Skip to content

Tags

Tags give the ability to mark specific points in history as being important

  • v1.7.13

    7c3aca7a · Merge pull request #9724 from dmcgowan/prepare-v1.7.13 · 
    containerd 1.7.13

Welcome to the v1.7.13 release of containerd!

The thirteenth patch release for containerd 1.7 updates the runc binary
in the release builds to address CVE-2024-21626

### Notable Updates

* **Update runc binary to v1.1.12** ([GHSA-xr7r-f8xq-vfvv](https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv))
* **Update seccomp profile for new syscalls added since Linux 5.16** ([#9693](https://github.com/containerd/containerd/pull/9693))

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Derek McGowan
* Akihiro Suda
* Evan Lezar
* Paweł Gronowski
* Phil Estes
* Wei Fu

### Changes
<details><summary>9 commits</summary>
<p>

* Prepare v1.7.13 and update runc to v1.1.12 ([#9724](https://github.com/containerd/containerd/pull/9724))
  * [`b97e611b9`](https://github.com/containerd/containerd/commit/b97e611b9b931225f2385d5fcc31873577464edd) Prepare release notes for v1.7.13
  * [`2e7fa14db`](https://github.com/containerd/containerd/commit/2e7fa14db7f4448751280520fef2c628ed07b0eb) Update runc binary to v1.1.12
* [release/1.7] seccomp: kernel 6.7 ([#9693](https://github.com/containerd/containerd/pull/9693))
  * [`1bed37871`](https://github.com/containerd/containerd/commit/1bed3787162521aeb179895c29f7cc6a6bcd8013) seccomp: kernel 6.7
* [release/1.7] Update container-device-interface to v0.6.2 ([#9685](https://github.com/containerd/containerd/pull/9685))
  * [`14628d4aa`](https://github.com/containerd/containerd/commit/14628d4aaa1138f2fd10f23d26f3810ba5d65ab2) Update container-device-interface to v0.6.2
* [release/1.7] content: Add InfoReaderProvider ([#9658](https://github.com/containerd/containerd/pull/9658))
  * [`836477930`](https://github.com/containerd/containerd/commit/836477930ed9e6a81980b5bd2150f638cb39adf6) content: Add InfoReaderProvider
</p>
</details>

### Dependency Changes

* **tags.cncf.io/container-device-interface**           v0.6.2 **_new_**
* **tags.cncf.io/container-device-interface/specs-go**  v0.6.0 **_new_**

Previous release can be found at [v1.7.12](https://github.com/containerd/containerd/releases/tag/v1.7.12)
    Unverified

  • v1.6.28

    ae07eda3 · Merge pull request #9723 from dmcgowan/prepare-v1.6.28 · 
    containerd 1.6.28

Welcome to the v1.6.28 release of containerd!

The twenty-eighth patch release for containerd 1.6 updates the runc binary
in the release builds to address CVE-2024-21626

### Notable Updates

* **Update runc binary to v1.1.12** ([GHSA-xr7r-f8xq-vfvv](https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv))
* **Update seccomp profile for new syscalls added since Linux 5.16** ([#9694](https://github.com/containerd/containerd/pull/9694))

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Andrey Epifanov
* Derek McGowan
* Akihiro Suda
* Maksym Pavlenko
* Phil Estes
* Shengjing Zhu
* Wei Fu

### Changes
<details><summary>13 commits</summary>
<p>

*  Prepare v1.6.28 and update runc to v1.1.12 ([#9723](https://github.com/containerd/containerd/pull/9723))
  * [`570c7c637`](https://github.com/containerd/containerd/commit/570c7c637745c9a5d41309c51193107a25768200) Prepare release notes for v1.6.28
  * [`b20b9f86b`](https://github.com/containerd/containerd/commit/b20b9f86b583b11a7fac34e6c682bc7633c74237) Update runc binary to v1.1.12
* [release/1.6] upgrade OpenTelemetry to v1.21.0 / v0.46.0 (CVE-2023-47108) etc. ([#9707](https://github.com/containerd/containerd/pull/9707))
  * [`19500722a`](https://github.com/containerd/containerd/commit/19500722aec045da29536401fa4c76dfc5ef0cbe) [release/1.6] vendor: golang.org/x/crypto v0.18.0
  * [`919928f6b`](https://github.com/containerd/containerd/commit/919928f6b006e563d1a1c57af36e29b570dd726a) [release/1.6] vendor: golang.org/x/term v0.16.0
  * [`7d6a4d23b`](https://github.com/containerd/containerd/commit/7d6a4d23b182e419c0cfa732c369d7f4c90c7a02) [release/1.6] vendor: golang.org/x/sys v0.16.0
  * [`16ac018ae`](https://github.com/containerd/containerd/commit/16ac018ae3efaa0389678a47d0135c739a93cbae) [release/1.6] vendor: upgrade OpenTelemetry to v1.21.0 / v0.46.0
* [release/1.6] seccomp: kernel 6.7 ([#9694](https://github.com/containerd/containerd/pull/9694))
  * [`f44628305`](https://github.com/containerd/containerd/commit/f44628305d7cdccfd1f7b8996b39846db5c4f035) seccomp: kernel 6.7
* [release/1.6] carry #9557 - enable ARM CI ([#9636](https://github.com/containerd/containerd/pull/9636))
  * [`65e1656f2`](https://github.com/containerd/containerd/commit/65e1656f2755727770f2adc90df8b972e7a513f2) cri: fix integration test on cgroupsv2 system
  * [`9cf1e1a39`](https://github.com/containerd/containerd/commit/9cf1e1a39ca17328c973a7d2ed2969e4f98993cc) *: enable ARM64 runner
</p>
</details>

### Dependency Changes

* **github.com/go-logr/logr**                                                      v1.2.2 -> v1.3.0
* **github.com/google/go-cmp**                                                     v0.5.9 -> v0.6.0
* **github.com/google/uuid**                                                       v1.3.0 -> v1.3.1
* **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc**  v0.28.0 -> v0.46.0
* **go.opentelemetry.io/otel**                                                     v1.3.0 -> v1.21.0
* **go.opentelemetry.io/otel/metric**                                              v1.21.0 **_new_**
* **go.opentelemetry.io/otel/sdk**                                                 v1.3.0 -> v1.21.0
* **go.opentelemetry.io/otel/trace**                                               v1.3.0 -> v1.21.0
* **golang.org/x/crypto**                                                          v0.14.0 -> v0.18.0
* **golang.org/x/net**                                                             v0.17.0 -> v0.18.0
* **golang.org/x/oauth2**                                                          v0.10.0 -> v0.11.0
* **golang.org/x/sys**                                                             v0.13.0 -> v0.16.0
* **golang.org/x/term**                                                            v0.13.0 -> v0.16.0
* **golang.org/x/text**                                                            v0.13.0 -> v0.14.0
* **google.golang.org/grpc**                                                       v1.58.3 -> v1.59.0

Previous release can be found at [v1.6.27](https://github.com/containerd/containerd/releases/tag/v1.6.27)
    Unverified

  • v2.0.0-beta.2

    4f3a026b · Merge pull request #9696 from dmcgowan/prepare-v2.0.0-beta.2 · 
    containerd 2.0.0-beta.2

Welcome to the v2.0.0-beta.2 release of containerd!
*This is a pre-release of containerd*

The first major release of containerd 2.x focuses on the continued stability of
containerd's core feature set with an easy upgrade from containerd 1.x. This
release includes the stabilization of new features added in the last 1.x release
as well as the removal of features which were deprecated in 1.x. The goal is to
support the vast community of containerd users well into the future along with
their ever increasing deployment footprints and variety of use cases.

### Highlights

* Add PluginInfo to introspection API ([#9442](https://github.com/containerd/containerd/pull/9442))
* Remove overlayfs volatile option on temp mounts ([#9555](https://github.com/containerd/containerd/pull/9555))
* Move packages based on contributing guide ([#9365](https://github.com/containerd/containerd/pull/9365))
* Update import and export to allow references to missing content  ([#9554](https://github.com/containerd/containerd/pull/9554))
* Add option to perform syncfs after pull ([#9401](https://github.com/containerd/containerd/pull/9401))
* Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([#9320](https://github.com/containerd/containerd/pull/9320))
* Expose usage of deprecated features ([#9258](https://github.com/containerd/containerd/pull/9258))
* Switch runc shim to task service v3 and fix restore ([#9233](https://github.com/containerd/containerd/pull/9233))
* Use Intel ISA-L's igzip if available ([#9200](https://github.com/containerd/containerd/pull/9200))
* Generalize plugin library ([#9214](https://github.com/containerd/containerd/pull/9214))
* Introduce top level config migration ([#9223](https://github.com/containerd/containerd/pull/9223))
* Add image delete target ([#8989](https://github.com/containerd/containerd/pull/8989))
* Remove `LimitNOFILE` from `containerd.service` ([#8924](https://github.com/containerd/containerd/pull/8924))
* Use github.com/containerd/log ([#9086](https://github.com/containerd/containerd/pull/9086))
* Add support for image expiration during garbage collection ([#9022](https://github.com/containerd/containerd/pull/9022))
* Reduce the contention between ref lock and boltdb lock in content store ([#8792](https://github.com/containerd/containerd/pull/8792))
* Remove the CriuPath field from runc's options ([#8279](https://github.com/containerd/containerd/pull/8279))
* Remove support for config.toml `version = 1` ([#8275](https://github.com/containerd/containerd/pull/8275))
* Remove "containerd.io/restart.logpath" label ([#8264](https://github.com/containerd/containerd/pull/8264))
* Remove `aufs` snapshotter ([#8263](https://github.com/containerd/containerd/pull/8263))

#### Container Runtime Interface (CRI)

* Enable CDI by default ([#9621](https://github.com/containerd/containerd/pull/9621))
* Remove non-sandboxed CRI implementation ([#9228](https://github.com/containerd/containerd/pull/9228))
* Add image verifier transfer service plugin system based on a binary directory ([#8493](https://github.com/containerd/containerd/pull/8493))
* Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) ([#8287](https://github.com/containerd/containerd/pull/8287))
* Use sandboxed CRI by default ([#8994](https://github.com/containerd/containerd/pull/8994))
* Implement RuntimeConfig CRI call ([#8722](https://github.com/containerd/containerd/pull/8722))
* Add support for user namespaces (KEP-127) ([#8803](https://github.com/containerd/containerd/pull/8803))
* Remove CRI v1alpha2 ([#8276](https://github.com/containerd/containerd/pull/8276))

#### Runtime

* Add sandboxer configuration and move sandbox controllers to plugins ([#8268](https://github.com/containerd/containerd/pull/8268))
* Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([#8262](https://github.com/containerd/containerd/pull/8262))

#### Security Advisories

* [medium] RAPL accessible to a container [GHSA-7ww5-4wqc-m92c](https://github.com/containerd/containerd/security/advisories/GHSA-7ww5-4wqc-m92c)

#### Breaking

* Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([#9320](https://github.com/containerd/containerd/pull/9320))
* Move client to subpackage ([#9316](https://github.com/containerd/containerd/pull/9316))
* Remove `LimitNOFILE` from `containerd.service` ([#8924](https://github.com/containerd/containerd/pull/8924))
* Remove CRI v1alpha2 ([#8276](https://github.com/containerd/containerd/pull/8276))
* Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([#8262](https://github.com/containerd/containerd/pull/8262))
* Remove "containerd.io/restart.logpath" label ([#8264](https://github.com/containerd/containerd/pull/8264))
* Remove `aufs` snapshotter ([#8263](https://github.com/containerd/containerd/pull/8263))

#### Deprecations

* Deprecate go-plugin configuration option ([#9238](https://github.com/containerd/containerd/pull/9238))
* CNI conf_template in CRI is no longer deprecated ([#8637](https://github.com/containerd/containerd/pull/8637))

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Derek McGowan
* Akihiro Suda
* Wei Fu
* Phil Estes
* Sebastiaan van Stijn
* Samuel Karp
* Maksym Pavlenko
* Kazuyoshi Kato
* Rodrigo Campos
* Danny Canter
* Gabriel Adrian Samfira
* Iceber Gu
* Abel Feng
* Akhil Mohan
* Jin Dong
* Bjorn Neergaard
* Kirtana Ashok
* Kohei Tokunaga
* Austin Vazquez
* rongfu.leng
* Mike Brown
* Paul "TBBle" Hampson
* Krisztian Litkey
* James Sturtevant
* Enrico Weigelt
* Paweł Gronowski
* Ilya Hanov
* Marat Radchenko
* Cardy.Tang
* Hsing-Yu (David) Chen
* Justin Chadwell
* Brian Goff
* Bryant Biggs
* Davanum Srinivas
* Henry Wang
* Kay Yan
* Laura Brehm
* Markus Lehtonen
* Nashwan Azhari
* Shingo Omura
* Vinayak Goyal
* helen
* Aditi Sharma
* Charity Kathure
* Ed Bartosh
* Evan Lezar
* James Jenkins
* Milas Bowman
* yanggang
* Aditya Ramani
* Amit Barve
* Artem Khramov
* Brad Davidson
* Chen Yiyang
* Cory Snider
* Djordje Lukic
* Ethan Lowman
* Jiang Liu
* Jordan Liggitt
* June Rhodes
* Mahamed Ali
* Michael Crosby
* Peteris Rudzusiks
* Sam Edwards
* Samruddhi Khandale
* Shuaiyi Zhang
* Steve Griffith
* VERNOU Cédric
* hang.jiang
* jerryzhuang
* lengrongfu
* Aaron Lehmann
* Alex Couture-Beil
* Alex Ellis
* Alex Rodriguez
* Alexandru Matei
* Amir M. Ghazanfari
* Anthony Nandaa
* Antonio Huete Jimenez
* Avi Deitcher
* Ben Foster
* Bin Xin
* BinBin He
* Brennan Kinney
* Craig Ingram
* Daisy Rong
* Edgar Lee
* Eng Zer Jun
* Etienne Champetier
* Fahed Dorgaa
* Gary McDonald
* Iain Macdonald
* James Lakin
* Jan Dubois
* Jaroslav Jindrak
* Jiongchi Yu
* Kern Walster
* Kevin Parsons
* Konstantin Khlebnikov
* Maksim An
* Pan Yibo
* Qasim Sarfraz
* Qiutong Song
* Robbie Buxton
* Robert-André Mauchin
* Shukui Yang
* Tianon Gravi
* Tony Fang
* Tõnis Tiigi
* Wang Xinwen
* William Chen
* Yibo Zhuang
* Yury Gargay
* charles-chenzz
* chschumacher1994
* guangli.bao
* krglosse
* ningmingxiao
* pigletfly
* rokkiter
* roman-kiselenko
* roman-kiselenko
* wangxiang
* zhangpeng
* zhaojizhuang
* zounengren
* 吴小白
* 张钰
* 沈陵

### Dependency Changes

* **cloud.google.com/go/compute/metadata**                                         v0.2.3 **_new_**
* **dario.cat/mergo**                                                              v1.0.0 **_new_**
* **github.com/AdaLogics/go-fuzz-headers**                                         1f10f66a31bf -> ced1acdcaa24
* **github.com/AdamKorcz/go-118-fuzz-build**                                       5330a85ea652 -> 8075edf89bb0
* **github.com/Microsoft/go-winio**                                                v0.6.0 -> v0.6.1
* **github.com/Microsoft/hcsshim**                                                 v0.10.0-rc.7 -> v0.12.0-rc.2
* **github.com/cenkalti/backoff/v4**                                               v4.2.0 -> v4.2.1
* **github.com/cilium/ebpf**                                                       v0.9.1 -> v0.11.0
* **github.com/containerd/cgroups/v3**                                             v3.0.1 -> v3.0.3
* **github.com/containerd/continuity**                                             v0.3.0 -> v0.4.3
* **github.com/containerd/errdefs**                                                v0.1.0 **_new_**
* **github.com/containerd/go-runc**                                                v1.0.0 -> v1.1.0
* **github.com/containerd/log**                                                    v0.1.0 **_new_**
* **github.com/containerd/nri**                                                    v0.3.0 -> v0.5.0
* **github.com/containerd/platforms**                                              v0.1.1 **_new_**
* **github.com/containerd/plugin**                                                 7ec69893e1e7 **_new_**
* **github.com/containerd/ttrpc**                                                  v1.2.1 -> v1.2.2
* **github.com/containerd/typeurl/v2**                                             v2.1.0 -> v2.1.1
* **github.com/containernetworking/plugins**                                       v1.2.0 -> v1.4.0
* **github.com/distribution/reference**                                            v0.5.0 **_new_**
* **github.com/emicklei/go-restful/v3**                                            v3.10.1 -> v3.10.2
* **github.com/felixge/httpsnoop**                                                 v1.0.3 **_new_**
* **github.com/fsnotify/fsnotify**                                                 v1.6.0 -> v1.7.0
* **github.com/go-logr/logr**                                                      v1.2.3 -> v1.4.1
* **github.com/golang/protobuf**                                                   v1.5.2 -> v1.5.3
* **github.com/google/go-cmp**                                                     v0.5.9 -> v0.6.0
* **github.com/google/uuid**                                                       v1.3.0 -> v1.5.0
* **github.com/grpc-ecosystem/go-grpc-middleware**                                 v1.3.0 -> v1.4.0
* **github.com/grpc-ecosystem/grpc-gateway/v2**                                    v2.7.0 -> v2.16.2
* **github.com/intel/goresctrl**                                                   v0.3.0 -> v0.6.0
* **github.com/klauspost/compress**                                                v1.16.0 -> v1.17.4
* **github.com/klauspost/cpuid/v2**                                                v2.0.4 -> v2.2.5
* **github.com/minio/sha256-simd**                                                 v1.0.0 -> v1.0.1
* **github.com/moby/sys/mountinfo**                                                v0.6.2 -> v0.7.1
* **github.com/moby/sys/user**                                                     v0.1.0 **_new_**
* **github.com/opencontainers/image-spec**                                         3a7f492d3f1b -> v1.1.0-rc5
* **github.com/opencontainers/runtime-spec**                                       v1.1.0-rc.1 -> 4fec88fd00a4
* **github.com/opencontainers/runtime-tools**                                      946c877fa809 -> 2e043c6bd626
* **github.com/pelletier/go-toml/v2**                                              v2.1.1 **_new_**
* **github.com/prometheus/client_golang**                                          v1.14.0 -> v1.17.0
* **github.com/prometheus/client_model**                                           v0.3.0 -> 9a2bf3000d16
* **github.com/prometheus/common**                                                 v0.37.0 -> v0.44.0
* **github.com/prometheus/procfs**                                                 v0.8.0 -> v0.11.1
* **github.com/sirupsen/logrus**                                                   v1.9.0 -> v1.9.3
* **github.com/stretchr/testify**                                                  v1.8.2 -> v1.8.4
* **github.com/urfave/cli**                                                        v1.22.12 -> v1.22.14
* **github.com/vishvananda/netns**                                                 2eb08e3e575f -> v0.0.4
* **go.etcd.io/bbolt**                                                             v1.3.7 -> v1.3.8
* **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc**  v0.40.0 -> v0.46.1
* **go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp**                v0.45.0 **_new_**
* **go.opentelemetry.io/otel**                                                     v1.14.0 -> v1.21.0
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace**                            v1.14.0 -> v1.19.0
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc**              v1.14.0 -> v1.19.0
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp**              v1.14.0 -> v1.19.0
* **go.opentelemetry.io/otel/metric**                                              v0.37.0 -> v1.21.0
* **go.opentelemetry.io/otel/sdk**                                                 v1.14.0 -> v1.21.0
* **go.opentelemetry.io/otel/trace**                                               v1.14.0 -> v1.21.0
* **go.opentelemetry.io/proto/otlp**                                               v0.19.0 -> v1.0.0
* **golang.org/x/exp**                                                             aacd6d4b4611 **_new_**
* **golang.org/x/mod**                                                             v0.7.0 -> v0.14.0
* **golang.org/x/net**                                                             v0.7.0 -> v0.19.0
* **golang.org/x/oauth2**                                                          v0.4.0 -> v0.13.0
* **golang.org/x/sync**                                                            v0.1.0 -> v0.6.0
* **golang.org/x/sys**                                                             v0.6.0 -> v0.16.0
* **golang.org/x/term**                                                            v0.5.0 -> v0.15.0
* **golang.org/x/text**                                                            v0.7.0 -> v0.14.0
* **golang.org/x/time**                                                            90d013bbcef8 -> v0.3.0
* **golang.org/x/tools**                                                           v0.5.0 -> v0.16.0
* **google.golang.org/appengine**                                                  v1.6.7 -> v1.6.8
* **google.golang.org/genproto/googleapis/api**                                    d307bd883b97 **_new_**
* **google.golang.org/genproto/googleapis/rpc**                                    995d672761c0 **_new_**
* **google.golang.org/grpc**                                                       v1.53.0 -> v1.60.1
* **google.golang.org/protobuf**                                                   v1.28.1 -> v1.32.0
* **k8s.io/api**                                                                   v0.26.2 -> v0.28.4
* **k8s.io/apimachinery**                                                          v0.26.2 -> v0.28.4
* **k8s.io/apiserver**                                                             v0.26.2 -> v0.28.2
* **k8s.io/client-go**                                                             v0.26.2 -> v0.28.4
* **k8s.io/component-base**                                                        v0.26.2 -> v0.28.4
* **k8s.io/cri-api**                                                               v0.26.2 -> v0.28.2
* **k8s.io/klog/v2**                                                               v2.90.1 -> v2.100.1
* **k8s.io/kubelet**                                                               v0.28.2 **_new_**
* **k8s.io/utils**                                                                 a5ecb0141aa5 -> d93618cff8a2
* **sigs.k8s.io/json**                                                             f223a00ba0e2 -> bc3834ca7abd
* **tags.cncf.io/container-device-interface**                                      v0.6.2 **_new_**
* **tags.cncf.io/container-device-interface/specs-go**                             v0.6.0 **_new_**

Previous release can be found at [v1.7.0](https://github.com/containerd/containerd/releases/tag/v1.7.0)
### Which file should I download?
* `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`:         ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
* `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`:  Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases)
and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too.

