Skip to content

[release/2.2] Prepare release notes for v2.2.4#13457

Merged
samuelkarp merged 1 commit into
containerd:release/2.2from
samuelkarp:prepare-release-2.2.4
May 20, 2026
Merged

[release/2.2] Prepare release notes for v2.2.4#13457
samuelkarp merged 1 commit into
containerd:release/2.2from
samuelkarp:prepare-release-2.2.4

Conversation

@samuelkarp

@samuelkarp samuelkarp commented May 20, 2026

Copy link
Copy Markdown
Member

containerd 2.2.4

Welcome to the v2.2.4 release of containerd!

The fourth patch release for containerd 2.2 contains various fixes
and updates including security patches.

Security Updates

Highlights

Container Runtime Interface (CRI)

  • Use mount manager during image volume processing to support snapshotters that require writable block volumes (e.g., EROFS) (#13242)

Runtime

  • Fix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (#13448)
  • Apply hardening to block AF_ALG in default socket policy (#13408)
  • Fix bugs in sandbox service affecting sandbox creation configuration and event publishing (#13266)
  • Set AppArmor abi conditionally to support versions < 3.0 (#13275)

Snapshotters

  • Disable overlay "rebase" capability when running in a user namespace to fix layer extraction failures (#13393)
  • Support both "volatile" and "fsync=volatile" mount options for volatile snapshotter (#13296)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

  • Wei Fu
  • Akihiro Suda
  • Chris Henzie
  • Paweł Gronowski
  • Samuel Karp
  • Brian Goff
  • Champ-Goblem
  • Chris Chang
  • LEI WANG
  • Phil Estes
  • William Myers

Changes

21 commits

  • oci: return explicit error for out-of-range USER values (#13448)
    • d20c6267b oci: return explicit error for out-of-range USER values
  • seccomp: Block AF_ALG in default socket policy (#13408)
    • db34dc4b4 seccomp: Block AF_ALG in default socket policy
    • 214b141ee seccomp: Document socket rule scope and socketcall limitation
  • update Go to 1.25.10, 1.26.3 (#13375)
  • overlay: disable "rebase" capability when running in UserNS (#13393)
    • 63874d262 overlay: disable "rebase" capability when running in UserNS
  • Support both styles of volatile mount option (#13296)
    • 2c7d48acf Support both styles of volatile mount option
  • Bump go-jose/go-jose to v4.1.4 to fix GHSA-78h2-9frx-2jm8 (#13292)
  • sandbox: forward Create fields, fix event topics (#13266)
    • caa29a741 sandbox: forward Create fields, fix event topics
  • apparmor: Set abi conditionally (#13275)
  • Parameterize K8s version in node-e2e workflow (#13247)
    • f9c34f7b1 Parameterize K8s version in node-e2e workflow
  • cri: use mount manager when image has volumes (#13242)
    • 39dc2a475 cri: use mount manager when image has volumes

Dependency Changes

  • github.com/go-jose/go-jose/v4 v4.1.3 -> v4.1.4

Previous release can be found at v2.2.3

Which file should I download?

  • containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04).
  • containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent.

In addition to containerd, typically you will have to install runc
and CNI plugins from their official sites too.

See also the Getting Started documentation.

Signed-off-by: Samuel Karp <samuelkarp@google.com>
@github-project-automation github-project-automation Bot moved this from Needs Triage to Review In Progress in Pull Request Review May 20, 2026
@samuelkarp samuelkarp merged commit 193637f into containerd:release/2.2 May 20, 2026
118 of 129 checks passed
@github-project-automation github-project-automation Bot moved this from Review In Progress to Done in Pull Request Review May 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

Archived in project

Development

Successfully merging this pull request may close these issues.

4 participants