RATATOSKRATATOSK
ログイン

リリース

CNCF graduated・incubatingプロジェクトのリリースノートのAI分析。

プロジェクト: containerd解除 ×

containerd

Kubernetes Core2026年6月3日

Security patch release fixing CVE-2026-46680 plus runtime bugs in sandbox service, AppArmor compatibility, and OCI USER spec handling.

  • securityPatch CVE-2026-46680 immediately

    CVE-2026-46680 is the primary driver for this release. Review the GHSA advisory to understand the attack surface and severity. If you run containerd 2.1.x in any environment, upgrading to 2.1.8 should be your next deployment task. There are no dependency changes, so the upgrade path is straightforward.

  • breakingOCI USER out-of-range values now fail explicitly — check your container specs

    Previously, out-of-range USER values in OCI specs could silently fall through to username/group lookups, masking misconfigurations. Now containerd returns an explicit error. If any of your containers or image builds set numeric USER values outside valid UID/GID ranges, they will start failing visibly after this upgrade. Audit your specs before rolling out to production.

  • enhancementUpgrade if you run AppArmor < 3.0 or use sandbox-based runtimes

    The conditional AppArmor abi fix is a real blocker for anyone on older AppArmor (e.g., Ubuntu 20.04 ships 2.x). The sandbox service bug also affects event-driven workflows and correct sandbox creation — silent misconfiguration is worse than a visible error. If you use Kata Containers or any sandbox-based runtime, this fix directly affects you.

主な変更 (5)
  • CVE-2026-46680 addressed — check the advisory for scope and impact before upgrading
  • OCI spec now returns explicit errors for out-of-range USER values instead of silently triggering unexpected username/group lookups
  • Sandbox service bugs fixed: Create fields were not being forwarded correctly and event topics were broken
  • AppArmor abi field now set conditionally, restoring compatibility with AppArmor versions below 3.0
  • Volatile snapshotter now accepts both 'volatile' and 'fsync=volatile' mount option styles
原文

containerd

Kubernetes Core2026年5月21日

containerd 2.0.9 patches CVE-2026-46680 and fixes a TOCTOU race in tar extraction, lost container exit events on restart, and several security hardening issues.

  • securityPatch CVE-2026-46680 now

    A security vulnerability tracked as CVE-2026-46680 is fixed in this release. Any containerd 2.0.x deployment should be upgraded to 2.0.9 immediately. Check the GHSA advisory for affected configurations and severity before scheduling maintenance windows — this shouldn't wait.

  • securityTOCTOU fix in tar extraction reduces image unpack risk

    The TOCTOU race during tar extraction could be exploited with a crafted image layer to escape expected paths. This is relevant for any environment pulling untrusted or third-party images. Upgrade and consider auditing your image pull policies if you haven't already restricted sources.

  • breakingCheck AppArmor configs if running pre-3.0 AppArmor

    The AppArmor ABI field is now set conditionally, so systems running AppArmor older than 3.0 won't have an incompatible ABI injected into generated profiles. If you've been working around this with custom profiles, test your AppArmor setup after upgrading to confirm behavior is as expected.

  • enhancementFix for lost exit events matters for high-churn workloads

    If you've seen containers stuck in unexpected states after a containerd restart — particularly in Kubernetes environments with rapid pod cycling — this fix addresses the root cause. No config change needed; upgrading is enough.

主な変更 (5)
  • CVE-2026-46680 patched — upgrade immediately, details in the security advisory
  • TOCTOU race condition in tar extraction fixed, reducing potential for path traversal during image unpack
  • AF_ALG socket family now blocked in default seccomp policy, narrowing the kernel attack surface
  • Container exit events no longer dropped when they arrive before CRI info is cached during containerd restart
  • Sandbox service bugs fixed: Create fields forwarded correctly and event topics no longer misconfigured
原文

containerd

Kubernetes Core2026年5月21日

containerd 1.7.32 is a security-focused patch addressing CVE-2026-46680, plus hardening the default seccomp profile by blocking AF_ALG sockets and fixing OCI spec USER handling.

