Tags: jxyang/containerd
Tags
containerd 1.6.1 Welcome to the v1.6.1 release of containerd! The first patch release for containerd 1.6 includes a fix for [CVE-2022-23648](GHSA-crp2-qrr5-8pq7) and other issues. ### Notable Updates * **Use fs.RootPath when mounting volumes** ([GHSA-crp2-qrr5-8pq7](GHSA-crp2-qrr5-8pq7)) * **Return init pid when clean dead shim in runc.v1/v2 shims** ([containerd#6572](containerd#6572)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Jeff Zvier * Maksym Pavlenko * Wei Fu * ruiwen-zhao ### Changes <details><summary>7 commits</summary> <p> * [release/1.6] Prepare release notes for v1.6.1 ([containerd#6607](containerd#6607)) * Prepare release notes for v1.6.1 * Github Security Advisory [GHSA-crp2-qrr5-8pq7](GHSA-crp2-qrr5-8pq7) * Use fs.RootPath when mounting volumes * [release/1.6] runc.v1/v2: return init pid when clean dead shim ([containerd#6572](containerd#6572)) * containerd-shim-runc-v1: return init pid when clean dead shim * containerd-shim-runc-v2: return init pid when clean dead shim </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.6.0](https://github.com/containerd/containerd/releases/tag/v1.6.0)
containerd 1.5.10 Welcome to the v1.5.10 release of containerd! The tenth patch release for containerd 1.5 includes a fix for [CVE-2022-23648](GHSA-crp2-qrr5-8pq7) and other issues. ### Notable Updates * **Use fs.RootPath when mounting volumes** ([GHSA-crp2-qrr5-8pq7](GHSA-crp2-qrr5-8pq7)) * **Return init pid when clean dead shim in runc.v1/v2 shims** ([containerd#6570](containerd#6570)) * **Handle sigint/sigterm in shimv2** ([containerd#6509](containerd#6509)) * **Use readonly mount to read user/group info** ([containerd#6503](containerd#6503)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Wei Fu * Sebastiaan van Stijn * Phil Estes * Alexander Minbaev * Brian Goff * Daniel Canter * David Porter * Kazuyoshi Kato * Maksym Pavlenko * ruiwen-zhao ### Changes <details><summary>22 commits</summary> <p> * [release/1.5] Prepare release notes for v1.5.10 ([containerd#6606](containerd#6606)) * Prepare release notes for v1.5.10 * Github Security Advisory [GHSA-crp2-qrr5-8pq7](GHSA-crp2-qrr5-8pq7) * Use fs.RootPath when mounting volumes * [release/1.5] runc.v1/v2: return init pid when clean dead shim ([containerd#6570](containerd#6570)) * runc.v1/v2: return init pid when clean dead shim * [release/1.5] Update Go to 1.16.14 ([containerd#6556](containerd#6556)) * [release/1.5] Update Go to 1.16.14 * Wait for containerd installation in GCE scripts [1.5 backport] ([containerd#6552](containerd#6552)) * Wait for containerd installation in GCE scripts * [release/1.5] shimv2: handle sigint/sigterm ([containerd#6509](containerd#6509)) * shimv2: handle sigint/sigterm * [release/1.5] Update Go to 1.16.13 ([containerd#6526](containerd#6526)) * [release/1.5] Update Go to 1.16.13 * [release/1.5 backport] GHA fixes, update GolangCI-Lint v1.42.0, and go-mdman v2.0.1 ([containerd#6511](containerd#6511)) * script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0 * Fix Linux CI Linter using go 1.15.14 * Update cpuguy83/go-md2man binary to v2.0.1 * [release/1.5] oci: use readonly mount to read user/group info ([containerd#6503](containerd#6503)) * oci: use readonly mount to read user/group info * [release/1.5] add-list-stat: return container list if filter is nil ([containerd#6466](containerd#6466)) * add-list-stat: return container list if filter is nil </p> </details> ### Dependency Changes This release has no dependency changes Previous release can be found at [v1.5.9](https://github.com/containerd/containerd/releases/tag/v1.5.9)
containerd 1.4.13 Welcome to the v1.4.13 release of containerd! The thirteenth patch release for containerd 1.4 is a security release to address [CVE-2022-23648](GHSA-crp2-qrr5-8pq7). ### Notable Updates * **Use fs.RootPath when mounting volumes** ([GHSA-crp2-qrr5-8pq7](GHSA-crp2-qrr5-8pq7)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. ### Contributors * Derek McGowan * Sebastiaan van Stijn * Phil Estes * Akihiro Suda * David Porter * Kazuyoshi Kato * Michael Crosby ### Changes <details><summary>17 commits</summary> <p> * Github Security Advisory [GHSA-crp2-qrr5-8pq7](GHSA-crp2-qrr5-8pq7) * Prepare release notes for v1.4.13 * Use fs.RootPath when mounting volumes * [release/1.4] backport: Wait for containerd installation in GCE scripts ([containerd#6553](containerd#6553)) * Wait for containerd installation in GCE scripts * [release/1.4] Update Go to 1.16.14 ([containerd#6527](containerd#6527)) * Do not use `go get` to install executables * [release/1.4] update Go to 1.16.14 * [release/1.4] Update Go to 1.16.13 * [release/1.4] vendor: github.com/opencontainers/image-spec v1.0.2 ([containerd#6265](containerd#6265)) * [release/1.4] vendor: github.com/opencontainers/image-spec v1.0.2 * [release/1.4] Update Go to 1.16.12 ([containerd#6368](containerd#6368)) * [release/1.4] Update Go to 1.16.12 * [release/1.4] update runc binary to v1.0.3 ([containerd#6344](containerd#6344)) * update runc binary to v1.0.3 * [release/1.4] Update Go to 1.16.11 ([containerd#6335](containerd#6335)) * [release/1.4] Update Go to 1.16.11 </p> </details> ### Changes from containerd/cri <details><summary>4 commits</summary> <p> * [release/1.4] Use fs.RootPath when mounting volumes ([containerd#1655](containerd/cri#1655)) * Use fs.RootPath when mounting volumes * [release/1.4] update Go 1.15.14 (to match containerd) ([containerd#1645](containerd/cri#1645)) * [release/1.4] update Go 1.15.14 (to match containerd) </p> </details> ### Dependency Changes * **github.com/containerd/cri** 3b02bec16031 -> 8f1a8a1fb9eb * **github.com/opencontainers/image-spec** v1.0.1 -> v1.0.2 Previous release can be found at [v1.4.12](https://github.com/containerd/containerd/releases/tag/v1.4.12)
containerd 1.6.0
Welcome to the v1.6.0 release of containerd!
The seventh major release of containerd includes many improvements and added
support to increase overall compatibility and stability.
### Highlights
#### Runtime
* **Add runtime label to metrics** ([#5744](https://github.com/containerd/containerd/pull/5744))
* **Cleanup task delete logic in v2 shim** ([#5813](https://github.com/containerd/containerd/pull/5813))
* **Add support for shim plugins** ([#5817](https://github.com/containerd/containerd/pull/5817))
* **Handle sigint and sigterm in shimv2** ([#5828](https://github.com/containerd/containerd/pull/5828))
* **Decouple shim and task manager** ([#5918](https://github.com/containerd/containerd/pull/5918))
* **Add runc shim support for core scheduling** ([#6011](https://github.com/containerd/containerd/pull/6011))
* **Update shim client connect attempt to fail fast when shim errors** ([#6031](https://github.com/containerd/containerd/pull/6031))
* **Add support for absolute path to shim binaries** ([#6206](https://github.com/containerd/containerd/pull/6206))
* **Update runc to v1.1.0** ([#6375](https://github.com/containerd/containerd/pull/6375))
#### Windows
* **Add support for Windows HostProcess containers** ([#5131](https://github.com/containerd/containerd/pull/5131))
* **Add support for Windows resource limits** ([#5778](https://github.com/containerd/containerd/pull/5778))
#### CRI
* **Add CNI configuration based on runtime class** ([#4695](https://github.com/containerd/containerd/pull/4695))
* **Add support for Intel RDT** ([#5439](https://github.com/containerd/containerd/pull/5439))
* **Add support for CRI v1 and v1alpha in parallel** ([#5619](https://github.com/containerd/containerd/pull/5619))
* **Add support for unified resources field for cgroups v2** ([#5627](https://github.com/containerd/containerd/pull/5627))
* **Add IP preference configuration for reporting pod IP** ([#5964](https://github.com/containerd/containerd/pull/5964))
* **Implement new CRI pod sandbox stats API** ([#6113](https://github.com/containerd/containerd/pull/6113))
* **Add sandbox and container latency metrics** ([#6111](https://github.com/containerd/containerd/pull/6111))
* **Add namespace to ttrpc and grpc plugin connections** ([#6130](https://github.com/containerd/containerd/pull/6130))
* **Add option to allow ping sockets and privileged ports with no capabilities** ([#6170](https://github.com/containerd/containerd/pull/6170))
* **Add support for configuring swap** ([#6320](https://github.com/containerd/containerd/pull/6320))
#### Other
* **Add support for client TLS Auth for grpc** ([#5606](https://github.com/containerd/containerd/pull/5606))
* **Add xfs support for devicemapper snapshotter** ([#5610](https://github.com/containerd/containerd/pull/5610))
* **Add metric exposing build version and revision** ([#5965](https://github.com/containerd/containerd/pull/5965))
* **Add support for custom fs options in devmapper snapshotter** ([#6122](https://github.com/containerd/containerd/pull/6122))
* **Update introspection service to show GRPC plugins** ([#6432](https://github.com/containerd/containerd/pull/6432))
#### Client
* **Allow WithServices to use custom implementations** ([#5709](https://github.com/containerd/containerd/pull/5709))
* **Support custom compressor for walking differ** ([#5735](https://github.com/containerd/containerd/pull/5735))
### Release Updates
#### containerd/CNI/runc/critools tar bundle
The tar bundles released as `cri-containerd-*.tar.gz` contain a build of runc
linked with a newer version of libseccomp. This dynamically-linked build of runc
was built on Ubuntu 18.04 and will not work on some other distributions, such as
RHEL 7 and Debian 10. Users of such distributions may get a statically-linked
runc binary from https://github.com/opencontainers/runc/releases or build runc
for their own environment.
> **_Deprecation_** These tar bundles are now deprecated and will be removed or
> replaced in containerd 2.0. Projects relying on these tar bundles should use
> the `containerd-*.tar.gz` bundles or work with the containerd community on a
> suitable replacement in containerd 2.0.
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
### Contributors
* Derek McGowan
* Phil Estes
* Akihiro Suda
* Wei Fu
* Maksym Pavlenko
* Sebastiaan van Stijn
* Michael Crosby
* Kazuyoshi Kato
* Mike Brown
* Claudiu Belu
* Daniel Canter
* Gabriel Adrian Samfira
* haoyun
* Brian Goff
* Stefan Berger
* zounengren
* AdamKorcz
* Adelina Tuvenie
* Kohei Tokunaga
* Davanum Srinivas
* Nashwan Azhari
* Samuel Karp
* Shiming Zhang
* Markus Lehtonen
* Enrico Weigelt, metux IT consult
* Alakesh Haloi
* Hajime Tazaki
* Iceber Gu
* Kevin Parsons
* Aditi Sharma
* David Porter
* Jeremi Piotrowski
* Gijs Peskens
* ningmingxiao
* Brandon Lum
* Cody Roseborough
* Danielle Lancashire
* Eric Ernst
* Jacob MacElroy
* Tõnis Tiigi
* dependabot[bot]
* wanglei
* Alexandre Peixoto Ferreira
* Fabiano Fidêncio
* Furkan Türkal
* Jiaming Xu
* Kir Kolyshkin
* Miao Wang
* Neil Johnson
* Paul "TBBle" Hampson
* Priyanka Saggu
* Romain Aviolat
* Samuel Ortiz
* Sunghoon Kang
* Takumasa Sakao
* Tobias Klauser
* Zhiyu Li
* ye.sijun
* Alexander Minbaev
* Alexey Ivanov
* Andrey Smirnov
* Artem Khramov
* Aurelien Lun-Sin
* Ben Hutchings
* Cory Bennett
* Da McGrady
* Dan Williams
* Eng Zer Jun
* Ethan Chen
* Fupan Li
* Gaurav Gahlot
* Gunju Kim
* Henry Wang
* Jacob Blain Christen
* James Gordon
* James Sturtevant
* Jan Klippel
* Jayme Howard
* Jiajun Jiang
* Jintao Zhang
* Justin Terry
* Kaijie Chen
* Kante
* Kern Walster
* Kitt Hsu
* Lantao Liu
* Ma Xinjian
* Manabu Sugimoto
* Manuel Alejandro de Brito Fontes
* Mark Rossetti
* Markus Lippert
* Mete Durlu
* Michael Zappa
* Mikko Ylinen
* Ng Yang
* Nicolas Chariglione
* Ning Li
* Olli Janatuinen
* Peri Thompson
* Quan Tian
* Radostin Stoyanov
* Rui Lopes
* Sambhav Kothari
* Sebastian Hasler
* Sergey Kanzhelev
* Shuntaro Azuma
* Sören Tempel
* Yang Yang
* Yifan Yuan
* Zilong Wang
* Zufar Dhiyaulhaq
* botieking98
* chenxiaoyu
* jayonlau
* jerryzhuang
* linrunlong
* scuzhanglei
* wangzhan
* Étienne Guesnet
### Changes
<details><summary>1059 commits</summary>
<p>
* Prepare release notes for v1.6.0 ([#6531](https://github.com/containerd/containerd/pull/6531))
* Prepare release notes for v1.6.0
* Update Go to 1.16.14, 1.17.7 ([#6555](https://github.com/containerd/containerd/pull/6555))
* Update Go to 1.16.14, 1.17.7
* Change the context to avoid misunderstandings in architecture.md. ([#6533](https://github.com/containerd/containerd/pull/6533))
* Change the context to avoid misunderstandings
* Update go-cni to v1.1.3 ([#6543](https://github.com/containerd/containerd/pull/6543))
* Update go-cni to v1.1.3
* Update go-cni to v1.1.2
* Wait for containerd installation in GCE scripts ([#6544](https://github.com/containerd/containerd/pull/6544))
* Wait for containerd installation in GCE scripts
* Enable TestContainerPTY and TestContainerUsername ([#6540](https://github.com/containerd/containerd/pull/6540))
* Enable TestContainerPTY and TestContainerUsername
* Update BUILDING.md ([#6500](https://github.com/containerd/containerd/pull/6500))
* Add instructions on using go with admin perms
* Prepare release notes for v1.6.0-rc.4 ([#6537](https://github.com/containerd/containerd/pull/6537))
* Prepare release notes for v1.6.0-rc.4
* Change file name for shim binary path ([#6536](https://github.com/containerd/containerd/pull/6536))
* Change file name for shim binary path
* containerd-stress: introduce option for specifying image ([#6532](https://github.com/containerd/containerd/pull/6532))
* containerd-stress: introduce option for specifying image
* Prepare release notes for v1.6.0-rc.3 ([#6524](https://github.com/containerd/containerd/pull/6524))
* Prepare release notes for v1.6.0-rc.3
* Use white logo in github dark mode ([#6529](https://github.com/containerd/containerd/pull/6529))
* Use white logo in github dark mode
* cri: fix handling of ignore_rdt_not_enabled_errors config option ([#6514](https://github.com/containerd/containerd/pull/6514))
* cri: fix handling of ignore_rdt_not_enabled_errors config option
* pkg/oom/v2: handle EventChan routine shutdown quietly ([#6504](https://github.com/containerd/containerd/pull/6504))
* pkg/oom/v2: handle EventChan routine shutdown quietly
* fix: .dockerignore make git working tree dirty ([#6523](https://github.com/containerd/containerd/pull/6523))
* fix: .dockerignore makes git working tree dirty
* containerd-stress: start task ctr before starting execs ([#6518](https://github.com/containerd/containerd/pull/6518))
* containerd-stress: start task ctr before starting execs
* Document fs_type and fs_options in snapshots/devmapper/README.md ([#6501](https://github.com/containerd/containerd/pull/6501))
* Document fs_type and fs_options in snapshots/devmapper/README.md
* docs: add Talos Linux to the list of adopters ([#6510](https://github.com/containerd/containerd/pull/6510))
* docs: add Talos Linux to the list of adopters
* Prepare 1.6.0-rc.2 ([#6502](https://github.com/containerd/containerd/pull/6502))
* Prepare release notes for v1.6.0-rc.2
* Update releases document
* platforms.Normalize(): do not reset OSVersion and OSFeatures ([#6497](https://github.com/containerd/containerd/pull/6497))
* platforms.Normalize(): do not reset OSVersion and OSFeatures
* tracing: use OTLP/HTTP in addition to OTLP/gRPC ([#6457](https://github.com/containerd/containerd/pull/6457))
* tracing: return (ctx, span) from StartSpan
* tracing: support OTLP/HTTP in addition to gRPC
* Update cgroups to v1.0.3 ([#6498](https://github.com/containerd/containerd/pull/6498))
* Update cgroups to v1.0.3
* seccomp: kernel 5.11 -> 5.16 ([#6494](https://github.com/containerd/containerd/pull/6494))
* seccomp: kernel 5.16 (futex_waitv)
* seccomp: kernel 5.15 (process_mrelease)
* seccomp: kernel 5.14 (quotactl_fd, memfd_secret)
* seccomp: kernel 5.13 (landlock_{add_rule,create_ruleset,restrict_self})
* seccomp: kernel 5.12 (mount_setattr)
* remotes: fix dockerPusher to handle abort correctly ([#6243](https://github.com/containerd/containerd/pull/6243))
* remotes: fix dockerPusher to handle abort correctly
* seccomp: add support for "swapcontext" syscall in default policy ([#6411](https://github.com/containerd/containerd/pull/6411))
* seccomp: add support for "swapcontext" syscall in default policy
* oci: use readonly mount to read user/group info ([#6478](https://github.com/containerd/containerd/pull/6478))
* oci: use readonly mount to read user/group info
* Fix possibly incorrect media type default on import ([#6475](https://github.com/containerd/containerd/pull/6475))
* Fix possibly incorrect media type default on import
* shimv2: handle sigint/sigterm ([#5828](https://github.com/containerd/containerd/pull/5828))
* shimv2: handle sigint/sigterm
* Fix acr fetch token 400 ([#6481](https://github.com/containerd/containerd/pull/6481))
* fix acr fetch token 400
* platforms: add support for matching amd64 variants ([#6455](https://github.com/containerd/containerd/pull/6455))
* platforms: add support for matching amd64 variants
* Fix windows periodic workflow ([#6476](https://github.com/containerd/containerd/pull/6476))
* Fix windows periodic workflow
* docs: add doc-comments on GC-related methods ([#6473](https://github.com/containerd/containerd/pull/6473))
* docs: add doc-comments on GC-related methods
* fix: should not send 137 code event if cmd is notfound ([#6465](https://github.com/containerd/containerd/pull/6465))
* fix: should not send 137 code event if cmd is notfound
* Fix empty scopes return ([#6463](https://github.com/containerd/containerd/pull/6463))
* fix empty scopes return
* Prepare release notes for v1.6.0-rc.1 ([#6462](https://github.com/containerd/containerd/pull/6462))
* Prepare release notes for v1.6.0-rc.1
* Add support for skipping non-dist blob push ([#6424](https://github.com/containerd/containerd/pull/6424))
* ctr: flag to toggle non-distributable blob push
* Add image handler to skip non-distributable blobs.
* Compile binaries for go1.16 and go1.17 in CI ([#6461](https://github.com/containerd/containerd/pull/6461))
* Compile binaries for go1.16 and go1.17 in CI
* services/introspection: fix plugin caching to show grpc plugins ([#6432](https://github.com/containerd/containerd/pull/6432))
* Update caching logic to avoid map access
* services/introspection: support to show introspection grpc service
* Integration: Change to Windows Server 2022 build number constant ([#6458](https://github.com/containerd/containerd/pull/6458))
* Integration: Change to Windows Server 2022 build number constant
* Update kubernetes vendor to 0.22.5 ([#6460](https://github.com/containerd/containerd/pull/6460))
* Update kubernetes vendor to 0.22.5
* Fix rdt build tags for go 1.16 ([#6459](https://github.com/containerd/containerd/pull/6459))
* Fix rdt build tags for go 1.16
* Remove submodule go mod ([#6439](https://github.com/containerd/containerd/pull/6439))
* Remove api go submodule
* Update makefile to remove API submodule
* go.mod: Update hcsshim to v0.9.2 ([#6453](https://github.com/containerd/containerd/pull/6453))
* go.mod: Update hcsshim to v0.9.2
* update runc to v1.1.0 ([#6375](https://github.com/containerd/containerd/pull/6375))
* go.mod: github.com/opencontainers/runc v1.1.0
* update runc binary to v1.1.0
* tracing: fix OTLP tracer's initialization ([#6443](https://github.com/containerd/containerd/pull/6443))
* tracing: fix OTLP tracer's initialization
* gha: run CodeQL scan on pull requests ([#6386](https://github.com/containerd/containerd/pull/6386))
* gha: run CodeQL scan on pull requests
* Do not automatically inject client traces ([#6445](https://github.com/containerd/containerd/pull/6445))
* Do not automatically inject client traces
* [containerd-stress] delete useless code ([#6451](https://github.com/containerd/containerd/pull/6451))
* delete useless code
* Revert "Add shared content label to namespaces" ([#6440](https://github.com/containerd/containerd/pull/6440))
* Revert "Add shared content label to namespaces"
* Add ppc64 support for test images ([#6435](https://github.com/containerd/containerd/pull/6435))
* Add ppc64 support for test images
* ctr: Unify the delete subcommand alias ([#6427](https://github.com/containerd/containerd/pull/6427))
* ctr: Unify the delete subcommand alias
* Prepare release notes for v1.6.0-rc.0 ([#6431](https://github.com/containerd/containerd/pull/6431))
* Prepare release notes for v1.6.0-rc.0
* Integration: Switch to using `auth` Gcloud action in Windows workflow. ([#6397](https://github.com/containerd/containerd/pull/6397))
* Integration: Switch to `upload-cloud-storage` Gcloud action.
* Integration: Switch to using `auth` Gcloud action in Windows workflow.
* remove io/ioutil ([#6426](https://github.com/containerd/containerd/pull/6426))
* remove io/ioutil
* test: e2e node COS cgroupv2 script ([#6418](https://github.com/containerd/containerd/pull/6418))
* test: e2e node COS cgroupv2 script
* Integration: Enable CRITest on Windows 2022. ([#6378](https://github.com/containerd/containerd/pull/6378))
* Enable critest tests on Windows Server 2022.
* Parametrize CRITest test images in Windows Periodic workflow.
* Update error message for apparmor parser ([#6415](https://github.com/containerd/containerd/pull/6415))
* Update error message for apparmor parser
* Fix wrong log message ([#6419](https://github.com/containerd/containerd/pull/6419))
* Fix wrong log message
* Followup errors change ([#6414](https://github.com/containerd/containerd/pull/6414))
* Fix incorrect error wrapped when closing ingest file
* Fix seek error used without nil check
* Fix followup items from errors replacement
* Updates CRI API & Kubernetes to 1.23 ([#6351](https://github.com/containerd/containerd/pull/6351))
* Update k/k to 1.23.0
* Updating adoption of containerd for AKS ([#6416](https://github.com/containerd/containerd/pull/6416))
* Updating adoption of containerd for AKS
* update the adoption status of containerd in GKE ([#6413](https://github.com/containerd/containerd/pull/6413))
* update the adoption status of containerd in GKE
* go.mod: update github.com/containerd/{continuity,go-cni,imgcrypt} ([#6410](https://github.com/containerd/containerd/pull/6410))
* go.mod: update github.com/containerd/{continuity,go-cni,imgcrypt}
* replace github.com/pkg/errors with native errors ([#6366](https://github.com/containerd/containerd/pull/6366))
* feat: replace github.com/pkg/errors to errors
* corrected link in cri architecture documentation ([#6412](https://github.com/containerd/containerd/pull/6412))
* corrected link in cri architecture documentation
* remotes/docker: allow fetching "refresh token" (aka "identity token", "offline token") ([#6396](https://github.com/containerd/containerd/pull/6396))
* remotes/docker: allow fetching "refresh token" (aka "identity token")
* remotes/docker/config: allow setting custom AuthorizerOpts
* Prepare release notes for v1.6.0-beta.5 ([#6407](https://github.com/containerd/containerd/pull/6407))
* Prepare release notes for v1.6.0-beta.5
* Integration: Check GCP secrets on Windows CI artifact upload. ([#6292](https://github.com/containerd/containerd/pull/6292))
* Integration: Check GCP secrets on Windows CI artifact upload.
* Github Security Advisory [GHSA-mvff-h3cj-wj9c](https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c)
* only relabel cri managed host mounts
* Add support for Intel RDT ([#5439](https://github.com/containerd/containerd/pull/5439))
* cri: add ignore_rdt_not_enabled_errors config option
* Update dependencies
* cri: annotations for controlling RDT class
* tasks: add Linux rdt support
* cmd: add --rdt-class command line option
* oci: implement WithRdt
* fix: use _ for consistency ([#6391](https://github.com/containerd/containerd/pull/6391))
* fix: use _ for consistency
* content/local: use syscall.Timespec.Unix ([#6403](https://github.com/containerd/containerd/pull/6403))
* content/local: use syscall.Timespec.Unix
* docs: improve plugin documentation ([#6207](https://github.com/containerd/containerd/pull/6207))
* docs: document the runtime shim plugin config options
* docs: use proper markdown lists in containerd-config.toml.5.md
* fix(ctr): enable networking for Windows containers ([#6304](https://github.com/containerd/containerd/pull/6304))
* fix(ctr): enable networking for Windows containers
* Fix $(PWD) issue for Windows makefile ([#6394](https://github.com/containerd/containerd/pull/6394))
* Fix $(PWD) issue for Windows makefile
* only test abstract uds on linux ([#6395](https://github.com/containerd/containerd/pull/6395))
* fix: only test abstract unix socket on linux
* Fix restart container test ([#6390](https://github.com/containerd/containerd/pull/6390))
* Expect ErrorNotFound on Windows after Kill()
* Replace tskill with taskkill
* fix when kernel version < 4.13rc1 by using index=off cause test error ([#6291](https://github.com/containerd/containerd/pull/6291))
* fix when kernel version < 4.13rc1 by using index=off cause overlay test error
* Fix no-daemon flag for integration/client tests ([#6384](https://github.com/containerd/containerd/pull/6384))
* Fix no-daemon flag for integration/client tests
* Enable lazy init for ext4 with devicemapper ([#6122](https://github.com/containerd/containerd/pull/6122))
* Enable lazy init for ext4 with devicemapper
* Fix flakiness on Windows for list stats ([#6385](https://github.com/containerd/containerd/pull/6385))
* Fix flakiness on Windows for list stats
* cri-integration: Add Windows defaults and fix spaces issue ([#6347](https://github.com/containerd/containerd/pull/6347))
* cri-integration: Add Windows default paths
* Upgrade OpenTelemetry dependencies ([#6383](https://github.com/containerd/containerd/pull/6383))
* Upgrade k8s.io/klog/v2 from 2.9.0 to 2.20.0
* Use insecure.NewCredentials instead of grpc.WithInsecure
* Upgrade OpenTelemetry dependencies
* Fix default makefile target for windows ([#6322](https://github.com/containerd/containerd/pull/6322))
* Fix default makefile target for windows
* Disable TestContainerHook on Windows ([#6379](https://github.com/containerd/containerd/pull/6379))
* Disable TestContainerHook on Windows
* seutil: Fix setting the "container_kvm_t" label ([#6372](https://github.com/containerd/containerd/pull/6372))
* seutil: Fix setting the "container_kvm_t" label
* Remove Windows integration testing for 2004. ([#6350](https://github.com/containerd/containerd/pull/6350))
* Remove Windows integration testing for 2004.
* OCI: Mount (accessible) host devices in privileged rootless containers ([#6308](https://github.com/containerd/containerd/pull/6308))
* OCI: Mount (accessible) host devices in privileged rootless containers
* oci.getDevices(): move "non-dir, non '/dev/console'" case into switch
* cri: add support for configuring swap ([#6320](https://github.com/containerd/containerd/pull/6320))
* fixup: check for swap accounting
* fixup: handle diff between cgroupsv1 and v2
* cri: add support for configuring swap
* Integration: Enable TestVolumeOwnership on Windows ([#6275](https://github.com/containerd/containerd/pull/6275))
* Replace find with native Go code
* Enable TestVolumeOwnership on Windows
* Prepare release notes for v1.6.0-beta.4 ([#6296](https://github.com/containerd/containerd/pull/6296))
* Prepare release notes for v1.6.0-beta.4
* refactor: functions for error log and error return ([#6358](https://github.com/containerd/containerd/pull/6358))
* feat: Errorf usage
* Split apart runc shim into plugin components ([#6021](https://github.com/containerd/containerd/pull/6021))
* Use task plugin for runc shim
* Seperate shim manager and task service
* Split runc shim into plugin components
* Add shutdown package
* CRI update for sandbox sizing ([#6155](https://github.com/containerd/containerd/pull/6155))
* cri, sandbox: pass sandbox resource details if available, applicable
* medatada: make namespaces' deletion error less cryptic ([#6354](https://github.com/containerd/containerd/pull/6354))
* medatada: make namespaces' deletion error less cryptic
* ListContainerStats to return stats response if ContainerStatsFilter is nil ([#6373](https://github.com/containerd/containerd/pull/6373))
* add-list-stat: return container list if filter is nil
* integration: deflake TestContainerdRestart ([#6369](https://github.com/containerd/containerd/pull/6369))
* integration: deflake TestContainerdRestart
* feat: add timeout for bolt open ([#6225](https://github.com/containerd/containerd/pull/6225))
* feat: support custom timeout for blot open
* Update Go to 1.17.5 ([#6333](https://github.com/containerd/containerd/pull/6333))
* Update Go to 1.17.5
* cri/server: use consistent alias for pkg/ioutil ([#6332](https://github.com/containerd/containerd/pull/6332))
* cri/server: use consistent alias for pkg/ioutil
* Disable restart monitor test in Windows ([#6364](https://github.com/containerd/containerd/pull/6364))
* Disable restart monitor test in Windows
* Don't fail-fast on Windows integration tests ([#6338](https://github.com/containerd/containerd/pull/6338))
* Don't fail-fast on Windows integration tests
* Update restart monitor test to output daemon logs on failure ([#6355](https://github.com/containerd/containerd/pull/6355))
* Run windows parallel integration test as short
* Update restart monitor test to output daemon logs on failure
* go.mod: update image-spec to latest (v1.0.3-dev) ([#6263](https://github.com/containerd/containerd/pull/6263))
* images/converter: remove deprecated types
* go.mod: update image-spec to latest (v1.0.3-dev)
* Skip WithAdditionalGIDs on Darwin ([#6353](https://github.com/containerd/containerd/pull/6353))
* Skip WithAdditionalGIDs on Darwin
* Use RFC3339 format on Windows periodic resource group creation so cleanup works ([#6303](https://github.com/containerd/containerd/pull/6303))
* Use RFC3339 format so rg cleanup works
* update runc to v1.0.3 ([#6330](https://github.com/containerd/containerd/pull/6330))
* go.mod: github.com/opencontainers/runc v1.0.3
* update runc binary to v1.0.3
* Unblock native snapshotter on Darwin ([#6329](https://github.com/containerd/containerd/pull/6329))
* Allow native snapshotter on Darwin
* Do not use `go get` to install executables ([#6328](https://github.com/containerd/containerd/pull/6328))
* Do not use `go get` to install executables
* Include runtime v2 in default builtins ([#6326](https://github.com/containerd/containerd/pull/6326))
* Include runtime v2 in default builtins
* Add Windows Server 2022 CI runs ([#6314](https://github.com/containerd/containerd/pull/6314))
* Add Windows Server 2022 CI runs
* Set explicit ACL on test files ([#6324](https://github.com/containerd/containerd/pull/6324))
* Use a single RUN command
* Set explicit ACL on test files
* integration: align tags of test images ([#6311](https://github.com/containerd/containerd/pull/6311))
* integration: align tags of test images
* Set CONTAINERD_ROOT in Windows cri-integration ([#6325](https://github.com/containerd/containerd/pull/6325))
* Set CONTAINERD_ROOT in Windows cri-integration
* export oci.DeviceFromPath() ([#6312](https://github.com/containerd/containerd/pull/6312))
* export oci.DeviceFromPath()
* Update volume test images ([#6321](https://github.com/containerd/containerd/pull/6321))
* Update continuity dependency
* Update volume test images
* Update TestRestartMonitor expected time check ([#6201](https://github.com/containerd/containerd/pull/6201))
* Add error logging on cleanup
* Update TestRestartMonitor expected time check
* Move test volume images from gcr to ghcr ([#6319](https://github.com/containerd/containerd/pull/6319))
* Move volume images from gcr to ghcr
* Revert shim service plugin migration ([#6301](https://github.com/containerd/containerd/pull/6301))
* Revert shim plugin migration
* Authenticate against ghcr.io ([#6317](https://github.com/containerd/containerd/pull/6317))
* Add permissions
* Authenticate against ghcr.io
* oci/deviceFromPath(): correctly check device types ([#6306](https://github.com/containerd/containerd/pull/6306))
* oci/deviceFromPath(): correctly check device types
* Skip TestExportAndImportMultiLayer on Windows ([#6315](https://github.com/containerd/containerd/pull/6315))
* Skip TestExportAndImportMultiLayer on Windows
* Integration: Add image build workflow ([#6290](https://github.com/containerd/containerd/pull/6290))
* Add image build workflow
* Integration: Separate Windows Periodic Tests workflow trigger. ([#6286](https://github.com/containerd/containerd/pull/6286))
* Integration: Separate Windows Periodic Tests workflow trigger.
* Build volume test images on Windows ([#6274](https://github.com/containerd/containerd/pull/6274))
* Build volume test images on Windows
* Add VMware TKG & TCE to Containerd adopters ([#6297](https://github.com/containerd/containerd/pull/6297))
* Add VMware TKG & TCE to Containerd adopters
* Vagrantfile: update to Fedora 35 ([#6293](https://github.com/containerd/containerd/pull/6293))
* Vagrantfile: update to Fedora 35
* Update README.md repo->org ([#6269](https://github.com/containerd/containerd/pull/6269))
* Update README.md repo->org
* Fix executable file not found when restoring shims ([#6278](https://github.com/containerd/containerd/pull/6278))
* Fix executable file not found when restoring shims
* ctr/snapshots/diff: show media-type in stderr ([#6271](https://github.com/containerd/containerd/pull/6271))
* ctr/snapshots/diff: don't show the media-type in output
* ctr: Add Linux Capabilities control flags ([#6289](https://github.com/containerd/containerd/pull/6289))
* ctr: Add Linux Capabilities control flags
* integration: add stats result in error message ([#6270](https://github.com/containerd/containerd/pull/6270))
* integration: add stats result in error message
* releases: mark 1.4 as Extended ([#6287](https://github.com/containerd/containerd/pull/6287))
* docs: mark 1.4 as Extended
* docs: fix RELEASES.md gRPC API anchor
* feat: skip ci for fork ([#6284](https://github.com/containerd/containerd/pull/6284))
* feat: skip ci for fork
* content/local: Close the file if Seek fails ([#6280](https://github.com/containerd/containerd/pull/6280))
* content/local: Close the file if Seek fails
* Integration: Remove explicit version passing to `azure/CLI`. ([#6268](https://github.com/containerd/containerd/pull/6268))
* Integration: Remove explicit version passing to `azure/CLI`.
* Fix wrong make target on documentation ([#6276](https://github.com/containerd/containerd/pull/6276))
* Fix wrong make target on documentation
* fix: server error return ([#6272](https://github.com/containerd/containerd/pull/6272))
* fix: server error return
* Prepare release notes for v1.6.0-beta.3 ([#6267](https://github.com/containerd/containerd/pull/6267))
* Prepare release notes for v1.6.0-beta.3
* Update API version in go.mod
* Update release name to use consistent format
* feat:support custom callopts on client side ([#6254](https://github.com/containerd/containerd/pull/6254))
* fix: make max recv/send msg size setting default
* feat:support custom callopts on client side
* [CRI] Fix panic when registry.mirrors use localhost ([#6258](https://github.com/containerd/containerd/pull/6258))
* [CRI] Fix panic when registry.mirrors use localhost
* Add support for TMP override on toml ([#6241](https://github.com/containerd/containerd/pull/6241))
* Add support for TMP override on toml
* CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options ([#6170](https://github.com/containerd/containerd/pull/6170))
* CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options
* Github Security Advisory [GHSA-5j5w-g665-5m35](https://github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35)
* schema1: reject ambiguous documents
* images: validate document type before unmarshal
* [cri] add sandbox and container latency metrics ([#6111](https://github.com/containerd/containerd/pull/6111))
* [cri] add sandbox and container latency metrics
* Integration: Generalize Windows CI setup scripts for any username. ([#6255](https://github.com/containerd/containerd/pull/6255))
* Generalize Windows CI setup script for any user.
* Standardize cmdlet capitalization in Windows CI scripts.
* feat: use rwmutex instead ([#6253](https://github.com/containerd/containerd/pull/6253))
* feat: use rwmutex instead
* Allow absolute path to shim binaries ([#6206](https://github.com/containerd/containerd/pull/6206))
* Fix package alias
* Support custom runtime path when launching tasks
* Add runtime path in CreateTaskRequest
* Close file if permission modification fails ([#6246](https://github.com/containerd/containerd/pull/6246))
* Close file if permission modification fails
* release: change tar name to match prior releases ([#6250](https://github.com/containerd/containerd/pull/6250))
* release: change tar name to match prior releases
* Fix wrong error returned for image index lookup ([#6237](https://github.com/containerd/containerd/pull/6237))
* Fix wrong error returned for image index lookup
* Fix containerd fails to pull OCI image with non-`http(s)://` urls ([#6221](https://github.com/containerd/containerd/pull/6221))
* Fix containerd fails to pull OCI image with non-`http(s)://` urls
* Prepare release notes for v1.6.0-beta.2 ([#6223](https://github.com/containerd/containerd/pull/6223))
* Prepare release notes for v1.6.0-beta.2
* Add arm64 to releases ([#6196](https://github.com/containerd/containerd/pull/6196))
* Rename release dockerfile to omit distro name
* release: improve dockerfile
* Add arm64 to releases
* use write lock when updating container stats ([#6236](https://github.com/containerd/containerd/pull/6236))
* use write lock when updating container stats
* go.mod: Bump hcsshim to v0.9.1 ([#6230](https://github.com/containerd/containerd/pull/6230))
* go.mod: Bump hcsshim to v0.9.1
* go.mod: Bump ttrpc to 1.1.0 ([#6228](https://github.com/containerd/containerd/pull/6228))
* go.mod: Bump ttrpc to 1.1.0
* go.mod: bump moby/sys/symlink v0.2.0, moby/sys/signal v0.6.0, moby/sys/mountinfo v0.5.0 ([#6213](https://github.com/containerd/containerd/pull/6213))
* go.mod: github.com/moby/sys/mountinfo v0.5.0
* go.mod: github.com/moby/sys/signal v0.6.0
* go.mod: github.com/moby/sys/symlink v0.2.0
* go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
* cleanup: add more description on comment ([#6222](https://github.com/containerd/containerd/pull/6222))
* cleanup: add more description on comment
* Update Go to 1.17.3 ([#6211](https://github.com/containerd/containerd/pull/6211))
* Update Go to 1.17.3
* CI: bump up crun: 1.0 -> 1.3 ([#6214](https://github.com/containerd/containerd/pull/6214))
* CI: bump up crun: 1.0 -> 1.3
* Pin az CLI version in windows-periodic workflow ([#6205](https://github.com/containerd/containerd/pull/6205))
* Pin az CLI version
* Decouple task manager ([#5918](https://github.com/containerd/containerd/pull/5918))
* Address PR comments
* Fix build after rebase
* Migrate task directory
* Expose shim process interface
* Fix after rebase
* Cleanup shim loading
* Move shim restore to a separate file
* Fix backward compatibility with old task shims
* Add plugin dependency between shim and shim services
* Rework task create and cleanup flow
* Add task manager
* Rename task manager to shim manager
* [cri] Implement k8s 1.23 CRI Pod Sandbox and Container Stats ([#6113](https://github.com/containerd/containerd/pull/6113))
* Implement CRI container and pods stats
* Vendor latest k8s.io/cri-api and netlink
* test: Add grace period for restart monitor test ([#6200](https://github.com/containerd/containerd/pull/6200))
* test: Add grace period for restart monitor test
* integration: Enables TestRuntimeHandler for Windows ([#6179](https://github.com/containerd/containerd/pull/6179))
* integration: Enables TestRuntimeHandler for Windows
* Add mkdir on Dockerfile ([#6171](https://github.com/containerd/containerd/pull/6171))
* Add mkdir on Dockerfile
* sys/reaper: avoid leaky goroutine when exec timeout ([#6189](https://github.com/containerd/containerd/pull/6189))
* sys/reaper: avoid leaky goroutine when exec timeout
* adds additional debug out to timebox cni setup ([#6184](https://github.com/containerd/containerd/pull/6184))
* adds additional debug out to timebox cni setup
* converter: Allow hooks during image conversion ([#6176](https://github.com/containerd/containerd/pull/6176))
* converter: Allow hooks during image conversion
* compression: support zstd with skippable frame ([#6177](https://github.com/containerd/containerd/pull/6177))
* compression: support zstd with skippable frame
* integration: Enables TestVolumeCopyUp for Windows ([#6182](https://github.com/containerd/containerd/pull/6182))
* integration: Enables TestVolumeCopyUp for Windows
* integration: Enable some tests for Windows (part 2) ([#6121](https://github.com/containerd/containerd/pull/6121))
* integration: Enable some tests for Windows (part 2)
* integration: Enable some tests for Windows ([#6085](https://github.com/containerd/containerd/pull/6085))
* integration: Enable some tests for Windows
* Update doc to version 2 syntax ([#6125](https://github.com/containerd/containerd/pull/6125))
* feat(doc): update to version 2 syntax
* fix shim reaper wait command execute blocked ([#6166](https://github.com/containerd/containerd/pull/6166))
* fix shim reaper wait command execute blocked
* content: close stream after commit request ([#6145](https://github.com/containerd/containerd/pull/6145))
* content: close stream after commit request
* Generating token options with each scope as a separate string. ([#6165](https://github.com/containerd/containerd/pull/6165))
* Adding scope tests for ParseAuthHeader
* Adding tests for GenerateTokenOptions
* Generate token options with each scope as a separate string.
* vendor: Updates go-cni ([#6167](https://github.com/containerd/containerd/pull/6167))
* vendor: Updates go-cni
* commands: Enables task metrics for Windows ([#6159](https://github.com/containerd/containerd/pull/6159))
* commands: Enables task metrics for Windows
* vendor: update moby/sys for darwin support ([#6149](https://github.com/containerd/containerd/pull/6149))
* vendor: update moby/sys for darwin support
* Prepare v1.6.0-beta.1 ([#6144](https://github.com/containerd/containerd/pull/6144))
* Prepare release notes for v1.6.0-beta.1
* Update mailmap
* Update api vendor
* bump cni to spec v1.0.0 ([#6136](https://github.com/containerd/containerd/pull/6136))
* bump CNI to spec v1.0.0
* Inject otel traces to grpc client. ([#5992](https://github.com/containerd/containerd/pull/5992))
* Inject otel traces to grpc client.
