Welcome to the v1.3.3 release of containerd!

The third patch release for containerd 1.3 includes a few runtime fixes and
important dependency updates.

Runtime

• Close platform in runc's shim Shutdown method containerd/containerd#3907
• Fix eventfd leak containerd/containerd#3961

API

• Fix API filters to properly handle and return parse errors containerd/containerd#3950

Other Updates

• Update the runc vendor to v1.0.0-rc10 which includes a mitigation for CVE-2019-19921.
• Update the opencontainers/selinux which includes a mitigation for CVE-2019-16884.
• Update Golang runtime to 1.12.16, mitigating the CVE-2020-0601 certificate verification bypass on Windows, and CVE-2020-7919, which only affects 32-bit architectures.
• Update Golang runtime to 1.12.15, which includes a fix to the runtime (Go 1.12.14, Go 1.12.15) and and the net/http package (Go 1.12.15)
• Update the gopkg.in/yaml.v2 vendor to v2.2.8 with a mitigation for CVE-2019-11253

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Phil Estes
• Derek McGowan
• Sebastiaan van Stijn
• Akihiro Suda
• Davanum Srinivas
• Lantao Liu
• Mike Brown
• Seth Pellegrino
• Michael Crosby
• Erik Sipsma
• Maksym Pavlenko
• Shengjing Zhu

Changes

• d76c121f76 Merge pull request #4004 from dmcgowan/prepare-1.3.3
• 5f15602214 Add release notes for v1.3.3
• 7eac412007 Update mailmap
• 163fb0bd28 Merge pull request #4003 from dmcgowan/1.3-update-yaml
• d4345c335c Update yaml dependency
• aa877d788e Merge pull request #3998 from dmcgowan/bump-cri-1.3
• db4c58b8c1 Update CRI vendor for 1.3
• 8366042ca3 Merge pull request #3989 from thaJeztah/1.3_bump_golang_1.12.16
• 14d166c632 [release/1.3] vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1
• d1e31f9f2d Update Golang 1.12.16 (CVE-2020-0601, CVE-2020-7919)
• 9cf15235d0 Merge pull request #3980 from dims/bump-opencontainers/selinux-for-CVE-2019-16884-release-1.3
• 3074db3a4b Pick up fix for CVE-2019-16884 in opencontainers/selinux
• da15d825c0 Merge pull request #3976 from dims/update-to-new-rc10-of-opencontainers/runc-release-1.3
• 0db3c9b780 Bump to opencontainers/runc new version - v1.0.0-rc10
• a375ee006e Merge pull request #3967 from thaJeztah/1.3_bump_golang_1.12.15
• 72d9dd9bb4 Update Golang 1.12.15
• 92dc96af08 Merge pull request #3961 from sethp-nr/fix/eventfd-leak-1.3-backport
• 03ee836eea fix: repair bad merge
• c458f2fb41 fix: eventfd leak for v2 runtime with v1 cgroups
• 258e10ddd6 fix: eventfd leak
• eb5e164812 Merge pull request #3953 from dmcgowan/backport-1.3-filters-fix
• 7d0e217f53 Fix filter errors
• 095a1afb19 Merge pull request #3947 from dmcgowan/backport-1.3-skip-tests
• e7c463a1c7 Add Makefile variable to skip test packages
• bc7c9547b1 Merge pull request #3945 from zhsj/bpo-3939
• 054ce5844f platforms: fill default arm variant when parse platform specifier
• b71555a8ba Merge pull request #3928 from zhsj/bpo-3720
• e49256efa5 Fix flaky btrfs test
• e4356016b6 Merge pull request #3926 from zhsj/bpo-3744
• 2a38589a59 Move flag.Parse in tests to TestMain
• a24269519b Merge pull request #3917 from thaJeztah/1.3_bump_golang_1.12.14
• f4824d5a61 Update Golang 1.12.14
• bc43dc071b Merge pull request #3907 from estesp/cp-platform-close-fix
• e7a6dda431 runtime v2: Close platform in runc shim's Shutdown method.
• cbc39d6968 Merge pull request #3908 from estesp/cp-3898-1.3
• 7b1a7de030 Disable criu tests in Travis CI

Changes from containerd/cri

• 50b9e10e Merge pull request #1394 from thaJeztah/1.3_backport_bump_yaml
• 65b9fd5c vendor: bump gopkg.in/yaml.v2 v2.2.8
• e120c0f9 Merge pull request #1390 from dims/update-to-k8s-1.16.6-in-release/1.3
• 0f1864a9 update kubernetes and its dependencies to v1.16.6
• 74bb9981 Merge pull request #1391 from dims/sync-vendors-with-containerd-in-release/1.3
• fb60c982 Update code for latest containerd.
• ca26289c sort containerd dependencies
• d64edd3c Sync vendors with containerd 1.3.2
• 5d01a3ab Merge pull request #1386 from thaJeztah/1.3_backport_bump_kubernetes_1.16.3
• b350e255 update kubernetes dependency to v1.16.3
• 416bde48 Merge pull request #1373 from Random-Liu/cherrypick-#1363-release-1.3
• e6304e9f Validate and update the right config
• 945cb97b Merge pull request #1360 from AkihiroSuda/fix-runcv2-nopivot
• 63817131 [release/1.3] fix NoPivot for RuntimeRuncV2
• fa8c5273 Merge pull request #1353 from Random-Liu/cherrypick-#1351-release-1.3
• 74d07436 Better handle unknown state.

Dependency Changes

Previous release can be found at v1.3.2

• github.com/containerd/cri b1bef15fbeb6c6f0569b67322acfa74ca3597755 -> 50b9e10ea54a9b57049fe311e4fe0a96277ef1c2
• github.com/json-iterator/go v1.1.7 -> v1.1.8
• github.com/opencontainers/runc d736ef14f0288d6993a1845745d6756cfc9ddd5a -> dc9208a3303feef5b3839f4323d9beb36df0a9dd
• github.com/opencontainers/selinux v1.2.2 -> 5215b1806f52b1fcc2070a8826c542c9d33cd3cf
• golang.org/x/crypto 5c40567a22f818bd14a1ea7245dad9f8ef0691aa -> 69ecbb4d6d5dab05e49161c6e77ea40a030884e1
• golang.org/x/time 85acf8d2951cb2a3bde7632f9ff273ef0379bcbd -> 9d24e82272b4f38b78bc8cff74fa936d31ccd8ef
• gopkg.in/inf.v0 v0.9.0 -> v0.9.1
• gopkg.in/yaml.v2 v2.2.2 -> 53403b58ad1b561927d19068c655246f2db79d48
• k8s.io/api kubernetes-1.16.0-rc.2 -> kubernetes-1.16.6
• k8s.io/apimachinery kubernetes-1.16.0-rc.2 -> kubernetes-1.16.6
• k8s.io/apiserver kubernetes-1.16.0-rc.2 -> kubernetes-1.16.6
• k8s.io/client-go kubernetes-1.16.0-rc.2 -> kubernetes-1.16.6
• k8s.io/cri-api kubernetes-1.16.0-rc.2 -> kubernetes-1.16.6
• k8s.io/klog v0.4.0 -> v1.0.0
• k8s.io/kubernetes v1.16.0-rc.2 -> v1.16.6
• k8s.io/utils c2654d5206da6b7b6ace12841e8f359bb89b443c -> e782cd3c129fc98ee807f3c889c0f26eb7c9daf5