  • securityPatch CVE-2026-46680 now — upgrade to 1.7.32

    CVE-2026-46680 is the primary driver for this release. Details are in the containerd security advisory. If you're running any 1.7.x version, treat this as a mandatory upgrade. Check the advisory for severity and attack surface before deciding on your maintenance window — but don't defer this long.

  • securityAF_ALG is now blocked in the default seccomp profile — verify custom profiles

    The default seccomp policy now blocks the AF_ALG (kernel crypto) socket family. Containers relying on AF_ALG for hardware crypto offloading will break after this upgrade. Audit your workloads — most standard containers won't be affected, but custom crypto or HSM-adjacent workloads might. If needed, override via a custom seccomp profile rather than relaxing the default.

  • breakingOut-of-range USER values now fail explicitly — check your container images

    Previously, an out-of-range UID/GID in the OCI spec could silently trigger name lookups with unpredictable results. Now containerd returns an error. If you have images or specs with numeric USER values outside valid range, containers will fail to start instead of behaving unexpectedly. Run a pre-upgrade check on your image inventory, especially anything using high numeric UIDs.

  • enhancementAppArmor < 3.0 compatibility restored — relevant for older distros

    If you're running containerd on Ubuntu 20.04, Debian Bullseye, or any distro shipping AppArmor 2.x, earlier 1.7.x releases may have caused AppArmor profile load failures. This fix conditionally omits the abi directive. Upgrade and verify AppArmor profile loading if you've been seeing related errors.

主な変更 (5)
  • CVE-2026-46680 patched — update immediately if running 1.7.x
  • AF_ALG socket family now blocked in default seccomp socket policy, tightening the default container sandbox
  • OCI spec USER values that are out-of-range now return an explicit error instead of silently triggering unexpected username/group lookups
  • hosts.toml can now contain only root-level fields with no [host] section, fixing a config parsing bug
  • AppArmor abi directive is now set conditionally, restoring compatibility with AppArmor < 3.0
原文

containerd

Kubernetes Core2026年5月21日

containerd 2.3.1 patches CVE-2026-46680 and fixes several runtime/snapshotter bugs including seccomp hardening that blocks AF_ALG sockets by default.

  • securityPatch CVE-2026-46680 now — upgrade from 2.3.0

    CVE-2026-46680 is fixed in this release. Details are in the containerd security advisory. If you're on 2.3.0, treat this as a mandatory upgrade. Check your package manager or deployment pipeline to roll out 2.3.1 across all nodes before the vulnerability details are widely circulated.

  • securityAF_ALG blocked in default seccomp policy — test workloads that use kernel crypto

    The default seccomp profile now blocks AF_ALG (Linux kernel crypto API via sockets). Most containerized applications won't touch this, but anything using AF_ALG directly for cryptographic operations will break. Before upgrading in production, verify your workloads don't rely on AF_ALG — run a quick strace or audit your application's socket calls. Custom seccomp profiles are unaffected.

  • breakingNon-runc runtime users: test sandbox task API behavior after upgrade

    The sandbox task API endpoint fix and deprecation of task fields in Runc options targets non-runc runtime setups (e.g., Kata Containers, gVisor). If your cluster uses alternative runtimes, validate that container creation and task management still work as expected post-upgrade. The deprecation of task fields means you should audit any custom Runc options configs to remove deprecated fields before they're removed in a future version.

主な変更 (5)
  • CVE-2026-46680 patched — upgrade immediately if running 2.3.0
  • Default seccomp policy now blocks AF_ALG socket family, tightening container isolation
  • Out-of-range USER values in OCI spec now return explicit errors instead of triggering unexpected username/group lookups
  • Sandbox task API endpoints fixed for non-runc runtimes; task fields in Runc options deprecated
  • BoltDB files for metadata and mount plugins now properly closed on server shutdown, preventing resource leaks
原文

containerd

Kubernetes Core2026年5月21日

Patch release fixing sandbox task API endpoints broken for non-runc shims — critical for anyone running alternative runtimes like Kata Containers or gVisor.

