CRI-O v1.33.3

CRI-O v1.33.3

The release notes have been generated for the commit range v1.33.2…eaa7ec8 on Thu, 14 Aug 2025 13:39:41 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.eaa7ec8020b8a69012ab34f98e39dbfcad1fd777.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/eaa7ec8020b8a69012ab34f98e39dbfcad1fd777 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/eaa7ec8020b8a69012ab34f98e39dbfcad1fd777 \
    --signature cri-o.amd64.eaa7ec8020b8a69012ab34f98e39dbfcad1fd777.tar.gz.sig \
    --certificate cri-o.amd64.eaa7ec8020b8a69012ab34f98e39dbfcad1fd777.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.eaa7ec8020b8a69012ab34f98e39dbfcad1fd777.tar.gz
> bom validate -e cri-o.amd64.eaa7ec8020b8a69012ab34f98e39dbfcad1fd777.tar.gz.spdx -d cri-o

Changelog since v1.33.2

Changes by Kind

Bug or Regression

Server: delay CDI device injection, to ensure that CDI Spec edits take precedence over image defaults and the Pod Spec. (#9295, @klihub)

Uncategorized

Fix the bug that pod can’t be terminated when the process is uninterruptible sleep for a while. (#9320, @openshift-cherrypick-robot)
Fixed segmentation fault when trying to create a lot of pods at a time. (#9368, @openshift-cherrypick-robot)
Handle missing network namespace gracefully during networkStop (#9337, @openshift-cherrypick-robot)
Server: add real-time memory validation for limit updates (#9404, @openshift-cherrypick-robot)
Server: ensure CNI teardown prevents IP leaks with missing netns (#9382, @openshift-cherrypick-robot)

Dependencies

Added

Nothing has changed.

Changed

github.com/go-chi/chi/v5: v5.2.1 → v5.2.2

Removed

Nothing has changed.