containerd 1.4.4 Welcome to the v1.4.4 release of containerd! The fourth patch release for `containerd` 1.4 contains a fix for CVE-2021-21334 along with various other minor issues. See [GHSA-36xw-fx78-c5r4](https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4) for more details related to CVE-2021-21334. ### Notable Updates * **Fix container create in CRI to prevent possible environment variable leak between containers** [#1628](https://github.com/containerd/cri/pull/1628) * **Update shim server to return grpc NotFound error** [#4872](https://github.com/containerd/containerd/pull/4872) * **Add bounds on max `oom_score_adj` value for shim's AdjustOOMScore** [#4874](https://github.com/containerd/containerd/pull/4874) * **Update task manager to use fresh context when calling shim shutdown** [#4929](https://github.com/containerd/containerd/pull/4929) * **Update Docker resolver to avoid possible concurrent map access panic** [#4941](https://github.com/containerd/containerd/pull/4941) * **Update shim's log file open flags to avoid containerd hang on syscall open** [#4971](https://github.com/containerd/containerd/pull/4971) * **Fix incorrect usage calculation** [#5019](https://github.com/containerd/containerd/pull/5019) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Shengjing Zhu * Derek McGowan * Sebastiaan van Stijn * Phil Estes * Akihiro Suda * Wei Fu * Michael Crosby * Mike Brown * Phil Estes * Tõnis Tiigi * Danail Branekov * IceberGu * Maksym Pavlenko * Simon Kaegi * Zhiyu Li ### Changes <details><summary>28 commits</summary> <p> * [`05f951a37`](https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e) Merge pull request from GHSA-6g2q-w5j3-fwh4 * [`3ba4a3171`](https://github.com/containerd/containerd/commit/3ba4a31713ed336dd13c5bc8e843ff2b75a03905) Prepare release notes for 1.4.4 * [`a22f1f642`](https://github.com/containerd/containerd/commit/a22f1f642e2993b8525ec13e6784d14c1f35bc6a) Merge pull request [#5107](https://github.com/containerd/containerd/pull/5107) from zhsj/update-cri * [`cbcb2f57f`](https://github.com/containerd/containerd/commit/cbcb2f57fbe221986f96b552855eb802f63193de) vendor: update cri * [`da919aa2a`](https://github.com/containerd/containerd/commit/da919aa2afbb4f334d7eee2364c438accdc6fcec) Merge pull request [#5103](https://github.com/containerd/containerd/pull/5103) from AkihiroSuda/cache-vagrant-14 * [`633bfb712`](https://github.com/containerd/containerd/commit/633bfb7124709a3d55fb329dfe2574ab91b769c2) CI: cache ~/.vagrant.d/boxes * [`23495ab4a`](https://github.com/containerd/containerd/commit/23495ab4a1252e0ca2b2494c008807d9fe6238e7) Merge pull request [#5082](https://github.com/containerd/containerd/pull/5082) from AkihiroSuda/fix-5077-14 * [`e7851d743`](https://github.com/containerd/containerd/commit/e7851d743c71e9c13e30137219ef8323f3033ff6) CI: fix "ls: cannot access '/etc/cni/net.d': Permission denied" * [`8a7e41c5c`](https://github.com/containerd/containerd/commit/8a7e41c5c6d2d69e9f6e976739f72638c59bafce) Merge pull request [#5018](https://github.com/containerd/containerd/pull/5018) from zhsj/bpo-4974 * [`758f07631`](https://github.com/containerd/containerd/commit/758f0763109df45647d096d09007f385dda37e88) Merge pull request [#5019](https://github.com/containerd/containerd/pull/5019) from zhsj/bpo-4808 * [`f4a6e163e`](https://github.com/containerd/containerd/commit/f4a6e163e0b51b92089076081bda7d2ae6cdedc8) Update continuity * [`2ec4a495f`](https://github.com/containerd/containerd/commit/2ec4a495fa00a5603c060f84fe0e5eb59280d987) Update gogo/protobuf to v1.3.2 * [`33d90b72d`](https://github.com/containerd/containerd/commit/33d90b72d1e44987118ac111d4f7a108d412099b) Merge pull request [#5010](https://github.com/containerd/containerd/pull/5010) from thaJeztah/1.4_update_golang * [`232cee448`](https://github.com/containerd/containerd/commit/232cee448f1027716c95a04e9c520d552907f333) Update to go 1.15.8 * [`02df14f78`](https://github.com/containerd/containerd/commit/02df14f783472f05a5df949ceb4c596dd9c90ec2) Merge pull request [#4993](https://github.com/containerd/containerd/pull/4993) from