* client: expose (*image).platform ([#6142](https://github.com/containerd/containerd/pull/6142))
* client: expose (*image).platform
* Adding documentation for Core Scheduling ([#6128](https://github.com/containerd/containerd/pull/6128))
* feat(doc): add Core Scheduling documentation
* Ensure namespace is proxied to grpc/ttrpc plugins ([#6130](https://github.com/containerd/containerd/pull/6130))
* Ensure namespace is proxied to grpc/ttrpc plugins
* fix #6054 MaxConcurrentDownloads is not effect when Unpack is true ([#6109](https://github.com/containerd/containerd/pull/6109))
* fix #6054 MaxConcurrentDownloads is not effect when Unpack is true
* Output a warning for label image labels instead of erroring ([#6124](https://github.com/containerd/containerd/pull/6124))
* Output a warning for label image labels instead of erroring
* Fix spelling mistake in Windows snapshotter ([#6132](https://github.com/containerd/containerd/pull/6132))
* Fix spelling mistake in Windows snapshotter
* Windows: Cleanup rm- prefixed layers ([#6126](https://github.com/containerd/containerd/pull/6126))
* Windows: Cleanup rm- prefixed layers
* cleanup deprecated package `io/ioutil ` ([#6118](https://github.com/containerd/containerd/pull/6118))
* io/ioutil package has been deprecated in Go 1.16 that replaces io/ioutil functions
* close Writer after use which may memory leak ([#6115](https://github.com/containerd/containerd/pull/6115))
* close Writer after use which may leak mem
* Adds Windows resource limits support ([#5778](https://github.com/containerd/containerd/pull/5778))
* Adds Windows resource limits support
* Prepare release notes for v1.6.0-beta.0 ([#6098](https://github.com/containerd/containerd/pull/6098))
* Prepare release notes for v1.6.0-beta.0
* Add error message to in TestContainerdRestart integration test ([#6105](https://github.com/containerd/containerd/pull/6105))
* Add error message to in TestContainerdRestart integration test
* Fix typo in the NewContainer function documentation ([#6110](https://github.com/containerd/containerd/pull/6110))
* Fix typo in the NewContainer function documentation
* Update cgroups to v1.0.2 ([#6104](https://github.com/containerd/containerd/pull/6104))
* Update cgroups to v1.0.2
* btrfs: verify file content after mount ([#6100](https://github.com/containerd/containerd/pull/6100))
* test: check file content after mount
* Update test timeout based on recent cancellations ([#6107](https://github.com/containerd/containerd/pull/6107))
* Update test timeout based on recent cancellations
* Check the pid in cri test teardown ([#6106](https://github.com/containerd/containerd/pull/6106))
* Remove extra test_teardown
* Check the pid in cri test teardown
* add runc shim support for sched core ([#6011](https://github.com/containerd/containerd/pull/6011))
* fix integration client vendor
* add runc shim support for sched core
* integration: Enables Windows containerd restart test ([#5579](https://github.com/containerd/containerd/pull/5579))
* integration: Enables Windows containerd restart test
* vendor: Bump hcsshim to 0.9.0 ([#6099](https://github.com/containerd/containerd/pull/6099))
* vendor: Bump hcsshim to 0.9.0
* [cri] Add CNI conf based on runtime class ([#4695](https://github.com/containerd/containerd/pull/4695))
* Add CNI conf based on runtime class
* Update Go to 1.17.2 ([#6102](https://github.com/containerd/containerd/pull/6102))
* Update Go to 1.17.2
* integration: Adds test for multilayer image import ([#5933](https://github.com/containerd/containerd/pull/5933))
* integration: Adds test for multilayer image import
* runtime: should fail fast if dial error on shim ([#6031](https://github.com/containerd/containerd/pull/6031))
* runtime: should fail fast if dial error on shim
* Fixes Windows containers with image volumes ([#6034](https://github.com/containerd/containerd/pull/6034))
* Windows: Fixes Windows containers with image volumes
* run `gofmt` with GO 1.17 ([#6094](https://github.com/containerd/containerd/pull/6094))
* run `gofmt` with Go 1.17
* pkg/cap: remove an outdated comment ([#6088](https://github.com/containerd/containerd/pull/6088))
* pkg/cap: remove an outdated comment
* Update go otel 1.0.1 ([#6066](https://github.com/containerd/containerd/pull/6066))
* Update go otel 1.0.1
* Update ADOPTERS.md with additional uses ([#6086](https://github.com/containerd/containerd/pull/6086))
* Update ADOPTERS.md with additional uses
* modify the way for checking cos ([#6082](https://github.com/containerd/containerd/pull/6082))
* modify the way for checking cos
* Fuzzing: Add fuzzers + small modifications ([#5915](https://github.com/containerd/containerd/pull/5915))
* Fuzzing: Add 4 fuzzers + small modifications
* Fixes for Windows CI ([#6081](https://github.com/containerd/containerd/pull/6081))
* Pin mingw to version 10.2.0
* Update to golang 1.17.1
* Install nssm
* Github Security Advisory [GHSA-c2h3-6mxw-7mvq](https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq)
* btrfs: reduce permissions on plugin directories
* v1 runtime: reduce permissions for bundle dir
* v2 runtime: reduce permissions for bundle dir
* task service: return known error type ([#6079](https://github.com/containerd/containerd/pull/6079))
* task service: return known error type
* refactor: move from io/ioutil to io and os package ([#5973](https://github.com/containerd/containerd/pull/5973))
* refactor: move from io/ioutil to io and os package
* fix: import from k8s.io/utils/clock instead ([#6076](https://github.com/containerd/containerd/pull/6076))
* fix: update vendor
* cleanup: import from k8s.io/utils/clock/testing instead
* cleanup: import from k8s.io/utils/clock instead
* feat: enable integration cri remote client to call with grpc calloptions ([#6069](https://github.com/containerd/containerd/pull/6069))
* feat: enable cri remote client to call with grpc calloptions
* cleanup k8s ansible yaml (carry for #5713) ([#6074](https://github.com/containerd/containerd/pull/6074))
* cleanup k8s ansible yaml (carry for https://github.com/jayonlau <jayonlau@gmail.com>)
* feat: support import image for specific platform ([#6070](https://github.com/containerd/containerd/pull/6070))
* fix: wrong flag type
* feat: support import image for specific platform
* Update mirror images to take target image name ([#6065](https://github.com/containerd/containerd/pull/6065))
* Update mirror images to take target image name
* fix: make exec-id flag required in exec command ([#6059](https://github.com/containerd/containerd/pull/6059))
* fix: make exec-id flag required in exec command
* images: enable converter to uncompress zstd ([#6052](https://github.com/containerd/containerd/pull/6052))
* images: enable converter to uncompress zstd
* replace deprecated function with Domain and Path ([#5922](https://github.com/containerd/containerd/pull/5922))
* replace deprecated function
* integration: Adds Windows HostProcess tests ([#5853](https://github.com/containerd/containerd/pull/5853))
* integration: Adds Windows HostProcess tests
* Fix main branch build is broken ([#6047](https://github.com/containerd/containerd/pull/6047))
* Fix main branch build is broken
* Add open telemetry logging hook for logrus ([#6003](https://github.com/containerd/containerd/pull/6003))
* Add open telemetry logging hook for logrus
* Change `oci.WithUser` behavior for LCOW ([#6023](https://github.com/containerd/containerd/pull/6023))
* Change oci.WithUser behavior for LCOW
* switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound) ([#5946](https://github.com/containerd/containerd/pull/5946))
* switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound)
* import: Raise error if the imported image is filtered out ([#5926](https://github.com/containerd/containerd/pull/5926))
* import: Raise error if the imported image is filtered out
* Fix panic in metadata content writer on copy error ([#6043](https://github.com/containerd/containerd/pull/6043))
* Fix panic in metadata content writer on copy error
* Move tracing to plugin ([#6001](https://github.com/containerd/containerd/pull/6001))
* Move tracing to plugin
* ctr: Fixes Windows image import ([#5916](https://github.com/containerd/containerd/pull/5916))
* ctr: Fixes Windows image import
* update open go.opentelemetry.io v1.0.0 to fix import path ([#6017](https://github.com/containerd/containerd/pull/6017))
* go.mod: update opentelemetry modules to v1.0.0
* fix error string format ([#5979](https://github.com/containerd/containerd/pull/5979))
* fix error string format
* Add github action to mirror image ([#6036](https://github.com/containerd/containerd/pull/6036))
* Add github action to mirror image
* add current process state to the error message ([#6027](https://github.com/containerd/containerd/pull/6027))
* add current process state to the error message
* FreeBSD: fix tar headers & the nil check on getxattr ([#5991](https://github.com/containerd/containerd/pull/5991))
* FreeBSD: fix tar headers & the nil check on getxattr
* gha: collect VMs' IP addresses ([#6035](https://github.com/containerd/containerd/pull/6035))
* gha: collect Vagrant VMs' IP addresses
* bump continuity and console version that remove pkg/errors ([#6033](https://github.com/containerd/containerd/pull/6033))
* bump continuity and console version that remove pkg/errors
* import: Add option to prevent duplicated digest image ([#5997](https://github.com/containerd/containerd/pull/5997))
* import: Add option to skip creating digest image
* ctr namespaces: improve usage string ([#5998](https://github.com/containerd/containerd/pull/5998))
* ctr namespaces: improve usage string
* bump console version to v1.0.3 that remove pkg/errors ([#6028](https://github.com/containerd/containerd/pull/6028))
* bump console version to v1.0.3 that remove pkg/errors
* Use github images for integration tests ([#6032](https://github.com/containerd/containerd/pull/6032))
* Use github images for integration tests
* Fix typo ([#5995](https://github.com/containerd/containerd/pull/5995))
* Fix typo
* Enable image config labels in ctr and CRI container creation ([#6012](https://github.com/containerd/containerd/pull/6012))
* Enable image config labels in ctr and CRI container creation
* Make sure exit signals trigger an exit during init ([#5970](https://github.com/containerd/containerd/pull/5970))
* Make sure exit signals trigger an exit during init
* task delete: Closes task IO before waiting ([#5974](https://github.com/containerd/containerd/pull/5974))
* task delete: Closes task IO before waiting
* CI: bump up crun to 1.0 ([#5985](https://github.com/containerd/containerd/pull/5985))
* CI: bump up crun to 1.0
* seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted) ([#5982](https://github.com/containerd/containerd/pull/5982))
* seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)
* Update to Go 1.17.1 ([#5990](https://github.com/containerd/containerd/pull/5990))
* Update to Go 1.17.1
* CI: Switch to available latest images ([#5987](https://github.com/containerd/containerd/pull/5987))
* CI: Switch to available latest images
* add xfs support to devicemapper snapshotter ([#5610](https://github.com/containerd/containerd/pull/5610))
* add xfs support to devicemapper snapshotter
* Fixes task kill --force on Windows ([#5956](https://github.com/containerd/containerd/pull/5956))
* Fixes task kill --force on Windows
* Add support for shim plugins ([#5817](https://github.com/containerd/containerd/pull/5817))
* Add support for shim plugins
* vendor: update continuity for darwin support ([#5976](https://github.com/containerd/containerd/pull/5976))
* vendor: update continuity for darwin support
* replace uses of os/exec with golang.org/x/sys/execabs ([#5906](https://github.com/containerd/containerd/pull/5906))
* replace uses of os/exec with golang.org/x/sys/execabs
* complete integration test for pulling image with labels ([#5972](https://github.com/containerd/containerd/pull/5972))
* Additional integration tests for pulling image with labels
* Fix content copy to not ignore unexpected EOF ([#5966](https://github.com/containerd/containerd/pull/5966))
* Fix content copy to not ignore unexpected EOF
* add ip_pref CNI options for primary pod ip ([#5964](https://github.com/containerd/containerd/pull/5964))
* add ip_pref CNI options for primary pod ip
* cri: add devices for privileged container ([#5939](https://github.com/containerd/containerd/pull/5939))
* cri: add devices for privileged container
* sandbox: Allows the sandbox to be deleted in NotReady state ([#5954](https://github.com/containerd/containerd/pull/5954))
* sandbox: Allows the sandbox to be deleted in NotReady state
* pin protobuild version to tag ([#5969](https://github.com/containerd/containerd/pull/5969))
* pin protobuild version to tag
* Add metric exposing build version&revision ([#5965](https://github.com/containerd/containerd/pull/5965))
* use a const metric for build_info
* Add metric exposing build version&revision
* Feature: containerd-cri support LinuxContainerResources.Unified ([#5627](https://github.com/containerd/containerd/pull/5627))
* add cri test case
* feature: add field LinuxContainerResources.Unified on cri
* integration: investigate TestRestartMonitor's failure ([#5861](https://github.com/containerd/containerd/pull/5861))
* integration: investigate TestRestartMonitor's failure
* Use issue forms for bug reporting ([#5917](https://github.com/containerd/containerd/pull/5917))
* Address issue forms feedback
* Use issue forms for bug reporting
* cri: patch update image labels ([#5945](https://github.com/containerd/containerd/pull/5945))
* cri: patch update image labels
* darwin: runtime support ([#5936](https://github.com/containerd/containerd/pull/5936))
* darwin: runtime support
* darwin: use the default values for socketRoot variable
* Update RELEASES.md ([#5858](https://github.com/containerd/containerd/pull/5858))
* Update RELEASES.md
* archive: Add WriteDiff error logs ([#5949](https://github.com/containerd/containerd/pull/5949))
* archive: Add WriteDiff error logs
* replace deprecated Dialer with ContextDialer ([#5958](https://github.com/containerd/containerd/pull/5958))
* replace deprecated Dail with DailContext
* Add WS2022 support in Windows Periodic tests ([#5951](https://github.com/containerd/containerd/pull/5951))
* Add WS2022 support in Windows Periodic tests
* Content fuzzer: Clean up temp store dir ([#5943](https://github.com/containerd/containerd/pull/5943))
* content fuzzer: Clean up tempdir
* using Hosts replace deprecated field ([#5944](https://github.com/containerd/containerd/pull/5944))
* using Hosts replace deprecated field
* fix document non-synchronous ([#5947](https://github.com/containerd/containerd/pull/5947))
* fix document non-synchronous in crictl.md
* go.mod: Update hcsshim to v0.8.21 ([#5929](https://github.com/containerd/containerd/pull/5929))
* go.mod: Update hcsshim to v0.8.21
* Makefile.linux: build on RISC-V with PIE ([#5937](https://github.com/containerd/containerd/pull/5937))
* Makefile.linux: build on riscv with PIE
* Fix cwd flag for `ctr tasks exec` ([#5932](https://github.com/containerd/containerd/pull/5932))
* Fix cwd flag for `ctr tasks exec`
* Update Pause image in tests & config ([#5927](https://github.com/containerd/containerd/pull/5927))
* Update Pause image in tests & config
* cri: Devices ownership from SecurityContext ([#5122](https://github.com/containerd/containerd/pull/5122))
* cri: Devices ownership from SecurityContext
* Fix pull fails on unexpected EOF ([#5921](https://github.com/containerd/containerd/pull/5921))
* Fix pull fails on unexpected EOF
* Fix dir support for devices ([#5845](https://github.com/containerd/containerd/pull/5845))
* Adding testing of two devices
* Fix dir support for devices V3 (#4847)
* windows: The DefaultSpec platform should match the Default matcher ([#5914](https://github.com/containerd/containerd/pull/5914))
* windows: The DefaultSpec platform should match the Default matcher
* Add RunAsUserName functionality for the Windows pod sandbox container ([#5865](https://github.com/containerd/containerd/pull/5865))
* Add RunAsUserName functionality for the Windows Pod Sandbox Container
* bump up runc v1.0.2 ([#5899](https://github.com/containerd/containerd/pull/5899))
* go.mod: update runc to v1.0.2
* update runc binary to v1.0.2
* Run `go fmt` with Go 1.17 ([#5903](https://github.com/containerd/containerd/pull/5903))
* Run `go fmt` with Go 1.17
* go.mod: github.com/pelletier/go-toml v1.9.3 ([#5905](https://github.com/containerd/containerd/pull/5905))
* go.mod: github.com/pelletier/go-toml v1.9.3
* cri: filter selinux xattr for image volumes ([#5902](https://github.com/containerd/containerd/pull/5902))
* cri: filter selinux xattr for image volumes
* Add Windows HostProcess Support ([#5131](https://github.com/containerd/containerd/pull/5131))
* Added windows hostProcess cni skip
* script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0 ([#5897](https://github.com/containerd/containerd/pull/5897))
* script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0
* Update to Go 1.17 ([#5889](https://github.com/containerd/containerd/pull/5889))
* Bump integration timeout to 35 min
* Update to Go 1.17
* integration: fix TestContainerPids ([#5896](https://github.com/containerd/containerd/pull/5896))
* integration: fix TestContainerPids
* [ctr] add HOSTNAME env for host network ([#5891](https://github.com/containerd/containerd/pull/5891))
* [ctr] add HOSTNAME env for host network
* Fuzzing: Add fuzzer ([#5886](https://github.com/containerd/containerd/pull/5886))
* Fuzzing: Add fuzzer
* Make Cgroup driver configurable in gce configure script ([#5884](https://github.com/containerd/containerd/pull/5884))
* Add env for SystemdCgroup driver
* Allow expanded DNS configuration ([#5878](https://github.com/containerd/containerd/pull/5878))
* Allow expanded DNS configuration
* Fuzzing: Add 4 fuzzers ([#5863](https://github.com/containerd/containerd/pull/5863))
* Fuzzing: Add 4 fuzzers
* Cleanup v2 shim ([#5813](https://github.com/containerd/containerd/pull/5813))
* Cleanup v2 shim
* Fuzzing: Add experimental version of container fuzzer ([#5840](https://github.com/containerd/containerd/pull/5840))
* Use http.Get to download binaries instead of exec.Command
* Fuzzing: Add experimental version of container fuzzer
* add cpu-shares to ctr ([#5846](https://github.com/containerd/containerd/pull/5846))
* add cpu-shares to ctr
* docs: rename master to main (it was opposite on the actual commit) ([#5847](https://github.com/containerd/containerd/pull/5847))
* docs: rename main to master
* content: return the error with its timestamp ([#5849](https://github.com/containerd/containerd/pull/5849))
* content: return the error with its timestamp
* Fix bad `make protos` failure ([#5857](https://github.com/containerd/containerd/pull/5857))
* Fix bad `make protos` failure
* replace cri and point to new location ([#5851](https://github.com/containerd/containerd/pull/5851))
* archive docs and point to new location fix #https://github.com/containerd/cri/issues/1624
* docs: remove FOSSA's badge ([#5856](https://github.com/containerd/containerd/pull/5856))
* docs: remove FOSSA's badge
* BUILDING.md: remove some bits about building runc ([#5850](https://github.com/containerd/containerd/pull/5850))
* BUILDING.md: remove some bits about building runc
* BUILDING.md: markdown fixes
* go.mod: update k8s deps to v1.22.0 ([#5836](https://github.com/containerd/containerd/pull/5836))
* go.mod: update kubernetes to v1.22.0
* [Scripts] Add trap to cri-integration test script ([#5852](https://github.com/containerd/containerd/pull/5852))
* Add trap to cri-integration test script
* docs: list all snapshotter-related build flags ([#5848](https://github.com/containerd/containerd/pull/5848))
* docs: list all snapshotter-related build flags
* Move plugin context events into separate plugin ([#5835](https://github.com/containerd/containerd/pull/5835))
* Move plugin context events into separate plugin
* Fix Linux CI Linter using Go 1.15.14 ([#5839](https://github.com/containerd/containerd/pull/5839))
* Fix Linux CI Linter using go 1.15.14
* Update Go to 1.16.7 ([#5842](https://github.com/containerd/containerd/pull/5842))
* Update Go to 1.16.7
* Cleanup CI ([#5838](https://github.com/containerd/containerd/pull/5838))
* Cleanup CI
* Remove redundant build tags ([#5834](https://github.com/containerd/containerd/pull/5834))
* Remove redundant build tags
* Change default directories on Darwin ([#5830](https://github.com/containerd/containerd/pull/5830))
* Change default directories on Darwin
* [otel-tracing] Initial opentelemetry support ([#5731](https://github.com/containerd/containerd/pull/5731))
* [otel-tracing] vendor and go modules changes
* [otel-tracing] Initial opentelemetry support
* remove go 1.13 from containerd
* Fuzzing: Fix for OSS-fuzz issue 36825 ([#5829](https://github.com/containerd/containerd/pull/5829))
* Fuzzing: Fix for OSS-fuzz issue 36825
* Fuzzing: Add two fuzzers ([#5825](https://github.com/containerd/containerd/pull/5825))
* Fuzzing: Add two more fuzzers
* scripts: linting fixes, and remove support for Debian Jessie (as it's EOL) ([#5760](https://github.com/containerd/containerd/pull/5760))
* scripts: declare ROOT closer to where it's used, and some DRY changes
* scripts: add missing quotes, and minor linting issues
* test/build-utils.sh: remove support for Debian Jessie
* platforms: Format(): use path.Join() instead of joinNotEmpty() ([#5821](https://github.com/containerd/containerd/pull/5821))
* platforms: Format(): use path.Join() instead of joinNotEmpty()
* Fuzzing: Remove panics of container_fuzzer ([#5823](https://github.com/containerd/containerd/pull/5823))
* Fuzzing: Remove panics of container_fuzzer
* Fuzzing: Add container fuzzer ([#5785](https://github.com/containerd/containerd/pull/5785))
* Change protoc link
* Split fuzzer to two fuzzers
* Fuzzing: Add container fuzzer
* runtime: fix the issue of create new socket with abstract address ([#5746](https://github.com/containerd/containerd/pull/5746))
* runtime: fix the issue of create new socket with abstract address
* mergo: Upgrade to 0.3.12 to fix panic ([#5809](https://github.com/containerd/containerd/pull/5809))
* mergo: Upgrade to 0.3.12 to fix panic
* ci: install criu from PPA ([#5802](https://github.com/containerd/containerd/pull/5802))
* ci: install criu from PPA
* Update release workflow to upload binary without CNI ([#5144](https://github.com/containerd/containerd/pull/5144))
* Split release steps into multiple tasks
* Update release workflow to upload binary without CNI
* Enable critest on Windows Periodic Jobs ([#5725](https://github.com/containerd/containerd/pull/5725))
* Enable critest on Windows
* Script to check if entries in go.mod files are in sync ([#5792](https://github.com/containerd/containerd/pull/5792))
* Script to check if entries in go.mod files are in sync
* Add a sharedNamespace label ([#5043](https://github.com/containerd/containerd/pull/5043))
* Add shared content label to namespaces
* platforms: add "ios" as known OS, "loong64" as known ARCH ([#5784](https://github.com/containerd/containerd/pull/5784))
* platforms: add "ios" as known OS, "loong64" as known ARCH
* Updates the location of protobuf downloads ([#5804](https://github.com/containerd/containerd/pull/5804))
* Updates the location of protobuf downloads in docs
* Update protobuf install to use correct repository ([#5803](https://github.com/containerd/containerd/pull/5803))
* Update protobuf install to use correct repository
* overlay: expose upperdir location of each snapshot via an optional label ([#5624](https://github.com/containerd/containerd/pull/5624))
* overlay: add an optional label of upperdir location of each snapshot
* Support SIGRTMIN+n signals ([#5693](https://github.com/containerd/containerd/pull/5693))
* Support SIGRTMIN+n signals
* respect context timeout in shim binary call ([#5800](https://github.com/containerd/containerd/pull/5800))
* respect context timeout in shim binary call
* Introduce a new go module - containerd/api for use in standalone clients ([#5716](https://github.com/containerd/containerd/pull/5716))
* Introduce a new go module - containerd/api for use in standalone clients
* grpc config add options tcp_client_ca_cert ([#5606](https://github.com/containerd/containerd/pull/5606))
* grpc config add options tcp_tls_ca
* integration: Windows volume-copy-up images ([#5162](https://github.com/containerd/containerd/pull/5162))
* integration: Windows volume-copy-up images
* add CRI support matrix to RELEASES.md ([#5795](https://github.com/containerd/containerd/pull/5795))
* add CRI support matrix to RELEASES.md
* adding a little more clarity ([#5794](https://github.com/containerd/containerd/pull/5794))
* adding a little more clarity
* update gotestsum to v1.7.0 ([#5793](https://github.com/containerd/containerd/pull/5793))
* update gotestsum to v1.7.0
* Discard blocks when removing a thin device ([#5756](https://github.com/containerd/containerd/pull/5756))
* Discard blocks when removing a thin device
* Makefile: fix passing build tags ([#5590](https://github.com/containerd/containerd/pull/5590))
* Makefile: pass build tags to manpage build process
* Makefile: fix tags parameter computation
* Add runtime label to metrics ([#5744](https://github.com/containerd/containerd/pull/5744))
* Add runtime label to metrics
* interface about shim build check ([#5745](https://github.com/containerd/containerd/pull/5745))
* interface about shim build check
* integration: log all processes to investigate the test failure ([#5775](https://github.com/containerd/containerd/pull/5775))
* integration: log all processes to investigate the test failure
* Fuzzing: Add archive fuzzer ([#5779](https://github.com/containerd/containerd/pull/5779))
* Fuzzing: Add archive fuzzer
* Add docker.Fetch fuzzer ([#5687](https://github.com/containerd/containerd/pull/5687))
* Add docker fetch fuzzer
* Support custom compressor for walking differ ([#5735](https://github.com/containerd/containerd/pull/5735))
* Support custom compressor for walking differ
* remotes/docker/pusher.go: Fix missing Close() on push to docker remote ([#5770](https://github.com/containerd/containerd/pull/5770))
* remotes/docker/pusher.go: Fix missing Close()
* remotes/docker/fetcher.go: Fix missing Close() on fetch from docker remote ([#5769](https://github.com/containerd/containerd/pull/5769))
* remotes/docker/fetcher.go: Fix missing Close()
* Update cpuguy83/go-md2man binary to v2.0.1 ([#5771](https://github.com/containerd/containerd/pull/5771))
* Update cpuguy83/go-md2man binary to v2.0.1
* Refactor / optimize contrib/Dockerfile.test ([#5750](https://github.com/containerd/containerd/pull/5750))
* Dockerfile.test: build containerd in separate stage
* Dockerfile.test: add GOLANG_IMAGE build arg to allow overriding
* Dockerfile.test: clean up apt indexes after installing
* Dockerfile.test: build critools in a separate stage
* Dockerfile.test: build cni in a separate stage
* Dockerfile.test: standard directory to collect build aftifacts
* Dockerfile.test: split dev stage, and optimize order
* Dockerfile.test: skip curl, gcc, git and make install
* install-critools: make sure DESTDIR exists
* update gotestsum to current master ([#5754](https://github.com/containerd/containerd/pull/5754))
* update gotestsum to current master
* Github Security Advisory [GHSA-c72p-9xmj-rx3w](https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w)
* Add test for archive breakout test for lchmod
* Use systemd cgroup driver for Kubernetes e2e tests with cgroupsv2 ([#5755](https://github.com/containerd/containerd/pull/5755))
* Use systemd cgroup driver for cgroupv2 tests
* update runc to v1.0.1 ([#5751](https://github.com/containerd/containerd/pull/5751))
* go.mod: runc v1.0.1
* update runc binary to v1.0.1
* runtime: runc v2: remove redundant validation ([#5737](https://github.com/containerd/containerd/pull/5737))
* runtime: runc v2: remove redundant validation
* Add timestamp to flaky restart monitor test ([#5727](https://github.com/containerd/containerd/pull/5727))
* Move loop check to before sleep
* Add timestamp to flaky restart monitor test
* Update Go to 1.16.6 ([#5722](https://github.com/containerd/containerd/pull/5722))
* integration/client: go mod tidy
* Update Go to 1.16.6
* client: surface a connection error more clearly ([#4447](https://github.com/containerd/containerd/pull/4447))
* client: surface a connection error more clearly
* Fix missing Body.Close() calls on push to docker remote ([#5712](https://github.com/containerd/containerd/pull/5712))
* Fix missing Body.Close() calls on push to docker remote
* remove pkg/cri/platforms package ([#5710](https://github.com/containerd/containerd/pull/5710))
* remove pkg/cri/platforms package
* Allow WithServices to use custom implementations ([#5709](https://github.com/containerd/containerd/pull/5709))
* Allow WithServices to use custom implementations
* [Vendor] Update hcsshim to 0.8.18 ([#5673](https://github.com/containerd/containerd/pull/5673))
* [Vendor] Update hcsshim to 0.8.18
* test integration: Adds a test that restarts a failed container ([#5578](https://github.com/containerd/containerd/pull/5578))
* test integration: Adds a test that restarts a failed container
* [CRI] move up to CRI v1 and support v1alpha in parallel ([#5619](https://github.com/containerd/containerd/pull/5619))
* use fu wei's suggeted interface pick for marshaling
* add alpha version
* move up to CRI v1 and support v1alpha in parallel
* gha: make release workflow work in forks ([#5682](https://github.com/containerd/containerd/pull/5682))
* gha: make release workflow work in forks
* Add unit test for plugin ([#5666](https://github.com/containerd/containerd/pull/5666))
* Add unit test for plugin
* Dockerfile.test: add "cri-in-userns" (aka rootless) test stage ([#5700](https://github.com/containerd/containerd/pull/5700))
* Dockerfile.test: add "cri-in-userns" (aka rootless) test stage
* Update for distribution spec 1.0 ([#5676](https://github.com/containerd/containerd/pull/5676))
* Add support for registry host path override
* Update documenation for OCI distribution 1.0
* archive: cleanup lchmod logic ([#5702](https://github.com/containerd/containerd/pull/5702))
* Cleanup lchmod logic in archive
* Install specific golang version in Windows CI. ([#5571](https://github.com/containerd/containerd/pull/5571))
* Install specific golang version in Windows CI.
* Add ctr command label in NewContainerOpts ([#5660](https://github.com/containerd/containerd/pull/5660))
* feat: Add snapshotter label to the new snapshot for container.
* snapshot/devmapper: log exported methods correctly ([#5655](https://github.com/containerd/containerd/pull/5655))
* snapshot/devmapper: log exported methods correctly
* Makefile: fix DESTDIR and PREFIX concatenation ([#5662](https://github.com/containerd/containerd/pull/5662))
* Makefile: fix DESTDIR and PREFIX concatenation
* Cri integration cleanup ([#5287](https://github.com/containerd/containerd/pull/5287))
* tests: Use EnsureImageExists for image pulling
* tests: Refactors PodSandbox creation
* move sys.FMountat() into mount package and un-export ([#5641](https://github.com/containerd/containerd/pull/5641))
* un-export mount.FMountat
* move sys.FMountat() into mount package
* sandbox: send pod UID to CNI plugins as K8S_POD_UID ([#5640](https://github.com/containerd/containerd/pull/5640))
* sandbox: send pod UID to CNI plugins as K8S_POD_UID
* sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils ([#5639](https://github.com/containerd/containerd/pull/5639))
* sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils
* content/local: inline sys.StatATimeAsTime() ([#5633](https://github.com/containerd/containerd/pull/5633))
* content/local: inline sys.StatATimeAsTime()
* allow multi gpu to be specified via ctr ([#5636](https://github.com/containerd/containerd/pull/5636))
* allow multi gpu to be specified via ctr
* go.mod: runc v1.0.0
* update runc binary to v1.0.0 GA
* fixing some doc links ([#5629](https://github.com/containerd/containerd/pull/5629))
* fixing some doc links
* Sync integration/go.mod with root go.mod ([#5623](https://github.com/containerd/containerd/pull/5623))
* Sync integration/go.mod with root go.mod
* archive: Expose ChangeWriter to allow customized diff computing ([#5615](https://github.com/containerd/containerd/pull/5615))
* archive: Expose ChangeWriter to allow customized diff computing
* CI: Switch to the available latest images ([#5625](https://github.com/containerd/containerd/pull/5625))
* CI: Switch to available latest images
* fix deprecation config for default runtime
* Re-enable criu in main integration runs ([#5614](https://github.com/containerd/containerd/pull/5614))
* Re-enable criu in main integration runs
* runtime,v2: Enable debug when containerd is on debug+ log level ([#5617](https://github.com/containerd/containerd/pull/5617))
* runtime,v2: Enable debug when containerd is on debug+ log level
* github.com/golang/protobuf/proto is deprecated
* Update github.com/golang/protobuf from v1.3.5 to v1.4.3
* Update google.golang.org/grpc from v1.27.1 to v1.38.0
* Increase golangci-lint timeout
* ctr flags of container rootfs propagation ([#5611](https://github.com/containerd/containerd/pull/5611))
* command line flags of setting container rootfs propagation
* add cgroupv2 setup for cos with a flag
* Update gotestsum to add timestamps to junit output ([#5612](https://github.com/containerd/containerd/pull/5612))
* Update gotestsum to add timestamps to junit output
* Allow to pass --no-cgroups option to nvidia-container-cli ([#5604](https://github.com/containerd/containerd/pull/5604))
* Allow to pass --no-cgroup option to nvidia-container-cli
* Makefile: FHS conformant manpage installation pathes ([#5577](https://github.com/containerd/containerd/pull/5577))
* Makefile: FHS conformant manpage installation pathes
* Add proper Go version before project checks ([#5594](https://github.com/containerd/containerd/pull/5594))
* Add proper Go version before project checks
* Enable cri-integration in Windows Periodic Tests ([#5580](https://github.com/containerd/containerd/pull/5580))
* Enable cri-integration in Windows Periodic Tests
* adds explanation for seccomp unset/unconfined default vs runtime default ([#5573](https://github.com/containerd/containerd/pull/5573))
* adds explanation for seccomp unset/unconfined default vs runtime default
* Fix cleanup context of teardownPodNetwork ([#5569](https://github.com/containerd/containerd/pull/5569))
* Fix cleanup context of teardownPodNetwork
* update integration/client go.sum ([#5572](https://github.com/containerd/containerd/pull/5572))
* update integration/client go.sum
* Revert diff/walking error change ([#5566](https://github.com/containerd/containerd/pull/5566))
* Revert diff/walking error change
* Update opencontainers/selinux to v1.8.2 ([#5562](https://github.com/containerd/containerd/pull/5562))
* Update opencontainers/selinux to v1.8.2
* fix invalid validation error checking ([#5565](https://github.com/containerd/containerd/pull/5565))
* fix invalid validation error checking
* diff/walking: fix defer cleanup ([#5551](https://github.com/containerd/containerd/pull/5551))
* diff/walking: fix defer cleanup
* Windows periodic job: Add creation timestamp to RG ([#5559](https://github.com/containerd/containerd/pull/5559))
* Add creation timestamp to RG
* Fix error case in Windows layer cleanup ([#5328](https://github.com/containerd/containerd/pull/5328))
* Fix error case in Windows layer cleanup
* Use DeactivateLayer to unlock layers that we cannot rename ([#5422](https://github.com/containerd/containerd/pull/5422))
* Small typo fix "reimporst"
* Use DeactivateLayer to recover layers that we cannot rename
* tests: Symlink volume tests ([#5284](https://github.com/containerd/containerd/pull/5284))
* tests: Symlink volume tests
* Makefile: fix DESTDIR environment variable behaviour ([#5535](https://github.com/containerd/containerd/pull/5535))
* Makefile: fix DESTDIR environment variable behaviour
* Change Wrapf of non-error to an actual error ([#5560](https://github.com/containerd/containerd/pull/5560))
* Change Wrapf of non-error to an actual error
* Install apparmor parser for arm64 environment
* scrub the stale TODO ([#5536](https://github.com/containerd/containerd/pull/5536))
* scrub the stale TODO
* docs: explicitly mention containerd's Prometheus path ([#5554](https://github.com/containerd/containerd/pull/5554))
* docs: explicitly mention containerd's Prometheus path
* integration: Cleanup containerd on test teardown ([#5553](https://github.com/containerd/containerd/pull/5553))
* integration: Cleanup containerd on test teardown
* docs/cri: update links ([#5548](https://github.com/containerd/containerd/pull/5548))
* docs/cri: update ocicrypt link
* docs/cri: fix broken links
* Update Windows periodic tests ([#5544](https://github.com/containerd/containerd/pull/5544))
* Update Windows periodic tests
* Add CI periodic Windows Jobs. ([#5165](https://github.com/containerd/containerd/pull/5165))
* Schedule Windows job daily after midnight.
* Update windows-periodic.yml
* Add CI periodic Windows Jobs.
* Rename atomicWrite to writeToCompletion ([#5273](https://github.com/containerd/containerd/pull/5273))
* Rename atomicWrite to writeToCompletion
* Do not run btrfs tests if btrfs kernel module is not loaded ([#5539](https://github.com/containerd/containerd/pull/5539))
* Do not run btrfs tests if btrfs kernel module is not loaded
* Fix incorrect UA used for registry authentication ([#5533](https://github.com/containerd/containerd/pull/5533))
* Fix incorrect UA used for registry authentication
* ctr: parse mount options with embedded = character ([#5531](https://github.com/containerd/containerd/pull/5531))
* ctr: parse mount options with embedded = character
* Fix mounts for FreeBSD ([#5472](https://github.com/containerd/containerd/pull/5472))
* Add ruleset=4 option
* Remove mountpoints not commonly mounted on FreeBSD
* Add copyright header & make sure compilation succeeds on all platforms
* Fix mounts for FreeBSD
* ctr: make exec pty behavior consistent with run ([#5527](https://github.com/containerd/containerd/pull/5527))
* ctr: exec handle pty resize after Start
* ctr: exec setup IO with console
* Makefile: use $@ for target file names ([#5534](https://github.com/containerd/containerd/pull/5534))
* Makefile: use $@ for target file names
* Fix small typo ([#5528](https://github.com/containerd/containerd/pull/5528))
* Fix small typo
* Don't check for apparmor_parser to be present ([#5519](https://github.com/containerd/containerd/pull/5519))
* update the link
* Don't check for apparmor_parser to be present
* Remove useless lines ([#5520](https://github.com/containerd/containerd/pull/5520))
* Remove useless lines
* Fixed typos in docs ([#5509](https://github.com/containerd/containerd/pull/5509))
* fixed typos
* Try next mirror in case of non-404 errors, too ([#5275](https://github.com/containerd/containerd/pull/5275))
* Try next mirror in case of non-404 errors, too
* bump runc version to v1.0.0-rc95 ([#5514](https://github.com/containerd/containerd/pull/5514))
* bump runc version to v1.0.0-rc95
* update runc binary to v1.0.0-rc95 ([#5511](https://github.com/containerd/containerd/pull/5511))
* update runc binary to v1.0.0-rc95
* Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0 ([#5508](https://github.com/containerd/containerd/pull/5508))
* Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0
* Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1 ([#5507](https://github.com/containerd/containerd/pull/5507))
* Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
* Makefile: allow overriding install command via environment ([#5493](https://github.com/containerd/containerd/pull/5493))
* Makefile: allow overriding install command via environment
* tests: Adds support for Windows cri-integration tests ([#5163](https://github.com/containerd/containerd/pull/5163))
* tests: Adds support for Windows cri-integration tests
* Update docker resolver to authorize redirects ([#5504](https://github.com/containerd/containerd/pull/5504))
* Update docker resolver to authorize redirects
* bump hcsshim version to v0.8.17 ([#5505](https://github.com/containerd/containerd/pull/5505))
* bump hcsshim version to v0.8.17
* Release binary update for imgcrypt ([#5498](https://github.com/containerd/containerd/pull/5498))
* just release ctd-decoder not ctr-enc
* Merge remote-tracking branch 'upstream/master'
* Pin integration test image for alpine
* cri-integration tests: Pull images once ([#5313](https://github.com/containerd/containerd/pull/5313))
* tests: Prepull images used in tests
* plugin: optimize the check for the last registration ([#5440](https://github.com/containerd/containerd/pull/5440))
* plugin: optimize the check for the last registration
* metadata: modify NewLeaseManager to return leases.Manager ([#5465](https://github.com/containerd/containerd/pull/5465))
* metadata: modify NewLeaseManager to return leases.Manager
* Skip TLS verification for localhost ([#5100](https://github.com/containerd/containerd/pull/5100))
* Skip TLS verification for localhost
* Merge remote-tracking branch 'upstream/master'
* Makefile: make sure manpages are built before install-man ([#5492](https://github.com/containerd/containerd/pull/5492))
* Makefile: make sure manpages are built before install-man
* adds description for hosts.toml ([#5309](https://github.com/containerd/containerd/pull/5309))
* adds credentials description
* adds description for hosts.toml
* Prepare default branch rename ([#5459](https://github.com/containerd/containerd/pull/5459))
* Prepare default branch rename
* Merge remote-tracking branch 'upstream/master'
* Update runc to rc94 ([#5473](https://github.com/containerd/containerd/pull/5473))
* Update vendored runc to v1.0.0.0-rc94
* Update the runc binary used with containerd to runc v1.0.0-rc94
* Fix `content.ReaderAt` close ([#5468](https://github.com/containerd/containerd/pull/5468))
* Fix content.ReaderAt close
* Update releases doc with updated support timeline ([#5466](https://github.com/containerd/containerd/pull/5466))
* Update releases doc with updated support timeline
* tests: add test for adaptor ([#5452](https://github.com/containerd/containerd/pull/5452))
* tests: add test for adaptor
* Makefile: allow overriding go command by environment ([#5450](https://github.com/containerd/containerd/pull/5450))
* Makefile: allow overriding go command by environment
* update to new cri-tools make install ([#5462](https://github.com/containerd/containerd/pull/5462))
* update to new cri-tools make install
* Update Go to 1.16.4 ([#5461](https://github.com/containerd/containerd/pull/5461))
* Update Go to 1.16.4
* Merge remote-tracking branch 'upstream/release/1.5'
* [release/1.5] go.mod: cut circular dependency on github.com/containerd/containerd ([#5457](https://github.com/containerd/containerd/pull/5457))
* go.mod: cut circular dependency on github.com/containerd/containerd
* integration/client: go mod tidy
* oci: fix WithDevShmSize ([#5063](https://github.com/containerd/containerd/pull/5063))
* oci: fix WithDevShmSize
* [release/1.5] cherry-pick: windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink ([#5454](https://github.com/containerd/containerd/pull/5454))
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink ([#5411](https://github.com/containerd/containerd/pull/5411))
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
* doc: add missing namespaces package ([#5448](https://github.com/containerd/containerd/pull/5448))
* doc: add missing namespaces package
* update seccomp version ([#5445](https://github.com/containerd/containerd/pull/5445))
* update seccomp version
* Update golang.org/x/sys to add linux/ppc support ([#5436](https://github.com/containerd/containerd/pull/5436))
* Update golang.org/x/sys to add linux/ppc support
* go.mod: cut circular dependency on github.com/containerd/containerd ([#5441](https://github.com/containerd/containerd/pull/5441))
* go.mod: cut circular dependency on github.com/containerd/containerd
* integration/client: go mod tidy
* Fix different registry hosts referencing the same auth config. ([#5446](https://github.com/containerd/containerd/pull/5446))
* Fix different registry hosts referencing the same auth config.
</p>
</details>
### Changes from containerd/cgroups
<details><summary>33 commits</summary>
<p>
* v2: Fix inotify fd leak when cgroup is deleted ([#212](https://github.com/containerd/cgroups/pull/212))
* v2: add test case for Manager.EventChan() behavior
* v2: flip error handling for readKVStat("memory.events") to reduce indentation
* v2: manager: factor out memory.events parsing
* v2: Fix inotify leak when cgroup is deleted
* fix Implicit memory aliasing in for loop ([#214](https://github.com/containerd/cgroups/pull/214))
* fix Implicit memory aliasing in for loop
* Fix potential dirfd leak. ([#210](https://github.com/containerd/cgroups/pull/210))
* Fix potential dirfd leak.
* cgroup: Optionally add process and task to a subsystems subset ([#203](https://github.com/containerd/cgroups/pull/203))
* cgroup: Optionally add process and task to a subsystems subset
* replace pkg/errors from vendor ([#208](https://github.com/containerd/cgroups/pull/208))
* replace pkg/errors from vendor
* cgroup.go: avoid panic on nil interface ([#207](https://github.com/containerd/cgroups/pull/207))
* cgroup.go: avoid panic on nil interface
* Improvements on cgroup v2 support ([#204](https://github.com/containerd/cgroups/pull/204))
* cgroupv2: reset lastErr to nil when subtree control is successfully written
* cgroupv2: enable controllers before setting resources in NewChild()
* v2: remove unimplemented errors and ErrorHandler, IgnoreNotExist ([#201](https://github.com/containerd/cgroups/pull/201))
* v2: remove ErrorHandler and IgnoreNotExist as they are not implemented
* v2: remove errors that are never returned
* v1: reduce duplicated code ([#202](https://github.com/containerd/cgroups/pull/202))
* v1: reduce duplicated code
* cgroup v1: implement AddProc() ([#200](https://github.com/containerd/cgroups/pull/200))
* cgroup v1: implement AddProc()
* Rename branch from master to main ([#199](https://github.com/containerd/cgroups/pull/199))
* Rename branch from master to main
* utils: export ParseCgroupFile() ([#197](https://github.com/containerd/cgroups/pull/197))
* utils: export ParseCgroupFile()
* go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations ([#194](https://github.com/containerd/cgroups/pull/194))
* go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations
* Use /proc/partitions to get device names ([#195](https://github.com/containerd/cgroups/pull/195))
* Use /proc/partitions to get device names
</p>
</details>
### Changes from containerd/console
<details><summary>6 commits</summary>
<p>
* Fix CI ([#55](https://github.com/containerd/console/pull/55))
* Fix CI
* Stop using pkg/errors
* Add support for z/OS ([#46](https://github.com/containerd/console/pull/46))
* Console test on z/OS
* Add support for z/OS
</p>
</details>
### Changes from containerd/continuity
<details><summary>28 commits</summary>
<p>
* fs: use syscall.Timespec.Unix ([#193](https://github.com/containerd/continuity/pull/193))
* fs: use syscall.Timespec.Unix
* Update CI Go version to 1.17 ([#192](https://github.com/containerd/continuity/pull/192))
* Update CI Go version to 1.17
* Build containerd/continuity on multiple Unix OSes ([#190](https://github.com/containerd/continuity/pull/190))
* Build containerd/continuity on multiple Unix OSes
* Do not log errors before returning them ([#191](https://github.com/containerd/continuity/pull/191))
* Do not log errors before returning them
* Copy Windows file metadata ([#188](https://github.com/containerd/continuity/pull/188))
* Copy Windows file metadata
* fix fmt.Errorf("%w", err) on err == nil ([#187](https://github.com/containerd/continuity/pull/187))
* fix fmt.Errorf("%w", err) on err == nil
* Remove direct dependency on github.com/pkg/errors ([#185](https://github.com/containerd/continuity/pull/185))
* run gofmt with Go 1.17
* remove direct dependency on github.com/pkg/errors
* Fix darwin issues ([#186](https://github.com/containerd/continuity/pull/186))
* update AUTHORS
* darwin: use utimensat syscall instead of utimes
* fix darwin usage of du command
* go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125 ([#161](https://github.com/containerd/continuity/pull/161))
* go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125
* fs/stat: add FreeBSD, and cleanup some nolint-comments ([#184](https://github.com/containerd/continuity/pull/184))
* reformat nolint comments
* fs/stat: add FreeBSD
* Rename branch from master to main ([#182](https://github.com/containerd/continuity/pull/182))
* Rename branch from master to main
* testutil/loopback: print more debug info ([#180](https://github.com/containerd/continuity/pull/180))
* testutil/loopback: print more debug info
</p>
</details>
### Changes from containerd/go-cni
<details><summary>24 commits</summary>
<p>
* init exec when create CNIConfig ([#83](https://github.com/containerd/go-cni/pull/83))
* init exec when create CNIConfig
* cni: fix data-race on lazy init by ensureExec(). ([#82](https://github.com/containerd/go-cni/pull/82))
* cni: fix data-race on lazy init by ensureExec().
* Implement CNI CHECK command ([#80](https://github.com/containerd/go-cni/pull/80))
* Implement CNI CHECK command
* run setup on networks in parallel ([#76](https://github.com/containerd/go-cni/pull/76))
* switch to direct index
* run setup on networks in parallel
* remove: Continue on "not found" errors ([#74](https://github.com/containerd/go-cni/pull/74))
* remove: Continue on "not found" errors
* go.mod: github.com/containernetworking/cni v1.0.1 ([#72](https://github.com/containerd/go-cni/pull/72))
* go.mod: github.com/containernetworking/cni v1.0.1
* remove direct dependency on github.com/pkg/errors ([#71](https://github.com/containerd/go-cni/pull/71))
* remove direct dependency on github.com/pkg/errors
* update CNI to v1.0.0 ([#70](https://github.com/containerd/go-cni/pull/70))
* test: add TestLibCNIType100
* update CNI to v1.0.0
* Rename branch from master to main ([#69](https://github.com/containerd/go-cni/pull/69))
* Rename branch from master to main
* result: change Raw from a struct field to a method ([#68](https://github.com/containerd/go-cni/pull/68))
* result: change Raw from a struct field to a method
* result: expose raw result ([#67](https://github.com/containerd/go-cni/pull/67))
* result: expose raw result
</p>
</details>
### Changes from containerd/imgcrypt
<details><summary>32 commits</summary>
<p>
* CHANGES: Updated CHANGES document for 1.1.3 release ([#64](https://github.com/containerd/imgcrypt/pull/64))
* CHANGES: Updated CHANGES document for 1.1.3 release
* docs: update project branch to main ([#63](https://github.com/containerd/imgcrypt/pull/63))
* docs: update project branch to main
* Update linter to match containerd repo ([#61](https://github.com/containerd/imgcrypt/pull/61))
* Update linter to match containerd repo
* update CI golang version
* Bump github.com/containerd/containerd from 1.5.7 to 1.5.8 ([#59](https://github.com/containerd/imgcrypt/pull/59))
* Bump github.com/containerd/containerd from 1.5.7 to 1.5.8
* maint: Update to ocicrypt v1.1.2 ([#57](https://github.com/containerd/imgcrypt/pull/57))
* maint: Update to ocicrypt v1.1.2
* Decouple CreateCryptoConfig() from github.com/urfave/cli ([#56](https://github.com/containerd/imgcrypt/pull/56))
* Decouple CreateCryptoConfig() from github.com/urfave/cli
* Bump github.com/containerd/containerd from 1.5.5 to 1.5.7 ([#55](https://github.com/containerd/imgcrypt/pull/55))
* Bump github.com/containerd/containerd from 1.5.5 to 1.5.7
* replace pkg/errors and bump related library
* README: Fix CRI decryption document URL ([#53](https://github.com/containerd/imgcrypt/pull/53))
* README: Fix CRI decryption document URL
* Bump github.com/containerd/containerd from 1.5.2 to 1.5.4 ([#52](https://github.com/containerd/imgcrypt/pull/52))
* Bump github.com/containerd/containerd from 1.5.2 to 1.5.4
* Bump containerd to 1.5.2 ([#51](https://github.com/containerd/imgcrypt/pull/51))
* Bump containerd to 1.5.2
* images: Implement ConvertFunc for image en- and decryption ([#49](https://github.com/containerd/imgcrypt/pull/49))
* images: Implement ConvertFunc for image en- and decryption
* Add containerd-release to makefile ([#48](https://github.com/containerd/imgcrypt/pull/48))
* Remove ctr-enc from installation
* vendor sync up with containerd 1.5 ga, and runc94 ([#47](https://github.com/containerd/imgcrypt/pull/47))
* sync up with containerd 1.5 ga, and runc94
* Sync ctr-enc with containerd's ctr v1.5.0-rc.3 ([#46](https://github.com/containerd/imgcrypt/pull/46))
* CICD: Run 'apt update' before pulling packages
* ctr-enc: Set the version for ctr-enc when linking
* Sync ctr-enc with containerd's ctr v1.5.0-rc.3
</p>
</details>
### Changes from containerd/ttrpc
<details><summary>34 commits</summary>
<p>
* Add protoc-gen-go-ttrpc ([#96](https://github.com/containerd/ttrpc/pull/96))
* Add protoc-gen-go-ttrpc
* client: Handle sending/receiving in separate goroutines ([#94](https://github.com/containerd/ttrpc/pull/94))
* client: Handle sending/receiving in separate goroutines
* Run Protobuild in GitHub Actions ([#95](https://github.com/containerd/ttrpc/pull/95))
* Run Protobuild in GitHub Actions
* Re-generate example.pb.go
* replace pkg/errors ([#93](https://github.com/containerd/ttrpc/pull/93))
* replace pkg/errors from vendor
* Rename branch from master to main ([#86](https://github.com/containerd/ttrpc/pull/86))
* Rename branch from master to main
* Make "go test" and "go build" work on macOS ([#85](https://github.com/containerd/ttrpc/pull/85))
* Make the example command buildable on macOS
* Run GitHub Actions on macOS
* Make "go test" work on macOS
* Return Unimplemented when services or methods are not implemented ([#83](https://github.com/containerd/ttrpc/pull/83))
* Return Unimplemented when services or methods are not implemented
* Remove "Very new" and checked TODO items ([#84](https://github.com/containerd/ttrpc/pull/84))
* Remove "Very new" and checked TODO items
* removing glide from ignore ([#82](https://github.com/containerd/ttrpc/pull/82))
* removing glide from ignore
* go.mod: update dependencies ([#79](https://github.com/containerd/ttrpc/pull/79))
* go.mod: github.com/prometheus/procfs v0.6.0
* go.mod: google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
* go.mod: google.golang.org/grpc v1.27.1
* go.mod: github.com/gogo/protobuf v1.3.2
* remove travis, add codecov badge ([#78](https://github.com/containerd/ttrpc/pull/78))
* CI: add codecov badge to readme
* CI: remove travis
* Use GitHub Actions for CI ([#77](https://github.com/containerd/ttrpc/pull/77))
* Use GitHub Actions for CI
* go.mod: sirupsen/logrus v1.7.0 ([#76](https://github.com/containerd/ttrpc/pull/76))
* go.mod: sirupsen/logrus v1.7.0
* go mod tidy
</p>
</details>
### Dependency Changes
* **cloud.google.com/go** v0.81.0 **_new_**
* **github.com/AdaLogics/go-fuzz-headers** 6c3934b029d8 **_new_**
* **github.com/Microsoft/go-winio** v0.4.17 -> v0.5.1
* **github.com/Microsoft/hcsshim** v0.8.16 -> v0.9.2
* **github.com/blang/semver** v3.5.1 **_new_**
* **github.com/cenkalti/backoff/v4** v4.1.2 **_new_**
* **github.com/cespare/xxhash/v2** v2.1.1 -> v2.1.2
* **github.com/cilium/ebpf** v0.4.0 -> v0.7.0
* **github.com/containerd/cgroups** v1.0.1 -> v1.0.3
* **github.com/containerd/console** v1.0.2 -> v1.0.3
* **github.com/containerd/continuity** v0.1.0 -> v0.2.2
* **github.com/containerd/go-cni** v1.0.2 -> v1.1.3
* **github.com/containerd/imgcrypt** v1.1.1 -> v1.1.3
* **github.com/containerd/ttrpc** v1.0.2 -> v1.1.0
* **github.com/containernetworking/cni** v0.8.1 -> v1.0.1
* **github.com/containernetworking/plugins** v0.9.1 -> v1.0.1
* **github.com/containers/ocicrypt** v1.1.1 -> v1.1.2
* **github.com/coreos/go-systemd/v22** v22.1.0 -> v22.3.2
* **github.com/go-logr/logr** v0.2.0 -> v1.2.2
* **github.com/go-logr/stdr** v1.2.2 **_new_**
* **github.com/godbus/dbus/v5** v5.0.3 -> v5.0.6
* **github.com/golang/groupcache** 8c9f03a8e57e -> 41bb18bfe9da
* **github.com/golang/protobuf** v1.3.5 -> v1.5.2
* **github.com/google/go-cmp** v0.5.4 -> v0.5.6
* **github.com/google/gofuzz** v1.1.0 -> v1.2.0
* **github.com/grpc-ecosystem/go-grpc-middleware** v1.3.0 **_new_**
* **github.com/grpc-ecosystem/grpc-gateway** v1.16.0 **_new_**
* **github.com/hashicorp/errwrap** v1.0.0 -> v1.1.0
* **github.com/hashicorp/go-multierror** v1.0.0 -> v1.1.1
* **github.com/imdario/mergo** v0.3.11 -> v0.3.12
* **github.com/intel/goresctrl** v0.2.0 **_new_**
* **github.com/json-iterator/go** v1.1.10 -> v1.1.12
* **github.com/moby/spdystream** v0.2.0 **_new_**
* **github.com/moby/sys/mountinfo** v0.4.1 -> v0.5.0
* **github.com/moby/sys/signal** v0.6.0 **_new_**
* **github.com/moby/sys/symlink** v0.1.0 -> v0.2.0
* **github.com/modern-go/reflect2** v1.0.1 -> v1.0.2
* **github.com/opencontainers/image-spec** v1.0.1 -> 693428a734f5
* **github.com/opencontainers/runc** v1.0.0-rc93 -> v1.1.0
* **github.com/opencontainers/runtime-spec** e6143ca7d51d -> 1c3f411f0417
* **github.com/opencontainers/selinux** v1.8.0 -> v1.10.0
* **github.com/pelletier/go-toml** v1.8.1 -> v1.9.3
* **github.com/prometheus/client_golang** v1.7.1 -> v1.11.0
* **github.com/prometheus/common** v0.10.0 -> v0.30.0
* **github.com/prometheus/procfs** v0.6.0 -> v0.7.3
* **github.com/satori/go.uuid** v1.2.0 **_new_**
* **github.com/sirupsen/logrus** v1.7.0 -> v1.8.1
* **github.com/spf13/pflag** v1.0.5 **_new_**
* **github.com/stretchr/testify** v1.6.1 -> v1.7.0
* **github.com/vishvananda/netlink** f5de75959ad5 **_new_**
* **github.com/vishvananda/netns** 2eb08e3e575f **_new_**
* **go.etcd.io/bbolt** v1.3.5 -> v1.3.6
* **go.opencensus.io** v0.22.3 -> v0.23.0
* **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.28.0 **_new_**
* **go.opentelemetry.io/otel** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/internal/retry** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/sdk** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/trace** v1.3.0 **_new_**
* **go.opentelemetry.io/proto/otlp** v0.11.0 **_new_**
* **golang.org/x/crypto** 0c34fe9e7dc2 -> 32db794688a5
* **golang.org/x/net** e18ecbb05110 -> fe4d6282115f
* **golang.org/x/oauth2** bf48bf16ab8d -> 2bc19b11175f
* **golang.org/x/sync** 09787c993a3a -> 036812b2e83c
* **golang.org/x/sys** 47abb6519492 -> 1d35b9e2eb4e
* **golang.org/x/term** 7de9c90e9dd1 -> 6886f2dfbf5b
* **golang.org/x/text** v0.3.4 -> v0.3.7
* **golang.org/x/time** 3af7569d3a1e -> 1f47c861a9ac
* **google.golang.org/appengine** v1.6.5 -> v1.6.7
* **google.golang.org/grpc** v1.27.1 -> v1.43.0
* **google.golang.org/protobuf** v1.27.1 **_new_**
* **gopkg.in/yaml.v3** 9f266ea9e77c -> 496545a6307b
* **k8s.io/api** v0.20.6 -> v0.22.5
* **k8s.io/apimachinery** v0.20.6 -> v0.22.5
* **k8s.io/apiserver** v0.20.6 -> v0.22.5
* **k8s.io/client-go** v0.20.6 -> v0.22.5
* **k8s.io/component-base** v0.20.6 -> v0.22.5
* **k8s.io/cri-api** v0.20.6 -> v0.23.1
* **k8s.io/klog/v2** v2.4.0 -> v2.30.0
* **k8s.io/utils** 67b214c5f920 -> cb0fa318a74b
* **sigs.k8s.io/structured-merge-diff/v4** v4.0.3 -> v4.1.2
Previous release can be found at [v1.5.0](https://github.com/containerd/containerd/releases/tag/v1.5.0)
containerd 1.6.0-rc.4
Welcome to the v1.6.0-rc.4 release of containerd!
*This is a pre-release of containerd*
The seventh major release of containerd includes many improvements and added
support to increase overall compatibility and stability.
### Highlights
#### Runtime
* **Add runtime label to metrics** ([#5744](https://github.com/containerd/containerd/pull/5744))
* **Cleanup task delete logic in v2 shim** ([#5813](https://github.com/containerd/containerd/pull/5813))
* **Add support for shim plugins** ([#5817](https://github.com/containerd/containerd/pull/5817))
* **Handle sigint and sigterm in shimv2** ([#5828](https://github.com/containerd/containerd/pull/5828))
* **Decouple shim and task manager** ([#5918](https://github.com/containerd/containerd/pull/5918))
* **Add runc shim support for core scheduling** ([#6011](https://github.com/containerd/containerd/pull/6011))
* **Update shim client connect attempt to fail fast when shim errors** ([#6031](https://github.com/containerd/containerd/pull/6031))
* **Add support for absolute path to shim binaries** ([#6206](https://github.com/containerd/containerd/pull/6206))
* **Update runc to v1.1.0** ([#6375](https://github.com/containerd/containerd/pull/6375))
#### Windows
* **Add support for Windows HostProcess containers** ([#5131](https://github.com/containerd/containerd/pull/5131))
* **Add support for Windows resource limits** ([#5778](https://github.com/containerd/containerd/pull/5778))
#### CRI
* **Add CNI configuration based on runtime class** ([#4695](https://github.com/containerd/containerd/pull/4695))
* **Add support for Intel RDT** ([#5439](https://github.com/containerd/containerd/pull/5439))
* **Add support for CRI v1 and v1alpha in parallel** ([#5619](https://github.com/containerd/containerd/pull/5619))
* **Add support for unified resources field for cgroups v2** ([#5627](https://github.com/containerd/containerd/pull/5627))
* **Add IP preference configuration for reporting pod IP** ([#5964](https://github.com/containerd/containerd/pull/5964))
* **Implement new CRI pod sandbox stats API** ([#6113](https://github.com/containerd/containerd/pull/6113))
* **Add sandbox and container latency metrics** ([#6111](https://github.com/containerd/containerd/pull/6111))
* **Add namespace to ttrpc and grpc plugin connections** ([#6130](https://github.com/containerd/containerd/pull/6130))
* **Add option to allow ping sockets and privileged ports with no capabilities** ([#6170](https://github.com/containerd/containerd/pull/6170))
* **Add support for configuring swap** ([#6320](https://github.com/containerd/containerd/pull/6320))
#### Other
* **Add support for client TLS Auth for grpc** ([#5606](https://github.com/containerd/containerd/pull/5606))
* **Add xfs support for devicemapper snapshotter** ([#5610](https://github.com/containerd/containerd/pull/5610))
* **Add metric exposing build version and revision** ([#5965](https://github.com/containerd/containerd/pull/5965))
* **Add support for custom fs options in devmapper snapshotter** ([#6122](https://github.com/containerd/containerd/pull/6122))
* **Update introspection service to show GRPC plugins** ([#6432](https://github.com/containerd/containerd/pull/6432))
#### Client
* **Allow WithServices to use custom implementations** ([#5709](https://github.com/containerd/containerd/pull/5709))
* **Support custom compressor for walking differ** ([#5735](https://github.com/containerd/containerd/pull/5735))
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
### Contributors
* Derek McGowan
* Phil Estes
* Akihiro Suda
* Wei Fu
* Maksym Pavlenko
* Sebastiaan van Stijn
* Michael Crosby
* Kazuyoshi Kato
* Mike Brown
* Claudiu Belu
* Daniel Canter
* haoyun
* Brian Goff
* Gabriel Adrian Samfira
* Stefan Berger
* zounengren
* AdamKorcz
* Adelina Tuvenie
* Kohei Tokunaga
* Davanum Srinivas
* Nashwan Azhari
* Samuel Karp
* Shiming Zhang
* Markus Lehtonen
* Enrico Weigelt, metux IT consult
* Alakesh Haloi
* Hajime Tazaki
* Iceber Gu
* Kevin Parsons
* Aditi Sharma
* Jeremi Piotrowski
* David Porter
* Gijs Peskens
* ningmingxiao
* Brandon Lum
* Cody Roseborough
* Danielle Lancashire
* Eric Ernst
* Jacob MacElroy
* Tõnis Tiigi
* dependabot[bot]
* wanglei
* Alexandre Peixoto Ferreira
* Fabiano Fidêncio
* Furkan Türkal
* Jiaming Xu
* Kir Kolyshkin
* Miao Wang
* Neil Johnson
* Paul "TBBle" Hampson
* Priyanka Saggu
* Romain Aviolat
* Samuel Ortiz
* Sunghoon Kang
* Takumasa Sakao
* Tobias Klauser
* Zhiyu Li
* ye.sijun
* Alexander Minbaev
* Alexey Ivanov
* Andrey Smirnov
* Artem Khramov
* Aurelien Lun-Sin
* Ben Hutchings
* Cory Bennett
* Da McGrady
* Dan Williams
* Eng Zer Jun
* Ethan Chen
* Fupan Li
* Gaurav Gahlot
* Gunju Kim
* Henry Wang
* Jacob Blain Christen
* James Gordon
* James Sturtevant
* Jan Klippel
* Jayme Howard
* Jiajun Jiang
* Jintao Zhang
* Justin Terry
* Kaijie Chen
* Kante
* Kern Walster
* Kitt Hsu
* Lantao Liu
* Ma Xinjian
* Manabu Sugimoto
* Manuel Alejandro de Brito Fontes
* Mark Rossetti
* Markus Lippert
* Mikko Ylinen
* Ng Yang
* Nicolas Chariglione
* Ning Li
* Olli Janatuinen
* Peri Thompson
* Quan Tian
* Radostin Stoyanov
* Rui Lopes
* Sambhav Kothari
* Sebastian Hasler
* Sergey Kanzhelev
* Sören Tempel
* Yang Yang
* Yifan Yuan
* Zilong Wang
* Zufar Dhiyaulhaq
* botieking98
* chenxiaoyu
* jayonlau
* jerryzhuang
* linrunlong
* scuzhanglei
* wangzhan
* Étienne Guesnet
### Changes
<details><summary>1044 commits</summary>
<p>
* Prepare release notes for v1.6.0-rc.4 ([#6537](https://github.com/containerd/containerd/pull/6537))
* Prepare release notes for v1.6.0-rc.4
* Change file name for shim binary path ([#6536](https://github.com/containerd/containerd/pull/6536))
* Change file name for shim binary path
* containerd-stress: introduce option for specifying image ([#6532](https://github.com/containerd/containerd/pull/6532))
* containerd-stress: introduce option for specifying image
* Prepare release notes for v1.6.0-rc.3 ([#6524](https://github.com/containerd/containerd/pull/6524))
* Prepare release notes for v1.6.0-rc.3
* Use white logo in github dark mode ([#6529](https://github.com/containerd/containerd/pull/6529))
* Use white logo in github dark mode
* cri: fix handling of ignore_rdt_not_enabled_errors config option ([#6514](https://github.com/containerd/containerd/pull/6514))
* cri: fix handling of ignore_rdt_not_enabled_errors config option
* pkg/oom/v2: handle EventChan routine shutdown quietly ([#6504](https://github.com/containerd/containerd/pull/6504))
* pkg/oom/v2: handle EventChan routine shutdown quietly
* fix: .dockerignore make git working tree dirty ([#6523](https://github.com/containerd/containerd/pull/6523))
* fix: .dockerignore makes git working tree dirty
* containerd-stress: start task ctr before starting execs ([#6518](https://github.com/containerd/containerd/pull/6518))
* containerd-stress: start task ctr before starting execs
* Document fs_type and fs_options in snapshots/devmapper/README.md ([#6501](https://github.com/containerd/containerd/pull/6501))
* Document fs_type and fs_options in snapshots/devmapper/README.md
* docs: add Talos Linux to the list of adopters ([#6510](https://github.com/containerd/containerd/pull/6510))
* docs: add Talos Linux to the list of adopters
* Prepare 1.6.0-rc.2 ([#6502](https://github.com/containerd/containerd/pull/6502))
* Prepare release notes for v1.6.0-rc.2
* Update releases document
* platforms.Normalize(): do not reset OSVersion and OSFeatures ([#6497](https://github.com/containerd/containerd/pull/6497))
* platforms.Normalize(): do not reset OSVersion and OSFeatures
* tracing: use OTLP/HTTP in addition to OTLP/gRPC ([#6457](https://github.com/containerd/containerd/pull/6457))
* tracing: return (ctx, span) from StartSpan
* tracing: support OTLP/HTTP in addition to gRPC
* Update cgroups to v1.0.3 ([#6498](https://github.com/containerd/containerd/pull/6498))
* Update cgroups to v1.0.3
* seccomp: kernel 5.11 -> 5.16 ([#6494](https://github.com/containerd/containerd/pull/6494))
* seccomp: kernel 5.16 (futex_waitv)
* seccomp: kernel 5.15 (process_mrelease)
* seccomp: kernel 5.14 (quotactl_fd, memfd_secret)
* seccomp: kernel 5.13 (landlock_{add_rule,create_ruleset,restrict_self})
* seccomp: kernel 5.12 (mount_setattr)
* remotes: fix dockerPusher to handle abort correctly ([#6243](https://github.com/containerd/containerd/pull/6243))
* remotes: fix dockerPusher to handle abort correctly
* seccomp: add support for "swapcontext" syscall in default policy ([#6411](https://github.com/containerd/containerd/pull/6411))
* seccomp: add support for "swapcontext" syscall in default policy
* oci: use readonly mount to read user/group info ([#6478](https://github.com/containerd/containerd/pull/6478))
* oci: use readonly mount to read user/group info
* Fix possibly incorrect media type default on import ([#6475](https://github.com/containerd/containerd/pull/6475))
* Fix possibly incorrect media type default on import
* shimv2: handle sigint/sigterm ([#5828](https://github.com/containerd/containerd/pull/5828))
* shimv2: handle sigint/sigterm
* Fix acr fetch token 400 ([#6481](https://github.com/containerd/containerd/pull/6481))
* fix acr fetch token 400
* platforms: add support for matching amd64 variants ([#6455](https://github.com/containerd/containerd/pull/6455))
* platforms: add support for matching amd64 variants
* Fix windows periodic workflow ([#6476](https://github.com/containerd/containerd/pull/6476))
* Fix windows periodic workflow
* docs: add doc-comments on GC-related methods ([#6473](https://github.com/containerd/containerd/pull/6473))
* docs: add doc-comments on GC-related methods
* fix: should not send 137 code event if cmd is notfound ([#6465](https://github.com/containerd/containerd/pull/6465))
* fix: should not send 137 code event if cmd is notfound
* Fix empty scopes return ([#6463](https://github.com/containerd/containerd/pull/6463))
* fix empty scopes return
* Prepare release notes for v1.6.0-rc.1 ([#6462](https://github.com/containerd/containerd/pull/6462))
* Prepare release notes for v1.6.0-rc.1
* Add support for skipping non-dist blob push ([#6424](https://github.com/containerd/containerd/pull/6424))
* ctr: flag to toggle non-distributable blob push
* Add image handler to skip non-distributable blobs.