  • breakingUpgrade if you run non-runc runtimes in sandbox mode

    The bug in api/v1.11.0 caused sandbox task API endpoints to malfunction for any shim that isn't runc — think Kata Containers, gVisor, or custom shims. If your cluster uses these runtimes and you're on 1.11.0, task operations against sandboxed workloads may silently fail or misbehave. Update to api/v1.11.1 immediately and verify task lifecycle operations (create, delete, exec) work correctly post-upgrade.

  • enhancementValidate your shim compatibility after upgrading

    The fix adds the task API address to CreateTaskRequest at the proto level. If you maintain a custom shim, review whether your implementation reads this field — it's now populated where it wasn't before. No action needed for standard runc workloads, but non-standard shim authors should test task creation flows against this API version.

主な変更 (3)
  • Task API address is now included in CreateTaskRequest, fixing routing for non-runc shims
  • No dependency changes — safe, minimal patch
  • Only 4 commits; scope is narrow and targeted
原文

containerd

Kubernetes Core2026年5月1日

containerd 2.3.0 is the first LTS release under the new Kubernetes-aligned 4-month cadence, offering 2+ years of support with major NRI, EROFS, and observability improvements.

  • breakingRename NRI plugins with commas in their names before upgrading

    The new OCI hook owner accumulation logic uses commas as delimiters internally, so any NRI plugin whose name contains a comma will break. Audit your NRI plugin names now. If any contain commas, rename them before rolling out 2.3.0 — this affects both the plugin binary name and any configuration referencing it.

  • enhancementPlan your 1.7 → 2.3 LTS migration now

    This is the designated upgrade target from containerd 1.7 LTS. The project explicitly tests and supports direct sequential LTS-to-LTS upgrades. If you're still on 1.7, this is the right time to build a migration plan — 2.3 gets at least two years of support, making it the stable foundation for Kubernetes clusters through roughly 2027.

  • enhancementEnable trace propagation for better plugin and runtime observability

    OTel traces now flow through gRPC RPCs between containerd and its plugins, and trace IDs can be injected into log lines. If you run a distributed tracing stack (Jaeger, Tempo, etc.), configure the OTLP exporter in containerd's config and enable trace ID injection in logging. This closes a major gap where container lifecycle events were invisible to your tracing backend.

主な変更 (5)
  • First LTS release in the 2.x line — direct upgrade path from 1.7 LTS is tested and supported
  • NRI gets massive capability expansion: user/group IDs, seccomp policy, rlimits, sysctls, network devices, Intel RDT, and kernel scheduling policy now all passable to plugins
  • EROFS support matures with zstd-wrapped layers, dmverity integration, and native container image media types
  • OpenTelemetry traces now propagate through outgoing gRPC RPCs from plugin clients, with trace ID injection into logs
  • NRI breaking change: commas are no longer allowed in plugin names due to OCI hook owner accumulation logic
原文

containerd

Kubernetes Core2026年4月30日

containerd API v1.11.0 ships a new shim bootstrap protocol, container filesystem copy transfer types, and sandbox spec field support — aligning with the containerd 2.3 runtime release.

  • securitygRPC updated from v1.59.0 to v1.79.3 — multiple CVE fixes included

    A 20-minor-version jump in gRPC covers a significant span of security and stability fixes. If your environment pins or vendors gRPC separately, reconcile your dependency tree against v1.79.3. The golang.org/x/* packages also moved forward across the board, so a full dependency audit is warranted before deploying this API version in production.

  • breakingSandbox API: Container field removed, update any sandbox metadata consumers

    The Container field has been dropped from sandbox metadata and replaced with a spec field. If you have tooling, controllers, or custom runtimes that read or write sandbox metadata directly, audit them now. This is an API-level change — anything compiled against the old proto definitions will break at runtime when targeting containerd 2.3.

