+
Skip to content

Releases: cri-o/cri-o

v1.33.2

02 Jul 00:27
0da1b7c
Compare
Choose a tag to compare

CRI-O v1.33.2

The release notes have been generated for the commit range
v1.33.1...v1.33.2 on Wed, 02 Jul 2025 00:25:39 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.33.2.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.33.2 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.33.2 \
    --signature cri-o.amd64.v1.33.2.tar.gz.sig \
    --certificate cri-o.amd64.v1.33.2.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.33.2.tar.gz
> bom validate -e cri-o.amd64.v1.33.2.tar.gz.spdx -d cri-o

Changelog since v1.33.1

Changes by Kind

Uncategorized

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.32.6

02 Jul 00:27
8e1af22
Compare
Choose a tag to compare

CRI-O v1.32.6

The release notes have been generated for the commit range
v1.32.5...v1.32.6 on Wed, 02 Jul 2025 00:25:35 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.32.6.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.32.6 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.32.6 \
    --signature cri-o.amd64.v1.32.6.tar.gz.sig \
    --certificate cri-o.amd64.v1.32.6.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.32.6.tar.gz
> bom validate -e cri-o.amd64.v1.32.6.tar.gz.spdx -d cri-o

Changelog since v1.32.5

Changes by Kind

Bug or Regression

  • Fix a potential deadlock when an infra container is taking a long time to exit and the sandbox's readiness is blocked on the infra container's opLock (#9224, @haircommander)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.31.10

02 Jul 00:28
ce48a32
Compare
Choose a tag to compare

CRI-O v1.31.10

The release notes have been generated for the commit range
v1.31.9...v1.31.10 on Wed, 02 Jul 2025 00:25:43 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.31.10.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.31.10 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.31.10 \
    --signature cri-o.amd64.v1.31.10.tar.gz.sig \
    --certificate cri-o.amd64.v1.31.10.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.31.10.tar.gz
> bom validate -e cri-o.amd64.v1.31.10.tar.gz.spdx -d cri-o

Changelog since v1.31.9

Changes by Kind

Bug or Regression

Uncategorized

  • Fix a potential deadlock when an infra container is taking a long time to exit and the sandbox's readiness is blocked on the infra container's opLock (#9291, @openshift-cherrypick-robot)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.32.5

04 Jun 00:40
9607a04
Compare
Choose a tag to compare

CRI-O v1.32.5

The release notes have been generated for the commit range
v1.32.4...v1.32.5 on Wed, 04 Jun 2025 00:34:03 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.32.5.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.32.5 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.32.5 \
    --signature cri-o.amd64.v1.32.5.tar.gz.sig \
    --certificate cri-o.amd64.v1.32.5.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.32.5.tar.gz
> bom validate -e cri-o.amd64.v1.32.5.tar.gz.spdx -d cri-o

Changelog since v1.32.4

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.30.14

04 Jun 00:41
0a197ae
Compare
Choose a tag to compare

CRI-O v1.30.14

The release notes have been generated for the commit range
v1.30.13...v1.30.14 on Wed, 04 Jun 2025 00:34:05 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.30.14.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.30.14 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.30.14 \
    --signature cri-o.amd64.v1.30.14.tar.gz.sig \
    --certificate cri-o.amd64.v1.30.14.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.30.14.tar.gz
> bom validate -e cri-o.amd64.v1.30.14.tar.gz.spdx -d cri-o

Changelog since v1.30.13

Changes by Kind

Uncategorized

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.33.1

03 Jun 00:41
de5978d
Compare
Choose a tag to compare

CRI-O v1.33.1

The release notes have been generated for the commit range
v1.33.0...v1.33.1 on Tue, 03 Jun 2025 00:34:34 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.33.1.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.33.1 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.33.1 \
    --signature cri-o.amd64.v1.33.1.tar.gz.sig \
    --certificate cri-o.amd64.v1.33.1.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.33.1.tar.gz
> bom validate -e cri-o.amd64.v1.33.1.tar.gz.spdx -d cri-o

Changelog since v1.33.0

Changes by Kind

Uncategorized

  • Fix a potential deadlock when an infra container is taking a long time to exit and the sandbox's readiness is blocked on the infra container's opLock (#9214, @openshift-cherrypick-robot)
  • Fixes a crash introduced in 1.33.0 when cleaning up a pod that uses HostPorts
    on a system that has either just iptables (but not nftables) or just nftables
    (but not iptables). (#9241, @openshift-cherrypick-robot)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.31.9

03 Jun 00:41
0ba90a5
Compare
Choose a tag to compare

CRI-O v1.31.9

The release notes have been generated for the commit range
v1.31.8...v1.31.9 on Tue, 03 Jun 2025 00:34:33 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.31.9.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.31.9 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.31.9 \
    --signature cri-o.amd64.v1.31.9.tar.gz.sig \
    --certificate cri-o.amd64.v1.31.9.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.31.9.tar.gz
> bom validate -e cri-o.amd64.v1.31.9.tar.gz.spdx -d cri-o

Changelog since v1.31.8

Changes by Kind

Uncategorized

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.33.0

16 May 00:26
9d143f9
Compare
Choose a tag to compare

CRI-O v1.33.0

The release notes have been generated for the commit range
v1.32.0...v1.33.0 on Fri, 16 May 2025 00:24:44 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.33.0.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.33.0 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.33.0 \
    --signature cri-o.amd64.v1.33.0.tar.gz.sig \
    --certificate cri-o.amd64.v1.33.0.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.33.0.tar.gz
> bom validate -e cri-o.amd64.v1.33.0.tar.gz.spdx -d cri-o

Changelog since v1.32.0

Changes by Kind

Other

Deprecation

  • Explicit configuration for LimitNOFILE in the reference crio.service systemd service file is removed.