* Compile binaries for go1.16 and go1.17 in CI ([#6461](https://github.com/containerd/containerd/pull/6461))
* Compile binaries for go1.16 and go1.17 in CI
* services/introspection: fix plugin caching to show grpc plugins ([#6432](https://github.com/containerd/containerd/pull/6432))
* Update caching logic to avoid map access
* services/introspection: support to show introspection grpc service
* Integration: Change to Windows Server 2022 build number constant ([#6458](https://github.com/containerd/containerd/pull/6458))
* Integration: Change to Windows Server 2022 build number constant
* Update kubernetes vendor to 0.22.5 ([#6460](https://github.com/containerd/containerd/pull/6460))
* Update kubernetes vendor to 0.22.5
* Fix rdt build tags for go 1.16 ([#6459](https://github.com/containerd/containerd/pull/6459))
* Fix rdt build tags for go 1.16
* Remove submodule go mod ([#6439](https://github.com/containerd/containerd/pull/6439))
* Remove api go submodule
* Update makefile to remove API submodule
* go.mod: Update hcsshim to v0.9.2 ([#6453](https://github.com/containerd/containerd/pull/6453))
* go.mod: Update hcsshim to v0.9.2
* update runc to v1.1.0 ([#6375](https://github.com/containerd/containerd/pull/6375))
* go.mod: github.com/opencontainers/runc v1.1.0
* update runc binary to v1.1.0
* tracing: fix OTLP tracer's initialization ([#6443](https://github.com/containerd/containerd/pull/6443))
* tracing: fix OTLP tracer's initialization
* gha: run CodeQL scan on pull requests ([#6386](https://github.com/containerd/containerd/pull/6386))
* gha: run CodeQL scan on pull requests
* Do not automatically inject client traces ([#6445](https://github.com/containerd/containerd/pull/6445))
* Do not automatically inject client traces
* [containerd-stress] delete useless code ([#6451](https://github.com/containerd/containerd/pull/6451))
* delete useless code
* Revert "Add shared content label to namespaces" ([#6440](https://github.com/containerd/containerd/pull/6440))
* Revert "Add shared content label to namespaces"
* Add ppc64 support for test images ([#6435](https://github.com/containerd/containerd/pull/6435))
* Add ppc64 support for test images
* ctr: Unify the delete subcommand alias ([#6427](https://github.com/containerd/containerd/pull/6427))
* ctr: Unify the delete subcommand alias
* Prepare release notes for v1.6.0-rc.0 ([#6431](https://github.com/containerd/containerd/pull/6431))
* Prepare release notes for v1.6.0-rc.0
* Integration: Switch to using `auth` Gcloud action in Windows workflow. ([#6397](https://github.com/containerd/containerd/pull/6397))
* Integration: Switch to `upload-cloud-storage` Gcloud action.
* Integration: Switch to using `auth` Gcloud action in Windows workflow.
* remove io/ioutil ([#6426](https://github.com/containerd/containerd/pull/6426))
* remove io/ioutil
* test: e2e node COS cgroupv2 script ([#6418](https://github.com/containerd/containerd/pull/6418))
* test: e2e node COS cgroupv2 script
* Integration: Enable CRITest on Windows 2022. ([#6378](https://github.com/containerd/containerd/pull/6378))
* Enable critest tests on Windows Server 2022.
* Parametrize CRITest test images in Windows Periodic workflow.
* Update error message for apparmor parser ([#6415](https://github.com/containerd/containerd/pull/6415))
* Update error message for apparmor parser
* Fix wrong log message ([#6419](https://github.com/containerd/containerd/pull/6419))
* Fix wrong log message
* Followup errors change ([#6414](https://github.com/containerd/containerd/pull/6414))
* Fix incorrect error wrapped when closing ingest file
* Fix seek error used without nil check
* Fix followup items from errors replacement
* Updates CRI API & Kubernetes to 1.23 ([#6351](https://github.com/containerd/containerd/pull/6351))
* Update k/k to 1.23.0
* Updating adoption of containerd for AKS ([#6416](https://github.com/containerd/containerd/pull/6416))
* Updating adoption of containerd for AKS
* update the adoption status of containerd in GKE ([#6413](https://github.com/containerd/containerd/pull/6413))
* update the adoption status of containerd in GKE
* go.mod: update github.com/containerd/{continuity,go-cni,imgcrypt} ([#6410](https://github.com/containerd/containerd/pull/6410))
* go.mod: update github.com/containerd/{continuity,go-cni,imgcrypt}
* replace github.com/pkg/errors with native errors ([#6366](https://github.com/containerd/containerd/pull/6366))
* feat: replace github.com/pkg/errors to errors
* corrected link in cri architecture documentation ([#6412](https://github.com/containerd/containerd/pull/6412))
* corrected link in cri architecture documentation
* remotes/docker: allow fetching "refresh token" (aka "identity token", "offline token") ([#6396](https://github.com/containerd/containerd/pull/6396))
* remotes/docker: allow fetching "refresh token" (aka "identity token")
* remotes/docker/config: allow setting custom AuthorizerOpts
* Prepare release notes for v1.6.0-beta.5 ([#6407](https://github.com/containerd/containerd/pull/6407))
* Prepare release notes for v1.6.0-beta.5
* Integration: Check GCP secrets on Windows CI artifact upload. ([#6292](https://github.com/containerd/containerd/pull/6292))
* Integration: Check GCP secrets on Windows CI artifact upload.
* Github Security Advisory [GHSA-mvff-h3cj-wj9c](https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c)
* only relabel cri managed host mounts
* Add support for Intel RDT ([#5439](https://github.com/containerd/containerd/pull/5439))
* cri: add ignore_rdt_not_enabled_errors config option
* Update dependencies
* cri: annotations for controlling RDT class
* tasks: add Linux rdt support
* cmd: add --rdt-class command line option
* oci: implement WithRdt
* fix: use _ for consistency ([#6391](https://github.com/containerd/containerd/pull/6391))
* fix: use _ for consistency
* content/local: use syscall.Timespec.Unix ([#6403](https://github.com/containerd/containerd/pull/6403))
* content/local: use syscall.Timespec.Unix
* docs: improve plugin documentation ([#6207](https://github.com/containerd/containerd/pull/6207))
* docs: document the runtime shim plugin config options
* docs: use proper markdown lists in containerd-config.toml.5.md
* fix(ctr): enable networking for Windows containers ([#6304](https://github.com/containerd/containerd/pull/6304))
* fix(ctr): enable networking for Windows containers
* Fix $(PWD) issue for Windows makefile ([#6394](https://github.com/containerd/containerd/pull/6394))
* Fix $(PWD) issue for Windows makefile
* only test abstract uds on linux ([#6395](https://github.com/containerd/containerd/pull/6395))
* fix: only test abstract unix socket on linux
* Fix restart container test ([#6390](https://github.com/containerd/containerd/pull/6390))
* Expect ErrorNotFound on Windows after Kill()
* Replace tskill with taskkill
* fix when kernel version < 4.13rc1 by using index=off cause test error ([#6291](https://github.com/containerd/containerd/pull/6291))
* fix when kernel version < 4.13rc1 by using index=off cause overlay test error
* Fix no-daemon flag for integration/client tests ([#6384](https://github.com/containerd/containerd/pull/6384))
* Fix no-daemon flag for integration/client tests
* Enable lazy init for ext4 with devicemapper ([#6122](https://github.com/containerd/containerd/pull/6122))
* Enable lazy init for ext4 with devicemapper
* Fix flakiness on Windows for list stats ([#6385](https://github.com/containerd/containerd/pull/6385))
* Fix flakiness on Windows for list stats
* cri-integration: Add Windows defaults and fix spaces issue ([#6347](https://github.com/containerd/containerd/pull/6347))
* cri-integration: Add Windows default paths
* Upgrade OpenTelemetry dependencies ([#6383](https://github.com/containerd/containerd/pull/6383))
* Upgrade k8s.io/klog/v2 from 2.9.0 to 2.20.0
* Use insecure.NewCredentials instead of grpc.WithInsecure
* Upgrade OpenTelemetry dependencies
* Fix default makefile target for windows ([#6322](https://github.com/containerd/containerd/pull/6322))
* Fix default makefile target for windows
* Disable TestContainerHook on Windows ([#6379](https://github.com/containerd/containerd/pull/6379))
* Disable TestContainerHook on Windows
* seutil: Fix setting the "container_kvm_t" label ([#6372](https://github.com/containerd/containerd/pull/6372))
* seutil: Fix setting the "container_kvm_t" label
* Remove Windows integration testing for 2004. ([#6350](https://github.com/containerd/containerd/pull/6350))
* Remove Windows integration testing for 2004.
* OCI: Mount (accessible) host devices in privileged rootless containers ([#6308](https://github.com/containerd/containerd/pull/6308))
* OCI: Mount (accessible) host devices in privileged rootless containers
* oci.getDevices(): move "non-dir, non '/dev/console'" case into switch
* cri: add support for configuring swap ([#6320](https://github.com/containerd/containerd/pull/6320))
* fixup: check for swap accounting
* fixup: handle diff between cgroupsv1 and v2
* cri: add support for configuring swap
* Integration: Enable TestVolumeOwnership on Windows ([#6275](https://github.com/containerd/containerd/pull/6275))
* Replace find with native Go code
* Enable TestVolumeOwnership on Windows
* Prepare release notes for v1.6.0-beta.4 ([#6296](https://github.com/containerd/containerd/pull/6296))
* Prepare release notes for v1.6.0-beta.4
* refactor: functions for error log and error return ([#6358](https://github.com/containerd/containerd/pull/6358))
* feat: Errorf usage
* Split apart runc shim into plugin components ([#6021](https://github.com/containerd/containerd/pull/6021))
* Use task plugin for runc shim
* Seperate shim manager and task service
* Split runc shim into plugin components
* Add shutdown package
* CRI update for sandbox sizing ([#6155](https://github.com/containerd/containerd/pull/6155))
* cri, sandbox: pass sandbox resource details if available, applicable
* medatada: make namespaces' deletion error less cryptic ([#6354](https://github.com/containerd/containerd/pull/6354))
* medatada: make namespaces' deletion error less cryptic
* ListContainerStats to return stats response if ContainerStatsFilter is nil ([#6373](https://github.com/containerd/containerd/pull/6373))
* add-list-stat: return container list if filter is nil
* integration: deflake TestContainerdRestart ([#6369](https://github.com/containerd/containerd/pull/6369))
* integration: deflake TestContainerdRestart
* feat: add timeout for bolt open ([#6225](https://github.com/containerd/containerd/pull/6225))
* feat: support custom timeout for blot open
* Update Go to 1.17.5 ([#6333](https://github.com/containerd/containerd/pull/6333))
* Update Go to 1.17.5
* cri/server: use consistent alias for pkg/ioutil ([#6332](https://github.com/containerd/containerd/pull/6332))
* cri/server: use consistent alias for pkg/ioutil
* Disable restart monitor test in Windows ([#6364](https://github.com/containerd/containerd/pull/6364))
* Disable restart monitor test in Windows
* Don't fail-fast on Windows integration tests ([#6338](https://github.com/containerd/containerd/pull/6338))
* Don't fail-fast on Windows integration tests
* Update restart monitor test to output daemon logs on failure ([#6355](https://github.com/containerd/containerd/pull/6355))
* Run windows parallel integration test as short
* Update restart monitor test to output daemon logs on failure
* go.mod: update image-spec to latest (v1.0.3-dev) ([#6263](https://github.com/containerd/containerd/pull/6263))
* images/converter: remove deprecated types
* go.mod: update image-spec to latest (v1.0.3-dev)
* Skip WithAdditionalGIDs on Darwin ([#6353](https://github.com/containerd/containerd/pull/6353))
* Skip WithAdditionalGIDs on Darwin
* Use RFC3339 format on Windows periodic resource group creation so cleanup works ([#6303](https://github.com/containerd/containerd/pull/6303))
* Use RFC3339 format so rg cleanup works
* update runc to v1.0.3 ([#6330](https://github.com/containerd/containerd/pull/6330))
* go.mod: github.com/opencontainers/runc v1.0.3
* update runc binary to v1.0.3
* Unblock native snapshotter on Darwin ([#6329](https://github.com/containerd/containerd/pull/6329))
* Allow native snapshotter on Darwin
* Do not use `go get` to install executables ([#6328](https://github.com/containerd/containerd/pull/6328))
* Do not use `go get` to install executables
* Include runtime v2 in default builtins ([#6326](https://github.com/containerd/containerd/pull/6326))
* Include runtime v2 in default builtins
* Add Windows Server 2022 CI runs ([#6314](https://github.com/containerd/containerd/pull/6314))
* Add Windows Server 2022 CI runs
* Set explicit ACL on test files ([#6324](https://github.com/containerd/containerd/pull/6324))
* Use a single RUN command
* Set explicit ACL on test files
* integration: align tags of test images ([#6311](https://github.com/containerd/containerd/pull/6311))
* integration: align tags of test images
* Set CONTAINERD_ROOT in Windows cri-integration ([#6325](https://github.com/containerd/containerd/pull/6325))
* Set CONTAINERD_ROOT in Windows cri-integration
* export oci.DeviceFromPath() ([#6312](https://github.com/containerd/containerd/pull/6312))
* export oci.DeviceFromPath()
* Update volume test images ([#6321](https://github.com/containerd/containerd/pull/6321))
* Update continuity dependency
* Update volume test images
* Update TestRestartMonitor expected time check ([#6201](https://github.com/containerd/containerd/pull/6201))
* Add error logging on cleanup
* Update TestRestartMonitor expected time check
* Move test volume images from gcr to ghcr ([#6319](https://github.com/containerd/containerd/pull/6319))
* Move volume images from gcr to ghcr
* Revert shim service plugin migration ([#6301](https://github.com/containerd/containerd/pull/6301))
* Revert shim plugin migration
* Authenticate against ghcr.io ([#6317](https://github.com/containerd/containerd/pull/6317))
* Add permissions
* Authenticate against ghcr.io
* oci/deviceFromPath(): correctly check device types ([#6306](https://github.com/containerd/containerd/pull/6306))
* oci/deviceFromPath(): correctly check device types
* Skip TestExportAndImportMultiLayer on Windows ([#6315](https://github.com/containerd/containerd/pull/6315))
* Skip TestExportAndImportMultiLayer on Windows
* Integration: Add image build workflow ([#6290](https://github.com/containerd/containerd/pull/6290))
* Add image build workflow
* Integration: Separate Windows Periodic Tests workflow trigger. ([#6286](https://github.com/containerd/containerd/pull/6286))
* Integration: Separate Windows Periodic Tests workflow trigger.
* Build volume test images on Windows ([#6274](https://github.com/containerd/containerd/pull/6274))
* Build volume test images on Windows
* Add VMware TKG & TCE to Containerd adopters ([#6297](https://github.com/containerd/containerd/pull/6297))
* Add VMware TKG & TCE to Containerd adopters
* Vagrantfile: update to Fedora 35 ([#6293](https://github.com/containerd/containerd/pull/6293))
* Vagrantfile: update to Fedora 35
* Update README.md repo->org ([#6269](https://github.com/containerd/containerd/pull/6269))
* Update README.md repo->org
* Fix executable file not found when restoring shims ([#6278](https://github.com/containerd/containerd/pull/6278))
* Fix executable file not found when restoring shims
* ctr/snapshots/diff: show media-type in stderr ([#6271](https://github.com/containerd/containerd/pull/6271))
* ctr/snapshots/diff: don't show the media-type in output
* ctr: Add Linux Capabilities control flags ([#6289](https://github.com/containerd/containerd/pull/6289))
* ctr: Add Linux Capabilities control flags
* integration: add stats result in error message ([#6270](https://github.com/containerd/containerd/pull/6270))
* integration: add stats result in error message
* releases: mark 1.4 as Extended ([#6287](https://github.com/containerd/containerd/pull/6287))
* docs: mark 1.4 as Extended
* docs: fix RELEASES.md gRPC API anchor
* feat: skip ci for fork ([#6284](https://github.com/containerd/containerd/pull/6284))
* feat: skip ci for fork
* content/local: Close the file if Seek fails ([#6280](https://github.com/containerd/containerd/pull/6280))
* content/local: Close the file if Seek fails
* Integration: Remove explicit version passing to `azure/CLI`. ([#6268](https://github.com/containerd/containerd/pull/6268))
* Integration: Remove explicit version passing to `azure/CLI`.
* Fix wrong make target on documentation ([#6276](https://github.com/containerd/containerd/pull/6276))
* Fix wrong make target on documentation
* fix: server error return ([#6272](https://github.com/containerd/containerd/pull/6272))
* fix: server error return
* Prepare release notes for v1.6.0-beta.3 ([#6267](https://github.com/containerd/containerd/pull/6267))
* Prepare release notes for v1.6.0-beta.3
* Update API version in go.mod
* Update release name to use consistent format
* feat:support custom callopts on client side ([#6254](https://github.com/containerd/containerd/pull/6254))
* fix: make max recv/send msg size setting default
* feat:support custom callopts on client side
* [CRI] Fix panic when registry.mirrors use localhost ([#6258](https://github.com/containerd/containerd/pull/6258))
* [CRI] Fix panic when registry.mirrors use localhost
* Add support for TMP override on toml ([#6241](https://github.com/containerd/containerd/pull/6241))
* Add support for TMP override on toml
* CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options ([#6170](https://github.com/containerd/containerd/pull/6170))
* CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options
* Github Security Advisory [GHSA-5j5w-g665-5m35](https://github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35)
* schema1: reject ambiguous documents
* images: validate document type before unmarshal
* [cri] add sandbox and container latency metrics ([#6111](https://github.com/containerd/containerd/pull/6111))
* [cri] add sandbox and container latency metrics
* Integration: Generalize Windows CI setup scripts for any username. ([#6255](https://github.com/containerd/containerd/pull/6255))
* Generalize Windows CI setup script for any user.
* Standardize cmdlet capitalization in Windows CI scripts.
* feat: use rwmutex instead ([#6253](https://github.com/containerd/containerd/pull/6253))
* feat: use rwmutex instead
* Allow absolute path to shim binaries ([#6206](https://github.com/containerd/containerd/pull/6206))
* Fix package alias
* Support custom runtime path when launching tasks
* Add runtime path in CreateTaskRequest
* Close file if permission modification fails ([#6246](https://github.com/containerd/containerd/pull/6246))
* Close file if permission modification fails
* release: change tar name to match prior releases ([#6250](https://github.com/containerd/containerd/pull/6250))
* release: change tar name to match prior releases
* Fix wrong error returned for image index lookup ([#6237](https://github.com/containerd/containerd/pull/6237))
* Fix wrong error returned for image index lookup
* Fix containerd fails to pull OCI image with non-`http(s)://` urls ([#6221](https://github.com/containerd/containerd/pull/6221))
* Fix containerd fails to pull OCI image with non-`http(s)://` urls
* Prepare release notes for v1.6.0-beta.2 ([#6223](https://github.com/containerd/containerd/pull/6223))
* Prepare release notes for v1.6.0-beta.2
* Add arm64 to releases ([#6196](https://github.com/containerd/containerd/pull/6196))
* Rename release dockerfile to omit distro name
* release: improve dockerfile
* Add arm64 to releases
* use write lock when updating container stats ([#6236](https://github.com/containerd/containerd/pull/6236))
* use write lock when updating container stats
* go.mod: Bump hcsshim to v0.9.1 ([#6230](https://github.com/containerd/containerd/pull/6230))
* go.mod: Bump hcsshim to v0.9.1
* go.mod: Bump ttrpc to 1.1.0 ([#6228](https://github.com/containerd/containerd/pull/6228))
* go.mod: Bump ttrpc to 1.1.0
* go.mod: bump moby/sys/symlink v0.2.0, moby/sys/signal v0.6.0, moby/sys/mountinfo v0.5.0 ([#6213](https://github.com/containerd/containerd/pull/6213))
* go.mod: github.com/moby/sys/mountinfo v0.5.0
* go.mod: github.com/moby/sys/signal v0.6.0
* go.mod: github.com/moby/sys/symlink v0.2.0
* go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
* cleanup: add more description on comment ([#6222](https://github.com/containerd/containerd/pull/6222))
* cleanup: add more description on comment
* Update Go to 1.17.3 ([#6211](https://github.com/containerd/containerd/pull/6211))
* Update Go to 1.17.3
* CI: bump up crun: 1.0 -> 1.3 ([#6214](https://github.com/containerd/containerd/pull/6214))
* CI: bump up crun: 1.0 -> 1.3
* Pin az CLI version in windows-periodic workflow ([#6205](https://github.com/containerd/containerd/pull/6205))
* Pin az CLI version
* Decouple task manager ([#5918](https://github.com/containerd/containerd/pull/5918))
* Address PR comments
* Fix build after rebase
* Migrate task directory
* Expose shim process interface
* Fix after rebase
* Cleanup shim loading
* Move shim restore to a separate file
* Fix backward compatibility with old task shims
* Add plugin dependency between shim and shim services
* Rework task create and cleanup flow
* Add task manager
* Rename task manager to shim manager
* [cri] Implement k8s 1.23 CRI Pod Sandbox and Container Stats ([#6113](https://github.com/containerd/containerd/pull/6113))
* Implement CRI container and pods stats
* Vendor latest k8s.io/cri-api and netlink
* test: Add grace period for restart monitor test ([#6200](https://github.com/containerd/containerd/pull/6200))
* test: Add grace period for restart monitor test
* integration: Enables TestRuntimeHandler for Windows ([#6179](https://github.com/containerd/containerd/pull/6179))
* integration: Enables TestRuntimeHandler for Windows
* Add mkdir on Dockerfile ([#6171](https://github.com/containerd/containerd/pull/6171))
* Add mkdir on Dockerfile
* sys/reaper: avoid leaky goroutine when exec timeout ([#6189](https://github.com/containerd/containerd/pull/6189))
* sys/reaper: avoid leaky goroutine when exec timeout
* adds additional debug out to timebox cni setup ([#6184](https://github.com/containerd/containerd/pull/6184))
* adds additional debug out to timebox cni setup
* converter: Allow hooks during image conversion ([#6176](https://github.com/containerd/containerd/pull/6176))
* converter: Allow hooks during image conversion
* compression: support zstd with skippable frame ([#6177](https://github.com/containerd/containerd/pull/6177))
* compression: support zstd with skippable frame
* integration: Enables TestVolumeCopyUp for Windows ([#6182](https://github.com/containerd/containerd/pull/6182))
* integration: Enables TestVolumeCopyUp for Windows
* integration: Enable some tests for Windows (part 2) ([#6121](https://github.com/containerd/containerd/pull/6121))
* integration: Enable some tests for Windows (part 2)
* integration: Enable some tests for Windows ([#6085](https://github.com/containerd/containerd/pull/6085))
* integration: Enable some tests for Windows
* Update doc to version 2 syntax ([#6125](https://github.com/containerd/containerd/pull/6125))
* feat(doc): update to version 2 syntax
* fix shim reaper wait command execute blocked ([#6166](https://github.com/containerd/containerd/pull/6166))
* fix shim reaper wait command execute blocked
* content: close stream after commit request ([#6145](https://github.com/containerd/containerd/pull/6145))
* content: close stream after commit request
* Generating token options with each scope as a separate string. ([#6165](https://github.com/containerd/containerd/pull/6165))
* Adding scope tests for ParseAuthHeader
* Adding tests for GenerateTokenOptions
* Generate token options with each scope as a separate string.
* vendor: Updates go-cni ([#6167](https://github.com/containerd/containerd/pull/6167))
* vendor: Updates go-cni
* commands: Enables task metrics for Windows ([#6159](https://github.com/containerd/containerd/pull/6159))
* commands: Enables task metrics for Windows
* vendor: update moby/sys for darwin support ([#6149](https://github.com/containerd/containerd/pull/6149))
* vendor: update moby/sys for darwin support
* Prepare v1.6.0-beta.1 ([#6144](https://github.com/containerd/containerd/pull/6144))
* Prepare release notes for v1.6.0-beta.1
* Update mailmap
* Update api vendor
* bump cni to spec v1.0.0 ([#6136](https://github.com/containerd/containerd/pull/6136))
* bump CNI to spec v1.0.0
* Inject otel traces to grpc client. ([#5992](https://github.com/containerd/containerd/pull/5992))
* Inject otel traces to grpc client.
* client: expose (*image).platform ([#6142](https://github.com/containerd/containerd/pull/6142))
* client: expose (*image).platform
* Adding documentation for Core Scheduling ([#6128](https://github.com/containerd/containerd/pull/6128))
* feat(doc): add Core Scheduling documentation
* Ensure namespace is proxied to grpc/ttrpc plugins ([#6130](https://github.com/containerd/containerd/pull/6130))
* Ensure namespace is proxied to grpc/ttrpc plugins
* fix #6054 MaxConcurrentDownloads is not effect when Unpack is true ([#6109](https://github.com/containerd/containerd/pull/6109))
* fix #6054 MaxConcurrentDownloads is not effect when Unpack is true
* Output a warning for label image labels instead of erroring ([#6124](https://github.com/containerd/containerd/pull/6124))
* Output a warning for label image labels instead of erroring
* Fix spelling mistake in Windows snapshotter ([#6132](https://github.com/containerd/containerd/pull/6132))
* Fix spelling mistake in Windows snapshotter
* Windows: Cleanup rm- prefixed layers ([#6126](https://github.com/containerd/containerd/pull/6126))
* Windows: Cleanup rm- prefixed layers
* cleanup deprecated package `io/ioutil ` ([#6118](https://github.com/containerd/containerd/pull/6118))
* io/ioutil package has been deprecated in Go 1.16 that replaces io/ioutil functions
* close Writer after use which may memory leak ([#6115](https://github.com/containerd/containerd/pull/6115))
* close Writer after use which may leak mem
* Adds Windows resource limits support ([#5778](https://github.com/containerd/containerd/pull/5778))
* Adds Windows resource limits support
* Prepare release notes for v1.6.0-beta.0 ([#6098](https://github.com/containerd/containerd/pull/6098))
* Prepare release notes for v1.6.0-beta.0
* Add error message to in TestContainerdRestart integration test ([#6105](https://github.com/containerd/containerd/pull/6105))
* Add error message to in TestContainerdRestart integration test
* Fix typo in the NewContainer function documentation ([#6110](https://github.com/containerd/containerd/pull/6110))
* Fix typo in the NewContainer function documentation
* Update cgroups to v1.0.2 ([#6104](https://github.com/containerd/containerd/pull/6104))
* Update cgroups to v1.0.2
* btrfs: verify file content after mount ([#6100](https://github.com/containerd/containerd/pull/6100))
* test: check file content after mount
* Update test timeout based on recent cancellations ([#6107](https://github.com/containerd/containerd/pull/6107))
* Update test timeout based on recent cancellations
* Check the pid in cri test teardown ([#6106](https://github.com/containerd/containerd/pull/6106))
* Remove extra test_teardown
* Check the pid in cri test teardown
* add runc shim support for sched core ([#6011](https://github.com/containerd/containerd/pull/6011))
* fix integration client vendor
* add runc shim support for sched core
* integration: Enables Windows containerd restart test ([#5579](https://github.com/containerd/containerd/pull/5579))
* integration: Enables Windows containerd restart test
* vendor: Bump hcsshim to 0.9.0 ([#6099](https://github.com/containerd/containerd/pull/6099))
* vendor: Bump hcsshim to 0.9.0
* [cri] Add CNI conf based on runtime class ([#4695](https://github.com/containerd/containerd/pull/4695))
* Add CNI conf based on runtime class
* Update Go to 1.17.2 ([#6102](https://github.com/containerd/containerd/pull/6102))
* Update Go to 1.17.2
* integration: Adds test for multilayer image import ([#5933](https://github.com/containerd/containerd/pull/5933))
* integration: Adds test for multilayer image import
* runtime: should fail fast if dial error on shim ([#6031](https://github.com/containerd/containerd/pull/6031))
* runtime: should fail fast if dial error on shim
* Fixes Windows containers with image volumes ([#6034](https://github.com/containerd/containerd/pull/6034))
* Windows: Fixes Windows containers with image volumes
* run `gofmt` with GO 1.17 ([#6094](https://github.com/containerd/containerd/pull/6094))
* run `gofmt` with Go 1.17
* pkg/cap: remove an outdated comment ([#6088](https://github.com/containerd/containerd/pull/6088))
* pkg/cap: remove an outdated comment
* Update go otel 1.0.1 ([#6066](https://github.com/containerd/containerd/pull/6066))
* Update go otel 1.0.1
* Update ADOPTERS.md with additional uses ([#6086](https://github.com/containerd/containerd/pull/6086))
* Update ADOPTERS.md with additional uses
* modify the way for checking cos ([#6082](https://github.com/containerd/containerd/pull/6082))
* modify the way for checking cos
* Fuzzing: Add fuzzers + small modifications ([#5915](https://github.com/containerd/containerd/pull/5915))
* Fuzzing: Add 4 fuzzers + small modifications
* Fixes for Windows CI ([#6081](https://github.com/containerd/containerd/pull/6081))
* Pin mingw to version 10.2.0
* Update to golang 1.17.1
* Install nssm
* Github Security Advisory [GHSA-c2h3-6mxw-7mvq](https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq)
* btrfs: reduce permissions on plugin directories
* v1 runtime: reduce permissions for bundle dir
* v2 runtime: reduce permissions for bundle dir
* task service: return known error type ([#6079](https://github.com/containerd/containerd/pull/6079))
* task service: return known error type
* refactor: move from io/ioutil to io and os package ([#5973](https://github.com/containerd/containerd/pull/5973))
* refactor: move from io/ioutil to io and os package
* fix: import from k8s.io/utils/clock instead ([#6076](https://github.com/containerd/containerd/pull/6076))
* fix: update vendor
* cleanup: import from k8s.io/utils/clock/testing instead
* cleanup: import from k8s.io/utils/clock instead
* feat: enable integration cri remote client to call with grpc calloptions ([#6069](https://github.com/containerd/containerd/pull/6069))
* feat: enable cri remote client to call with grpc calloptions
* cleanup k8s ansible yaml (carry for #5713) ([#6074](https://github.com/containerd/containerd/pull/6074))
* cleanup k8s ansible yaml (carry for https://github.com/jayonlau <jayonlau@gmail.com>)
* feat: support import image for specific platform ([#6070](https://github.com/containerd/containerd/pull/6070))
* fix: wrong flag type
* feat: support import image for specific platform
* Update mirror images to take target image name ([#6065](https://github.com/containerd/containerd/pull/6065))
* Update mirror images to take target image name
* fix: make exec-id flag required in exec command ([#6059](https://github.com/containerd/containerd/pull/6059))
* fix: make exec-id flag required in exec command
* images: enable converter to uncompress zstd ([#6052](https://github.com/containerd/containerd/pull/6052))
* images: enable converter to uncompress zstd
* replace deprecated function with Domain and Path ([#5922](https://github.com/containerd/containerd/pull/5922))
* replace deprecated function
* integration: Adds Windows HostProcess tests ([#5853](https://github.com/containerd/containerd/pull/5853))
* integration: Adds Windows HostProcess tests
* Fix main branch build is broken ([#6047](https://github.com/containerd/containerd/pull/6047))
* Fix main branch build is broken
* Add open telemetry logging hook for logrus ([#6003](https://github.com/containerd/containerd/pull/6003))
* Add open telemetry logging hook for logrus
* Change `oci.WithUser` behavior for LCOW ([#6023](https://github.com/containerd/containerd/pull/6023))
* Change oci.WithUser behavior for LCOW
* switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound) ([#5946](https://github.com/containerd/containerd/pull/5946))
* switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound)
* import: Raise error if the imported image is filtered out ([#5926](https://github.com/containerd/containerd/pull/5926))
* import: Raise error if the imported image is filtered out
* Fix panic in metadata content writer on copy error ([#6043](https://github.com/containerd/containerd/pull/6043))
* Fix panic in metadata content writer on copy error
* Move tracing to plugin ([#6001](https://github.com/containerd/containerd/pull/6001))
* Move tracing to plugin
* ctr: Fixes Windows image import ([#5916](https://github.com/containerd/containerd/pull/5916))
* ctr: Fixes Windows image import
* update open go.opentelemetry.io v1.0.0 to fix import path ([#6017](https://github.com/containerd/containerd/pull/6017))
* go.mod: update opentelemetry modules to v1.0.0
* fix error string format ([#5979](https://github.com/containerd/containerd/pull/5979))
* fix error string format
* Add github action to mirror image ([#6036](https://github.com/containerd/containerd/pull/6036))
* Add github action to mirror image
* add current process state to the error message ([#6027](https://github.com/containerd/containerd/pull/6027))
* add current process state to the error message
* FreeBSD: fix tar headers & the nil check on getxattr ([#5991](https://github.com/containerd/containerd/pull/5991))
* FreeBSD: fix tar headers & the nil check on getxattr
* gha: collect VMs' IP addresses ([#6035](https://github.com/containerd/containerd/pull/6035))
* gha: collect Vagrant VMs' IP addresses
* bump continuity and console version that remove pkg/errors ([#6033](https://github.com/containerd/containerd/pull/6033))
* bump continuity and console version that remove pkg/errors
* import: Add option to prevent duplicated digest image ([#5997](https://github.com/containerd/containerd/pull/5997))
* import: Add option to skip creating digest image
* ctr namespaces: improve usage string ([#5998](https://github.com/containerd/containerd/pull/5998))
* ctr namespaces: improve usage string
* bump console version to v1.0.3 that remove pkg/errors ([#6028](https://github.com/containerd/containerd/pull/6028))
* bump console version to v1.0.3 that remove pkg/errors
* Use github images for integration tests ([#6032](https://github.com/containerd/containerd/pull/6032))
* Use github images for integration tests
* Fix typo ([#5995](https://github.com/containerd/containerd/pull/5995))
* Fix typo
* Enable image config labels in ctr and CRI container creation ([#6012](https://github.com/containerd/containerd/pull/6012))
* Enable image config labels in ctr and CRI container creation
* Make sure exit signals trigger an exit during init ([#5970](https://github.com/containerd/containerd/pull/5970))
* Make sure exit signals trigger an exit during init
* task delete: Closes task IO before waiting ([#5974](https://github.com/containerd/containerd/pull/5974))
* task delete: Closes task IO before waiting
* CI: bump up crun to 1.0 ([#5985](https://github.com/containerd/containerd/pull/5985))
* CI: bump up crun to 1.0
* seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted) ([#5982](https://github.com/containerd/containerd/pull/5982))
* seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)
* Update to Go 1.17.1 ([#5990](https://github.com/containerd/containerd/pull/5990))
* Update to Go 1.17.1
* CI: Switch to available latest images ([#5987](https://github.com/containerd/containerd/pull/5987))
* CI: Switch to available latest images
* add xfs support to devicemapper snapshotter ([#5610](https://github.com/containerd/containerd/pull/5610))
* add xfs support to devicemapper snapshotter
* Fixes task kill --force on Windows ([#5956](https://github.com/containerd/containerd/pull/5956))
* Fixes task kill --force on Windows
* Add support for shim plugins ([#5817](https://github.com/containerd/containerd/pull/5817))
* Add support for shim plugins
* vendor: update continuity for darwin support ([#5976](https://github.com/containerd/containerd/pull/5976))
* vendor: update continuity for darwin support
* replace uses of os/exec with golang.org/x/sys/execabs ([#5906](https://github.com/containerd/containerd/pull/5906))
* replace uses of os/exec with golang.org/x/sys/execabs
* complete integration test for pulling image with labels ([#5972](https://github.com/containerd/containerd/pull/5972))
* Additional integration tests for pulling image with labels
* Fix content copy to not ignore unexpected EOF ([#5966](https://github.com/containerd/containerd/pull/5966))
* Fix content copy to not ignore unexpected EOF
* add ip_pref CNI options for primary pod ip ([#5964](https://github.com/containerd/containerd/pull/5964))
* add ip_pref CNI options for primary pod ip
* cri: add devices for privileged container ([#5939](https://github.com/containerd/containerd/pull/5939))
* cri: add devices for privileged container
* sandbox: Allows the sandbox to be deleted in NotReady state ([#5954](https://github.com/containerd/containerd/pull/5954))
* sandbox: Allows the sandbox to be deleted in NotReady state
* pin protobuild version to tag ([#5969](https://github.com/containerd/containerd/pull/5969))
* pin protobuild version to tag
* Add metric exposing build version&revision ([#5965](https://github.com/containerd/containerd/pull/5965))
* use a const metric for build_info
* Add metric exposing build version&revision
* Feature: containerd-cri support LinuxContainerResources.Unified ([#5627](https://github.com/containerd/containerd/pull/5627))
* add cri test case
* feature: add field LinuxContainerResources.Unified on cri
* integration: investigate TestRestartMonitor's failure ([#5861](https://github.com/containerd/containerd/pull/5861))
* integration: investigate TestRestartMonitor's failure
* Use issue forms for bug reporting ([#5917](https://github.com/containerd/containerd/pull/5917))
* Address issue forms feedback
* Use issue forms for bug reporting
* cri: patch update image labels ([#5945](https://github.com/containerd/containerd/pull/5945))
* cri: patch update image labels
* darwin: runtime support ([#5936](https://github.com/containerd/containerd/pull/5936))
* darwin: runtime support
* darwin: use the default values for socketRoot variable
* Update RELEASES.md ([#5858](https://github.com/containerd/containerd/pull/5858))
* Update RELEASES.md
* archive: Add WriteDiff error logs ([#5949](https://github.com/containerd/containerd/pull/5949))
* archive: Add WriteDiff error logs
* replace deprecated Dialer with ContextDialer ([#5958](https://github.com/containerd/containerd/pull/5958))
* replace deprecated Dail with DailContext
* Add WS2022 support in Windows Periodic tests ([#5951](https://github.com/containerd/containerd/pull/5951))
* Add WS2022 support in Windows Periodic tests
* Content fuzzer: Clean up temp store dir ([#5943](https://github.com/containerd/containerd/pull/5943))
* content fuzzer: Clean up tempdir
* using Hosts replace deprecated field ([#5944](https://github.com/containerd/containerd/pull/5944))
* using Hosts replace deprecated field
* fix document non-synchronous ([#5947](https://github.com/containerd/containerd/pull/5947))
* fix document non-synchronous in crictl.md
* go.mod: Update hcsshim to v0.8.21 ([#5929](https://github.com/containerd/containerd/pull/5929))
* go.mod: Update hcsshim to v0.8.21
* Makefile.linux: build on RISC-V with PIE ([#5937](https://github.com/containerd/containerd/pull/5937))
* Makefile.linux: build on riscv with PIE
* Fix cwd flag for `ctr tasks exec` ([#5932](https://github.com/containerd/containerd/pull/5932))
* Fix cwd flag for `ctr tasks exec`
* Update Pause image in tests & config ([#5927](https://github.com/containerd/containerd/pull/5927))
* Update Pause image in tests & config
* cri: Devices ownership from SecurityContext ([#5122](https://github.com/containerd/containerd/pull/5122))
* cri: Devices ownership from SecurityContext
* Fix pull fails on unexpected EOF ([#5921](https://github.com/containerd/containerd/pull/5921))
* Fix pull fails on unexpected EOF
* Fix dir support for devices ([#5845](https://github.com/containerd/containerd/pull/5845))
* Adding testing of two devices
* Fix dir support for devices V3 (#4847)
* windows: The DefaultSpec platform should match the Default matcher ([#5914](https://github.com/containerd/containerd/pull/5914))
* windows: The DefaultSpec platform should match the Default matcher
* Add RunAsUserName functionality for the Windows pod sandbox container ([#5865](https://github.com/containerd/containerd/pull/5865))
* Add RunAsUserName functionality for the Windows Pod Sandbox Container
* bump up runc v1.0.2 ([#5899](https://github.com/containerd/containerd/pull/5899))
* go.mod: update runc to v1.0.2
* update runc binary to v1.0.2
* Run `go fmt` with Go 1.17 ([#5903](https://github.com/containerd/containerd/pull/5903))
* Run `go fmt` with Go 1.17
* go.mod: github.com/pelletier/go-toml v1.9.3 ([#5905](https://github.com/containerd/containerd/pull/5905))
* go.mod: github.com/pelletier/go-toml v1.9.3
* cri: filter selinux xattr for image volumes ([#5902](https://github.com/containerd/containerd/pull/5902))
* cri: filter selinux xattr for image volumes
* Add Windows HostProcess Support ([#5131](https://github.com/containerd/containerd/pull/5131))
* Added windows hostProcess cni skip
* script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0 ([#5897](https://github.com/containerd/containerd/pull/5897))
* script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0
* Update to Go 1.17 ([#5889](https://github.com/containerd/containerd/pull/5889))
* Bump integration timeout to 35 min
* Update to Go 1.17
* integration: fix TestContainerPids ([#5896](https://github.com/containerd/containerd/pull/5896))
* integration: fix TestContainerPids
* [ctr] add HOSTNAME env for host network ([#5891](https://github.com/containerd/containerd/pull/5891))
* [ctr] add HOSTNAME env for host network
* Fuzzing: Add fuzzer ([#5886](https://github.com/containerd/containerd/pull/5886))
* Fuzzing: Add fuzzer
* Make Cgroup driver configurable in gce configure script ([#5884](https://github.com/containerd/containerd/pull/5884))
* Add env for SystemdCgroup driver
* Allow expanded DNS configuration ([#5878](https://github.com/containerd/containerd/pull/5878))
* Allow expanded DNS configuration
* Fuzzing: Add 4 fuzzers ([#5863](https://github.com/containerd/containerd/pull/5863))
* Fuzzing: Add 4 fuzzers
* Cleanup v2 shim ([#5813](https://github.com/containerd/containerd/pull/5813))
* Cleanup v2 shim
* Fuzzing: Add experimental version of container fuzzer ([#5840](https://github.com/containerd/containerd/pull/5840))
* Use http.Get to download binaries instead of exec.Command
* Fuzzing: Add experimental version of container fuzzer
* add cpu-shares to ctr ([#5846](https://github.com/containerd/containerd/pull/5846))
* add cpu-shares to ctr
* docs: rename master to main (it was opposite on the actual commit) ([#5847](https://github.com/containerd/containerd/pull/5847))
* docs: rename main to master
* content: return the error with its timestamp ([#5849](https://github.com/containerd/containerd/pull/5849))
* content: return the error with its timestamp
* Fix bad `make protos` failure ([#5857](https://github.com/containerd/containerd/pull/5857))
* Fix bad `make protos` failure
* replace cri and point to new location ([#5851](https://github.com/containerd/containerd/pull/5851))
* archive docs and point to new location fix #https://github.com/containerd/cri/issues/1624
* docs: remove FOSSA's badge ([#5856](https://github.com/containerd/containerd/pull/5856))
* docs: remove FOSSA's badge
* BUILDING.md: remove some bits about building runc ([#5850](https://github.com/containerd/containerd/pull/5850))
* BUILDING.md: remove some bits about building runc
* BUILDING.md: markdown fixes
* go.mod: update k8s deps to v1.22.0 ([#5836](https://github.com/containerd/containerd/pull/5836))
* go.mod: update kubernetes to v1.22.0
* [Scripts] Add trap to cri-integration test script ([#5852](https://github.com/containerd/containerd/pull/5852))
* Add trap to cri-integration test script
* docs: list all snapshotter-related build flags ([#5848](https://github.com/containerd/containerd/pull/5848))
* docs: list all snapshotter-related build flags
* Move plugin context events into separate plugin ([#5835](https://github.com/containerd/containerd/pull/5835))
* Move plugin context events into separate plugin
* Fix Linux CI Linter using Go 1.15.14 ([#5839](https://github.com/containerd/containerd/pull/5839))
* Fix Linux CI Linter using go 1.15.14
* Update Go to 1.16.7 ([#5842](https://github.com/containerd/containerd/pull/5842))
* Update Go to 1.16.7
* Cleanup CI ([#5838](https://github.com/containerd/containerd/pull/5838))
* Cleanup CI
* Remove redundant build tags ([#5834](https://github.com/containerd/containerd/pull/5834))
* Remove redundant build tags
* Change default directories on Darwin ([#5830](https://github.com/containerd/containerd/pull/5830))
* Change default directories on Darwin
* [otel-tracing] Initial opentelemetry support ([#5731](https://github.com/containerd/containerd/pull/5731))
* [otel-tracing] vendor and go modules changes
* [otel-tracing] Initial opentelemetry support
* remove go 1.13 from containerd
* Fuzzing: Fix for OSS-fuzz issue 36825 ([#5829](https://github.com/containerd/containerd/pull/5829))
* Fuzzing: Fix for OSS-fuzz issue 36825
* Fuzzing: Add two fuzzers ([#5825](https://github.com/containerd/containerd/pull/5825))
* Fuzzing: Add two more fuzzers
* scripts: linting fixes, and remove support for Debian Jessie (as it's EOL) ([#5760](https://github.com/containerd/containerd/pull/5760))
* scripts: declare ROOT closer to where it's used, and some DRY changes
* scripts: add missing quotes, and minor linting issues
* test/build-utils.sh: remove support for Debian Jessie
* platforms: Format(): use path.Join() instead of joinNotEmpty() ([#5821](https://github.com/containerd/containerd/pull/5821))
* platforms: Format(): use path.Join() instead of joinNotEmpty()
* Fuzzing: Remove panics of container_fuzzer ([#5823](https://github.com/containerd/containerd/pull/5823))
* Fuzzing: Remove panics of container_fuzzer
* Fuzzing: Add container fuzzer ([#5785](https://github.com/containerd/containerd/pull/5785))
* Change protoc link
* Split fuzzer to two fuzzers
* Fuzzing: Add container fuzzer
* runtime: fix the issue of create new socket with abstract address ([#5746](https://github.com/containerd/containerd/pull/5746))
* runtime: fix the issue of create new socket with abstract address
* mergo: Upgrade to 0.3.12 to fix panic ([#5809](https://github.com/containerd/containerd/pull/5809))
* mergo: Upgrade to 0.3.12 to fix panic
* ci: install criu from PPA ([#5802](https://github.com/containerd/containerd/pull/5802))
* ci: install criu from PPA
* Update release workflow to upload binary without CNI ([#5144](https://github.com/containerd/containerd/pull/5144))
* Split release steps into multiple tasks
* Update release workflow to upload binary without CNI
* Enable critest on Windows Periodic Jobs ([#5725](https://github.com/containerd/containerd/pull/5725))
* Enable critest on Windows
* Script to check if entries in go.mod files are in sync ([#5792](https://github.com/containerd/containerd/pull/5792))
* Script to check if entries in go.mod files are in sync
* Add a sharedNamespace label ([#5043](https://github.com/containerd/containerd/pull/5043))
* Add shared content label to namespaces
* platforms: add "ios" as known OS, "loong64" as known ARCH ([#5784](https://github.com/containerd/containerd/pull/5784))
* platforms: add "ios" as known OS, "loong64" as known ARCH
* Updates the location of protobuf downloads ([#5804](https://github.com/containerd/containerd/pull/5804))
* Updates the location of protobuf downloads in docs
* Update protobuf install to use correct repository ([#5803](https://github.com/containerd/containerd/pull/5803))
* Update protobuf install to use correct repository
* overlay: expose upperdir location of each snapshot via an optional label ([#5624](https://github.com/containerd/containerd/pull/5624))
* overlay: add an optional label of upperdir location of each snapshot
* Support SIGRTMIN+n signals ([#5693](https://github.com/containerd/containerd/pull/5693))
* Support SIGRTMIN+n signals
* respect context timeout in shim binary call ([#5800](https://github.com/containerd/containerd/pull/5800))
* respect context timeout in shim binary call
* Introduce a new go module - containerd/api for use in standalone clients ([#5716](https://github.com/containerd/containerd/pull/5716))
* Introduce a new go module - containerd/api for use in standalone clients
* grpc config add options tcp_client_ca_cert ([#5606](https://github.com/containerd/containerd/pull/5606))
* grpc config add options tcp_tls_ca
* integration: Windows volume-copy-up images ([#5162](https://github.com/containerd/containerd/pull/5162))
* integration: Windows volume-copy-up images
* add CRI support matrix to RELEASES.md ([#5795](https://github.com/containerd/containerd/pull/5795))
* add CRI support matrix to RELEASES.md
* adding a little more clarity ([#5794](https://github.com/containerd/containerd/pull/5794))
* adding a little more clarity
* update gotestsum to v1.7.0 ([#5793](https://github.com/containerd/containerd/pull/5793))
* update gotestsum to v1.7.0
* Discard blocks when removing a thin device ([#5756](https://github.com/containerd/containerd/pull/5756))
* Discard blocks when removing a thin device
* Makefile: fix passing build tags ([#5590](https://github.com/containerd/containerd/pull/5590))
* Makefile: pass build tags to manpage build process
* Makefile: fix tags parameter computation
* Add runtime label to metrics ([#5744](https://github.com/containerd/containerd/pull/5744))
* Add runtime label to metrics
* interface about shim build check ([#5745](https://github.com/containerd/containerd/pull/5745))
* interface about shim build check
* integration: log all processes to investigate the test failure ([#5775](https://github.com/containerd/containerd/pull/5775))
* integration: log all processes to investigate the test failure
* Fuzzing: Add archive fuzzer ([#5779](https://github.com/containerd/containerd/pull/5779))
* Fuzzing: Add archive fuzzer
* Add docker.Fetch fuzzer ([#5687](https://github.com/containerd/containerd/pull/5687))
* Add docker fetch fuzzer
* Support custom compressor for walking differ ([#5735](https://github.com/containerd/containerd/pull/5735))
* Support custom compressor for walking differ
* remotes/docker/pusher.go: Fix missing Close() on push to docker remote ([#5770](https://github.com/containerd/containerd/pull/5770))
* remotes/docker/pusher.go: Fix missing Close()
* remotes/docker/fetcher.go: Fix missing Close() on fetch from docker remote ([#5769](https://github.com/containerd/containerd/pull/5769))
* remotes/docker/fetcher.go: Fix missing Close()
* Update cpuguy83/go-md2man binary to v2.0.1 ([#5771](https://github.com/containerd/containerd/pull/5771))
* Update cpuguy83/go-md2man binary to v2.0.1
* Refactor / optimize contrib/Dockerfile.test ([#5750](https://github.com/containerd/containerd/pull/5750))
* Dockerfile.test: build containerd in separate stage
* Dockerfile.test: add GOLANG_IMAGE build arg to allow overriding
* Dockerfile.test: clean up apt indexes after installing
* Dockerfile.test: build critools in a separate stage
* Dockerfile.test: build cni in a separate stage
* Dockerfile.test: standard directory to collect build aftifacts
* Dockerfile.test: split dev stage, and optimize order
* Dockerfile.test: skip curl, gcc, git and make install
* install-critools: make sure DESTDIR exists
* update gotestsum to current master ([#5754](https://github.com/containerd/containerd/pull/5754))
* update gotestsum to current master
* Github Security Advisory [GHSA-c72p-9xmj-rx3w](https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w)
* Add test for archive breakout test for lchmod
* Use systemd cgroup driver for Kubernetes e2e tests with cgroupsv2 ([#5755](https://github.com/containerd/containerd/pull/5755))
* Use systemd cgroup driver for cgroupv2 tests
* update runc to v1.0.1 ([#5751](https://github.com/containerd/containerd/pull/5751))
* go.mod: runc v1.0.1
* update runc binary to v1.0.1
* runtime: runc v2: remove redundant validation ([#5737](https://github.com/containerd/containerd/pull/5737))
* runtime: runc v2: remove redundant validation
* Add timestamp to flaky restart monitor test ([#5727](https://github.com/containerd/containerd/pull/5727))
* Move loop check to before sleep
* Add timestamp to flaky restart monitor test
* Update Go to 1.16.6 ([#5722](https://github.com/containerd/containerd/pull/5722))
* integration/client: go mod tidy
* Update Go to 1.16.6
* client: surface a connection error more clearly ([#4447](https://github.com/containerd/containerd/pull/4447))
* client: surface a connection error more clearly
* Fix missing Body.Close() calls on push to docker remote ([#5712](https://github.com/containerd/containerd/pull/5712))
* Fix missing Body.Close() calls on push to docker remote
* remove pkg/cri/platforms package ([#5710](https://github.com/containerd/containerd/pull/5710))
* remove pkg/cri/platforms package
* Allow WithServices to use custom implementations ([#5709](https://github.com/containerd/containerd/pull/5709))
* Allow WithServices to use custom implementations
* [Vendor] Update hcsshim to 0.8.18 ([#5673](https://github.com/containerd/containerd/pull/5673))
* [Vendor] Update hcsshim to 0.8.18
* test integration: Adds a test that restarts a failed container ([#5578](https://github.com/containerd/containerd/pull/5578))
* test integration: Adds a test that restarts a failed container
* [CRI] move up to CRI v1 and support v1alpha in parallel ([#5619](https://github.com/containerd/containerd/pull/5619))
* use fu wei's suggeted interface pick for marshaling
* add alpha version
* move up to CRI v1 and support v1alpha in parallel
* gha: make release workflow work in forks ([#5682](https://github.com/containerd/containerd/pull/5682))
* gha: make release workflow work in forks
* Add unit test for plugin ([#5666](https://github.com/containerd/containerd/pull/5666))
* Add unit test for plugin
* Dockerfile.test: add "cri-in-userns" (aka rootless) test stage ([#5700](https://github.com/containerd/containerd/pull/5700))
* Dockerfile.test: add "cri-in-userns" (aka rootless) test stage
* Update for distribution spec 1.0 ([#5676](https://github.com/containerd/containerd/pull/5676))
* Add support for registry host path override
* Update documenation for OCI distribution 1.0
* archive: cleanup lchmod logic ([#5702](https://github.com/containerd/containerd/pull/5702))
* Cleanup lchmod logic in archive
* Install specific golang version in Windows CI. ([#5571](https://github.com/containerd/containerd/pull/5571))
* Install specific golang version in Windows CI.