  • breakingShim bootstrap protocol is now protobuf — custom shim implementations need updating

    The new shim bootstrap protocol switches from JSON to protobuf and uses enums instead of strings for capabilities and log levels. If you maintain a custom shim or vendor the containerd API, you must update your bootstrap handling before deploying containerd 2.3. Third-party shims (e.g., kata-containers, nydus) likely need corresponding releases — check their compatibility before upgrading.

主な変更 (6)
  • New shim bootstrap protocol introduced: uses protobuf (not JSON), enums for capabilities/log levels, and includes containerd version at shim launch
  • Shim socket directory now uses the configured state directory instead of a hardcoded path
  • Transfer API gains new types for container filesystem copy operations
  • Sandbox API updated: Container field removed, spec field added to sandbox metadata
  • EROFS native container image support extended with os.features field in platform proto
  • gRPC dependency jumped from v1.59.0 to v1.79.3; protobuf toolchain migrated from protobuild to buf
原文

containerd

Kubernetes Core2026年4月15日

containerd v2.2.3 patches CVE-2026-35469 in spdystream and fixes several bugs including whiteout handling in parallel unpacks, TOCTOU race in tar extraction, and Go 1.24 symlink regressions.

  • securityPatch CVE-2026-35469: upgrade to v2.2.3 now

    CVE-2026-35469 affects moby/spdystream, which containerd uses for streaming connections. The fix is in spdystream v0.5.1, bundled in this release. If you're running any 2.2.x version, treat this as a mandatory upgrade — don't wait for your next maintenance window.

  • breakingParallel unpack whiteout bug could mean corrupted layer state — verify images

    A bug caused whiteout files (which signal file deletions between layers) to be ignored when parallel unpack was enabled. If you've been using parallel unpack with overlayfs, layer deletion semantics may not have applied correctly. After upgrading, re-pull any images that were unpacked in parallel to ensure their layer state is consistent.

  • enhancementGo 1.24 users on NixOS or symlink-heavy rootfs: this fixes your container startup failures

    Absolute symlink handling in rootfs user/group lookups regressed with Go 1.24. This affected systems where /etc/passwd or /etc/group are symlinks (common on NixOS-style setups). If you've seen user lookup failures or container start errors after moving to Go 1.24-built binaries, upgrading to v2.2.3 resolves this.

主な変更 (5)
  • Security patch for CVE-2026-35469 via spdystream upgrade to v0.5.1
  • Fixed whiteouts being silently ignored during parallel unpack — critical for image correctness
  • TOCTOU race condition hardened in tar extraction path
  • runc updated to v1.3.5
  • Absolute symlink resolution fixed for /etc/passwd and /etc/group lookups, addressing Go 1.24 regressions on NixOS-style and similar systems
原文

containerd

Kubernetes Core2026年4月15日

containerd 2.0.8 patches CVE-2026-35469 in spdystream, fixes a credential leak in CRI error messages, and resolves a CNI DEL lifecycle bug after containerd restarts.

  • securityPatch CVE-2026-35469 by upgrading to 2.0.8 now

    CVE-2026-35469 lives in the moby/spdystream dependency. Details are in a GitHub security advisory. If you're running containerd 2.0.x in any cluster, upgrade to 2.0.8 — this is the primary reason for the release. Don't wait for your next maintenance window if the advisory turns out to be high severity.

  • securityCheck your pod event logs for past credential exposure

    Before this fix, registry credentials or other secrets embedded in URLs could appear in plaintext inside CRI gRPC error messages and pod events. If you're shipping pod events to a logging backend (Datadog, Splunk, ELK, etc.), audit recent logs for query parameters that shouldn't be there. Going forward, 2.0.8 redacts these before they leave containerd.

