix filter errors * [`095a1afb19`](https://github.com/containerd/containerd/commit/095a1afb1961aaf168867fe4ac6ec8e4aba5aa8a) Merge pull request [#3947](https://github.com/containerd/containerd/pull/3947) from dmcgowan/backport-1.3-skip-tests * [`e7c463a1c7`](https://github.com/containerd/containerd/commit/e7c463a1c7b49d507a0852de6748d0dc3e7adb8e) Add Makefile variable to skip test packages * [`bc7c9547b1`](https://github.com/containerd/containerd/commit/bc7c9547b1453434e580a64039336fcd89a7d454) Merge pull request [#3945](https://github.com/containerd/containerd/pull/3945) from zhsj/bpo-3939 * [`054ce5844f`](https://github.com/containerd/containerd/commit/054ce5844fa061759231528ba8fd761723d31449) platforms: fill default arm variant when parse platform specifier * [`b71555a8ba`](https://github.com/containerd/containerd/commit/b71555a8ba442f1fd9effdfc10ba28f4d9e2d78b) Merge pull request [#3928](https://github.com/containerd/containerd/pull/3928) from zhsj/bpo-3720 * [`e49256efa5`](https://github.com/containerd/containerd/commit/e49256efa51d1b737acac051f680c255eb0dec13) Fix flaky btrfs test * [`e4356016b6`](https://github.com/containerd/containerd/commit/e4356016b673b35b2caef93d7972f9eebd0813d3) Merge pull request [#3926](https://github.com/containerd/containerd/pull/3926) from zhsj/bpo-3744 * [`2a38589a59`](https://github.com/containerd/containerd/commit/2a38589a597786836a29866ef76ceb76692b1dc0) Move flag.Parse in tests to TestMain * [`a24269519b`](https://github.com/containerd/containerd/commit/a24269519bc094438887d3bad2d75b1c3e76f524) Merge pull request [#3917](https://github.com/containerd/containerd/pull/3917) from thaJeztah/1.3_bump_golang_1.12.14 * [`f4824d5a61`](https://github.com/containerd/containerd/commit/f4824d5a6109362dad8abff552193f7ff08d9e2e) Update Golang 1.12.14 * [`bc43dc071b`](https://github.com/containerd/containerd/commit/bc43dc071b124840780e9a2b4f1466ca130c13e6) Merge pull request [#3907](https://github.com/containerd/containerd/pull/3907) from estesp/cp-platform-close-fix * [`e7a6dda431`](https://github.com/containerd/containerd/commit/e7a6dda431b5ea810087fa26fb39a0e7f2bc371a) runtime v2: Close platform in runc shim's Shutdown method. * [`cbc39d6968`](https://github.com/containerd/containerd/commit/cbc39d696881acd47d6662dae14185a40a0af904) Merge pull request [#3908](https://github.com/containerd/containerd/pull/3908) from estesp/cp-3898-1.3 * [`7b1a7de030`](https://github.com/containerd/containerd/commit/7b1a7de0309d075c2789ce63feac55b18cea3d50) Disable criu tests in Travis CI ### Changes from containerd/cri * [`50b9e10e`](https://github.com/containerd/cri/commit/50b9e10ea54a9b57049fe311e4fe0a96277ef1c2) Merge pull request [#1394](https://github.com/containerd/cri/pull/1394) from thaJeztah/1.3_backport_bump_yaml * [`65b9fd5c`](https://github.com/containerd/cri/commit/65b9fd5c954dd47689611b058c8e5e0cf355d155) vendor: bump gopkg.in/yaml.v2 v2.2.8 * [`e120c0f9`](https://github.com/containerd/cri/commit/e120c0f9d87639b7bef007a7dbea8043f9a2ab6a) Merge pull request [#1390](https://github.com/containerd/cri/pull/1390) from dims/update-to-k8s-1.16.6-in-release/1.3 * [`0f1864a9`](https://github.com/containerd/cri/commit/0f1864a9c5f7b0d28c5319cc828d0229d09d6eb6) update kubernetes and its dependencies to v1.16.6 * [`74bb9981`](https://github.com/containerd/cri/commit/74bb9981ec19cfcd4548de51b4f681cfe1390e68) Merge