Warning: Administrators on platforms running versions less than systemd 240 should explicitly configure LimitNOFILE=1024:524288 or risk falling back to the kernel default of 4096. (#8962, @saschagrunert)

API Change

Feature

  • Add option to enable/disable OCI Artifact mount. (#9147, @bitoku)
  • Add support for OCI Artifact (#9062, @bitoku)
  • Added OCI artifact store support. This means that CRI-O now stores artifacts per default in
    /var/lib/containers/storage/artifacts, which are handled as pinned images. The artifacts
    are pullable using crictl pull and will also show-up in crictl images. It is also possible to
    crictl inspecti them as well as deleting them using crictl rmi. (#8996, @saschagrunert)
  • Added image volume subpath support for Kubernetes v1.33 (kubernetes/enhancements#4639). (#9050, @saschagrunert)
  • Added multi-architecture artifacts support. (#9194, @bitoku)
  • Added new metric container_spec_memory_limit_bytes to display the memory limit of containers in bytes. (#9140, @bingikarthik)
  • Added option --privileged-seccomp-profile / privileged_seccomp_profile to allow specifying a seccomp profile for privileged containers. (#9190, @saschagrunert)
  • Added runtime config block to the StatusResponse returned by the CRI Status endpoint. (#9129, @tariq1890)
  • Added support for OCI artifact mount sub paths. (#9159, @saschagrunert)
  • Added support for handling CNAI models from OCI artifacts. (#9131, @saschagrunert)
  • Experimental support for FreeBSD. (#7727, @dfr)
  • Signature verification for image volumes (#9060, @xw19)

Bug or Regression

  • Decouple CNI plugin initialization from CRI-O health checks. (#8911, @sohankunkerkar)
  • Fix a panic when default_annotations are used (#8867, @haircommander)
  • Fix artifact handling to retrieve artifact status using both the canonical name and the short name. (#9081, @bitoku)
  • Fix log rotation failure during pod termination (#8868, @bitoku)
  • Fixed bug to allow conmon_cgroup to be empty when cgroup manager is cgroupfs . (#8888, @xw19)
  • Fixed context cancellation when image pull progress timeout is 0 (--pull-progress-timeout=0 / pull_progress_timeout=0) (#8998, @saschagrunert)
  • Fixed log format from klog. (#8918, @bitoku)
  • Prevent multiple crio wipes on reboot (#9059, @PannagaRao)

Other (Cleanup or Flake)

  • Change log levels and formats for some iptables logs and klog related logs. (#8883, @bitoku)
  • Changed runtime default masked paths for non privileged containers to:
    • /proc/acpi
    • /proc/asound
    • /proc/interrupts
    • /proc/kcore
    • /proc/keys
    • /proc/latency_stats
    • /proc/sched_debug
    • /proc/scsi
    • /proc/timer_list
    • /proc/timer_stats
    • /sys/devices/system/cpu/cpu/thermal_throttle
    • /sys/devices/virtual/powercap
    • /sys/firmware
    • /sys/fs/selinux (#9069, @saschagrunert)
  • Hostports are now implemented using nftables rather than iptables.
    cri-o now depends on the nft binary being available (and
    does not depend on the iptables binaries being available). (#8684, @danwinship)
  • Improve sync.Map iterators with an implicit call (#8871, @roman-kiselenko)
  • Increased pull-progress-timeout to default to 30s. (#9108, @saschagrunert)
  • Removed exclude_graphdriver_devicemapper build tag usage. (#8994, @saschagrunert)
  • Removed image status info log message for the response, we already provide that information in the debug logs. (#9034, @saschagrunert)
  • Require go 1.24 for build. (#9051, @saschagrunert)
  • Update Packit configuration to remove reference to Fedora 39. (#8898, @buckaroogeek)

Dependencies

Added

  • github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider: v0.14.0
  • github.com/CloudNativeAI/model-spec: v0.0.4
  • github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: v1.26.0
  • github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric: v0.49.0
  • github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping: [v0.49.0](https://github.com/GoogleClo...
Read more

v1.32.4

02 May 10:08
98d1c09
Compare
Choose a tag to compare

CRI-O v1.32.4

The release notes have been generated for the commit range
v1.32.3...v1.32.4 on Fri, 02 May 2025 10:06:39 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.32.4.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.32.4 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.32.4 \
    --signature cri-o.amd64.v1.32.4.tar.gz.sig \
    --certificate cri-o.amd64.v1.32.4.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.32.4.tar.gz
> bom validate -e cri-o.amd64.v1.32.4.tar.gz.spdx -d cri-o

Changelog since v1.32.3

Changes by Kind

Other (Cleanup or Flake)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

v1.31.8

02 May 10:09
cf2e515
Compare
Choose a tag to compare

CRI-O v1.31.8

The release notes have been generated for the commit range
v1.31.7...v1.31.8 on Fri, 02 May 2025 10:06:51 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.v1.31.8.tar.gz \
    --certificate-identity https://github.com/cri-o/cri-o/.github/workflows/test.yml@refs/tags/v1.31.8 \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/cri-o \
    --certificate-github-workflow-ref refs/tags/v1.31.8 \
    --signature cri-o.amd64.v1.31.8.tar.gz.sig \
    --certificate cri-o.amd64.v1.31.8.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.v1.31.8.tar.gz
> bom validate -e cri-o.amd64.v1.31.8.tar.gz.spdx -d cri-o

Changelog since v1.31.7

Changes by Kind

Uncategorized

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载