CRI-O v1.30.6

CRI-O v1.30.6

The release notes have been generated for the commit range v1.30.5…8162426 on Thu, 31 Oct 2024 18:31:13 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.81624264dda8fd548e375ce8a573c5960c31b09c.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/81624264dda8fd548e375ce8a573c5960c31b09c \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/81624264dda8fd548e375ce8a573c5960c31b09c \
    --signature cri-o.amd64.81624264dda8fd548e375ce8a573c5960c31b09c.tar.gz.sig \
    --certificate cri-o.amd64.81624264dda8fd548e375ce8a573c5960c31b09c.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.81624264dda8fd548e375ce8a573c5960c31b09c.tar.gz
> bom validate -e cri-o.amd64.81624264dda8fd548e375ce8a573c5960c31b09c.tar.gz.spdx -d cri-o

Changelog since v1.30.5

Changes by Kind

Uncategorized

Config: add /dev/net/tun to default allowed devices (#8595, @openshift-cherrypick-robot)
Fix a bug where an allowed_annotation specified twice (in either a workload or runtime) couldn’t be used (#8712, @openshift-cherrypick-robot)
Fix a bug where the GID is not added to /etc/group when run_as_group is set (#8558, @openshift-cherrypick-robot)
Fixed container stats label filtering. (#8574, @openshift-cherrypick-robot)
Fixed evented pleg pod sandbox status timestamp to use a time in nanosecond resolution. (#8586, @openshift-cherrypick-robot)
The default seccomp policy now blocks clone and clone3 system calls that can create a Linux namespace. This matches the default seccomp policy containerd uses. (#8568, @kwilczynski)

Dependencies

Added

Nothing has changed.

Changed

github.com/containers/common: v0.57.4 → f77c208
github.com/containers/storage: v1.51.0 → dfcc633
github.com/cyphar/filepath-securejoin: v0.2.4 → v0.3.1
golang.org/x/sys: v0.18.0 → v0.21.0

Removed

Nothing has changed.