pull request [#1391](https://github.com/containerd/cri/pull/1391) from dims/sync-vendors-with-containerd-in-release/1.3 * [`fb60c982`](https://github.com/containerd/cri/commit/fb60c98210ca7cb00e6e2314d7a7c87c2461858c) Update code for latest containerd. * [`ca26289c`](https://github.com/containerd/cri/commit/ca26289c93b38c58f97c8ef65559e6347559a396) sort containerd dependencies * [`d64edd3c`](https://github.com/containerd/cri/commit/d64edd3cdcb13ce8fa8ff865a71807b76dad1d12) Sync vendors with containerd 1.3.2 * [`5d01a3ab`](https://github.com/containerd/cri/commit/5d01a3ab8d1577dadef284fe79843ff94ffec2a7) Merge pull request [#1386](https://github.com/containerd/cri/pull/1386) from thaJeztah/1.3_backport_bump_kubernetes_1.16.3 * [`b350e255`](https://github.com/containerd/cri/commit/b350e25534aeb5a3ba23954752ae839c96c58727) update kubernetes dependency to v1.16.3 * [`416bde48`](https://github.com/containerd/cri/commit/416bde48054f38efdc442c2f8a30083815ec29ed) Merge pull request [#1373](https://github.com/containerd/cri/pull/1373) from Random-Liu/cherrypick-#1363-release-1.3 * [`e6304e9f`](https://github.com/containerd/cri/commit/e6304e9facf48220abafd1b8afccdf7155f4ab0d) Validate and update the right config * [`945cb97b`](https://github.com/containerd/cri/commit/945cb97bd82126dd5f9a71b1a7cc205d37bdf267) Merge pull request [#1360](https://github.com/containerd/cri/pull/1360) from AkihiroSuda/fix-runcv2-nopivot * [`63817131`](https://github.com/containerd/cri/commit/6381713164fb69d05626df2776cee3351f4d87b4) [release/1.3] fix NoPivot for RuntimeRuncV2 * [`fa8c5273`](https://github.com/containerd/cri/commit/fa8c5273678a193fd675b5a5a6209c91a9d8b940) Merge pull request [#1353](https://github.com/containerd/cri/pull/1353) from Random-Liu/cherrypick-#1351-release-1.3 * [`74d07436`](https://github.com/containerd/cri/commit/74d074368b680ebe93afc110dac7b237f70fff36) Better handle unknown state. ### Dependency Changes Previous release can be found at [v1.3.2](https://github.com/containerd/containerd/releases/tag/v1.3.2) * **github.com/containerd/cri** b1bef15fbeb6c6f0569b67322acfa74ca3597755 -> 50b9e10ea54a9b57049fe311e4fe0a96277ef1c2 * **github.com/json-iterator/go** v1.1.7 -> v1.1.8 * **github.com/opencontainers/runc** d736ef14f0288d6993a1845745d6756cfc9ddd5a -> dc9208a3303feef5b3839f4323d9beb36df0a9dd * **github.com/opencontainers/selinux** v1.2.2 -> 5215b1806f52b1fcc2070a8826c542c9d33cd3cf * **golang.org/x/crypto** 5c40567a22f818bd14a1ea7245dad9f8ef0691aa -> 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 * **golang.org/x/time** 85acf8d2951cb2a3bde7632f9ff273ef0379bcbd -> 9d24e82272b4f38b78bc8cff74fa936d31ccd8ef * **gopkg.in/inf.v0** v0.9.0 -> v0.9.1 * **gopkg.in/yaml.v2** v2.2.2 -> 53403b58ad1b561927d19068c655246f2db79d48 * **k8s.io/api** kubernetes-1.16.0-rc.2 -> kubernetes-1.16.6 * **k8s.io/apimachinery** kubernetes-1.16.0-rc.2 -> kubernetes-1.16.6 * **k8s.io/apiserver** kubernetes-1.16.0-rc.2 -> kubernetes-1.16.6 * **k8s.io/client-go** kubernetes-1.16.0-rc.2 -> kubernetes-1.16.6 * **k8s.io/cri-api** kubernetes-1.16.0-rc.2 -> kubernetes-1.16.6 * **k8s.io/klog** v0.4.0 -> v1.0.0 * **k8s.io/kubernetes** v1.16.0-rc.2 -> v1.16.6 * **k8s.io/utils** c2654d5206da6b7b6ace12841e8f359bb89b443c -> e782cd3c129fc98ee807f3c889c0f26eb7c9daf5