Skip to content

containerd 2.2.2

Choose a tag to compare

View all tags
@github-actions github-actions released this 10 Mar 20:03
· 802 commits to main since this release
v2.2.2
This tag was signed with the committer’s verified signature.
samuelkarp Samuel Karp
GPG key ID: 997C5A3CD3167CB5
Verified
Learn about vigilant mode.
301b2da
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Welcome to the v2.2.2 release of containerd!

The second patch release for containerd 2.2 contains various fixes and improvements.

Highlights

Container Runtime Interface (CRI)

  • Fix migrated CRI image config when using legacy registry mirrors (#12987)
  • Unpack images with per-layer labels for runtime-specific snapshotters (#12936)
  • Fix CNI issue where DEL is never executed after a restart (#12926)
  • Harden error handling to strip potentially-sensitive registry parameters (#12804)
  • Fix nil pointer dereference in container spec memory metrics when memory constraints are not fully configured (#12731)
  • Use the specified runtime handler when pulling images (#12721)
  • Reduce noisy CDI logs (#12717)
  • Fix regression for pulling encrypted images (#12712)

Runtime

  • Fix unintended dropping of mount flags for read-only bind-mounts in user namespaces (#12944)
  • Fix AppArmor bug disallowing unix domain sockets on newer kernels (#12897)

ctr development tool

  • Fix ctr image mount failing with "no such device" (#12831)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Maksym Pavlenko
  • Akhil Mohan
  • Samuel Karp
  • Wei Fu
  • Michael Zappa
  • Phil Estes
  • Fabiano Fidêncio
  • Jérôme Poulin
  • Luke Hinds
  • Aadhar Agarwal
  • Akihiro Suda
  • Alex Chernyakhovsky
  • Chris Adeniyi-Jones
  • Kazuyoshi Kato
  • Rodrigo Campos
  • Sebastiaan van Stijn
  • You Binhao
  • ningmingxiao
  • qiuxue

Changes

48 commits

  • Prepare release notes for v2.2.2 (#12998)
  • Fix migrated CRI image config when using legacy registry mirrors (#12987)
    • a20dead7c set default config_path in plugin init
  • Unpack images with per-layer labels for runtime-specific snapshotters (#12936)
    • a5f83d8c2 cri: unpack images with per-layer labels for runtime-specific snapshotters
  • ci: modprobe xt_comment on almalinux (#12957)
    • 68855cb0b ci: modprobe xt_comment on almalinux
  • Fix unintended dropping of mount flags for read-only bind-mounts in user namespaces (#12944)
    • ef7a8beb3 core/mount: add test for getUnprivilegedMountFlags
    • 07b2cc07e core/mount: fix getUnprivilegedMountFlags iterating over indices instead of values
  • Fix CNI issue where DEL is never executed after a restart (#12926)
  • Fix AppArmor bug disallowing unix domain sockets on newer kernels (#12897)
  • ci: add build/test go1.26.0, drop go1.24 (#12917)
    • 5dbf1b915 update golangci-lint to v2.9.0 with go1.26 support
    • 8ec695ebe remove windows/arm from cross build
    • b9c22a6e3 ci: build/test go1.26.0
  • integration: Fix TestImageLoad() failure on CI (#12906)
    • 09b876a81 integration: Fix TestImageLoad() failure on CI
  • cri: Fix image volumes with user namespaces (#12885)
    • 172ba65b6 cri: Fix image volumes with user namespaces
  • update to go1.24.13, go1.25.7 (#12871)
  • ci: set fetch-depth for containerd to 0 for version parsing (#12875)
    • e46a7a286 set fetch-depth for containerd to 0 for version parsing
  • Fix ctr image mount failing with "no such device" (#12831)
    • 1d7908273 core/mount/manager: fix bind mount missing rbind option
    • 3d509bcd3 core/mount/manager: add tests for WithTemporary option
  • Harden error handling to strip potentially-sensitive registry parameters (#12804)
    • cb3ae2119 fix: sanitize error before gRPC return to prevent credential leak in pod events
  • bump google.golang.org/grpc from 1.76.0 to 1.78.0 (#12739)
    • 533a2552e build(deps): bump google.golang.org/grpc from 1.77.0 to 1.78.0
    • b120237fb build(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0
  • Fix nil pointer dereference in container spec memory metrics when memory constraints are not fully configured (#12731)
    • 4be4e5156 Fix nil pointer dereference in container spec memory metrics
  • cri: emit warning for concurrent CreateContainer (#12735)
    • a76eb698a cri: emit warning for concurrent CreateContainer
  • Use the specified runtime handler when pulling images (#12721)
    • 3d2e188b1 cri: Use the runtimeHandler parameter in PullImage
  • Reduce noisy CDI logs (#12717)
    • 633057382 cri: move noisy CDI logs to debug level
  • Fix regression for pulling encrypted images (#12712)

Dependency Changes

  • github.com/go-jose/go-jose/v4 v4.1.2 -> v4.1.3
  • go.opentelemetry.io/auto/sdk v1.1.0 -> v1.2.1
  • go.opentelemetry.io/otel v1.37.0 -> v1.38.0
  • go.opentelemetry.io/otel/metric v1.37.0 -> v1.38.0
  • go.opentelemetry.io/otel/sdk v1.37.0 -> v1.38.0
  • go.opentelemetry.io/otel/trace v1.37.0 -> v1.38.0
  • golang.org/x/oauth2 v0.30.0 -> v0.32.0
  • google.golang.org/genproto/googleapis/api a7a43d27e69b -> ab9386a59fda
  • google.golang.org/genproto/googleapis/rpc a7a43d27e69b -> ab9386a59fda
  • google.golang.org/grpc v1.76.0 -> v1.78.0

Previous release can be found at v2.2.1

Which file should I download?

  • containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04).
  • containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent.

In addition to containerd, typically you will have to install runc
and CNI plugins from their official sites too.

See also the Getting Started documentation.

Assets 25
Loading