See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
    Unverified

  • v2.0.0-beta.1

    6f44916e · Merge pull request #9654 from dmcgowan/prepare-v2.0.0-beta.1 · 
    containerd 2.0.0-beta.1

Welcome to the v2.0.0-beta.1 release of containerd!
*This is a pre-release of containerd*

The first major release of containerd 2.x focuses on the continued stability of
containerd's core feature set with an easy upgrade from containerd 1.x. This
release includes the stabilization of new features added in the last 1.x release
as well as the removal of features which were deprecated in 1.x. The goal is to
support the vast community of containerd users well into the future along with
their ever increasing deployment footprints and variety of use cases.

### Highlights

* Move packages based on contributing guide ([#9365](https://github.com/containerd/containerd/pull/9365))
* Update import and export to allow references to missing content  ([#9554](https://github.com/containerd/containerd/pull/9554))
* *: enable ARM64 runner ([#9456](https://github.com/containerd/containerd/pull/9456))
* Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([#9320](https://github.com/containerd/containerd/pull/9320))
* Expose usage of deprecated features ([#9258](https://github.com/containerd/containerd/pull/9258))
* Switch runc shim to task service v3 and fix restore ([#9233](https://github.com/containerd/containerd/pull/9233))
* Use Intel ISA-L's igzip if available ([#9200](https://github.com/containerd/containerd/pull/9200))
* Generalize plugin library ([#9214](https://github.com/containerd/containerd/pull/9214))
* Introduce top level config migration ([#9223](https://github.com/containerd/containerd/pull/9223))
* Add image delete target ([#8989](https://github.com/containerd/containerd/pull/8989))
* Use github.com/containerd/log ([#9086](https://github.com/containerd/containerd/pull/9086))
* Add support for image expiration during garbage collection ([#9022](https://github.com/containerd/containerd/pull/9022))
* Reduce the contention between ref lock and boltdb lock in content store ([#8792](https://github.com/containerd/containerd/pull/8792))
* Remove the CriuPath field from runc's options ([#8279](https://github.com/containerd/containerd/pull/8279))
* Remove support for config.toml `version = 1` ([#8275](https://github.com/containerd/containerd/pull/8275))
* Remove "containerd.io/restart.logpath" label ([#8264](https://github.com/containerd/containerd/pull/8264))
* Remove `aufs` snapshotter ([#8263](https://github.com/containerd/containerd/pull/8263))

#### Container Runtime Interface (CRI)

* Enable CDI by default ([#9621](https://github.com/containerd/containerd/pull/9621))
* Remove non-sandboxed CRI implementation ([#9228](https://github.com/containerd/containerd/pull/9228))
* Add image verifier transfer service plugin system based on a binary directory ([#8493](https://github.com/containerd/containerd/pull/8493))
* Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) ([#8287](https://github.com/containerd/containerd/pull/8287))
* Use sandboxed CRI by default ([#8994](https://github.com/containerd/containerd/pull/8994))
* Implement RuntimeConfig CRI call ([#8722](https://github.com/containerd/containerd/pull/8722))
* Add support for user namespaces (KEP-127) ([#8803](https://github.com/containerd/containerd/pull/8803))
* Remove CRI v1alpha2 ([#8276](https://github.com/containerd/containerd/pull/8276))

#### Runtime

* Add sandboxer configuration and move sandbox controllers to plugins ([#8268](https://github.com/containerd/containerd/pull/8268))
* Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([#8262](https://github.com/containerd/containerd/pull/8262))

#### Security Advisories

* [medium] RAPL accessible to a container [GHSA-7ww5-4wqc-m92c](https://github.com/containerd/containerd/security/advisories/GHSA-7ww5-4wqc-m92c)

#### Breaking

* Update RuntimeDefault seccomp profile to disallow io_uring related syscalls ([#9320](https://github.com/containerd/containerd/pull/9320))
* Move client to subpackage ([#9316](https://github.com/containerd/containerd/pull/9316))
* Remove CRI v1alpha2 ([#8276](https://github.com/containerd/containerd/pull/8276))
* Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([#8262](https://github.com/containerd/containerd/pull/8262))
* Remove "containerd.io/restart.logpath" label ([#8264](https://github.com/containerd/containerd/pull/8264))
* Remove `aufs` snapshotter ([#8263](https://github.com/containerd/containerd/pull/8263))

#### Deprecations

* Deprecate go-plugin configuration option ([#9238](https://github.com/containerd/containerd/pull/9238))
* CNI conf_template in CRI is no longer deprecated ([#8637](https://github.com/containerd/containerd/pull/8637))

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Derek McGowan
* Akihiro Suda
* Wei Fu
* Phil Estes
* Sebastiaan van Stijn
* Samuel Karp
* Maksym Pavlenko
* Kazuyoshi Kato
* Rodrigo Campos
* dependabot[bot]
* Danny Canter
* Gabriel Adrian Samfira
* Iceber Gu
* Abel Feng
* Jin Dong
* Bjorn Neergaard
* Kirtana Ashok
* Kohei Tokunaga
* Austin Vazquez
* rongfu.leng
* Akhil Mohan
* Mike Brown
* Paul "TBBle" Hampson
* Krisztian Litkey
* Enrico Weigelt
* James Sturtevant
* Paweł Gronowski
* Ilya Hanov
* Marat Radchenko
* Cardy.Tang
* Hsing-Yu (David) Chen
* Justin Chadwell
* Brian Goff
* Bryant Biggs
* Davanum Srinivas
* Henry Wang
* Kay Yan
* Laura Brehm
* Markus Lehtonen
* Nashwan Azhari
* Shingo Omura
* Vinayak Goyal
* helen
* Aditi Sharma
* Charity Kathure
* Ed Bartosh
* James Jenkins
* Milas Bowman
* Aditya Ramani
* Amit Barve
* Artem Khramov
* Brad Davidson
* Chen Yiyang
* Cory Snider
* Djordje Lukic
* Ethan Lowman
* Jiang Liu
* Jordan Liggitt
* June Rhodes
* Mahamed Ali
* Michael Crosby
* Peteris Rudzusiks
* Sam Edwards
* Samruddhi Khandale
* Shuaiyi Zhang
* Steve Griffith
* VERNOU Cédric
* hang.jiang
* jerryzhuang
* lengrongfu
* Aaron Lehmann
* Alex Couture-Beil
* Alex Ellis
* Alex Rodriguez
* Alexandru Matei
* Amir M. Ghazanfari
* Anthony Nandaa
* Antonio Huete Jimenez
* Avi Deitcher
* Ben Foster
* Bin Xin
* BinBin He
* Brennan Kinney
* Craig Ingram
* Daisy Rong
* Edgar Lee
* Eng Zer Jun
* Etienne Champetier
* Evan Lezar
* Fahed Dorgaa
* Gary McDonald
* Iceber Gu
* James Lakin
* Jan Dubois
* Jaroslav Jindrak
* Jiongchi Yu
* Kern Walster
* Kevin Parsons
* Konstantin Khlebnikov
* Maksim An
* Pan Yibo
* Qasim Sarfraz
* Qiutong Song
* Robbie Buxton
* Robert-André Mauchin
* Shukui Yang
* Tianon Gravi
* Tony Fang
* Tõnis Tiigi
* Wang Xinwen
* William Chen
* Yibo Zhuang
* charles-chenzz
* chschumacher1994
* guangli.bao
* ningmingxiao
* pigletfly
* rokkiter
* roman-kiselenko
* wangxiang
* zhangpeng
* zhaojizhuang
* zounengren
* 吴小白
* 沈陵

### Dependency Changes

* **cloud.google.com/go/compute/metadata**                                         v0.2.3 **_new_**
* **dario.cat/mergo**                                                              v1.0.0 **_new_**
* **github.com/AdaLogics/go-fuzz-headers**                                         1f10f66a31bf -> ced1acdcaa24
* **github.com/AdamKorcz/go-118-fuzz-build**                                       5330a85ea652 -> 8075edf89bb0
* **github.com/Microsoft/go-winio**                                                v0.6.0 -> v0.6.1
* **github.com/Microsoft/hcsshim**                                                 v0.10.0-rc.7 -> v0.12.0-rc.2
* **github.com/cenkalti/backoff/v4**                                               v4.2.0 -> v4.2.1
* **github.com/cilium/ebpf**                                                       v0.9.1 -> v0.11.0
* **github.com/container-orchestrated-devices/container-device-interface**         v0.5.4 -> v0.6.1
* **github.com/containerd/cgroups/v3**                                             v3.0.1 -> v3.0.3
* **github.com/containerd/continuity**                                             v0.3.0 -> v0.4.3
* **github.com/containerd/go-runc**                                                v1.0.0 -> v1.1.0
* **github.com/containerd/log**                                                    v0.1.0 **_new_**
* **github.com/containerd/nri**                                                    v0.3.0 -> v0.5.0
* **github.com/containerd/plugin**                                                 7ec69893e1e7 **_new_**
* **github.com/containerd/ttrpc**                                                  v1.2.1 -> v1.2.2
* **github.com/containerd/typeurl/v2**                                             v2.1.0 -> v2.1.1
* **github.com/containernetworking/plugins**                                       v1.2.0 -> v1.4.0
* **github.com/distribution/reference**                                            v0.5.0 **_new_**
* **github.com/emicklei/go-restful/v3**                                            v3.10.1 -> v3.10.2
* **github.com/felixge/httpsnoop**                                                 v1.0.3 **_new_**
* **github.com/fsnotify/fsnotify**                                                 v1.6.0 -> v1.7.0
* **github.com/go-logr/logr**                                                      v1.2.3 -> v1.4.1
* **github.com/golang/protobuf**                                                   v1.5.2 -> v1.5.3
* **github.com/google/go-cmp**                                                     v0.5.9 -> v0.6.0
* **github.com/google/uuid**                                                       v1.3.0 -> v1.5.0
* **github.com/grpc-ecosystem/go-grpc-middleware**                                 v1.3.0 -> v1.4.0
* **github.com/grpc-ecosystem/grpc-gateway/v2**                                    v2.7.0 -> v2.16.2
* **github.com/intel/goresctrl**                                                   v0.3.0 -> v0.6.0
* **github.com/klauspost/compress**                                                v1.16.0 -> v1.17.4
* **github.com/klauspost/cpuid/v2**                                                v2.0.4 -> v2.2.5
* **github.com/minio/sha256-simd**                                                 v1.0.0 -> v1.0.1
* **github.com/moby/sys/mountinfo**                                                v0.6.2 -> v0.7.1
* **github.com/moby/sys/user**                                                     v0.1.0 **_new_**
* **github.com/opencontainers/image-spec**                                         3a7f492d3f1b -> v1.1.0-rc5
* **github.com/opencontainers/runtime-spec**                                       v1.1.0-rc.1 -> 4fec88fd00a4
* **github.com/opencontainers/runtime-tools**                                      946c877fa809 -> 2e043c6bd626
* **github.com/pelletier/go-toml/v2**                                              v2.1.1 **_new_**
* **github.com/prometheus/client_golang**                                          v1.14.0 -> v1.17.0
* **github.com/prometheus/client_model**                                           v0.3.0 -> 9a2bf3000d16
* **github.com/prometheus/common**                                                 v0.37.0 -> v0.44.0
* **github.com/prometheus/procfs**                                                 v0.8.0 -> v0.11.1
* **github.com/sirupsen/logrus**                                                   v1.9.0 -> v1.9.3
* **github.com/stretchr/testify**                                                  v1.8.2 -> v1.8.4
* **github.com/urfave/cli**                                                        v1.22.12 -> v1.22.14
* **github.com/vishvananda/netns**                                                 2eb08e3e575f -> v0.0.4
* **go.etcd.io/bbolt**                                                             v1.3.7 -> v1.3.8
* **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc**  v0.40.0 -> v0.46.1
* **go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp**                v0.45.0 **_new_**
* **go.opentelemetry.io/otel**                                                     v1.14.0 -> v1.21.0
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace**                            v1.14.0 -> v1.19.0
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc**              v1.14.0 -> v1.19.0
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp**              v1.14.0 -> v1.19.0
* **go.opentelemetry.io/otel/metric**                                              v0.37.0 -> v1.21.0
* **go.opentelemetry.io/otel/sdk**                                                 v1.14.0 -> v1.21.0
* **go.opentelemetry.io/otel/trace**                                               v1.14.0 -> v1.21.0
* **go.opentelemetry.io/proto/otlp**                                               v0.19.0 -> v1.0.0
* **golang.org/x/exp**                                                             aacd6d4b4611 **_new_**
* **golang.org/x/mod**                                                             v0.7.0 -> v0.14.0
* **golang.org/x/net**                                                             v0.7.0 -> v0.19.0
* **golang.org/x/oauth2**                                                          v0.4.0 -> v0.13.0
* **golang.org/x/sync**                                                            v0.1.0 -> v0.6.0
* **golang.org/x/sys**                                                             v0.6.0 -> v0.16.0
* **golang.org/x/term**                                                            v0.5.0 -> v0.15.0
* **golang.org/x/text**                                                            v0.7.0 -> v0.14.0
* **golang.org/x/time**                                                            90d013bbcef8 -> v0.3.0
* **golang.org/x/tools**                                                           v0.5.0 -> v0.16.0
* **google.golang.org/appengine**                                                  v1.6.7 -> v1.6.8
* **google.golang.org/genproto/googleapis/api**                                    d307bd883b97 **_new_**
* **google.golang.org/genproto/googleapis/rpc**                                    995d672761c0 **_new_**
* **google.golang.org/grpc**                                                       v1.53.0 -> v1.60.1
* **google.golang.org/protobuf**                                                   v1.28.1 -> v1.32.0
* **k8s.io/api**                                                                   v0.26.2 -> v0.28.4
* **k8s.io/apimachinery**                                                          v0.26.2 -> v0.28.4
* **k8s.io/apiserver**                                                             v0.26.2 -> v0.28.2
* **k8s.io/client-go**                                                             v0.26.2 -> v0.28.4
* **k8s.io/component-base**                                                        v0.26.2 -> v0.28.4
* **k8s.io/cri-api**                                                               v0.26.2 -> v0.28.2
* **k8s.io/klog/v2**                                                               v2.90.1 -> v2.100.1
* **k8s.io/kubelet**                                                               v0.28.2 **_new_**
* **k8s.io/utils**                                                                 a5ecb0141aa5 -> d93618cff8a2
* **sigs.k8s.io/json**                                                             f223a00ba0e2 -> bc3834ca7abd

Previous release can be found at [v1.7.0](https://github.com/containerd/containerd/releases/tag/v1.7.0)
### Which file should I download?
* `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`:         ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
* `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`:  Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases)
and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too.

See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
    Unverified

  • v1.6.27

    a1496014 · Merge pull request #9631 from dmcgowan/prepare-v1.6.27 · 
    containerd 1.6.27

Welcome to the v1.6.27 release of containerd!

The twenty-seventh patch release for containerd 1.6 contains various fixes and updates.

### Notable Updates

* **Improve `/etc/group` handling when appending groups** ([#9543](https://github.com/containerd/containerd/pull/9543))
* **Update runc binary to v1.1.11** ([#9597](https://github.com/containerd/containerd/pull/9597))
* **Remove runc import** ([#9606](https://github.com/containerd/containerd/pull/9606))
* **Update shim pidfile permissions to 0644** ([#9613](https://github.com/containerd/containerd/pull/9613))
* **Update Go version to 1.20.13** ([#9625](https://github.com/containerd/containerd/pull/9625))

### Deprecation Warnings

* **Emit deprecation warning for CRIU config usage** ([#9448](https://github.com/containerd/containerd/pull/9448))
* **Emit deprecation warning for some CRI configs** ([#9447](https://github.com/containerd/containerd/pull/9447))
* **Emit deprecation warning for `containerd.io/restart.logpath` label usage** ([#9572](https://github.com/containerd/containerd/pull/9572))

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Samuel Karp
* Akihiro Suda
* Derek McGowan
* Sebastiaan van Stijn
* Djordje Lukic
* Jaroslav Jindrak
* Kay Yan
* Maksym Pavlenko
* Phil Estes
* Wei Fu
* ruiwen-zhao

### Changes
<details><summary>26 commits</summary>
<p>

* [release/1.6] Prepare release notes for v1.6.27 ([#9631](https://github.com/containerd/containerd/pull/9631))
  * [`d0edecf28`](https://github.com/containerd/containerd/commit/d0edecf28b51b35cfb549e3d18467bd2087fb0e7) Prepare release notes for v1.6.27
* [release/1.6] update to go1.20.13, test go1.21.6 ([#9625](https://github.com/containerd/containerd/pull/9625))
  * [`32a515211`](https://github.com/containerd/containerd/commit/32a515211d03771e3a35bf7bcb4b114bf1131ada) update to go1.20.13, test go1.21.6
* [release/1.6 backport] shim: Create pid-file with 0644 permissions ([#9613](https://github.com/containerd/containerd/pull/9613))
  * [`37de14d95`](https://github.com/containerd/containerd/commit/37de14d9562db48f9b66f37b10fa3e704455ae25) shim: Create pid-file with 0644 permissions
* [release/1.6 backport] remove github.com/opencontainers/runc dependency ([#9606](https://github.com/containerd/containerd/pull/9606))
  * [`3938d63de`](https://github.com/containerd/containerd/commit/3938d63de4737668ccec1f5eaf552c58a5d32057) remove github.com/opencontainers/runc dependency
* [release/1.6 backport] update runc binary to v1.1.11 ([#9597](https://github.com/containerd/containerd/pull/9597))
  * [`9a9b11f73`](https://github.com/containerd/containerd/commit/9a9b11f733f778ce6171396d0c95e2b68cca5e21) update runc binary to v1.1.11
* [release/1.6 backport] go.mod: dario.cat/mergo v1.0.0 ([#9570](https://github.com/containerd/containerd/pull/9570))
  * [`6cd8e17ab`](https://github.com/containerd/containerd/commit/6cd8e17aba91d9f46f9e1a27b6381744e6cafe48) go.mod: dario.cat/mergo v1.0.0
  * [`4f8ff5154`](https://github.com/containerd/containerd/commit/4f8ff5154abd2127d148fb11ca54feb6f0fb47af) go.mod: github.com/imdario/mergo v0.3.13
* [release/1.6] restart: containerd.io/restart.logpath warning ([#9572](https://github.com/containerd/containerd/pull/9572))
  * [`d24d263a4`](https://github.com/containerd/containerd/commit/d24d263a42f51dca398070be1f8268fd53fe6cc9) restart: containerd.io/restart.logpath warning
* [release/1.6 backport] WithAppendAdditionalGroups: better /etc/group handling ([#9543](https://github.com/containerd/containerd/pull/9543))
  * [`9489c0eb0`](https://github.com/containerd/containerd/commit/9489c0eb0e7e51d90a0c2b5b4f5cbe23936d95ca) WithAppendAdditionalGroups: better /etc/group handling
* [release/1.6] cri: add deprecation warnings for deprecated CRI configs ([#9547](https://github.com/containerd/containerd/pull/9547))
  * [`713065793`](https://github.com/containerd/containerd/commit/713065793592c0f877c81712a6f310f3d730bf07) deprecation: fix missing spaces in warnings
  * [`de0cc92a7`](https://github.com/containerd/containerd/commit/de0cc92a793b84118356715503243a2b9664dfa5) cri: add deprecation warning for runtime_root
  * [`833b94149`](https://github.com/containerd/containerd/commit/833b94149b6fd4faa6d4719ef7926257f5b2b098) cri: add deprecation warning for rutnime_engine
  * [`47de3d63d`](https://github.com/containerd/containerd/commit/47de3d63df0e5ffa522dfc2b6cb5b2d472879f28) cri: add deprecation warning for default_runtime
  * [`d421b8fda`](https://github.com/containerd/containerd/commit/d421b8fda9d0d303e1b90a13f378e6fffe7d9187) cri: add warning for untrusted_workload_runtime
  * [`802cb64b0`](https://github.com/containerd/containerd/commit/802cb64b00aab14d0f2edb45c9b89eef0016dc1c) cri: add warning for old form of systemd_cgroup
* [release/1.6] Add warning for CRIU config usage ([#9546](https://github.com/containerd/containerd/pull/9546))
  * [`f8447466c`](https://github.com/containerd/containerd/commit/f8447466ccd8277083fefeb6db91194c4559ed0b) Add warning for CRIU config usage
</p>
</details>

### Dependency Changes

* **dario.cat/mergo**           v1.0.0 **_new_**
* **github.com/moby/sys/user**  v0.1.0 **_new_**

Previous release can be found at [v1.6.26](https://github.com/containerd/containerd/releases/tag/v1.6.26)
    Unverified

  • v1.7.12

    71909c18 · Merge pull request #9632 from dmcgowan/prepare-v1.7.12 · 
    containerd 1.7.12

Welcome to the v1.7.12 release of containerd!

The twelfth patch release for containerd 1.7 contains various fixes and updates.

### Notable Updates

* **Fix on dialer function for Windows** ([#9501](https://github.com/containerd/containerd/pull/9501))
* **Improve `/etc/group` handling when appending groups** ([#9544](https://github.com/containerd/containerd/pull/9544))
* **Update shim pidfile permissions to 0644** ([#9548](https://github.com/containerd/containerd/pull/9548))
* **Update runc binary to v1.1.11** ([#9596](https://github.com/containerd/containerd/pull/9596))
* **Allow import and export to reference missing content** ([#9600](https://github.com/containerd/containerd/pull/9600))
* **Remove runc import** ([#9605](https://github.com/containerd/containerd/pull/9605))
* **Update Go version to 1.20.13** ([#9624](https://github.com/containerd/containerd/pull/9624))

### Deprecation Warnings

* **Emit deprecation warning for `containerd.io/restart.logpath` label usage** ([#9567](https://github.com/containerd/containerd/pull/9567))

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Akihiro Suda
* Sebastiaan van Stijn
* Wei Fu
* Derek McGowan
* Paweł Gronowski
* Jaroslav Jindrak
* Maksym Pavlenko
* Samuel Karp
* Anthony Nandaa
* Bjorn Neergaard
* Djordje Lukic
* Kay Yan

### Changes
<details><summary>34 commits</summary>
<p>

* [release/1.7] Prepare release notes for v1.7.12 ([#9632](https://github.com/containerd/containerd/pull/9632))
  * [`775d544fe`](https://github.com/containerd/containerd/commit/775d544fe51cb3bb9ed735fdf3e56ec45a84d78a) Prepare release notes for v1.7.12
* [release/1.7] update to go1.20.13, test go1.21.6 ([#9624](https://github.com/containerd/containerd/pull/9624))
  * [`a5dc5b894`](https://github.com/containerd/containerd/commit/a5dc5b894d2bd9bc8bff7c95bdde7564747b138f) update to go1.20.13, test go1.21.6
* [release/1.7] shim: Create pid-file and address with 0644 permissions ([#9548](https://github.com/containerd/containerd/pull/9548))
  * [`8d82242eb`](https://github.com/containerd/containerd/commit/8d82242eb525f87b91bbc2c2499559855dd363cf) shim: Create address file with 0644 permissions
  * [`260963a35`](https://github.com/containerd/containerd/commit/260963a354d972201ffe9a6ce882f1c0e9b319d9) shim: Create pid-file with 0644 permissions
* [release/1.7 backport] switch back from golang.org/x/sys/execabs to os/exec (go1.19) ([#9602](https://github.com/containerd/containerd/pull/9602))
  * [`872af82f5`](https://github.com/containerd/containerd/commit/872af82f572a2f2ff17107dd714c61b0eee2081a) remove remaining uses of golang.org/x/sys/execabs
  * [`2ad2a2e83`](https://github.com/containerd/containerd/commit/2ad2a2e835f27417749c1a0adc47f58e9cae8aa7) switch back from golang.org/x/sys/execabs to os/exec (go1.19)
* [release/1.7] update to CDI v0.6.1, and remove github.com/opencontainers/runc dependency ([#9605](https://github.com/containerd/containerd/pull/9605))
  * [`9251072f7`](https://github.com/containerd/containerd/commit/9251072f784dccd9016109c0864ff11c836c9af7) remove github.com/opencontainers/runc dependency
  * [`4e67213d4`](https://github.com/containerd/containerd/commit/4e67213d4fa02a64b7bb9ed689d68cfc0c4d104a) vendor: github.com/cncf-tags/container-device-interface v0.6.1
  * [`e0ee0be0d`](https://github.com/containerd/containerd/commit/e0ee0be0df3d3e3a951e24f616f2afc92e665c23) go.mod: github.com/opencontainers/runtime-spec v1.1.0
  * [`02be2236a`](https://github.com/containerd/containerd/commit/02be2236a26ac6d72a0d5375e61ddd648fa1261c) go.mod: github.com/.../container-device-interface v0.6.0
  * [`91f953bb4`](https://github.com/containerd/containerd/commit/91f953bb476936d13881781a83b491216d21e3e1) go.mod: github.com/opencontainers/runtime-spec v1.1.0-rc.2
* [release/1.7 backport] import/export: Support references to missing content  ([#9600](https://github.com/containerd/containerd/pull/9600))
  * [`6089b05d9`](https://github.com/containerd/containerd/commit/6089b05d9300c231b2f15cfd50426b97e1f77050) images/Export: Revert signature change
  * [`6b4b760c3`](https://github.com/containerd/containerd/commit/6b4b760c39b3b63755138357d72e0acedb3bee4e) integration/import-export: Add WithSkipMissing tests
  * [`abb3c5ef9`](https://github.com/containerd/containerd/commit/abb3c5ef943148198998a94c44d74cd01e00ad5e) export: Copy distribution source labels to manifest annotations
  * [`9609f04f6`](https://github.com/containerd/containerd/commit/9609f04f6bb9fd203b3955d561d976f34b0d4f4f) import/export: Support references to missing content
  * [`42b60d865`](https://github.com/containerd/containerd/commit/42b60d865296ef1bda5c0f981ef06844e1f58c5d) images/archive: use mediatype helpers
* [release/1.7 backport] update runc binary to v1.1.11 ([#9596](https://github.com/containerd/containerd/pull/9596))
  * [`23516a99c`](https://github.com/containerd/containerd/commit/23516a99c6fc64812a3719ea54004e1a92e9e61d) update runc binary to v1.1.11
* [release/1.7 backport] go.mod: dario.cat/mergo v1.0.0 ([#9569](https://github.com/containerd/containerd/pull/9569))
  * [`428714e32`](https://github.com/containerd/containerd/commit/428714e320b12dd1474c836fa15e79f824edfe2a) go.mod: dario.cat/mergo v1.0.0
* [release/1.7] restart: containerd.io/restart.logpath warning ([#9567](https://github.com/containerd/containerd/pull/9567))
  * [`03fed557e`](https://github.com/containerd/containerd/commit/03fed557e38f3cfeca0652607100c40c86806288) restart: containerd.io/restart.logpath warning
* [release 1.7] backport: fix on dialer function for windows ([#9501](https://github.com/containerd/containerd/pull/9501))
  * [`68d237392`](https://github.com/containerd/containerd/commit/68d2373926bc0a9dcc2fb6cdf49dd2188a327b9f) fix(pkg/dialer): minor fix on dialer function for windows
* [release/1.7] *: enable ARM64 runner ([#9502](https://github.com/containerd/containerd/pull/9502))
  * [`c63165123`](https://github.com/containerd/containerd/commit/c63165123374eaba96616b6ecdd2bb34aaae8e36) *: enable ARM64 runner
* [release/1.7 backport] WithAppendAdditionalGroups: better /etc/group handling ([#9544](https://github.com/containerd/containerd/pull/9544))
  * [`55e570844`](https://github.com/containerd/containerd/commit/55e570844473d689572d68cff7f7bcc5bdcba2ce) WithAppendAdditionalGroups: better /etc/group handling
</p>
</details>

### Dependency Changes

* **dario.cat/mergo**                                                       v1.0.0 **_new_**
* **github.com/container-orchestrated-devices/container-device-interface**  v0.5.4 -> v0.6.1
* **github.com/moby/sys/user**                                              v0.1.0 **_new_**
* **github.com/opencontainers/runtime-spec**                                v1.1.0-rc.1 -> v1.1.0

Previous release can be found at [v1.7.11](https://github.com/containerd/containerd/releases/tag/v1.7.11)
    Unverified

  • v1.7.11

    64b8a811 · Merge pull request #9491 from dmcgowan/prepare-1.7.11 · 
    containerd 1.7.11

Welcome to the v1.7.11 release of containerd!

The eleventh patch release for containerd 1.7 contains various fixes and updates including
one security issue.

### Notable Updates

* **Fix Windows default path overwrite issue** ([#9440](https://github.com/containerd/containerd/pull/9440))
* **Update push to always inherit distribution sources from parent** ([#9452](https://github.com/containerd/containerd/pull/9452))
* **Update shim to use net dial for gRPC shim sockets** ([#9458](https://github.com/containerd/containerd/pull/9458))
* **Fix otel version incompatibility** ([#9483](https://github.com/containerd/containerd/pull/9483))
* **Fix Windows snapshotter blocking snapshot GC on remove failure** ([#9482](https://github.com/containerd/containerd/pull/9482))
* **Mask `/sys/devices/virtual/powercap` path in runtime spec and deny in default apparmor profile** ([GHSA-7ww5-4wqc-m92c](https://github.com/containerd/containerd/security/advisories/GHSA-7ww5-4wqc-m92c))

### Deprecation Warnings

* **Emit deprecation warning for AUFS snapshotter** ([#9436](https://github.com/containerd/containerd/pull/9436))
* **Emit deprecation warning for v1 runtime** ([#9450](https://github.com/containerd/containerd/pull/9450))
* **Emit deprecation warning for deprecated CRI configs** ([#9469](https://github.com/containerd/containerd/pull/9469))
* **Emit deprecation warning for CRI v1alpha1 usage** ([#9479](https://github.com/containerd/containerd/pull/9479))
* **Emit deprecation warning for CRIU config in CRI** ([#9481](https://github.com/containerd/containerd/pull/9481))

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Samuel Karp
* Derek McGowan
* Phil Estes
* Bjorn Neergaard
* Danny Canter
* Sebastiaan van Stijn
* ruiwen-zhao
* Akihiro Suda
* Amit Barve
* Charity Kathure
* Maksym Pavlenko
* Milas Bowman
* Paweł Gronowski
* Wei Fu

### Changes
<details><summary>39 commits</summary>
<p>

* [release/1.7] Prepare release notes for v1.7.11 ([#9491](https://github.com/containerd/containerd/pull/9491))
  * [`dfae68bc3`](https://github.com/containerd/containerd/commit/dfae68bc3e614a091d0a468c9026da370e3de0d9) Prepare release notes for v1.7.11
* [release/1.7] update to go1.20.12, test go1.21.5 ([#9352](https://github.com/containerd/containerd/pull/9352))
  * [`0d314401d`](https://github.com/containerd/containerd/commit/0d314401d9b9ad470153dc3d09f6d9cd7d527697) update to go1.20.12, test go1.21.5
  * [`1ec1ae2c6`](https://github.com/containerd/containerd/commit/1ec1ae2c6b6458b5d000af1ec6263b4ee337cd58) update to go1.20.11, test go1.21.4
* Github Security Advisory [GHSA-7ww5-4wqc-m92c](https://github.com/containerd/containerd/security/advisories/GHSA-7ww5-4wqc-m92c)
  * [`cb804da21`](https://github.com/containerd/containerd/commit/cb804da2101074c769a2a327597c9595b38bb4f0) contrib/apparmor: deny /sys/devices/virtual/powercap
  * [`40162a576`](https://github.com/containerd/containerd/commit/40162a576232b7d95325f85334590ea295d2ed2e) oci/spec: deny /sys/devices/virtual/powercap
* [release/1.7] Don't block snapshot garbage collection on Remove failures ([#9482](https://github.com/containerd/containerd/pull/9482))
  * [`ed7c6895b`](https://github.com/containerd/containerd/commit/ed7c6895bd3b33ccc7cfbc8cbd43f6a31333328a) Don't block snapshot garbage collection on Remove failures
* [release/1.7] Add warning for CRIU config usage ([#9481](https://github.com/containerd/containerd/pull/9481))
  * [`1fdefdd22`](https://github.com/containerd/containerd/commit/1fdefdd2242fcf704a11f1d6b5149e056ce98ed3) Add warning for CRIU config usage
* [release/1.7] Fix otel version incompatibility ([#9483](https://github.com/containerd/containerd/pull/9483))
  * [`f8f659e66`](https://github.com/containerd/containerd/commit/f8f659e66c6ec56fef092dced085d129c0e67176) Add HTTP client update function to tracing library
  * [`807ddd658`](https://github.com/containerd/containerd/commit/807ddd658b4cd6c0325204e7a19a4561a10906d2) fix(tracing): use latest version of semconv
* [release/1.7] Add cri-api v1alpha2 usage warning to all api calls ([#9479](https://github.com/containerd/containerd/pull/9479))
  * [`dc45bc838`](https://github.com/containerd/containerd/commit/dc45bc8381fa2cd903e871c81ce7b4c08e82ca3b) Add cri-api v1alpha2 usage warning to all api calls
* [release/1.7] cri: add deprecation warnings for deprecated CRI configs ([#9469](https://github.com/containerd/containerd/pull/9469))
  * [`9d1bad62e`](https://github.com/containerd/containerd/commit/9d1bad62e16f31e0b06c75e1007a623879529a6d) deprecation: fix missing spaces in warnings
  * [`51a604c07`](https://github.com/containerd/containerd/commit/51a604c0733437f4b7a20aa5ec1e6d4b4f0ab96e) cri: add deprecation warning for runtime_root
  * [`8040e74bf`](https://github.com/containerd/containerd/commit/8040e74bf8e6c25c02bb461b82f482cff24ce611) cri: add deprecation warning for rutnime_engine
  * [`99adc40eb`](https://github.com/containerd/containerd/commit/99adc40eb28db7cb93c378ff8bceb8e77559ae09) cri: add deprecation warning for default_runtime
  * [`afef7ec64`](https://github.com/containerd/containerd/commit/afef7ec646910ce1db3e824bfe17848428f3b47b) cri: add warning for untrusted_workload_runtime
  * [`6220dc190`](https://github.com/containerd/containerd/commit/6220dc1909883119a960bc96c496ae2361b94749) cri: add warning for old form of systemd_cgroup
* [release/1.7] runtime/v2: net.Dial gRPC shim sockets before trying grpc ([#9458](https://github.com/containerd/containerd/pull/9458))
  * [`80f96cd18`](https://github.com/containerd/containerd/commit/80f96cd188949bd9fa16256a8ff0b858ef692f20) runtime/v2: net.Dial gRPC shim sockets before trying grpc
* [release/1.7] tasks: emit warning for v1 runtime and runc v1 runtime ([#9450](https://github.com/containerd/containerd/pull/9450))
  * [`f471bb2b8`](https://github.com/containerd/containerd/commit/f471bb2b8e5a902ad8901c7c0db85ecead8c1730) tasks: emit warning for runc v1 runtime
  * [`329e1d487`](https://github.com/containerd/containerd/commit/329e1d487e7cc5c2773a2472df56b6eb75ae9194) tasks: emit warning for v1 runtime
* [release/1.7] push: always inherit distribution sources from parent ([#9452](https://github.com/containerd/containerd/pull/9452))
  * [`4464fde12`](https://github.com/containerd/containerd/commit/4464fde12985d98a9edbf124c54afa1156415572) push: always inherit distribution sources from parent
* [release/1.7] Update tar tests to run on Darwin ([#9451](https://github.com/containerd/containerd/pull/9451))
  * [`7e069ee25`](https://github.com/containerd/containerd/commit/7e069ee25868e5c8a67610720f8280c3451a3103) Update tar tests to run on Darwin
* [release/1.7] ctr: Add sandbox flag to ctr run ([#9449](https://github.com/containerd/containerd/pull/9449))
  * [`5fc0e4e61`](https://github.com/containerd/containerd/commit/5fc0e4e6151dafa4d5ca8837f3d99b6a8e816866) ctr: Add sandbox flag to ctr run
* [release/1.7] Windows default path overwrite fix ([#9440](https://github.com/containerd/containerd/pull/9440))
  * [`31fe03764`](https://github.com/containerd/containerd/commit/31fe03764c436677a1db9be24c25f7c11780eceb) Fix windows default path overwrite issue
* [release/1.7] snapshots: emit deprecation warning for aufs ([#9436](https://github.com/containerd/containerd/pull/9436))
  * [`625b35e4b`](https://github.com/containerd/containerd/commit/625b35e4bb26ee021713f2692143bf37f9a98bdd) snapshots: emit deprecation warning for aufs
</p>
</details>

### Dependency Changes

* **github.com/felixge/httpsnoop**                                   v1.0.3 **_new_**
* **go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp**  v0.45.0 **_new_**

Previous release can be found at [v1.7.10](https://github.com/containerd/containerd/releases/tag/v1.7.10)
    Unverified

  • v1.6.26

    3dd1e886 · Merge pull request #9490 from dmcgowan/prepare-1.6.26 · 
    containerd 1.6.26

Welcome to the v1.6.26 release of containerd!

