Confidential Containers v0.21.0 patches a moderate guest-components security advisory (GHSA-84rc-2q4r-45pc) and formally advances four deprecations toward removal in v0.22, while bundling Kata 3.31.0, Trustee 0.20.0, and several Trustee/KBS capability additions including gRPC plugins and centralized storage.
securityPatch guest-components security advisory GHSA-84rc-2q4r-45pc
GHSA-84rc-2q4r-45pc is a moderate-severity vulnerability in guest-components. Upgrade to v0.21.0 to receive the patch.
breakingCAA docker provider scheduled for removal in v0.22
The CAA docker provider, deprecated since v0.20, will be removed in v0.22. Migrate to an alternative provider before the next release.
breakingFedora-based mkosi-built CAA podvm image scheduled for removal in v0.22
The Fedora-based mkosi-built CAA podvm image, deprecated since v0.20, will be removed in v0.22. Switch to an alternative image build method.
breakingPacker-built CAA podvm image scheduled for removal in v0.22
The packer-built CAA podvm image, deprecated since v0.17, will be removed in v0.22. Update your podvm image build configuration.
breakingCAA csi-wrapper component scheduled for removal in v0.22
The CAA csi-wrapper component is deprecated and will be removed in v0.22. Plan to remove or replace this component in your deployment.
Key changes (5)
- Security fix: guest-components advisory GHSA-84rc-2q4r-45pc patched
- Four deprecations advancing to removal in v0.22: CAA docker provider, Fedora-based mkosi-built CAA podvm image, packer-built CAA podvm image, CAA csi-wrapper
- Kata Containers updated to 3.31.0; Trustee and guest-components to 0.20.0 with KBS protocol v0.4.0
- KBS adds resource deletion support on some storage backends; Trustee gains gRPC plugin interface and centralized storage backend
- TPM verifier reports AK as TCB claim; Trustee improves TLS, TDX, SE support and multi-device attestation; RVPS adds basic CoRIM support; Attestation Agent better reports supported TEEs