Iceber/fix-runc-v2-service-1.4 * [`f087d7849`](https://github.com/containerd/containerd/commit/f087d7849111a35fe3a6ec32bcca3bdaf1298568) runtime: fix shutdown runc v2 service * [`349f7a5ef`](https://github.com/containerd/containerd/commit/349f7a5ef916aff33d717685a49b796b114f02f3) Merge pull request [#4971](https://github.com/containerd/containerd/pull/4971) from payall4u/bugfix/fix-open-shim-fifo-rebase * [`edffc830b`](https://github.com/containerd/containerd/commit/edffc830bb21dec0598b5234a45e286dfec3c6da) change flag from RDONLY to RDWR and close the fifo correct * [`c36f12a27`](https://github.com/containerd/containerd/commit/c36f12a27147071ae76987e0196180d0a4cc6994) Merge pull request [#4942](https://github.com/containerd/containerd/pull/4942) from zhsj/cherry-pick-4854 * [`86f5704c6`](https://github.com/containerd/containerd/commit/86f5704c6941c33809e0b72a779498bd641ab424) Merge pull request [#4941](https://github.com/containerd/containerd/pull/4941) from zhsj/cherry-pick-4855 * [`e7cd2030e`](https://github.com/containerd/containerd/commit/e7cd2030e105bd1a614821e246a4a1a73bd308e5) pusher: add missing authentication support for requests * [`ec752e8ba`](https://github.com/containerd/containerd/commit/ec752e8ba13819efae82b9d246b2845ba3a02f41) docker: avoid concurrent map access panic * [`00f5ffa45`](https://github.com/containerd/containerd/commit/00f5ffa45d44582aa5956d50ee5b45bd860e6d41) Merge pull request [#4929](https://github.com/containerd/containerd/pull/4929) from fuweid/cherry-pick-1.4-846cb963c * [`b73052d34`](https://github.com/containerd/containerd/commit/b73052d34a3b6839dbea20d434d3978c9df00b5d) runtime/v2: should use defer ctx to cleanup * [`ed8ec9749`](https://github.com/containerd/containerd/commit/ed8ec974906d218ac393e52c63e2476d560339d2) Merge pull request [#4872](https://github.com/containerd/containerd/pull/4872) from masters-of-cats/pr-process-not-found-err-14 * [`d5c1444af`](https://github.com/containerd/containerd/commit/d5c1444afad601420a62767471114f1e390d994e) Merge pull request [#4874](https://github.com/containerd/containerd/pull/4874) from johnathanmdell/release/1.4 * [`8cff6b375`](https://github.com/containerd/containerd/commit/8cff6b3753ffe53e07c0af6b0de9bd66425c642c) [release/1.4 backport] Return GRPC not found error instead of plain one * [`a6f6eb00c`](https://github.com/containerd/containerd/commit/a6f6eb00c21483bfae8196f0e6bb1c13ea9d2bc0) Add bounds on max oom_score_adj value for AdjustOOMScore </p> </details> ### Changes from containerd/continuity <details><summary>18 commits</summary> <p> * [`1d9893e`](https://github.com/containerd/continuity/commit/1d9893e5674b5260c3fc11316d0d5fc0d12ea9e2) Merge pull request [#169](https://github.com/containerd/continuity/pull/169) from dmcgowan/fix-usage-block-size * [`363153d`](https://github.com/containerd/continuity/commit/363153d5cc30b7ef2f216c3dacffa23526143fea) Add directory size to usage calculation test * [`b97555e`](https://github.com/containerd/continuity/commit/b97555e75c86a5f693aa104085036ad4eb1467de) Fix incorrect usage calculation * [`91328d7`](https://github.com/containerd/continuity/commit/91328d7c60e71160252e8271376d9efadd16f0ad) Merge pull request [#166](https://github.com/containerd/continuity/pull/166) from zhsj/fix-riscv64 * [`809d89c`](https://github.com/containerd/continuity/commit/809d89c6c3806de909121216d87dd2ff8860581a) go.mod: golang.org/x/sys to latest * [`62ef0ff`](https://github.com/containerd/continuity/commit/62ef0fffa6a1bed97d4b034c146bc323b2447b72) Merge pull request [#165](https://github.com/containerd/continuity/pull/165) from zhsj/fix-arm64 * [`25269ef`](https://github.com/containerd/continuity/commit/25269efb6192a3f31d9ef6a57d8631cd48b5f3b9) Fix building on arm64 * [`310e183`](https://github.com/containerd/continuity/commit/310e183616c481b7237980a7787a26435d311c0d) gha: fix invalid workflow definition * [`04c754f`](https://github.com/containerd/continuity/commit/04c754faca46997ba6d0733f611c42f1816d1199) Merge pull request [#163](https://github.com/containerd/continuity/pull/163) from