Skip to content

Instantly share code, notes, and snippets.

@estesp

estesp/v1.2.9-release-notes.md Secret

Last active September 5, 2019 19:26
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save estesp/8dfeab5baf156ea1dc92793043193167 to your computer and use it in GitHub Desktop.
Save estesp/8dfeab5baf156ea1dc92793043193167 to your computer and use it in GitHub Desktop.
Download ZIP
containerd v1.2.9 release notes draft
Raw
v1.2.9-release-notes.md

containerd 1.2.9

Welcome to the v1.2.9 release of containerd!

The ninth patch release for containerd 1.2 provides a handful of bug fixes and an update to the gRPC vendored codebase to include 3 CVE fixes provided in the upstream v1.23.0 release of gRPC. Note that updating gRPC to the current release required small changes to our core containerd codebase to match the upstream changes since gRPC v1.12.0. These changes have been backported from containerd's master branch, as well as a similar small change in ttrpc, requiring that package's vendoring to be updated.

In addition to the gRPC update to include CVE fixes, fixes were made to correct a container's default Unix environment (introduced in 1.2.8), a small list of CRI plugin fixes, as well as fixes for registry interactions where Docker-Content-Digest is not returned (e.g. GitHub Package Registry), and a tar archive modification time bug found by the buildkit maintainers. A fix to the zfs snapshotter was also included via a re-vendoring of containerd's zfs import. More notes on these fixes are found below.

Notable Updates

  • Cherry-pick update to gRPC 1.23.0. PR #3586 {cherry-picked from changes in master PRs #3192 and #3581}.

    • Fixes grpc/grpc-go#2970 transport: block reading frames when too many transport control frames are queued.
    • Addresses CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood).
    • Other changes can be found in the gRPC release notes.

  • CRI fixes:

    • Fix a bug that the default apparmor profile is mistakenly applied to privileged containers with runtime/default specified. containerd/cri#1239
    • Fix a bug that image can't be pulled if an empty AuthConfig is specified. containerd/cri#1249

  • Bug fix: Compute manifest data when not provided (Docker-Content-Digest header missing). PR #3591 {cherry-picked from master PR #3245 with backports of #2871 and #3335 required}.

  • Bug fix: Use default UNIX env when image has no environment. PR #3601 {cherry-picked from master branch PR #3599}.

  • Bug fix: archive: truncate modification time. PR #3602 {cherry-picked from master branch PR #3589}.

  • Bug fix: zfs: Datasets don't seem to be cleaned up properly on image removal. Reported in containerd/zfs#22 and fixed by PR containerd/zfs#24 and re-vendored into containerd release/1.2 via PR #3596.

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Michael Crosby
  • Phil Estes
  • Wei Fu
  • Akihiro Suda
  • Derek McGowan
  • Sebastiaan van Stijn
  • Maksym Pavlenko
  • Akihiro Suda
  • Charles Kenney
  • Eric Lin
  • Kevin Parsons
  • Tõnis Tiigi
  • msg555

Changes

  • 0b6053f5 Prepare v1.2.9 release
  • 6ef0529f Merge pull request #3591 from thaJeztah/1.2_backport_compute_manifest_metadata
  • ad5af8a4 Merge pull request #3586 from estesp/cp-3581
  • 322c57a1 Merge pull request #3602 from estesp/cp-3589
  • ef264a74 Merge pull request #3601 from estesp/cp-3599
  • 14ff021b archive: truncate modification time
  • 86ea2b72 Use default UNIX env when image has no environment
  • 783f67d5 Merge pull request #3596 from AkihiroSuda/zfs-20190829-12
  • 99c2e56e bump containerd/zfs 2ceb2dbb8154202ed1b8fd32e4ea25b491d7b251
  • 0d6d883a Compute manifest metadata when not provided.
  • e6275a02 Add user agent header to all requests
  • 4bffd885 Explicitly stating utf-8 when fetching oauth token
  • 09c68d08 Add custom headers option to dockerResolver
  • 5c284a77 Revert "Add user agent header to all requests"
  • 08325686 Update gRPC to v1.23.0
  • 5fbd02f8 Update ttrpc to 92c8520ef9f86600c650dd540266a00

Changes from containerd/ttrpc

  • 92c8520 Merge pull request #49 from crosbymichael/status
  • 0e0f228 Handle ok status
  • 9abb3e2 Merge pull request #48 from crosbymichael/travis
  • 8c74fe8 Update to go 1.12x on travis
  • 1ab4dfb Merge pull request #46 from thaJeztah/adjust_for_grpc_1.23
  • 17f4d32 Client.Call(): do not return error if no Status is set (gRPC v1.23 and up)
  • f969a7f Merge pull request #44 from kevpar/method-full-name
  • 271238a Fix method full name generation
  • 1fb3814 Merge pull request #42 from crosbymichael/client
  • 5829a06 Merge pull request #43 from crosbymichael/metadata
  • 694de9d metadata as KeyValue type
  • 3afb82b Fix error handling with server shutdown
  • f3eb35b Refactor close handling for ttrpc clients
  • d134fe7 Merge pull request #41 from crosbymichael/interceptors
  • de8faac Add godocs for interceptors
  • e409d7d Add example binary for testing the example service
  • 819653f Add client and server unary interceptors
  • a5bd8ce Merge pull request #40 from mxpv/headers
  • 04523b9 Rename headers to metadata
  • 5926a92 Support headers

Changes from containerd/zfs

  • 2ceb2db Merge pull request #24 from AkihiroSuda/fix-remove-committed
  • 5b87656 Merge pull request #23 from AkihiroSuda/update-travis
  • 1b4b223 update .travis.yml
  • 6fde16e fix removing Committed
  • 31af176 Merge pull request #21 from estesp/add-project-repo-checks
  • 2f23511 Add common project content/checks to zfs
  • c6182c4 Add license headers to files
  • 9f6ef3b Merge pull request #20 from containerd/skip
  • d78b0d0 Return skip error on unsupported fs
  • 39692b4 Merge pull request #19 from AkihiroSuda/update-containerd
  • 154f951 update containerd

Dependency Changes

Previous release can be found at v1.2.8

  • github.com/containerd/ttrpc f82148331ad2181edea8f3f649a1f7add6c3f9c2 -> 92c8520ef9f86600c650dd540266a007bf03670f
  • github.com/containerd/zfs 9a0b8b8b5982014b729cd34eb7cd7a11062aa6ec -> 2ceb2dbb8154202ed1b8fd32e4ea25b491d7b251
  • github.com/google/uuid v1.1.1 new
  • github.com/mistifyio/go-zfs 166add352731e515512690329794ee593f1aaff2 -> f784269be439d704d3dfa1906f45dd848fed2beb
  • google.golang.org/grpc v1.12.0 -> 6eaf6f47437a6b4e2153a190160ef39a92c7eceb
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment