🎉 欢迎访问本站,如有问题欢迎 留言
Docs
Cncf
Project
Containerd
Containerd V2.0.9 Release Note

来源: https://github.com/containerd/containerd/releases/tag/v2.0.9

containerd/containerd v2.0.9 Release Notes

Published at: 2026-05-20T22:25:01Z

Welcome to the v2.0.9 release of containerd!

The ninth patch release for containerd 2.0 includes various bug fixes and updates, including a security fix.

  • containerd

  • Ensure container exit events are not lost during containerd restart (#11633)

  • Apply hardening to avoid TOCTOU race in tar extraction (#13237)

  • Fix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (#13449)

  • Apply hardening to block AF_ALG in default socket policy (#13407)

  • Support both “volatile” and “fsync=volatile” mount options for volatile snapshotter (#13298)

  • Fix bugs in sandbox service affecting sandbox creation configuration and event publishing (#13271)

  • Set AppArmor abi conditionally to support versions < 3.0 (#13277)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

  • Samuel Karp
  • Chris Henzie
  • Maksym Pavlenko
  • Paweł Gronowski
  • Wei Fu
  • Brian Goff
  • LEI WANG
  • Shachar Tal
  • William Myers
  • ningmingxiao
18 commits

  • 2da65b8bd Prepare release notes for v2.0.9
  • oci: return explicit error for out-of-range USER values (#13449)
    • 1a3d1c85e oci: return explicit error for out-of-range USER values
  • seccomp: Block AF_ALG in default socket policy (#13407)
    • fa2a97505 seccomp: Block AF_ALG in default socket policy
    • 4b2b07879 seccomp: Document socket rule scope and socketcall limitation
  • Support both styles of volatile mount option (#13298)
    • ea56c9605 Support both styles of volatile mount option
  • backport: sandbox: forward Create fields, fix event topics (#13271)
    • 3d34dc820 sandbox: forward Create fields, fix event topics
  • apparmor: Set abi conditionally (#13277)
  • Add GitHub Action for k8s node e2e tests (#13257)
    • 3e9c4d1e0 Add GitHub Action for k8s node e2e tests
  • Fix TOCTOU race bug in tar extraction (#13237)
    • cf73e6873 Fix TOCTOU race bug in tar extraction
  • cri:fix lost container exit events if they arrive before info is cached (#11633)
    • 2320b319e cri:fix lost container exit events if they arrive before info is cached

This release has no dependency changes

Previous release can be found at v2.0.8

  • containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
  • containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install runc and CNI plugins from their official sites too.

See also the Getting Started documentation.

Containerd V2.0.7 Release NoteContainerd V2.1.0 Release Note