  • breakingValidate CNI network cleanup works correctly after upgrading

    The CNI DEL bug meant network namespaces and CNI plugin state weren't cleaned up when a pod was deleted after a containerd restart. This could leave stale network state on nodes. After upgrading to 2.0.8, verify that pod deletion properly invokes CNI DEL — especially on nodes that have experienced containerd restarts. If you've noticed orphaned network interfaces or IP allocation issues, this fix is the likely culprit.

主な変更 (5)
  • CVE-2026-35469: spdystream updated from v0.4.0 to v0.5.1 to address the vulnerability
  • CRI error sanitization: gRPC errors and query parameters are now redacted before returning to callers, preventing credential exposure in pod events
  • CNI DEL fix: network teardown was silently skipped after a containerd restart — this is now corrected
  • SELinux library updated to v1.13.1 (opencontainers/selinux)
  • Go toolchain updated to 1.25.9 / 1.26.2
原文

containerd

Kubernetes Core2026年4月15日

v1.7.31 patches CVE-2026-35469 in spdystream, fixes a CNI DEL regression after restarts, and closes a credential leak in pod events via gRPC error sanitization.

  • securityPatch CVE-2026-35469 by upgrading to v1.7.31 now

    CVE-2026-35469 affects the moby/spdystream library used for SPDY multiplexing. The fix is in spdystream v0.5.1, bundled here. If you're running any 1.7.x release prior to this, upgrade immediately — especially on clusters where the CRI streaming server is exposed or where kubectl exec/attach/port-forward traffic flows through containerd.

  • securityAudit pod event logs for previously leaked credentials

    A bug caused raw error messages — potentially containing registry credentials — to be returned over gRPC and surface in pod events. After upgrading, review historical pod event logs (kubectl get events, or your log aggregation system) for any entries containing auth tokens, passwords, or image pull secrets from before this fix was applied. Rotate any credentials you find.

  • breakingVerify CNI network teardown is working correctly after upgrade

    The CNI DEL fix means containers that previously left behind stale network state after a containerd restart will now properly clean up. This is the right behavior, but if you have automation or scripts that assumed CNI DEL was idempotent-by-absence (i.e., expected cleanup to be skipped), test those workflows. Nodes with a history of unclean restarts may see cleanup activity on first pod deletion post-upgrade.

主な変更 (5)
  • CVE-2026-35469: spdystream updated from v0.2.0 to v0.5.1 to address the vulnerability
  • CNI DEL now correctly executes after a containerd restart — previously orphaned network teardowns were silently skipped
  • gRPC error paths sanitized to prevent registry credentials from leaking into pod events
  • runc binary bumped to v1.3.5
  • TOCTOU race bug fixed in tar extraction
原文

containerd

Kubernetes Core2026年3月11日

containerd 2.2.2 fixes critical CRI networking bugs, registry credential leakage, and AppArmor compatibility issues that could affect production Kubernetes workloads.

  • securityUpdate to prevent registry credential exposure

    Registry credentials could leak in error messages and pod events. Deploy this patch immediately if you use private registries with authentication, as these credentials might appear in logs or Kubernetes events that could be accessed by unauthorized users.

  • breakingFix CNI network cleanup after restarts

    CNI DEL operations weren't executing after containerd restarts, leaving stale network configurations. This affects pod networking reliability. Update before your next maintenance window to prevent network namespace leaks and potential IP conflicts.

  • enhancementUpgrade for AppArmor compatibility

    AppArmor profiles now work correctly with unix domain sockets on modern kernels. If you're running newer kernel versions and experiencing socket connection issues with AppArmor enabled, this update resolves the compatibility problem.

主な変更 (5)
  • Fixed CNI cleanup issue where network teardown failed after containerd restarts
  • Resolved credential leakage in error messages when registry authentication fails
  • Fixed AppArmor profile causing unix socket failures on newer kernels
  • Corrected registry mirror configuration migration for legacy setups
  • Fixed nil pointer crashes in memory metrics when constraints are partially configured
原文