containerd 1.5.8 Welcome to the v1.5.8 release of containerd! The eighth patch release for containerd 1.5 contains a mitigation for [CVE-2021-41190](https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m) as well as several fixes and updates. ### Notable Updates * **Handle ambiguous OCI manifest parsing** ([GHSA-5j5w-g665-5m35](https://github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35)) * **Filter selinux xattr for image volumes in CRI plugin** ([#5104](https://github.com/containerd/containerd/pull/5104)) * **Use DeactiveLayer to unlock layers that cannot be renamed in Windows snapshotter** ([#5422](https://github.com/containerd/containerd/pull/5422)) * **Fix pull failure on unexpected EOF** ([#5921](https://github.com/containerd/containerd/pull/5921)) * **Close task IO before waiting on delete** ([#5974](https://github.com/containerd/containerd/pull/5974)) * **Log a warning for ignored invalid image labels rather than erroring** ([#6124](https://github.com/containerd/containerd/pull/6124)) * **Update pull to handle of non-https urls in descriptors** ([#6221](https://github.com/containerd/containerd/pull/6221)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Phil Estes * Sebastiaan van Stijn * Derek McGowan * Kazuyoshi Kato * Wei Fu * Akihiro Suda * Daniel Canter * Kevin Parsons * Kohei Tokunaga * Samuel Karp * Claudiu Belu * Jacob Blain Christen * Maksym Pavlenko * Mike Brown * Paul "TBBle" Hampson * Sambhav Kothari * zounengren ### Changes <details><summary>29 commits</summary> <p> * [release/1.5] Prepare release notes for v1.5.8 ([#6260](https://github.com/containerd/containerd/pull/6260)) * [`2385fd14d`](https://github.com/containerd/containerd/commit/2385fd14d6991dc01b6a9d8dc5b996e855ddf7a7) Prepare release notes for v1.5.8 * [release/1.5] mailmap: Add Kevin Parsons ([#6261](https://github.com/containerd/containerd/pull/6261)) * [`ef071b07b`](https://github.com/containerd/containerd/commit/ef071b07bc9198a7df334fd2882930680a52fdde) mailmap: Add Kevin Parsons * Merge Github Security Advisory [GHSA-5j5w-g665-5m35](https://github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35) * [`15d8c03e3`](https://github.com/containerd/containerd/commit/15d8c03e3260953cc560223b42426e8b67dde93c) schema1: reject ambiguous documents * [`833407fbf`](https://github.com/containerd/containerd/commit/833407fbff446771e26d6a381897f2c7ae24677e) images: validate document type before unmarshal * [release/1.5] Fix containerd fails to pull OCI image with non-`http(s)://` urls ([#6238](https://github.com/containerd/containerd/pull/6238)) * [`01428ec40`](https://github.com/containerd/containerd/commit/01428ec4095d23727d227e5602690a2ad356d02f) Fix containerd fails to pull OCI image with non-`http(s)://` urls * [release/1.5] go.mod: Bump hcsshim to v0.8.23 ([#6231](https://github.com/containerd/containerd/pull/6231)) * [`2bd3f18d9`](https://github.com/containerd/containerd/commit/2bd3f18d9fcb239356d553ad689f54a508bdbb0d) [release/1.5] go.mod: Bump hcsshim to v0.8.23 * [release/1.5] go.mod: Bump ttrpc to 1.1.0 ([#6229](https://github.com/containerd/containerd/pull/6229)) * [`047ea15d2`](https://github.com/containerd/containerd/commit/047ea15d2cf9a80d8d1dc37f9cf786a8bf443ec2) [release/1.5] go.mod: Bump ttrpc to 1.1.0 * [release/1.5] update