Skip to content

[1.4] Release 1.4.0 #5046

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Nov 27, 2025
Merged

[1.4] Release 1.4.0 #5046

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8bd78a9
VERSION: release 1.4.0
lifubang Nov 26, 2025
ead7182
VERSION: back to development
lifubang Nov 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 28 additions & 1 deletion CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased 1.4.z]

## [1.4.0] - 2025-11-27

> 路漫漫其修远兮,吾将上下而求索!
### Deprecated ###
- Deprecate cgroup v1. (#4956)
- Deprecate `CleanPath`, `StripRoot`, `WithProcfd`, and `WithProcfdFile` from
`libcontainer/utils`. (#4985)

### Breaking ###
- The handling of `pids.limit` has been updated to match the newer guidance
from the OCI runtime specification. In particular, now a maximum limit value
Expand All @@ -21,6 +30,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- cgroups: improve `cpuacct.usage_all` resilience when parsing data from
patched kernels (such as the Tencent kernels). (opencontainers/cgroups#46,
opencontainers/cgroups#50)
- libct: close child fds on `prepareCgroupFD` error. (#4936)
- libct: fix mips compilation. (#4962, #4967)
- When configuring a `tmpfs` mount, only set the `mode=` argument if the target
path already existed. This fixes a regression introduced in our
[CVE-2025-52881][] mitigation patches. (#4971, #4976)
- Fix various file descriptor leaks and add additional tests to detect them as
comprehensively as possible. (#5007, #5021, #5034)
- The "hallucination" helpers added as part of the [CVE-2025-52881][]
mitigation have been made more generic and now apply to all of our `pathrs`
helper functions, which should ensure we will not regress dangling symlink
users. (#4985)

### Changed
- libct: switch to `(*CPUSet).Fill`. (#4927)
- docs/spec-conformance.md: update for spec v1.3.0. (#4948)

[CVE-2025-52881]: https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm

## [1.4.0-rc.3] - 2025-11-05

Expand Down Expand Up @@ -1392,7 +1418,8 @@ implementation (libcontainer) is *not* covered by this policy.
[1.3.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.2.0...v1.3.0-rc.1

<!-- 1.4.z patch releases -->
[Unreleased 1.4.z]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.3...release-1.4
[Unreleased 1.4.z]: https://github.com/opencontainers/runc/compare/v1.4.0...release-1.4
[1.4.0]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.3...v1.4.0
[1.4.0-rc.3]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.2...v1.4.0-rc.3
[1.4.0-rc.2]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.1...v1.4.0-rc.2
[1.4.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.3.0...v1.4.0-rc.1
2 changes: 1 addition & 1 deletion VERSION
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.4.0-rc.3+dev
1.4.0+dev