The twenty-sixth patch release for containerd 1.6 contains various fixes and updates.

### Notable Updates

* **Fix windows default path overwrite issue** ([#9441](https://github.com/containerd/containerd/pull/9441))
* **Update push to inherit distribution sources from parent** ([#9453](https://github.com/containerd/containerd/pull/9453))
* **Mask `/sys/devices/virtual/powercap` path in runtime spec and deny in default apparmor profile** ([GHSA-7ww5-4wqc-m92c](https://github.com/containerd/containerd/security/advisories/GHSA-7ww5-4wqc-m92c))

### Deprecation Warnings

* **Emit deprecation warning for AUFS snapshotter usage** ([#9448](https://github.com/containerd/containerd/pull/9448))
* **Emit deprecation warning for v1 runtime usage** ([#9468](https://github.com/containerd/containerd/pull/9468))
* **Emit deprecation warning for CRI v1alpha1 usage** ([#9468](https://github.com/containerd/containerd/pull/9468))

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Samuel Karp
* Derek McGowan
* Kohei Tokunaga
* Phil Estes
* Bjorn Neergaard
* Sebastiaan van Stijn
* Brian Goff
* Charity Kathure
* Kazuyoshi Kato
* Milas Bowman
* Wei Fu
* ruiwen-zhao

### Changes
<details><summary>30 commits</summary>
<p>

* [release/1.6] Prepare release notes for v1.6.26 ([#9490](https://github.com/containerd/containerd/pull/9490))
  * [`ac5c5d3e0`](https://github.com/containerd/containerd/commit/ac5c5d3e03ab3c5b8103a1c0bd9931389f7a8fcf) Prepare release notes for v1.6.26
* Github Security Advisory [GHSA-7ww5-4wqc-m92c](https://github.com/containerd/containerd/security/advisories/GHSA-7ww5-4wqc-m92c)
  * [`02f07fe19`](https://github.com/containerd/containerd/commit/02f07fe1994a3ddda3626c1ede2e32bc82b8e426) contrib/apparmor: deny /sys/devices/virtual/powercap
  * [`c94577e78`](https://github.com/containerd/containerd/commit/c94577e78d2924ddeb90d1601e31b50ee3acac48) oci/spec: deny /sys/devices/virtual/powercap
* [release/1.6] update to go1.20.12, test go1.21.5 ([#9472](https://github.com/containerd/containerd/pull/9472))
  * [`7cbdfc92e`](https://github.com/containerd/containerd/commit/7cbdfc92ef38f789f1a2773fa6fac405d361a6cc) update to go1.20.12, test go1.21.5
  * [`024b1cce6`](https://github.com/containerd/containerd/commit/024b1cce6b27f10e00bb9bde33a5fe9563545f8d) update to go1.20.11, test go1.21.4
* [release/1.6] Add cri-api v1alpha2 usage warning to all api calls ([#9484](https://github.com/containerd/containerd/pull/9484))
  * [`64e56bfde`](https://github.com/containerd/containerd/commit/64e56bfde95828660971673d20952f275cc2c0ba) Add cri-api v1alpha2 usage warning to all api calls
* [release/1.6] tasks: emit warning for v1 runtime and runc v1 runtime ([#9468](https://github.com/containerd/containerd/pull/9468))
  * [`efefd3bf3`](https://github.com/containerd/containerd/commit/efefd3bf334b5df0e97bff0be61ba906a9b3b528) tasks: emit warning for runc v1 runtime
  * [`7825689b4`](https://github.com/containerd/containerd/commit/7825689b4c4d68cc1cc3c6dd072c2c2ec7b2d88e) tasks: emit warning for v1 runtime
* [release/1.6] snapshots: emit deprecation warning for aufs ([#9448](https://github.com/containerd/containerd/pull/9448))
  * [`7cfe7052f`](https://github.com/containerd/containerd/commit/7cfe7052f4a2ad97e4e8032469aef588d2f0858c) snapshots: emit deprecation warning for aufs
* [release/1.6] cherry-pick/backport: Update golangci lint ([#9455](https://github.com/containerd/containerd/pull/9455))
  * [`a1ae572a2`](https://github.com/containerd/containerd/commit/a1ae572a2778bf599e93929f5145f707b667f508) Fix linter error with updated linter
  * [`b638791d6`](https://github.com/containerd/containerd/commit/b638791d66b2e34f044f04736632995446b79314) ci: bump up golangci-lint to v1.55.0
  * [`2370a2842`](https://github.com/containerd/containerd/commit/2370a2842318833b16a8274835374d0811c2ed28) Fix linter issues for golangci-lint 1.54.2
  * [`8a65e2e31`](https://github.com/containerd/containerd/commit/8a65e2e31b6710f94be64c7fada727bd2569d16f) Bump up golangci-lint to v1.54.2
  * [`969f8feb2`](https://github.com/containerd/containerd/commit/969f8feb2e0932a9f9c69f1696e552fcdcd2b31b) Bump up golangci-lint to v1.52.2
* [release/1.6] push: inherit distribution sources from parent ([#9453](https://github.com/containerd/containerd/pull/9453))
  * [`66959fdf5`](https://github.com/containerd/containerd/commit/66959fdf50d16520a84fb14c9467c0d87b7f0274) push: inherit distribution sources from parent
  * [`b4dcffcfb`](https://github.com/containerd/containerd/commit/b4dcffcfbff2694796a04243728700b37dc78d8e) content: add InfoProvider interface
  * [`bef4145c1`](https://github.com/containerd/containerd/commit/bef4145c141ad2c37e7797b4dc53b8e429b368ae) Change PushContent to require only Provider
* [release/1.6] Bump google.golang.org/grpc to v1.58.3 ([#9408](https://github.com/containerd/containerd/pull/9408))
  * [`a5fc21060`](https://github.com/containerd/containerd/commit/a5fc21060b5254be9ca28e63c1c5a7364b551ca5) vendor: google.golang.org/grpc v1.58.3
  * [`4fa05b3d8`](https://github.com/containerd/containerd/commit/4fa05b3d83488e4bc81241db1a65ca00fedec45d) Upgrade github.com/klauspost/compress from v1.11.13 to v1.15.9
* [release/1.6] Windows default path overwrite fix ([#9441](https://github.com/containerd/containerd/pull/9441))
  * [`ede0ad5e1`](https://github.com/containerd/containerd/commit/ede0ad5e12826d574623a79b71bb1fbc49e75172) Fix windows default path overwrite issue
</p>
</details>

### Dependency Changes

* **cloud.google.com/go/compute/metadata**  v0.2.3 **_new_**
* **github.com/cespare/xxhash/v2**          v2.1.2 -> v2.2.0
* **github.com/golang/protobuf**            v1.5.2 -> v1.5.3
* **github.com/klauspost/compress**         v1.11.13 -> v1.15.9
* **go.opencensus.io**                      v0.23.0 -> v0.24.0
* **golang.org/x/oauth2**                   2bc19b11175f -> v0.10.0
* **golang.org/x/sync**                     v0.1.0 -> v0.3.0
* **google.golang.org/grpc**                v1.50.1 -> v1.58.3
* **google.golang.org/protobuf**            v1.28.1 -> v1.31.0

Previous release can be found at [v1.6.25](https://github.com/containerd/containerd/releases/tag/v1.6.25)
    Unverified

  • v1.7.10

    4e1fe749 · Merge pull request #9426 from ruiwen-zhao/1.7.10 · 
    containerd 1.7.10

Welcome to the v1.7.10 release of containerd!

The tenth patch release for containerd 1.7 contains various fixes and updates.
### Notable Updates
* **Enhance container image unpack client logs** ([#9379](https://github.com/containerd/containerd/pull/9379))
* **cri: fix using the pinned label to pin image** ([#9381](https://github.com/containerd/containerd/pull/9381))
* **fix: ImagePull should close http connection if there is no available data to read.** ([#9409](https://github.com/containerd/containerd/pull/9409))

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Wei Fu
* Iceber Gu
* Austin Vazquez
* Derek McGowan
* Phil Estes
* Samuel Karp
* ruiwen-zhao

### Changes
<details><summary>11 commits</summary>
<p>

* Add release notes for v1.7.10 ([#9426](https://github.com/containerd/containerd/pull/9426))
  * [`a995fe3a8`](https://github.com/containerd/containerd/commit/a995fe3a81a933c984ba13dc8bef0271d1aca171) Add release notes for v1.7.10
* [release/1.7] fix: ImagePull should close http connection if there is no available data to read. ([#9409](https://github.com/containerd/containerd/pull/9409))
  * [`206806128`](https://github.com/containerd/containerd/commit/206806128917276994f0949dc599e4c8b8ad8f14) remotes/docker: close connection if no more data
  * [`328493962`](https://github.com/containerd/containerd/commit/32849396263f9c68f7c4f43a2abc1319488546de) integration: reproduce #9347
  * [`d1aab27cb`](https://github.com/containerd/containerd/commit/d1aab27cbd8ae75d90ad962a256d6af092dcf451) fix: deflake TestCRIImagePullTimeout/HoldingContentOpenWriter
* [release/1.7] cri: fix using the pinned label to pin image ([#9381](https://github.com/containerd/containerd/pull/9381))
  * [`a2b16d7f9`](https://github.com/containerd/containerd/commit/a2b16d7f9cd44f81ebdcffe92dee107b2ebdca8a) cri: fix update of pinned label for images
  * [`8dc861844`](https://github.com/containerd/containerd/commit/8dc8618442ad99a254de79200c89eb12284dac6e) cri: fix using the pinned label to pin image
* [release/1.7] Enhance container image unpack client logs ([#9379](https://github.com/containerd/containerd/pull/9379))
  * [`5930a3750`](https://github.com/containerd/containerd/commit/5930a3750c5db69abf7668e4df003aae8f0beace) Enhance container image unpack client logs
</p>
</details>

### Dependency Changes

This release has no dependency changes

Previous release can be found at [v1.7.9](https://github.com/containerd/containerd/releases/tag/v1.7.9)
    Unverified

  • v1.6.25

    d8f198a4 · Merge pull request #9394 from akhilerm/prepare-1.6.25 · 
    containerd 1.6.25

Welcome to the v1.6.25 release of containerd!

The twenty-fifth patch release for containerd 1.6 contains various fixes and updates.

### Notable Updates

* **Check whether content did not needs to be pushed to remote registry and cross-repo mounted or already existed** ([#9111](https://github.com/containerd/containerd/pull/9111))
* **Soft deprecate log package** ([#9105](https://github.com/containerd/containerd/pull/9105))
* **Always try to establish tls connection when tls configured** ([#9189](https://github.com/containerd/containerd/pull/9189))
* **CRI: stop recommending disable_cgroup** ([#9169](https://github.com/containerd/containerd/pull/9169))
* **Allow for images with artifacts layers to pull** ([#9150](https://github.com/containerd/containerd/pull/9150))
* **Require plugins to succeed after registering readiness** ([#9166](https://github.com/containerd/containerd/pull/9166))
* **Avoid potential deadlock in create handler in containerd-shim-runc-v2** ([#9210](https://github.com/containerd/containerd/pull/9210))
* **Add handling for missing basic auth credentials** ([#9236](https://github.com/containerd/containerd/pull/9236))
* **Add a new image label if it is docker schema 1** ([#9267](https://github.com/containerd/containerd/pull/9267))
* **Fix ambiguous tls fallback** ([#9300](https://github.com/containerd/containerd/pull/9300))
* **Expose usage of deprecated features** ([#9329](https://github.com/containerd/containerd/pull/9329))
* **Fix shimv1 leak issue** ([#9345](https://github.com/containerd/containerd/pull/9345))
* **Go version update to 1.20.10**([#9264](https://github.com/containerd/containerd/pull/9264))
* **Update runc to v1.1.10** ([#9360](https://github.com/containerd/containerd/pull/9360))
* **CRI: fix using the pinned label to pin image** ([#9382](https://github.com/containerd/containerd/pull/9382))

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Samuel Karp
* Derek McGowan
* Sebastiaan van Stijn
* Phil Estes
* Wei Fu
* Kazuyoshi Kato
* Akhil Mohan
* Akihiro Suda
* Chen Yiyang
* Fabian Hoffmann
* Iceber Gu
* Mike Brown
* Paweł Gronowski
* Austin Vazquez
* Fahed Dorgaa
* James Sturtevant
* Kern Walster
* Marat Radchenko
* Qiutong Song
* Tony Fouchard
* ruiwen-zhao

### Changes
<details><summary>82 commits</summary>
<p>

* [release/1.6] Prepare release notes for v1.6.25 ([#9394](https://github.com/containerd/containerd/pull/9394))
  * [`723d26ab2`](https://github.com/containerd/containerd/commit/723d26ab2efbaa81ce5e617a7fc3729c40f7f98d) Prepare release notes for v1.6.25
  * [`1f865eba1`](https://github.com/containerd/containerd/commit/1f865eba1f424b0bd53087819d7697f0c6639bca) update mailmap
* [release/1.6] cri: fix using the pinned label to pin image ([#9382](https://github.com/containerd/containerd/pull/9382))
  * [`b49815300`](https://github.com/containerd/containerd/commit/b4981530050c4b8efb8cab8d41b28d81eb21462d) cri: fix update of pinned label for images
  * [`751b0c186`](https://github.com/containerd/containerd/commit/751b0c1867b2fd52dccae7bafe5f453c99c65076) cri: fix using the pinned label to pin image
* [Release/1.6] vendor: golang.org/x/net v0.17.0 ([#9387](https://github.com/containerd/containerd/pull/9387))
  * [`fb5568608`](https://github.com/containerd/containerd/commit/fb5568608079ed772381c52297e474c9f951d285) vendor: golang.org/x/net v0.17.0
  * [`61ad86f6f`](https://github.com/containerd/containerd/commit/61ad86f6f9ce78c67a4ece671e1b91be080dcf61) vendor: golang.org/x/text v0.13.0
  * [`4b431c844`](https://github.com/containerd/containerd/commit/4b431c8441f38049d266a69da7e2a7045af5f2dc) vendor: golang.org/x/sys v0.13.0
* [Release/1.6] CVE-2022-1996 fix for go-restful ([#9385](https://github.com/containerd/containerd/pull/9385))
  * [`62d402275`](https://github.com/containerd/containerd/commit/62d402275cdee9748c08690156f9ccb724d7c061) Remove CVE-2022-1996 from containerd binary upgrading go-restful to 2.16.0
* [release/1.6] Enhance container image unpack client logs ([#9380](https://github.com/containerd/containerd/pull/9380))
  * [`3e68bf65a`](https://github.com/containerd/containerd/commit/3e68bf65af4405c517b4292a24781dc4e1419ac8) Enhance container image unpack client logs
* [release/1.6] update github.com/containerd/nri v0.1.1 ([#9107](https://github.com/containerd/containerd/pull/9107))
  * [`0dd65c826`](https://github.com/containerd/containerd/commit/0dd65c826ebcaf2376c4d38d3bbe99345bf64b86) [release/1.6] update github.com/containerd/nri v0.1.1
* [release/1.6 backport] update runc binary to v1.1.10 ([#9360](https://github.com/containerd/containerd/pull/9360))
  * [`c73be2446`](https://github.com/containerd/containerd/commit/c73be2446e4414c701e7fce7b8f391c3dd113e8b) update runc binary to v1.1.10
* [release/1.6] Expose usage of cri-api v1alpha2 ([#9357](https://github.com/containerd/containerd/pull/9357))
  * [`746bcf2eb`](https://github.com/containerd/containerd/commit/746bcf2ebb7950dafe89a0dcf8db48b428fdd2d1) Expose usage of cri-api v1alpha2
* [release/1.6] fix: shimv1 leak issue ([#9345](https://github.com/containerd/containerd/pull/9345))
  * [`8b51a95fb`](https://github.com/containerd/containerd/commit/8b51a95fb2b05dd3a2c00f16606656300cc8a1cf) fix: shimv1 leak issue
* [release/1.6] update to go1.20.10, test go1.21.3 ([#9264](https://github.com/containerd/containerd/pull/9264))
  * [`6741f819b`](https://github.com/containerd/containerd/commit/6741f819bfe4e8da485af2d0e1c7b134b40543b2) [release/1.6] update to go1.20.10, test go1.21.3
  * [`49615a0e9`](https://github.com/containerd/containerd/commit/49615a0e9e6f10fc0c13d509d2fc86f3bed63adc) [release/1.6] update to go1.20.9, test go1.21.2
* [release/1.6] cri: add deprecation warnings for mirrors, auths, and configs ([#9355](https://github.com/containerd/containerd/pull/9355))
  * [`b68204e53`](https://github.com/containerd/containerd/commit/b68204e53b39cb705e85283a8f4f2f6082ac484c) cri: add deprecation warning for configs
  * [`ae8c58319`](https://github.com/containerd/containerd/commit/ae8c58319d8144e583f7f3796a074b9090ae16e8) cri: add deprecation warning for auths
  * [`455edcad2`](https://github.com/containerd/containerd/commit/455edcad2cb5f414ef67001f0bdae9f9440cfad8) cri: add deprecation warning for mirrors
  * [`878823f4d`](https://github.com/containerd/containerd/commit/878823f4d26c4b1c823e6d194521b3e9d1309add) cri: add ability to emit deprecation warnings
* [release/1.6] deprecation: new package for deprecations ([#9329](https://github.com/containerd/containerd/pull/9329))
  * [`477b7d6a1`](https://github.com/containerd/containerd/commit/477b7d6a1a8a4c8731605316e7f67b6bdb742bd8) ctr: new deprecations command
  * [`24068b813`](https://github.com/containerd/containerd/commit/24068b813360602d59bc31b766fe79c5d3e82fb6) dynamic: record deprecation for dynamic plugins
  * [`218c7a1df`](https://github.com/containerd/containerd/commit/218c7a1df9ba3d2b28bbde72b772ccb3c3c061ed) server: add ability to record config deprecations
  * [`dfb9e1deb`](https://github.com/containerd/containerd/commit/dfb9e1deb9e749380518fdc6c732c55e5e2230a4) pull: record deprecation warning for schema 1
  * [`90b42da6f`](https://github.com/containerd/containerd/commit/90b42da6f4496d2be76d462a5300cac92f0a07ef) introspection: add support for deprecations
  * [`0b6766b37`](https://github.com/containerd/containerd/commit/0b6766b3741274e0a2c73eb96378d9cb8381b97d) api/introspection: deprecation warnings in server
  * [`de3cb4c18`](https://github.com/containerd/containerd/commit/de3cb4c18660abcb3d2e4b1d8dec0085e3d51077) warning: new service for deprecations
  * [`da1b4419b`](https://github.com/containerd/containerd/commit/da1b4419b25f35315ca297d2b058d2655f9d25fd) deprecation: new package for deprecations
* [release/1.6] integration: deflake TestIssue9103 ([#9353](https://github.com/containerd/containerd/pull/9353))
  * [`bca8a3f65`](https://github.com/containerd/containerd/commit/bca8a3f653d234e5356ab445eca9f6da0316ab77) integration: deflake TestIssue9103
* [release/1.6] ci: Use Vagrant on ubuntu-latest-4-cores ([#9332](https://github.com/containerd/containerd/pull/9332))
  * [`0985f7a43`](https://github.com/containerd/containerd/commit/0985f7a43db3e69a0c6d67d39b9397e5af71deca) ci: Use Vagrant on ubuntu-latest-4-cores
* [release/1.6] Fix ambiguous tls fallback ([#9300](https://github.com/containerd/containerd/pull/9300))
  * [`5dd64301c`](https://github.com/containerd/containerd/commit/5dd64301c89ad1e428a746f0e90d9d72b45fe1b8) Check scheme and host of request on push redirect
  * [`51df21d09`](https://github.com/containerd/containerd/commit/51df21d09ebfac3e3470529fe1372ca22496e606) Avoid TLS fallback when protocol is not ambiguous
* [release/1.6] Add a new image label if it is docker schema 1 ([#9267](https://github.com/containerd/containerd/pull/9267))
  * [`8108f0d03`](https://github.com/containerd/containerd/commit/8108f0d036be2c36f7fc69dd85286d299ee0bf7b) Add a new image label if it is docker schema 1
* [release/1.6 backport] fix protobuf aarch64 ([#9284](https://github.com/containerd/containerd/pull/9284))
  * [`5376afb3d`](https://github.com/containerd/containerd/commit/5376afb3dbec05541b018e361f1343f20dec3ada) fix protobuf aarch64
* [release/1.6] remotes: add handling for missing basic auth credentials ([#9236](https://github.com/containerd/containerd/pull/9236))
  * [`e529741d3`](https://github.com/containerd/containerd/commit/e529741d3f102c7b558255d0e8b053c4e0858bc1) remotes: add handling for missing basic auth credentials
  * [`ca45b92f4`](https://github.com/containerd/containerd/commit/ca45b92f4388ec7d0aa023f305891ec527b64484) Add ErrUnexpectedStatus to resolver
  * [`77c0175b4`](https://github.com/containerd/containerd/commit/77c0175b4269da0b409e1434576c1f86bf9a869c) Improve ErrUnexpectedStatus default string
* [release/1.6] Update x/net to 0.13 ([#9130](https://github.com/containerd/containerd/pull/9130))
  * [`275fc594d`](https://github.com/containerd/containerd/commit/275fc594d8cf462d647b7c2f4dbfd2c8812d87ed) Bump x/net to 0.13
* [release/1.6] Require plugins to succeed after registering readiness  ([#9166](https://github.com/containerd/containerd/pull/9166))
  * [`5223bf39a`](https://github.com/containerd/containerd/commit/5223bf39a636be1d347f9d73be2131e102922695) Require plugins to succeed after registering readiness
  * [`8f5eba314`](https://github.com/containerd/containerd/commit/8f5eba3148d91023df4277c705debb199fa85c57) cri: call RegisterReadiness after NewCRIService
* [release/1.6 backport] containerd-shim-runc-v2: avoid potential deadlock in create handler ([#9210](https://github.com/containerd/containerd/pull/9210))
  * [`7b61862e7`](https://github.com/containerd/containerd/commit/7b61862e7c3e3410318bb723671954b101acec33) *: add runc-fp as runc wrapper to inject failpoint
  * [`5238a6470`](https://github.com/containerd/containerd/commit/5238a6470ca921fe7e47f25b022ea815a1d6f9b4) containerd-shim-runc-v2: avoid potential deadlock in create handler
  * [`65e908ee1`](https://github.com/containerd/containerd/commit/65e908ee1370432a09c81d8f7bc7568ff3d7e784) containerd-shim-runc-v2: remove unnecessary `s.getContainer()`
  * [`1dd9acecb`](https://github.com/containerd/containerd/commit/1dd9acecb85860e374b750d908b33c44e4f75564) Uncopypaste parsing of OCI Bundle spec file
  * [`71c89ddf2`](https://github.com/containerd/containerd/commit/71c89ddf24b05743d9be6b12907dc22719ef769d) [release/1.6]: Vagrantfile: install failpoint binaries
* [release/1.6] cri: stop recommending disable_cgroup ([#9169](https://github.com/containerd/containerd/pull/9169))
  * [`7a0c8b6b7`](https://github.com/containerd/containerd/commit/7a0c8b6b750cbd2bf2377f1d4961609ea1ec6667) cri: stop recommending disable_cgroup
* [release/1.6] Allow for images with artifacts to pull ([#9150](https://github.com/containerd/containerd/pull/9150))
  * [`8066dd81c`](https://github.com/containerd/containerd/commit/8066dd81ca673fcf4c8887069769592ba9fd694d) Allow for images with artifacts to pull
* [release 1.6] remotes/docker: Fix MountedFrom prefixed with target repository ([#9192](https://github.com/containerd/containerd/pull/9192))
  * [`2fffc344a`](https://github.com/containerd/containerd/commit/2fffc344ad661b37a3dae6102b47f887c946f105) remotes/docker: Fix MountedFrom prefixed with target repository
* [release/1.6] remotes: always try to establish tls connection when tls configured ([#9189](https://github.com/containerd/containerd/pull/9189))
  * [`6b5912220`](https://github.com/containerd/containerd/commit/6b591222096f12902ca8269668b36093edcc1899) remotes: always try to establish tls connection when tls configured
* [release/1.6] Build binaries with 1.21.1 ([#9180](https://github.com/containerd/containerd/pull/9180))
  * [`37c758de1`](https://github.com/containerd/containerd/commit/37c758de159bce9544e65fefc81019af9fb0be69) Build binaries with 1.21.1
* [release/1.6 backport] alias log package to github.com/containerd/log v0.1.0 ([#9105](https://github.com/containerd/containerd/pull/9105))
  * [`f1591cc9b`](https://github.com/containerd/containerd/commit/f1591cc9b9d7f1b73f1c50cdca0ca577959eed48) alias log package to github.com/containerd/log v0.1.0
  * [`f68d2d93b`](https://github.com/containerd/containerd/commit/f68d2d93b8c815b8687b85c932a8de2960ad2db7) vendor: golang.org/x/sys v0.7.0
  * [`f305fb233`](https://github.com/containerd/containerd/commit/f305fb233db9764fcd9e83e9078fee213202c3ff) vendor: github.com/stretchr/testify v1.8.4
  * [`4e24a30af`](https://github.com/containerd/containerd/commit/4e24a30af397b0d4dd6a417467eede3386381516) vendor: github.com/sirupsen/logrus v1.9.3
* [release/1.6] remotes/docker: Add MountedFrom and Exists push status ([#9111](https://github.com/containerd/containerd/pull/9111))
  * [`b66c818ba`](https://github.com/containerd/containerd/commit/b66c818ba6bd9e4fe139a6f9d988b3724c7a54ec) remotes/docker: Add MountedFrom and Exists push status
</p>
</details>

