CRI-O v1.28.11

CRI-O v1.28.11

The release notes have been generated for the commit range v1.28.11…48c134e on Wed, 30 Apr 2025 18:53:14 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.48c134e17c04f9201c8100f9155513a4d864b7f8.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/48c134e17c04f9201c8100f9155513a4d864b7f8 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/48c134e17c04f9201c8100f9155513a4d864b7f8 \
    --signature cri-o.amd64.48c134e17c04f9201c8100f9155513a4d864b7f8.tar.gz.sig \
    --certificate cri-o.amd64.48c134e17c04f9201c8100f9155513a4d864b7f8.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.48c134e17c04f9201c8100f9155513a4d864b7f8.tar.gz
> bom validate -e cri-o.amd64.48c134e17c04f9201c8100f9155513a4d864b7f8.tar.gz.spdx -d cri-o

Changelog since v1.28.11

Changes by Kind

Bug or Regression

Fixed the issue that /etc/crypto-policies/config in a container isn’t updated. (#9099, @bitoku)

Uncategorized

Fixed issue when sandbox removal is not possible due to stale or missing network namespace path. (#8817, @openshift-cherrypick-robot)
Only restore container if all bind mounts are defined.
Ensure that the “image” attribute has been provided. (#8797, @kwilczynski)
Reverted Fixed the issue that /etc/crypto-policies/config in a container isn't updated. to respect the current behavior (#9166, @bitoku)

Dependencies

Added

github.com/moby/sys/user: v0.1.0

Changed

github.com/containers/common: 9148450 → 83d82c0
github.com/containers/storage: v1.49.0 → 840468e
github.com/cpuguy83/go-md2man/v2: v2.0.2 → v2.0.5
github.com/cyphar/filepath-securejoin: v0.2.3 → v0.3.6
github.com/stretchr/objx: v0.5.0 → v0.5.2
github.com/stretchr/testify: v1.8.4 → v1.9.0
github.com/urfave/cli: v1.22.14 → v1.22.16
github.com/vbatts/tar-split: v0.11.5 → v0.11.7
golang.org/x/sys: v0.17.0 → v0.26.0

Removed

Nothing has changed.