Go to 1.16.10 ([#6210](https://github.com/containerd/containerd/pull/6210)) * [`7b20299bc`](https://github.com/containerd/containerd/commit/7b20299bcda9a3f4d9d047618e7d23dacb4a05fc) [release/1.5] update Go to 1.16.10 * [`641976bea`](https://github.com/containerd/containerd/commit/641976bea903f6d685319955f28fe2c9e6cce566) [release/1.5] update Go to 1.16.9 * [release/1.5] Output a warning for label image labels instead of erroring ([#6187](https://github.com/containerd/containerd/pull/6187)) * [`b988fc918`](https://github.com/containerd/containerd/commit/b988fc918ad314570dd3772233a570f6a5271c34) Output a warning for label image labels instead of erroring * [release/1.5] task delete: Closes task IO before waiting ([#6129](https://github.com/containerd/containerd/pull/6129)) * [`bf02a8330`](https://github.com/containerd/containerd/commit/bf02a8330f059991ada4d43704eb70c613d9f633) task delete: Closes task IO before waiting * [release/1.5] Update test timeout based on recent cancellations ([#6134](https://github.com/containerd/containerd/pull/6134)) * [`3109820f5`](https://github.com/containerd/containerd/commit/3109820f5006116e6e06b9b9a7b1ca4e25a72a3e) Update test timeout based on recent cancellations * [release/1.5] Use deactivatelayer to recover layers that we cannot rename ([#6133](https://github.com/containerd/containerd/pull/6133)) * [`16762f3e5`](https://github.com/containerd/containerd/commit/16762f3e5c26688dd7482b9b880f1b46e4185661) Fix spelling mistake in Windows snapshotter * [`6094bc770`](https://github.com/containerd/containerd/commit/6094bc77050820c5433c2281d9f3e2a0883eb580) Use DeactivateLayer to recover layers that we cannot rename * [release/1.5] Fix pull fails on unexpected EOF ([#6117](https://github.com/containerd/containerd/pull/6117)) * [`aa7c9d9da`](https://github.com/containerd/containerd/commit/aa7c9d9daf5876311c4a77bb445c51225ba19956) Fix pull fails on unexpected EOF * [release/1.5 backport] cri: filter selinux xattr for image volumes ([#5104](https://github.com/containerd/containerd/pull/5104)) * [`c0534c168`](https://github.com/containerd/containerd/commit/c0534c168dc7013c4805f0d4f056920a8dcf6e1b) [release/1.5 backport] cri: filter selinux xattr for image volumes </p> </details> ### Changes from containerd/ttrpc <details><summary>34 commits</summary> <p> * Add protoc-gen-go-ttrpc ([#96](https://github.com/containerd/ttrpc/pull/96)) * [`6eabacc`](https://github.com/containerd/ttrpc/commit/6eabacc9bc8e71d09834cce051ec9115ba36b1e1) Add protoc-gen-go-ttrpc * client: Handle sending/receiving in separate goroutines ([#94](https://github.com/containerd/ttrpc/pull/94)) * [`4f0aeb5`](https://github.com/containerd/ttrpc/commit/4f0aeb590b0add2bb19d199e7db4a487afde4581) client: Handle sending/receiving in separate goroutines * Run Protobuild in GitHub Actions ([#95](https://github.com/containerd/ttrpc/pull/95)) * [`e621cd1`](https://github.com/containerd/ttrpc/commit/e621cd13e4495f2d3673ef9409ab69d1054b5c10) Run Protobuild in GitHub Actions * [`35cd240`](https://github.com/containerd/ttrpc/commit/35cd24038aee70ed64d7814c06eb4c7c805cddde) Re-generate example.pb.go * replace pkg/errors ([#93](https://github.com/containerd/ttrpc/pull/93)) * [`81faa3e`](https://github.com/containerd/ttrpc/commit/81faa3ee80c4384ec3ee9022efc2a9fc8c46361a) replace