### Changes from containerd/log
<details><summary>9 commits</summary>
<p>

* Update golangci to 1.49 ([#1](https://github.com/containerd/log/pull/1))
  * [`89c9a54`](https://github.com/containerd/log/commit/89c9a54561e8736fddc519cf033d936de65ebe67) Update golangci to 1.49
  * [`cf26711`](https://github.com/containerd/log/commit/cf267115d825238992448dbe1cd6cd440c934d8a) Update description in README
  * [`f9f250c`](https://github.com/containerd/log/commit/f9f250cc3a5d033c759b715aa09ff7cdbfc19500) Add project details
  * [`fb7fe3d`](https://github.com/containerd/log/commit/fb7fe3d663dee55b38f2ab094d9ac794dcacba40) Add github CI flow
  * [`7e13034`](https://github.com/containerd/log/commit/7e13034365475c99956f31770c43e296fc6d1a98) Add go module
  * [`16a3c76`](https://github.com/containerd/log/commit/16a3c768269b03fe62fff34d3a76528335a35064) Rename log import from logtest
  * [`698c398`](https://github.com/containerd/log/commit/698c39829fd9372465cb2537db16a7346afb9f31) Add README
  * [`87c83c4`](https://github.com/containerd/log/commit/87c83c42bbd22c5f1d3725fc5006b35217b4629a) Add license file
</p>
</details>

### Changes from containerd/nri
<details><summary>3 commits</summary>
<p>

* [release/0.1 backport] remove containerd as dependency ([#58](https://github.com/containerd/nri/pull/58))
  * [`4275101`](https://github.com/containerd/nri/commit/42751010c8e875a07117c74bfe57c011ae491594) Task: fix typo in godoc
  * [`f6acbf1`](https://github.com/containerd/nri/commit/f6acbf1dc5b357d216af8ffca9d26dd0db3e4ef1) remove containerd as dependency
</p>
</details>

### Dependency Changes

* **github.com/containerd/log**       v0.1.0 **_new_**
* **github.com/containerd/nri**       v0.1.0 -> v0.1.1
* **github.com/emicklei/go-restful**  v2.9.5 -> v2.16.0
* **github.com/sirupsen/logrus**      v1.9.0 -> v1.9.3
* **github.com/stretchr/testify**     v1.8.1 -> v1.8.4
* **golang.org/x/crypto**             3147a52a75dd -> v0.14.0
* **golang.org/x/net**                v0.8.0 -> v0.17.0
* **golang.org/x/sys**                v0.6.0 -> v0.13.0
* **golang.org/x/term**               v0.6.0 -> v0.13.0
* **golang.org/x/text**               v0.8.0 -> v0.13.0

Previous release can be found at [v1.6.24](https://github.com/containerd/containerd/releases/tag/v1.6.24)
    Unverified

  • v1.7.9

    4f03e100 · Merge pull request #9333 from kiashok/newTag-1.7.9 · 
    containerd 1.7.9

Welcome to the v1.7.9 release of containerd!

The ninth patch release for containerd 1.7 contains various fixes and updates.

### Notable Updates

* **update runc binary to v1.1.10::** ([#9359](https://github.com/containerd/containerd/pull/9359))
* **vendor: upgrade OpenTelemetry to v1.19.0 / v0.45.0** ([#9301](https://github.com/containerd/containerd/pull/9301))
* **Expose usage of cri-api v1alpha2** ([#9336](https://github.com/containerd/containerd/pull/9336))
* **integration: deflake TestIssue9103** ([#9354](https://github.com/containerd/containerd/pull/9354))
* **fix: shimv1 leak issue** ([#9344](https://github.com/containerd/containerd/pull/9344))
* **cri: add deprecation warnings for mirrors, auths, and configs** ([#9327](https://github.com/containerd/containerd/pull/9327))
* **Update hcsshim tag to v0.11.4** ([#9326](https://github.com/containerd/containerd/pull/9326))
* **Expose usage of deprecated features** ([#9315](https://github.com/containerd/containerd/pull/9315))

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Samuel Karp
* Kazuyoshi Kato
* Wei Fu
* Kirtana Ashok
* Derek McGowan
* Milas Bowman
* Sebastiaan van Stijn
* ruiwen-zhao

### Changes
<details><summary>28 commits</summary>
<p>

* [release/1.7] Add release notes for v1.7.9 ([#9333](https://github.com/containerd/containerd/pull/9333))
  * [`4b912af52`](https://github.com/containerd/containerd/commit/4b912af5246060ddfe3a49065f50ebe2cccc1bb3) Add release notes for v1.7.9
* [release/1.7 backport] update runc binary to v1.1.10 ([#9359](https://github.com/containerd/containerd/pull/9359))
  * [`eff291713`](https://github.com/containerd/containerd/commit/eff29171398e411ab054367f6d9f1892b9d70f67) update runc binary to v1.1.10
* [release/1.7] vendor: upgrade OpenTelemetry to v1.19.0 / v0.45.0 ([#9301](https://github.com/containerd/containerd/pull/9301))
  * [`bd9428ff7`](https://github.com/containerd/containerd/commit/bd9428ff711bda05efecddafe8ca07f568cd994e) vendor: upgrade OpenTelemetry to v1.19.0 / v0.45.0
* [release/1.7] Expose usage of cri-api v1alpha2 ([#9336](https://github.com/containerd/containerd/pull/9336))
  * [`d62cba40c`](https://github.com/containerd/containerd/commit/d62cba40c833f0dacb58084749105fd6cd61283a) Expose usage of cri-api v1alpha2
* [release/1.7] integration: deflake TestIssue9103 ([#9354](https://github.com/containerd/containerd/pull/9354))
  * [`5dbc258a8`](https://github.com/containerd/containerd/commit/5dbc258a81c236040b7ff27382f812c7179d6cd3) integration: deflake TestIssue9103
* [release/1.7] fix: shimv1 leak issue ([#9344](https://github.com/containerd/containerd/pull/9344))
  * [`449912857`](https://github.com/containerd/containerd/commit/449912857d8191c986537af00325d9999922fce3) fix: shimv1 leak issue
* [release/1.7] cri: add deprecation warnings for mirrors, auths, and configs ([#9327](https://github.com/containerd/containerd/pull/9327))
  * [`152c57e91`](https://github.com/containerd/containerd/commit/152c57e918a8374ce2fa20d4eb6ba5896a314529) cri: add deprecation warning for configs
  * [`689a1036d`](https://github.com/containerd/containerd/commit/689a1036dda32e79643b151f632c8da5bac2f149) cri: add deprecation warning for auths
  * [`8c38975bf`](https://github.com/containerd/containerd/commit/8c38975bf22f138f00ddf0fafd4803bbade098a3) cri: add deprecation warning for mirrors
  * [`1fbce40c4`](https://github.com/containerd/containerd/commit/1fbce40c4a7dfad845770580eb146ea2fc64cc46) cri: add ability to emit deprecation warnings
* [release/1.7] Update hcsshim tag to v0.11.4 ([#9326](https://github.com/containerd/containerd/pull/9326))
  * [`73f15bdb6`](https://github.com/containerd/containerd/commit/73f15bdb63e25a13bf99f192f39984e22bc7dbc9) Update hcsshim tag to v0.11.4
* [release/1.7] Expose usage of deprecated features ([#9315](https://github.com/containerd/containerd/pull/9315))
  * [`60d48ffea`](https://github.com/containerd/containerd/commit/60d48ffea657d7d7059dcf497c75d3347e1fd1ab) ctr: new deprecations command
  * [`74a06671a`](https://github.com/containerd/containerd/commit/74a06671ab9396ee94cfee2a588c5d0e170fb698) plugin: record deprecation for dynamic plugins
  * [`fa5f3c91a`](https://github.com/containerd/containerd/commit/fa5f3c91a946795de0173e10a5a3eba4c18aa4c3) server: add ability to record config deprecations
  * [`f7880e7f0`](https://github.com/containerd/containerd/commit/f7880e7f0873024d5307a16d4db8c7a2f360ad49) pull: record deprecation warning for schema 1
  * [`1dd2f2c02`](https://github.com/containerd/containerd/commit/1dd2f2c028bc0bf9b9301a142e09488815c2fb95) introspection: add support for deprecations
  * [`aaf000c18`](https://github.com/containerd/containerd/commit/aaf000c18c047895a891a5dfc7127dc87c034fc9) api/introspection: deprecation warnings in server
  * [`9b7ceee54`](https://github.com/containerd/containerd/commit/9b7ceee540206e6ff6f690676566a73f4f8d443f) warning: new service for deprecations
  * [`b708f8bfa`](https://github.com/containerd/containerd/commit/b708f8bfadcbf95e2acba22ffdeb7d8f8a974151) deprecation: new package for deprecations
</p>
</details>

### Dependency Changes

* **github.com/Microsoft/hcsshim**                                                 v0.11.1 -> v0.11.4
* **github.com/cenkalti/backoff/v4**                                               v4.2.0 -> v4.2.1
* **github.com/go-logr/logr**                                                      v1.2.3 -> v1.2.4
* **github.com/grpc-ecosystem/grpc-gateway/v2**                                    v2.7.0 -> v2.16.0
* **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc**  v0.40.0 -> v0.45.0
* **go.opentelemetry.io/otel**                                                     v1.14.0 -> v1.19.0
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace**                            v1.14.0 -> v1.19.0
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc**              v1.14.0 -> v1.19.0
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp**              v1.14.0 -> v1.19.0
* **go.opentelemetry.io/otel/metric**                                              v0.37.0 -> v1.19.0
* **go.opentelemetry.io/otel/sdk**                                                 v1.14.0 -> v1.19.0
* **go.opentelemetry.io/otel/trace**                                               v1.14.0 -> v1.19.0
* **go.opentelemetry.io/proto/otlp**                                               v0.19.0 -> v1.0.0

Previous release can be found at [v1.7.8](https://github.com/containerd/containerd/releases/tag/v1.7.8)
    Unverified

  • v2.0.0-beta.0

    de55dfc0 · Merge pull request #9318 from dmcgowan/prepare-2.0-beta.0 · 
    containerd 2.0.0-beta.0

Welcome to the v2.0.0-beta.0 release of containerd!
*This is a pre-release of containerd*

The first major release of containerd 2.x focuses on the continued stability of
containerd's core feature set with an easy upgrade from containerd 1.x. This
release includes the stabilization of new features added in the last 1.x release
as well as the removal of features which were deprecated in 1.x. The goal is to
support the vast community of containerd users well into the future along with
their ever increasing deployment footprints and variety of use cases.

