🎉 欢迎访问本站,如有问题欢迎 留言
Docs
Cncf
Project
Containerd
Containerd V2.0.7 Release Note

来源: https://github.com/containerd/containerd/releases/tag/v2.0.7

containerd/containerd v2.0.7 Release Notes

Published at: 2025-11-06T00:23:48Z

Welcome to the v2.0.7 release of containerd!

The seventh patch release for containerd 2.0 includes various bug fixes and updates.

Security Updates

Highlights

Container Runtime Interface (CRI)

  • Disable event subscriber during task cleanup (#12406)
  • Add SystemdCgroup to default runtime options (#12254)
  • Fix userns with container image VOLUME mounts that need copy (#12241)

Image Distribution

  • Add dial timeout field to hosts toml configuration (#12136)

Runtime

  • Update runc binary to v1.3.3 (#12479)
  • Fix lost container logs from quickly closing io (#12376)
  • Create bootstrap.json with 0644 permission (#12184)
  • Fix pidfd leak in UnshareAfterEnterUserns (#12178)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Austin Vazquez
  • Phil Estes
  • Rodrigo Campos
  • Wei Fu
  • Akihiro Suda
  • Derek McGowan
  • Maksym Pavlenko
  • ningmingxiao
  • Kirtana Ashok
  • Akhil Mohan
  • Andrew Halaney
  • Jin Dong
  • Jose Fernandez
  • Mike Baynton
  • Philip Laine
  • Swagat Bora
  • wheat2018

Changes

56 commits

  • Prepare release notes for v2.0.7 (#12482)
  • Update runc binary to v1.3.3 (#12479)
  • ci: bump Go 1.24.9; 1.25.3 (#12361)
    • 5e9c82178 Update GHA runners to use latest images for basic binaries build
    • 7f59248dc Update GHA runners to use latest image for most jobs
    • e1373e8a8 ci: bump Go 1.24.9, 1.25.3
    • e1a910a6a ci: bump Go 1.24.8; 1.25.2
    • fd04b7f17 move exclude-dirs to issues.exclude-dirs
    • b49377975 update golangci-lint to v1.64.2
    • 6e45022a1 build(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.5.0
    • 09ce0f2a1 build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.2
    • de63a740b build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0
  • Fix lost container logs from quickly closing io (#12376)
    • f953ee8a3 bugfix:fix container logs lost because io close too quickly
  • CI: update Fedora to 43 (#12448)
  • Disable event subscriber during task cleanup (#12406)
    • 2a2329cbd cri/server/podsandbox: disable event subscriber
  • CI: skip ubuntu-24.04-arm on private repos (#12428)
    • dfb954743 CI: skip ubuntu-24.04-arm on private repos
  • Remove additional fuzzers from instrumentation repo (#12420)
  • runc:Update runc binary to v1.3.1 (#12275)
  • Add SystemdCgroup to default runtime options (#12254)
    • 427cdd06c add SystemdCgroup to default runtime options
  • install-runhcs-shim: fetch target commit instead of tags (#12255)
    • 0b35e19fb install-runhcs-shim: fetch target commit instead of tags
  • Fix userns with container image VOLUME mounts that need copy (#12241)
    • 3212afc2f integration: Add test for directives with userns
    • b855c6e10 cri: Fix userns with Dockerfile VOLUME mounts that need copy
  • Fix overlayfs issues related to user namespace (#12223)
    • 05c0c99f4 core/mount: Retry unmounting idmapped directories
    • afdede4ce core/mount: Test cleanup of DoPrepareIDMappedOverlay()
    • 47205f814 core/mount: Properly cleanup on doPrepareIDMappedOverlay errors
    • 6f4abd970 core/mount: Don’t call nil function on errors
    • a2f0d65d7 core/mount: Only idmap once per overlayfs, not per layer
    • 1c32accd7 Make ovl idmap mounts read-only
  • ci: bump Go 1.23.12, 1.24.6 (#12187)
  • Create bootstrap.json with 0644 permission (#12184)
    • 009622e04 fix: create bootstrap.json with 0644 permission
  • Fix pidfd leak in UnshareAfterEnterUserns (#12178)
    • 5bec0a332 sys: fix pidfd leak in UnshareAfterEnterUserns
  • Fix windows test failures (#12120)
    • 2a2488131 Fix intermittent test failures on Windows CIs
    • 018470948 Remove WS2025 from CIs due to regression
  • Add dial timeout field to hosts toml configuration (#12136)
    • b50cbbc98 Add dial timeout field to hosts toml configuration

Dependency Changes

This release has no dependency changes

Previous release can be found at v2.0.6

Which file should I download?

  • containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.31 (Ubuntu 20.04).
  • containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on non-glibc Linux distributions. Not position-independent.

In addition to containerd, typically you will have to install runc and CNI plugins from their official sites too.

See also the Getting Started documentation.

Containerd V2.0.6 Release NoteContainerd V2.1.0 Release Note