containerd 1.4.5 Welcome to the v1.4.5 release of containerd! The fifth patch release for `containerd` 1.4 has fixes in the runc shim and CRI plugin as well as an updated runc version to fix some runc regressions. ### Notable Updates * **Update runc to rc94** [#5473](https://github.com/containerd/containerd/pull/5473) * **Fix leaking socket path in runc shim v2** [#5195](https://github.com/containerd/containerd/pull/5195) * **Fix cleanup logic in new container in runc shim v2** [#5206](https://github.com/containerd/containerd/pull/5206) * **Fix registry mirror authorization logic in CRI plugin** [#5446](https://github.com/containerd/containerd/pull/5446) * **Add support for `userxattr` in overlay snapshotter for kernel 5.11+** [#5076](https://github.com/containerd/containerd/pull/5076) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Sebastiaan van Stijn * Derek McGowan * Phil Estes * Akihiro Suda * Fu Wei * Mike Brown * Iceber Gu * Michael Crosby * Shiming Zhang * Davanum Srinivas * Lantao Liu * pacoxu ### Changes <details><summary>44 commits</summary> <p> * [`8263eb3ea`](https://github.com/containerd/containerd/commit/8263eb3eaee447b16856eeb8839d5df4c9cca71a) Merge pull request [#5488](https://github.com/containerd/containerd/pull/5488) from dmcgowan/fix-1.4-seccomp-build * [`691606d45`](https://github.com/containerd/containerd/commit/691606d4507d5e4a0121578252711da5b7a5a7cb) Fix seccomp build in release * [`b9f5e5300`](https://github.com/containerd/containerd/commit/b9f5e5300f16412ce6f3ca23b2602477f8af683e) Merge pull request [#5487](https://github.com/containerd/containerd/pull/5487) from dmcgowan/prepare-1.4.5 * [`afab285d6`](https://github.com/containerd/containerd/commit/afab285d6a29eee7db0f202886292aef083f23aa) Prepare v1.4.5 release notes * [`31c92d9d3`](https://github.com/containerd/containerd/commit/31c92d9d3ea23347c5a749ccb9d16375bf5e1f2d) Merge pull request [#5484](https://github.com/containerd/containerd/pull/5484) from thaJeztah/1.4_backport_bump_runc * [`392db0f15`](https://github.com/containerd/containerd/commit/392db0f1598de322fa546f53bf49a5be30863f4d) Update the runc binary used with containerd to runc v1.0.0-rc94 * [`cdd833d84`](https://github.com/containerd/containerd/commit/cdd833d84a1b9a5389e240f6b65f5f908d09af1a) Merge pull request [#5449](https://github.com/containerd/containerd/pull/5449) from mikebrow/update-cri-commit * [`c39fb7539`](https://github.com/containerd/containerd/commit/c39fb753931a2757d5c2344063fb3b00ea344ecb) vendoring in cherry pick #5446 * [`409c87ba5`](https://github.com/containerd/containerd/commit/409c87ba59dd96965239573aa9458a3585c05468) Merge pull request [#5319](https://github.com/containerd/containerd/pull/5319) from Iceber/fix-new-container-1.4 * [`c64cfa03b`](https://github.com/containerd/containerd/commit/c64cfa03b9defd0b11f3f40e5a1ba524cc52533e) runtime/v2/runc: fix the defer cleanup of the NewContainer * [`b5c6f3dc5`](https://github.com/containerd/containerd/commit/b5c6f3dc52d0d1a85b786721e09c6e76556837d9) Merge pull request [#5392](https://github.com/containerd/containerd/pull/5392) from thaJeztah/1.4_update_gha * [`60c139c9a`](https://github.com/containerd/containerd/commit/60c139c9af4c8d554c57cd8a50a36647b92fdcd7) gha: use sudo -E in some places to prevent dropping