### Highlights

* Don't allow io_uring related syscalls in the RuntimeDefault seccomp profile. ([#9320](https://github.com/containerd/containerd/pull/9320))
* Expose usage of deprecated features ([#9258](https://github.com/containerd/containerd/pull/9258))
* Switch runc shim to task service v3 and fix restore ([#9233](https://github.com/containerd/containerd/pull/9233))
* Add sandboxer configuration and move sandbox controllers to plugins ([#8268](https://github.com/containerd/containerd/pull/8268))
* Use Intel ISA-L's igzip if available ([#9200](https://github.com/containerd/containerd/pull/9200))
* Generalize plugin library ([#9214](https://github.com/containerd/containerd/pull/9214))
* Introduce top level config migration ([#9223](https://github.com/containerd/containerd/pull/9223))
* Add image delete target ([#8989](https://github.com/containerd/containerd/pull/8989))
* Use github.com/containerd/log ([#9086](https://github.com/containerd/containerd/pull/9086))
* Add support for image expiration during garbage collection ([#9022](https://github.com/containerd/containerd/pull/9022))
* Reduce the contention between ref lock and boltdb lock in content store ([#8792](https://github.com/containerd/containerd/pull/8792))
* Remove the CriuPath field from runc's options ([#8279](https://github.com/containerd/containerd/pull/8279))
* Remove support for config.toml `version = 1` ([#8275](https://github.com/containerd/containerd/pull/8275))
* Remove "containerd.io/restart.logpath" label ([#8264](https://github.com/containerd/containerd/pull/8264))
* Remove `aufs` snapshotter ([#8263](https://github.com/containerd/containerd/pull/8263))

#### Container Runtime Interface (CRI)

* Remove non-sandboxed CRI implementation ([#9228](https://github.com/containerd/containerd/pull/9228))
* Add image verifier transfer service plugin system based on a binary directory ([#8493](https://github.com/containerd/containerd/pull/8493))
* Add support for userns in stateless and stateful pods with idmap mounts (KEP-127, k8s >= 1.27) ([#8287](https://github.com/containerd/containerd/pull/8287))
* Use sandboxed CRI by default ([#8994](https://github.com/containerd/containerd/pull/8994))
* Implement RuntimeConfig CRI call ([#8722](https://github.com/containerd/containerd/pull/8722))
* Add support for user namespaces (KEP-127) ([#8803](https://github.com/containerd/containerd/pull/8803))
* Remove CRI v1alpha2 ([#8276](https://github.com/containerd/containerd/pull/8276))

#### Runtime

* Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([#8262](https://github.com/containerd/containerd/pull/8262))

#### Breaking

* Don't allow io_uring related syscalls in the RuntimeDefault seccomp profile. ([#9320](https://github.com/containerd/containerd/pull/9320))
* Move client to subpackage ([#9316](https://github.com/containerd/containerd/pull/9316))
* Remove CRI v1alpha2 ([#8276](https://github.com/containerd/containerd/pull/8276))
* Remove `io.containerd.runtime.v1.linux` and `io.containerd.runc.v1` ([#8262](https://github.com/containerd/containerd/pull/8262))
* Remove "containerd.io/restart.logpath" label ([#8264](https://github.com/containerd/containerd/pull/8264))
* Remove `aufs` snapshotter ([#8263](https://github.com/containerd/containerd/pull/8263))

#### Deprecations

* Deprecate go-plugin configuration option ([#9238](https://github.com/containerd/containerd/pull/9238))
* CNI conf_template in CRI is no longer deprecated ([#8637](https://github.com/containerd/containerd/pull/8637))

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Derek McGowan
* Akihiro Suda
* Wei Fu
* Phil Estes
* Sebastiaan van Stijn
* Samuel Karp
* Maksym Pavlenko
* Kazuyoshi Kato
* Rodrigo Campos
* Danny Canter
* Gabriel Adrian Samfira
* Iceber Gu
* Jin Dong
* Bjorn Neergaard
* Austin Vazquez
* Mike Brown
* Paul "TBBle" Hampson
* Kirtana Ashok
* Krisztian Litkey
* rongfu.leng
* Abel Feng
* Enrico Weigelt
* Kohei Tokunaga
* James Sturtevant
* Ilya Hanov
* Marat Radchenko
* Akhil Mohan
* Cardy.Tang
* Hsing-Yu (David) Chen
* Justin Chadwell
* Markus Lehtonen
* Nashwan Azhari
* Shingo Omura
* Vinayak Goyal
* helen
* Aditi Sharma
* Brian Goff
* Charity Kathure
* Henry Wang
* Kay Yan
* Laura Brehm
* Artem Khramov
* Brad Davidson
* Bryant Biggs
* Chen Yiyang
* Cory Snider
* Davanum Srinivas
* Ed Bartosh
* Ethan Lowman
* James Jenkins
* Jiang Liu
* Jordan Liggitt
* June Rhodes
* Mahamed Ali
* Michael Crosby
* Paweł Gronowski
* Peteris Rudzusiks
* Sam Edwards
* Samruddhi Khandale
* Steve Griffith
* VERNOU Cédric
* hang.jiang
* jerryzhuang
* Aaron Lehmann
* Aditya Ramani
* Alex Couture-Beil
* Alex Ellis
* Alex Rodriguez
* Alexandru Matei
* Amir M. Ghazanfari
* Antonio Huete Jimenez
* Ben Foster
* Bin Xin
* BinBin He
* Brennan Kinney
* Craig Ingram
* Daisy Rong
* Djordje Lukic
* Edgar Lee
* Eng Zer Jun
* Etienne Champetier
* Evan Lezar
* Fahed Dorgaa
* Gary McDonald
* Jan Dubois
* Jiongchi Yu
* Kern Walster
* Maksim An
* Milas Bowman
* Pan Yibo
* Qasim Sarfraz
* Qiutong Song
* Robbie Buxton
* Robert-André Mauchin
* Shuaiyi Zhang
* Shukui Yang
* Tianon Gravi
* Tony Fang
* Tõnis Tiigi
* Wang Xinwen
* William Chen
* charles-chenzz
* chschumacher1994
* guangli.bao
* ningmingxiao
* pigletfly
* wangxiang
* zhangpeng
* zhaojizhuang
* zounengren
* 沈陵

### Dependency Changes

* **dario.cat/mergo**                                                       v1.0.0 **_new_**
* **github.com/AdaLogics/go-fuzz-headers**                                  1f10f66a31bf -> ced1acdcaa24
* **github.com/AdamKorcz/go-118-fuzz-build**                                5330a85ea652 -> 8075edf89bb0
* **github.com/Microsoft/go-winio**                                         v0.6.0 -> v0.6.1
* **github.com/Microsoft/hcsshim**                                          v0.10.0-rc.7 -> v0.12.0-rc.0
* **github.com/Microsoft/hcsshim/test**                                     43a75bb4edd3 **_new_**
* **github.com/cenkalti/backoff/v4**                                        v4.2.0 -> v4.2.1
* **github.com/container-orchestrated-devices/container-device-interface**  v0.5.4 -> v0.6.1
* **github.com/containerd/cgroups/v3**                                      v3.0.1 -> v3.0.2
* **github.com/containerd/continuity**                                      v0.3.0 -> v0.4.2
* **github.com/containerd/go-runc**                                         v1.0.0 -> v1.1.0
* **github.com/containerd/log**                                             v0.1.0 **_new_**
* **github.com/containerd/nri**                                             v0.3.0 -> v0.5.0
* **github.com/containerd/plugin**                                          7ec69893e1e7 **_new_**
* **github.com/containerd/ttrpc**                                           v1.2.1 -> v1.2.2
* **github.com/containerd/typeurl/v2**                                      v2.1.0 -> v2.1.1
* **github.com/containernetworking/plugins**                                v1.2.0 -> v1.3.0
* **github.com/distribution/reference**                                     v0.5.0 **_new_**
* **github.com/emicklei/go-restful/v3**                                     v3.10.1 -> v3.10.2
* **github.com/go-logr/logr**                                               v1.2.3 -> v1.2.4
* **github.com/golang/protobuf**                                            v1.5.2 -> v1.5.3
* **github.com/google/uuid**                                                v1.3.0 -> v1.3.1
* **github.com/grpc-ecosystem/go-grpc-middleware**                          v1.3.0 -> v1.4.0
* **github.com/grpc-ecosystem/grpc-gateway/v2**                             v2.7.0 -> v2.16.2
* **github.com/klauspost/compress**                                         v1.16.0 -> v1.17.2
* **github.com/klauspost/cpuid/v2**                                         v2.0.4 -> v2.2.5
* **github.com/minio/sha256-simd**                                          v1.0.0 -> v1.0.1
* **github.com/moby/sys/user**                                              v0.1.0 **_new_**
* **github.com/opencontainers/image-spec**                                  3a7f492d3f1b -> v1.1.0-rc5
* **github.com/opencontainers/runtime-spec**                                v1.1.0-rc.1 -> 4fec88fd00a4
* **github.com/opencontainers/runtime-tools**                               946c877fa809 -> 2e043c6bd626
* **github.com/pelletier/go-toml/v2**                                       v2.1.0 **_new_**
* **github.com/prometheus/client_golang**                                   v1.14.0 -> v1.16.0
* **github.com/prometheus/client_model**                                    v0.3.0 -> v0.4.0
* **github.com/prometheus/common**                                          v0.37.0 -> v0.44.0
* **github.com/prometheus/procfs**                                          v0.8.0 -> v0.10.1
* **github.com/sirupsen/logrus**                                            v1.9.0 -> v1.9.3
* **github.com/stretchr/testify**                                           v1.8.2 -> v1.8.4
* **github.com/urfave/cli**                                                 v1.22.12 -> v1.22.14
* **github.com/vishvananda/netns**                                          2eb08e3e575f -> v0.0.4
* **golang.org/x/mod**                                                      v0.7.0 -> v0.12.0
* **golang.org/x/net**                                                      v0.7.0 -> v0.17.0
* **golang.org/x/oauth2**                                                   v0.4.0 -> v0.10.0
* **golang.org/x/sync**                                                     v0.1.0 -> v0.3.0
* **golang.org/x/sys**                                                      v0.6.0 -> v0.13.0
* **golang.org/x/term**                                                     v0.5.0 -> v0.13.0
* **golang.org/x/text**                                                     v0.7.0 -> v0.13.0
* **golang.org/x/time**                                                     90d013bbcef8 -> v0.3.0
* **golang.org/x/tools**                                                    v0.5.0 -> v0.11.0
* **google.golang.org/genproto**                                            7f2fa6fef1f4 -> 659f7aaaa771
* **google.golang.org/genproto/googleapis/api**                             23370e0ffb3e **_new_**
* **google.golang.org/genproto/googleapis/rpc**                             23370e0ffb3e **_new_**
* **google.golang.org/grpc**                                                v1.53.0 -> v1.58.3
* **google.golang.org/protobuf**                                            v1.28.1 -> v1.31.0
* **k8s.io/api**                                                            v0.26.2 -> v0.28.2
* **k8s.io/apimachinery**                                                   v0.26.2 -> v0.28.2
* **k8s.io/apiserver**                                                      v0.26.2 -> v0.28.2
* **k8s.io/client-go**                                                      v0.26.2 -> v0.28.2
* **k8s.io/component-base**                                                 v0.26.2 -> v0.28.2
* **k8s.io/cri-api**                                                        v0.26.2 -> v0.28.2
* **k8s.io/klog/v2**                                                        v2.90.1 -> v2.100.1
* **k8s.io/kubelet**                                                        v0.28.2 **_new_**
* **k8s.io/utils**                                                          a5ecb0141aa5 -> d93618cff8a2
* **sigs.k8s.io/json**                                                      f223a00ba0e2 -> bc3834ca7abd

Previous release can be found at [v1.7.0](https://github.com/containerd/containerd/releases/tag/v1.7.0)
### Which file should I download?
* `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`:         ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
* `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`:  Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases)
and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too.

See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
    Unverified

  • debian/1.6.24_ds1-1

    e9fe98b0 · Update changelog for 1.6.24~ds1-1 release · 
    containerd Debian release 1.6.24~ds1-1

  • upstream/1.6.24_ds1

    97156e22 · New upstream version 1.6.24~ds1 · 
    Upstream version 1.6.24~ds1

  • v1.7.8

    8e4b0bde · Merge pull request #9278 from dmcgowan/prepare-v1.7.8 · 
    containerd 1.7.8

Welcome to the v1.7.8 release of containerd!

The eighth patch release for containerd 1.7 contains various fixes and updates.

### Notable Updates

* **Fix ambiguous TLS fallback** ([#9299](https://github.com/containerd/containerd/pull/9299))
* **Update Go to 1.20.10** ([#9265](https://github.com/containerd/containerd/pull/9265))
* **Add a new image label on converted schema 1 images** ([#9252](https://github.com/containerd/containerd/pull/9252))
* **Fix handling for missing basic auth credentials** ([#9235](https://github.com/containerd/containerd/pull/9235))
* **Fix potential deadlock in create handler for containerd-shim-runc-v2** ([#9209](https://github.com/containerd/containerd/pull/9209))

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Sebastiaan van Stijn
* Derek McGowan
* Phil Estes
* Chen Yiyang
* Wei Fu
* Akihiro Suda
* Maksym Pavlenko
* Marat Radchenko
* Milas Bowman
* Qiutong Song
* Samuel Karp

### Changes
<details><summary>27 commits</summary>
<p>

* [release/1.7] Prepare release notes for v1.7.8 ([#9278](https://github.com/containerd/containerd/pull/9278))
  * [`48dbdf871`](https://github.com/containerd/containerd/commit/48dbdf871b43ca94f243779bd641fcda49c94f66) Prepare release notes for v1.7.8
* [release/1.7] Fix ambiguous tls fallback ([#9299](https://github.com/containerd/containerd/pull/9299))
  * [`68abc543b`](https://github.com/containerd/containerd/commit/68abc543b1eb4a8196842de6c83115ba4e5698b0) Check scheme and host of request on push redirect
  * [`35c7634e3`](https://github.com/containerd/containerd/commit/35c7634e33651053a934bbcb831c90ddc65ede2e) Avoid TLS fallback when protocol is not ambiguous
* [release/1.7] vendor: google.golang.org/grpc v1.58.3 ([#9281](https://github.com/containerd/containerd/pull/9281))
  * [`f36948cad`](https://github.com/containerd/containerd/commit/f36948cad712b9f813518ceaa5ac5441b6e10347) vendor: gRPC v1.58.3
* [release/1.7 backport] vendor: golang.org/x/net v0.17.0 ([#9276](https://github.com/containerd/containerd/pull/9276))
  * [`c67a53190`](https://github.com/containerd/containerd/commit/c67a5319050614a947c9e5c133e44164e487a223) vendor: golang.org/x/net v0.17.0
  * [`71f4b36ca`](https://github.com/containerd/containerd/commit/71f4b36ca7a420d53a9f6c1b3f846a4a94b739de) vendor: golang.org/x/text v0.13.0
  * [`a7b3b7090`](https://github.com/containerd/containerd/commit/a7b3b70909a99f47845b74a3dbe58032c17bd1e0) vendor: golang.org/x/sys v0.13.0
* [release/1.7] vendor: google.golang.org/grpc v1.56.3 ([#9248](https://github.com/containerd/containerd/pull/9248))
  * [`26736d6e1`](https://github.com/containerd/containerd/commit/26736d6e1af5f45386ae9382a6a951aee33c9ca7) vendor: google.golang.org/grpc v1.56.3
  * [`54a69a6e4`](https://github.com/containerd/containerd/commit/54a69a6e448d61fe88ad90bd476f8f65cf21277f) vendor: golang.org/x/oauth2 v0.7.0
  * [`ac15a7f5b`](https://github.com/containerd/containerd/commit/ac15a7f5b9da1b45ffc66bb8ccdcaed2f571c73a) vendor: google.golang.org/protobuf v1.30.0
* [release/1.7] update to go1.20.10, test go1.21.3 ([#9265](https://github.com/containerd/containerd/pull/9265))
  * [`2479c3321`](https://github.com/containerd/containerd/commit/2479c332173014f3086d9b016214c536a7c03f39) [release/1.7] update to go1.20.10, test go1.21.3
  * [`11f40e9d8`](https://github.com/containerd/containerd/commit/11f40e9d80409b8dfa9dcb3eb81934e08384dd8e) [release/1.7] update to go1.20.9, test go1.21.2
* [release/1.7] Add a new image label if it is docker schema 1 ([#9252](https://github.com/containerd/containerd/pull/9252))
  * [`cac1bab79`](https://github.com/containerd/containerd/commit/cac1bab797ed8d1245bff49aa90e6c80d8714899) Add a new image label if it is docker schema 1
* [release/1.7] remotes: add handling for missing basic auth credentials ([#9235](https://github.com/containerd/containerd/pull/9235))
  * [`6cd2cc4a8`](https://github.com/containerd/containerd/commit/6cd2cc4a8f035162e06d5ffbf868c540e7eb40eb) remotes: add handling for missing basic auth credentials
* [release/1.7 backport] containerd-shim-runc-v2: avoid potential deadlock in create handler ([#9209](https://github.com/containerd/containerd/pull/9209))
  * [`d0a1fedb5`](https://github.com/containerd/containerd/commit/d0a1fedb5a4828daddff330a345780d0222e47e8) *: add runc-fp as runc wrapper to inject failpoint
  * [`04491240a`](https://github.com/containerd/containerd/commit/04491240af1766337e0fbb5145405f74a39f5ad5) containerd-shim-runc-v2: avoid potential deadlock in create handler
  * [`6982a0df5`](https://github.com/containerd/containerd/commit/6982a0df5bc0d31ae82f0810518550006bf90931) containerd-shim-runc-v2: remove unnecessary `s.getContainer()`
  * [`0e2320398`](https://github.com/containerd/containerd/commit/0e2320398f0fb9974232ef68ea70625645f42661) Uncopypaste parsing of OCI Bundle spec file
</p>
</details>

### Dependency Changes

* **golang.org/x/crypto**                        v0.11.0 -> v0.14.0
* **golang.org/x/mod**                           v0.9.0 -> v0.11.0
* **golang.org/x/net**                           v0.13.0 -> v0.17.0
* **golang.org/x/oauth2**                        v0.4.0 -> v0.10.0
* **golang.org/x/sync**                          v0.1.0 -> v0.3.0
* **golang.org/x/sys**                           v0.10.0 -> v0.13.0
* **golang.org/x/term**                          v0.10.0 -> v0.13.0
* **golang.org/x/text**                          v0.11.0 -> v0.13.0
* **golang.org/x/tools**                         v0.7.0 -> v0.10.0
* **google.golang.org/genproto**                 7f2fa6fef1f4 -> 782d3b101e98
* **google.golang.org/genproto/googleapis/api**  782d3b101e98 **_new_**
* **google.golang.org/genproto/googleapis/rpc**  782d3b101e98 **_new_**
* **google.golang.org/grpc**                     v1.53.0 -> v1.58.3
* **google.golang.org/protobuf**                 v1.29.1 -> v1.31.0

Previous release can be found at [v1.7.7](https://github.com/containerd/containerd/releases/tag/v1.7.7)
    Unverified

  • v1.7.7

    8c087663 · Merge pull request #9194 from dcantah/release-notes-1.7.7 · 
    containerd 1.7.7

Welcome to the v1.7.7 release of containerd!

The seventh patch release for containerd 1.7 contains various fixes and updates.

