🎉 欢迎访问本站,如有问题欢迎 留言
Docs
Cncf
Project
Containerd
Containerd V2.3.1 Release Note

来源: https://github.com/containerd/containerd/releases/tag/v2.3.1

containerd/containerd v2.3.1 Release Notes

Published at: 2026-05-20T20:46:56Z

Welcome to the v2.3.1 release of containerd!

The first patch release for containerd 2.3 contains various fixes and improvements.

Security Updates

Highlights

  • Fix bug where failed gRPC plugins were not tolerated when starting listeners (#13390)

Image Storage

  • Ensure metadata and mount plugin boltdb files are closed on server shutdown (#13379)

Runtime

  • Fix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (#13447)
  • Fix sandbox task API endpoints for non-runc runtimes and deprecate task fields in Runc options (#13422)
  • Apply hardening to default seccomp socket policy by blocking AF_ALG (#13409)

Snapshotters

  • Disable overlayfs “rebase” capability when running in user namespace (#13394)
  • Fix transfer plugin error when EROFS differ is configured but mkfs.erofs is unavailable (#13364)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Maksym Pavlenko
  • Akihiro Suda
  • Derek McGowan
  • Paweł Gronowski
  • Brian Goff
  • Austin Vazquez
  • LEI WANG
  • Samuel Karp

Changes

24 commits

  • Prepare release notes for v2.3.1 (#13405)
  • oci: return explicit error for out-of-range USER values (#13447)
    • a05ae7885 oci: return explicit error for out-of-range USER values
  • Prepare release notes for api/v1.11.1 (#13444)
    • da7aef299 Prepare release notes for api/v1.11.1
  • Fix sandbox task API endpoints for non-runc runtimes (#13422)
    • 5282d4e09 Wire task address and version fields
    • e44f5f9ec protos: include task API address to CreateTaskRequest
  • seccomp: Block AF_ALG in default socket policy (#13409)
    • 4d80a31bf seccomp: Block AF_ALG in default socket policy
    • 2ed0d97b6 seccomp: Document socket rule scope and socketcall limitation
  • server: tolerate failed gRPC plugins when starting listeners (#13390)
    • 3a88fdde0 server: tolerate failed gRPC plugins when starting listeners
  • overlay: disable “rebase” capability when running in UserNS (#13394)
    • 2be0710b8 overlay: disable “rebase” capability when running in UserNS
  • Update Go to 1.26.3 (#13374)
  • fix: close boltdb on metadata and mount plugin close (#13379)
    • 1d601271a fix: close boltdb on metadata and mount plugin close
  • Fix optional EROFS differ setup in transfer plugin (#13364)
    • d666d2e42 Refactor transfer unpack configuration setup
    • ccc3bd7b9 Fix optional transfer differ setup

Dependency Changes

  • github.com/containerd/containerd/api v1.11.0 -> v1.11.1

Previous release can be found at v2.3.0

Which file should I download?

  • containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04).
  • containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent.

In addition to containerd, typically you will have to install runc and CNI plugins from their official sites too.

See also the Getting Started documentation.

Containerd V2.2.5 Release NoteContainerd V2.3.2 Release Note