containerd/containerd v1.7.32 Release Notes

Published at: 2026-05-20T21:30:57Z

Welcome to the v1.7.32 release of containerd!

The thirty-second patch release for containerd 1.7 contains various fixes and updates including a security patch.

containerd
- CVE-2026-46680
Allow hosts.toml to contain only root-level fields without an explicit [host] section (#10028)
Fix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (#13450)
Apply hardening to block AF_ALG in default socket policy (#13406)
Support both “volatile” and “fsync=volatile” mount options for volatile snapshotter (#13299)
Set AppArmor abi conditionally to support versions < 3.0 (#13273)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

17 commits

bc87d865c Prepare release notes for v1.7.32
oci: return explicit error for out-of-range USER values (#13450)
- 503f47946 oci: return explicit error for out-of-range USER values
seccomp: Block AF_ALG in default socket policy (#13406)
- e55b747d3 seccomp: Block AF_ALG in default socket policy
- 4627a65f8 seccomp: Document socket rule scope and socketcall limitation
Fix issue with empty host tree in hosts.toml (#10028)
- 24007441d Fix error parsing hosts.toml without any host tree
Support both styles of volatile mount option (#13299)
- 940733149 Support both styles of volatile mount option
apparmor: Set abi conditionally (#13273)
- 2b732c892 apparmor: Set abi conditionally
Add GitHub Action for k8s node e2e tests (#13258)
- 0db1e143a Add GitHub Action for k8s node e2e tests
Update release process after 1.7 (#13236)
- 3223a75c2 Update for latest updates to release tool
- 1b30082eb Update release process after 1.7

This release has no dependency changes

Previous release can be found at v1.7.31