Skip to content

Upgrade containerd2 to 2.1.6#16665

Open
jykanase wants to merge 4 commits intomicrosoft:3.0-devfrom
Kanishk-Bansal:topic_containerd2-3.0
Open

Upgrade containerd2 to 2.1.6#16665
jykanase wants to merge 4 commits intomicrosoft:3.0-devfrom
Kanishk-Bansal:topic_containerd2-3.0

Conversation

@jykanase
Copy link
Copy Markdown
Contributor

@jykanase jykanase commented Apr 14, 2026
edited by Kanishk-Bansal
Loading

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

  • The toolchain has been rebuilt successfully (or no changes were made to it)
  • The toolchain/worker package manifests are up-to-date
  • Any updated packages successfully build (or no packages were changed)
  • Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
  • Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
  • All package sources are available
  • cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
  • LICENSE-MAP files are up-to-date (./LICENSES-AND-NOTICES/SPECS/data/licenses.json, ./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md, ./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)
  • All source files have up-to-date hashes in the *.signatures.json files
  • sudo make go-tidy-all and sudo make go-test-coverage pass
  • Documentation has been updated to match any changes to the build system
  • Ready to merge
Summary
  • Upgrade containerd2 to 2.1.6
  • containerd2.signatures.json — Update source tarball hash
  • cgmanifest.json — Update version and download URL
  • multi-snapshotters-support.patch — Rebase for 2.1.6
  • fix-credential-leak-in-cri-errors.patch — Modified to keep only patch 2/2 (not yet merged upstream)
  • Removed 9 CVE patches now fixed upstream in 2.1.6:
    • CVE-2024-25621.patch
    • CVE-2024-40635.patch
    • CVE-2024-45338.patch
    • CVE-2025-22872.patch
    • CVE-2025-27144.patch
    • CVE-2025-47291.patch
    • CVE-2025-47911.patch
    • CVE-2025-58190.patch
    • CVE-2025-64329.patch
Change Log
  • Removed 9 CVE patches now fixed upstream in 2.1.6
Does this affect the toolchain?

NO

Associated issues
  • #xxxx
Links to CVEs
Test Methodology
Screenshot 2026-04-14 144433

@jykanase jykanase requested a review from a team as a code owner April 14, 2026 09:35
@microsoft-github-policy-service microsoft-github-policy-service bot added Packaging 3.0-dev PRs Destined for AzureLinux 3.0 labels Apr 14, 2026
@Kanishk-Bansal Kanishk-Bansal changed the title Upgrade containerd2 to 2.1.6 Upgrade containerd2 to 2.1.6 Apr 14, 2026
Kanishk-Bansal
Kanishk-Bansal requested changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@Kanishk-Bansal Kanishk-Bansal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fix the Release: 3%{?dist} to Release: 1%{?dist}

Kanishk-Bansal
Kanishk-Bansal requested changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@Kanishk-Bansal Kanishk-Bansal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

make the patch numbers start from 0

@Kanishk-Bansal Kanishk-Bansal self-requested a review April 14, 2026 09:55
@Kanishk-Bansal
Copy link
Copy Markdown
Contributor

Kanishk-Bansal commented Apr 14, 2026

Full Build

@acortelyou
Copy link
Copy Markdown
Member

acortelyou commented Apr 14, 2026

lgtm, also: #16652

aadhar-agarwal
aadhar-agarwal reviewed Apr 14, 2026
View reviewed changes
Add fix-credential-leak-in-cri-errors patch 2/2 commt
9b246ed 
Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
@Kanishk-Bansal
Copy link
Copy Markdown
Contributor

Kanishk-Bansal commented Apr 14, 2026

Buddy Build

aadhar-agarwal
aadhar-agarwal reviewed Apr 14, 2026
View reviewed changes
aadhar-agarwal
aadhar-agarwal reviewed Apr 14, 2026
View reviewed changes
Fix changelog and commit hash
92786e6 
Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
@Kanishk-Bansal
Copy link
Copy Markdown
Contributor

Kanishk-Bansal commented Apr 14, 2026

Build

cpuguy83
cpuguy83 approved these changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown

@cpuguy83 cpuguy83 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This LGTM but I would recommend updating to 2.1.7 which just came out today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aadhar-agarwal aadhar-agarwal aadhar-agarwal left review comments

@Kanishk-Bansal Kanishk-Bansal Awaiting requested review from Kanishk-Bansal

+2 more reviewers

@acortelyou acortelyou acortelyou left review comments

@cpuguy83 cpuguy83 cpuguy83 approved these changes

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

3.0-dev PRs Destined for AzureLinux 3.0 Packaging

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jykanase @Kanishk-Bansal @acortelyou @cpuguy83 @aadhar-agarwal