From aef782f34844e70c79481cbecd35b01c9bb25ffa Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 17 Nov 2021 21:25:05 +0100 Subject: [PATCH] update containerd binary to v1.5.8 The eighth patch release for containerd 1.5 contains a mitigation for CVE-2021-41190 as well as several fixes and updates. Notable Updates * Handle ambiguous OCI manifest parsing * Filter selinux xattr for image volumes in CRI plugin * Use DeactiveLayer to unlock layers that cannot be renamed in Windows snapshotter * Fix pull failure on unexpected EOF * Close task IO before waiting on delete * Log a warning for ignored invalid image labels rather than erroring * Update pull to handle of non-https urls in descriptors See the changelog for complete list of changes Signed-off-by: Sebastiaan van Stijn --- hack/dockerfile/install/containerd.installer | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/dockerfile/install/containerd.installer b/hack/dockerfile/install/containerd.installer index 94e82cfdc1..ca5cc7cce0 100755 --- a/hack/dockerfile/install/containerd.installer +++ b/hack/dockerfile/install/containerd.installer @@ -15,7 +15,7 @@ set -e # the binary version you may also need to update the vendor version to pick up # bug fixes or new APIs, however, usually the Go packages are built from a # commit from the master branch. -: "${CONTAINERD_VERSION:=v1.5.7}" +: "${CONTAINERD_VERSION:=v1.5.8}" install_containerd() ( echo "Install containerd version $CONTAINERD_VERSION"