• CRI-O v1.24.1
  • Downloads
  • Changelog since v1.24.0
    • Changes by Kind
      • Bug or Regression
      • Uncategorized
  • Dependencies
    • Added
    • Changed
    • Removed

CRI-O v1.24.1

The release notes have been generated for the commit range v1.24.0…ca2d61d on Thu, 14 Jul 2022 21:12:19 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

• cri-o.amd64.ca2d61df3ace68249fb7b74474049e14e54e4f04.tar.gz
• cri-o.amd64.ca2d61df3ace68249fb7b74474049e14e54e4f04.tar.gz.sha256sum
• cri-o.arm64.ca2d61df3ace68249fb7b74474049e14e54e4f04.tar.gz
• cri-o.arm64.ca2d61df3ace68249fb7b74474049e14e54e4f04.tar.gz.sha256sum

Changelog since v1.24.0

Changes by Kind

Bug or Regression

• Add monitor_exec_cgroup to the configuration’s runtime handler struct. This allows an admin to specify which cgroup the monitor for exec sync requests runs in (defaults to that of CRI-O). (#5837, @donpenney)
• Fix a bug where ExecSync requests (exec probes) could use an arbitrary amount of memory and disk. Output from ExecSync requests is now limited to 16MB (the amount that exec output was limited to in the dockershim). Disk limiting requires conmon 2.1.2 to work. See https://github.com/cri-o/cri-o/security/advisories/GHSA-fcm2-6c3h-pg6j and CVE-2022-1708 for more information. (#5935, @haircommander)
• Fix a bug where child processes of containers in the host’s PID namespace appear to leak after the child exits (#5943, @haircommander)

Uncategorized

• Fix a panic caused by using the improper Result structure version when setting up CNI plugins (#5960, @haircommander)
• Fix a rare deadlock while communicating to systemd (RHBZ 2082344) (#5954, @openshift-cherrypick-robot)
• Use default umask 0o022 if CRI-O runs under a different umask value. (#6054, @openshift-cherrypick-robot)

Dependencies

Added

Nothing has changed.

Changed

• github.com/containernetworking/cni: v1.1.0 → v1.1.1
• github.com/cri-o/ocicni: v0.3.1 → v0.4.0
• golang.org/x/crypto: 089bfa5 → 2c7772b

Removed

Nothing has changed.