### Notable Updates

* **Require plugins to succeed after registering readiness** ([#9165](https://github.com/containerd/containerd/pull/9165))
* **Handle unexpected shim kill events** ([#9132](https://github.com/containerd/containerd/pull/9132))
* **Build binaries with Go 1.21.1** ([#9167](https://github.com/containerd/containerd/pull/9167))
* **cri: Stop recommending disable_cgroup** ([#9168](https://github.com/containerd/containerd/pull/9168))
* **remotes/docker: Fix MountedFrom prefixed with target repository** ([#9193](https://github.com/containerd/containerd/pull/9193))
* **remotes: always try to establish tls connection when tls configured** ([#9188](https://github.com/containerd/containerd/pull/9188))
* **NRI: Add support for rlimits** ([#48](https://github.com/containerd/nri/pull/48))

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Derek McGowan
* Samuel Karp
* Krisztian Litkey
* Wei Fu
* Phil Estes
* Sebastiaan van Stijn
* Iceber Gu
* Mike Brown
* Akihiro Suda
* Paweł Gronowski
* Steve Griffith
* Aditya Ramani
* Austin Vazquez
* Danny Canter
* James Sturtevant
* Kern Walster
* ZP-AlwaysWin

### Changes
<details><summary>31 commits</summary>
<p>

* [release/1.7] Prepare release notes for v1.7.7 ([#9194](https://github.com/containerd/containerd/pull/9194))
  * [`a34fa5681`](https://github.com/containerd/containerd/commit/a34fa5681a8cf8a250cdb638e29f54be44b7554f) Prepare release notes for v1.7.7
* [release/1.7] Allow for images with artifacts to pull ([#9149](https://github.com/containerd/containerd/pull/9149))
  * [`6ca0aebf0`](https://github.com/containerd/containerd/commit/6ca0aebf0c40c3a2ea59c0ede440f9b6be5d1ded) Allow for images with artifacts to pull
* [release 1.7] remotes/docker: Fix MountedFrom prefixed with target repository ([#9193](https://github.com/containerd/containerd/pull/9193))
  * [`7df492a95`](https://github.com/containerd/containerd/commit/7df492a95c7283a3f402b5a0e96030e42724d9d0) remotes/docker: Fix MountedFrom prefixed with target repository
* [release/1.7] Update x/net to 0.13 ([#9134](https://github.com/containerd/containerd/pull/9134))
  * [`b3db314a5`](https://github.com/containerd/containerd/commit/b3db314a58311b3e754906baf356ec83d05015d6) Bump x/net to 0.13
* [release/1.7] remotes: always try to establish tls connection when tls configured ([#9188](https://github.com/containerd/containerd/pull/9188))
  * [`7779ce64e`](https://github.com/containerd/containerd/commit/7779ce64e563f366199e7b22972ca18ec060b944) remotes: always try to establish tls connection when tls configured
* [release/1.7] cri: stop recommending disable_cgroup ([#9168](https://github.com/containerd/containerd/pull/9168))
  * [`6013b5e03`](https://github.com/containerd/containerd/commit/6013b5e03ebadfc70eb711118a05e24891f8e2dc) cri: stop recommending disable_cgroup
* [release/1.7] Require plugins to succeed after registering readiness ([#9165](https://github.com/containerd/containerd/pull/9165))
  * [`a83c66813`](https://github.com/containerd/containerd/commit/a83c66813f908c861ad3d908755d4c4b0a86778c) Require plugins to succeed after registering readiness
  * [`171d76849`](https://github.com/containerd/containerd/commit/171d76849393a3efa3b244f84c7dceff8c7d5026) cri: call RegisterReadiness after NewCRIService
* [release/1.7] Handle unexpected shim kill events ([#9132](https://github.com/containerd/containerd/pull/9132))
  * [`3d27bc738`](https://github.com/containerd/containerd/commit/3d27bc738a6e6762a9c240f420491632e3eaae3d) Handle unexpected shim kill events
* [release/1.7] Build binaries with 1.21.1 ([#9167](https://github.com/containerd/containerd/pull/9167))
  * [`4ffa3ed29`](https://github.com/containerd/containerd/commit/4ffa3ed2940b122cf5191746edeb30e177ea9820) Build binaries with 1.21.1
* [release/1.7] vendor: github.com/Microsoft/hcsshim v0.11.1 ([#9127](https://github.com/containerd/containerd/pull/9127))
  * [`5756f6064`](https://github.com/containerd/containerd/commit/5756f6064b89c4c403439b49353d5dd035ba8c4f) [release/1.7] vendor: github.com/Microsoft/hcsshim v0.11.1
* [release/1.7 backport] alias log package to github.com/containerd/log v0.1.0 ([#9106](https://github.com/containerd/containerd/pull/9106))
  * [`09633b539`](https://github.com/containerd/containerd/commit/09633b539fad441c730569050e66a87d713a14a9) deprecate logs package, but disable linter (for transitioning)
  * [`cb201519f`](https://github.com/containerd/containerd/commit/cb201519f8757f4272d88f3a785a4cb56215095c) alias log package to github.com/containerd/log v0.1.0
  * [`a5024e6dd`](https://github.com/containerd/containerd/commit/a5024e6dd9f797051a465516066b248294c434e1) vendor: github.com/stretchr/testify v1.8.4
  * [`7bd976af3`](https://github.com/containerd/containerd/commit/7bd976af3fe068a79fec23d9fc05a69e26aa18c3) vendor: github.com/sirupsen/logrus v1.9.3
* [release/1.7] remotes/docker: Add MountedFrom and Exists push status ([#9097](https://github.com/containerd/containerd/pull/9097))
  * [`8cd2d33c2`](https://github.com/containerd/containerd/commit/8cd2d33c2aaa730717be1b75a4d2f3629e493c55) [release/1.7] remotes/docker: Add MountedFrom and Exists push status
* [release/1.7] vendor: update github.com/containerd/nri@v0.4.0 ([#9099](https://github.com/containerd/containerd/pull/9099))
  * [`3ca015e55`](https://github.com/containerd/containerd/commit/3ca015e55672c128d9f021d14f49ef96c247cd5b) nri: update mock plugin handlers
  * [`4cd208c1f`](https://github.com/containerd/containerd/commit/4cd208c1f2d80d863776c1947881d5283f3b25fc) vendor: update github.com/containerd/nri@v0.4.0
</p>
</details>

### Changes from containerd/log
<details><summary>9 commits</summary>
<p>

* Update golangci to 1.49 ([#1](https://github.com/containerd/log/pull/1))
  * [`89c9a54`](https://github.com/containerd/log/commit/89c9a54561e8736fddc519cf033d936de65ebe67) Update golangci to 1.49
  * [`cf26711`](https://github.com/containerd/log/commit/cf267115d825238992448dbe1cd6cd440c934d8a) Update description in README
  * [`f9f250c`](https://github.com/containerd/log/commit/f9f250cc3a5d033c759b715aa09ff7cdbfc19500) Add project details
  * [`fb7fe3d`](https://github.com/containerd/log/commit/fb7fe3d663dee55b38f2ab094d9ac794dcacba40) Add github CI flow
  * [`7e13034`](https://github.com/containerd/log/commit/7e13034365475c99956f31770c43e296fc6d1a98) Add go module
  * [`16a3c76`](https://github.com/containerd/log/commit/16a3c768269b03fe62fff34d3a76528335a35064) Rename log import from logtest
  * [`698c398`](https://github.com/containerd/log/commit/698c39829fd9372465cb2537db16a7346afb9f31) Add README
  * [`87c83c4`](https://github.com/containerd/log/commit/87c83c42bbd22c5f1d3725fc5006b35217b4629a) Add license file
</p>
</details>

### Changes from containerd/nri
<details><summary>35 commits</summary>
<p>

* releases: update note about 0.4.0 ([#50](https://github.com/containerd/nri/pull/50))
  * [`5f13915`](https://github.com/containerd/nri/commit/5f139156d546cb68a8495c9c36cfc6a574ba3a55) releases: update note about 0.4.0
* Add support for rlimits ([#48](https://github.com/containerd/nri/pull/48))
  * [`5ecea04`](https://github.com/containerd/nri/commit/5ecea042d15be1ba5e0b988a40a4c90fb2210a7f) ulimit-adjuster: add validation for hard limits
  * [`db3de10`](https://github.com/containerd/nri/commit/db3de101ccaba370f9238188da0d8e05039efdee) test: exclude ulimit-adjuster from ginkgo
  * [`f0deb59`](https://github.com/containerd/nri/commit/f0deb59b4fbf7bcc62597a1299f4544638daa81a) ulimit-adjuster: new sample plugin
  * [`d2dd708`](https://github.com/containerd/nri/commit/d2dd708de134cfe0617821142557b3e55b0bdf64) Add support for rlimits
  * [`efaf36e`](https://github.com/containerd/nri/commit/efaf36e49f30c4ca0bfb0bba2c412e87241674c1) api: add POSIXRlimit type
* .github: add test build to CI workflow. ([#47](https://github.com/containerd/nri/pull/47))
  * [`3f092c2`](https://github.com/containerd/nri/commit/3f092c29cf62a77c9eadaa9d7ff9ac28ece3d180) .github: add test build to CI workflow.
* stub: pass context to plugins, pass updated resources to UpdateContainers. ([#40](https://github.com/containerd/nri/pull/40))
  * [`01d5f14`](https://github.com/containerd/nri/commit/01d5f14d96708830f232b2744742fc14763816b1) Add a note about NRI API stability and release notes.
  * [`ea9976d`](https://github.com/containerd/nri/commit/ea9976d8dae3a6e630da76a26dbef44b5c8a3de3) adaptation: add UpdateContainer tests.
  * [`d042d24`](https://github.com/containerd/nri/commit/d042d24bc4a96fa5fcf1aa0d2195ff75833d7d4e) stub: fix plugin UpdateContainerInterface.
  * [`f5d0f51`](https://github.com/containerd/nri/commit/f5d0f513608b2afc3fcc5e6bdf76b10b3004c14c) plugins: update plugins for stub changes.
  * [`b4bd301`](https://github.com/containerd/nri/commit/b4bd301a1ead4d277af088e321c05e76102c8769) adaptation: update tests with stub changes.
  * [`9d86150`](https://github.com/containerd/nri/commit/9d86150fce4318491481e354d0f34c6b76e8806e) stub: pass context to plugin event handlers.
* Updated the OCI Hook Injector README to resovle broken links to the p… ([#34](https://github.com/containerd/nri/pull/34))
  * [`5eee915`](https://github.com/containerd/nri/commit/5eee9158f7fab6294bdbc5c76b2793f2dbe9faec) removed link
  * [`c783fc7`](https://github.com/containerd/nri/commit/c783fc76a80b315253d407f1e74ff9263cf5ce21) Resolves broken podman links and adds details to help better guide people in testing.
* Fix ParseEventMask to produce proper masks for 'pod' and 'container' shorthand event notations. ([#39](https://github.com/containerd/nri/pull/39))
  * [`da291a6`](https://github.com/containerd/nri/commit/da291a66180b6989a6dcc6bcffcc3257c185f8f8) Fix ParseEventMask to produce proper masks
* fix the `NRI_PLUGIN_NAME` env value when launching a pre-installed plugin ([#42](https://github.com/containerd/nri/pull/42))
  * [`4a4cea6`](https://github.com/containerd/nri/commit/4a4cea6142a5a34301b796a36355e3b38bb98522) fix the NRI_PLUGIN_NAME env value when launching a pre-installed plugin
  * [`a67478e`](https://github.com/containerd/nri/commit/a67478ed7c0b38454f3ef4e86f36d870c365c0d5) stub: update setIdentify to ensureIdentify
* update module name of the logger plugin ([#41](https://github.com/containerd/nri/pull/41))
  * [`841f5ed`](https://github.com/containerd/nri/commit/841f5ed96067b8d737e39e9df16c55231c350d1d) update module name of the logger plugin
* Add gitignore for build artifacts ([#32](https://github.com/containerd/nri/pull/32))
  * [`8d9c64d`](https://github.com/containerd/nri/commit/8d9c64def7f2ba89a065990e89c2bf39f8046bac) Add gitignore for build artifacts
* Makefile: fix 'install-*' targets. ([#38](https://github.com/containerd/nri/pull/38))
  * [`c03d1be`](https://github.com/containerd/nri/commit/c03d1bee1efca43e4b59395622510844b36cd26c) Makefile: fix 'install-*' targets.
* docs: add a chapter about security considerations. ([#36](https://github.com/containerd/nri/pull/36))
  * [`ab28e71`](https://github.com/containerd/nri/commit/ab28e7136bbf3c41c7344b0430087c1aed47b05a) docs: add a chapter about security considerations.
* api: initialize OCI LinuxMemory resources to empty. ([#37](https://github.com/containerd/nri/pull/37))
  * [`2862d98`](https://github.com/containerd/nri/commit/2862d98443ccdb1162963ee979639fd973ddc37b) api: initialize OCI LinuxMemory resources to empty.
</p>
</details>

### Dependency Changes

* **github.com/Microsoft/hcsshim**  v0.11.0 -> v0.11.1
* **github.com/containerd/log**     v0.1.0 **_new_**
* **github.com/containerd/nri**     v0.3.0 -> v0.4.0
* **github.com/sirupsen/logrus**    v1.9.0 -> v1.9.3
* **github.com/stretchr/testify**   v1.8.2 -> v1.8.4
* **golang.org/x/crypto**           v0.1.0 -> v0.11.0
* **golang.org/x/net**              v0.8.0 -> v0.13.0
* **golang.org/x/sys**              v0.7.0 -> v0.10.0
* **golang.org/x/term**             v0.6.0 -> v0.10.0
* **golang.org/x/text**             v0.8.0 -> v0.11.0

Previous release can be found at [v1.7.6](https://github.com/containerd/containerd/releases/tag/v1.7.6)
### Which file should I download?
* `containerd-<VERSION>-<OS>-<ARCH>.tar.gz`:         ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
* `containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz`:  Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.
* `cri-containerd-<VERSION>-<OS>-<ARCH>.tar.gz`:     (Deprecated)
* `cri-containerd-cni-<VERSION>-<OS>-<ARCH>.tar.gz`: (Deprecated)

In addition to containerd, typically you will have to install [runc](https://github.com/opencontainers/runc/releases)
and [CNI plugins](https://github.com/containernetworking/plugins/releases) from their official sites too.

See also the [Getting Started](https://github.com/containerd/containerd/blob/main/docs/getting-started.md) documentation.
    Unverified

  • v1.6.24

    61f9fd88 · Merge pull request #9087 from akhilerm/prepare-1.6.24 · 
    containerd 1.6.24

Welcome to the v1.6.24 release of containerd!

The twenty-fourth patch release for containerd 1.6 contains various fixes and updates.

### Notable Updates

* **CRI: fix leaked shim caused by high IO pressure** ([#9004](https://github.com/containerd/containerd/pull/9004))
* **Update to go1.20.8** ([#9073](https://github.com/containerd/containerd/pull/9073))
* **Update runc to v1.1.9** ([#8966](https://github.com/containerd/containerd/pull/8966))
* **Backport: add configurable mount options to overlay snapshotter** ([#8961](https://github.com/containerd/containerd/pull/8961))
* **log: cleanups and improvements to decouple more from logrus** ([#9002](https://github.com/containerd/containerd/pull/9002))

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Sebastiaan van Stijn
* Akihiro Suda
* Wei Fu
* Derek McGowan
* Akhil Mohan
* Cardy.Tang
* Danny Canter
* Kazuyoshi Kato
* Mike Brown
* Phil Estes
* Samuel Karp

### Changes
<details><summary>45 commits</summary>
<p>

* [release/1.6] Prepare release notes for v1.6.24 ([#9087](https://github.com/containerd/containerd/pull/9087))
  * [`cdd59290d`](https://github.com/containerd/containerd/commit/cdd59290d051ffd8b5e730f96930c42cad65beac) Prepare release notes for v1.6.24
* [release/1.6 backport] log: cleanups and improvements to decouple more from logrus ([#9002](https://github.com/containerd/containerd/pull/9002))
  * [`33c2d88e7`](https://github.com/containerd/containerd/commit/33c2d88e7809eb42b0e9711c29a35c25a12dc18c) Revert "log: define G() as a function instead of a variable"
  * [`0a7f2975e`](https://github.com/containerd/containerd/commit/0a7f2975efbad7baddb31c36fb142db2a793534c) log: swap logrus functions with their equivalent on default logger
  * [`9d175a19b`](https://github.com/containerd/containerd/commit/9d175a19b7cbe165cb6285c891b384d518e2686b) log: add package documentation and summary of package's purpose
  * [`96fb65529`](https://github.com/containerd/containerd/commit/96fb655290f286eb818bf70f08555cd64ba8e780) log: make Fields type a generic map[string]any
  * [`bace17e2e`](https://github.com/containerd/containerd/commit/bace17e2ead161c06fdd670be532f0c042071bd7) log: add log.Entry type
  * [`dd127885f`](https://github.com/containerd/containerd/commit/dd127885feacdeefc554d7042c49e01002809864) log: define OutputFormat type
  * [`5b4cf2329`](https://github.com/containerd/containerd/commit/5b4cf23295581c70b92db1dc7c30114bc1a8f3c8) log: define G() as a function instead of a variable
  * [`ee1b4a1e2`](https://github.com/containerd/containerd/commit/ee1b4a1e2f844a45c0ba784273501bc490e77aa2) log: add all log-levels that are accepted
  * [`d563a411f`](https://github.com/containerd/containerd/commit/d563a411facc32c8287136d53ca0a744f991f3b4) log: group "enum" consts and touch-up docs
  * [`6e8f4555b`](https://github.com/containerd/containerd/commit/6e8f4555b3f3f155ee9ffe5f3e7cf8e8c2ee10a6) log: WithLogger: remove redundant intermediate var
  * [`c19325559`](https://github.com/containerd/containerd/commit/c193255597662b8a7f16479dd454ba3dd728a3c4) log: SetFormat: include returns in switch
  * [`c3c22f8cb`](https://github.com/containerd/containerd/commit/c3c22f8cbc5b3687bdee79266602bff51e61c84a) log: remove gotest.tools dependency
* [release/1.6] update to go1.20.8 ([#9073](https://github.com/containerd/containerd/pull/9073))
  * [`a2c294800`](https://github.com/containerd/containerd/commit/a2c294800ec11447b497bf7452bbbfba06c0168d) [release/1.6] update to go1.20.8
* [release/1.6 backport] make repositories of install dependencies configurable ([#9024](https://github.com/containerd/containerd/pull/9024))
  * [`0da8dcaa7`](https://github.com/containerd/containerd/commit/0da8dcaa7c93c0b708c375a32328a7b85fd668d8) make repositories of install dependencies configurable
* [release/1.6 backport] update Golang to go1.20.7, minimum version go1.19 ([#9020](https://github.com/containerd/containerd/pull/9020))
  * [`8e6a9de5b`](https://github.com/containerd/containerd/commit/8e6a9de5b5291b97684e948be096317611b37930) update to go1.20.7, go1.19.12
  * [`8b2eb371f`](https://github.com/containerd/containerd/commit/8b2eb371f958f1bfc5bcab5ee70bcad18b2e5efc) Update Go to 1.20.6,1.19.11
  * [`cff669c7a`](https://github.com/containerd/containerd/commit/cff669c7aab055d6b46bbb27fd044aba5e1453d8) update go to go1.20.5, go1.19.10
  * [`f34a22de9`](https://github.com/containerd/containerd/commit/f34a22de99b57e30cd33d3769e3765950475ba07) update go to go1.20.4, go1.19.9
  * [`e8e73065e`](https://github.com/containerd/containerd/commit/e8e73065ec668097067d37381399a80c8107fae1) update go to go1.20.3, go1.19.8
  * [`9b3f950d6`](https://github.com/containerd/containerd/commit/9b3f950d607c3a6c2a3c1b8740c87338a986e203) Go 1.20.2
  * [`17d03ac68`](https://github.com/containerd/containerd/commit/17d03ac681f61cd83c2bc7239956504c25ceb2f4) Go 1.20.1
  * [`861f65447`](https://github.com/containerd/containerd/commit/861f65447c4cc59b2b91e441b24f1c80a730ce2b) go.mod: go 1.19
  * [`81fa93784`](https://github.com/containerd/containerd/commit/81fa937842ac2501f777e23cddab8c7a573bd318) Stop using math/rand.Read and rand.Seed (deprecated in Go 1.20)
  * [`70dc11a6c`](https://github.com/containerd/containerd/commit/70dc11a6c1258891aa281815bb94d4bdc1194fe7) lint: remove `//nolint:dupword` that are no longer needed
  * [`fec784a06`](https://github.com/containerd/containerd/commit/fec784a06ad4276574dfb16ff631f9839f3b676c) lint: silence "SA1019: tar.TypeRegA has been deprecated... (staticheck)"
  * [`6648df1ad`](https://github.com/containerd/containerd/commit/6648df1ada2575df6adcaf295b611d966d3308d7) lint: silence "type `HostFileConfig` is unused (unused)"
  * [`e6b268bc7`](https://github.com/containerd/containerd/commit/e6b268bc703b5903de719533a8fbe0307767342c) golangci-lint v1.51.1
  * [`c552ccf67`](https://github.com/containerd/containerd/commit/c552ccf6769245e1531212505fa75e89f6f6ff1c) go.mod: golang.org/x/sync v0.1.0
* [releases/1.6] *: fix leaked shim caused by high IO pressure ([#9004](https://github.com/containerd/containerd/pull/9004))
  * [`d00af5c3e`](https://github.com/containerd/containerd/commit/d00af5c3ea1a290112b3a56bee31023ef1d2019d) integration: issue7496 case should work for runc.v2 only
  * [`583696e4e`](https://github.com/containerd/containerd/commit/583696e4e0b055b8a0f860b9ed7f31f0f3127ff4) Vagrantfile: add strace tool
  * [`ab21d60d2`](https://github.com/containerd/containerd/commit/ab21d60d27d1d7c87423e9b4ecb076358762e89b) pkg/cri/server: add criService as argument when handle exit event
  * [`a229883cb`](https://github.com/containerd/containerd/commit/a229883cb1bffecbd8bd4d41ab19c99110bbd189) pkg/cri/server: fix leaked shim issue
  * [`d8f824200`](https://github.com/containerd/containerd/commit/d8f824200cdc39410bf9a4d110073186d6864f64) integration: add case to reproduce #7496
* [release/1.6] Cherry-pick: [overlay] add configurable mount options to overlay snapshotter ([#8961](https://github.com/containerd/containerd/pull/8961))
  * [`8cd40e1d0`](https://github.com/containerd/containerd/commit/8cd40e1d0f13e5ddfef13833b265f6dfa298ec69) Add configurable mount options to overlay
  * [`453fa397a`](https://github.com/containerd/containerd/commit/453fa397a1f0f00871ff1ca4314b65e898e33661) feat: make overlay sync removal configurable
* [release/1.6 backport] update runc binary to v1.1.9 ([#8966](https://github.com/containerd/containerd/pull/8966))
  * [`4cb7764df`](https://github.com/containerd/containerd/commit/4cb7764df8025d0a6edb34f6b69daf6c2abe6ad0) update runc binary to v1.1.9
</p>
</details>

### Dependency Changes

* **golang.org/x/sync**  036812b2e83c -> v0.1.0

Previous release can be found at [v1.6.23](https://github.com/containerd/containerd/releases/tag/v1.6.23)
    Unverified

  • v1.7.6

    091922f0 · Merge pull request #9085 from dmcgowan/prepare-1.7.6 · 
    containerd 1.7.6

Welcome to the v1.7.6 release of containerd!

