The release notes have been generated for the commit range v1.28.2…v1.28.3 on Fri, 12 Jan 2024 11:52:53 EST.
Note This release fixes CVE-2023-6476
Download one of our static release bundles via our Google Cloud Bucket:
To verify the artifact signatures via cosign, run:
> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.28.3.tar.gz \
--certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.28.3 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-github-workflow-repository cri-o/cri-o \
--certificate-github-workflow-ref refs/tags/v1.28.3 \
--signature cri-o.amd64.v1.28.3.tar.gz.sig \
--certificate cri-o.amd64.v1.28.3.tar.gz.cert
To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:
> tar xfz cri-o.amd64.v1.28.3.tar.gz
> bom validate -e cri-o.amd64.v1.28.3.tar.gz.spdx -d cri-o
io.kubernetes.cri-o.Devices annotation in the default runtime class, which along with AllowedDevices containing /dev/fuse by default, gives containers in the default runtime class optional access to /dev/fuse (#7535, @openshift-cherrypick-robot)Nothing has changed.