* Add ctr command label in NewContainerOpts ([#5660](https://github.com/containerd/containerd/pull/5660))
* feat: Add snapshotter label to the new snapshot for container.
* snapshot/devmapper: log exported methods correctly ([#5655](https://github.com/containerd/containerd/pull/5655))
* snapshot/devmapper: log exported methods correctly
* Makefile: fix DESTDIR and PREFIX concatenation ([#5662](https://github.com/containerd/containerd/pull/5662))
* Makefile: fix DESTDIR and PREFIX concatenation
* Cri integration cleanup ([#5287](https://github.com/containerd/containerd/pull/5287))
* tests: Use EnsureImageExists for image pulling
* tests: Refactors PodSandbox creation
* move sys.FMountat() into mount package and un-export ([#5641](https://github.com/containerd/containerd/pull/5641))
* un-export mount.FMountat
* move sys.FMountat() into mount package
* sandbox: send pod UID to CNI plugins as K8S_POD_UID ([#5640](https://github.com/containerd/containerd/pull/5640))
* sandbox: send pod UID to CNI plugins as K8S_POD_UID
* sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils ([#5639](https://github.com/containerd/containerd/pull/5639))
* sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils
* content/local: inline sys.StatATimeAsTime() ([#5633](https://github.com/containerd/containerd/pull/5633))
* content/local: inline sys.StatATimeAsTime()
* allow multi gpu to be specified via ctr ([#5636](https://github.com/containerd/containerd/pull/5636))
* allow multi gpu to be specified via ctr
* go.mod: runc v1.0.0
* update runc binary to v1.0.0 GA
* fixing some doc links ([#5629](https://github.com/containerd/containerd/pull/5629))
* fixing some doc links
* Sync integration/go.mod with root go.mod ([#5623](https://github.com/containerd/containerd/pull/5623))
* Sync integration/go.mod with root go.mod
* archive: Expose ChangeWriter to allow customized diff computing ([#5615](https://github.com/containerd/containerd/pull/5615))
* archive: Expose ChangeWriter to allow customized diff computing
* CI: Switch to the available latest images ([#5625](https://github.com/containerd/containerd/pull/5625))
* CI: Switch to available latest images
* fix deprecation config for default runtime
* Re-enable criu in main integration runs ([#5614](https://github.com/containerd/containerd/pull/5614))
* Re-enable criu in main integration runs
* runtime,v2: Enable debug when containerd is on debug+ log level ([#5617](https://github.com/containerd/containerd/pull/5617))
* runtime,v2: Enable debug when containerd is on debug+ log level
* github.com/golang/protobuf/proto is deprecated
* Update github.com/golang/protobuf from v1.3.5 to v1.4.3
* Update google.golang.org/grpc from v1.27.1 to v1.38.0
* Increase golangci-lint timeout
* ctr flags of container rootfs propagation ([#5611](https://github.com/containerd/containerd/pull/5611))
* command line flags of setting container rootfs propagation
* add cgroupv2 setup for cos with a flag
* Update gotestsum to add timestamps to junit output ([#5612](https://github.com/containerd/containerd/pull/5612))
* Update gotestsum to add timestamps to junit output
* Allow to pass --no-cgroups option to nvidia-container-cli ([#5604](https://github.com/containerd/containerd/pull/5604))
* Allow to pass --no-cgroup option to nvidia-container-cli
* Makefile: FHS conformant manpage installation pathes ([#5577](https://github.com/containerd/containerd/pull/5577))
* Makefile: FHS conformant manpage installation pathes
* Add proper Go version before project checks ([#5594](https://github.com/containerd/containerd/pull/5594))
* Add proper Go version before project checks
* Enable cri-integration in Windows Periodic Tests ([#5580](https://github.com/containerd/containerd/pull/5580))
* Enable cri-integration in Windows Periodic Tests
* adds explanation for seccomp unset/unconfined default vs runtime default ([#5573](https://github.com/containerd/containerd/pull/5573))
* adds explanation for seccomp unset/unconfined default vs runtime default
* Fix cleanup context of teardownPodNetwork ([#5569](https://github.com/containerd/containerd/pull/5569))
* Fix cleanup context of teardownPodNetwork
* update integration/client go.sum ([#5572](https://github.com/containerd/containerd/pull/5572))
* update integration/client go.sum
* Revert diff/walking error change ([#5566](https://github.com/containerd/containerd/pull/5566))
* Revert diff/walking error change
* Update opencontainers/selinux to v1.8.2 ([#5562](https://github.com/containerd/containerd/pull/5562))
* Update opencontainers/selinux to v1.8.2
* fix invalid validation error checking ([#5565](https://github.com/containerd/containerd/pull/5565))
* fix invalid validation error checking
* diff/walking: fix defer cleanup ([#5551](https://github.com/containerd/containerd/pull/5551))
* diff/walking: fix defer cleanup
* Windows periodic job: Add creation timestamp to RG ([#5559](https://github.com/containerd/containerd/pull/5559))
* Add creation timestamp to RG
* Fix error case in Windows layer cleanup ([#5328](https://github.com/containerd/containerd/pull/5328))
* Fix error case in Windows layer cleanup
* Use DeactivateLayer to unlock layers that we cannot rename ([#5422](https://github.com/containerd/containerd/pull/5422))
* Small typo fix "reimporst"
* Use DeactivateLayer to recover layers that we cannot rename
* tests: Symlink volume tests ([#5284](https://github.com/containerd/containerd/pull/5284))
* tests: Symlink volume tests
* Makefile: fix DESTDIR environment variable behaviour ([#5535](https://github.com/containerd/containerd/pull/5535))
* Makefile: fix DESTDIR environment variable behaviour
* Change Wrapf of non-error to an actual error ([#5560](https://github.com/containerd/containerd/pull/5560))
* Change Wrapf of non-error to an actual error
* Install apparmor parser for arm64 environment
* scrub the stale TODO ([#5536](https://github.com/containerd/containerd/pull/5536))
* scrub the stale TODO
* docs: explicitly mention containerd's Prometheus path ([#5554](https://github.com/containerd/containerd/pull/5554))
* docs: explicitly mention containerd's Prometheus path
* integration: Cleanup containerd on test teardown ([#5553](https://github.com/containerd/containerd/pull/5553))
* integration: Cleanup containerd on test teardown
* docs/cri: update links ([#5548](https://github.com/containerd/containerd/pull/5548))
* docs/cri: update ocicrypt link
* docs/cri: fix broken links
* Update Windows periodic tests ([#5544](https://github.com/containerd/containerd/pull/5544))
* Update Windows periodic tests
* Add CI periodic Windows Jobs. ([#5165](https://github.com/containerd/containerd/pull/5165))
* Schedule Windows job daily after midnight.
* Update windows-periodic.yml
* Add CI periodic Windows Jobs.
* Rename atomicWrite to writeToCompletion ([#5273](https://github.com/containerd/containerd/pull/5273))
* Rename atomicWrite to writeToCompletion
* Do not run btrfs tests if btrfs kernel module is not loaded ([#5539](https://github.com/containerd/containerd/pull/5539))
* Do not run btrfs tests if btrfs kernel module is not loaded
* Fix incorrect UA used for registry authentication ([#5533](https://github.com/containerd/containerd/pull/5533))
* Fix incorrect UA used for registry authentication
* ctr: parse mount options with embedded = character ([#5531](https://github.com/containerd/containerd/pull/5531))
* ctr: parse mount options with embedded = character
* Fix mounts for FreeBSD ([#5472](https://github.com/containerd/containerd/pull/5472))
* Add ruleset=4 option
* Remove mountpoints not commonly mounted on FreeBSD
* Add copyright header & make sure compilation succeeds on all platforms
* Fix mounts for FreeBSD
* ctr: make exec pty behavior consistent with run ([#5527](https://github.com/containerd/containerd/pull/5527))
* ctr: exec handle pty resize after Start
* ctr: exec setup IO with console
* Makefile: use $@ for target file names ([#5534](https://github.com/containerd/containerd/pull/5534))
* Makefile: use $@ for target file names
* Fix small typo ([#5528](https://github.com/containerd/containerd/pull/5528))
* Fix small typo
* Don't check for apparmor_parser to be present ([#5519](https://github.com/containerd/containerd/pull/5519))
* update the link
* Don't check for apparmor_parser to be present
* Remove useless lines ([#5520](https://github.com/containerd/containerd/pull/5520))
* Remove useless lines
* Fixed typos in docs ([#5509](https://github.com/containerd/containerd/pull/5509))
* fixed typos
* Try next mirror in case of non-404 errors, too ([#5275](https://github.com/containerd/containerd/pull/5275))
* Try next mirror in case of non-404 errors, too
* bump runc version to v1.0.0-rc95 ([#5514](https://github.com/containerd/containerd/pull/5514))
* bump runc version to v1.0.0-rc95
* update runc binary to v1.0.0-rc95 ([#5511](https://github.com/containerd/containerd/pull/5511))
* update runc binary to v1.0.0-rc95
* Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0 ([#5508](https://github.com/containerd/containerd/pull/5508))
* Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0
* Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1 ([#5507](https://github.com/containerd/containerd/pull/5507))
* Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
* Makefile: allow overriding install command via environment ([#5493](https://github.com/containerd/containerd/pull/5493))
* Makefile: allow overriding install command via environment
* tests: Adds support for Windows cri-integration tests ([#5163](https://github.com/containerd/containerd/pull/5163))
* tests: Adds support for Windows cri-integration tests
* Update docker resolver to authorize redirects ([#5504](https://github.com/containerd/containerd/pull/5504))
* Update docker resolver to authorize redirects
* bump hcsshim version to v0.8.17 ([#5505](https://github.com/containerd/containerd/pull/5505))
* bump hcsshim version to v0.8.17
* Release binary update for imgcrypt ([#5498](https://github.com/containerd/containerd/pull/5498))
* just release ctd-decoder not ctr-enc
* Merge remote-tracking branch 'upstream/master'
* Pin integration test image for alpine
* cri-integration tests: Pull images once ([#5313](https://github.com/containerd/containerd/pull/5313))
* tests: Prepull images used in tests
* plugin: optimize the check for the last registration ([#5440](https://github.com/containerd/containerd/pull/5440))
* plugin: optimize the check for the last registration
* metadata: modify NewLeaseManager to return leases.Manager ([#5465](https://github.com/containerd/containerd/pull/5465))
* metadata: modify NewLeaseManager to return leases.Manager
* Skip TLS verification for localhost ([#5100](https://github.com/containerd/containerd/pull/5100))
* Skip TLS verification for localhost
* Merge remote-tracking branch 'upstream/master'
* Makefile: make sure manpages are built before install-man ([#5492](https://github.com/containerd/containerd/pull/5492))
* Makefile: make sure manpages are built before install-man
* adds description for hosts.toml ([#5309](https://github.com/containerd/containerd/pull/5309))
* adds credentials description
* adds description for hosts.toml
* Prepare default branch rename ([#5459](https://github.com/containerd/containerd/pull/5459))
* Prepare default branch rename
* Merge remote-tracking branch 'upstream/master'
* Update runc to rc94 ([#5473](https://github.com/containerd/containerd/pull/5473))
* Update vendored runc to v1.0.0.0-rc94
* Update the runc binary used with containerd to runc v1.0.0-rc94
* Fix `content.ReaderAt` close ([#5468](https://github.com/containerd/containerd/pull/5468))
* Fix content.ReaderAt close
* Update releases doc with updated support timeline ([#5466](https://github.com/containerd/containerd/pull/5466))
* Update releases doc with updated support timeline
* tests: add test for adaptor ([#5452](https://github.com/containerd/containerd/pull/5452))
* tests: add test for adaptor
* Makefile: allow overriding go command by environment ([#5450](https://github.com/containerd/containerd/pull/5450))
* Makefile: allow overriding go command by environment
* update to new cri-tools make install ([#5462](https://github.com/containerd/containerd/pull/5462))
* update to new cri-tools make install
* Update Go to 1.16.4 ([#5461](https://github.com/containerd/containerd/pull/5461))
* Update Go to 1.16.4
* Merge remote-tracking branch 'upstream/release/1.5'
* [release/1.5] go.mod: cut circular dependency on github.com/containerd/containerd ([#5457](https://github.com/containerd/containerd/pull/5457))
* go.mod: cut circular dependency on github.com/containerd/containerd
* integration/client: go mod tidy
* oci: fix WithDevShmSize ([#5063](https://github.com/containerd/containerd/pull/5063))
* oci: fix WithDevShmSize
* [release/1.5] cherry-pick: windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink ([#5454](https://github.com/containerd/containerd/pull/5454))
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink ([#5411](https://github.com/containerd/containerd/pull/5411))
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
* doc: add missing namespaces package ([#5448](https://github.com/containerd/containerd/pull/5448))
* doc: add missing namespaces package
* update seccomp version ([#5445](https://github.com/containerd/containerd/pull/5445))
* update seccomp version
* Update golang.org/x/sys to add linux/ppc support ([#5436](https://github.com/containerd/containerd/pull/5436))
* Update golang.org/x/sys to add linux/ppc support
* go.mod: cut circular dependency on github.com/containerd/containerd ([#5441](https://github.com/containerd/containerd/pull/5441))
* go.mod: cut circular dependency on github.com/containerd/containerd
* integration/client: go mod tidy
* Fix different registry hosts referencing the same auth config. ([#5446](https://github.com/containerd/containerd/pull/5446))
* Fix different registry hosts referencing the same auth config.
</p>
</details>
### Changes from containerd/cgroups
<details><summary>33 commits</summary>
<p>
* v2: Fix inotify fd leak when cgroup is deleted ([#212](https://github.com/containerd/cgroups/pull/212))
* v2: add test case for Manager.EventChan() behavior
* v2: flip error handling for readKVStat("memory.events") to reduce indentation
* v2: manager: factor out memory.events parsing
* v2: Fix inotify leak when cgroup is deleted
* fix Implicit memory aliasing in for loop ([#214](https://github.com/containerd/cgroups/pull/214))
* fix Implicit memory aliasing in for loop
* Fix potential dirfd leak. ([#210](https://github.com/containerd/cgroups/pull/210))
* Fix potential dirfd leak.
* cgroup: Optionally add process and task to a subsystems subset ([#203](https://github.com/containerd/cgroups/pull/203))
* cgroup: Optionally add process and task to a subsystems subset
* replace pkg/errors from vendor ([#208](https://github.com/containerd/cgroups/pull/208))
* replace pkg/errors from vendor
* cgroup.go: avoid panic on nil interface ([#207](https://github.com/containerd/cgroups/pull/207))
* cgroup.go: avoid panic on nil interface
* Improvements on cgroup v2 support ([#204](https://github.com/containerd/cgroups/pull/204))
* cgroupv2: reset lastErr to nil when subtree control is successfully written
* cgroupv2: enable controllers before setting resources in NewChild()
* v2: remove unimplemented errors and ErrorHandler, IgnoreNotExist ([#201](https://github.com/containerd/cgroups/pull/201))
* v2: remove ErrorHandler and IgnoreNotExist as they are not implemented
* v2: remove errors that are never returned
* v1: reduce duplicated code ([#202](https://github.com/containerd/cgroups/pull/202))
* v1: reduce duplicated code
* cgroup v1: implement AddProc() ([#200](https://github.com/containerd/cgroups/pull/200))
* cgroup v1: implement AddProc()
* Rename branch from master to main ([#199](https://github.com/containerd/cgroups/pull/199))
* Rename branch from master to main
* utils: export ParseCgroupFile() ([#197](https://github.com/containerd/cgroups/pull/197))
* utils: export ParseCgroupFile()
* go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations ([#194](https://github.com/containerd/cgroups/pull/194))
* go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations
* Use /proc/partitions to get device names ([#195](https://github.com/containerd/cgroups/pull/195))
* Use /proc/partitions to get device names
</p>
</details>
### Changes from containerd/console
<details><summary>6 commits</summary>
<p>
* Fix CI ([#55](https://github.com/containerd/console/pull/55))
* Fix CI
* Stop using pkg/errors
* Add support for z/OS ([#46](https://github.com/containerd/console/pull/46))
* Console test on z/OS
* Add support for z/OS
</p>
</details>
### Changes from containerd/continuity
<details><summary>28 commits</summary>
<p>
* fs: use syscall.Timespec.Unix ([#193](https://github.com/containerd/continuity/pull/193))
* fs: use syscall.Timespec.Unix
* Update CI Go version to 1.17 ([#192](https://github.com/containerd/continuity/pull/192))
* Update CI Go version to 1.17
* Build containerd/continuity on multiple Unix OSes ([#190](https://github.com/containerd/continuity/pull/190))
* Build containerd/continuity on multiple Unix OSes
* Do not log errors before returning them ([#191](https://github.com/containerd/continuity/pull/191))
* Do not log errors before returning them
* Copy Windows file metadata ([#188](https://github.com/containerd/continuity/pull/188))
* Copy Windows file metadata
* fix fmt.Errorf("%w", err) on err == nil ([#187](https://github.com/containerd/continuity/pull/187))
* fix fmt.Errorf("%w", err) on err == nil
* Remove direct dependency on github.com/pkg/errors ([#185](https://github.com/containerd/continuity/pull/185))
* run gofmt with Go 1.17
* remove direct dependency on github.com/pkg/errors
* Fix darwin issues ([#186](https://github.com/containerd/continuity/pull/186))
* update AUTHORS
* darwin: use utimensat syscall instead of utimes
* fix darwin usage of du command
* go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125 ([#161](https://github.com/containerd/continuity/pull/161))
* go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125
* fs/stat: add FreeBSD, and cleanup some nolint-comments ([#184](https://github.com/containerd/continuity/pull/184))
* reformat nolint comments
* fs/stat: add FreeBSD
* Rename branch from master to main ([#182](https://github.com/containerd/continuity/pull/182))
* Rename branch from master to main
* testutil/loopback: print more debug info ([#180](https://github.com/containerd/continuity/pull/180))
* testutil/loopback: print more debug info
</p>
</details>
### Changes from containerd/go-cni
<details><summary>18 commits</summary>
<p>
* run setup on networks in parallel ([#76](https://github.com/containerd/go-cni/pull/76))
* switch to direct index
* run setup on networks in parallel
* remove: Continue on "not found" errors ([#74](https://github.com/containerd/go-cni/pull/74))
* remove: Continue on "not found" errors
* go.mod: github.com/containernetworking/cni v1.0.1 ([#72](https://github.com/containerd/go-cni/pull/72))
* go.mod: github.com/containernetworking/cni v1.0.1
* remove direct dependency on github.com/pkg/errors ([#71](https://github.com/containerd/go-cni/pull/71))
* remove direct dependency on github.com/pkg/errors
* update CNI to v1.0.0 ([#70](https://github.com/containerd/go-cni/pull/70))
* test: add TestLibCNIType100
* update CNI to v1.0.0
* Rename branch from master to main ([#69](https://github.com/containerd/go-cni/pull/69))
* Rename branch from master to main
* result: change Raw from a struct field to a method ([#68](https://github.com/containerd/go-cni/pull/68))
* result: change Raw from a struct field to a method
* result: expose raw result ([#67](https://github.com/containerd/go-cni/pull/67))
* result: expose raw result
</p>
</details>
### Changes from containerd/imgcrypt
<details><summary>32 commits</summary>
<p>
* CHANGES: Updated CHANGES document for 1.1.3 release ([#64](https://github.com/containerd/imgcrypt/pull/64))
* CHANGES: Updated CHANGES document for 1.1.3 release
* docs: update project branch to main ([#63](https://github.com/containerd/imgcrypt/pull/63))
* docs: update project branch to main
* Update linter to match containerd repo ([#61](https://github.com/containerd/imgcrypt/pull/61))
* Update linter to match containerd repo
* update CI golang version
* Bump github.com/containerd/containerd from 1.5.7 to 1.5.8 ([#59](https://github.com/containerd/imgcrypt/pull/59))
* Bump github.com/containerd/containerd from 1.5.7 to 1.5.8
* maint: Update to ocicrypt v1.1.2 ([#57](https://github.com/containerd/imgcrypt/pull/57))
* maint: Update to ocicrypt v1.1.2
* Decouple CreateCryptoConfig() from github.com/urfave/cli ([#56](https://github.com/containerd/imgcrypt/pull/56))
* Decouple CreateCryptoConfig() from github.com/urfave/cli
* Bump github.com/containerd/containerd from 1.5.5 to 1.5.7 ([#55](https://github.com/containerd/imgcrypt/pull/55))
* Bump github.com/containerd/containerd from 1.5.5 to 1.5.7
* replace pkg/errors and bump related library
* README: Fix CRI decryption document URL ([#53](https://github.com/containerd/imgcrypt/pull/53))
* README: Fix CRI decryption document URL
* Bump github.com/containerd/containerd from 1.5.2 to 1.5.4 ([#52](https://github.com/containerd/imgcrypt/pull/52))
* Bump github.com/containerd/containerd from 1.5.2 to 1.5.4
* Bump containerd to 1.5.2 ([#51](https://github.com/containerd/imgcrypt/pull/51))
* Bump containerd to 1.5.2
* images: Implement ConvertFunc for image en- and decryption ([#49](https://github.com/containerd/imgcrypt/pull/49))
* images: Implement ConvertFunc for image en- and decryption
* Add containerd-release to makefile ([#48](https://github.com/containerd/imgcrypt/pull/48))
* Remove ctr-enc from installation
* vendor sync up with containerd 1.5 ga, and runc94 ([#47](https://github.com/containerd/imgcrypt/pull/47))
* sync up with containerd 1.5 ga, and runc94
* Sync ctr-enc with containerd's ctr v1.5.0-rc.3 ([#46](https://github.com/containerd/imgcrypt/pull/46))
* CICD: Run 'apt update' before pulling packages
* ctr-enc: Set the version for ctr-enc when linking
* Sync ctr-enc with containerd's ctr v1.5.0-rc.3
</p>
</details>
### Changes from containerd/ttrpc
<details><summary>34 commits</summary>
<p>
* Add protoc-gen-go-ttrpc ([#96](https://github.com/containerd/ttrpc/pull/96))
* Add protoc-gen-go-ttrpc
* client: Handle sending/receiving in separate goroutines ([#94](https://github.com/containerd/ttrpc/pull/94))
* client: Handle sending/receiving in separate goroutines
* Run Protobuild in GitHub Actions ([#95](https://github.com/containerd/ttrpc/pull/95))
* Run Protobuild in GitHub Actions
* Re-generate example.pb.go
* replace pkg/errors ([#93](https://github.com/containerd/ttrpc/pull/93))
* replace pkg/errors from vendor
* Rename branch from master to main ([#86](https://github.com/containerd/ttrpc/pull/86))
* Rename branch from master to main
* Make "go test" and "go build" work on macOS ([#85](https://github.com/containerd/ttrpc/pull/85))
* Make the example command buildable on macOS
* Run GitHub Actions on macOS
* Make "go test" work on macOS
* Return Unimplemented when services or methods are not implemented ([#83](https://github.com/containerd/ttrpc/pull/83))
* Return Unimplemented when services or methods are not implemented
* Remove "Very new" and checked TODO items ([#84](https://github.com/containerd/ttrpc/pull/84))
* Remove "Very new" and checked TODO items
* removing glide from ignore ([#82](https://github.com/containerd/ttrpc/pull/82))
* removing glide from ignore
* go.mod: update dependencies ([#79](https://github.com/containerd/ttrpc/pull/79))
* go.mod: github.com/prometheus/procfs v0.6.0
* go.mod: google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
* go.mod: google.golang.org/grpc v1.27.1
* go.mod: github.com/gogo/protobuf v1.3.2
* remove travis, add codecov badge ([#78](https://github.com/containerd/ttrpc/pull/78))
* CI: add codecov badge to readme
* CI: remove travis
* Use GitHub Actions for CI ([#77](https://github.com/containerd/ttrpc/pull/77))
* Use GitHub Actions for CI
* go.mod: sirupsen/logrus v1.7.0 ([#76](https://github.com/containerd/ttrpc/pull/76))
* go.mod: sirupsen/logrus v1.7.0
* go mod tidy
</p>
</details>
### Dependency Changes
* **cloud.google.com/go** v0.81.0 **_new_**
* **github.com/AdaLogics/go-fuzz-headers** 6c3934b029d8 **_new_**
* **github.com/Microsoft/go-winio** v0.4.17 -> v0.5.1
* **github.com/Microsoft/hcsshim** v0.8.16 -> v0.9.2
* **github.com/blang/semver** v3.5.1 **_new_**
* **github.com/cenkalti/backoff/v4** v4.1.2 **_new_**
* **github.com/cespare/xxhash/v2** v2.1.1 -> v2.1.2
* **github.com/cilium/ebpf** v0.4.0 -> v0.7.0
* **github.com/containerd/cgroups** v1.0.1 -> v1.0.3
* **github.com/containerd/console** v1.0.2 -> v1.0.3
* **github.com/containerd/continuity** v0.1.0 -> v0.2.2
* **github.com/containerd/go-cni** v1.0.2 -> v1.1.1
* **github.com/containerd/imgcrypt** v1.1.1 -> v1.1.3
* **github.com/containerd/ttrpc** v1.0.2 -> v1.1.0
* **github.com/containernetworking/cni** v0.8.1 -> v1.0.1
* **github.com/containernetworking/plugins** v0.9.1 -> v1.0.1
* **github.com/containers/ocicrypt** v1.1.1 -> v1.1.2
* **github.com/coreos/go-systemd/v22** v22.1.0 -> v22.3.2
* **github.com/go-logr/logr** v0.2.0 -> v1.2.2
* **github.com/go-logr/stdr** v1.2.2 **_new_**
* **github.com/godbus/dbus/v5** v5.0.3 -> v5.0.6
* **github.com/golang/groupcache** 8c9f03a8e57e -> 41bb18bfe9da
* **github.com/golang/protobuf** v1.3.5 -> v1.5.2
* **github.com/google/go-cmp** v0.5.4 -> v0.5.6
* **github.com/google/gofuzz** v1.1.0 -> v1.2.0
* **github.com/grpc-ecosystem/go-grpc-middleware** v1.3.0 **_new_**
* **github.com/grpc-ecosystem/grpc-gateway** v1.16.0 **_new_**
* **github.com/hashicorp/errwrap** v1.0.0 -> v1.1.0
* **github.com/hashicorp/go-multierror** v1.0.0 -> v1.1.1
* **github.com/imdario/mergo** v0.3.11 -> v0.3.12
* **github.com/intel/goresctrl** v0.2.0 **_new_**
* **github.com/json-iterator/go** v1.1.10 -> v1.1.12
* **github.com/moby/spdystream** v0.2.0 **_new_**
* **github.com/moby/sys/mountinfo** v0.4.1 -> v0.5.0
* **github.com/moby/sys/signal** v0.6.0 **_new_**
* **github.com/moby/sys/symlink** v0.1.0 -> v0.2.0
* **github.com/modern-go/reflect2** v1.0.1 -> v1.0.2
* **github.com/opencontainers/image-spec** v1.0.1 -> 693428a734f5
* **github.com/opencontainers/runc** v1.0.0-rc93 -> v1.1.0
* **github.com/opencontainers/runtime-spec** e6143ca7d51d -> 1c3f411f0417
* **github.com/opencontainers/selinux** v1.8.0 -> v1.10.0
* **github.com/pelletier/go-toml** v1.8.1 -> v1.9.3
* **github.com/prometheus/client_golang** v1.7.1 -> v1.11.0
* **github.com/prometheus/common** v0.10.0 -> v0.30.0
* **github.com/prometheus/procfs** v0.6.0 -> v0.7.3
* **github.com/satori/go.uuid** v1.2.0 **_new_**
* **github.com/sirupsen/logrus** v1.7.0 -> v1.8.1
* **github.com/spf13/pflag** v1.0.5 **_new_**
* **github.com/stretchr/testify** v1.6.1 -> v1.7.0
* **github.com/vishvananda/netlink** f5de75959ad5 **_new_**
* **github.com/vishvananda/netns** 2eb08e3e575f **_new_**
* **go.etcd.io/bbolt** v1.3.5 -> v1.3.6
* **go.opencensus.io** v0.22.3 -> v0.23.0
* **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.28.0 **_new_**
* **go.opentelemetry.io/otel** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/internal/retry** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/sdk** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/trace** v1.3.0 **_new_**
* **go.opentelemetry.io/proto/otlp** v0.11.0 **_new_**
* **golang.org/x/crypto** 0c34fe9e7dc2 -> 32db794688a5
* **golang.org/x/net** e18ecbb05110 -> fe4d6282115f
* **golang.org/x/oauth2** bf48bf16ab8d -> 2bc19b11175f
* **golang.org/x/sync** 09787c993a3a -> 036812b2e83c
* **golang.org/x/sys** 47abb6519492 -> 1d35b9e2eb4e
* **golang.org/x/term** 7de9c90e9dd1 -> 6886f2dfbf5b
* **golang.org/x/text** v0.3.4 -> v0.3.7
* **golang.org/x/time** 3af7569d3a1e -> 1f47c861a9ac
* **google.golang.org/appengine** v1.6.5 -> v1.6.7
* **google.golang.org/grpc** v1.27.1 -> v1.43.0
* **google.golang.org/protobuf** v1.27.1 **_new_**
* **gopkg.in/yaml.v3** 9f266ea9e77c -> 496545a6307b
* **k8s.io/api** v0.20.6 -> v0.22.5
* **k8s.io/apimachinery** v0.20.6 -> v0.22.5
* **k8s.io/apiserver** v0.20.6 -> v0.22.5
* **k8s.io/client-go** v0.20.6 -> v0.22.5
* **k8s.io/component-base** v0.20.6 -> v0.22.5
* **k8s.io/cri-api** v0.20.6 -> v0.23.1
* **k8s.io/klog/v2** v2.4.0 -> v2.30.0
* **k8s.io/utils** 67b214c5f920 -> cb0fa318a74b
* **sigs.k8s.io/structured-merge-diff/v4** v4.0.3 -> v4.1.2
Previous release can be found at [v1.5.0](https://github.com/containerd/containerd/releases/tag/v1.5.0)
containerd 1.6.0-rc.3
Welcome to the v1.6.0-rc.3 release of containerd!
The seventh major release of containerd includes many improvements and added
support to increase overall compatibility and stability.
### Highlights
#### Runtime
* **Add runtime label to metrics** ([#5744](https://github.com/containerd/containerd/pull/5744))
* **Cleanup task delete logic in v2 shim** ([#5813](https://github.com/containerd/containerd/pull/5813))
* **Add support for shim plugins** ([#5817](https://github.com/containerd/containerd/pull/5817))
* **Handle sigint and sigterm in shimv2** ([#5828](https://github.com/containerd/containerd/pull/5828))
* **Decouple shim and task manager** ([#5918](https://github.com/containerd/containerd/pull/5918))
* **Add runc shim support for core scheduling** ([#6011](https://github.com/containerd/containerd/pull/6011))
* **Update shim client connect attempt to fail fast when shim errors** ([#6031](https://github.com/containerd/containerd/pull/6031))
* **Add support for absolute path to shim binaries** ([#6206](https://github.com/containerd/containerd/pull/6206))
* **Update runc to v1.1.0** ([#6375](https://github.com/containerd/containerd/pull/6375))
#### Windows
* **Add support for Windows HostProcess containers** ([#5131](https://github.com/containerd/containerd/pull/5131))
* **Add support for Windows resource limits** ([#5778](https://github.com/containerd/containerd/pull/5778))
#### CRI
* **Add CNI configuration based on runtime class** ([#4695](https://github.com/containerd/containerd/pull/4695))
* **Add support for Intel RDT** ([#5439](https://github.com/containerd/containerd/pull/5439))
* **Add support for CRI v1 and v1alpha in parallel** ([#5619](https://github.com/containerd/containerd/pull/5619))
* **Add support for unified resources field for cgroups v2** ([#5627](https://github.com/containerd/containerd/pull/5627))
* **Add IP preference configuration for reporting pod IP** ([#5964](https://github.com/containerd/containerd/pull/5964))
* **Implement new CRI pod sandbox stats API** ([#6113](https://github.com/containerd/containerd/pull/6113))
* **Add sandbox and container latency metrics** ([#6111](https://github.com/containerd/containerd/pull/6111))
* **Add namespace to ttrpc and grpc plugin connections** ([#6130](https://github.com/containerd/containerd/pull/6130))
* **Add option to allow ping sockets and privileged ports with no capabilities** ([#6170](https://github.com/containerd/containerd/pull/6170))
* **Add support for configuring swap** ([#6320](https://github.com/containerd/containerd/pull/6320))
#### Other
* **Add support for client TLS Auth for grpc** ([#5606](https://github.com/containerd/containerd/pull/5606))
* **Add xfs support for devicemapper snapshotter** ([#5610](https://github.com/containerd/containerd/pull/5610))
* **Add metric exposing build version and revision** ([#5965](https://github.com/containerd/containerd/pull/5965))
* **Add support for custom fs options in devmapper snapshotter** ([#6122](https://github.com/containerd/containerd/pull/6122))
* **Update introspection service to show GRPC plugins** ([#6432](https://github.com/containerd/containerd/pull/6432))
#### Client
* **Allow WithServices to use custom implementations** ([#5709](https://github.com/containerd/containerd/pull/5709))
* **Support custom compressor for walking differ** ([#5735](https://github.com/containerd/containerd/pull/5735))
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
### Contributors
* Derek McGowan
* Phil Estes
* Akihiro Suda
* Wei Fu
* Maksym Pavlenko
* Sebastiaan van Stijn
* Michael Crosby
* Kazuyoshi Kato
* Mike Brown
* Claudiu Belu
* Daniel Canter
* haoyun
* Brian Goff
* Gabriel Adrian Samfira
* Stefan Berger
* zounengren
* AdamKorcz
* Adelina Tuvenie
* Kohei Tokunaga
* Davanum Srinivas
* Nashwan Azhari
* Samuel Karp
* Shiming Zhang
* Markus Lehtonen
* Enrico Weigelt, metux IT consult
* Alakesh Haloi
* Hajime Tazaki
* Iceber Gu
* Kevin Parsons
* Aditi Sharma
* Jeremi Piotrowski
* David Porter
* Gijs Peskens
* ningmingxiao
* Brandon Lum
* Cody Roseborough
* Danielle Lancashire
* Jacob MacElroy
* Tõnis Tiigi
* dependabot[bot]
* wanglei
* Alexandre Peixoto Ferreira
* Eric Ernst
* Fabiano Fidêncio
* Furkan Türkal
* Jiaming Xu
* Kir Kolyshkin
* Miao Wang
* Neil Johnson
* Paul "TBBle" Hampson
* Priyanka Saggu
* Romain Aviolat
* Samuel Ortiz
* Sunghoon Kang
* Takumasa Sakao
* Tobias Klauser
* Zhiyu Li
* ye.sijun
* Alexander Minbaev
* Alexey Ivanov
* Andrey Smirnov
* Artem Khramov
* Aurelien Lun-Sin
* Ben Hutchings
* Cory Bennett
* Da McGrady
* Dan Williams
* Eng Zer Jun
* Ethan Chen
* Fupan Li
* Gaurav Gahlot
* Gunju Kim
* Henry Wang
* Jacob Blain Christen
* James Gordon
* James Sturtevant
* Jan Klippel
* Jayme Howard
* Jiajun Jiang
* Jintao Zhang
* Justin Terry
* Kaijie Chen
* Kante
* Kern Walster
* Kitt Hsu
* Lantao Liu
* Ma Xinjian
* Manabu Sugimoto
* Manuel Alejandro de Brito Fontes
* Mark Rossetti
* Markus Lippert
* Mikko Ylinen
* Ng Yang
* Nicolas Chariglione
* Ning Li
* Olli Janatuinen
* Peri Thompson
* Quan Tian
* Radostin Stoyanov
* Rui Lopes
* Sambhav Kothari
* Sebastian Hasler
* Sergey Kanzhelev
* Sören Tempel
* Yang Yang
* Yifan Yuan
* Zilong Wang
* Zufar Dhiyaulhaq
* botieking98
* chenxiaoyu
* jayonlau
* jerryzhuang
* linrunlong
* scuzhanglei
* wangzhan
* Étienne Guesnet
### Changes
<details><summary>1038 commits</summary>
<p>
* Prepare release notes for v1.6.0-rc.3 ([#6524](https://github.com/containerd/containerd/pull/6524))
* Prepare release notes for v1.6.0-rc.3
* Use white logo in github dark mode ([#6529](https://github.com/containerd/containerd/pull/6529))
* Use white logo in github dark mode
* cri: fix handling of ignore_rdt_not_enabled_errors config option ([#6514](https://github.com/containerd/containerd/pull/6514))
* cri: fix handling of ignore_rdt_not_enabled_errors config option
* pkg/oom/v2: handle EventChan routine shutdown quietly ([#6504](https://github.com/containerd/containerd/pull/6504))
* pkg/oom/v2: handle EventChan routine shutdown quietly
* fix: .dockerignore make git working tree dirty ([#6523](https://github.com/containerd/containerd/pull/6523))
* fix: .dockerignore makes git working tree dirty
* containerd-stress: start task ctr before starting execs ([#6518](https://github.com/containerd/containerd/pull/6518))
* containerd-stress: start task ctr before starting execs
* Document fs_type and fs_options in snapshots/devmapper/README.md ([#6501](https://github.com/containerd/containerd/pull/6501))
* Document fs_type and fs_options in snapshots/devmapper/README.md
* docs: add Talos Linux to the list of adopters ([#6510](https://github.com/containerd/containerd/pull/6510))
* docs: add Talos Linux to the list of adopters
* Prepare 1.6.0-rc.2 ([#6502](https://github.com/containerd/containerd/pull/6502))
* Prepare release notes for v1.6.0-rc.2
* Update releases document
* platforms.Normalize(): do not reset OSVersion and OSFeatures ([#6497](https://github.com/containerd/containerd/pull/6497))
* platforms.Normalize(): do not reset OSVersion and OSFeatures
* tracing: use OTLP/HTTP in addition to OTLP/gRPC ([#6457](https://github.com/containerd/containerd/pull/6457))
* tracing: return (ctx, span) from StartSpan
* tracing: support OTLP/HTTP in addition to gRPC
* Update cgroups to v1.0.3 ([#6498](https://github.com/containerd/containerd/pull/6498))
* Update cgroups to v1.0.3
* seccomp: kernel 5.11 -> 5.16 ([#6494](https://github.com/containerd/containerd/pull/6494))
* seccomp: kernel 5.16 (futex_waitv)
* seccomp: kernel 5.15 (process_mrelease)
* seccomp: kernel 5.14 (quotactl_fd, memfd_secret)
* seccomp: kernel 5.13 (landlock_{add_rule,create_ruleset,restrict_self})
* seccomp: kernel 5.12 (mount_setattr)
* remotes: fix dockerPusher to handle abort correctly ([#6243](https://github.com/containerd/containerd/pull/6243))
* remotes: fix dockerPusher to handle abort correctly
* seccomp: add support for "swapcontext" syscall in default policy ([#6411](https://github.com/containerd/containerd/pull/6411))
* seccomp: add support for "swapcontext" syscall in default policy
* oci: use readonly mount to read user/group info ([#6478](https://github.com/containerd/containerd/pull/6478))
* oci: use readonly mount to read user/group info
* Fix possibly incorrect media type default on import ([#6475](https://github.com/containerd/containerd/pull/6475))
* Fix possibly incorrect media type default on import
* shimv2: handle sigint/sigterm ([#5828](https://github.com/containerd/containerd/pull/5828))
* shimv2: handle sigint/sigterm
* Fix acr fetch token 400 ([#6481](https://github.com/containerd/containerd/pull/6481))
* fix acr fetch token 400
* platforms: add support for matching amd64 variants ([#6455](https://github.com/containerd/containerd/pull/6455))
* platforms: add support for matching amd64 variants
* Fix windows periodic workflow ([#6476](https://github.com/containerd/containerd/pull/6476))
* Fix windows periodic workflow
* docs: add doc-comments on GC-related methods ([#6473](https://github.com/containerd/containerd/pull/6473))
* docs: add doc-comments on GC-related methods
* fix: should not send 137 code event if cmd is notfound ([#6465](https://github.com/containerd/containerd/pull/6465))
* fix: should not send 137 code event if cmd is notfound
* Fix empty scopes return ([#6463](https://github.com/containerd/containerd/pull/6463))
* fix empty scopes return
* Prepare release notes for v1.6.0-rc.1 ([#6462](https://github.com/containerd/containerd/pull/6462))
* Prepare release notes for v1.6.0-rc.1
* Add support for skipping non-dist blob push ([#6424](https://github.com/containerd/containerd/pull/6424))
* ctr: flag to toggle non-distributable blob push
* Add image handler to skip non-distributable blobs.
* Compile binaries for go1.16 and go1.17 in CI ([#6461](https://github.com/containerd/containerd/pull/6461))
* Compile binaries for go1.16 and go1.17 in CI
* services/introspection: fix plugin caching to show grpc plugins ([#6432](https://github.com/containerd/containerd/pull/6432))
* Update caching logic to avoid map access
* services/introspection: support to show introspection grpc service
* Integration: Change to Windows Server 2022 build number constant ([#6458](https://github.com/containerd/containerd/pull/6458))
* Integration: Change to Windows Server 2022 build number constant
* Update kubernetes vendor to 0.22.5 ([#6460](https://github.com/containerd/containerd/pull/6460))
* Update kubernetes vendor to 0.22.5
* Fix rdt build tags for go 1.16 ([#6459](https://github.com/containerd/containerd/pull/6459))
* Fix rdt build tags for go 1.16
* Remove submodule go mod ([#6439](https://github.com/containerd/containerd/pull/6439))
* Remove api go submodule
* Update makefile to remove API submodule
* go.mod: Update hcsshim to v0.9.2 ([#6453](https://github.com/containerd/containerd/pull/6453))
* go.mod: Update hcsshim to v0.9.2
* update runc to v1.1.0 ([#6375](https://github.com/containerd/containerd/pull/6375))
* go.mod: github.com/opencontainers/runc v1.1.0
* update runc binary to v1.1.0
* tracing: fix OTLP tracer's initialization ([#6443](https://github.com/containerd/containerd/pull/6443))
* tracing: fix OTLP tracer's initialization
* gha: run CodeQL scan on pull requests ([#6386](https://github.com/containerd/containerd/pull/6386))
* gha: run CodeQL scan on pull requests
* Do not automatically inject client traces ([#6445](https://github.com/containerd/containerd/pull/6445))
* Do not automatically inject client traces
* [containerd-stress] delete useless code ([#6451](https://github.com/containerd/containerd/pull/6451))
* delete useless code
* Revert "Add shared content label to namespaces" ([#6440](https://github.com/containerd/containerd/pull/6440))
* Revert "Add shared content label to namespaces"
* Add ppc64 support for test images ([#6435](https://github.com/containerd/containerd/pull/6435))
* Add ppc64 support for test images
* ctr: Unify the delete subcommand alias ([#6427](https://github.com/containerd/containerd/pull/6427))
* ctr: Unify the delete subcommand alias
* Prepare release notes for v1.6.0-rc.0 ([#6431](https://github.com/containerd/containerd/pull/6431))
* Prepare release notes for v1.6.0-rc.0
* Integration: Switch to using `auth` Gcloud action in Windows workflow. ([#6397](https://github.com/containerd/containerd/pull/6397))
* Integration: Switch to `upload-cloud-storage` Gcloud action.
* Integration: Switch to using `auth` Gcloud action in Windows workflow.
* remove io/ioutil ([#6426](https://github.com/containerd/containerd/pull/6426))
* remove io/ioutil
* test: e2e node COS cgroupv2 script ([#6418](https://github.com/containerd/containerd/pull/6418))
* test: e2e node COS cgroupv2 script
* Integration: Enable CRITest on Windows 2022. ([#6378](https://github.com/containerd/containerd/pull/6378))
* Enable critest tests on Windows Server 2022.
* Parametrize CRITest test images in Windows Periodic workflow.
* Update error message for apparmor parser ([#6415](https://github.com/containerd/containerd/pull/6415))
* Update error message for apparmor parser
* Fix wrong log message ([#6419](https://github.com/containerd/containerd/pull/6419))
* Fix wrong log message
* Followup errors change ([#6414](https://github.com/containerd/containerd/pull/6414))
* Fix incorrect error wrapped when closing ingest file
* Fix seek error used without nil check
* Fix followup items from errors replacement
* Updates CRI API & Kubernetes to 1.23 ([#6351](https://github.com/containerd/containerd/pull/6351))
* Update k/k to 1.23.0
* Updating adoption of containerd for AKS ([#6416](https://github.com/containerd/containerd/pull/6416))
* Updating adoption of containerd for AKS
* update the adoption status of containerd in GKE ([#6413](https://github.com/containerd/containerd/pull/6413))
* update the adoption status of containerd in GKE
* go.mod: update github.com/containerd/{continuity,go-cni,imgcrypt} ([#6410](https://github.com/containerd/containerd/pull/6410))
* go.mod: update github.com/containerd/{continuity,go-cni,imgcrypt}
* replace github.com/pkg/errors with native errors ([#6366](https://github.com/containerd/containerd/pull/6366))
* feat: replace github.com/pkg/errors to errors
* corrected link in cri architecture documentation ([#6412](https://github.com/containerd/containerd/pull/6412))
* corrected link in cri architecture documentation
* remotes/docker: allow fetching "refresh token" (aka "identity token", "offline token") ([#6396](https://github.com/containerd/containerd/pull/6396))
* remotes/docker: allow fetching "refresh token" (aka "identity token")
* remotes/docker/config: allow setting custom AuthorizerOpts
* Prepare release notes for v1.6.0-beta.5 ([#6407](https://github.com/containerd/containerd/pull/6407))
* Prepare release notes for v1.6.0-beta.5
* Integration: Check GCP secrets on Windows CI artifact upload. ([#6292](https://github.com/containerd/containerd/pull/6292))
* Integration: Check GCP secrets on Windows CI artifact upload.
* Github Security Advisory [GHSA-mvff-h3cj-wj9c](https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c)
* only relabel cri managed host mounts
* Add support for Intel RDT ([#5439](https://github.com/containerd/containerd/pull/5439))
* cri: add ignore_rdt_not_enabled_errors config option
* Update dependencies
* cri: annotations for controlling RDT class
* tasks: add Linux rdt support
* cmd: add --rdt-class command line option
* oci: implement WithRdt
* fix: use _ for consistency ([#6391](https://github.com/containerd/containerd/pull/6391))
* fix: use _ for consistency
* content/local: use syscall.Timespec.Unix ([#6403](https://github.com/containerd/containerd/pull/6403))
* content/local: use syscall.Timespec.Unix
* docs: improve plugin documentation ([#6207](https://github.com/containerd/containerd/pull/6207))
* docs: document the runtime shim plugin config options
* docs: use proper markdown lists in containerd-config.toml.5.md
* fix(ctr): enable networking for Windows containers ([#6304](https://github.com/containerd/containerd/pull/6304))
* fix(ctr): enable networking for Windows containers
* Fix $(PWD) issue for Windows makefile ([#6394](https://github.com/containerd/containerd/pull/6394))
* Fix $(PWD) issue for Windows makefile
* only test abstract uds on linux ([#6395](https://github.com/containerd/containerd/pull/6395))
* fix: only test abstract unix socket on linux
* Fix restart container test ([#6390](https://github.com/containerd/containerd/pull/6390))
* Expect ErrorNotFound on Windows after Kill()
* Replace tskill with taskkill
* fix when kernel version < 4.13rc1 by using index=off cause test error ([#6291](https://github.com/containerd/containerd/pull/6291))
* fix when kernel version < 4.13rc1 by using index=off cause overlay test error
* Fix no-daemon flag for integration/client tests ([#6384](https://github.com/containerd/containerd/pull/6384))
* Fix no-daemon flag for integration/client tests
* Enable lazy init for ext4 with devicemapper ([#6122](https://github.com/containerd/containerd/pull/6122))
* Enable lazy init for ext4 with devicemapper
* Fix flakiness on Windows for list stats ([#6385](https://github.com/containerd/containerd/pull/6385))
* Fix flakiness on Windows for list stats
* cri-integration: Add Windows defaults and fix spaces issue ([#6347](https://github.com/containerd/containerd/pull/6347))
* cri-integration: Add Windows default paths
* Upgrade OpenTelemetry dependencies ([#6383](https://github.com/containerd/containerd/pull/6383))
* Upgrade k8s.io/klog/v2 from 2.9.0 to 2.20.0
* Use insecure.NewCredentials instead of grpc.WithInsecure
* Upgrade OpenTelemetry dependencies
* Fix default makefile target for windows ([#6322](https://github.com/containerd/containerd/pull/6322))
* Fix default makefile target for windows
* Disable TestContainerHook on Windows ([#6379](https://github.com/containerd/containerd/pull/6379))
* Disable TestContainerHook on Windows
* seutil: Fix setting the "container_kvm_t" label ([#6372](https://github.com/containerd/containerd/pull/6372))
* seutil: Fix setting the "container_kvm_t" label
* Remove Windows integration testing for 2004. ([#6350](https://github.com/containerd/containerd/pull/6350))
* Remove Windows integration testing for 2004.
* OCI: Mount (accessible) host devices in privileged rootless containers ([#6308](https://github.com/containerd/containerd/pull/6308))
* OCI: Mount (accessible) host devices in privileged rootless containers
* oci.getDevices(): move "non-dir, non '/dev/console'" case into switch
* cri: add support for configuring swap ([#6320](https://github.com/containerd/containerd/pull/6320))
* fixup: check for swap accounting
* fixup: handle diff between cgroupsv1 and v2
* cri: add support for configuring swap
* Integration: Enable TestVolumeOwnership on Windows ([#6275](https://github.com/containerd/containerd/pull/6275))
* Replace find with native Go code
* Enable TestVolumeOwnership on Windows
* Prepare release notes for v1.6.0-beta.4 ([#6296](https://github.com/containerd/containerd/pull/6296))
* Prepare release notes for v1.6.0-beta.4
* refactor: functions for error log and error return ([#6358](https://github.com/containerd/containerd/pull/6358))
* feat: Errorf usage
* Split apart runc shim into plugin components ([#6021](https://github.com/containerd/containerd/pull/6021))
* Use task plugin for runc shim
* Seperate shim manager and task service
* Split runc shim into plugin components
* Add shutdown package
* CRI update for sandbox sizing ([#6155](https://github.com/containerd/containerd/pull/6155))
* cri, sandbox: pass sandbox resource details if available, applicable
* medatada: make namespaces' deletion error less cryptic ([#6354](https://github.com/containerd/containerd/pull/6354))
* medatada: make namespaces' deletion error less cryptic
* ListContainerStats to return stats response if ContainerStatsFilter is nil ([#6373](https://github.com/containerd/containerd/pull/6373))
* add-list-stat: return container list if filter is nil
* integration: deflake TestContainerdRestart ([#6369](https://github.com/containerd/containerd/pull/6369))
* integration: deflake TestContainerdRestart
* feat: add timeout for bolt open ([#6225](https://github.com/containerd/containerd/pull/6225))
* feat: support custom timeout for blot open
* Update Go to 1.17.5 ([#6333](https://github.com/containerd/containerd/pull/6333))
* Update Go to 1.17.5
* cri/server: use consistent alias for pkg/ioutil ([#6332](https://github.com/containerd/containerd/pull/6332))
* cri/server: use consistent alias for pkg/ioutil
* Disable restart monitor test in Windows ([#6364](https://github.com/containerd/containerd/pull/6364))
* Disable restart monitor test in Windows
* Don't fail-fast on Windows integration tests ([#6338](https://github.com/containerd/containerd/pull/6338))
* Don't fail-fast on Windows integration tests
* Update restart monitor test to output daemon logs on failure ([#6355](https://github.com/containerd/containerd/pull/6355))
* Run windows parallel integration test as short
* Update restart monitor test to output daemon logs on failure
* go.mod: update image-spec to latest (v1.0.3-dev) ([#6263](https://github.com/containerd/containerd/pull/6263))
* images/converter: remove deprecated types
* go.mod: update image-spec to latest (v1.0.3-dev)
* Skip WithAdditionalGIDs on Darwin ([#6353](https://github.com/containerd/containerd/pull/6353))
* Skip WithAdditionalGIDs on Darwin
* Use RFC3339 format on Windows periodic resource group creation so cleanup works ([#6303](https://github.com/containerd/containerd/pull/6303))
* Use RFC3339 format so rg cleanup works
* update runc to v1.0.3 ([#6330](https://github.com/containerd/containerd/pull/6330))
* go.mod: github.com/opencontainers/runc v1.0.3
* update runc binary to v1.0.3
* Unblock native snapshotter on Darwin ([#6329](https://github.com/containerd/containerd/pull/6329))
* Allow native snapshotter on Darwin
* Do not use `go get` to install executables ([#6328](https://github.com/containerd/containerd/pull/6328))
* Do not use `go get` to install executables
* Include runtime v2 in default builtins ([#6326](https://github.com/containerd/containerd/pull/6326))
* Include runtime v2 in default builtins
* Add Windows Server 2022 CI runs ([#6314](https://github.com/containerd/containerd/pull/6314))
* Add Windows Server 2022 CI runs
* Set explicit ACL on test files ([#6324](https://github.com/containerd/containerd/pull/6324))
* Use a single RUN command
* Set explicit ACL on test files
* integration: align tags of test images ([#6311](https://github.com/containerd/containerd/pull/6311))
* integration: align tags of test images
* Set CONTAINERD_ROOT in Windows cri-integration ([#6325](https://github.com/containerd/containerd/pull/6325))
* Set CONTAINERD_ROOT in Windows cri-integration
* export oci.DeviceFromPath() ([#6312](https://github.com/containerd/containerd/pull/6312))
* export oci.DeviceFromPath()
* Update volume test images ([#6321](https://github.com/containerd/containerd/pull/6321))
* Update continuity dependency
* Update volume test images
* Update TestRestartMonitor expected time check ([#6201](https://github.com/containerd/containerd/pull/6201))
* Add error logging on cleanup
* Update TestRestartMonitor expected time check
* Move test volume images from gcr to ghcr ([#6319](https://github.com/containerd/containerd/pull/6319))
* Move volume images from gcr to ghcr
* Revert shim service plugin migration ([#6301](https://github.com/containerd/containerd/pull/6301))
* Revert shim plugin migration
* Authenticate against ghcr.io ([#6317](https://github.com/containerd/containerd/pull/6317))
* Add permissions
* Authenticate against ghcr.io
* oci/deviceFromPath(): correctly check device types ([#6306](https://github.com/containerd/containerd/pull/6306))
* oci/deviceFromPath(): correctly check device types
* Skip TestExportAndImportMultiLayer on Windows ([#6315](https://github.com/containerd/containerd/pull/6315))
* Skip TestExportAndImportMultiLayer on Windows
* Integration: Add image build workflow ([#6290](https://github.com/containerd/containerd/pull/6290))
* Add image build workflow
* Integration: Separate Windows Periodic Tests workflow trigger. ([#6286](https://github.com/containerd/containerd/pull/6286))
* Integration: Separate Windows Periodic Tests workflow trigger.
* Build volume test images on Windows ([#6274](https://github.com/containerd/containerd/pull/6274))
* Build volume test images on Windows
* Add VMware TKG & TCE to Containerd adopters ([#6297](https://github.com/containerd/containerd/pull/6297))
* Add VMware TKG & TCE to Containerd adopters
* Vagrantfile: update to Fedora 35 ([#6293](https://github.com/containerd/containerd/pull/6293))
* Vagrantfile: update to Fedora 35
* Update README.md repo->org ([#6269](https://github.com/containerd/containerd/pull/6269))
* Update README.md repo->org
* Fix executable file not found when restoring shims ([#6278](https://github.com/containerd/containerd/pull/6278))
* Fix executable file not found when restoring shims
* ctr/snapshots/diff: show media-type in stderr ([#6271](https://github.com/containerd/containerd/pull/6271))
* ctr/snapshots/diff: don't show the media-type in output
* ctr: Add Linux Capabilities control flags ([#6289](https://github.com/containerd/containerd/pull/6289))
* ctr: Add Linux Capabilities control flags
* integration: add stats result in error message ([#6270](https://github.com/containerd/containerd/pull/6270))
* integration: add stats result in error message
* releases: mark 1.4 as Extended ([#6287](https://github.com/containerd/containerd/pull/6287))
* docs: mark 1.4 as Extended
* docs: fix RELEASES.md gRPC API anchor
* feat: skip ci for fork ([#6284](https://github.com/containerd/containerd/pull/6284))
* feat: skip ci for fork
* content/local: Close the file if Seek fails ([#6280](https://github.com/containerd/containerd/pull/6280))
* content/local: Close the file if Seek fails
* Integration: Remove explicit version passing to `azure/CLI`. ([#6268](https://github.com/containerd/containerd/pull/6268))
* Integration: Remove explicit version passing to `azure/CLI`.