dmcgowan/fix-sparse-file-usage * [`bc5e3ed`](https://github.com/containerd/continuity/commit/bc5e3edd2b742c38c762d928f267ad82922a1b63) Fix usage calculation to account for sparse files * [`03c371a`](https://github.com/containerd/continuity/commit/03c371a2c3bc37ed384eb4005fce5b8c8c15e5b3) gha: replace uses of deprecated "set-env", "add-path" * [`f2cc351`](https://github.com/containerd/continuity/commit/f2cc35102c2a086e89ea40de1c0a99861713c51b) Merge pull request [#157](https://github.com/containerd/continuity/pull/157) from thaJeztah/update_deps * [`aaa8883`](https://github.com/containerd/continuity/commit/aaa88831d126106ba0ab769e36782be341632b52) Merge pull request [#160](https://github.com/containerd/continuity/pull/160) from thaJeztah/test_go_1.15 * [`5b95d2d`](https://github.com/containerd/continuity/commit/5b95d2d4f17b34540302493d356909527f50c785) GH Actions: test against Go 1.15 * [`c9598ea`](https://github.com/containerd/continuity/commit/c9598ea9a71c9ec145941cd8ca17700b7c9d87b6) go.mod: github.com/opencontainers/go-digest v1.0.0 * [`71d065d`](https://github.com/containerd/continuity/commit/71d065d8e679c20aac4368e80a08f123ae041462) go.mod: github.com/dustin/go-humanize v1.0.0 * [`84c3eb7`](https://github.com/containerd/continuity/commit/84c3eb7f407ff1781ea97fcad3a1b9ab09d34eb0) go.mod: github.com/pkg/errors v0.9.1 * [`2068663`](https://github.com/containerd/continuity/commit/20686630286e8131a7ed66207f31b75bb8ca1a82) go.mod: logrus v1.6.0 </p> </details> ### Changes from containerd/cri <details><summary>13 commits</summary> <p> * [`aa2d5a97`](https://github.com/containerd/cri/commit/aa2d5a97cdc4ef93919fb7d243213ce33b089aa2) Merge pull request [#1628](https://github.com/containerd/cri/pull/1628) from zhsj/bpo-containerd-5024-5054 * [`e4fcda32`](https://github.com/containerd/cri/commit/e4fcda3215cc607cc1f10657f76cbf85313fd64c) cri: append envs from image config to empty slice to avoid env lost * [`f9bcbb73`](https://github.com/containerd/cri/commit/f9bcbb7329a47f34261da2cfafa6bd5f63268437) cri: append envs from image config to empty slice to avoid env lost * [`b4b894c8`](https://github.com/containerd/cri/commit/b4b894c871860664fe5c0509df68da0dbae9f095) Merge pull request [#1621](https://github.com/containerd/cri/pull/1621) from zhsj/bpo-containerd-4987 * [`4dbbd509`](https://github.com/containerd/cri/commit/4dbbd50948b24990448c7c2705aabdf4bcb5cac2) Merge pull request [#1620](https://github.com/containerd/cri/pull/1620) from zhsj/bpo-containerd-4974 * [`ed743f7f`](https://github.com/containerd/cri/commit/ed743f7fd0a3e5963a69afe360903d708d252ac0) Merge pull request [#1618](https://github.com/containerd/cri/pull/1618) from zhsj/bpo-containerd-4863 * [`7efa54f0`](https://github.com/containerd/cri/commit/7efa54f003dac800f79599a5b460e29cca5fc5a6) Fix deprecated registry auth conversion. * [`5848b5ba`](https://github.com/containerd/cri/commit/5848b5babbe0728881abb78757b54a0c9ccdf642) cri/config: fix range iterator issue in ValidatePluginConfig * [`815eaf40`](https://github.com/containerd/cri/commit/815eaf40abb94f5ecf49dcfd0b41067f4c122909) Update gogo/protobuf to v1.3.2 * [`8b859cbc`](https://github.com/containerd/cri/commit/8b859cbca886233334cda30314741c14241dfc3f) Ensure log dir is created * [`779131a4`](https://github.com/containerd/cri/commit/779131a4dcef3e1a6534753c9000b487df7ff3a4) Merge pull request [#1608](https://github.com/containerd/cri/pull/1608) from thaJeztah/1.4_bump_go_1.15 * [`3e353f11`](https://github.com/containerd/cri/commit/3e353f1109525811b4a1897cb6732169e333a989) [release/1.4] update Go 1.15.5 (to match containerd) * [`3c709ba1`](https://github.com/containerd/cri/commit/3c709ba1b5452d56be82b5e4aaf292b8b8001488) [release/1.4] hack/utils: update cri-tools 0f5f734a7e1da0979915c6e7d5b6641bd9dc2627 </p> </details> ### Dependency Changes * **github.com/containerd/continuity** efbc4488d8fe -> 1d9893e5674b * **github.com/containerd/cri** adc0b6a578ed -> aa2d5a97cdc4 * **github.com/gogo/protobuf** v1.3.1 -> v1.3.2 Previous release can be found at [v1.4.3](https://github.com/containerd/containerd/releases/tag/v1.4.3)