The sixth patch release for containerd 1.7 contains various fixes and updates.

### Notable Updates

* **Fix log package for clients overwriting the global logger** ([#9032](https://github.com/containerd/containerd/pull/9032))
* **Fix blockfile snapshotter copy on Darwin** ([#9047](https://github.com/containerd/containerd/pull/9047))
* **Add support for Linux usernames on non-Linux platforms** ([#9015](https://github.com/containerd/containerd/pull/9015))
* **Update Windows platform matcher to invoke stable ABI compability function** ([#9069](https://github.com/containerd/containerd/pull/9069))
* **Update Golang to 1.20.8** ([#9074](https://github.com/containerd/containerd/pull/9074))
* **Update push to inherit distribution sources from parent** ([#9084](https://github.com/containerd/containerd/pull/9084))

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Derek McGowan
* Kirtana Ashok
* Phil Estes
* Akihiro Suda
* Danny Canter
* Sebastiaan van Stijn
* Akhil Mohan
* Maksym Pavlenko
* Samuel Karp
* Wei Fu

### Changes
<details><summary>20 commits</summary>
<p>

* [release/1.7] Prepare release notes for 1.7.6 ([#9085](https://github.com/containerd/containerd/pull/9085))
  * [`3e09c65b2`](https://github.com/containerd/containerd/commit/3e09c65b21bdda743f5f5de9fb392a25f6a342be) Prepare release notes for v1.7.6
* [release/1.7] Invoke Stable ABI compatibility function in windows platform matcher ([#9069](https://github.com/containerd/containerd/pull/9069))
  * [`c7a35ccdc`](https://github.com/containerd/containerd/commit/c7a35ccdcc674e42c2364f062890b1e40507f543) Fix transfer service dependencies:
  * [`38d4e506d`](https://github.com/containerd/containerd/commit/38d4e506dd261b48bffbdd04e775d2b687290e2f) Invoke Stable ABI compatibility function in windows platform matcher
* [release/1.7] push: inherit distribution sources from parent ([#9084](https://github.com/containerd/containerd/pull/9084))
  * [`5ebf05d97`](https://github.com/containerd/containerd/commit/5ebf05d97e2ef1b09d427118911a89c55059b0fe) push: inherit distribution sources from parent
  * [`d206896dd`](https://github.com/containerd/containerd/commit/d206896ddd965ab72605aca4337293c056fdd21b) content: add InfoProvider interface
* [release/1.7] update to go1.20.8 ([#9074](https://github.com/containerd/containerd/pull/9074))
  * [`423693d7b`](https://github.com/containerd/containerd/commit/423693d7b481e4bd8adb7b0ed76cec0b2cb96724) [release/1.7] update to go1.20.8
* [release/1.7] Update hcsshim tag to v0.11.0 ([#9063](https://github.com/containerd/containerd/pull/9063))
  * [`ddffc7c9a`](https://github.com/containerd/containerd/commit/ddffc7c9a1e5b6d73953a7f5f8a04170dc45c62a) Update hcsshim tag to v0.11.0
* [release/1.7] CRI: Support Linux usernames for !linux platforms ([#9015](https://github.com/containerd/containerd/pull/9015))
  * [`b449440a4`](https://github.com/containerd/containerd/commit/b449440a40896d5c8f78460354eb2f5506432180) CRI: Support Linux usernames for !linux platforms
* [release/1.7] Blockfile: Enlighten blockfile copy on Darwin ([#9047](https://github.com/containerd/containerd/pull/9047))
  * [`ed4bac11e`](https://github.com/containerd/containerd/commit/ed4bac11e5a60aaa3283f998313522d19d54c7f8) Blockfile: Enlighten blockfile copy on Darwin
* [release/1.7 backport] Revert "log: define G() as a function instead of a variable" ([#9032](https://github.com/containerd/containerd/pull/9032))
  * [`4d1cfbbdd`](https://github.com/containerd/containerd/commit/4d1cfbbddb57ec10a3e55f71ae5a590091b6e3ab) Revert "log: define G() as a function instead of a variable"
* [release/1.7 backport] make repositories of install dependencies configurable ([#9025](https://github.com/containerd/containerd/pull/9025))
  * [`a34e93241`](https://github.com/containerd/containerd/commit/a34e93241254112f8bab49a27f5aeee1f2317d9f) make repositories of install dependencies configurable
</p>
</details>

### Dependency Changes

* **github.com/Microsoft/hcsshim**  v0.10.0-rc.8 -> v0.11.0

Previous release can be found at [v1.7.5](https://github.com/containerd/containerd/releases/tag/v1.7.5)
    Unverified

  • v1.7.5

    fe457eb9 · Merge pull request #9010 from dmcgowan/prepare-1.7.5 · 
    containerd 1.7.5

Welcome to the v1.7.5 release of containerd!

The fifth patch release for containerd 1.7 fixes a versioning issue from
the previous release and includes some internal logging API changes.

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Sebastiaan van Stijn
* Derek McGowan
* Akihiro Suda
* Antonio Huete Jimenez
* Phil Estes
* Samuel Karp

### Changes
<details><summary>18 commits</summary>
<p>

* [release/1.7] Prepare release notes for 1.7.5 ([#9010](https://github.com/containerd/containerd/pull/9010))
  * [`93b23eb10`](https://github.com/containerd/containerd/commit/93b23eb106f416179ea2fa9c0db621a9fa19c8e9) Prepare release notes for v1.7.5
  * [`fb1292c8d`](https://github.com/containerd/containerd/commit/fb1292c8de8b4ca8b273f9c500ef5da0f541c4fa) Bump version to v1.7.4
* [release/1.7 backport] go.mod: github.com/containerd/continuity v0.4.2 ([#9012](https://github.com/containerd/containerd/pull/9012))
  * [`503ab21bf`](https://github.com/containerd/containerd/commit/503ab21bfc4c5be65cba0b6b58aa2968a44bbe65) go.mod: github.com/containerd/continuity v0.4.2
* [release/1.7 backport] log: cleanups and improvements to decouple more from logrus ([#9001](https://github.com/containerd/containerd/pull/9001))
  * [`2a9ae3c51`](https://github.com/containerd/containerd/commit/2a9ae3c51132080940d40343175e0d3eb2a111fc) log: swap logrus functions with their equivalent on default logger
  * [`01445bb73`](https://github.com/containerd/containerd/commit/01445bb7386b98271b383b76e3d9007dabee03e8) log: add package documentation and summary of package's purpose
  * [`932795f45`](https://github.com/containerd/containerd/commit/932795f4526ad4dd5d76e2d9b4c1daeaeab19172) log: make Fields type a generic map[string]any
  * [`707ca94d8`](https://github.com/containerd/containerd/commit/707ca94d890dbea1be767312483522a98f6c5969) log: add log.Entry type
  * [`0a79e67e4`](https://github.com/containerd/containerd/commit/0a79e67e4f7bff1128c81ee14a8b2a74a8c55c51) log: define OutputFormat type
  * [`dbbe28b7d`](https://github.com/containerd/containerd/commit/dbbe28b7d1cc6137ed9fff1bcd8ed5e3ec442059) log: define G() as a function instead of a variable
  * [`93b6cb784`](https://github.com/containerd/containerd/commit/93b6cb78456b642a5470b24e9ec1fca17ec12e49) log: add all log-levels that are accepted
  * [`e8e086e02`](https://github.com/containerd/containerd/commit/e8e086e02bbcb078297302bc77a126647606c898) log: group "enum" consts and touch-up docs
  * [`7aa4f8fdc`](https://github.com/containerd/containerd/commit/7aa4f8fdccea58b2816fe7fe818653100cadfb98) log: WithLogger: remove redundant intermediate var
  * [`bfdce4ce4`](https://github.com/containerd/containerd/commit/bfdce4ce4bc922ab4990a71f4a5f31a8e2c0224d) log: SetFormat: include returns in switch
  * [`6621e0888`](https://github.com/containerd/containerd/commit/6621e08887d94b90d3c9b3756acff02573cdc147) log: remove testify dependency
  * [`df76aaede`](https://github.com/containerd/containerd/commit/df76aaede4b741e9436ced76dea71946d8f29684) removes/docker: remove unnecessary conversion (unconvert)
</p>
</details>

### Changes from containerd/continuity
<details><summary>2 commits</summary>
<p>

* Add initial DragonFly BSD support ([#230](https://github.com/containerd/continuity/pull/230))
  * [`bcc6e25`](https://github.com/containerd/continuity/commit/bcc6e254708e0ace144a3d590a631db61da0a659) dragonfly: Initial porting work
</p>
</details>

### Dependency Changes

* **github.com/containerd/continuity**  1e0d26eb2381 -> v0.4.2

Previous release can be found at [v1.7.4](https://github.com/containerd/containerd/releases/tag/v1.7.4)
    Unverified

  • v1.7.4

    488cd77c · Merge pull request #9000 from dcantah/1.7.4-release · 
    containerd 1.7.4

Welcome to the v1.7.4 release of containerd!

The fourth patch release for containerd 1.7 contains remote differ plugin support,
a new block file based snapshotter, and various fixes and updates.

### Notable Updates

* **Add blockfile snapshotter** ([#8986](https://github.com/containerd/containerd/pull/8986))
* **Add remote/proxy differ** ([#8985](https://github.com/containerd/containerd/pull/8985))
* **Update runc binary to v1.1.9** ([#8965](https://github.com/containerd/containerd/pull/8965))
* **Cri: Don't use rel path for image volumes** ([#8926](https://github.com/containerd/containerd/pull/8926))
* **Allow attaching to any combination of stdin/out/err** ([#8910](https://github.com/containerd/containerd/pull/8910))
* **Fix ro mount option being passed** ([#8887](https://github.com/containerd/containerd/pull/8887))
* **Fix leaked shim caused by high IO pressure** ([#9003](https://github.com/containerd/containerd/pull/9003))
* **Add configurable mount options to overlay snapshotter** ([#9005](https://github.com/containerd/containerd/pull/9005))

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

### Contributors

* Wei Fu
* Derek McGowan
* Akihiro Suda
* Kazuyoshi Kato
* Cardy.Tang
* Phil Estes
* Ben Foster
* Danny Canter
* Hsing-Yu (David) Chen
* James Jenkins
* James Sturtevant
* Maksym Pavlenko
* Rodrigo Campos
* Sebastiaan van Stijn
* rongfu.leng

### Changes
<details><summary>43 commits</summary>
<p>

* [release/1.7] Prepare release notes for v1.7.4 ([#9000](https://github.com/containerd/containerd/pull/9000))
  * [`7a0cae3ca`](https://github.com/containerd/containerd/commit/7a0cae3ca1acf9a5ab4df4f77ee1b7cc6c3306ce) [release/1.7] Prepare release notes for v1.7.4
* [releases/1.7] *: fix leaked shim caused by high IO pressure ([#9003](https://github.com/containerd/containerd/pull/9003))
  * [`537d7526e`](https://github.com/containerd/containerd/commit/537d7526e44bcefe509614abc04930345fbdb941) integration: issue7496 case should work for runc.v2 only
  * [`5add172be`](https://github.com/containerd/containerd/commit/5add172be5d27d1f98b430a6775da0256afc1e82) Vagrantfile: add strace tool
  * [`207e28f36`](https://github.com/containerd/containerd/commit/207e28f36dd9daa7ef412c0c2b7b32af3356a2da) integration: add ShouldRetryShutdown case based on #7496
  * [`b4f480fb3`](https://github.com/containerd/containerd/commit/b4f480fb30f71ec15055cab0421aa16258ac4b58) pkg/cri/sbserver: fix leaked shim issue for podsandbox mode
  * [`88ff575c5`](https://github.com/containerd/containerd/commit/88ff575c5cecf81ea7ef78079941521123b451de) pkg/cri/server: fix leaked shim issue
  * [`9f61dfb7c`](https://github.com/containerd/containerd/commit/9f61dfb7c50dea7bdf4326cf7b04a2ec088b81a5) integration: add case to reproduce #7496
* [release/1.7] Cherry-pick: [overlay] add configurable mount options to overlay snapshotter ([#9005](https://github.com/containerd/containerd/pull/9005))
  * [`0f4885c16`](https://github.com/containerd/containerd/commit/0f4885c1660d2b1a855e79751daf5367fc679079) Add configurable mount options to overlay
  * [`8804a27d7`](https://github.com/containerd/containerd/commit/8804a27d72275497e4a590b92832d4f1076b43dc) feat: make overlay sync removal configurable
* [release/1.7] Remove temporary replace ([#8997](https://github.com/containerd/containerd/pull/8997))
  * [`1c2dd5198`](https://github.com/containerd/containerd/commit/1c2dd5198e5d3d6d111d37a68ad67ae37adf6101) Remove temporary replace
* [release/1.7] Add blockfile snapshotter ([#8986](https://github.com/containerd/containerd/pull/8986))
  * [`2bf6bd143`](https://github.com/containerd/containerd/commit/2bf6bd1431512c59f91318e817ee83c4adfcd282) vendor: update github.com/containerd/continuity
  * [`30a163086`](https://github.com/containerd/containerd/commit/30a163086959b89459b8193884f669561bb56f9e) snapshots|pkg: umount without DETACH and nosync after umount
  * [`c9eebe3d1`](https://github.com/containerd/containerd/commit/c9eebe3d1151ba3e523c2f0473e61132edf95a72) mount: support direct-io for loopback device
  * [`1c2977db0`](https://github.com/containerd/containerd/commit/1c2977db01efdd4a5aaff79d72d7e21b19d0f59a) Modify loopback size
  * [`cf9c78d2d`](https://github.com/containerd/containerd/commit/cf9c78d2d9eb7c3d66d1a94768d63b4f8482c4b2) snapshots/blockfile: fix lint issue
  * [`b823b4f54`](https://github.com/containerd/containerd/commit/b823b4f546cec4a9d92f9a8ed5b606cbffa287f9) snapshots/blockfile: deflaky the testsuite
  * [`6daeceb11`](https://github.com/containerd/containerd/commit/6daeceb1168303548ddc0d1af420813ad8475ceb) snapshots/blockfile: use passed in dst in scratchGenerator
  * [`99b61aee3`](https://github.com/containerd/containerd/commit/99b61aee341fa89370524e49b42212cea79d9fbc) snapshots/blockfile: use loop if options is empty
  * [`fd39769ac`](https://github.com/containerd/containerd/commit/fd39769ac70a382a0b4459080cb2f10c40842182) Add mount options to blockfile snapshotter
  * [`8d732c6c2`](https://github.com/containerd/containerd/commit/8d732c6c22d6e723f65be957427b16d48e1d488d) Add sync before unmount on snapshotter layer test
  * [`8472a407e`](https://github.com/containerd/containerd/commit/8472a407e0eb91f4e10d9e446bdfd439d11cfd55) Add blockfile snapshotter to snapshotters doc
  * [`6740d77ca`](https://github.com/containerd/containerd/commit/6740d77cae44522820e7575eb9d105e6c5b8d56b) Add blockfile as a builtin
  * [`07cc24b32`](https://github.com/containerd/containerd/commit/07cc24b32a319fb72622453f40ee8c338062df95) Add blockfile snapshotter
* [release/1.7] Backport remote/proxy differ ([#8985](https://github.com/containerd/containerd/pull/8985))
  * [`32e3b76ee`](https://github.com/containerd/containerd/commit/32e3b76ee70fea42234b95ef01f78a13ac7c5c1d) Add diffservice to contrib
  * [`661e505c8`](https://github.com/containerd/containerd/commit/661e505c8239e97710bac220edf735f06027dbda) Add proxy differ
* [release/1.7 backport] update runc binary to v1.1.9 ([#8965](https://github.com/containerd/containerd/pull/8965))
  * [`af79c07fd`](https://github.com/containerd/containerd/commit/af79c07fd69cd20b97b37a903ee6c6957e4628ec) update runc binary to v1.1.9
* [release/1.7] Port fix for Linux Integration test failure ([#8950](https://github.com/containerd/containerd/pull/8950))
  * [`c0b1c8f74`](https://github.com/containerd/containerd/commit/c0b1c8f74aa5616c5e27845d18d4dca5ab30f9fd) fix ci Linux Integration test fail
* [release/1.7] cri: Don't use rel path for image volumes ([#8926](https://github.com/containerd/containerd/pull/8926))
  * [`4e97a115f`](https://github.com/containerd/containerd/commit/4e97a115f702bd7de43ee17442a96f3537007a07) cri: Don't use rel path for image volumes
* [release/1.7] fix: allow attaching to any combination of stdin/stdout/stderr ([#8910](https://github.com/containerd/containerd/pull/8910))
  * [`34a5d0330`](https://github.com/containerd/containerd/commit/34a5d033007eaae0530a89470407fbe920eec033) fix: allow attaching to any combination of stdin/stdout/stderr
* [release/1.7 backport] update to go1.20.7, go1.19.12 ([#8906](https://github.com/containerd/containerd/pull/8906))
  * [`c5e7b84c0`](https://github.com/containerd/containerd/commit/c5e7b84c08b507f93b2df6d393eede3ff75f4e2f) update to go1.20.7, go1.19.12
* [release/1.7] cherry-pick: Fix ro mount option being passed ([#8887](https://github.com/containerd/containerd/pull/8887))
  * [`2eaeb3205`](https://github.com/containerd/containerd/commit/2eaeb3205a1bd61b385a259d43f29ccc09993e18) Fix ro mount option being passed
</p>
</details>

### Changes from containerd/continuity
<details><summary>4 commits</summary>
<p>

* fs: use io.Copy because go supports CopyFileRange ([#227](https://github.com/containerd/continuity/pull/227))
  * [`4b8bec5`](https://github.com/containerd/continuity/commit/4b8bec5682b6d50a6fba026303fb42a6369851a6) fs: use io.Copy because go supports CopyFileRange
* fs/fstest: CreateFile should use sync ([#228](https://github.com/containerd/continuity/pull/228))
  * [`3fa7d7a`](https://github.com/containerd/continuity/commit/3fa7d7a5ec66805f9f099001d3fe83f11fb80c0c) fs/fstest: CreateFile should use sync
</p>
</details>

### Dependency Changes

* **github.com/AdaLogics/go-fuzz-headers**    1f10f66a31bf -> ced1acdcaa24
* **github.com/AdamKorcz/go-118-fuzz-build**  5330a85ea652 -> 8075edf89bb0
* **github.com/containerd/continuity**        v0.4.1 -> 1e0d26eb2381

Previous release can be found at [v1.7.3](https://github.com/containerd/containerd/releases/tag/v1.7.3)
    Unverified