* Fix wrong make target on documentation ([#6276](https://github.com/containerd/containerd/pull/6276))
* Fix wrong make target on documentation
* fix: server error return ([#6272](https://github.com/containerd/containerd/pull/6272))
* fix: server error return
* Prepare release notes for v1.6.0-beta.3 ([#6267](https://github.com/containerd/containerd/pull/6267))
* Prepare release notes for v1.6.0-beta.3
* Update API version in go.mod
* Update release name to use consistent format
* feat:support custom callopts on client side ([#6254](https://github.com/containerd/containerd/pull/6254))
* fix: make max recv/send msg size setting default
* feat:support custom callopts on client side
* [CRI] Fix panic when registry.mirrors use localhost ([#6258](https://github.com/containerd/containerd/pull/6258))
* [CRI] Fix panic when registry.mirrors use localhost
* Add support for TMP override on toml ([#6241](https://github.com/containerd/containerd/pull/6241))
* Add support for TMP override on toml
* CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options ([#6170](https://github.com/containerd/containerd/pull/6170))
* CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options
* Github Security Advisory [GHSA-5j5w-g665-5m35](https://github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35)
* schema1: reject ambiguous documents
* images: validate document type before unmarshal
* [cri] add sandbox and container latency metrics ([#6111](https://github.com/containerd/containerd/pull/6111))
* [cri] add sandbox and container latency metrics
* Integration: Generalize Windows CI setup scripts for any username. ([#6255](https://github.com/containerd/containerd/pull/6255))
* Generalize Windows CI setup script for any user.
* Standardize cmdlet capitalization in Windows CI scripts.
* feat: use rwmutex instead ([#6253](https://github.com/containerd/containerd/pull/6253))
* feat: use rwmutex instead
* Allow absolute path to shim binaries ([#6206](https://github.com/containerd/containerd/pull/6206))
* Fix package alias
* Support custom runtime path when launching tasks
* Add runtime path in CreateTaskRequest
* Close file if permission modification fails ([#6246](https://github.com/containerd/containerd/pull/6246))
* Close file if permission modification fails
* release: change tar name to match prior releases ([#6250](https://github.com/containerd/containerd/pull/6250))
* release: change tar name to match prior releases
* Fix wrong error returned for image index lookup ([#6237](https://github.com/containerd/containerd/pull/6237))
* Fix wrong error returned for image index lookup
* Fix containerd fails to pull OCI image with non-`http(s)://` urls ([#6221](https://github.com/containerd/containerd/pull/6221))
* Fix containerd fails to pull OCI image with non-`http(s)://` urls
* Prepare release notes for v1.6.0-beta.2 ([#6223](https://github.com/containerd/containerd/pull/6223))
* Prepare release notes for v1.6.0-beta.2
* Add arm64 to releases ([#6196](https://github.com/containerd/containerd/pull/6196))
* Rename release dockerfile to omit distro name
* release: improve dockerfile
* Add arm64 to releases
* use write lock when updating container stats ([#6236](https://github.com/containerd/containerd/pull/6236))
* use write lock when updating container stats
* go.mod: Bump hcsshim to v0.9.1 ([#6230](https://github.com/containerd/containerd/pull/6230))
* go.mod: Bump hcsshim to v0.9.1
* go.mod: Bump ttrpc to 1.1.0 ([#6228](https://github.com/containerd/containerd/pull/6228))
* go.mod: Bump ttrpc to 1.1.0
* go.mod: bump moby/sys/symlink v0.2.0, moby/sys/signal v0.6.0, moby/sys/mountinfo v0.5.0 ([#6213](https://github.com/containerd/containerd/pull/6213))
* go.mod: github.com/moby/sys/mountinfo v0.5.0
* go.mod: github.com/moby/sys/signal v0.6.0
* go.mod: github.com/moby/sys/symlink v0.2.0
* go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
* cleanup: add more description on comment ([#6222](https://github.com/containerd/containerd/pull/6222))
* cleanup: add more description on comment
* Update Go to 1.17.3 ([#6211](https://github.com/containerd/containerd/pull/6211))
* Update Go to 1.17.3
* CI: bump up crun: 1.0 -> 1.3 ([#6214](https://github.com/containerd/containerd/pull/6214))
* CI: bump up crun: 1.0 -> 1.3
* Pin az CLI version in windows-periodic workflow ([#6205](https://github.com/containerd/containerd/pull/6205))
* Pin az CLI version
* Decouple task manager ([#5918](https://github.com/containerd/containerd/pull/5918))
* Address PR comments
* Fix build after rebase
* Migrate task directory
* Expose shim process interface
* Fix after rebase
* Cleanup shim loading
* Move shim restore to a separate file
* Fix backward compatibility with old task shims
* Add plugin dependency between shim and shim services
* Rework task create and cleanup flow
* Add task manager
* Rename task manager to shim manager
* [cri] Implement k8s 1.23 CRI Pod Sandbox and Container Stats ([#6113](https://github.com/containerd/containerd/pull/6113))
* Implement CRI container and pods stats
* Vendor latest k8s.io/cri-api and netlink
* test: Add grace period for restart monitor test ([#6200](https://github.com/containerd/containerd/pull/6200))
* test: Add grace period for restart monitor test
* integration: Enables TestRuntimeHandler for Windows ([#6179](https://github.com/containerd/containerd/pull/6179))
* integration: Enables TestRuntimeHandler for Windows
* Add mkdir on Dockerfile ([#6171](https://github.com/containerd/containerd/pull/6171))
* Add mkdir on Dockerfile
* sys/reaper: avoid leaky goroutine when exec timeout ([#6189](https://github.com/containerd/containerd/pull/6189))
* sys/reaper: avoid leaky goroutine when exec timeout
* adds additional debug out to timebox cni setup ([#6184](https://github.com/containerd/containerd/pull/6184))
* adds additional debug out to timebox cni setup
* converter: Allow hooks during image conversion ([#6176](https://github.com/containerd/containerd/pull/6176))
* converter: Allow hooks during image conversion
* compression: support zstd with skippable frame ([#6177](https://github.com/containerd/containerd/pull/6177))
* compression: support zstd with skippable frame
* integration: Enables TestVolumeCopyUp for Windows ([#6182](https://github.com/containerd/containerd/pull/6182))
* integration: Enables TestVolumeCopyUp for Windows
* integration: Enable some tests for Windows (part 2) ([#6121](https://github.com/containerd/containerd/pull/6121))
* integration: Enable some tests for Windows (part 2)
* integration: Enable some tests for Windows ([#6085](https://github.com/containerd/containerd/pull/6085))
* integration: Enable some tests for Windows
* Update doc to version 2 syntax ([#6125](https://github.com/containerd/containerd/pull/6125))
* feat(doc): update to version 2 syntax
* fix shim reaper wait command execute blocked ([#6166](https://github.com/containerd/containerd/pull/6166))
* fix shim reaper wait command execute blocked
* content: close stream after commit request ([#6145](https://github.com/containerd/containerd/pull/6145))
* content: close stream after commit request
* Generating token options with each scope as a separate string. ([#6165](https://github.com/containerd/containerd/pull/6165))
* Adding scope tests for ParseAuthHeader
* Adding tests for GenerateTokenOptions
* Generate token options with each scope as a separate string.
* vendor: Updates go-cni ([#6167](https://github.com/containerd/containerd/pull/6167))
* vendor: Updates go-cni
* commands: Enables task metrics for Windows ([#6159](https://github.com/containerd/containerd/pull/6159))
* commands: Enables task metrics for Windows
* vendor: update moby/sys for darwin support ([#6149](https://github.com/containerd/containerd/pull/6149))
* vendor: update moby/sys for darwin support
* Prepare v1.6.0-beta.1 ([#6144](https://github.com/containerd/containerd/pull/6144))
* Prepare release notes for v1.6.0-beta.1
* Update mailmap
* Update api vendor
* bump cni to spec v1.0.0 ([#6136](https://github.com/containerd/containerd/pull/6136))
* bump CNI to spec v1.0.0
* Inject otel traces to grpc client. ([#5992](https://github.com/containerd/containerd/pull/5992))
* Inject otel traces to grpc client.
* client: expose (*image).platform ([#6142](https://github.com/containerd/containerd/pull/6142))
* client: expose (*image).platform
* Adding documentation for Core Scheduling ([#6128](https://github.com/containerd/containerd/pull/6128))
* feat(doc): add Core Scheduling documentation
* Ensure namespace is proxied to grpc/ttrpc plugins ([#6130](https://github.com/containerd/containerd/pull/6130))
* Ensure namespace is proxied to grpc/ttrpc plugins
* fix #6054 MaxConcurrentDownloads is not effect when Unpack is true ([#6109](https://github.com/containerd/containerd/pull/6109))
* fix #6054 MaxConcurrentDownloads is not effect when Unpack is true
* Output a warning for label image labels instead of erroring ([#6124](https://github.com/containerd/containerd/pull/6124))
* Output a warning for label image labels instead of erroring
* Fix spelling mistake in Windows snapshotter ([#6132](https://github.com/containerd/containerd/pull/6132))
* Fix spelling mistake in Windows snapshotter
* Windows: Cleanup rm- prefixed layers ([#6126](https://github.com/containerd/containerd/pull/6126))
* Windows: Cleanup rm- prefixed layers
* cleanup deprecated package `io/ioutil ` ([#6118](https://github.com/containerd/containerd/pull/6118))
* io/ioutil package has been deprecated in Go 1.16 that replaces io/ioutil functions
* close Writer after use which may memory leak ([#6115](https://github.com/containerd/containerd/pull/6115))
* close Writer after use which may leak mem
* Adds Windows resource limits support ([#5778](https://github.com/containerd/containerd/pull/5778))
* Adds Windows resource limits support
* Prepare release notes for v1.6.0-beta.0 ([#6098](https://github.com/containerd/containerd/pull/6098))
* Prepare release notes for v1.6.0-beta.0
* Add error message to in TestContainerdRestart integration test ([#6105](https://github.com/containerd/containerd/pull/6105))
* Add error message to in TestContainerdRestart integration test
* Fix typo in the NewContainer function documentation ([#6110](https://github.com/containerd/containerd/pull/6110))
* Fix typo in the NewContainer function documentation
* Update cgroups to v1.0.2 ([#6104](https://github.com/containerd/containerd/pull/6104))
* Update cgroups to v1.0.2
* btrfs: verify file content after mount ([#6100](https://github.com/containerd/containerd/pull/6100))
* test: check file content after mount
* Update test timeout based on recent cancellations ([#6107](https://github.com/containerd/containerd/pull/6107))
* Update test timeout based on recent cancellations
* Check the pid in cri test teardown ([#6106](https://github.com/containerd/containerd/pull/6106))
* Remove extra test_teardown
* Check the pid in cri test teardown
* add runc shim support for sched core ([#6011](https://github.com/containerd/containerd/pull/6011))
* fix integration client vendor
* add runc shim support for sched core
* integration: Enables Windows containerd restart test ([#5579](https://github.com/containerd/containerd/pull/5579))
* integration: Enables Windows containerd restart test
* vendor: Bump hcsshim to 0.9.0 ([#6099](https://github.com/containerd/containerd/pull/6099))
* vendor: Bump hcsshim to 0.9.0
* [cri] Add CNI conf based on runtime class ([#4695](https://github.com/containerd/containerd/pull/4695))
* Add CNI conf based on runtime class
* Update Go to 1.17.2 ([#6102](https://github.com/containerd/containerd/pull/6102))
* Update Go to 1.17.2
* integration: Adds test for multilayer image import ([#5933](https://github.com/containerd/containerd/pull/5933))
* integration: Adds test for multilayer image import
* runtime: should fail fast if dial error on shim ([#6031](https://github.com/containerd/containerd/pull/6031))
* runtime: should fail fast if dial error on shim
* Fixes Windows containers with image volumes ([#6034](https://github.com/containerd/containerd/pull/6034))
* Windows: Fixes Windows containers with image volumes
* run `gofmt` with GO 1.17 ([#6094](https://github.com/containerd/containerd/pull/6094))
* run `gofmt` with Go 1.17
* pkg/cap: remove an outdated comment ([#6088](https://github.com/containerd/containerd/pull/6088))
* pkg/cap: remove an outdated comment
* Update go otel 1.0.1 ([#6066](https://github.com/containerd/containerd/pull/6066))
* Update go otel 1.0.1
* Update ADOPTERS.md with additional uses ([#6086](https://github.com/containerd/containerd/pull/6086))
* Update ADOPTERS.md with additional uses
* modify the way for checking cos ([#6082](https://github.com/containerd/containerd/pull/6082))
* modify the way for checking cos
* Fuzzing: Add fuzzers + small modifications ([#5915](https://github.com/containerd/containerd/pull/5915))
* Fuzzing: Add 4 fuzzers + small modifications
* Fixes for Windows CI ([#6081](https://github.com/containerd/containerd/pull/6081))
* Pin mingw to version 10.2.0
* Update to golang 1.17.1
* Install nssm
* Github Security Advisory [GHSA-c2h3-6mxw-7mvq](https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq)
* btrfs: reduce permissions on plugin directories
* v1 runtime: reduce permissions for bundle dir
* v2 runtime: reduce permissions for bundle dir
* task service: return known error type ([#6079](https://github.com/containerd/containerd/pull/6079))
* task service: return known error type
* refactor: move from io/ioutil to io and os package ([#5973](https://github.com/containerd/containerd/pull/5973))
* refactor: move from io/ioutil to io and os package
* fix: import from k8s.io/utils/clock instead ([#6076](https://github.com/containerd/containerd/pull/6076))
* fix: update vendor
* cleanup: import from k8s.io/utils/clock/testing instead
* cleanup: import from k8s.io/utils/clock instead
* feat: enable integration cri remote client to call with grpc calloptions ([#6069](https://github.com/containerd/containerd/pull/6069))
* feat: enable cri remote client to call with grpc calloptions
* cleanup k8s ansible yaml (carry for #5713) ([#6074](https://github.com/containerd/containerd/pull/6074))
* cleanup k8s ansible yaml (carry for https://github.com/jayonlau <jayonlau@gmail.com>)
* feat: support import image for specific platform ([#6070](https://github.com/containerd/containerd/pull/6070))
* fix: wrong flag type
* feat: support import image for specific platform
* Update mirror images to take target image name ([#6065](https://github.com/containerd/containerd/pull/6065))
* Update mirror images to take target image name
* fix: make exec-id flag required in exec command ([#6059](https://github.com/containerd/containerd/pull/6059))
* fix: make exec-id flag required in exec command
* images: enable converter to uncompress zstd ([#6052](https://github.com/containerd/containerd/pull/6052))
* images: enable converter to uncompress zstd
* replace deprecated function with Domain and Path ([#5922](https://github.com/containerd/containerd/pull/5922))
* replace deprecated function
* integration: Adds Windows HostProcess tests ([#5853](https://github.com/containerd/containerd/pull/5853))
* integration: Adds Windows HostProcess tests
* Fix main branch build is broken ([#6047](https://github.com/containerd/containerd/pull/6047))
* Fix main branch build is broken
* Add open telemetry logging hook for logrus ([#6003](https://github.com/containerd/containerd/pull/6003))
* Add open telemetry logging hook for logrus
* Change `oci.WithUser` behavior for LCOW ([#6023](https://github.com/containerd/containerd/pull/6023))
* Change oci.WithUser behavior for LCOW
* switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound) ([#5946](https://github.com/containerd/containerd/pull/5946))
* switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound)
* import: Raise error if the imported image is filtered out ([#5926](https://github.com/containerd/containerd/pull/5926))
* import: Raise error if the imported image is filtered out
* Fix panic in metadata content writer on copy error ([#6043](https://github.com/containerd/containerd/pull/6043))
* Fix panic in metadata content writer on copy error
* Move tracing to plugin ([#6001](https://github.com/containerd/containerd/pull/6001))
* Move tracing to plugin
* ctr: Fixes Windows image import ([#5916](https://github.com/containerd/containerd/pull/5916))
* ctr: Fixes Windows image import
* update open go.opentelemetry.io v1.0.0 to fix import path ([#6017](https://github.com/containerd/containerd/pull/6017))
* go.mod: update opentelemetry modules to v1.0.0
* fix error string format ([#5979](https://github.com/containerd/containerd/pull/5979))
* fix error string format
* Add github action to mirror image ([#6036](https://github.com/containerd/containerd/pull/6036))
* Add github action to mirror image
* add current process state to the error message ([#6027](https://github.com/containerd/containerd/pull/6027))
* add current process state to the error message
* FreeBSD: fix tar headers & the nil check on getxattr ([#5991](https://github.com/containerd/containerd/pull/5991))
* FreeBSD: fix tar headers & the nil check on getxattr
* gha: collect VMs' IP addresses ([#6035](https://github.com/containerd/containerd/pull/6035))
* gha: collect Vagrant VMs' IP addresses
* bump continuity and console version that remove pkg/errors ([#6033](https://github.com/containerd/containerd/pull/6033))
* bump continuity and console version that remove pkg/errors
* import: Add option to prevent duplicated digest image ([#5997](https://github.com/containerd/containerd/pull/5997))
* import: Add option to skip creating digest image
* ctr namespaces: improve usage string ([#5998](https://github.com/containerd/containerd/pull/5998))
* ctr namespaces: improve usage string
* bump console version to v1.0.3 that remove pkg/errors ([#6028](https://github.com/containerd/containerd/pull/6028))
* bump console version to v1.0.3 that remove pkg/errors
* Use github images for integration tests ([#6032](https://github.com/containerd/containerd/pull/6032))
* Use github images for integration tests
* Fix typo ([#5995](https://github.com/containerd/containerd/pull/5995))
* Fix typo
* Enable image config labels in ctr and CRI container creation ([#6012](https://github.com/containerd/containerd/pull/6012))
* Enable image config labels in ctr and CRI container creation
* Make sure exit signals trigger an exit during init ([#5970](https://github.com/containerd/containerd/pull/5970))
* Make sure exit signals trigger an exit during init
* task delete: Closes task IO before waiting ([#5974](https://github.com/containerd/containerd/pull/5974))
* task delete: Closes task IO before waiting
* CI: bump up crun to 1.0 ([#5985](https://github.com/containerd/containerd/pull/5985))
* CI: bump up crun to 1.0
* seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted) ([#5982](https://github.com/containerd/containerd/pull/5982))
* seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)
* Update to Go 1.17.1 ([#5990](https://github.com/containerd/containerd/pull/5990))
* Update to Go 1.17.1
* CI: Switch to available latest images ([#5987](https://github.com/containerd/containerd/pull/5987))
* CI: Switch to available latest images
* add xfs support to devicemapper snapshotter ([#5610](https://github.com/containerd/containerd/pull/5610))
* add xfs support to devicemapper snapshotter
* Fixes task kill --force on Windows ([#5956](https://github.com/containerd/containerd/pull/5956))
* Fixes task kill --force on Windows
* Add support for shim plugins ([#5817](https://github.com/containerd/containerd/pull/5817))
* Add support for shim plugins
* vendor: update continuity for darwin support ([#5976](https://github.com/containerd/containerd/pull/5976))
* vendor: update continuity for darwin support
* replace uses of os/exec with golang.org/x/sys/execabs ([#5906](https://github.com/containerd/containerd/pull/5906))
* replace uses of os/exec with golang.org/x/sys/execabs
* complete integration test for pulling image with labels ([#5972](https://github.com/containerd/containerd/pull/5972))
* Additional integration tests for pulling image with labels
* Fix content copy to not ignore unexpected EOF ([#5966](https://github.com/containerd/containerd/pull/5966))
* Fix content copy to not ignore unexpected EOF
* add ip_pref CNI options for primary pod ip ([#5964](https://github.com/containerd/containerd/pull/5964))
* add ip_pref CNI options for primary pod ip
* cri: add devices for privileged container ([#5939](https://github.com/containerd/containerd/pull/5939))
* cri: add devices for privileged container
* sandbox: Allows the sandbox to be deleted in NotReady state ([#5954](https://github.com/containerd/containerd/pull/5954))
* sandbox: Allows the sandbox to be deleted in NotReady state
* pin protobuild version to tag ([#5969](https://github.com/containerd/containerd/pull/5969))
* pin protobuild version to tag
* Add metric exposing build version&revision ([#5965](https://github.com/containerd/containerd/pull/5965))
* use a const metric for build_info
* Add metric exposing build version&revision
* Feature: containerd-cri support LinuxContainerResources.Unified ([#5627](https://github.com/containerd/containerd/pull/5627))
* add cri test case
* feature: add field LinuxContainerResources.Unified on cri
* integration: investigate TestRestartMonitor's failure ([#5861](https://github.com/containerd/containerd/pull/5861))
* integration: investigate TestRestartMonitor's failure
* Use issue forms for bug reporting ([#5917](https://github.com/containerd/containerd/pull/5917))
* Address issue forms feedback
* Use issue forms for bug reporting
* cri: patch update image labels ([#5945](https://github.com/containerd/containerd/pull/5945))
* cri: patch update image labels
* darwin: runtime support ([#5936](https://github.com/containerd/containerd/pull/5936))
* darwin: runtime support
* darwin: use the default values for socketRoot variable
* Update RELEASES.md ([#5858](https://github.com/containerd/containerd/pull/5858))
* Update RELEASES.md
* archive: Add WriteDiff error logs ([#5949](https://github.com/containerd/containerd/pull/5949))
* archive: Add WriteDiff error logs
* replace deprecated Dialer with ContextDialer ([#5958](https://github.com/containerd/containerd/pull/5958))
* replace deprecated Dail with DailContext
* Add WS2022 support in Windows Periodic tests ([#5951](https://github.com/containerd/containerd/pull/5951))
* Add WS2022 support in Windows Periodic tests
* Content fuzzer: Clean up temp store dir ([#5943](https://github.com/containerd/containerd/pull/5943))
* content fuzzer: Clean up tempdir
* using Hosts replace deprecated field ([#5944](https://github.com/containerd/containerd/pull/5944))
* using Hosts replace deprecated field
* fix document non-synchronous ([#5947](https://github.com/containerd/containerd/pull/5947))
* fix document non-synchronous in crictl.md
* go.mod: Update hcsshim to v0.8.21 ([#5929](https://github.com/containerd/containerd/pull/5929))
* go.mod: Update hcsshim to v0.8.21
* Makefile.linux: build on RISC-V with PIE ([#5937](https://github.com/containerd/containerd/pull/5937))
* Makefile.linux: build on riscv with PIE
* Fix cwd flag for `ctr tasks exec` ([#5932](https://github.com/containerd/containerd/pull/5932))
* Fix cwd flag for `ctr tasks exec`
* Update Pause image in tests & config ([#5927](https://github.com/containerd/containerd/pull/5927))
* Update Pause image in tests & config
* cri: Devices ownership from SecurityContext ([#5122](https://github.com/containerd/containerd/pull/5122))
* cri: Devices ownership from SecurityContext
* Fix pull fails on unexpected EOF ([#5921](https://github.com/containerd/containerd/pull/5921))
* Fix pull fails on unexpected EOF
* Fix dir support for devices ([#5845](https://github.com/containerd/containerd/pull/5845))
* Adding testing of two devices
* Fix dir support for devices V3 (#4847)
* windows: The DefaultSpec platform should match the Default matcher ([#5914](https://github.com/containerd/containerd/pull/5914))
* windows: The DefaultSpec platform should match the Default matcher
* Add RunAsUserName functionality for the Windows pod sandbox container ([#5865](https://github.com/containerd/containerd/pull/5865))
* Add RunAsUserName functionality for the Windows Pod Sandbox Container
* bump up runc v1.0.2 ([#5899](https://github.com/containerd/containerd/pull/5899))
* go.mod: update runc to v1.0.2
* update runc binary to v1.0.2
* Run `go fmt` with Go 1.17 ([#5903](https://github.com/containerd/containerd/pull/5903))
* Run `go fmt` with Go 1.17
* go.mod: github.com/pelletier/go-toml v1.9.3 ([#5905](https://github.com/containerd/containerd/pull/5905))
* go.mod: github.com/pelletier/go-toml v1.9.3
* cri: filter selinux xattr for image volumes ([#5902](https://github.com/containerd/containerd/pull/5902))
* cri: filter selinux xattr for image volumes
* Add Windows HostProcess Support ([#5131](https://github.com/containerd/containerd/pull/5131))
* Added windows hostProcess cni skip
* script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0 ([#5897](https://github.com/containerd/containerd/pull/5897))
* script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0
* Update to Go 1.17 ([#5889](https://github.com/containerd/containerd/pull/5889))
* Bump integration timeout to 35 min
* Update to Go 1.17
* integration: fix TestContainerPids ([#5896](https://github.com/containerd/containerd/pull/5896))
* integration: fix TestContainerPids
* [ctr] add HOSTNAME env for host network ([#5891](https://github.com/containerd/containerd/pull/5891))
* [ctr] add HOSTNAME env for host network
* Fuzzing: Add fuzzer ([#5886](https://github.com/containerd/containerd/pull/5886))
* Fuzzing: Add fuzzer
* Make Cgroup driver configurable in gce configure script ([#5884](https://github.com/containerd/containerd/pull/5884))
* Add env for SystemdCgroup driver
* Allow expanded DNS configuration ([#5878](https://github.com/containerd/containerd/pull/5878))
* Allow expanded DNS configuration
* Fuzzing: Add 4 fuzzers ([#5863](https://github.com/containerd/containerd/pull/5863))
* Fuzzing: Add 4 fuzzers
* Cleanup v2 shim ([#5813](https://github.com/containerd/containerd/pull/5813))
* Cleanup v2 shim
* Fuzzing: Add experimental version of container fuzzer ([#5840](https://github.com/containerd/containerd/pull/5840))
* Use http.Get to download binaries instead of exec.Command
* Fuzzing: Add experimental version of container fuzzer
* add cpu-shares to ctr ([#5846](https://github.com/containerd/containerd/pull/5846))
* add cpu-shares to ctr
* docs: rename master to main (it was opposite on the actual commit) ([#5847](https://github.com/containerd/containerd/pull/5847))
* docs: rename main to master
* content: return the error with its timestamp ([#5849](https://github.com/containerd/containerd/pull/5849))
* content: return the error with its timestamp
* Fix bad `make protos` failure ([#5857](https://github.com/containerd/containerd/pull/5857))
* Fix bad `make protos` failure
* replace cri and point to new location ([#5851](https://github.com/containerd/containerd/pull/5851))
* archive docs and point to new location fix #https://github.com/containerd/cri/issues/1624
* docs: remove FOSSA's badge ([#5856](https://github.com/containerd/containerd/pull/5856))
* docs: remove FOSSA's badge
* BUILDING.md: remove some bits about building runc ([#5850](https://github.com/containerd/containerd/pull/5850))
* BUILDING.md: remove some bits about building runc
* BUILDING.md: markdown fixes
* go.mod: update k8s deps to v1.22.0 ([#5836](https://github.com/containerd/containerd/pull/5836))
* go.mod: update kubernetes to v1.22.0
* [Scripts] Add trap to cri-integration test script ([#5852](https://github.com/containerd/containerd/pull/5852))
* Add trap to cri-integration test script
* docs: list all snapshotter-related build flags ([#5848](https://github.com/containerd/containerd/pull/5848))
* docs: list all snapshotter-related build flags
* Move plugin context events into separate plugin ([#5835](https://github.com/containerd/containerd/pull/5835))
* Move plugin context events into separate plugin
* Fix Linux CI Linter using Go 1.15.14 ([#5839](https://github.com/containerd/containerd/pull/5839))
* Fix Linux CI Linter using go 1.15.14
* Update Go to 1.16.7 ([#5842](https://github.com/containerd/containerd/pull/5842))
* Update Go to 1.16.7
* Cleanup CI ([#5838](https://github.com/containerd/containerd/pull/5838))
* Cleanup CI
* Remove redundant build tags ([#5834](https://github.com/containerd/containerd/pull/5834))
* Remove redundant build tags
* Change default directories on Darwin ([#5830](https://github.com/containerd/containerd/pull/5830))
* Change default directories on Darwin
* [otel-tracing] Initial opentelemetry support ([#5731](https://github.com/containerd/containerd/pull/5731))
* [otel-tracing] vendor and go modules changes
* [otel-tracing] Initial opentelemetry support
* remove go 1.13 from containerd
* Fuzzing: Fix for OSS-fuzz issue 36825 ([#5829](https://github.com/containerd/containerd/pull/5829))
* Fuzzing: Fix for OSS-fuzz issue 36825
* Fuzzing: Add two fuzzers ([#5825](https://github.com/containerd/containerd/pull/5825))
* Fuzzing: Add two more fuzzers
* scripts: linting fixes, and remove support for Debian Jessie (as it's EOL) ([#5760](https://github.com/containerd/containerd/pull/5760))
* scripts: declare ROOT closer to where it's used, and some DRY changes
* scripts: add missing quotes, and minor linting issues
* test/build-utils.sh: remove support for Debian Jessie
* platforms: Format(): use path.Join() instead of joinNotEmpty() ([#5821](https://github.com/containerd/containerd/pull/5821))
* platforms: Format(): use path.Join() instead of joinNotEmpty()
* Fuzzing: Remove panics of container_fuzzer ([#5823](https://github.com/containerd/containerd/pull/5823))
* Fuzzing: Remove panics of container_fuzzer
* Fuzzing: Add container fuzzer ([#5785](https://github.com/containerd/containerd/pull/5785))
* Change protoc link
* Split fuzzer to two fuzzers
* Fuzzing: Add container fuzzer
* runtime: fix the issue of create new socket with abstract address ([#5746](https://github.com/containerd/containerd/pull/5746))
* runtime: fix the issue of create new socket with abstract address
* mergo: Upgrade to 0.3.12 to fix panic ([#5809](https://github.com/containerd/containerd/pull/5809))
* mergo: Upgrade to 0.3.12 to fix panic
* ci: install criu from PPA ([#5802](https://github.com/containerd/containerd/pull/5802))
* ci: install criu from PPA
* Update release workflow to upload binary without CNI ([#5144](https://github.com/containerd/containerd/pull/5144))
* Split release steps into multiple tasks
* Update release workflow to upload binary without CNI
* Enable critest on Windows Periodic Jobs ([#5725](https://github.com/containerd/containerd/pull/5725))
* Enable critest on Windows
* Script to check if entries in go.mod files are in sync ([#5792](https://github.com/containerd/containerd/pull/5792))
* Script to check if entries in go.mod files are in sync
* Add a sharedNamespace label ([#5043](https://github.com/containerd/containerd/pull/5043))
* Add shared content label to namespaces
* platforms: add "ios" as known OS, "loong64" as known ARCH ([#5784](https://github.com/containerd/containerd/pull/5784))
* platforms: add "ios" as known OS, "loong64" as known ARCH
* Updates the location of protobuf downloads ([#5804](https://github.com/containerd/containerd/pull/5804))
* Updates the location of protobuf downloads in docs
* Update protobuf install to use correct repository ([#5803](https://github.com/containerd/containerd/pull/5803))
* Update protobuf install to use correct repository
* overlay: expose upperdir location of each snapshot via an optional label ([#5624](https://github.com/containerd/containerd/pull/5624))
* overlay: add an optional label of upperdir location of each snapshot
* Support SIGRTMIN+n signals ([#5693](https://github.com/containerd/containerd/pull/5693))
* Support SIGRTMIN+n signals
* respect context timeout in shim binary call ([#5800](https://github.com/containerd/containerd/pull/5800))
* respect context timeout in shim binary call
* Introduce a new go module - containerd/api for use in standalone clients ([#5716](https://github.com/containerd/containerd/pull/5716))
* Introduce a new go module - containerd/api for use in standalone clients
* grpc config add options tcp_client_ca_cert ([#5606](https://github.com/containerd/containerd/pull/5606))
* grpc config add options tcp_tls_ca
* integration: Windows volume-copy-up images ([#5162](https://github.com/containerd/containerd/pull/5162))
* integration: Windows volume-copy-up images
* add CRI support matrix to RELEASES.md ([#5795](https://github.com/containerd/containerd/pull/5795))
* add CRI support matrix to RELEASES.md
* adding a little more clarity ([#5794](https://github.com/containerd/containerd/pull/5794))
* adding a little more clarity
* update gotestsum to v1.7.0 ([#5793](https://github.com/containerd/containerd/pull/5793))
* update gotestsum to v1.7.0
* Discard blocks when removing a thin device ([#5756](https://github.com/containerd/containerd/pull/5756))
* Discard blocks when removing a thin device
* Makefile: fix passing build tags ([#5590](https://github.com/containerd/containerd/pull/5590))
* Makefile: pass build tags to manpage build process
* Makefile: fix tags parameter computation
* Add runtime label to metrics ([#5744](https://github.com/containerd/containerd/pull/5744))
* Add runtime label to metrics
* interface about shim build check ([#5745](https://github.com/containerd/containerd/pull/5745))
* interface about shim build check
* integration: log all processes to investigate the test failure ([#5775](https://github.com/containerd/containerd/pull/5775))
* integration: log all processes to investigate the test failure
* Fuzzing: Add archive fuzzer ([#5779](https://github.com/containerd/containerd/pull/5779))
* Fuzzing: Add archive fuzzer
* Add docker.Fetch fuzzer ([#5687](https://github.com/containerd/containerd/pull/5687))
* Add docker fetch fuzzer
* Support custom compressor for walking differ ([#5735](https://github.com/containerd/containerd/pull/5735))
* Support custom compressor for walking differ
* remotes/docker/pusher.go: Fix missing Close() on push to docker remote ([#5770](https://github.com/containerd/containerd/pull/5770))
* remotes/docker/pusher.go: Fix missing Close()
* remotes/docker/fetcher.go: Fix missing Close() on fetch from docker remote ([#5769](https://github.com/containerd/containerd/pull/5769))
* remotes/docker/fetcher.go: Fix missing Close()
* Update cpuguy83/go-md2man binary to v2.0.1 ([#5771](https://github.com/containerd/containerd/pull/5771))
* Update cpuguy83/go-md2man binary to v2.0.1
* Refactor / optimize contrib/Dockerfile.test ([#5750](https://github.com/containerd/containerd/pull/5750))
* Dockerfile.test: build containerd in separate stage
* Dockerfile.test: add GOLANG_IMAGE build arg to allow overriding
* Dockerfile.test: clean up apt indexes after installing
* Dockerfile.test: build critools in a separate stage
* Dockerfile.test: build cni in a separate stage
* Dockerfile.test: standard directory to collect build aftifacts
* Dockerfile.test: split dev stage, and optimize order
* Dockerfile.test: skip curl, gcc, git and make install
* install-critools: make sure DESTDIR exists
* update gotestsum to current master ([#5754](https://github.com/containerd/containerd/pull/5754))
* update gotestsum to current master
* Github Security Advisory [GHSA-c72p-9xmj-rx3w](https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w)
* Add test for archive breakout test for lchmod
* Use systemd cgroup driver for Kubernetes e2e tests with cgroupsv2 ([#5755](https://github.com/containerd/containerd/pull/5755))
* Use systemd cgroup driver for cgroupv2 tests
* update runc to v1.0.1 ([#5751](https://github.com/containerd/containerd/pull/5751))
* go.mod: runc v1.0.1
* update runc binary to v1.0.1
* runtime: runc v2: remove redundant validation ([#5737](https://github.com/containerd/containerd/pull/5737))
* runtime: runc v2: remove redundant validation
* Add timestamp to flaky restart monitor test ([#5727](https://github.com/containerd/containerd/pull/5727))
* Move loop check to before sleep
* Add timestamp to flaky restart monitor test
* Update Go to 1.16.6 ([#5722](https://github.com/containerd/containerd/pull/5722))
* integration/client: go mod tidy
* Update Go to 1.16.6
* client: surface a connection error more clearly ([#4447](https://github.com/containerd/containerd/pull/4447))
* client: surface a connection error more clearly
* Fix missing Body.Close() calls on push to docker remote ([#5712](https://github.com/containerd/containerd/pull/5712))
* Fix missing Body.Close() calls on push to docker remote
* remove pkg/cri/platforms package ([#5710](https://github.com/containerd/containerd/pull/5710))
* remove pkg/cri/platforms package
* Allow WithServices to use custom implementations ([#5709](https://github.com/containerd/containerd/pull/5709))
* Allow WithServices to use custom implementations
* [Vendor] Update hcsshim to 0.8.18 ([#5673](https://github.com/containerd/containerd/pull/5673))
* [Vendor] Update hcsshim to 0.8.18
* test integration: Adds a test that restarts a failed container ([#5578](https://github.com/containerd/containerd/pull/5578))
* test integration: Adds a test that restarts a failed container
* [CRI] move up to CRI v1 and support v1alpha in parallel ([#5619](https://github.com/containerd/containerd/pull/5619))
* use fu wei's suggeted interface pick for marshaling
* add alpha version
* move up to CRI v1 and support v1alpha in parallel
* gha: make release workflow work in forks ([#5682](https://github.com/containerd/containerd/pull/5682))
* gha: make release workflow work in forks
* Add unit test for plugin ([#5666](https://github.com/containerd/containerd/pull/5666))
* Add unit test for plugin
* Dockerfile.test: add "cri-in-userns" (aka rootless) test stage ([#5700](https://github.com/containerd/containerd/pull/5700))
* Dockerfile.test: add "cri-in-userns" (aka rootless) test stage
* Update for distribution spec 1.0 ([#5676](https://github.com/containerd/containerd/pull/5676))
* Add support for registry host path override
* Update documenation for OCI distribution 1.0
* archive: cleanup lchmod logic ([#5702](https://github.com/containerd/containerd/pull/5702))
* Cleanup lchmod logic in archive
* Install specific golang version in Windows CI. ([#5571](https://github.com/containerd/containerd/pull/5571))
* Install specific golang version in Windows CI.
* Add ctr command label in NewContainerOpts ([#5660](https://github.com/containerd/containerd/pull/5660))
* feat: Add snapshotter label to the new snapshot for container.
* snapshot/devmapper: log exported methods correctly ([#5655](https://github.com/containerd/containerd/pull/5655))
* snapshot/devmapper: log exported methods correctly
* Makefile: fix DESTDIR and PREFIX concatenation ([#5662](https://github.com/containerd/containerd/pull/5662))
* Makefile: fix DESTDIR and PREFIX concatenation
* Cri integration cleanup ([#5287](https://github.com/containerd/containerd/pull/5287))
* tests: Use EnsureImageExists for image pulling
* tests: Refactors PodSandbox creation
* move sys.FMountat() into mount package and un-export ([#5641](https://github.com/containerd/containerd/pull/5641))
* un-export mount.FMountat
* move sys.FMountat() into mount package
* sandbox: send pod UID to CNI plugins as K8S_POD_UID ([#5640](https://github.com/containerd/containerd/pull/5640))
* sandbox: send pod UID to CNI plugins as K8S_POD_UID
* sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils ([#5639](https://github.com/containerd/containerd/pull/5639))
* sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils
* content/local: inline sys.StatATimeAsTime() ([#5633](https://github.com/containerd/containerd/pull/5633))
* content/local: inline sys.StatATimeAsTime()
* allow multi gpu to be specified via ctr ([#5636](https://github.com/containerd/containerd/pull/5636))
* allow multi gpu to be specified via ctr
* go.mod: runc v1.0.0
* update runc binary to v1.0.0 GA
* fixing some doc links ([#5629](https://github.com/containerd/containerd/pull/5629))
* fixing some doc links
* Sync integration/go.mod with root go.mod ([#5623](https://github.com/containerd/containerd/pull/5623))
* Sync integration/go.mod with root go.mod
* archive: Expose ChangeWriter to allow customized diff computing ([#5615](https://github.com/containerd/containerd/pull/5615))
* archive: Expose ChangeWriter to allow customized diff computing
* CI: Switch to the available latest images ([#5625](https://github.com/containerd/containerd/pull/5625))
* CI: Switch to available latest images
* fix deprecation config for default runtime
* Re-enable criu in main integration runs ([#5614](https://github.com/containerd/containerd/pull/5614))
* Re-enable criu in main integration runs
* runtime,v2: Enable debug when containerd is on debug+ log level ([#5617](https://github.com/containerd/containerd/pull/5617))
* runtime,v2: Enable debug when containerd is on debug+ log level
* github.com/golang/protobuf/proto is deprecated
* Update github.com/golang/protobuf from v1.3.5 to v1.4.3
* Update google.golang.org/grpc from v1.27.1 to v1.38.0
* Increase golangci-lint timeout
* ctr flags of container rootfs propagation ([#5611](https://github.com/containerd/containerd/pull/5611))
* command line flags of setting container rootfs propagation
* add cgroupv2 setup for cos with a flag
* Update gotestsum to add timestamps to junit output ([#5612](https://github.com/containerd/containerd/pull/5612))
* Update gotestsum to add timestamps to junit output
* Allow to pass --no-cgroups option to nvidia-container-cli ([#5604](https://github.com/containerd/containerd/pull/5604))
* Allow to pass --no-cgroup option to nvidia-container-cli
* Makefile: FHS conformant manpage installation pathes ([#5577](https://github.com/containerd/containerd/pull/5577))
* Makefile: FHS conformant manpage installation pathes
* Add proper Go version before project checks ([#5594](https://github.com/containerd/containerd/pull/5594))
* Add proper Go version before project checks
* Enable cri-integration in Windows Periodic Tests ([#5580](https://github.com/containerd/containerd/pull/5580))
* Enable cri-integration in Windows Periodic Tests
* adds explanation for seccomp unset/unconfined default vs runtime default ([#5573](https://github.com/containerd/containerd/pull/5573))
* adds explanation for seccomp unset/unconfined default vs runtime default
* Fix cleanup context of teardownPodNetwork ([#5569](https://github.com/containerd/containerd/pull/5569))
* Fix cleanup context of teardownPodNetwork
* update integration/client go.sum ([#5572](https://github.com/containerd/containerd/pull/5572))
* update integration/client go.sum
* Revert diff/walking error change ([#5566](https://github.com/containerd/containerd/pull/5566))
* Revert diff/walking error change
* Update opencontainers/selinux to v1.8.2 ([#5562](https://github.com/containerd/containerd/pull/5562))
* Update opencontainers/selinux to v1.8.2
* fix invalid validation error checking ([#5565](https://github.com/containerd/containerd/pull/5565))
* fix invalid validation error checking
* diff/walking: fix defer cleanup ([#5551](https://github.com/containerd/containerd/pull/5551))
* diff/walking: fix defer cleanup
* Windows periodic job: Add creation timestamp to RG ([#5559](https://github.com/containerd/containerd/pull/5559))
* Add creation timestamp to RG
* Fix error case in Windows layer cleanup ([#5328](https://github.com/containerd/containerd/pull/5328))
* Fix error case in Windows layer cleanup
* Use DeactivateLayer to unlock layers that we cannot rename ([#5422](https://github.com/containerd/containerd/pull/5422))
* Small typo fix "reimporst"
* Use DeactivateLayer to recover layers that we cannot rename
* tests: Symlink volume tests ([#5284](https://github.com/containerd/containerd/pull/5284))
* tests: Symlink volume tests
* Makefile: fix DESTDIR environment variable behaviour ([#5535](https://github.com/containerd/containerd/pull/5535))
* Makefile: fix DESTDIR environment variable behaviour
* Change Wrapf of non-error to an actual error ([#5560](https://github.com/containerd/containerd/pull/5560))
* Change Wrapf of non-error to an actual error
* Install apparmor parser for arm64 environment
* scrub the stale TODO ([#5536](https://github.com/containerd/containerd/pull/5536))
* scrub the stale TODO
* docs: explicitly mention containerd's Prometheus path ([#5554](https://github.com/containerd/containerd/pull/5554))
* docs: explicitly mention containerd's Prometheus path
* integration: Cleanup containerd on test teardown ([#5553](https://github.com/containerd/containerd/pull/5553))
* integration: Cleanup containerd on test teardown
* docs/cri: update links ([#5548](https://github.com/containerd/containerd/pull/5548))
* docs/cri: update ocicrypt link
* docs/cri: fix broken links
* Update Windows periodic tests ([#5544](https://github.com/containerd/containerd/pull/5544))
* Update Windows periodic tests
* Add CI periodic Windows Jobs. ([#5165](https://github.com/containerd/containerd/pull/5165))
* Schedule Windows job daily after midnight.
* Update windows-periodic.yml
* Add CI periodic Windows Jobs.
* Rename atomicWrite to writeToCompletion ([#5273](https://github.com/containerd/containerd/pull/5273))
* Rename atomicWrite to writeToCompletion
* Do not run btrfs tests if btrfs kernel module is not loaded ([#5539](https://github.com/containerd/containerd/pull/5539))
* Do not run btrfs tests if btrfs kernel module is not loaded
* Fix incorrect UA used for registry authentication ([#5533](https://github.com/containerd/containerd/pull/5533))
* Fix incorrect UA used for registry authentication
* ctr: parse mount options with embedded = character ([#5531](https://github.com/containerd/containerd/pull/5531))
* ctr: parse mount options with embedded = character
* Fix mounts for FreeBSD ([#5472](https://github.com/containerd/containerd/pull/5472))
* Add ruleset=4 option
* Remove mountpoints not commonly mounted on FreeBSD
* Add copyright header & make sure compilation succeeds on all platforms
* Fix mounts for FreeBSD
* ctr: make exec pty behavior consistent with run ([#5527](https://github.com/containerd/containerd/pull/5527))
* ctr: exec handle pty resize after Start
* ctr: exec setup IO with console
* Makefile: use $@ for target file names ([#5534](https://github.com/containerd/containerd/pull/5534))
* Makefile: use $@ for target file names
* Fix small typo ([#5528](https://github.com/containerd/containerd/pull/5528))
* Fix small typo
* Don't check for apparmor_parser to be present ([#5519](https://github.com/containerd/containerd/pull/5519))
* update the link
* Don't check for apparmor_parser to be present
* Remove useless lines ([#5520](https://github.com/containerd/containerd/pull/5520))
* Remove useless lines
* Fixed typos in docs ([#5509](https://github.com/containerd/containerd/pull/5509))
* fixed typos
* Try next mirror in case of non-404 errors, too ([#5275](https://github.com/containerd/containerd/pull/5275))
* Try next mirror in case of non-404 errors, too
* bump runc version to v1.0.0-rc95 ([#5514](https://github.com/containerd/containerd/pull/5514))
* bump runc version to v1.0.0-rc95
* update runc binary to v1.0.0-rc95 ([#5511](https://github.com/containerd/containerd/pull/5511))
* update runc binary to v1.0.0-rc95
* Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0 ([#5508](https://github.com/containerd/containerd/pull/5508))
* Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0
* Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1 ([#5507](https://github.com/containerd/containerd/pull/5507))
* Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
* Makefile: allow overriding install command via environment ([#5493](https://github.com/containerd/containerd/pull/5493))
* Makefile: allow overriding install command via environment
* tests: Adds support for Windows cri-integration tests ([#5163](https://github.com/containerd/containerd/pull/5163))
* tests: Adds support for Windows cri-integration tests
* Update docker resolver to authorize redirects ([#5504](https://github.com/containerd/containerd/pull/5504))
* Update docker resolver to authorize redirects
* bump hcsshim version to v0.8.17 ([#5505](https://github.com/containerd/containerd/pull/5505))
* bump hcsshim version to v0.8.17
* Release binary update for imgcrypt ([#5498](https://github.com/containerd/containerd/pull/5498))
* just release ctd-decoder not ctr-enc
* Merge remote-tracking branch 'upstream/master'
* Pin integration test image for alpine
* cri-integration tests: Pull images once ([#5313](https://github.com/containerd/containerd/pull/5313))
* tests: Prepull images used in tests
* plugin: optimize the check for the last registration ([#5440](https://github.com/containerd/containerd/pull/5440))
* plugin: optimize the check for the last registration
* metadata: modify NewLeaseManager to return leases.Manager ([#5465](https://github.com/containerd/containerd/pull/5465))
* metadata: modify NewLeaseManager to return leases.Manager
* Skip TLS verification for localhost ([#5100](https://github.com/containerd/containerd/pull/5100))
* Skip TLS verification for localhost
* Merge remote-tracking branch 'upstream/master'
* Makefile: make sure manpages are built before install-man ([#5492](https://github.com/containerd/containerd/pull/5492))
* Makefile: make sure manpages are built before install-man
* adds description for hosts.toml ([#5309](https://github.com/containerd/containerd/pull/5309))
* adds credentials description
* adds description for hosts.toml
* Prepare default branch rename ([#5459](https://github.com/containerd/containerd/pull/5459))
* Prepare default branch rename
* Merge remote-tracking branch 'upstream/master'
* Update runc to rc94 ([#5473](https://github.com/containerd/containerd/pull/5473))
* Update vendored runc to v1.0.0.0-rc94
* Update the runc binary used with containerd to runc v1.0.0-rc94
* Fix `content.ReaderAt` close ([#5468](https://github.com/containerd/containerd/pull/5468))
* Fix content.ReaderAt close
* Update releases doc with updated support timeline ([#5466](https://github.com/containerd/containerd/pull/5466))
* Update releases doc with updated support timeline
* tests: add test for adaptor ([#5452](https://github.com/containerd/containerd/pull/5452))
* tests: add test for adaptor
* Makefile: allow overriding go command by environment ([#5450](https://github.com/containerd/containerd/pull/5450))
* Makefile: allow overriding go command by environment
* update to new cri-tools make install ([#5462](https://github.com/containerd/containerd/pull/5462))
* update to new cri-tools make install
* Update Go to 1.16.4 ([#5461](https://github.com/containerd/containerd/pull/5461))
* Update Go to 1.16.4
* Merge remote-tracking branch 'upstream/release/1.5'
* [release/1.5] go.mod: cut circular dependency on github.com/containerd/containerd ([#5457](https://github.com/containerd/containerd/pull/5457))
* go.mod: cut circular dependency on github.com/containerd/containerd
* integration/client: go mod tidy
* oci: fix WithDevShmSize ([#5063](https://github.com/containerd/containerd/pull/5063))
* oci: fix WithDevShmSize
* [release/1.5] cherry-pick: windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink ([#5454](https://github.com/containerd/containerd/pull/5454))
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink ([#5411](https://github.com/containerd/containerd/pull/5411))
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
* doc: add missing namespaces package ([#5448](https://github.com/containerd/containerd/pull/5448))
* doc: add missing namespaces package
* update seccomp version ([#5445](https://github.com/containerd/containerd/pull/5445))
* update seccomp version
* Update golang.org/x/sys to add linux/ppc support ([#5436](https://github.com/containerd/containerd/pull/5436))
* Update golang.org/x/sys to add linux/ppc support
* go.mod: cut circular dependency on github.com/containerd/containerd ([#5441](https://github.com/containerd/containerd/pull/5441))
* go.mod: cut circular dependency on github.com/containerd/containerd
* integration/client: go mod tidy
* Fix different registry hosts referencing the same auth config. ([#5446](https://github.com/containerd/containerd/pull/5446))
* Fix different registry hosts referencing the same auth config.
</p>
</details>
### Changes from containerd/cgroups
<details><summary>33 commits</summary>
<p>
* v2: Fix inotify fd leak when cgroup is deleted ([#212](https://github.com/containerd/cgroups/pull/212))
* v2: add test case for Manager.EventChan() behavior
* v2: flip error handling for readKVStat("memory.events") to reduce indentation
* v2: manager: factor out memory.events parsing
* v2: Fix inotify leak when cgroup is deleted
* fix Implicit memory aliasing in for loop ([#214](https://github.com/containerd/cgroups/pull/214))
* fix Implicit memory aliasing in for loop
* Fix potential dirfd leak. ([#210](https://github.com/containerd/cgroups/pull/210))
* Fix potential dirfd leak.