pkg/errors from vendor * Rename branch from master to main ([#86](https://github.com/containerd/ttrpc/pull/86)) * [`a143311`](https://github.com/containerd/ttrpc/commit/a1433112ec1ce559f5a81564937ba583702b48c8) Rename branch from master to main * Make "go test" and "go build" work on macOS ([#85](https://github.com/containerd/ttrpc/pull/85)) * [`2368990`](https://github.com/containerd/ttrpc/commit/236899069c6f7d7bd857b9deac1197143ec99862) Make the example command buildable on macOS * [`616d54c`](https://github.com/containerd/ttrpc/commit/616d54c531e0a32f0efeee3b6770daef5ed4a13f) Run GitHub Actions on macOS * [`a4b18e0`](https://github.com/containerd/ttrpc/commit/a4b18e0db831b76114a7a8b166697ed4788838da) Make "go test" work on macOS * Return Unimplemented when services or methods are not implemented ([#83](https://github.com/containerd/ttrpc/pull/83)) * [`fede9db`](https://github.com/containerd/ttrpc/commit/fede9db17c4440a840e9e7e3f4ed49d76743dc33) Return Unimplemented when services or methods are not implemented * Remove "Very new" and checked TODO items ([#84](https://github.com/containerd/ttrpc/pull/84)) * [`dcc7d39`](https://github.com/containerd/ttrpc/commit/dcc7d39848621e8b22b1ef74095d94908559db98) Remove "Very new" and checked TODO items * removing glide from ignore ([#82](https://github.com/containerd/ttrpc/pull/82)) * [`2776d3f`](https://github.com/containerd/ttrpc/commit/2776d3f8573226f4947bf982ecf4e28c1e121825) removing glide from ignore * go.mod: update dependencies ([#79](https://github.com/containerd/ttrpc/pull/79)) * [`849845f`](https://github.com/containerd/ttrpc/commit/849845f63b953af9caddd3186954bffebf722d8e) go.mod: github.com/prometheus/procfs v0.6.0 * [`3ea5780`](https://github.com/containerd/ttrpc/commit/3ea578089caa347c6a4a539d041f437f719e5ecc) go.mod: google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63 * [`4640e27`](https://github.com/containerd/ttrpc/commit/4640e2792cb2f461ff719f82ce5609ba2bbc2e62) go.mod: google.golang.org/grpc v1.27.1 * [`7c78be3`](https://github.com/containerd/ttrpc/commit/7c78be300bb630a5d8dafbbd8837d05034da6ee9) go.mod: github.com/gogo/protobuf v1.3.2 * remove travis, add codecov badge ([#78](https://github.com/containerd/ttrpc/pull/78)) * [`88f2525`](https://github.com/containerd/ttrpc/commit/88f25256c07a1b20caf0b36d2417c335f2a8a2d7) CI: add codecov badge to readme * [`6773702`](https://github.com/containerd/ttrpc/commit/6773702961f0c431811490d03076f2b5f4d8971c) CI: remove travis * Use GitHub Actions for CI ([#77](https://github.com/containerd/ttrpc/pull/77)) * [`5bab91b`](https://github.com/containerd/ttrpc/commit/5bab91b0d034bdabcc34b69b0927fecb948ec7c6) Use GitHub Actions for CI * go.mod: sirupsen/logrus v1.7.0 ([#76](https://github.com/containerd/ttrpc/pull/76)) * [`a2f306d`](https://github.com/containerd/ttrpc/commit/a2f306d78905538a59862cf5a097fbf1ca26d026) go.mod: sirupsen/logrus v1.7.0 * [`f0fad07`](https://github.com/containerd/ttrpc/commit/f0fad07cf1dc560a74e62ead1c9faac48a1a9662) go mod tidy </p> </details> ### Dependency Changes * **github.com/Microsoft/hcsshim** v0.8.21 -> v0.8.23 * **github.com/containerd/ttrpc** v1.0.2 -> v1.1.0 Previous release can be found at [v1.5.7](https://github.com/containerd/containerd/releases/tag/v1.5.7)