env-vars * [`e0d452986`](https://github.com/containerd/containerd/commit/e0d4529869f29a97a872b64647ad35853e3c9414) GHA: use setup-go@v2 * [`6ca7441e5`](https://github.com/containerd/containerd/commit/6ca7441e55ab0f539d453d9590c8cebff2dd60f4) Merge pull request [#5387](https://github.com/containerd/containerd/pull/5387) from thaJeztah/1.4_update_k8s * [`c4008afaa`](https://github.com/containerd/containerd/commit/c4008afaac432575ebe0393c708a77675c6dc6ed) Merge pull request [#5389](https://github.com/containerd/containerd/pull/5389) from thaJeztah/1.4_update_golang * [`ac87e05f6`](https://github.com/containerd/containerd/commit/ac87e05f617856c9b0a1e84d76967bc9d2b759c2) [release/1.4] update Go to 1.15.11 * [`425a6e4f8`](https://github.com/containerd/containerd/commit/425a6e4f89fd02e290cae86172ad83720cbfcc86) night ci fix: add packages for ubuntu 20.04 * [`80de6e2b4`](https://github.com/containerd/containerd/commit/80de6e2b435939afdfce49a30561b56bac426cf7) vendor: golang.org/x/sys 5cba982894dd4e8879e3ef0a0c308ceff39f6154 * [`92da2dbfa`](https://github.com/containerd/containerd/commit/92da2dbfaee18fcbcc8295bd438f354c86d03dea) vendor: golang.org/x/sync 67f06af15bc961c363a7260195bcd53487529a21 * [`b24c8a2ec`](https://github.com/containerd/containerd/commit/b24c8a2ec3db16ca08bc9b86627c273d80f05e95) vendor: golang.org/x/net 69a78807bb2bb6d1599c68698c6b009505012083 * [`ebdd88cc0`](https://github.com/containerd/containerd/commit/ebdd88cc0c3764661289eb4a5721b2f9bf6d0c3a) vendor: sigs.k8s.io/structured-merge-diff/v4 v4.0.3 * [`fe197b9b5`](https://github.com/containerd/containerd/commit/fe197b9b5c2ab4c343928215a15a8f70678b4354) vendor: update kubernetes to v1.19.10 * [`2ca27bc45`](https://github.com/containerd/containerd/commit/2ca27bc45a5190e5c64990dfc2c528fdffb7d85c) Merge pull request [#5361](https://github.com/containerd/containerd/pull/5361) from mikebrow/cherrypick-#5351-release-1.4 * [`07e347903`](https://github.com/containerd/containerd/commit/07e34790375abc30a252c0a401ffc0bfe38331f7) adds log for each failed host and status not found on host * [`218f47057`](https://github.com/containerd/containerd/commit/218f470576548b318cf8cc27b625e176577660a8) Merge pull request [#5363](https://github.com/containerd/containerd/pull/5363) from mikebrow/move-up-to-fixed-cri-tools * [`18a271509`](https://github.com/containerd/containerd/commit/18a2715092b9553f5675112da96458be58fd55ff) need to bring critest backup * [`1322c7093`](https://github.com/containerd/containerd/commit/1322c7093580ec2934e9fce30bda41aa2c57403b) Merge pull request [#5231](https://github.com/containerd/containerd/pull/5231) from wzshiming/cherry-pick/upstream/release/1.4/#5229 * [`8c5422eb6`](https://github.com/containerd/containerd/commit/8c5422eb69ac04f93576bbb85dcea56dabe9675d) Fix error log when copy file * [`b0537800a`](https://github.com/containerd/containerd/commit/b0537800a8d6de7a24905b0ba9a2cc8b2ad7bd2f) Merge pull request [#5221](https://github.com/containerd/containerd/pull/5221) from fuweid/cp-5195 * [`f9d6a7604`](https://github.com/containerd/containerd/commit/f9d6a7604a97a0a1c2ddf3ad85e35e7e95e0252f) runtime/v2/runc: fix leaking socket path * [`24921417f`](https://github.com/containerd/containerd/commit/24921417f5cf60b07afbce708b4affc7ce6b5d22) Fix missing close * [`6bcbb683f`](https://github.com/containerd/containerd/commit/6bcbb683fc89a6f7869637f7080804bf4da5d765) Merge pull request [#5166](https://github.com/containerd/containerd/pull/5166) from thaJeztah/1.4_update_runc * [`bfe95947f`](https://github.com/containerd/containerd/commit/bfe95947f8fdda06e0ec47ac7b1f1bab6c95d5c0) install-runc: set GO111MODULE=off to use vendor * [`520d179ed`](https://github.com/containerd/containerd/commit/520d179ed32f03a6036fa2b0b29ee1ef25cb4042) Prevent runc inheriting BUILDTAGS from containerd * [`039c24043`](https://github.com/containerd/containerd/commit/039c24043bf00aadf583ee97e19fb521890d9c5d) move runc version to a separate file for easier consumption * [`0e957e5ad`](https://github.com/containerd/containerd/commit/0e957e5adcecb8d359899f99250cde7451b0470b) Separate runc binary version from libcontainer version * [`bd5bbbd1a`](https://github.com/containerd/containerd/commit/bd5bbbd1a47abf7af373352cbc58a96e5ef77b5c) Remove references to apparmor and selinux buildtags for runc * [`fca4a0d1b`](https://github.com/containerd/containerd/commit/fca4a0d1b2e0e764142dca88a953988bbd8409a2) script/setup: use git clone instead of go get -d * [`0dea19170`](https://github.com/containerd/containerd/commit/0dea191709319db5a9949112448dfc325f7d8621) Merge pull request [#5201](https://github.com/containerd/containerd/pull/5201) from Iceber/fix-ctr-command-1.4 * [`4c875c81a`](https://github.com/containerd/containerd/commit/4c875c81a8ebebce8f150dca83bbd853254a8387) cmd/ctr: fix export command * [`36ef87237`](https://github.com/containerd/containerd/commit/36ef87237d4082d28fc1974b33ee41081d0c286c) Merge pull request [#5147](https://github.com/containerd/containerd/pull/5147) from AkihiroSuda/ovl-k511-1.4 * [`bbde7b700`](https://github.com/containerd/containerd/commit/bbde7b700ed2a94c1fed791a805afec0cf221287) overlay: support "userxattr" option (kernel 5.11) * [`4fe080bea`](https://github.com/containerd/containerd/commit/4fe080beaf4f690cb0f57d013fa5ded2bd7d0bbc) Merge pull request [#5139](https://github.com/containerd/containerd/pull/5139) from thaJeztah/1.4.4_fix_release_notes * [`4c2f6a7ab`](https://github.com/containerd/containerd/commit/4c2f6a7ab4c5d0b5c85e6a4e42f7fb058df7f80d) Fix advisory link in release notes for containerd 1.4.4 </p> </details> ### Changes from containerd/cri <details><summary>2 commits</summary> <p> * [`1360416e`](https://github.com/containerd/cri/commit/1360416eca4fef15c763444914e60fe1eaedbc3d) Merge pull request [#1635](https://github.com/containerd/cri/pull/1635) from Random-Liu/cherrypick-#5446-release-1.4 * [`ee57f84f`](https://github.com/containerd/cri/commit/ee57f84f26936a331ae7af10515d02e46b00a486) Backport #5446 to release 1.4. </p> </details> ### Dependency Changes * **github.com/containerd/cri** aa2d5a97cdc4 -> 1360416eca4f * **golang.org/x/net** ab3426394381 -> 69a78807bb2b * **golang.org/x/sync** 42b317875d0f -> 67f06af15bc9 * **golang.org/x/sys** ed371f2e16b4 -> 5cba982894dd * **k8s.io/api** v0.19.4 -> v0.19.10 * **k8s.io/apimachinery** v0.19.4 -> v0.19.10 * **k8s.io/apiserver** v0.19.4 -> v0.19.10 * **k8s.io/client-go** v0.19.4 -> v0.19.10 * **k8s.io/cri-api** v0.19.4 -> v0.19.10 Previous release can be found at [v1.4.4](https://github.com/containerd/containerd/releases/tag/v1.4.4)