* cgroup: Optionally add process and task to a subsystems subset ([#203](https://github.com/containerd/cgroups/pull/203))
* cgroup: Optionally add process and task to a subsystems subset
* replace pkg/errors from vendor ([#208](https://github.com/containerd/cgroups/pull/208))
* replace pkg/errors from vendor
* cgroup.go: avoid panic on nil interface ([#207](https://github.com/containerd/cgroups/pull/207))
* cgroup.go: avoid panic on nil interface
* Improvements on cgroup v2 support ([#204](https://github.com/containerd/cgroups/pull/204))
* cgroupv2: reset lastErr to nil when subtree control is successfully written
* cgroupv2: enable controllers before setting resources in NewChild()
* v2: remove unimplemented errors and ErrorHandler, IgnoreNotExist ([#201](https://github.com/containerd/cgroups/pull/201))
* v2: remove ErrorHandler and IgnoreNotExist as they are not implemented
* v2: remove errors that are never returned
* v1: reduce duplicated code ([#202](https://github.com/containerd/cgroups/pull/202))
* v1: reduce duplicated code
* cgroup v1: implement AddProc() ([#200](https://github.com/containerd/cgroups/pull/200))
* cgroup v1: implement AddProc()
* Rename branch from master to main ([#199](https://github.com/containerd/cgroups/pull/199))
* Rename branch from master to main
* utils: export ParseCgroupFile() ([#197](https://github.com/containerd/cgroups/pull/197))
* utils: export ParseCgroupFile()
* go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations ([#194](https://github.com/containerd/cgroups/pull/194))
* go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations
* Use /proc/partitions to get device names ([#195](https://github.com/containerd/cgroups/pull/195))
* Use /proc/partitions to get device names
</p>
</details>
### Changes from containerd/console
<details><summary>6 commits</summary>
<p>
* Fix CI ([#55](https://github.com/containerd/console/pull/55))
* Fix CI
* Stop using pkg/errors
* Add support for z/OS ([#46](https://github.com/containerd/console/pull/46))
* Console test on z/OS
* Add support for z/OS
</p>
</details>
### Changes from containerd/continuity
<details><summary>28 commits</summary>
<p>
* fs: use syscall.Timespec.Unix ([#193](https://github.com/containerd/continuity/pull/193))
* fs: use syscall.Timespec.Unix
* Update CI Go version to 1.17 ([#192](https://github.com/containerd/continuity/pull/192))
* Update CI Go version to 1.17
* Build containerd/continuity on multiple Unix OSes ([#190](https://github.com/containerd/continuity/pull/190))
* Build containerd/continuity on multiple Unix OSes
* Do not log errors before returning them ([#191](https://github.com/containerd/continuity/pull/191))
* Do not log errors before returning them
* Copy Windows file metadata ([#188](https://github.com/containerd/continuity/pull/188))
* Copy Windows file metadata
* fix fmt.Errorf("%w", err) on err == nil ([#187](https://github.com/containerd/continuity/pull/187))
* fix fmt.Errorf("%w", err) on err == nil
* Remove direct dependency on github.com/pkg/errors ([#185](https://github.com/containerd/continuity/pull/185))
* run gofmt with Go 1.17
* remove direct dependency on github.com/pkg/errors
* Fix darwin issues ([#186](https://github.com/containerd/continuity/pull/186))
* update AUTHORS
* darwin: use utimensat syscall instead of utimes
* fix darwin usage of du command
* go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125 ([#161](https://github.com/containerd/continuity/pull/161))
* go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125
* fs/stat: add FreeBSD, and cleanup some nolint-comments ([#184](https://github.com/containerd/continuity/pull/184))
* reformat nolint comments
* fs/stat: add FreeBSD
* Rename branch from master to main ([#182](https://github.com/containerd/continuity/pull/182))
* Rename branch from master to main
* testutil/loopback: print more debug info ([#180](https://github.com/containerd/continuity/pull/180))
* testutil/loopback: print more debug info
</p>
</details>
### Changes from containerd/go-cni
<details><summary>18 commits</summary>
<p>
* run setup on networks in parallel ([#76](https://github.com/containerd/go-cni/pull/76))
* switch to direct index
* run setup on networks in parallel
* remove: Continue on "not found" errors ([#74](https://github.com/containerd/go-cni/pull/74))
* remove: Continue on "not found" errors
* go.mod: github.com/containernetworking/cni v1.0.1 ([#72](https://github.com/containerd/go-cni/pull/72))
* go.mod: github.com/containernetworking/cni v1.0.1
* remove direct dependency on github.com/pkg/errors ([#71](https://github.com/containerd/go-cni/pull/71))
* remove direct dependency on github.com/pkg/errors
* update CNI to v1.0.0 ([#70](https://github.com/containerd/go-cni/pull/70))
* test: add TestLibCNIType100
* update CNI to v1.0.0
* Rename branch from master to main ([#69](https://github.com/containerd/go-cni/pull/69))
* Rename branch from master to main
* result: change Raw from a struct field to a method ([#68](https://github.com/containerd/go-cni/pull/68))
* result: change Raw from a struct field to a method
* result: expose raw result ([#67](https://github.com/containerd/go-cni/pull/67))
* result: expose raw result
</p>
</details>
### Changes from containerd/imgcrypt
<details><summary>32 commits</summary>
<p>
* CHANGES: Updated CHANGES document for 1.1.3 release ([#64](https://github.com/containerd/imgcrypt/pull/64))
* CHANGES: Updated CHANGES document for 1.1.3 release
* docs: update project branch to main ([#63](https://github.com/containerd/imgcrypt/pull/63))
* docs: update project branch to main
* Update linter to match containerd repo ([#61](https://github.com/containerd/imgcrypt/pull/61))
* Update linter to match containerd repo
* update CI golang version
* Bump github.com/containerd/containerd from 1.5.7 to 1.5.8 ([#59](https://github.com/containerd/imgcrypt/pull/59))
* Bump github.com/containerd/containerd from 1.5.7 to 1.5.8
* maint: Update to ocicrypt v1.1.2 ([#57](https://github.com/containerd/imgcrypt/pull/57))
* maint: Update to ocicrypt v1.1.2
* Decouple CreateCryptoConfig() from github.com/urfave/cli ([#56](https://github.com/containerd/imgcrypt/pull/56))
* Decouple CreateCryptoConfig() from github.com/urfave/cli
* Bump github.com/containerd/containerd from 1.5.5 to 1.5.7 ([#55](https://github.com/containerd/imgcrypt/pull/55))
* Bump github.com/containerd/containerd from 1.5.5 to 1.5.7
* replace pkg/errors and bump related library
* README: Fix CRI decryption document URL ([#53](https://github.com/containerd/imgcrypt/pull/53))
* README: Fix CRI decryption document URL
* Bump github.com/containerd/containerd from 1.5.2 to 1.5.4 ([#52](https://github.com/containerd/imgcrypt/pull/52))
* Bump github.com/containerd/containerd from 1.5.2 to 1.5.4
* Bump containerd to 1.5.2 ([#51](https://github.com/containerd/imgcrypt/pull/51))
* Bump containerd to 1.5.2
* images: Implement ConvertFunc for image en- and decryption ([#49](https://github.com/containerd/imgcrypt/pull/49))
* images: Implement ConvertFunc for image en- and decryption
* Add containerd-release to makefile ([#48](https://github.com/containerd/imgcrypt/pull/48))
* Remove ctr-enc from installation
* vendor sync up with containerd 1.5 ga, and runc94 ([#47](https://github.com/containerd/imgcrypt/pull/47))
* sync up with containerd 1.5 ga, and runc94
* Sync ctr-enc with containerd's ctr v1.5.0-rc.3 ([#46](https://github.com/containerd/imgcrypt/pull/46))
* CICD: Run 'apt update' before pulling packages
* ctr-enc: Set the version for ctr-enc when linking
* Sync ctr-enc with containerd's ctr v1.5.0-rc.3
</p>
</details>
### Changes from containerd/ttrpc
<details><summary>34 commits</summary>
<p>
* Add protoc-gen-go-ttrpc ([#96](https://github.com/containerd/ttrpc/pull/96))
* Add protoc-gen-go-ttrpc
* client: Handle sending/receiving in separate goroutines ([#94](https://github.com/containerd/ttrpc/pull/94))
* client: Handle sending/receiving in separate goroutines
* Run Protobuild in GitHub Actions ([#95](https://github.com/containerd/ttrpc/pull/95))
* Run Protobuild in GitHub Actions
* Re-generate example.pb.go
* replace pkg/errors ([#93](https://github.com/containerd/ttrpc/pull/93))
* replace pkg/errors from vendor
* Rename branch from master to main ([#86](https://github.com/containerd/ttrpc/pull/86))
* Rename branch from master to main
* Make "go test" and "go build" work on macOS ([#85](https://github.com/containerd/ttrpc/pull/85))
* Make the example command buildable on macOS
* Run GitHub Actions on macOS
* Make "go test" work on macOS
* Return Unimplemented when services or methods are not implemented ([#83](https://github.com/containerd/ttrpc/pull/83))
* Return Unimplemented when services or methods are not implemented
* Remove "Very new" and checked TODO items ([#84](https://github.com/containerd/ttrpc/pull/84))
* Remove "Very new" and checked TODO items
* removing glide from ignore ([#82](https://github.com/containerd/ttrpc/pull/82))
* removing glide from ignore
* go.mod: update dependencies ([#79](https://github.com/containerd/ttrpc/pull/79))
* go.mod: github.com/prometheus/procfs v0.6.0
* go.mod: google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
* go.mod: google.golang.org/grpc v1.27.1
* go.mod: github.com/gogo/protobuf v1.3.2
* remove travis, add codecov badge ([#78](https://github.com/containerd/ttrpc/pull/78))
* CI: add codecov badge to readme
* CI: remove travis
* Use GitHub Actions for CI ([#77](https://github.com/containerd/ttrpc/pull/77))
* Use GitHub Actions for CI
* go.mod: sirupsen/logrus v1.7.0 ([#76](https://github.com/containerd/ttrpc/pull/76))
* go.mod: sirupsen/logrus v1.7.0
* go mod tidy
</p>
</details>
### Dependency Changes
* **cloud.google.com/go** v0.81.0 **_new_**
* **github.com/AdaLogics/go-fuzz-headers** 6c3934b029d8 **_new_**
* **github.com/Microsoft/go-winio** v0.4.17 -> v0.5.1
* **github.com/Microsoft/hcsshim** v0.8.16 -> v0.9.2
* **github.com/blang/semver** v3.5.1 **_new_**
* **github.com/cenkalti/backoff/v4** v4.1.2 **_new_**
* **github.com/cespare/xxhash/v2** v2.1.1 -> v2.1.2
* **github.com/cilium/ebpf** v0.4.0 -> v0.7.0
* **github.com/containerd/cgroups** v1.0.1 -> v1.0.3
* **github.com/containerd/console** v1.0.2 -> v1.0.3
* **github.com/containerd/continuity** v0.1.0 -> v0.2.2
* **github.com/containerd/go-cni** v1.0.2 -> v1.1.1
* **github.com/containerd/imgcrypt** v1.1.1 -> v1.1.3
* **github.com/containerd/ttrpc** v1.0.2 -> v1.1.0
* **github.com/containernetworking/cni** v0.8.1 -> v1.0.1
* **github.com/containernetworking/plugins** v0.9.1 -> v1.0.1
* **github.com/containers/ocicrypt** v1.1.1 -> v1.1.2
* **github.com/coreos/go-systemd/v22** v22.1.0 -> v22.3.2
* **github.com/go-logr/logr** v0.2.0 -> v1.2.2
* **github.com/go-logr/stdr** v1.2.2 **_new_**
* **github.com/godbus/dbus/v5** v5.0.3 -> v5.0.6
* **github.com/golang/groupcache** 8c9f03a8e57e -> 41bb18bfe9da
* **github.com/golang/protobuf** v1.3.5 -> v1.5.2
* **github.com/google/go-cmp** v0.5.4 -> v0.5.6
* **github.com/google/gofuzz** v1.1.0 -> v1.2.0
* **github.com/grpc-ecosystem/go-grpc-middleware** v1.3.0 **_new_**
* **github.com/grpc-ecosystem/grpc-gateway** v1.16.0 **_new_**
* **github.com/hashicorp/errwrap** v1.0.0 -> v1.1.0
* **github.com/hashicorp/go-multierror** v1.0.0 -> v1.1.1
* **github.com/imdario/mergo** v0.3.11 -> v0.3.12
* **github.com/intel/goresctrl** v0.2.0 **_new_**
* **github.com/json-iterator/go** v1.1.10 -> v1.1.12
* **github.com/moby/spdystream** v0.2.0 **_new_**
* **github.com/moby/sys/mountinfo** v0.4.1 -> v0.5.0
* **github.com/moby/sys/signal** v0.6.0 **_new_**
* **github.com/moby/sys/symlink** v0.1.0 -> v0.2.0
* **github.com/modern-go/reflect2** v1.0.1 -> v1.0.2
* **github.com/opencontainers/image-spec** v1.0.1 -> 693428a734f5
* **github.com/opencontainers/runc** v1.0.0-rc93 -> v1.1.0
* **github.com/opencontainers/runtime-spec** e6143ca7d51d -> 1c3f411f0417
* **github.com/opencontainers/selinux** v1.8.0 -> v1.10.0
* **github.com/pelletier/go-toml** v1.8.1 -> v1.9.3
* **github.com/prometheus/client_golang** v1.7.1 -> v1.11.0
* **github.com/prometheus/common** v0.10.0 -> v0.30.0
* **github.com/prometheus/procfs** v0.6.0 -> v0.7.3
* **github.com/satori/go.uuid** v1.2.0 **_new_**
* **github.com/sirupsen/logrus** v1.7.0 -> v1.8.1
* **github.com/spf13/pflag** v1.0.5 **_new_**
* **github.com/stretchr/testify** v1.6.1 -> v1.7.0
* **github.com/vishvananda/netlink** f5de75959ad5 **_new_**
* **github.com/vishvananda/netns** 2eb08e3e575f **_new_**
* **go.etcd.io/bbolt** v1.3.5 -> v1.3.6
* **go.opencensus.io** v0.22.3 -> v0.23.0
* **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.28.0 **_new_**
* **go.opentelemetry.io/otel** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/internal/retry** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/sdk** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/trace** v1.3.0 **_new_**
* **go.opentelemetry.io/proto/otlp** v0.11.0 **_new_**
* **golang.org/x/crypto** 0c34fe9e7dc2 -> 32db794688a5
* **golang.org/x/net** e18ecbb05110 -> fe4d6282115f
* **golang.org/x/oauth2** bf48bf16ab8d -> 2bc19b11175f
* **golang.org/x/sync** 09787c993a3a -> 036812b2e83c
* **golang.org/x/sys** 47abb6519492 -> 1d35b9e2eb4e
* **golang.org/x/term** 7de9c90e9dd1 -> 6886f2dfbf5b
* **golang.org/x/text** v0.3.4 -> v0.3.7
* **golang.org/x/time** 3af7569d3a1e -> 1f47c861a9ac
* **google.golang.org/appengine** v1.6.5 -> v1.6.7
* **google.golang.org/grpc** v1.27.1 -> v1.43.0
* **google.golang.org/protobuf** v1.27.1 **_new_**
* **gopkg.in/yaml.v3** 9f266ea9e77c -> 496545a6307b
* **k8s.io/api** v0.20.6 -> v0.22.5
* **k8s.io/apimachinery** v0.20.6 -> v0.22.5
* **k8s.io/apiserver** v0.20.6 -> v0.22.5
* **k8s.io/client-go** v0.20.6 -> v0.22.5
* **k8s.io/component-base** v0.20.6 -> v0.22.5
* **k8s.io/cri-api** v0.20.6 -> v0.23.1
* **k8s.io/klog/v2** v2.4.0 -> v2.30.0
* **k8s.io/utils** 67b214c5f920 -> cb0fa318a74b
* **sigs.k8s.io/structured-merge-diff/v4** v4.0.3 -> v4.1.2
Previous release can be found at [v1.5.0](https://github.com/containerd/containerd/releases/tag/v1.5.0)
containerd 1.6.0-rc.1
Welcome to the v1.6.0-rc.1 release of containerd!
The seventh major release of containerd includes many improvements and added
support to increase overall compatibility and stability.
### Highlights
#### Runtime
* **Add runtime label to metrics** ([#5744](https://github.com/containerd/containerd/pull/5744))
* **Cleanup task delete logic in v2 shim** ([#5813](https://github.com/containerd/containerd/pull/5813))
* **Add support for shim plugins** ([#5817](https://github.com/containerd/containerd/pull/5817))
* **Handle sigint and sigterm in shimv2** ([#5828](https://github.com/containerd/containerd/pull/5828))
* **Decouple shim and task manager** ([#5918](https://github.com/containerd/containerd/pull/5918))
* **Add runc shim support for core scheduling** ([#6011](https://github.com/containerd/containerd/pull/6011))
* **Update shim client connect attempt to fail fast when shim errors** ([#6031](https://github.com/containerd/containerd/pull/6031))
* **Add support for absolute path to shim binaries** ([#6206](https://github.com/containerd/containerd/pull/6206))
* **Update runc to v1.1.0** ([#6375](https://github.com/containerd/containerd/pull/6375))
#### Windows
* **Add support for Windows HostProcess containers** ([#5131](https://github.com/containerd/containerd/pull/5131))
* **Add support for Windows resource limits** ([#5778](https://github.com/containerd/containerd/pull/5778))
#### CRI
* **Add CNI configuration based on runtime class** ([#4695](https://github.com/containerd/containerd/pull/4695))
* **Add support for Intel RDT** ([#5439](https://github.com/containerd/containerd/pull/5439))
* **Add support for CRI v1 and v1alpha in parallel** ([#5619](https://github.com/containerd/containerd/pull/5619))
* **Add support for unified resources field for cgroups v2** ([#5627](https://github.com/containerd/containerd/pull/5627))
* **Add IP preference configuration for reporting pod IP** ([#5964](https://github.com/containerd/containerd/pull/5964))
* **Implement new CRI pod sandbox stats API** ([#6113](https://github.com/containerd/containerd/pull/6113))
* **Add sandbox and container latency metrics** ([#6111](https://github.com/containerd/containerd/pull/6111))
* **Add namespace to ttrpc and grpc plugin connections** ([#6130](https://github.com/containerd/containerd/pull/6130))
* **Add option to allow ping sockets and privileged ports with no capabilities** ([#6170](https://github.com/containerd/containerd/pull/6170))
* **Add support for configuring swap** ([#6320](https://github.com/containerd/containerd/pull/6320))
#### Other
* **Add support for client TLS Auth for grpc** ([#5606](https://github.com/containerd/containerd/pull/5606))
* **Add xfs support for devicemapper snapshotter** ([#5610](https://github.com/containerd/containerd/pull/5610))
* **Add metric exposing build version and revision** ([#5965](https://github.com/containerd/containerd/pull/5965))
* **Add support for custom fs options in devmapper snapshotter** ([#6122](https://github.com/containerd/containerd/pull/6122))
* **Update introspection service to show GRPC plugins** ([#6432](https://github.com/containerd/containerd/pull/6432))
#### Client
* **Allow WithServices to use custom implementations** ([#5709](https://github.com/containerd/containerd/pull/5709))
* **Support custom compressor for walking differ** ([#5735](https://github.com/containerd/containerd/pull/5735))
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
### Contributors
* Derek McGowan
* Phil Estes
* Akihiro Suda
* Wei Fu
* Maksym Pavlenko
* Sebastiaan van Stijn
* Michael Crosby
* Kazuyoshi Kato
* Mike Brown
* Claudiu Belu
* Daniel Canter
* haoyun
* Brian Goff
* Gabriel Adrian Samfira
* Stefan Berger
* zounengren
* AdamKorcz
* Adelina Tuvenie
* Kohei Tokunaga
* Davanum Srinivas
* Nashwan Azhari
* Samuel Karp
* Shiming Zhang
* Enrico Weigelt, metux IT consult
* Markus Lehtonen
* Alakesh Haloi
* Hajime Tazaki
* Iceber Gu
* Kevin Parsons
* Aditi Sharma
* David Porter
* Gijs Peskens
* Jeremi Piotrowski
* ningmingxiao
* Brandon Lum
* Cody Roseborough
* Danielle Lancashire
* Jacob MacElroy
* Tõnis Tiigi
* dependabot[bot]
* wanglei
* Alexandre Peixoto Ferreira
* Fabiano Fidêncio
* Furkan Türkal
* Jiaming Xu
* Kir Kolyshkin
* Miao Wang
* Neil Johnson
* Paul "TBBle" Hampson
* Priyanka Saggu
* Romain Aviolat
* Samuel Ortiz
* Sunghoon Kang
* Takumasa Sakao
* Tobias Klauser
* Zhiyu Li
* ye.sijun
* Alexander Minbaev
* Alexey Ivanov
* Artem Khramov
* Aurelien Lun-Sin
* Ben Hutchings
* Cory Bennett
* Da McGrady
* Dan Williams
* Eng Zer Jun
* Eric Ernst
* Ethan Chen
* Fupan Li
* Gaurav Gahlot
* Gunju Kim
* Jacob Blain Christen
* James Sturtevant
* Jan Klippel
* Jayme Howard
* Jiajun Jiang
* Jintao Zhang
* Justin Terry
* Kaijie Chen
* Kante
* Kern Walster
* Kitt Hsu
* Lantao Liu
* Ma Xinjian
* Manabu Sugimoto
* Manuel Alejandro de Brito Fontes
* Mark Rossetti
* Markus Lippert
* Mikko Ylinen
* Ng Yang
* Nicolas Chariglione
* Ning Li
* Olli Janatuinen
* Peri Thompson
* Quan Tian
* Radostin Stoyanov
* Rui Lopes
* Sambhav Kothari
* Sebastian Hasler
* Sergey Kanzhelev
* Sören Tempel
* Yang Yang
* Yifan Yuan
* Zilong Wang
* Zufar Dhiyaulhaq
* botieking98
* chenxiaoyu
* jayonlau
* jerryzhuang
* linrunlong
* scuzhanglei
* wangzhan
* Étienne Guesnet
### Changes
<details><summary>1022 commits</summary>
<p>
* Prepare 1.6.0-rc.2 ([#6502](https://github.com/containerd/containerd/pull/6502))
* Prepare release notes for v1.6.0-rc.2
* Update releases document
* platforms.Normalize(): do not reset OSVersion and OSFeatures ([#6497](https://github.com/containerd/containerd/pull/6497))
* platforms.Normalize(): do not reset OSVersion and OSFeatures
* tracing: use OTLP/HTTP in addition to OTLP/gRPC ([#6457](https://github.com/containerd/containerd/pull/6457))
* tracing: return (ctx, span) from StartSpan
* tracing: support OTLP/HTTP in addition to gRPC
* Update cgroups to v1.0.3 ([#6498](https://github.com/containerd/containerd/pull/6498))
* Update cgroups to v1.0.3
* seccomp: kernel 5.11 -> 5.16 ([#6494](https://github.com/containerd/containerd/pull/6494))
* seccomp: kernel 5.16 (futex_waitv)
* seccomp: kernel 5.15 (process_mrelease)
* seccomp: kernel 5.14 (quotactl_fd, memfd_secret)
* seccomp: kernel 5.13 (landlock_{add_rule,create_ruleset,restrict_self})
* seccomp: kernel 5.12 (mount_setattr)
* remotes: fix dockerPusher to handle abort correctly ([#6243](https://github.com/containerd/containerd/pull/6243))
* remotes: fix dockerPusher to handle abort correctly
* seccomp: add support for "swapcontext" syscall in default policy ([#6411](https://github.com/containerd/containerd/pull/6411))
* seccomp: add support for "swapcontext" syscall in default policy
* oci: use readonly mount to read user/group info ([#6478](https://github.com/containerd/containerd/pull/6478))
* oci: use readonly mount to read user/group info
* Fix possibly incorrect media type default on import ([#6475](https://github.com/containerd/containerd/pull/6475))
* Fix possibly incorrect media type default on import
* shimv2: handle sigint/sigterm ([#5828](https://github.com/containerd/containerd/pull/5828))
* shimv2: handle sigint/sigterm
* Fix acr fetch token 400 ([#6481](https://github.com/containerd/containerd/pull/6481))
* fix acr fetch token 400
* platforms: add support for matching amd64 variants ([#6455](https://github.com/containerd/containerd/pull/6455))
* platforms: add support for matching amd64 variants
* Fix windows periodic workflow ([#6476](https://github.com/containerd/containerd/pull/6476))
* Fix windows periodic workflow
* docs: add doc-comments on GC-related methods ([#6473](https://github.com/containerd/containerd/pull/6473))
* docs: add doc-comments on GC-related methods
* fix: should not send 137 code event if cmd is notfound ([#6465](https://github.com/containerd/containerd/pull/6465))
* fix: should not send 137 code event if cmd is notfound
* Fix empty scopes return ([#6463](https://github.com/containerd/containerd/pull/6463))
* fix empty scopes return
* Prepare release notes for v1.6.0-rc.1 ([#6462](https://github.com/containerd/containerd/pull/6462))
* Prepare release notes for v1.6.0-rc.1
* Add support for skipping non-dist blob push ([#6424](https://github.com/containerd/containerd/pull/6424))
* ctr: flag to toggle non-distributable blob push
* Add image handler to skip non-distributable blobs.
* Compile binaries for go1.16 and go1.17 in CI ([#6461](https://github.com/containerd/containerd/pull/6461))
* Compile binaries for go1.16 and go1.17 in CI
* services/introspection: fix plugin caching to show grpc plugins ([#6432](https://github.com/containerd/containerd/pull/6432))
* Update caching logic to avoid map access
* services/introspection: support to show introspection grpc service
* Integration: Change to Windows Server 2022 build number constant ([#6458](https://github.com/containerd/containerd/pull/6458))
* Integration: Change to Windows Server 2022 build number constant
* Update kubernetes vendor to 0.22.5 ([#6460](https://github.com/containerd/containerd/pull/6460))
* Update kubernetes vendor to 0.22.5
* Fix rdt build tags for go 1.16 ([#6459](https://github.com/containerd/containerd/pull/6459))
* Fix rdt build tags for go 1.16
* Remove submodule go mod ([#6439](https://github.com/containerd/containerd/pull/6439))
* Remove api go submodule
* Update makefile to remove API submodule
* go.mod: Update hcsshim to v0.9.2 ([#6453](https://github.com/containerd/containerd/pull/6453))
* go.mod: Update hcsshim to v0.9.2
* update runc to v1.1.0 ([#6375](https://github.com/containerd/containerd/pull/6375))
* go.mod: github.com/opencontainers/runc v1.1.0
* update runc binary to v1.1.0
* tracing: fix OTLP tracer's initialization ([#6443](https://github.com/containerd/containerd/pull/6443))
* tracing: fix OTLP tracer's initialization
* gha: run CodeQL scan on pull requests ([#6386](https://github.com/containerd/containerd/pull/6386))
* gha: run CodeQL scan on pull requests
* Do not automatically inject client traces ([#6445](https://github.com/containerd/containerd/pull/6445))
* Do not automatically inject client traces
* [containerd-stress] delete useless code ([#6451](https://github.com/containerd/containerd/pull/6451))
* delete useless code
* Revert "Add shared content label to namespaces" ([#6440](https://github.com/containerd/containerd/pull/6440))
* Revert "Add shared content label to namespaces"
* Add ppc64 support for test images ([#6435](https://github.com/containerd/containerd/pull/6435))
* Add ppc64 support for test images
* ctr: Unify the delete subcommand alias ([#6427](https://github.com/containerd/containerd/pull/6427))
* ctr: Unify the delete subcommand alias
* Prepare release notes for v1.6.0-rc.0 ([#6431](https://github.com/containerd/containerd/pull/6431))
* Prepare release notes for v1.6.0-rc.0
* Integration: Switch to using `auth` Gcloud action in Windows workflow. ([#6397](https://github.com/containerd/containerd/pull/6397))
* Integration: Switch to `upload-cloud-storage` Gcloud action.
* Integration: Switch to using `auth` Gcloud action in Windows workflow.
* remove io/ioutil ([#6426](https://github.com/containerd/containerd/pull/6426))
* remove io/ioutil
* test: e2e node COS cgroupv2 script ([#6418](https://github.com/containerd/containerd/pull/6418))
* test: e2e node COS cgroupv2 script
* Integration: Enable CRITest on Windows 2022. ([#6378](https://github.com/containerd/containerd/pull/6378))
* Enable critest tests on Windows Server 2022.
* Parametrize CRITest test images in Windows Periodic workflow.
* Update error message for apparmor parser ([#6415](https://github.com/containerd/containerd/pull/6415))
* Update error message for apparmor parser
* Fix wrong log message ([#6419](https://github.com/containerd/containerd/pull/6419))
* Fix wrong log message
* Followup errors change ([#6414](https://github.com/containerd/containerd/pull/6414))
* Fix incorrect error wrapped when closing ingest file
* Fix seek error used without nil check
* Fix followup items from errors replacement
* Updates CRI API & Kubernetes to 1.23 ([#6351](https://github.com/containerd/containerd/pull/6351))
* Update k/k to 1.23.0
* Updating adoption of containerd for AKS ([#6416](https://github.com/containerd/containerd/pull/6416))
* Updating adoption of containerd for AKS
* update the adoption status of containerd in GKE ([#6413](https://github.com/containerd/containerd/pull/6413))
* update the adoption status of containerd in GKE
* go.mod: update github.com/containerd/{continuity,go-cni,imgcrypt} ([#6410](https://github.com/containerd/containerd/pull/6410))
* go.mod: update github.com/containerd/{continuity,go-cni,imgcrypt}
* replace github.com/pkg/errors with native errors ([#6366](https://github.com/containerd/containerd/pull/6366))
* feat: replace github.com/pkg/errors to errors
* corrected link in cri architecture documentation ([#6412](https://github.com/containerd/containerd/pull/6412))
* corrected link in cri architecture documentation
* remotes/docker: allow fetching "refresh token" (aka "identity token", "offline token") ([#6396](https://github.com/containerd/containerd/pull/6396))
* remotes/docker: allow fetching "refresh token" (aka "identity token")
* remotes/docker/config: allow setting custom AuthorizerOpts
* Prepare release notes for v1.6.0-beta.5 ([#6407](https://github.com/containerd/containerd/pull/6407))
* Prepare release notes for v1.6.0-beta.5
* Integration: Check GCP secrets on Windows CI artifact upload. ([#6292](https://github.com/containerd/containerd/pull/6292))
* Integration: Check GCP secrets on Windows CI artifact upload.
* Github Security Advisory [GHSA-mvff-h3cj-wj9c](https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c)
* only relabel cri managed host mounts
* Add support for Intel RDT ([#5439](https://github.com/containerd/containerd/pull/5439))
* cri: add ignore_rdt_not_enabled_errors config option
* Update dependencies
* cri: annotations for controlling RDT class
* tasks: add Linux rdt support
* cmd: add --rdt-class command line option
* oci: implement WithRdt
* fix: use _ for consistency ([#6391](https://github.com/containerd/containerd/pull/6391))
* fix: use _ for consistency
* content/local: use syscall.Timespec.Unix ([#6403](https://github.com/containerd/containerd/pull/6403))
* content/local: use syscall.Timespec.Unix
* docs: improve plugin documentation ([#6207](https://github.com/containerd/containerd/pull/6207))
* docs: document the runtime shim plugin config options
* docs: use proper markdown lists in containerd-config.toml.5.md
* fix(ctr): enable networking for Windows containers ([#6304](https://github.com/containerd/containerd/pull/6304))
* fix(ctr): enable networking for Windows containers
* Fix $(PWD) issue for Windows makefile ([#6394](https://github.com/containerd/containerd/pull/6394))
* Fix $(PWD) issue for Windows makefile
* only test abstract uds on linux ([#6395](https://github.com/containerd/containerd/pull/6395))
* fix: only test abstract unix socket on linux
* Fix restart container test ([#6390](https://github.com/containerd/containerd/pull/6390))
* Expect ErrorNotFound on Windows after Kill()
* Replace tskill with taskkill
* fix when kernel version < 4.13rc1 by using index=off cause test error ([#6291](https://github.com/containerd/containerd/pull/6291))
* fix when kernel version < 4.13rc1 by using index=off cause overlay test error
* Fix no-daemon flag for integration/client tests ([#6384](https://github.com/containerd/containerd/pull/6384))
* Fix no-daemon flag for integration/client tests
* Enable lazy init for ext4 with devicemapper ([#6122](https://github.com/containerd/containerd/pull/6122))
* Enable lazy init for ext4 with devicemapper
* Fix flakiness on Windows for list stats ([#6385](https://github.com/containerd/containerd/pull/6385))
* Fix flakiness on Windows for list stats
* cri-integration: Add Windows defaults and fix spaces issue ([#6347](https://github.com/containerd/containerd/pull/6347))
* cri-integration: Add Windows default paths
* Upgrade OpenTelemetry dependencies ([#6383](https://github.com/containerd/containerd/pull/6383))
* Upgrade k8s.io/klog/v2 from 2.9.0 to 2.20.0
* Use insecure.NewCredentials instead of grpc.WithInsecure
* Upgrade OpenTelemetry dependencies
* Fix default makefile target for windows ([#6322](https://github.com/containerd/containerd/pull/6322))
* Fix default makefile target for windows
* Disable TestContainerHook on Windows ([#6379](https://github.com/containerd/containerd/pull/6379))
* Disable TestContainerHook on Windows
* seutil: Fix setting the "container_kvm_t" label ([#6372](https://github.com/containerd/containerd/pull/6372))
* seutil: Fix setting the "container_kvm_t" label
* Remove Windows integration testing for 2004. ([#6350](https://github.com/containerd/containerd/pull/6350))
* Remove Windows integration testing for 2004.
* OCI: Mount (accessible) host devices in privileged rootless containers ([#6308](https://github.com/containerd/containerd/pull/6308))
* OCI: Mount (accessible) host devices in privileged rootless containers
* oci.getDevices(): move "non-dir, non '/dev/console'" case into switch
* cri: add support for configuring swap ([#6320](https://github.com/containerd/containerd/pull/6320))
* fixup: check for swap accounting
* fixup: handle diff between cgroupsv1 and v2
* cri: add support for configuring swap
* Integration: Enable TestVolumeOwnership on Windows ([#6275](https://github.com/containerd/containerd/pull/6275))
* Replace find with native Go code
* Enable TestVolumeOwnership on Windows
* Prepare release notes for v1.6.0-beta.4 ([#6296](https://github.com/containerd/containerd/pull/6296))
* Prepare release notes for v1.6.0-beta.4
* refactor: functions for error log and error return ([#6358](https://github.com/containerd/containerd/pull/6358))
* feat: Errorf usage
* Split apart runc shim into plugin components ([#6021](https://github.com/containerd/containerd/pull/6021))
* Use task plugin for runc shim
* Seperate shim manager and task service
* Split runc shim into plugin components
* Add shutdown package
* CRI update for sandbox sizing ([#6155](https://github.com/containerd/containerd/pull/6155))
* cri, sandbox: pass sandbox resource details if available, applicable
* medatada: make namespaces' deletion error less cryptic ([#6354](https://github.com/containerd/containerd/pull/6354))
* medatada: make namespaces' deletion error less cryptic
* ListContainerStats to return stats response if ContainerStatsFilter is nil ([#6373](https://github.com/containerd/containerd/pull/6373))
* add-list-stat: return container list if filter is nil
* integration: deflake TestContainerdRestart ([#6369](https://github.com/containerd/containerd/pull/6369))
* integration: deflake TestContainerdRestart
* feat: add timeout for bolt open ([#6225](https://github.com/containerd/containerd/pull/6225))
* feat: support custom timeout for blot open
* Update Go to 1.17.5 ([#6333](https://github.com/containerd/containerd/pull/6333))
* Update Go to 1.17.5
* cri/server: use consistent alias for pkg/ioutil ([#6332](https://github.com/containerd/containerd/pull/6332))
* cri/server: use consistent alias for pkg/ioutil
* Disable restart monitor test in Windows ([#6364](https://github.com/containerd/containerd/pull/6364))
* Disable restart monitor test in Windows
* Don't fail-fast on Windows integration tests ([#6338](https://github.com/containerd/containerd/pull/6338))
* Don't fail-fast on Windows integration tests
* Update restart monitor test to output daemon logs on failure ([#6355](https://github.com/containerd/containerd/pull/6355))
* Run windows parallel integration test as short
* Update restart monitor test to output daemon logs on failure
* go.mod: update image-spec to latest (v1.0.3-dev) ([#6263](https://github.com/containerd/containerd/pull/6263))
* images/converter: remove deprecated types
* go.mod: update image-spec to latest (v1.0.3-dev)
* Skip WithAdditionalGIDs on Darwin ([#6353](https://github.com/containerd/containerd/pull/6353))
* Skip WithAdditionalGIDs on Darwin
* Use RFC3339 format on Windows periodic resource group creation so cleanup works ([#6303](https://github.com/containerd/containerd/pull/6303))
* Use RFC3339 format so rg cleanup works
* update runc to v1.0.3 ([#6330](https://github.com/containerd/containerd/pull/6330))
* go.mod: github.com/opencontainers/runc v1.0.3
* update runc binary to v1.0.3
* Unblock native snapshotter on Darwin ([#6329](https://github.com/containerd/containerd/pull/6329))
* Allow native snapshotter on Darwin
* Do not use `go get` to install executables ([#6328](https://github.com/containerd/containerd/pull/6328))
* Do not use `go get` to install executables
* Include runtime v2 in default builtins ([#6326](https://github.com/containerd/containerd/pull/6326))
* Include runtime v2 in default builtins
* Add Windows Server 2022 CI runs ([#6314](https://github.com/containerd/containerd/pull/6314))
* Add Windows Server 2022 CI runs
* Set explicit ACL on test files ([#6324](https://github.com/containerd/containerd/pull/6324))
* Use a single RUN command
* Set explicit ACL on test files
* integration: align tags of test images ([#6311](https://github.com/containerd/containerd/pull/6311))
* integration: align tags of test images
* Set CONTAINERD_ROOT in Windows cri-integration ([#6325](https://github.com/containerd/containerd/pull/6325))
* Set CONTAINERD_ROOT in Windows cri-integration
* export oci.DeviceFromPath() ([#6312](https://github.com/containerd/containerd/pull/6312))
* export oci.DeviceFromPath()
* Update volume test images ([#6321](https://github.com/containerd/containerd/pull/6321))
* Update continuity dependency
* Update volume test images
* Update TestRestartMonitor expected time check ([#6201](https://github.com/containerd/containerd/pull/6201))
* Add error logging on cleanup
* Update TestRestartMonitor expected time check
* Move test volume images from gcr to ghcr ([#6319](https://github.com/containerd/containerd/pull/6319))
* Move volume images from gcr to ghcr
* Revert shim service plugin migration ([#6301](https://github.com/containerd/containerd/pull/6301))
* Revert shim plugin migration
* Authenticate against ghcr.io ([#6317](https://github.com/containerd/containerd/pull/6317))
* Add permissions
* Authenticate against ghcr.io
* oci/deviceFromPath(): correctly check device types ([#6306](https://github.com/containerd/containerd/pull/6306))
* oci/deviceFromPath(): correctly check device types
* Skip TestExportAndImportMultiLayer on Windows ([#6315](https://github.com/containerd/containerd/pull/6315))
* Skip TestExportAndImportMultiLayer on Windows
* Integration: Add image build workflow ([#6290](https://github.com/containerd/containerd/pull/6290))
* Add image build workflow
* Integration: Separate Windows Periodic Tests workflow trigger. ([#6286](https://github.com/containerd/containerd/pull/6286))
* Integration: Separate Windows Periodic Tests workflow trigger.
* Build volume test images on Windows ([#6274](https://github.com/containerd/containerd/pull/6274))
* Build volume test images on Windows
* Add VMware TKG & TCE to Containerd adopters ([#6297](https://github.com/containerd/containerd/pull/6297))
* Add VMware TKG & TCE to Containerd adopters
* Vagrantfile: update to Fedora 35 ([#6293](https://github.com/containerd/containerd/pull/6293))
* Vagrantfile: update to Fedora 35
* Update README.md repo->org ([#6269](https://github.com/containerd/containerd/pull/6269))
* Update README.md repo->org
* Fix executable file not found when restoring shims ([#6278](https://github.com/containerd/containerd/pull/6278))
* Fix executable file not found when restoring shims
* ctr/snapshots/diff: show media-type in stderr ([#6271](https://github.com/containerd/containerd/pull/6271))
* ctr/snapshots/diff: don't show the media-type in output
* ctr: Add Linux Capabilities control flags ([#6289](https://github.com/containerd/containerd/pull/6289))
* ctr: Add Linux Capabilities control flags
* integration: add stats result in error message ([#6270](https://github.com/containerd/containerd/pull/6270))
* integration: add stats result in error message
* releases: mark 1.4 as Extended ([#6287](https://github.com/containerd/containerd/pull/6287))
* docs: mark 1.4 as Extended
* docs: fix RELEASES.md gRPC API anchor
* feat: skip ci for fork ([#6284](https://github.com/containerd/containerd/pull/6284))
* feat: skip ci for fork
* content/local: Close the file if Seek fails ([#6280](https://github.com/containerd/containerd/pull/6280))
* content/local: Close the file if Seek fails
* Integration: Remove explicit version passing to `azure/CLI`. ([#6268](https://github.com/containerd/containerd/pull/6268))
* Integration: Remove explicit version passing to `azure/CLI`.
* Fix wrong make target on documentation ([#6276](https://github.com/containerd/containerd/pull/6276))
* Fix wrong make target on documentation
* fix: server error return ([#6272](https://github.com/containerd/containerd/pull/6272))
* fix: server error return
* Prepare release notes for v1.6.0-beta.3 ([#6267](https://github.com/containerd/containerd/pull/6267))
* Prepare release notes for v1.6.0-beta.3
* Update API version in go.mod
* Update release name to use consistent format
* feat:support custom callopts on client side ([#6254](https://github.com/containerd/containerd/pull/6254))
* fix: make max recv/send msg size setting default
* feat:support custom callopts on client side
* [CRI] Fix panic when registry.mirrors use localhost ([#6258](https://github.com/containerd/containerd/pull/6258))
* [CRI] Fix panic when registry.mirrors use localhost
* Add support for TMP override on toml ([#6241](https://github.com/containerd/containerd/pull/6241))
* Add support for TMP override on toml
* CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options ([#6170](https://github.com/containerd/containerd/pull/6170))
* CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options
* Github Security Advisory [GHSA-5j5w-g665-5m35](https://github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35)
* schema1: reject ambiguous documents
* images: validate document type before unmarshal
* [cri] add sandbox and container latency metrics ([#6111](https://github.com/containerd/containerd/pull/6111))
* [cri] add sandbox and container latency metrics
* Integration: Generalize Windows CI setup scripts for any username. ([#6255](https://github.com/containerd/containerd/pull/6255))
* Generalize Windows CI setup script for any user.
* Standardize cmdlet capitalization in Windows CI scripts.
* feat: use rwmutex instead ([#6253](https://github.com/containerd/containerd/pull/6253))
* feat: use rwmutex instead
* Allow absolute path to shim binaries ([#6206](https://github.com/containerd/containerd/pull/6206))
* Fix package alias
* Support custom runtime path when launching tasks
* Add runtime path in CreateTaskRequest
* Close file if permission modification fails ([#6246](https://github.com/containerd/containerd/pull/6246))
* Close file if permission modification fails
* release: change tar name to match prior releases ([#6250](https://github.com/containerd/containerd/pull/6250))
* release: change tar name to match prior releases
* Fix wrong error returned for image index lookup ([#6237](https://github.com/containerd/containerd/pull/6237))
* Fix wrong error returned for image index lookup
* Fix containerd fails to pull OCI image with non-`http(s)://` urls ([#6221](https://github.com/containerd/containerd/pull/6221))
* Fix containerd fails to pull OCI image with non-`http(s)://` urls
* Prepare release notes for v1.6.0-beta.2 ([#6223](https://github.com/containerd/containerd/pull/6223))
* Prepare release notes for v1.6.0-beta.2
* Add arm64 to releases ([#6196](https://github.com/containerd/containerd/pull/6196))
* Rename release dockerfile to omit distro name
* release: improve dockerfile
* Add arm64 to releases
* use write lock when updating container stats ([#6236](https://github.com/containerd/containerd/pull/6236))
* use write lock when updating container stats
* go.mod: Bump hcsshim to v0.9.1 ([#6230](https://github.com/containerd/containerd/pull/6230))
* go.mod: Bump hcsshim to v0.9.1
* go.mod: Bump ttrpc to 1.1.0 ([#6228](https://github.com/containerd/containerd/pull/6228))
* go.mod: Bump ttrpc to 1.1.0
* go.mod: bump moby/sys/symlink v0.2.0, moby/sys/signal v0.6.0, moby/sys/mountinfo v0.5.0 ([#6213](https://github.com/containerd/containerd/pull/6213))
* go.mod: github.com/moby/sys/mountinfo v0.5.0
* go.mod: github.com/moby/sys/signal v0.6.0
* go.mod: github.com/moby/sys/symlink v0.2.0
* go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
* cleanup: add more description on comment ([#6222](https://github.com/containerd/containerd/pull/6222))
* cleanup: add more description on comment
* Update Go to 1.17.3 ([#6211](https://github.com/containerd/containerd/pull/6211))
* Update Go to 1.17.3
* CI: bump up crun: 1.0 -> 1.3 ([#6214](https://github.com/containerd/containerd/pull/6214))
* CI: bump up crun: 1.0 -> 1.3
* Pin az CLI version in windows-periodic workflow ([#6205](https://github.com/containerd/containerd/pull/6205))
* Pin az CLI version
* Decouple task manager ([#5918](https://github.com/containerd/containerd/pull/5918))
* Address PR comments
* Fix build after rebase
* Migrate task directory
* Expose shim process interface
* Fix after rebase
* Cleanup shim loading
* Move shim restore to a separate file
* Fix backward compatibility with old task shims
* Add plugin dependency between shim and shim services
* Rework task create and cleanup flow
* Add task manager
* Rename task manager to shim manager
* [cri] Implement k8s 1.23 CRI Pod Sandbox and Container Stats ([#6113](https://github.com/containerd/containerd/pull/6113))
* Implement CRI container and pods stats
* Vendor latest k8s.io/cri-api and netlink
* test: Add grace period for restart monitor test ([#6200](https://github.com/containerd/containerd/pull/6200))
* test: Add grace period for restart monitor test
* integration: Enables TestRuntimeHandler for Windows ([#6179](https://github.com/containerd/containerd/pull/6179))
* integration: Enables TestRuntimeHandler for Windows
* Add mkdir on Dockerfile ([#6171](https://github.com/containerd/containerd/pull/6171))
* Add mkdir on Dockerfile
* sys/reaper: avoid leaky goroutine when exec timeout ([#6189](https://github.com/containerd/containerd/pull/6189))
* sys/reaper: avoid leaky goroutine when exec timeout
* adds additional debug out to timebox cni setup ([#6184](https://github.com/containerd/containerd/pull/6184))
* adds additional debug out to timebox cni setup
* converter: Allow hooks during image conversion ([#6176](https://github.com/containerd/containerd/pull/6176))
* converter: Allow hooks during image conversion
* compression: support zstd with skippable frame ([#6177](https://github.com/containerd/containerd/pull/6177))
* compression: support zstd with skippable frame
* integration: Enables TestVolumeCopyUp for Windows ([#6182](https://github.com/containerd/containerd/pull/6182))
* integration: Enables TestVolumeCopyUp for Windows
* integration: Enable some tests for Windows (part 2) ([#6121](https://github.com/containerd/containerd/pull/6121))
* integration: Enable some tests for Windows (part 2)
* integration: Enable some tests for Windows ([#6085](https://github.com/containerd/containerd/pull/6085))
* integration: Enable some tests for Windows
* Update doc to version 2 syntax ([#6125](https://github.com/containerd/containerd/pull/6125))
* feat(doc): update to version 2 syntax
* fix shim reaper wait command execute blocked ([#6166](https://github.com/containerd/containerd/pull/6166))
* fix shim reaper wait command execute blocked
* content: close stream after commit request ([#6145](https://github.com/containerd/containerd/pull/6145))
* content: close stream after commit request
* Generating token options with each scope as a separate string. ([#6165](https://github.com/containerd/containerd/pull/6165))
* Adding scope tests for ParseAuthHeader
* Adding tests for GenerateTokenOptions
* Generate token options with each scope as a separate string.
* vendor: Updates go-cni ([#6167](https://github.com/containerd/containerd/pull/6167))
* vendor: Updates go-cni
* commands: Enables task metrics for Windows ([#6159](https://github.com/containerd/containerd/pull/6159))
* commands: Enables task metrics for Windows
* vendor: update moby/sys for darwin support ([#6149](https://github.com/containerd/containerd/pull/6149))
* vendor: update moby/sys for darwin support
* Prepare v1.6.0-beta.1 ([#6144](https://github.com/containerd/containerd/pull/6144))
* Prepare release notes for v1.6.0-beta.1
* Update mailmap
* Update api vendor
* bump cni to spec v1.0.0 ([#6136](https://github.com/containerd/containerd/pull/6136))
* bump CNI to spec v1.0.0
* Inject otel traces to grpc client. ([#5992](https://github.com/containerd/containerd/pull/5992))
* Inject otel traces to grpc client.
* client: expose (*image).platform ([#6142](https://github.com/containerd/containerd/pull/6142))
* client: expose (*image).platform
* Adding documentation for Core Scheduling ([#6128](https://github.com/containerd/containerd/pull/6128))
* feat(doc): add Core Scheduling documentation
* Ensure namespace is proxied to grpc/ttrpc plugins ([#6130](https://github.com/containerd/containerd/pull/6130))
* Ensure namespace is proxied to grpc/ttrpc plugins
* fix #6054 MaxConcurrentDownloads is not effect when Unpack is true ([#6109](https://github.com/containerd/containerd/pull/6109))
* fix #6054 MaxConcurrentDownloads is not effect when Unpack is true
* Output a warning for label image labels instead of erroring ([#6124](https://github.com/containerd/containerd/pull/6124))
* Output a warning for label image labels instead of erroring
* Fix spelling mistake in Windows snapshotter ([#6132](https://github.com/containerd/containerd/pull/6132))
* Fix spelling mistake in Windows snapshotter
* Windows: Cleanup rm- prefixed layers ([#6126](https://github.com/containerd/containerd/pull/6126))
* Windows: Cleanup rm- prefixed layers
* cleanup deprecated package `io/ioutil ` ([#6118](https://github.com/containerd/containerd/pull/6118))
* io/ioutil package has been deprecated in Go 1.16 that replaces io/ioutil functions
* close Writer after use which may memory leak ([#6115](https://github.com/containerd/containerd/pull/6115))
* close Writer after use which may leak mem
* Adds Windows resource limits support ([#5778](https://github.com/containerd/containerd/pull/5778))
* Adds Windows resource limits support
* Prepare release notes for v1.6.0-beta.0 ([#6098](https://github.com/containerd/containerd/pull/6098))
* Prepare release notes for v1.6.0-beta.0
* Add error message to in TestContainerdRestart integration test ([#6105](https://github.com/containerd/containerd/pull/6105))
* Add error message to in TestContainerdRestart integration test
* Fix typo in the NewContainer function documentation ([#6110](https://github.com/containerd/containerd/pull/6110))
* Fix typo in the NewContainer function documentation
* Update cgroups to v1.0.2 ([#6104](https://github.com/containerd/containerd/pull/6104))
* Update cgroups to v1.0.2
* btrfs: verify file content after mount ([#6100](https://github.com/containerd/containerd/pull/6100))
* test: check file content after mount
* Update test timeout based on recent cancellations ([#6107](https://github.com/containerd/containerd/pull/6107))
* Update test timeout based on recent cancellations
* Check the pid in cri test teardown ([#6106](https://github.com/containerd/containerd/pull/6106))
* Remove extra test_teardown
* Check the pid in cri test teardown
* add runc shim support for sched core ([#6011](https://github.com/containerd/containerd/pull/6011))
* fix integration client vendor
* add runc shim support for sched core
* integration: Enables Windows containerd restart test ([#5579](https://github.com/containerd/containerd/pull/5579))
* integration: Enables Windows containerd restart test
* vendor: Bump hcsshim to 0.9.0 ([#6099](https://github.com/containerd/containerd/pull/6099))
* vendor: Bump hcsshim to 0.9.0
* [cri] Add CNI conf based on runtime class ([#4695](https://github.com/containerd/containerd/pull/4695))
* Add CNI conf based on runtime class
* Update Go to 1.17.2 ([#6102](https://github.com/containerd/containerd/pull/6102))
* Update Go to 1.17.2
* integration: Adds test for multilayer image import ([#5933](https://github.com/containerd/containerd/pull/5933))
* integration: Adds test for multilayer image import
* runtime: should fail fast if dial error on shim ([#6031](https://github.com/containerd/containerd/pull/6031))
* runtime: should fail fast if dial error on shim
* Fixes Windows containers with image volumes ([#6034](https://github.com/containerd/containerd/pull/6034))
* Windows: Fixes Windows containers with image volumes
* run `gofmt` with GO 1.17 ([#6094](https://github.com/containerd/containerd/pull/6094))
* run `gofmt` with Go 1.17
* pkg/cap: remove an outdated comment ([#6088](https://github.com/containerd/containerd/pull/6088))
* pkg/cap: remove an outdated comment
* Update go otel 1.0.1 ([#6066](https://github.com/containerd/containerd/pull/6066))
* Update go otel 1.0.1
* Update ADOPTERS.md with additional uses ([#6086](https://github.com/containerd/containerd/pull/6086))
* Update ADOPTERS.md with additional uses
* modify the way for checking cos ([#6082](https://github.com/containerd/containerd/pull/6082))
* modify the way for checking cos
* Fuzzing: Add fuzzers + small modifications ([#5915](https://github.com/containerd/containerd/pull/5915))
* Fuzzing: Add 4 fuzzers + small modifications
* Fixes for Windows CI ([#6081](https://github.com/containerd/containerd/pull/6081))
* Pin mingw to version 10.2.0
* Update to golang 1.17.1
* Install nssm
* Github Security Advisory [GHSA-c2h3-6mxw-7mvq](https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq)
* btrfs: reduce permissions on plugin directories
* v1 runtime: reduce permissions for bundle dir
* v2 runtime: reduce permissions for bundle dir
* task service: return known error type ([#6079](https://github.com/containerd/containerd/pull/6079))
* task service: return known error type
* refactor: move from io/ioutil to io and os package ([#5973](https://github.com/containerd/containerd/pull/5973))
* refactor: move from io/ioutil to io and os package
* fix: import from k8s.io/utils/clock instead ([#6076](https://github.com/containerd/containerd/pull/6076))
* fix: update vendor
* cleanup: import from k8s.io/utils/clock/testing instead
* cleanup: import from k8s.io/utils/clock instead
* feat: enable integration cri remote client to call with grpc calloptions ([#6069](https://github.com/containerd/containerd/pull/6069))
* feat: enable cri remote client to call with grpc calloptions
* cleanup k8s ansible yaml (carry for #5713) ([#6074](https://github.com/containerd/containerd/pull/6074))
* cleanup k8s ansible yaml (carry for https://github.com/jayonlau <jayonlau@gmail.com>)
* feat: support import image for specific platform ([#6070](https://github.com/containerd/containerd/pull/6070))
* fix: wrong flag type
* feat: support import image for specific platform
* Update mirror images to take target image name ([#6065](https://github.com/containerd/containerd/pull/6065))
* Update mirror images to take target image name
* fix: make exec-id flag required in exec command ([#6059](https://github.com/containerd/containerd/pull/6059))
* fix: make exec-id flag required in exec command
* images: enable converter to uncompress zstd ([#6052](https://github.com/containerd/containerd/pull/6052))
* images: enable converter to uncompress zstd
* replace deprecated function with Domain and Path ([#5922](https://github.com/containerd/containerd/pull/5922))
* replace deprecated function
* integration: Adds Windows HostProcess tests ([#5853](https://github.com/containerd/containerd/pull/5853))
* integration: Adds Windows HostProcess tests
* Fix main branch build is broken ([#6047](https://github.com/containerd/containerd/pull/6047))
* Fix main branch build is broken
* Add open telemetry logging hook for logrus ([#6003](https://github.com/containerd/containerd/pull/6003))
* Add open telemetry logging hook for logrus
* Change `oci.WithUser` behavior for LCOW ([#6023](https://github.com/containerd/containerd/pull/6023))
* Change oci.WithUser behavior for LCOW
* switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound) ([#5946](https://github.com/containerd/containerd/pull/5946))
* switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound)
* import: Raise error if the imported image is filtered out ([#5926](https://github.com/containerd/containerd/pull/5926))
* import: Raise error if the imported image is filtered out
* Fix panic in metadata content writer on copy error ([#6043](https://github.com/containerd/containerd/pull/6043))
* Fix panic in metadata content writer on copy error
* Move tracing to plugin ([#6001](https://github.com/containerd/containerd/pull/6001))
* Move tracing to plugin
* ctr: Fixes Windows image import ([#5916](https://github.com/containerd/containerd/pull/5916))
* ctr: Fixes Windows image import
* update open go.opentelemetry.io v1.0.0 to fix import path ([#6017](https://github.com/containerd/containerd/pull/6017))
* go.mod: update opentelemetry modules to v1.0.0
* fix error string format ([#5979](https://github.com/containerd/containerd/pull/5979))
* fix error string format
* Add github action to mirror image ([#6036](https://github.com/containerd/containerd/pull/6036))
* Add github action to mirror image
* add current process state to the error message ([#6027](https://github.com/containerd/containerd/pull/6027))
* add current process state to the error message
* FreeBSD: fix tar headers & the nil check on getxattr ([#5991](https://github.com/containerd/containerd/pull/5991))
* FreeBSD: fix tar headers & the nil check on getxattr
* gha: collect VMs' IP addresses ([#6035](https://github.com/containerd/containerd/pull/6035))
* gha: collect Vagrant VMs' IP addresses
* bump continuity and console version that remove pkg/errors ([#6033](https://github.com/containerd/containerd/pull/6033))
* bump continuity and console version that remove pkg/errors
* import: Add option to prevent duplicated digest image ([#5997](https://github.com/containerd/containerd/pull/5997))
* import: Add option to skip creating digest image
* ctr namespaces: improve usage string ([#5998](https://github.com/containerd/containerd/pull/5998))
* ctr namespaces: improve usage string
* bump console version to v1.0.3 that remove pkg/errors ([#6028](https://github.com/containerd/containerd/pull/6028))
* bump console version to v1.0.3 that remove pkg/errors
* Use github images for integration tests ([#6032](https://github.com/containerd/containerd/pull/6032))
* Use github images for integration tests
* Fix typo ([#5995](https://github.com/containerd/containerd/pull/5995))
* Fix typo
* Enable image config labels in ctr and CRI container creation ([#6012](https://github.com/containerd/containerd/pull/6012))
* Enable image config labels in ctr and CRI container creation
* Make sure exit signals trigger an exit during init ([#5970](https://github.com/containerd/containerd/pull/5970))
* Make sure exit signals trigger an exit during init
* task delete: Closes task IO before waiting ([#5974](https://github.com/containerd/containerd/pull/5974))
* task delete: Closes task IO before waiting
* CI: bump up crun to 1.0 ([#5985](https://github.com/containerd/containerd/pull/5985))
* CI: bump up crun to 1.0
* seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted) ([#5982](https://github.com/containerd/containerd/pull/5982))
* seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)
* Update to Go 1.17.1 ([#5990](https://github.com/containerd/containerd/pull/5990))
* Update to Go 1.17.1
* CI: Switch to available latest images ([#5987](https://github.com/containerd/containerd/pull/5987))
* CI: Switch to available latest images
* add xfs support to devicemapper snapshotter ([#5610](https://github.com/containerd/containerd/pull/5610))
* add xfs support to devicemapper snapshotter
* Fixes task kill --force on Windows ([#5956](https://github.com/containerd/containerd/pull/5956))
* Fixes task kill --force on Windows
* Add support for shim plugins ([#5817](https://github.com/containerd/containerd/pull/5817))
* Add support for shim plugins
* vendor: update continuity for darwin support ([#5976](https://github.com/containerd/containerd/pull/5976))
* vendor: update continuity for darwin support
* replace uses of os/exec with golang.org/x/sys/execabs ([#5906](https://github.com/containerd/containerd/pull/5906))
* replace uses of os/exec with golang.org/x/sys/execabs
* complete integration test for pulling image with labels ([#5972](https://github.com/containerd/containerd/pull/5972))
* Additional integration tests for pulling image with labels
* Fix content copy to not ignore unexpected EOF ([#5966](https://github.com/containerd/containerd/pull/5966))
* Fix content copy to not ignore unexpected EOF
* add ip_pref CNI options for primary pod ip ([#5964](https://github.com/containerd/containerd/pull/5964))
* add ip_pref CNI options for primary pod ip
* cri: add devices for privileged container ([#5939](https://github.com/containerd/containerd/pull/5939))
* cri: add devices for privileged container
* sandbox: Allows the sandbox to be deleted in NotReady state ([#5954](https://github.com/containerd/containerd/pull/5954))
* sandbox: Allows the sandbox to be deleted in NotReady state
* pin protobuild version to tag ([#5969](https://github.com/containerd/containerd/pull/5969))
* pin protobuild version to tag
* Add metric exposing build version&revision ([#5965](https://github.com/containerd/containerd/pull/5965))
* use a const metric for build_info
* Add metric exposing build version&revision
* Feature: containerd-cri support LinuxContainerResources.Unified ([#5627](https://github.com/containerd/containerd/pull/5627))
* add cri test case
* feature: add field LinuxContainerResources.Unified on cri
* integration: investigate TestRestartMonitor's failure ([#5861](https://github.com/containerd/containerd/pull/5861))
* integration: investigate TestRestartMonitor's failure
* Use issue forms for bug reporting ([#5917](https://github.com/containerd/containerd/pull/5917))
* Address issue forms feedback
* Use issue forms for bug reporting
* cri: patch update image labels ([#5945](https://github.com/containerd/containerd/pull/5945))
* cri: patch update image labels
* darwin: runtime support ([#5936](https://github.com/containerd/containerd/pull/5936))
* darwin: runtime support
* darwin: use the default values for socketRoot variable
* Update RELEASES.md ([#5858](https://github.com/containerd/containerd/pull/5858))
* Update RELEASES.md
* archive: Add WriteDiff error logs ([#5949](https://github.com/containerd/containerd/pull/5949))
* archive: Add WriteDiff error logs
* replace deprecated Dialer with ContextDialer ([#5958](https://github.com/containerd/containerd/pull/5958))
* replace deprecated Dail with DailContext
* Add WS2022 support in Windows Periodic tests ([#5951](https://github.com/containerd/containerd/pull/5951))
* Add WS2022 support in Windows Periodic tests
* Content fuzzer: Clean up temp store dir ([#5943](https://github.com/containerd/containerd/pull/5943))
* content fuzzer: Clean up tempdir
* using Hosts replace deprecated field ([#5944](https://github.com/containerd/containerd/pull/5944))
* using Hosts replace deprecated field
* fix document non-synchronous ([#5947](https://github.com/containerd/containerd/pull/5947))
* fix document non-synchronous in crictl.md
* go.mod: Update hcsshim to v0.8.21 ([#5929](https://github.com/containerd/containerd/pull/5929))
* go.mod: Update hcsshim to v0.8.21
* Makefile.linux: build on RISC-V with PIE ([#5937](https://github.com/containerd/containerd/pull/5937))
* Makefile.linux: build on riscv with PIE
* Fix cwd flag for `ctr tasks exec` ([#5932](https://github.com/containerd/containerd/pull/5932))
* Fix cwd flag for `ctr tasks exec`
* Update Pause image in tests & config ([#5927](https://github.com/containerd/containerd/pull/5927))
* Update Pause image in tests & config
* cri: Devices ownership from SecurityContext ([#5122](https://github.com/containerd/containerd/pull/5122))
* cri: Devices ownership from SecurityContext
* Fix pull fails on unexpected EOF ([#5921](https://github.com/containerd/containerd/pull/5921))
* Fix pull fails on unexpected EOF
* Fix dir support for devices ([#5845](https://github.com/containerd/containerd/pull/5845))
* Adding testing of two devices
* Fix dir support for devices V3 (#4847)
* windows: The DefaultSpec platform should match the Default matcher ([#5914](https://github.com/containerd/containerd/pull/5914))
* windows: The DefaultSpec platform should match the Default matcher
* Add RunAsUserName functionality for the Windows pod sandbox container ([#5865](https://github.com/containerd/containerd/pull/5865))
* Add RunAsUserName functionality for the Windows Pod Sandbox Container
* bump up runc v1.0.2 ([#5899](https://github.com/containerd/containerd/pull/5899))
* go.mod: update runc to v1.0.2
* update runc binary to v1.0.2
* Run `go fmt` with Go 1.17 ([#5903](https://github.com/containerd/containerd/pull/5903))
* Run `go fmt` with Go 1.17
* go.mod: github.com/pelletier/go-toml v1.9.3 ([#5905](https://github.com/containerd/containerd/pull/5905))
* go.mod: github.com/pelletier/go-toml v1.9.3
* cri: filter selinux xattr for image volumes ([#5902](https://github.com/containerd/containerd/pull/5902))
* cri: filter selinux xattr for image volumes
* Add Windows HostProcess Support ([#5131](https://github.com/containerd/containerd/pull/5131))
* Added windows hostProcess cni skip
* script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0 ([#5897](https://github.com/containerd/containerd/pull/5897))
* script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0
* Update to Go 1.17 ([#5889](https://github.com/containerd/containerd/pull/5889))
* Bump integration timeout to 35 min
* Update to Go 1.17
* integration: fix TestContainerPids ([#5896](https://github.com/containerd/containerd/pull/5896))
* integration: fix TestContainerPids
* [ctr] add HOSTNAME env for host network ([#5891](https://github.com/containerd/containerd/pull/5891))
* [ctr] add HOSTNAME env for host network
* Fuzzing: Add fuzzer ([#5886](https://github.com/containerd/containerd/pull/5886))
* Fuzzing: Add fuzzer
* Make Cgroup driver configurable in gce configure script ([#5884](https://github.com/containerd/containerd/pull/5884))
* Add env for SystemdCgroup driver
* Allow expanded DNS configuration ([#5878](https://github.com/containerd/containerd/pull/5878))
* Allow expanded DNS configuration
* Fuzzing: Add 4 fuzzers ([#5863](https://github.com/containerd/containerd/pull/5863))
* Fuzzing: Add 4 fuzzers
* Cleanup v2 shim ([#5813](https://github.com/containerd/containerd/pull/5813))
* Cleanup v2 shim
* Fuzzing: Add experimental version of container fuzzer ([#5840](https://github.com/containerd/containerd/pull/5840))
* Use http.Get to download binaries instead of exec.Command
* Fuzzing: Add experimental version of container fuzzer
* add cpu-shares to ctr ([#5846](https://github.com/containerd/containerd/pull/5846))
* add cpu-shares to ctr
* docs: rename master to main (it was opposite on the actual commit) ([#5847](https://github.com/containerd/containerd/pull/5847))
* docs: rename main to master
* content: return the error with its timestamp ([#5849](https://github.com/containerd/containerd/pull/5849))
* content: return the error with its timestamp
* Fix bad `make protos` failure ([#5857](https://github.com/containerd/containerd/pull/5857))
* Fix bad `make protos` failure
* replace cri and point to new location ([#5851](https://github.com/containerd/containerd/pull/5851))
* archive docs and point to new location fix #https://github.com/containerd/cri/issues/1624
* docs: remove FOSSA's badge ([#5856](https://github.com/containerd/containerd/pull/5856))
* docs: remove FOSSA's badge
* BUILDING.md: remove some bits about building runc ([#5850](https://github.com/containerd/containerd/pull/5850))
* BUILDING.md: remove some bits about building runc
* BUILDING.md: markdown fixes
* go.mod: update k8s deps to v1.22.0 ([#5836](https://github.com/containerd/containerd/pull/5836))
* go.mod: update kubernetes to v1.22.0
* [Scripts] Add trap to cri-integration test script ([#5852](https://github.com/containerd/containerd/pull/5852))
* Add trap to cri-integration test script
* docs: list all snapshotter-related build flags ([#5848](https://github.com/containerd/containerd/pull/5848))
* docs: list all snapshotter-related build flags
* Move plugin context events into separate plugin ([#5835](https://github.com/containerd/containerd/pull/5835))
* Move plugin context events into separate plugin
* Fix Linux CI Linter using Go 1.15.14 ([#5839](https://github.com/containerd/containerd/pull/5839))
* Fix Linux CI Linter using go 1.15.14
* Update Go to 1.16.7 ([#5842](https://github.com/containerd/containerd/pull/5842))
* Update Go to 1.16.7
* Cleanup CI ([#5838](https://github.com/containerd/containerd/pull/5838))
* Cleanup CI
* Remove redundant build tags ([#5834](https://github.com/containerd/containerd/pull/5834))
* Remove redundant build tags
* Change default directories on Darwin ([#5830](https://github.com/containerd/containerd/pull/5830))
* Change default directories on Darwin
* [otel-tracing] Initial opentelemetry support ([#5731](https://github.com/containerd/containerd/pull/5731))
* [otel-tracing] vendor and go modules changes
* [otel-tracing] Initial opentelemetry support
* remove go 1.13 from containerd
* Fuzzing: Fix for OSS-fuzz issue 36825 ([#5829](https://github.com/containerd/containerd/pull/5829))
* Fuzzing: Fix for OSS-fuzz issue 36825
* Fuzzing: Add two fuzzers ([#5825](https://github.com/containerd/containerd/pull/5825))
* Fuzzing: Add two more fuzzers
* scripts: linting fixes, and remove support for Debian Jessie (as it's EOL) ([#5760](https://github.com/containerd/containerd/pull/5760))
* scripts: declare ROOT closer to where it's used, and some DRY changes
* scripts: add missing quotes, and minor linting issues
* test/build-utils.sh: remove support for Debian Jessie
* platforms: Format(): use path.Join() instead of joinNotEmpty() ([#5821](https://github.com/containerd/containerd/pull/5821))
* platforms: Format(): use path.Join() instead of joinNotEmpty()
* Fuzzing: Remove panics of container_fuzzer ([#5823](https://github.com/containerd/containerd/pull/5823))
* Fuzzing: Remove panics of container_fuzzer
* Fuzzing: Add container fuzzer ([#5785](https://github.com/containerd/containerd/pull/5785))
* Change protoc link
* Split fuzzer to two fuzzers
* Fuzzing: Add container fuzzer
* runtime: fix the issue of create new socket with abstract address ([#5746](https://github.com/containerd/containerd/pull/5746))
* runtime: fix the issue of create new socket with abstract address
* mergo: Upgrade to 0.3.12 to fix panic ([#5809](https://github.com/containerd/containerd/pull/5809))
* mergo: Upgrade to 0.3.12 to fix panic
* ci: install criu from PPA ([#5802](https://github.com/containerd/containerd/pull/5802))
* ci: install criu from PPA
* Update release workflow to upload binary without CNI ([#5144](https://github.com/containerd/containerd/pull/5144))
* Split release steps into multiple tasks
* Update release workflow to upload binary without CNI
* Enable critest on Windows Periodic Jobs ([#5725](https://github.com/containerd/containerd/pull/5725))
* Enable critest on Windows
* Script to check if entries in go.mod files are in sync ([#5792](https://github.com/containerd/containerd/pull/5792))
* Script to check if entries in go.mod files are in sync
* Add a sharedNamespace label ([#5043](https://github.com/containerd/containerd/pull/5043))
* Add shared content label to namespaces
* platforms: add "ios" as known OS, "loong64" as known ARCH ([#5784](https://github.com/containerd/containerd/pull/5784))
* platforms: add "ios" as known OS, "loong64" as known ARCH
* Updates the location of protobuf downloads ([#5804](https://github.com/containerd/containerd/pull/5804))
* Updates the location of protobuf downloads in docs
* Update protobuf install to use correct repository ([#5803](https://github.com/containerd/containerd/pull/5803))
* Update protobuf install to use correct repository
* overlay: expose upperdir location of each snapshot via an optional label ([#5624](https://github.com/containerd/containerd/pull/5624))
* overlay: add an optional label of upperdir location of each snapshot
* Support SIGRTMIN+n signals ([#5693](https://github.com/containerd/containerd/pull/5693))
* Support SIGRTMIN+n signals
* respect context timeout in shim binary call ([#5800](https://github.com/containerd/containerd/pull/5800))
* respect context timeout in shim binary call
* Introduce a new go module - containerd/api for use in standalone clients ([#5716](https://github.com/containerd/containerd/pull/5716))
* Introduce a new go module - containerd/api for use in standalone clients
* grpc config add options tcp_client_ca_cert ([#5606](https://github.com/containerd/containerd/pull/5606))
* grpc config add options tcp_tls_ca
* integration: Windows volume-copy-up images ([#5162](https://github.com/containerd/containerd/pull/5162))
* integration: Windows volume-copy-up images
* add CRI support matrix to RELEASES.md ([#5795](https://github.com/containerd/containerd/pull/5795))
* add CRI support matrix to RELEASES.md
* adding a little more clarity ([#5794](https://github.com/containerd/containerd/pull/5794))
* adding a little more clarity
* update gotestsum to v1.7.0 ([#5793](https://github.com/containerd/containerd/pull/5793))
* update gotestsum to v1.7.0
* Discard blocks when removing a thin device ([#5756](https://github.com/containerd/containerd/pull/5756))
* Discard blocks when removing a thin device
* Makefile: fix passing build tags ([#5590](https://github.com/containerd/containerd/pull/5590))
* Makefile: pass build tags to manpage build process
* Makefile: fix tags parameter computation
* Add runtime label to metrics ([#5744](https://github.com/containerd/containerd/pull/5744))
* Add runtime label to metrics
* interface about shim build check ([#5745](https://github.com/containerd/containerd/pull/5745))
* interface about shim build check
* integration: log all processes to investigate the test failure ([#5775](https://github.com/containerd/containerd/pull/5775))
* integration: log all processes to investigate the test failure
* Fuzzing: Add archive fuzzer ([#5779](https://github.com/containerd/containerd/pull/5779))
* Fuzzing: Add archive fuzzer
* Add docker.Fetch fuzzer ([#5687](https://github.com/containerd/containerd/pull/5687))
* Add docker fetch fuzzer
* Support custom compressor for walking differ ([#5735](https://github.com/containerd/containerd/pull/5735))
* Support custom compressor for walking differ
* remotes/docker/pusher.go: Fix missing Close() on push to docker remote ([#5770](https://github.com/containerd/containerd/pull/5770))
* remotes/docker/pusher.go: Fix missing Close()
* remotes/docker/fetcher.go: Fix missing Close() on fetch from docker remote ([#5769](https://github.com/containerd/containerd/pull/5769))
* remotes/docker/fetcher.go: Fix missing Close()
* Update cpuguy83/go-md2man binary to v2.0.1 ([#5771](https://github.com/containerd/containerd/pull/5771))
* Update cpuguy83/go-md2man binary to v2.0.1
* Refactor / optimize contrib/Dockerfile.test ([#5750](https://github.com/containerd/containerd/pull/5750))
* Dockerfile.test: build containerd in separate stage
* Dockerfile.test: add GOLANG_IMAGE build arg to allow overriding
* Dockerfile.test: clean up apt indexes after installing
* Dockerfile.test: build critools in a separate stage
* Dockerfile.test: build cni in a separate stage
* Dockerfile.test: standard directory to collect build aftifacts
* Dockerfile.test: split dev stage, and optimize order
* Dockerfile.test: skip curl, gcc, git and make install
* install-critools: make sure DESTDIR exists
* update gotestsum to current master ([#5754](https://github.com/containerd/containerd/pull/5754))
* update gotestsum to current master
* Github Security Advisory [GHSA-c72p-9xmj-rx3w](https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w)
* Add test for archive breakout test for lchmod
* Use systemd cgroup driver for Kubernetes e2e tests with cgroupsv2 ([#5755](https://github.com/containerd/containerd/pull/5755))
* Use systemd cgroup driver for cgroupv2 tests
* update runc to v1.0.1 ([#5751](https://github.com/containerd/containerd/pull/5751))
* go.mod: runc v1.0.1
* update runc binary to v1.0.1
* runtime: runc v2: remove redundant validation ([#5737](https://github.com/containerd/containerd/pull/5737))
* runtime: runc v2: remove redundant validation
* Add timestamp to flaky restart monitor test ([#5727](https://github.com/containerd/containerd/pull/5727))
* Move loop check to before sleep
* Add timestamp to flaky restart monitor test
* Update Go to 1.16.6 ([#5722](https://github.com/containerd/containerd/pull/5722))
* integration/client: go mod tidy
* Update Go to 1.16.6
* client: surface a connection error more clearly ([#4447](https://github.com/containerd/containerd/pull/4447))
* client: surface a connection error more clearly
* Fix missing Body.Close() calls on push to docker remote ([#5712](https://github.com/containerd/containerd/pull/5712))
* Fix missing Body.Close() calls on push to docker remote
* remove pkg/cri/platforms package ([#5710](https://github.com/containerd/containerd/pull/5710))
* remove pkg/cri/platforms package
* Allow WithServices to use custom implementations ([#5709](https://github.com/containerd/containerd/pull/5709))
* Allow WithServices to use custom implementations
* [Vendor] Update hcsshim to 0.8.18 ([#5673](https://github.com/containerd/containerd/pull/5673))
* [Vendor] Update hcsshim to 0.8.18
* test integration: Adds a test that restarts a failed container ([#5578](https://github.com/containerd/containerd/pull/5578))
* test integration: Adds a test that restarts a failed container
* [CRI] move up to CRI v1 and support v1alpha in parallel ([#5619](https://github.com/containerd/containerd/pull/5619))
* use fu wei's suggeted interface pick for marshaling
* add alpha version
* move up to CRI v1 and support v1alpha in parallel
* gha: make release workflow work in forks ([#5682](https://github.com/containerd/containerd/pull/5682))
* gha: make release workflow work in forks
* Add unit test for plugin ([#5666](https://github.com/containerd/containerd/pull/5666))
* Add unit test for plugin
* Dockerfile.test: add "cri-in-userns" (aka rootless) test stage ([#5700](https://github.com/containerd/containerd/pull/5700))
* Dockerfile.test: add "cri-in-userns" (aka rootless) test stage
* Update for distribution spec 1.0 ([#5676](https://github.com/containerd/containerd/pull/5676))
* Add support for registry host path override
* Update documenation for OCI distribution 1.0
* archive: cleanup lchmod logic ([#5702](https://github.com/containerd/containerd/pull/5702))
* Cleanup lchmod logic in archive
* Install specific golang version in Windows CI. ([#5571](https://github.com/containerd/containerd/pull/5571))
* Install specific golang version in Windows CI.
* Add ctr command label in NewContainerOpts ([#5660](https://github.com/containerd/containerd/pull/5660))
* feat: Add snapshotter label to the new snapshot for container.
* snapshot/devmapper: log exported methods correctly ([#5655](https://github.com/containerd/containerd/pull/5655))
* snapshot/devmapper: log exported methods correctly
* Makefile: fix DESTDIR and PREFIX concatenation ([#5662](https://github.com/containerd/containerd/pull/5662))
* Makefile: fix DESTDIR and PREFIX concatenation
* Cri integration cleanup ([#5287](https://github.com/containerd/containerd/pull/5287))
* tests: Use EnsureImageExists for image pulling
* tests: Refactors PodSandbox creation
* move sys.FMountat() into mount package and un-export ([#5641](https://github.com/containerd/containerd/pull/5641))
* un-export mount.FMountat
* move sys.FMountat() into mount package
* sandbox: send pod UID to CNI plugins as K8S_POD_UID ([#5640](https://github.com/containerd/containerd/pull/5640))
* sandbox: send pod UID to CNI plugins as K8S_POD_UID
* sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils ([#5639](https://github.com/containerd/containerd/pull/5639))
* sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils
* content/local: inline sys.StatATimeAsTime() ([#5633](https://github.com/containerd/containerd/pull/5633))
* content/local: inline sys.StatATimeAsTime()
* allow multi gpu to be specified via ctr ([#5636](https://github.com/containerd/containerd/pull/5636))
* allow multi gpu to be specified via ctr
* go.mod: runc v1.0.0
* update runc binary to v1.0.0 GA
* fixing some doc links ([#5629](https://github.com/containerd/containerd/pull/5629))
* fixing some doc links
* Sync integration/go.mod with root go.mod ([#5623](https://github.com/containerd/containerd/pull/5623))
* Sync integration/go.mod with root go.mod
* archive: Expose ChangeWriter to allow customized diff computing ([#5615](https://github.com/containerd/containerd/pull/5615))
* archive: Expose ChangeWriter to allow customized diff computing
* CI: Switch to the available latest images ([#5625](https://github.com/containerd/containerd/pull/5625))
* CI: Switch to available latest images
* fix deprecation config for default runtime
* Re-enable criu in main integration runs ([#5614](https://github.com/containerd/containerd/pull/5614))
* Re-enable criu in main integration runs
* runtime,v2: Enable debug when containerd is on debug+ log level ([#5617](https://github.com/containerd/containerd/pull/5617))
* runtime,v2: Enable debug when containerd is on debug+ log level
* github.com/golang/protobuf/proto is deprecated
* Update github.com/golang/protobuf from v1.3.5 to v1.4.3
* Update google.golang.org/grpc from v1.27.1 to v1.38.0
* Increase golangci-lint timeout
* ctr flags of container rootfs propagation ([#5611](https://github.com/containerd/containerd/pull/5611))
* command line flags of setting container rootfs propagation
* add cgroupv2 setup for cos with a flag
* Update gotestsum to add timestamps to junit output ([#5612](https://github.com/containerd/containerd/pull/5612))
* Update gotestsum to add timestamps to junit output
* Allow to pass --no-cgroups option to nvidia-container-cli ([#5604](https://github.com/containerd/containerd/pull/5604))
* Allow to pass --no-cgroup option to nvidia-container-cli
* Makefile: FHS conformant manpage installation pathes ([#5577](https://github.com/containerd/containerd/pull/5577))
* Makefile: FHS conformant manpage installation pathes
* Add proper Go version before project checks ([#5594](https://github.com/containerd/containerd/pull/5594))
* Add proper Go version before project checks
* Enable cri-integration in Windows Periodic Tests ([#5580](https://github.com/containerd/containerd/pull/5580))
* Enable cri-integration in Windows Periodic Tests
* adds explanation for seccomp unset/unconfined default vs runtime default ([#5573](https://github.com/containerd/containerd/pull/5573))
* adds explanation for seccomp unset/unconfined default vs runtime default
* Fix cleanup context of teardownPodNetwork ([#5569](https://github.com/containerd/containerd/pull/5569))
* Fix cleanup context of teardownPodNetwork
* update integration/client go.sum ([#5572](https://github.com/containerd/containerd/pull/5572))
* update integration/client go.sum
* Revert diff/walking error change ([#5566](https://github.com/containerd/containerd/pull/5566))
* Revert diff/walking error change
* Update opencontainers/selinux to v1.8.2 ([#5562](https://github.com/containerd/containerd/pull/5562))
* Update opencontainers/selinux to v1.8.2
* fix invalid validation error checking ([#5565](https://github.com/containerd/containerd/pull/5565))
* fix invalid validation error checking
* diff/walking: fix defer cleanup ([#5551](https://github.com/containerd/containerd/pull/5551))
* diff/walking: fix defer cleanup
* Windows periodic job: Add creation timestamp to RG ([#5559](https://github.com/containerd/containerd/pull/5559))
* Add creation timestamp to RG
* Fix error case in Windows layer cleanup ([#5328](https://github.com/containerd/containerd/pull/5328))
* Fix error case in Windows layer cleanup
* Use DeactivateLayer to unlock layers that we cannot rename ([#5422](https://github.com/containerd/containerd/pull/5422))
* Small typo fix "reimporst"
* Use DeactivateLayer to recover layers that we cannot rename
* tests: Symlink volume tests ([#5284](https://github.com/containerd/containerd/pull/5284))
* tests: Symlink volume tests
* Makefile: fix DESTDIR environment variable behaviour ([#5535](https://github.com/containerd/containerd/pull/5535))
* Makefile: fix DESTDIR environment variable behaviour
* Change Wrapf of non-error to an actual error ([#5560](https://github.com/containerd/containerd/pull/5560))
* Change Wrapf of non-error to an actual error
* Install apparmor parser for arm64 environment
* scrub the stale TODO ([#5536](https://github.com/containerd/containerd/pull/5536))
* scrub the stale TODO
* docs: explicitly mention containerd's Prometheus path ([#5554](https://github.com/containerd/containerd/pull/5554))
* docs: explicitly mention containerd's Prometheus path
* integration: Cleanup containerd on test teardown ([#5553](https://github.com/containerd/containerd/pull/5553))
* integration: Cleanup containerd on test teardown
* docs/cri: update links ([#5548](https://github.com/containerd/containerd/pull/5548))
* docs/cri: update ocicrypt link
* docs/cri: fix broken links
* Update Windows periodic tests ([#5544](https://github.com/containerd/containerd/pull/5544))
* Update Windows periodic tests
* Add CI periodic Windows Jobs. ([#5165](https://github.com/containerd/containerd/pull/5165))
* Schedule Windows job daily after midnight.
* Update windows-periodic.yml
* Add CI periodic Windows Jobs.
* Rename atomicWrite to writeToCompletion ([#5273](https://github.com/containerd/containerd/pull/5273))
* Rename atomicWrite to writeToCompletion
* Do not run btrfs tests if btrfs kernel module is not loaded ([#5539](https://github.com/containerd/containerd/pull/5539))
* Do not run btrfs tests if btrfs kernel module is not loaded
* Fix incorrect UA used for registry authentication ([#5533](https://github.com/containerd/containerd/pull/5533))
* Fix incorrect UA used for registry authentication
* ctr: parse mount options with embedded = character ([#5531](https://github.com/containerd/containerd/pull/5531))
* ctr: parse mount options with embedded = character
* Fix mounts for FreeBSD ([#5472](https://github.com/containerd/containerd/pull/5472))
* Add ruleset=4 option
* Remove mountpoints not commonly mounted on FreeBSD
* Add copyright header & make sure compilation succeeds on all platforms
* Fix mounts for FreeBSD
* ctr: make exec pty behavior consistent with run ([#5527](https://github.com/containerd/containerd/pull/5527))
* ctr: exec handle pty resize after Start
* ctr: exec setup IO with console
* Makefile: use $@ for target file names ([#5534](https://github.com/containerd/containerd/pull/5534))
* Makefile: use $@ for target file names
* Fix small typo ([#5528](https://github.com/containerd/containerd/pull/5528))
* Fix small typo
* Don't check for apparmor_parser to be present ([#5519](https://github.com/containerd/containerd/pull/5519))
* update the link
* Don't check for apparmor_parser to be present
* Remove useless lines ([#5520](https://github.com/containerd/containerd/pull/5520))
* Remove useless lines
* Fixed typos in docs ([#5509](https://github.com/containerd/containerd/pull/5509))
* fixed typos
* Try next mirror in case of non-404 errors, too ([#5275](https://github.com/containerd/containerd/pull/5275))
* Try next mirror in case of non-404 errors, too
* bump runc version to v1.0.0-rc95 ([#5514](https://github.com/containerd/containerd/pull/5514))
* bump runc version to v1.0.0-rc95
* update runc binary to v1.0.0-rc95 ([#5511](https://github.com/containerd/containerd/pull/5511))
* update runc binary to v1.0.0-rc95
* Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0 ([#5508](https://github.com/containerd/containerd/pull/5508))
* Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0
* Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1 ([#5507](https://github.com/containerd/containerd/pull/5507))
* Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
* Makefile: allow overriding install command via environment ([#5493](https://github.com/containerd/containerd/pull/5493))
* Makefile: allow overriding install command via environment
* tests: Adds support for Windows cri-integration tests ([#5163](https://github.com/containerd/containerd/pull/5163))
* tests: Adds support for Windows cri-integration tests
* Update docker resolver to authorize redirects ([#5504](https://github.com/containerd/containerd/pull/5504))
* Update docker resolver to authorize redirects
* bump hcsshim version to v0.8.17 ([#5505](https://github.com/containerd/containerd/pull/5505))
* bump hcsshim version to v0.8.17
* Release binary update for imgcrypt ([#5498](https://github.com/containerd/containerd/pull/5498))
* just release ctd-decoder not ctr-enc
* Merge remote-tracking branch 'upstream/master'
* Pin integration test image for alpine
* cri-integration tests: Pull images once ([#5313](https://github.com/containerd/containerd/pull/5313))
* tests: Prepull images used in tests
* plugin: optimize the check for the last registration ([#5440](https://github.com/containerd/containerd/pull/5440))
* plugin: optimize the check for the last registration
* metadata: modify NewLeaseManager to return leases.Manager ([#5465](https://github.com/containerd/containerd/pull/5465))
* metadata: modify NewLeaseManager to return leases.Manager
* Skip TLS verification for localhost ([#5100](https://github.com/containerd/containerd/pull/5100))
* Skip TLS verification for localhost
* Merge remote-tracking branch 'upstream/master'
* Makefile: make sure manpages are built before install-man ([#5492](https://github.com/containerd/containerd/pull/5492))
* Makefile: make sure manpages are built before install-man
* adds description for hosts.toml ([#5309](https://github.com/containerd/containerd/pull/5309))
* adds credentials description
* adds description for hosts.toml
* Prepare default branch rename ([#5459](https://github.com/containerd/containerd/pull/5459))
* Prepare default branch rename
* Merge remote-tracking branch 'upstream/master'
* Update runc to rc94 ([#5473](https://github.com/containerd/containerd/pull/5473))
* Update vendored runc to v1.0.0.0-rc94
* Update the runc binary used with containerd to runc v1.0.0-rc94
* Fix `content.ReaderAt` close ([#5468](https://github.com/containerd/containerd/pull/5468))
* Fix content.ReaderAt close
* Update releases doc with updated support timeline ([#5466](https://github.com/containerd/containerd/pull/5466))
* Update releases doc with updated support timeline
* tests: add test for adaptor ([#5452](https://github.com/containerd/containerd/pull/5452))
* tests: add test for adaptor
* Makefile: allow overriding go command by environment ([#5450](https://github.com/containerd/containerd/pull/5450))
* Makefile: allow overriding go command by environment
* update to new cri-tools make install ([#5462](https://github.com/containerd/containerd/pull/5462))
* update to new cri-tools make install
* Update Go to 1.16.4 ([#5461](https://github.com/containerd/containerd/pull/5461))
* Update Go to 1.16.4
* Merge remote-tracking branch 'upstream/release/1.5'
* [release/1.5] go.mod: cut circular dependency on github.com/containerd/containerd ([#5457](https://github.com/containerd/containerd/pull/5457))
* go.mod: cut circular dependency on github.com/containerd/containerd
* integration/client: go mod tidy
* oci: fix WithDevShmSize ([#5063](https://github.com/containerd/containerd/pull/5063))
* oci: fix WithDevShmSize
* [release/1.5] cherry-pick: windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink ([#5454](https://github.com/containerd/containerd/pull/5454))
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink ([#5411](https://github.com/containerd/containerd/pull/5411))
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
* doc: add missing namespaces package ([#5448](https://github.com/containerd/containerd/pull/5448))
* doc: add missing namespaces package
* update seccomp version ([#5445](https://github.com/containerd/containerd/pull/5445))
* update seccomp version
* Update golang.org/x/sys to add linux/ppc support ([#5436](https://github.com/containerd/containerd/pull/5436))
* Update golang.org/x/sys to add linux/ppc support
* go.mod: cut circular dependency on github.com/containerd/containerd ([#5441](https://github.com/containerd/containerd/pull/5441))
* go.mod: cut circular dependency on github.com/containerd/containerd
* integration/client: go mod tidy
* Fix different registry hosts referencing the same auth config. ([#5446](https://github.com/containerd/containerd/pull/5446))
* Fix different registry hosts referencing the same auth config.
</p>
</details>
### Changes from containerd/cgroups
<details><summary>33 commits</summary>
<p>
* v2: Fix inotify fd leak when cgroup is deleted ([#212](https://github.com/containerd/cgroups/pull/212))
* v2: add test case for Manager.EventChan() behavior
* v2: flip error handling for readKVStat("memory.events") to reduce indentation
* v2: manager: factor out memory.events parsing
* v2: Fix inotify leak when cgroup is deleted
* fix Implicit memory aliasing in for loop ([#214](https://github.com/containerd/cgroups/pull/214))
* fix Implicit memory aliasing in for loop
* Fix potential dirfd leak. ([#210](https://github.com/containerd/cgroups/pull/210))
* Fix potential dirfd leak.
* cgroup: Optionally add process and task to a subsystems subset ([#203](https://github.com/containerd/cgroups/pull/203))
* cgroup: Optionally add process and task to a subsystems subset
* replace pkg/errors from vendor ([#208](https://github.com/containerd/cgroups/pull/208))
* replace pkg/errors from vendor
* cgroup.go: avoid panic on nil interface ([#207](https://github.com/containerd/cgroups/pull/207))
* cgroup.go: avoid panic on nil interface
* Improvements on cgroup v2 support ([#204](https://github.com/containerd/cgroups/pull/204))
* cgroupv2: reset lastErr to nil when subtree control is successfully written
* cgroupv2: enable controllers before setting resources in NewChild()
* v2: remove unimplemented errors and ErrorHandler, IgnoreNotExist ([#201](https://github.com/containerd/cgroups/pull/201))
* v2: remove ErrorHandler and IgnoreNotExist as they are not implemented
* v2: remove errors that are never returned
* v1: reduce duplicated code ([#202](https://github.com/containerd/cgroups/pull/202))
* v1: reduce duplicated code
* cgroup v1: implement AddProc() ([#200](https://github.com/containerd/cgroups/pull/200))
* cgroup v1: implement AddProc()
* Rename branch from master to main ([#199](https://github.com/containerd/cgroups/pull/199))
* Rename branch from master to main
* utils: export ParseCgroupFile() ([#197](https://github.com/containerd/cgroups/pull/197))
* utils: export ParseCgroupFile()
* go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations ([#194](https://github.com/containerd/cgroups/pull/194))
* go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations
* Use /proc/partitions to get device names ([#195](https://github.com/containerd/cgroups/pull/195))
* Use /proc/partitions to get device names
</p>
</details>
### Changes from containerd/console
<details><summary>6 commits</summary>
<p>
* Fix CI ([#55](https://github.com/containerd/console/pull/55))
* Fix CI
* Stop using pkg/errors
* Add support for z/OS ([#46](https://github.com/containerd/console/pull/46))
* Console test on z/OS
* Add support for z/OS
</p>
</details>
### Changes from containerd/continuity
<details><summary>28 commits</summary>
<p>
* fs: use syscall.Timespec.Unix ([#193](https://github.com/containerd/continuity/pull/193))
* fs: use syscall.Timespec.Unix
* Update CI Go version to 1.17 ([#192](https://github.com/containerd/continuity/pull/192))
* Update CI Go version to 1.17
* Build containerd/continuity on multiple Unix OSes ([#190](https://github.com/containerd/continuity/pull/190))
* Build containerd/continuity on multiple Unix OSes
* Do not log errors before returning them ([#191](https://github.com/containerd/continuity/pull/191))
* Do not log errors before returning them
* Copy Windows file metadata ([#188](https://github.com/containerd/continuity/pull/188))
* Copy Windows file metadata
* fix fmt.Errorf("%w", err) on err == nil ([#187](https://github.com/containerd/continuity/pull/187))
* fix fmt.Errorf("%w", err) on err == nil
* Remove direct dependency on github.com/pkg/errors ([#185](https://github.com/containerd/continuity/pull/185))
* run gofmt with Go 1.17
* remove direct dependency on github.com/pkg/errors
* Fix darwin issues ([#186](https://github.com/containerd/continuity/pull/186))
* update AUTHORS
* darwin: use utimensat syscall instead of utimes
* fix darwin usage of du command
* go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125 ([#161](https://github.com/containerd/continuity/pull/161))
* go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125
* fs/stat: add FreeBSD, and cleanup some nolint-comments ([#184](https://github.com/containerd/continuity/pull/184))
* reformat nolint comments
* fs/stat: add FreeBSD
* Rename branch from master to main ([#182](https://github.com/containerd/continuity/pull/182))
* Rename branch from master to main
* testutil/loopback: print more debug info ([#180](https://github.com/containerd/continuity/pull/180))
* testutil/loopback: print more debug info
</p>
</details>
### Changes from containerd/go-cni
<details><summary>18 commits</summary>
<p>
* run setup on networks in parallel ([#76](https://github.com/containerd/go-cni/pull/76))
* switch to direct index
* run setup on networks in parallel
* remove: Continue on "not found" errors ([#74](https://github.com/containerd/go-cni/pull/74))
* remove: Continue on "not found" errors
* go.mod: github.com/containernetworking/cni v1.0.1 ([#72](https://github.com/containerd/go-cni/pull/72))
* go.mod: github.com/containernetworking/cni v1.0.1
* remove direct dependency on github.com/pkg/errors ([#71](https://github.com/containerd/go-cni/pull/71))
* remove direct dependency on github.com/pkg/errors
* update CNI to v1.0.0 ([#70](https://github.com/containerd/go-cni/pull/70))
* test: add TestLibCNIType100
* update CNI to v1.0.0
* Rename branch from master to main ([#69](https://github.com/containerd/go-cni/pull/69))
* Rename branch from master to main
* result: change Raw from a struct field to a method ([#68](https://github.com/containerd/go-cni/pull/68))
* result: change Raw from a struct field to a method
* result: expose raw result ([#67](https://github.com/containerd/go-cni/pull/67))
* result: expose raw result
</p>
</details>
### Changes from containerd/imgcrypt
<details><summary>32 commits</summary>
<p>
* CHANGES: Updated CHANGES document for 1.1.3 release ([#64](https://github.com/containerd/imgcrypt/pull/64))
* CHANGES: Updated CHANGES document for 1.1.3 release
* docs: update project branch to main ([#63](https://github.com/containerd/imgcrypt/pull/63))
* docs: update project branch to main
* Update linter to match containerd repo ([#61](https://github.com/containerd/imgcrypt/pull/61))
* Update linter to match containerd repo
* update CI golang version
* Bump github.com/containerd/containerd from 1.5.7 to 1.5.8 ([#59](https://github.com/containerd/imgcrypt/pull/59))
* Bump github.com/containerd/containerd from 1.5.7 to 1.5.8
* maint: Update to ocicrypt v1.1.2 ([#57](https://github.com/containerd/imgcrypt/pull/57))
* maint: Update to ocicrypt v1.1.2
* Decouple CreateCryptoConfig() from github.com/urfave/cli ([#56](https://github.com/containerd/imgcrypt/pull/56))
* Decouple CreateCryptoConfig() from github.com/urfave/cli
* Bump github.com/containerd/containerd from 1.5.5 to 1.5.7 ([#55](https://github.com/containerd/imgcrypt/pull/55))
* Bump github.com/containerd/containerd from 1.5.5 to 1.5.7
* replace pkg/errors and bump related library
* README: Fix CRI decryption document URL ([#53](https://github.com/containerd/imgcrypt/pull/53))
* README: Fix CRI decryption document URL
* Bump github.com/containerd/containerd from 1.5.2 to 1.5.4 ([#52](https://github.com/containerd/imgcrypt/pull/52))
* Bump github.com/containerd/containerd from 1.5.2 to 1.5.4
* Bump containerd to 1.5.2 ([#51](https://github.com/containerd/imgcrypt/pull/51))
* Bump containerd to 1.5.2
* images: Implement ConvertFunc for image en- and decryption ([#49](https://github.com/containerd/imgcrypt/pull/49))
* images: Implement ConvertFunc for image en- and decryption
* Add containerd-release to makefile ([#48](https://github.com/containerd/imgcrypt/pull/48))
* Remove ctr-enc from installation
* vendor sync up with containerd 1.5 ga, and runc94 ([#47](https://github.com/containerd/imgcrypt/pull/47))
* sync up with containerd 1.5 ga, and runc94
* Sync ctr-enc with containerd's ctr v1.5.0-rc.3 ([#46](https://github.com/containerd/imgcrypt/pull/46))
* CICD: Run 'apt update' before pulling packages
* ctr-enc: Set the version for ctr-enc when linking
* Sync ctr-enc with containerd's ctr v1.5.0-rc.3
</p>
</details>
### Changes from containerd/ttrpc
<details><summary>34 commits</summary>
<p>
* Add protoc-gen-go-ttrpc ([#96](https://github.com/containerd/ttrpc/pull/96))
* Add protoc-gen-go-ttrpc
* client: Handle sending/receiving in separate goroutines ([#94](https://github.com/containerd/ttrpc/pull/94))
* client: Handle sending/receiving in separate goroutines
* Run Protobuild in GitHub Actions ([#95](https://github.com/containerd/ttrpc/pull/95))
* Run Protobuild in GitHub Actions
* Re-generate example.pb.go
* replace pkg/errors ([#93](https://github.com/containerd/ttrpc/pull/93))
* replace pkg/errors from vendor
* Rename branch from master to main ([#86](https://github.com/containerd/ttrpc/pull/86))
* Rename branch from master to main
* Make "go test" and "go build" work on macOS ([#85](https://github.com/containerd/ttrpc/pull/85))
* Make the example command buildable on macOS
* Run GitHub Actions on macOS
* Make "go test" work on macOS
* Return Unimplemented when services or methods are not implemented ([#83](https://github.com/containerd/ttrpc/pull/83))
* Return Unimplemented when services or methods are not implemented
* Remove "Very new" and checked TODO items ([#84](https://github.com/containerd/ttrpc/pull/84))
* Remove "Very new" and checked TODO items
* removing glide from ignore ([#82](https://github.com/containerd/ttrpc/pull/82))
* removing glide from ignore
* go.mod: update dependencies ([#79](https://github.com/containerd/ttrpc/pull/79))
* go.mod: github.com/prometheus/procfs v0.6.0
* go.mod: google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
* go.mod: google.golang.org/grpc v1.27.1
* go.mod: github.com/gogo/protobuf v1.3.2
* remove travis, add codecov badge ([#78](https://github.com/containerd/ttrpc/pull/78))
* CI: add codecov badge to readme
* CI: remove travis
* Use GitHub Actions for CI ([#77](https://github.com/containerd/ttrpc/pull/77))
* Use GitHub Actions for CI
* go.mod: sirupsen/logrus v1.7.0 ([#76](https://github.com/containerd/ttrpc/pull/76))
* go.mod: sirupsen/logrus v1.7.0
* go mod tidy
</p>
</details>
### Dependency Changes
* **cloud.google.com/go** v0.81.0 **_new_**
* **github.com/AdaLogics/go-fuzz-headers** 6c3934b029d8 **_new_**
* **github.com/Microsoft/go-winio** v0.4.17 -> v0.5.1
* **github.com/Microsoft/hcsshim** v0.8.16 -> v0.9.2
* **github.com/blang/semver** v3.5.1 **_new_**
* **github.com/cenkalti/backoff/v4** v4.1.2 **_new_**
* **github.com/cespare/xxhash/v2** v2.1.1 -> v2.1.2
* **github.com/cilium/ebpf** v0.4.0 -> v0.7.0
* **github.com/containerd/cgroups** v1.0.1 -> v1.0.3
* **github.com/containerd/console** v1.0.2 -> v1.0.3
* **github.com/containerd/continuity** v0.1.0 -> v0.2.2
* **github.com/containerd/go-cni** v1.0.2 -> v1.1.1
* **github.com/containerd/imgcrypt** v1.1.1 -> v1.1.3
* **github.com/containerd/ttrpc** v1.0.2 -> v1.1.0
* **github.com/containernetworking/cni** v0.8.1 -> v1.0.1
* **github.com/containernetworking/plugins** v0.9.1 -> v1.0.1
* **github.com/containers/ocicrypt** v1.1.1 -> v1.1.2
* **github.com/coreos/go-systemd/v22** v22.1.0 -> v22.3.2
* **github.com/go-logr/logr** v0.2.0 -> v1.2.2
* **github.com/go-logr/stdr** v1.2.2 **_new_**
* **github.com/godbus/dbus/v5** v5.0.3 -> v5.0.6
* **github.com/golang/groupcache** 8c9f03a8e57e -> 41bb18bfe9da
* **github.com/golang/protobuf** v1.3.5 -> v1.5.2
* **github.com/google/go-cmp** v0.5.4 -> v0.5.6
* **github.com/google/gofuzz** v1.1.0 -> v1.2.0
* **github.com/grpc-ecosystem/go-grpc-middleware** v1.3.0 **_new_**
* **github.com/grpc-ecosystem/grpc-gateway** v1.16.0 **_new_**
* **github.com/hashicorp/errwrap** v1.0.0 -> v1.1.0
* **github.com/hashicorp/go-multierror** v1.0.0 -> v1.1.1
* **github.com/imdario/mergo** v0.3.11 -> v0.3.12
* **github.com/intel/goresctrl** v0.2.0 **_new_**
* **github.com/json-iterator/go** v1.1.10 -> v1.1.12
* **github.com/moby/spdystream** v0.2.0 **_new_**
* **github.com/moby/sys/mountinfo** v0.4.1 -> v0.5.0
* **github.com/moby/sys/signal** v0.6.0 **_new_**
* **github.com/moby/sys/symlink** v0.1.0 -> v0.2.0
* **github.com/modern-go/reflect2** v1.0.1 -> v1.0.2
* **github.com/opencontainers/image-spec** v1.0.1 -> 693428a734f5
* **github.com/opencontainers/runc** v1.0.0-rc93 -> v1.1.0
* **github.com/opencontainers/runtime-spec** e6143ca7d51d -> 1c3f411f0417
* **github.com/opencontainers/selinux** v1.8.0 -> v1.10.0
* **github.com/pelletier/go-toml** v1.8.1 -> v1.9.3
* **github.com/prometheus/client_golang** v1.7.1 -> v1.11.0
* **github.com/prometheus/common** v0.10.0 -> v0.30.0
* **github.com/prometheus/procfs** v0.6.0 -> v0.7.3
* **github.com/satori/go.uuid** v1.2.0 **_new_**
* **github.com/sirupsen/logrus** v1.7.0 -> v1.8.1
* **github.com/spf13/pflag** v1.0.5 **_new_**
* **github.com/stretchr/testify** v1.6.1 -> v1.7.0
* **github.com/vishvananda/netlink** f5de75959ad5 **_new_**
* **github.com/vishvananda/netns** 2eb08e3e575f **_new_**
* **go.etcd.io/bbolt** v1.3.5 -> v1.3.6
* **go.opencensus.io** v0.22.3 -> v0.23.0
* **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.28.0 **_new_**
* **go.opentelemetry.io/otel** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/internal/retry** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/sdk** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/trace** v1.3.0 **_new_**
* **go.opentelemetry.io/proto/otlp** v0.11.0 **_new_**
* **golang.org/x/crypto** 0c34fe9e7dc2 -> 32db794688a5
* **golang.org/x/net** e18ecbb05110 -> fe4d6282115f
* **golang.org/x/oauth2** bf48bf16ab8d -> 2bc19b11175f
* **golang.org/x/sync** 09787c993a3a -> 036812b2e83c
* **golang.org/x/sys** 47abb6519492 -> 1d35b9e2eb4e
* **golang.org/x/term** 7de9c90e9dd1 -> 6886f2dfbf5b
* **golang.org/x/text** v0.3.4 -> v0.3.7
* **golang.org/x/time** 3af7569d3a1e -> 1f47c861a9ac
* **google.golang.org/appengine** v1.6.5 -> v1.6.7
* **google.golang.org/grpc** v1.27.1 -> v1.43.0
* **google.golang.org/protobuf** v1.27.1 **_new_**
* **gopkg.in/yaml.v3** 9f266ea9e77c -> 496545a6307b
* **k8s.io/api** v0.20.6 -> v0.22.5
* **k8s.io/apimachinery** v0.20.6 -> v0.22.5
* **k8s.io/apiserver** v0.20.6 -> v0.22.5
* **k8s.io/client-go** v0.20.6 -> v0.22.5
* **k8s.io/component-base** v0.20.6 -> v0.22.5
* **k8s.io/cri-api** v0.20.6 -> v0.23.1
* **k8s.io/klog/v2** v2.4.0 -> v2.30.0
* **k8s.io/utils** 67b214c5f920 -> cb0fa318a74b
* **sigs.k8s.io/structured-merge-diff/v4** v4.0.3 -> v4.1.2
Previous release can be found at [v1.5.0](https://github.com/containerd/containerd/releases/tag/v1.5.0)
containerd 1.6.0-rc.1
Welcome to the v1.6.0-rc.1 release of containerd!
The seventh major release of containerd includes many improvements and added
support to increase overall compatibility and stability.
### Highlights
#### Runtime
* **Add runtime label to metrics** ([#5744](https://github.com/containerd/containerd/pull/5744))
* **Cleanup task delete logic in v2 shim** ([#5813](https://github.com/containerd/containerd/pull/5813))
* **Add support for shim plugins** ([#5817](https://github.com/containerd/containerd/pull/5817))
* **Decouple shim and task manager** ([#5918](https://github.com/containerd/containerd/pull/5918))
* **Add runc shim support for core scheduling** ([#6011](https://github.com/containerd/containerd/pull/6011))
* **Update shim client connect attempt to fail fast when shim errors** ([#6031](https://github.com/containerd/containerd/pull/6031))
* **Add support for absolute path to shim binaries** ([#6206](https://github.com/containerd/containerd/pull/6206))
* **Update runc to v1.1.0** ([#6375](https://github.com/containerd/containerd/pull/6375))
#### Windows
* **Add support for Windows HostProcess containers** ([#5131](https://github.com/containerd/containerd/pull/5131))
* **Add support for Windows resource limits** ([#5778](https://github.com/containerd/containerd/pull/5778))
#### CRI
* **Add CNI configuration based on runtime class** ([#4695](https://github.com/containerd/containerd/pull/4695))
* **Add support for Intel RDT** ([#5439](https://github.com/containerd/containerd/pull/5439))
* **Add support for CRI v1 and v1alpha in parallel** ([#5619](https://github.com/containerd/containerd/pull/5619))
* **Add support for unified resources field for cgroups v2** ([#5627](https://github.com/containerd/containerd/pull/5627))
* **Add IP preference configuration for reporting pod IP** ([#5964](https://github.com/containerd/containerd/pull/5964))
* **Implement new CRI pod sandbox stats API** ([#6113](https://github.com/containerd/containerd/pull/6113))
* **Add sandbox and container latency metrics** ([#6111](https://github.com/containerd/containerd/pull/6111))
* **Add namespace to ttrpc and grpc plugin connections** ([#6130](https://github.com/containerd/containerd/pull/6130))
* **Add option to allow ping sockets and privileged ports with no capabilities** ([#6170](https://github.com/containerd/containerd/pull/6170))
* **Add support for configuring swap** ([#6320](https://github.com/containerd/containerd/pull/6320))
#### Other
* **Add support for client TLS Auth for grpc** ([#5606](https://github.com/containerd/containerd/pull/5606))
* **Add xfs support for devicemapper snapshotter** ([#5610](https://github.com/containerd/containerd/pull/5610))
* **Add metric exposing build version and revision** ([#5965](https://github.com/containerd/containerd/pull/5965))
* **Add support for custom fs options in devmapper snapshotter** ([#6122](https://github.com/containerd/containerd/pull/6122))
* **Update introspection service to show GRPC plugins** ([#6432](https://github.com/containerd/containerd/pull/6432))
#### Client
* **Allow WithServices to use custom implementations** ([#5709](https://github.com/containerd/containerd/pull/5709))
* **Support custom compressor for walking differ** ([#5735](https://github.com/containerd/containerd/pull/5735))
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
### Contributors
* Derek McGowan
* Phil Estes
* Akihiro Suda
* Wei Fu
* Maksym Pavlenko
* Sebastiaan van Stijn
* Kazuyoshi Kato
* Mike Brown
* Michael Crosby
* Claudiu Belu
* Daniel Canter
* haoyun
* Stefan Berger
* Gabriel Adrian Samfira
* Brian Goff
* zounengren
* AdamKorcz
* Adelina Tuvenie
* Kohei Tokunaga
* Davanum Srinivas
* Nashwan Azhari
* Samuel Karp
* Shiming Zhang
* Enrico Weigelt, metux IT consult
* Markus Lehtonen
* Alakesh Haloi
* Hajime Tazaki
* Iceber Gu
* Kevin Parsons
* Aditi Sharma
* David Porter
* Gijs Peskens
* Brandon Lum
* Cody Roseborough
* Danielle Lancashire
* Jacob MacElroy
* dependabot[bot]
* ningmingxiao
* wanglei
* Alexandre Peixoto Ferreira
* Fabiano Fidêncio
* Furkan Türkal
* Jiaming Xu
* Kir Kolyshkin
* Miao Wang
* Neil Johnson
* Paul "TBBle" Hampson
* Priyanka Saggu
* Romain Aviolat
* Samuel Ortiz
* Sunghoon Kang
* Takumasa Sakao
* Tobias Klauser
* Tõnis Tiigi
* Zhiyu Li
* Alexander Minbaev
* Alexey Ivanov
* Artem Khramov
* Aurelien Lun-Sin
* Ben Hutchings
* Cory Bennett
* Da McGrady
* Dan Williams
* Eng Zer Jun
* Eric Ernst
* Ethan Chen
* Fupan Li
* Gaurav Gahlot
* Gunju Kim
* Jacob Blain Christen
* James Sturtevant
* Jan Klippel
* Jayme Howard
* Jiajun Jiang
* Jintao Zhang
* Justin Terry
* Kaijie Chen
* Kante
* Kern Walster
* Kitt Hsu
* Lantao Liu
* Ma Xinjian
* Manabu Sugimoto
* Manuel Alejandro de Brito Fontes
* Mark Rossetti
* Markus Lippert
* Mikko Ylinen
* Ng Yang
* Nicolas Chariglione
* Ning Li
* Olli Janatuinen
* Peri Thompson
* Quan Tian
* Radostin Stoyanov
* Rui Lopes
* Sambhav Kothari
* Sebastian Hasler
* Sergey Kanzhelev
* Yang Yang
* Yifan Yuan
* Zilong Wang
* Zufar Dhiyaulhaq
* botieking98
* chenxiaoyu
* jayonlau
* jerryzhuang
* linrunlong
* scuzhanglei
* wangzhan
* Étienne Guesnet
### Changes
<details><summary>984 commits</summary>
<p>
* Prepare release notes for v1.6.0-rc.1 ([#6462](https://github.com/containerd/containerd/pull/6462))
* Prepare release notes for v1.6.0-rc.1
* Add support for skipping non-dist blob push ([#6424](https://github.com/containerd/containerd/pull/6424))
* ctr: flag to toggle non-distributable blob push
* Add image handler to skip non-distributable blobs.
* Compile binaries for go1.16 and go1.17 in CI ([#6461](https://github.com/containerd/containerd/pull/6461))
* Compile binaries for go1.16 and go1.17 in CI
* services/introspection: fix plugin caching to show grpc plugins ([#6432](https://github.com/containerd/containerd/pull/6432))
* Update caching logic to avoid map access
* services/introspection: support to show introspection grpc service
* Integration: Change to Windows Server 2022 build number constant ([#6458](https://github.com/containerd/containerd/pull/6458))
* Integration: Change to Windows Server 2022 build number constant
* Update kubernetes vendor to 0.22.5 ([#6460](https://github.com/containerd/containerd/pull/6460))
* Update kubernetes vendor to 0.22.5
* Fix rdt build tags for go 1.16 ([#6459](https://github.com/containerd/containerd/pull/6459))
* Fix rdt build tags for go 1.16
* Remove submodule go mod ([#6439](https://github.com/containerd/containerd/pull/6439))
* Remove api go submodule
* Update makefile to remove API submodule
* go.mod: Update hcsshim to v0.9.2 ([#6453](https://github.com/containerd/containerd/pull/6453))
* go.mod: Update hcsshim to v0.9.2
* update runc to v1.1.0 ([#6375](https://github.com/containerd/containerd/pull/6375))
* go.mod: github.com/opencontainers/runc v1.1.0
* update runc binary to v1.1.0
* tracing: fix OTLP tracer's initialization ([#6443](https://github.com/containerd/containerd/pull/6443))
* tracing: fix OTLP tracer's initialization
* gha: run CodeQL scan on pull requests ([#6386](https://github.com/containerd/containerd/pull/6386))
* gha: run CodeQL scan on pull requests
* Do not automatically inject client traces ([#6445](https://github.com/containerd/containerd/pull/6445))
* Do not automatically inject client traces
* [containerd-stress] delete useless code ([#6451](https://github.com/containerd/containerd/pull/6451))
* delete useless code
* Revert "Add shared content label to namespaces" ([#6440](https://github.com/containerd/containerd/pull/6440))
* Revert "Add shared content label to namespaces"
* Add ppc64 support for test images ([#6435](https://github.com/containerd/containerd/pull/6435))
* Add ppc64 support for test images
* ctr: Unify the delete subcommand alias ([#6427](https://github.com/containerd/containerd/pull/6427))
* ctr: Unify the delete subcommand alias
* Prepare release notes for v1.6.0-rc.0 ([#6431](https://github.com/containerd/containerd/pull/6431))
* Prepare release notes for v1.6.0-rc.0
* Integration: Switch to using `auth` Gcloud action in Windows workflow. ([#6397](https://github.com/containerd/containerd/pull/6397))
* Integration: Switch to `upload-cloud-storage` Gcloud action.
* Integration: Switch to using `auth` Gcloud action in Windows workflow.
* remove io/ioutil ([#6426](https://github.com/containerd/containerd/pull/6426))
* remove io/ioutil
* test: e2e node COS cgroupv2 script ([#6418](https://github.com/containerd/containerd/pull/6418))
* test: e2e node COS cgroupv2 script
* Integration: Enable CRITest on Windows 2022. ([#6378](https://github.com/containerd/containerd/pull/6378))
* Enable critest tests on Windows Server 2022.
* Parametrize CRITest test images in Windows Periodic workflow.
* Update error message for apparmor parser ([#6415](https://github.com/containerd/containerd/pull/6415))
* Update error message for apparmor parser
* Fix wrong log message ([#6419](https://github.com/containerd/containerd/pull/6419))
* Fix wrong log message
* Followup errors change ([#6414](https://github.com/containerd/containerd/pull/6414))
* Fix incorrect error wrapped when closing ingest file
* Fix seek error used without nil check
* Fix followup items from errors replacement
* Updates CRI API & Kubernetes to 1.23 ([#6351](https://github.com/containerd/containerd/pull/6351))
* Update k/k to 1.23.0
* Updating adoption of containerd for AKS ([#6416](https://github.com/containerd/containerd/pull/6416))
* Updating adoption of containerd for AKS
* update the adoption status of containerd in GKE ([#6413](https://github.com/containerd/containerd/pull/6413))
* update the adoption status of containerd in GKE
* go.mod: update github.com/containerd/{continuity,go-cni,imgcrypt} ([#6410](https://github.com/containerd/containerd/pull/6410))
* go.mod: update github.com/containerd/{continuity,go-cni,imgcrypt}
* replace github.com/pkg/errors with native errors ([#6366](https://github.com/containerd/containerd/pull/6366))
* feat: replace github.com/pkg/errors to errors
* corrected link in cri architecture documentation ([#6412](https://github.com/containerd/containerd/pull/6412))
* corrected link in cri architecture documentation
* remotes/docker: allow fetching "refresh token" (aka "identity token", "offline token") ([#6396](https://github.com/containerd/containerd/pull/6396))
* remotes/docker: allow fetching "refresh token" (aka "identity token")
* remotes/docker/config: allow setting custom AuthorizerOpts
* Prepare release notes for v1.6.0-beta.5 ([#6407](https://github.com/containerd/containerd/pull/6407))
* Prepare release notes for v1.6.0-beta.5
* Integration: Check GCP secrets on Windows CI artifact upload. ([#6292](https://github.com/containerd/containerd/pull/6292))
* Integration: Check GCP secrets on Windows CI artifact upload.
* Github Security Advisory [GHSA-mvff-h3cj-wj9c](https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c)
* only relabel cri managed host mounts
* Add support for Intel RDT ([#5439](https://github.com/containerd/containerd/pull/5439))
* cri: add ignore_rdt_not_enabled_errors config option
* Update dependencies
* cri: annotations for controlling RDT class
* tasks: add Linux rdt support
* cmd: add --rdt-class command line option
* oci: implement WithRdt
* fix: use _ for consistency ([#6391](https://github.com/containerd/containerd/pull/6391))
* fix: use _ for consistency
* content/local: use syscall.Timespec.Unix ([#6403](https://github.com/containerd/containerd/pull/6403))
* content/local: use syscall.Timespec.Unix
* docs: improve plugin documentation ([#6207](https://github.com/containerd/containerd/pull/6207))
* docs: document the runtime shim plugin config options
* docs: use proper markdown lists in containerd-config.toml.5.md
* fix(ctr): enable networking for Windows containers ([#6304](https://github.com/containerd/containerd/pull/6304))
* fix(ctr): enable networking for Windows containers
* Fix $(PWD) issue for Windows makefile ([#6394](https://github.com/containerd/containerd/pull/6394))
* Fix $(PWD) issue for Windows makefile
* only test abstract uds on linux ([#6395](https://github.com/containerd/containerd/pull/6395))
* fix: only test abstract unix socket on linux
* Fix restart container test ([#6390](https://github.com/containerd/containerd/pull/6390))
* Expect ErrorNotFound on Windows after Kill()
* Replace tskill with taskkill
* fix when kernel version < 4.13rc1 by using index=off cause test error ([#6291](https://github.com/containerd/containerd/pull/6291))
* fix when kernel version < 4.13rc1 by using index=off cause overlay test error
* Fix no-daemon flag for integration/client tests ([#6384](https://github.com/containerd/containerd/pull/6384))
* Fix no-daemon flag for integration/client tests
* Enable lazy init for ext4 with devicemapper ([#6122](https://github.com/containerd/containerd/pull/6122))
* Enable lazy init for ext4 with devicemapper
* Fix flakiness on Windows for list stats ([#6385](https://github.com/containerd/containerd/pull/6385))
* Fix flakiness on Windows for list stats
* cri-integration: Add Windows defaults and fix spaces issue ([#6347](https://github.com/containerd/containerd/pull/6347))
* cri-integration: Add Windows default paths
* Upgrade OpenTelemetry dependencies ([#6383](https://github.com/containerd/containerd/pull/6383))
* Upgrade k8s.io/klog/v2 from 2.9.0 to 2.20.0
* Use insecure.NewCredentials instead of grpc.WithInsecure
* Upgrade OpenTelemetry dependencies
* Fix default makefile target for windows ([#6322](https://github.com/containerd/containerd/pull/6322))
* Fix default makefile target for windows
* Disable TestContainerHook on Windows ([#6379](https://github.com/containerd/containerd/pull/6379))
* Disable TestContainerHook on Windows
* seutil: Fix setting the "container_kvm_t" label ([#6372](https://github.com/containerd/containerd/pull/6372))
* seutil: Fix setting the "container_kvm_t" label
* Remove Windows integration testing for 2004. ([#6350](https://github.com/containerd/containerd/pull/6350))
* Remove Windows integration testing for 2004.
* OCI: Mount (accessible) host devices in privileged rootless containers ([#6308](https://github.com/containerd/containerd/pull/6308))
* OCI: Mount (accessible) host devices in privileged rootless containers
* oci.getDevices(): move "non-dir, non '/dev/console'" case into switch
* cri: add support for configuring swap ([#6320](https://github.com/containerd/containerd/pull/6320))
* fixup: check for swap accounting
* fixup: handle diff between cgroupsv1 and v2
* cri: add support for configuring swap
* Integration: Enable TestVolumeOwnership on Windows ([#6275](https://github.com/containerd/containerd/pull/6275))
* Replace find with native Go code
* Enable TestVolumeOwnership on Windows
* Prepare release notes for v1.6.0-beta.4 ([#6296](https://github.com/containerd/containerd/pull/6296))
* Prepare release notes for v1.6.0-beta.4
* refactor: functions for error log and error return ([#6358](https://github.com/containerd/containerd/pull/6358))
* feat: Errorf usage
* Split apart runc shim into plugin components ([#6021](https://github.com/containerd/containerd/pull/6021))
* Use task plugin for runc shim
* Seperate shim manager and task service
* Split runc shim into plugin components
* Add shutdown package
* CRI update for sandbox sizing ([#6155](https://github.com/containerd/containerd/pull/6155))
* cri, sandbox: pass sandbox resource details if available, applicable
* medatada: make namespaces' deletion error less cryptic ([#6354](https://github.com/containerd/containerd/pull/6354))
* medatada: make namespaces' deletion error less cryptic
* ListContainerStats to return stats response if ContainerStatsFilter is nil ([#6373](https://github.com/containerd/containerd/pull/6373))
* add-list-stat: return container list if filter is nil
* integration: deflake TestContainerdRestart ([#6369](https://github.com/containerd/containerd/pull/6369))
* integration: deflake TestContainerdRestart
* feat: add timeout for bolt open ([#6225](https://github.com/containerd/containerd/pull/6225))
* feat: support custom timeout for blot open
* Update Go to 1.17.5 ([#6333](https://github.com/containerd/containerd/pull/6333))
* Update Go to 1.17.5
* cri/server: use consistent alias for pkg/ioutil ([#6332](https://github.com/containerd/containerd/pull/6332))
* cri/server: use consistent alias for pkg/ioutil
* Disable restart monitor test in Windows ([#6364](https://github.com/containerd/containerd/pull/6364))
* Disable restart monitor test in Windows
* Don't fail-fast on Windows integration tests ([#6338](https://github.com/containerd/containerd/pull/6338))
* Don't fail-fast on Windows integration tests
* Update restart monitor test to output daemon logs on failure ([#6355](https://github.com/containerd/containerd/pull/6355))
* Run windows parallel integration test as short
* Update restart monitor test to output daemon logs on failure
* go.mod: update image-spec to latest (v1.0.3-dev) ([#6263](https://github.com/containerd/containerd/pull/6263))
* images/converter: remove deprecated types
* go.mod: update image-spec to latest (v1.0.3-dev)
* Skip WithAdditionalGIDs on Darwin ([#6353](https://github.com/containerd/containerd/pull/6353))
* Skip WithAdditionalGIDs on Darwin
* Use RFC3339 format on Windows periodic resource group creation so cleanup works ([#6303](https://github.com/containerd/containerd/pull/6303))
* Use RFC3339 format so rg cleanup works
* update runc to v1.0.3 ([#6330](https://github.com/containerd/containerd/pull/6330))
* go.mod: github.com/opencontainers/runc v1.0.3
* update runc binary to v1.0.3
* Unblock native snapshotter on Darwin ([#6329](https://github.com/containerd/containerd/pull/6329))
* Allow native snapshotter on Darwin
* Do not use `go get` to install executables ([#6328](https://github.com/containerd/containerd/pull/6328))
* Do not use `go get` to install executables
* Include runtime v2 in default builtins ([#6326](https://github.com/containerd/containerd/pull/6326))
* Include runtime v2 in default builtins
* Add Windows Server 2022 CI runs ([#6314](https://github.com/containerd/containerd/pull/6314))
* Add Windows Server 2022 CI runs
* Set explicit ACL on test files ([#6324](https://github.com/containerd/containerd/pull/6324))
* Use a single RUN command
* Set explicit ACL on test files
* integration: align tags of test images ([#6311](https://github.com/containerd/containerd/pull/6311))
* integration: align tags of test images
* Set CONTAINERD_ROOT in Windows cri-integration ([#6325](https://github.com/containerd/containerd/pull/6325))
* Set CONTAINERD_ROOT in Windows cri-integration
* export oci.DeviceFromPath() ([#6312](https://github.com/containerd/containerd/pull/6312))
* export oci.DeviceFromPath()
* Update volume test images ([#6321](https://github.com/containerd/containerd/pull/6321))
* Update continuity dependency
* Update volume test images
* Update TestRestartMonitor expected time check ([#6201](https://github.com/containerd/containerd/pull/6201))
* Add error logging on cleanup
* Update TestRestartMonitor expected time check
* Move test volume images from gcr to ghcr ([#6319](https://github.com/containerd/containerd/pull/6319))
* Move volume images from gcr to ghcr
* Revert shim service plugin migration ([#6301](https://github.com/containerd/containerd/pull/6301))
* Revert shim plugin migration
* Authenticate against ghcr.io ([#6317](https://github.com/containerd/containerd/pull/6317))
* Add permissions
* Authenticate against ghcr.io
* oci/deviceFromPath(): correctly check device types ([#6306](https://github.com/containerd/containerd/pull/6306))
* oci/deviceFromPath(): correctly check device types
* Skip TestExportAndImportMultiLayer on Windows ([#6315](https://github.com/containerd/containerd/pull/6315))
* Skip TestExportAndImportMultiLayer on Windows
* Integration: Add image build workflow ([#6290](https://github.com/containerd/containerd/pull/6290))
* Add image build workflow
* Integration: Separate Windows Periodic Tests workflow trigger. ([#6286](https://github.com/containerd/containerd/pull/6286))
* Integration: Separate Windows Periodic Tests workflow trigger.
* Build volume test images on Windows ([#6274](https://github.com/containerd/containerd/pull/6274))
* Build volume test images on Windows
* Add VMware TKG & TCE to Containerd adopters ([#6297](https://github.com/containerd/containerd/pull/6297))
* Add VMware TKG & TCE to Containerd adopters
* Vagrantfile: update to Fedora 35 ([#6293](https://github.com/containerd/containerd/pull/6293))
* Vagrantfile: update to Fedora 35
* Update README.md repo->org ([#6269](https://github.com/containerd/containerd/pull/6269))
* Update README.md repo->org
* Fix executable file not found when restoring shims ([#6278](https://github.com/containerd/containerd/pull/6278))
* Fix executable file not found when restoring shims
* ctr/snapshots/diff: show media-type in stderr ([#6271](https://github.com/containerd/containerd/pull/6271))
* ctr/snapshots/diff: don't show the media-type in output
* ctr: Add Linux Capabilities control flags ([#6289](https://github.com/containerd/containerd/pull/6289))
* ctr: Add Linux Capabilities control flags
* integration: add stats result in error message ([#6270](https://github.com/containerd/containerd/pull/6270))
* integration: add stats result in error message
* releases: mark 1.4 as Extended ([#6287](https://github.com/containerd/containerd/pull/6287))
* docs: mark 1.4 as Extended
* docs: fix RELEASES.md gRPC API anchor
* feat: skip ci for fork ([#6284](https://github.com/containerd/containerd/pull/6284))
* feat: skip ci for fork
* content/local: Close the file if Seek fails ([#6280](https://github.com/containerd/containerd/pull/6280))
* content/local: Close the file if Seek fails
* Integration: Remove explicit version passing to `azure/CLI`. ([#6268](https://github.com/containerd/containerd/pull/6268))
* Integration: Remove explicit version passing to `azure/CLI`.
* Fix wrong make target on documentation ([#6276](https://github.com/containerd/containerd/pull/6276))
* Fix wrong make target on documentation
* fix: server error return ([#6272](https://github.com/containerd/containerd/pull/6272))
* fix: server error return
* Prepare release notes for v1.6.0-beta.3 ([#6267](https://github.com/containerd/containerd/pull/6267))
* Prepare release notes for v1.6.0-beta.3
* Update API version in go.mod
* Update release name to use consistent format
* feat:support custom callopts on client side ([#6254](https://github.com/containerd/containerd/pull/6254))
* fix: make max recv/send msg size setting default
* feat:support custom callopts on client side
* [CRI] Fix panic when registry.mirrors use localhost ([#6258](https://github.com/containerd/containerd/pull/6258))
* [CRI] Fix panic when registry.mirrors use localhost
* Add support for TMP override on toml ([#6241](https://github.com/containerd/containerd/pull/6241))
* Add support for TMP override on toml
* CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options ([#6170](https://github.com/containerd/containerd/pull/6170))
* CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options
* Github Security Advisory [GHSA-5j5w-g665-5m35](https://github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35)
* schema1: reject ambiguous documents
* images: validate document type before unmarshal
* [cri] add sandbox and container latency metrics ([#6111](https://github.com/containerd/containerd/pull/6111))
* [cri] add sandbox and container latency metrics
* Integration: Generalize Windows CI setup scripts for any username. ([#6255](https://github.com/containerd/containerd/pull/6255))
* Generalize Windows CI setup script for any user.
* Standardize cmdlet capitalization in Windows CI scripts.
* feat: use rwmutex instead ([#6253](https://github.com/containerd/containerd/pull/6253))
* feat: use rwmutex instead
* Allow absolute path to shim binaries ([#6206](https://github.com/containerd/containerd/pull/6206))
* Fix package alias
* Support custom runtime path when launching tasks
* Add runtime path in CreateTaskRequest
* Close file if permission modification fails ([#6246](https://github.com/containerd/containerd/pull/6246))
* Close file if permission modification fails
* release: change tar name to match prior releases ([#6250](https://github.com/containerd/containerd/pull/6250))
* release: change tar name to match prior releases
* Fix wrong error returned for image index lookup ([#6237](https://github.com/containerd/containerd/pull/6237))
* Fix wrong error returned for image index lookup
* Fix containerd fails to pull OCI image with non-`http(s)://` urls ([#6221](https://github.com/containerd/containerd/pull/6221))
* Fix containerd fails to pull OCI image with non-`http(s)://` urls
* Prepare release notes for v1.6.0-beta.2 ([#6223](https://github.com/containerd/containerd/pull/6223))
* Prepare release notes for v1.6.0-beta.2
* Add arm64 to releases ([#6196](https://github.com/containerd/containerd/pull/6196))
* Rename release dockerfile to omit distro name
* release: improve dockerfile
* Add arm64 to releases
* use write lock when updating container stats ([#6236](https://github.com/containerd/containerd/pull/6236))
* use write lock when updating container stats
* go.mod: Bump hcsshim to v0.9.1 ([#6230](https://github.com/containerd/containerd/pull/6230))
* go.mod: Bump hcsshim to v0.9.1
* go.mod: Bump ttrpc to 1.1.0 ([#6228](https://github.com/containerd/containerd/pull/6228))
* go.mod: Bump ttrpc to 1.1.0
* go.mod: bump moby/sys/symlink v0.2.0, moby/sys/signal v0.6.0, moby/sys/mountinfo v0.5.0 ([#6213](https://github.com/containerd/containerd/pull/6213))
* go.mod: github.com/moby/sys/mountinfo v0.5.0
* go.mod: github.com/moby/sys/signal v0.6.0
* go.mod: github.com/moby/sys/symlink v0.2.0
* go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
* cleanup: add more description on comment ([#6222](https://github.com/containerd/containerd/pull/6222))
* cleanup: add more description on comment
* Update Go to 1.17.3 ([#6211](https://github.com/containerd/containerd/pull/6211))
* Update Go to 1.17.3
* CI: bump up crun: 1.0 -> 1.3 ([#6214](https://github.com/containerd/containerd/pull/6214))
* CI: bump up crun: 1.0 -> 1.3
* Pin az CLI version in windows-periodic workflow ([#6205](https://github.com/containerd/containerd/pull/6205))
* Pin az CLI version
* Decouple task manager ([#5918](https://github.com/containerd/containerd/pull/5918))
* Address PR comments
* Fix build after rebase
* Migrate task directory
* Expose shim process interface
* Fix after rebase
* Cleanup shim loading
* Move shim restore to a separate file
* Fix backward compatibility with old task shims
* Add plugin dependency between shim and shim services
* Rework task create and cleanup flow
* Add task manager
* Rename task manager to shim manager
* [cri] Implement k8s 1.23 CRI Pod Sandbox and Container Stats ([#6113](https://github.com/containerd/containerd/pull/6113))
* Implement CRI container and pods stats
* Vendor latest k8s.io/cri-api and netlink
* test: Add grace period for restart monitor test ([#6200](https://github.com/containerd/containerd/pull/6200))
* test: Add grace period for restart monitor test
* integration: Enables TestRuntimeHandler for Windows ([#6179](https://github.com/containerd/containerd/pull/6179))
* integration: Enables TestRuntimeHandler for Windows
* Add mkdir on Dockerfile ([#6171](https://github.com/containerd/containerd/pull/6171))
* Add mkdir on Dockerfile
* sys/reaper: avoid leaky goroutine when exec timeout ([#6189](https://github.com/containerd/containerd/pull/6189))
* sys/reaper: avoid leaky goroutine when exec timeout
* adds additional debug out to timebox cni setup ([#6184](https://github.com/containerd/containerd/pull/6184))
* adds additional debug out to timebox cni setup
* converter: Allow hooks during image conversion ([#6176](https://github.com/containerd/containerd/pull/6176))
* converter: Allow hooks during image conversion
* compression: support zstd with skippable frame ([#6177](https://github.com/containerd/containerd/pull/6177))
* compression: support zstd with skippable frame
* integration: Enables TestVolumeCopyUp for Windows ([#6182](https://github.com/containerd/containerd/pull/6182))
* integration: Enables TestVolumeCopyUp for Windows
* integration: Enable some tests for Windows (part 2) ([#6121](https://github.com/containerd/containerd/pull/6121))
* integration: Enable some tests for Windows (part 2)
* integration: Enable some tests for Windows ([#6085](https://github.com/containerd/containerd/pull/6085))
* integration: Enable some tests for Windows
* Update doc to version 2 syntax ([#6125](https://github.com/containerd/containerd/pull/6125))
* feat(doc): update to version 2 syntax
* fix shim reaper wait command execute blocked ([#6166](https://github.com/containerd/containerd/pull/6166))
* fix shim reaper wait command execute blocked
* content: close stream after commit request ([#6145](https://github.com/containerd/containerd/pull/6145))
* content: close stream after commit request
* Generating token options with each scope as a separate string. ([#6165](https://github.com/containerd/containerd/pull/6165))
* Adding scope tests for ParseAuthHeader
* Adding tests for GenerateTokenOptions
* Generate token options with each scope as a separate string.
* vendor: Updates go-cni ([#6167](https://github.com/containerd/containerd/pull/6167))
* vendor: Updates go-cni
* commands: Enables task metrics for Windows ([#6159](https://github.com/containerd/containerd/pull/6159))
* commands: Enables task metrics for Windows
* vendor: update moby/sys for darwin support ([#6149](https://github.com/containerd/containerd/pull/6149))
* vendor: update moby/sys for darwin support
* Prepare v1.6.0-beta.1 ([#6144](https://github.com/containerd/containerd/pull/6144))
* Prepare release notes for v1.6.0-beta.1
* Update mailmap
* Update api vendor
* bump cni to spec v1.0.0 ([#6136](https://github.com/containerd/containerd/pull/6136))
* bump CNI to spec v1.0.0
* Inject otel traces to grpc client. ([#5992](https://github.com/containerd/containerd/pull/5992))
* Inject otel traces to grpc client.
* client: expose (*image).platform ([#6142](https://github.com/containerd/containerd/pull/6142))
* client: expose (*image).platform
* Adding documentation for Core Scheduling ([#6128](https://github.com/containerd/containerd/pull/6128))
* feat(doc): add Core Scheduling documentation
* Ensure namespace is proxied to grpc/ttrpc plugins ([#6130](https://github.com/containerd/containerd/pull/6130))
* Ensure namespace is proxied to grpc/ttrpc plugins
* fix #6054 MaxConcurrentDownloads is not effect when Unpack is true ([#6109](https://github.com/containerd/containerd/pull/6109))
* fix #6054 MaxConcurrentDownloads is not effect when Unpack is true
* Output a warning for label image labels instead of erroring ([#6124](https://github.com/containerd/containerd/pull/6124))
* Output a warning for label image labels instead of erroring
* Fix spelling mistake in Windows snapshotter ([#6132](https://github.com/containerd/containerd/pull/6132))
* Fix spelling mistake in Windows snapshotter
* Windows: Cleanup rm- prefixed layers ([#6126](https://github.com/containerd/containerd/pull/6126))
* Windows: Cleanup rm- prefixed layers
* cleanup deprecated package `io/ioutil ` ([#6118](https://github.com/containerd/containerd/pull/6118))
* io/ioutil package has been deprecated in Go 1.16 that replaces io/ioutil functions
* close Writer after use which may memory leak ([#6115](https://github.com/containerd/containerd/pull/6115))
* close Writer after use which may leak mem
* Adds Windows resource limits support ([#5778](https://github.com/containerd/containerd/pull/5778))
* Adds Windows resource limits support
* Prepare release notes for v1.6.0-beta.0 ([#6098](https://github.com/containerd/containerd/pull/6098))
* Prepare release notes for v1.6.0-beta.0
* Add error message to in TestContainerdRestart integration test ([#6105](https://github.com/containerd/containerd/pull/6105))
* Add error message to in TestContainerdRestart integration test
* Fix typo in the NewContainer function documentation ([#6110](https://github.com/containerd/containerd/pull/6110))
* Fix typo in the NewContainer function documentation
* Update cgroups to v1.0.2 ([#6104](https://github.com/containerd/containerd/pull/6104))
* Update cgroups to v1.0.2
* btrfs: verify file content after mount ([#6100](https://github.com/containerd/containerd/pull/6100))
* test: check file content after mount
* Update test timeout based on recent cancellations ([#6107](https://github.com/containerd/containerd/pull/6107))
* Update test timeout based on recent cancellations
* Check the pid in cri test teardown ([#6106](https://github.com/containerd/containerd/pull/6106))
* Remove extra test_teardown
* Check the pid in cri test teardown
* add runc shim support for sched core ([#6011](https://github.com/containerd/containerd/pull/6011))
* fix integration client vendor
* add runc shim support for sched core
* integration: Enables Windows containerd restart test ([#5579](https://github.com/containerd/containerd/pull/5579))
* integration: Enables Windows containerd restart test
* vendor: Bump hcsshim to 0.9.0 ([#6099](https://github.com/containerd/containerd/pull/6099))
* vendor: Bump hcsshim to 0.9.0
* [cri] Add CNI conf based on runtime class ([#4695](https://github.com/containerd/containerd/pull/4695))
* Add CNI conf based on runtime class
* Update Go to 1.17.2 ([#6102](https://github.com/containerd/containerd/pull/6102))
* Update Go to 1.17.2
* integration: Adds test for multilayer image import ([#5933](https://github.com/containerd/containerd/pull/5933))
* integration: Adds test for multilayer image import
* runtime: should fail fast if dial error on shim ([#6031](https://github.com/containerd/containerd/pull/6031))
* runtime: should fail fast if dial error on shim
* Fixes Windows containers with image volumes ([#6034](https://github.com/containerd/containerd/pull/6034))
* Windows: Fixes Windows containers with image volumes
* run `gofmt` with GO 1.17 ([#6094](https://github.com/containerd/containerd/pull/6094))
* run `gofmt` with Go 1.17
* pkg/cap: remove an outdated comment ([#6088](https://github.com/containerd/containerd/pull/6088))
* pkg/cap: remove an outdated comment
* Update go otel 1.0.1 ([#6066](https://github.com/containerd/containerd/pull/6066))
* Update go otel 1.0.1
* Update ADOPTERS.md with additional uses ([#6086](https://github.com/containerd/containerd/pull/6086))
* Update ADOPTERS.md with additional uses
* modify the way for checking cos ([#6082](https://github.com/containerd/containerd/pull/6082))
* modify the way for checking cos
* Fuzzing: Add fuzzers + small modifications ([#5915](https://github.com/containerd/containerd/pull/5915))
* Fuzzing: Add 4 fuzzers + small modifications
* Fixes for Windows CI ([#6081](https://github.com/containerd/containerd/pull/6081))
* Pin mingw to version 10.2.0
* Update to golang 1.17.1
* Install nssm
* Github Security Advisory [GHSA-c2h3-6mxw-7mvq](https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq)
* btrfs: reduce permissions on plugin directories
* v1 runtime: reduce permissions for bundle dir
* v2 runtime: reduce permissions for bundle dir
* task service: return known error type ([#6079](https://github.com/containerd/containerd/pull/6079))
* task service: return known error type
* refactor: move from io/ioutil to io and os package ([#5973](https://github.com/containerd/containerd/pull/5973))
* refactor: move from io/ioutil to io and os package
* fix: import from k8s.io/utils/clock instead ([#6076](https://github.com/containerd/containerd/pull/6076))
* fix: update vendor
* cleanup: import from k8s.io/utils/clock/testing instead
* cleanup: import from k8s.io/utils/clock instead
* feat: enable integration cri remote client to call with grpc calloptions ([#6069](https://github.com/containerd/containerd/pull/6069))
* feat: enable cri remote client to call with grpc calloptions
* cleanup k8s ansible yaml (carry for #5713) ([#6074](https://github.com/containerd/containerd/pull/6074))
* cleanup k8s ansible yaml (carry for https://github.com/jayonlau <jayonlau@gmail.com>)
* feat: support import image for specific platform ([#6070](https://github.com/containerd/containerd/pull/6070))
* fix: wrong flag type
* feat: support import image for specific platform
* Update mirror images to take target image name ([#6065](https://github.com/containerd/containerd/pull/6065))
* Update mirror images to take target image name
* fix: make exec-id flag required in exec command ([#6059](https://github.com/containerd/containerd/pull/6059))
* fix: make exec-id flag required in exec command
* images: enable converter to uncompress zstd ([#6052](https://github.com/containerd/containerd/pull/6052))
* images: enable converter to uncompress zstd
* replace deprecated function with Domain and Path ([#5922](https://github.com/containerd/containerd/pull/5922))
* replace deprecated function
* integration: Adds Windows HostProcess tests ([#5853](https://github.com/containerd/containerd/pull/5853))
* integration: Adds Windows HostProcess tests
* Fix main branch build is broken ([#6047](https://github.com/containerd/containerd/pull/6047))
* Fix main branch build is broken
* Add open telemetry logging hook for logrus ([#6003](https://github.com/containerd/containerd/pull/6003))
* Add open telemetry logging hook for logrus
* Change `oci.WithUser` behavior for LCOW ([#6023](https://github.com/containerd/containerd/pull/6023))
* Change oci.WithUser behavior for LCOW
* switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound) ([#5946](https://github.com/containerd/containerd/pull/5946))
* switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound)
* import: Raise error if the imported image is filtered out ([#5926](https://github.com/containerd/containerd/pull/5926))
* import: Raise error if the imported image is filtered out
* Fix panic in metadata content writer on copy error ([#6043](https://github.com/containerd/containerd/pull/6043))
* Fix panic in metadata content writer on copy error
* Move tracing to plugin ([#6001](https://github.com/containerd/containerd/pull/6001))
* Move tracing to plugin
* ctr: Fixes Windows image import ([#5916](https://github.com/containerd/containerd/pull/5916))
* ctr: Fixes Windows image import
* update open go.opentelemetry.io v1.0.0 to fix import path ([#6017](https://github.com/containerd/containerd/pull/6017))
* go.mod: update opentelemetry modules to v1.0.0
* fix error string format ([#5979](https://github.com/containerd/containerd/pull/5979))
* fix error string format
* Add github action to mirror image ([#6036](https://github.com/containerd/containerd/pull/6036))
* Add github action to mirror image
* add current process state to the error message ([#6027](https://github.com/containerd/containerd/pull/6027))
* add current process state to the error message
* FreeBSD: fix tar headers & the nil check on getxattr ([#5991](https://github.com/containerd/containerd/pull/5991))
* FreeBSD: fix tar headers & the nil check on getxattr
* gha: collect VMs' IP addresses ([#6035](https://github.com/containerd/containerd/pull/6035))
* gha: collect Vagrant VMs' IP addresses
* bump continuity and console version that remove pkg/errors ([#6033](https://github.com/containerd/containerd/pull/6033))
* bump continuity and console version that remove pkg/errors
* import: Add option to prevent duplicated digest image ([#5997](https://github.com/containerd/containerd/pull/5997))
* import: Add option to skip creating digest image
* ctr namespaces: improve usage string ([#5998](https://github.com/containerd/containerd/pull/5998))
* ctr namespaces: improve usage string
* bump console version to v1.0.3 that remove pkg/errors ([#6028](https://github.com/containerd/containerd/pull/6028))
* bump console version to v1.0.3 that remove pkg/errors
* Use github images for integration tests ([#6032](https://github.com/containerd/containerd/pull/6032))
* Use github images for integration tests
* Fix typo ([#5995](https://github.com/containerd/containerd/pull/5995))
* Fix typo
* Enable image config labels in ctr and CRI container creation ([#6012](https://github.com/containerd/containerd/pull/6012))
* Enable image config labels in ctr and CRI container creation
* Make sure exit signals trigger an exit during init ([#5970](https://github.com/containerd/containerd/pull/5970))
* Make sure exit signals trigger an exit during init
* task delete: Closes task IO before waiting ([#5974](https://github.com/containerd/containerd/pull/5974))
* task delete: Closes task IO before waiting
* CI: bump up crun to 1.0 ([#5985](https://github.com/containerd/containerd/pull/5985))
* CI: bump up crun to 1.0
* seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted) ([#5982](https://github.com/containerd/containerd/pull/5982))
* seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)
* Update to Go 1.17.1 ([#5990](https://github.com/containerd/containerd/pull/5990))
* Update to Go 1.17.1
* CI: Switch to available latest images ([#5987](https://github.com/containerd/containerd/pull/5987))
* CI: Switch to available latest images
* add xfs support to devicemapper snapshotter ([#5610](https://github.com/containerd/containerd/pull/5610))
* add xfs support to devicemapper snapshotter
* Fixes task kill --force on Windows ([#5956](https://github.com/containerd/containerd/pull/5956))
* Fixes task kill --force on Windows
* Add support for shim plugins ([#5817](https://github.com/containerd/containerd/pull/5817))
* Add support for shim plugins
* vendor: update continuity for darwin support ([#5976](https://github.com/containerd/containerd/pull/5976))
* vendor: update continuity for darwin support
* replace uses of os/exec with golang.org/x/sys/execabs ([#5906](https://github.com/containerd/containerd/pull/5906))
* replace uses of os/exec with golang.org/x/sys/execabs
* complete integration test for pulling image with labels ([#5972](https://github.com/containerd/containerd/pull/5972))
* Additional integration tests for pulling image with labels
* Fix content copy to not ignore unexpected EOF ([#5966](https://github.com/containerd/containerd/pull/5966))
* Fix content copy to not ignore unexpected EOF
* add ip_pref CNI options for primary pod ip ([#5964](https://github.com/containerd/containerd/pull/5964))
* add ip_pref CNI options for primary pod ip
* cri: add devices for privileged container ([#5939](https://github.com/containerd/containerd/pull/5939))
* cri: add devices for privileged container
* sandbox: Allows the sandbox to be deleted in NotReady state ([#5954](https://github.com/containerd/containerd/pull/5954))
* sandbox: Allows the sandbox to be deleted in NotReady state
* pin protobuild version to tag ([#5969](https://github.com/containerd/containerd/pull/5969))
* pin protobuild version to tag
* Add metric exposing build version&revision ([#5965](https://github.com/containerd/containerd/pull/5965))
* use a const metric for build_info
* Add metric exposing build version&revision
* Feature: containerd-cri support LinuxContainerResources.Unified ([#5627](https://github.com/containerd/containerd/pull/5627))
* add cri test case
* feature: add field LinuxContainerResources.Unified on cri
* integration: investigate TestRestartMonitor's failure ([#5861](https://github.com/containerd/containerd/pull/5861))
* integration: investigate TestRestartMonitor's failure
* Use issue forms for bug reporting ([#5917](https://github.com/containerd/containerd/pull/5917))
* Address issue forms feedback
* Use issue forms for bug reporting
* cri: patch update image labels ([#5945](https://github.com/containerd/containerd/pull/5945))
* cri: patch update image labels
* darwin: runtime support ([#5936](https://github.com/containerd/containerd/pull/5936))
* darwin: runtime support
* darwin: use the default values for socketRoot variable
* Update RELEASES.md ([#5858](https://github.com/containerd/containerd/pull/5858))
* Update RELEASES.md
* archive: Add WriteDiff error logs ([#5949](https://github.com/containerd/containerd/pull/5949))
* archive: Add WriteDiff error logs
* replace deprecated Dialer with ContextDialer ([#5958](https://github.com/containerd/containerd/pull/5958))
* replace deprecated Dail with DailContext
* Add WS2022 support in Windows Periodic tests ([#5951](https://github.com/containerd/containerd/pull/5951))
* Add WS2022 support in Windows Periodic tests
* Content fuzzer: Clean up temp store dir ([#5943](https://github.com/containerd/containerd/pull/5943))
* content fuzzer: Clean up tempdir
* using Hosts replace deprecated field ([#5944](https://github.com/containerd/containerd/pull/5944))
* using Hosts replace deprecated field
* fix document non-synchronous ([#5947](https://github.com/containerd/containerd/pull/5947))
* fix document non-synchronous in crictl.md
* go.mod: Update hcsshim to v0.8.21 ([#5929](https://github.com/containerd/containerd/pull/5929))
* go.mod: Update hcsshim to v0.8.21
* Makefile.linux: build on RISC-V with PIE ([#5937](https://github.com/containerd/containerd/pull/5937))
* Makefile.linux: build on riscv with PIE
* Fix cwd flag for `ctr tasks exec` ([#5932](https://github.com/containerd/containerd/pull/5932))
* Fix cwd flag for `ctr tasks exec`
* Update Pause image in tests & config ([#5927](https://github.com/containerd/containerd/pull/5927))
* Update Pause image in tests & config
* cri: Devices ownership from SecurityContext ([#5122](https://github.com/containerd/containerd/pull/5122))
* cri: Devices ownership from SecurityContext
* Fix pull fails on unexpected EOF ([#5921](https://github.com/containerd/containerd/pull/5921))
* Fix pull fails on unexpected EOF
* Fix dir support for devices ([#5845](https://github.com/containerd/containerd/pull/5845))
* Adding testing of two devices
* Fix dir support for devices V3 (#4847)
* windows: The DefaultSpec platform should match the Default matcher ([#5914](https://github.com/containerd/containerd/pull/5914))
* windows: The DefaultSpec platform should match the Default matcher
* Add RunAsUserName functionality for the Windows pod sandbox container ([#5865](https://github.com/containerd/containerd/pull/5865))
* Add RunAsUserName functionality for the Windows Pod Sandbox Container
* bump up runc v1.0.2 ([#5899](https://github.com/containerd/containerd/pull/5899))
* go.mod: update runc to v1.0.2
* update runc binary to v1.0.2
* Run `go fmt` with Go 1.17 ([#5903](https://github.com/containerd/containerd/pull/5903))
* Run `go fmt` with Go 1.17
* go.mod: github.com/pelletier/go-toml v1.9.3 ([#5905](https://github.com/containerd/containerd/pull/5905))
* go.mod: github.com/pelletier/go-toml v1.9.3
* cri: filter selinux xattr for image volumes ([#5902](https://github.com/containerd/containerd/pull/5902))
* cri: filter selinux xattr for image volumes
* Add Windows HostProcess Support ([#5131](https://github.com/containerd/containerd/pull/5131))
* Added windows hostProcess cni skip
* script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0 ([#5897](https://github.com/containerd/containerd/pull/5897))
* script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0
* Update to Go 1.17 ([#5889](https://github.com/containerd/containerd/pull/5889))
* Bump integration timeout to 35 min
* Update to Go 1.17
* integration: fix TestContainerPids ([#5896](https://github.com/containerd/containerd/pull/5896))
* integration: fix TestContainerPids
* [ctr] add HOSTNAME env for host network ([#5891](https://github.com/containerd/containerd/pull/5891))
* [ctr] add HOSTNAME env for host network
* Fuzzing: Add fuzzer ([#5886](https://github.com/containerd/containerd/pull/5886))
* Fuzzing: Add fuzzer
* Make Cgroup driver configurable in gce configure script ([#5884](https://github.com/containerd/containerd/pull/5884))
* Add env for SystemdCgroup driver
* Allow expanded DNS configuration ([#5878](https://github.com/containerd/containerd/pull/5878))
* Allow expanded DNS configuration
* Fuzzing: Add 4 fuzzers ([#5863](https://github.com/containerd/containerd/pull/5863))
* Fuzzing: Add 4 fuzzers
* Cleanup v2 shim ([#5813](https://github.com/containerd/containerd/pull/5813))
* Cleanup v2 shim
* Fuzzing: Add experimental version of container fuzzer ([#5840](https://github.com/containerd/containerd/pull/5840))
* Use http.Get to download binaries instead of exec.Command
* Fuzzing: Add experimental version of container fuzzer
* add cpu-shares to ctr ([#5846](https://github.com/containerd/containerd/pull/5846))
* add cpu-shares to ctr
* docs: rename master to main (it was opposite on the actual commit) ([#5847](https://github.com/containerd/containerd/pull/5847))
* docs: rename main to master
* content: return the error with its timestamp ([#5849](https://github.com/containerd/containerd/pull/5849))
* content: return the error with its timestamp
* Fix bad `make protos` failure ([#5857](https://github.com/containerd/containerd/pull/5857))
* Fix bad `make protos` failure
* replace cri and point to new location ([#5851](https://github.com/containerd/containerd/pull/5851))
* archive docs and point to new location fix #https://github.com/containerd/cri/issues/1624
* docs: remove FOSSA's badge ([#5856](https://github.com/containerd/containerd/pull/5856))
* docs: remove FOSSA's badge
* BUILDING.md: remove some bits about building runc ([#5850](https://github.com/containerd/containerd/pull/5850))
* BUILDING.md: remove some bits about building runc
* BUILDING.md: markdown fixes
* go.mod: update k8s deps to v1.22.0 ([#5836](https://github.com/containerd/containerd/pull/5836))
* go.mod: update kubernetes to v1.22.0
* [Scripts] Add trap to cri-integration test script ([#5852](https://github.com/containerd/containerd/pull/5852))
* Add trap to cri-integration test script
* docs: list all snapshotter-related build flags ([#5848](https://github.com/containerd/containerd/pull/5848))
* docs: list all snapshotter-related build flags
* Move plugin context events into separate plugin ([#5835](https://github.com/containerd/containerd/pull/5835))
* Move plugin context events into separate plugin
* Fix Linux CI Linter using Go 1.15.14 ([#5839](https://github.com/containerd/containerd/pull/5839))
* Fix Linux CI Linter using go 1.15.14
* Update Go to 1.16.7 ([#5842](https://github.com/containerd/containerd/pull/5842))
* Update Go to 1.16.7
* Cleanup CI ([#5838](https://github.com/containerd/containerd/pull/5838))
* Cleanup CI
* Remove redundant build tags ([#5834](https://github.com/containerd/containerd/pull/5834))
* Remove redundant build tags
* Change default directories on Darwin ([#5830](https://github.com/containerd/containerd/pull/5830))
* Change default directories on Darwin
* [otel-tracing] Initial opentelemetry support ([#5731](https://github.com/containerd/containerd/pull/5731))
* [otel-tracing] vendor and go modules changes
* [otel-tracing] Initial opentelemetry support
* remove go 1.13 from containerd
* Fuzzing: Fix for OSS-fuzz issue 36825 ([#5829](https://github.com/containerd/containerd/pull/5829))
* Fuzzing: Fix for OSS-fuzz issue 36825
* Fuzzing: Add two fuzzers ([#5825](https://github.com/containerd/containerd/pull/5825))
* Fuzzing: Add two more fuzzers
* scripts: linting fixes, and remove support for Debian Jessie (as it's EOL) ([#5760](https://github.com/containerd/containerd/pull/5760))
* scripts: declare ROOT closer to where it's used, and some DRY changes
* scripts: add missing quotes, and minor linting issues
* test/build-utils.sh: remove support for Debian Jessie
* platforms: Format(): use path.Join() instead of joinNotEmpty() ([#5821](https://github.com/containerd/containerd/pull/5821))
* platforms: Format(): use path.Join() instead of joinNotEmpty()
* Fuzzing: Remove panics of container_fuzzer ([#5823](https://github.com/containerd/containerd/pull/5823))
* Fuzzing: Remove panics of container_fuzzer
* Fuzzing: Add container fuzzer ([#5785](https://github.com/containerd/containerd/pull/5785))
* Change protoc link
* Split fuzzer to two fuzzers
* Fuzzing: Add container fuzzer
* runtime: fix the issue of create new socket with abstract address ([#5746](https://github.com/containerd/containerd/pull/5746))
* runtime: fix the issue of create new socket with abstract address
* mergo: Upgrade to 0.3.12 to fix panic ([#5809](https://github.com/containerd/containerd/pull/5809))
* mergo: Upgrade to 0.3.12 to fix panic
* ci: install criu from PPA ([#5802](https://github.com/containerd/containerd/pull/5802))
* ci: install criu from PPA
* Update release workflow to upload binary without CNI ([#5144](https://github.com/containerd/containerd/pull/5144))
* Split release steps into multiple tasks
* Update release workflow to upload binary without CNI
* Enable critest on Windows Periodic Jobs ([#5725](https://github.com/containerd/containerd/pull/5725))
* Enable critest on Windows
* Script to check if entries in go.mod files are in sync ([#5792](https://github.com/containerd/containerd/pull/5792))
* Script to check if entries in go.mod files are in sync
* Add a sharedNamespace label ([#5043](https://github.com/containerd/containerd/pull/5043))
* Add shared content label to namespaces
* platforms: add "ios" as known OS, "loong64" as known ARCH ([#5784](https://github.com/containerd/containerd/pull/5784))
* platforms: add "ios" as known OS, "loong64" as known ARCH
* Updates the location of protobuf downloads ([#5804](https://github.com/containerd/containerd/pull/5804))
* Updates the location of protobuf downloads in docs
* Update protobuf install to use correct repository ([#5803](https://github.com/containerd/containerd/pull/5803))
* Update protobuf install to use correct repository
* overlay: expose upperdir location of each snapshot via an optional label ([#5624](https://github.com/containerd/containerd/pull/5624))
* overlay: add an optional label of upperdir location of each snapshot
* Support SIGRTMIN+n signals ([#5693](https://github.com/containerd/containerd/pull/5693))
* Support SIGRTMIN+n signals
* respect context timeout in shim binary call ([#5800](https://github.com/containerd/containerd/pull/5800))
* respect context timeout in shim binary call
* Introduce a new go module - containerd/api for use in standalone clients ([#5716](https://github.com/containerd/containerd/pull/5716))
* Introduce a new go module - containerd/api for use in standalone clients
* grpc config add options tcp_client_ca_cert ([#5606](https://github.com/containerd/containerd/pull/5606))
* grpc config add options tcp_tls_ca
* integration: Windows volume-copy-up images ([#5162](https://github.com/containerd/containerd/pull/5162))
* integration: Windows volume-copy-up images
* add CRI support matrix to RELEASES.md ([#5795](https://github.com/containerd/containerd/pull/5795))
* add CRI support matrix to RELEASES.md
* adding a little more clarity ([#5794](https://github.com/containerd/containerd/pull/5794))
* adding a little more clarity
* update gotestsum to v1.7.0 ([#5793](https://github.com/containerd/containerd/pull/5793))
* update gotestsum to v1.7.0
* Discard blocks when removing a thin device ([#5756](https://github.com/containerd/containerd/pull/5756))
* Discard blocks when removing a thin device
* Makefile: fix passing build tags ([#5590](https://github.com/containerd/containerd/pull/5590))
* Makefile: pass build tags to manpage build process
* Makefile: fix tags parameter computation
* Add runtime label to metrics ([#5744](https://github.com/containerd/containerd/pull/5744))
* Add runtime label to metrics
* interface about shim build check ([#5745](https://github.com/containerd/containerd/pull/5745))
* interface about shim build check
* integration: log all processes to investigate the test failure ([#5775](https://github.com/containerd/containerd/pull/5775))
* integration: log all processes to investigate the test failure
* Fuzzing: Add archive fuzzer ([#5779](https://github.com/containerd/containerd/pull/5779))
* Fuzzing: Add archive fuzzer
* Add docker.Fetch fuzzer ([#5687](https://github.com/containerd/containerd/pull/5687))
* Add docker fetch fuzzer
* Support custom compressor for walking differ ([#5735](https://github.com/containerd/containerd/pull/5735))
* Support custom compressor for walking differ
* remotes/docker/pusher.go: Fix missing Close() on push to docker remote ([#5770](https://github.com/containerd/containerd/pull/5770))
* remotes/docker/pusher.go: Fix missing Close()
* remotes/docker/fetcher.go: Fix missing Close() on fetch from docker remote ([#5769](https://github.com/containerd/containerd/pull/5769))
* remotes/docker/fetcher.go: Fix missing Close()
* Update cpuguy83/go-md2man binary to v2.0.1 ([#5771](https://github.com/containerd/containerd/pull/5771))
* Update cpuguy83/go-md2man binary to v2.0.1
* Refactor / optimize contrib/Dockerfile.test ([#5750](https://github.com/containerd/containerd/pull/5750))
* Dockerfile.test: build containerd in separate stage
* Dockerfile.test: add GOLANG_IMAGE build arg to allow overriding
* Dockerfile.test: clean up apt indexes after installing
* Dockerfile.test: build critools in a separate stage
* Dockerfile.test: build cni in a separate stage
* Dockerfile.test: standard directory to collect build aftifacts
* Dockerfile.test: split dev stage, and optimize order
* Dockerfile.test: skip curl, gcc, git and make install
* install-critools: make sure DESTDIR exists
* update gotestsum to current master ([#5754](https://github.com/containerd/containerd/pull/5754))
* update gotestsum to current master
* Github Security Advisory [GHSA-c72p-9xmj-rx3w](https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w)
* Add test for archive breakout test for lchmod
* Use systemd cgroup driver for Kubernetes e2e tests with cgroupsv2 ([#5755](https://github.com/containerd/containerd/pull/5755))
* Use systemd cgroup driver for cgroupv2 tests
* update runc to v1.0.1 ([#5751](https://github.com/containerd/containerd/pull/5751))
* go.mod: runc v1.0.1
* update runc binary to v1.0.1
* runtime: runc v2: remove redundant validation ([#5737](https://github.com/containerd/containerd/pull/5737))
* runtime: runc v2: remove redundant validation
* Add timestamp to flaky restart monitor test ([#5727](https://github.com/containerd/containerd/pull/5727))
* Move loop check to before sleep
* Add timestamp to flaky restart monitor test
* Update Go to 1.16.6 ([#5722](https://github.com/containerd/containerd/pull/5722))
* integration/client: go mod tidy
* Update Go to 1.16.6
* client: surface a connection error more clearly ([#4447](https://github.com/containerd/containerd/pull/4447))
* client: surface a connection error more clearly
* Fix missing Body.Close() calls on push to docker remote ([#5712](https://github.com/containerd/containerd/pull/5712))
* Fix missing Body.Close() calls on push to docker remote
* remove pkg/cri/platforms package ([#5710](https://github.com/containerd/containerd/pull/5710))
* remove pkg/cri/platforms package
* Allow WithServices to use custom implementations ([#5709](https://github.com/containerd/containerd/pull/5709))
* Allow WithServices to use custom implementations
* [Vendor] Update hcsshim to 0.8.18 ([#5673](https://github.com/containerd/containerd/pull/5673))
* [Vendor] Update hcsshim to 0.8.18
* test integration: Adds a test that restarts a failed container ([#5578](https://github.com/containerd/containerd/pull/5578))
* test integration: Adds a test that restarts a failed container
* [CRI] move up to CRI v1 and support v1alpha in parallel ([#5619](https://github.com/containerd/containerd/pull/5619))
* use fu wei's suggeted interface pick for marshaling
* add alpha version
* move up to CRI v1 and support v1alpha in parallel
* gha: make release workflow work in forks ([#5682](https://github.com/containerd/containerd/pull/5682))
* gha: make release workflow work in forks
* Add unit test for plugin ([#5666](https://github.com/containerd/containerd/pull/5666))
* Add unit test for plugin
* Dockerfile.test: add "cri-in-userns" (aka rootless) test stage ([#5700](https://github.com/containerd/containerd/pull/5700))
* Dockerfile.test: add "cri-in-userns" (aka rootless) test stage
* Update for distribution spec 1.0 ([#5676](https://github.com/containerd/containerd/pull/5676))
* Add support for registry host path override
* Update documenation for OCI distribution 1.0
* archive: cleanup lchmod logic ([#5702](https://github.com/containerd/containerd/pull/5702))
* Cleanup lchmod logic in archive
* Install specific golang version in Windows CI. ([#5571](https://github.com/containerd/containerd/pull/5571))
* Install specific golang version in Windows CI.
* Add ctr command label in NewContainerOpts ([#5660](https://github.com/containerd/containerd/pull/5660))
* feat: Add snapshotter label to the new snapshot for container.
* snapshot/devmapper: log exported methods correctly ([#5655](https://github.com/containerd/containerd/pull/5655))
* snapshot/devmapper: log exported methods correctly
* Makefile: fix DESTDIR and PREFIX concatenation ([#5662](https://github.com/containerd/containerd/pull/5662))
* Makefile: fix DESTDIR and PREFIX concatenation
* Cri integration cleanup ([#5287](https://github.com/containerd/containerd/pull/5287))
* tests: Use EnsureImageExists for image pulling
* tests: Refactors PodSandbox creation
* move sys.FMountat() into mount package and un-export ([#5641](https://github.com/containerd/containerd/pull/5641))
* un-export mount.FMountat
* move sys.FMountat() into mount package
* sandbox: send pod UID to CNI plugins as K8S_POD_UID ([#5640](https://github.com/containerd/containerd/pull/5640))
* sandbox: send pod UID to CNI plugins as K8S_POD_UID
* sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils ([#5639](https://github.com/containerd/containerd/pull/5639))
* sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils
* content/local: inline sys.StatATimeAsTime() ([#5633](https://github.com/containerd/containerd/pull/5633))
* content/local: inline sys.StatATimeAsTime()
* allow multi gpu to be specified via ctr ([#5636](https://github.com/containerd/containerd/pull/5636))
* allow multi gpu to be specified via ctr
* go.mod: runc v1.0.0
* update runc binary to v1.0.0 GA
* fixing some doc links ([#5629](https://github.com/containerd/containerd/pull/5629))
* fixing some doc links
* Sync integration/go.mod with root go.mod ([#5623](https://github.com/containerd/containerd/pull/5623))
* Sync integration/go.mod with root go.mod
* archive: Expose ChangeWriter to allow customized diff computing ([#5615](https://github.com/containerd/containerd/pull/5615))
* archive: Expose ChangeWriter to allow customized diff computing
* CI: Switch to the available latest images ([#5625](https://github.com/containerd/containerd/pull/5625))
* CI: Switch to available latest images
* fix deprecation config for default runtime
* Re-enable criu in main integration runs ([#5614](https://github.com/containerd/containerd/pull/5614))
* Re-enable criu in main integration runs
* runtime,v2: Enable debug when containerd is on debug+ log level ([#5617](https://github.com/containerd/containerd/pull/5617))
* runtime,v2: Enable debug when containerd is on debug+ log level
* github.com/golang/protobuf/proto is deprecated
* Update github.com/golang/protobuf from v1.3.5 to v1.4.3
* Update google.golang.org/grpc from v1.27.1 to v1.38.0
* Increase golangci-lint timeout
* ctr flags of container rootfs propagation ([#5611](https://github.com/containerd/containerd/pull/5611))
* command line flags of setting container rootfs propagation
* add cgroupv2 setup for cos with a flag
* Update gotestsum to add timestamps to junit output ([#5612](https://github.com/containerd/containerd/pull/5612))
* Update gotestsum to add timestamps to junit output
* Allow to pass --no-cgroups option to nvidia-container-cli ([#5604](https://github.com/containerd/containerd/pull/5604))
* Allow to pass --no-cgroup option to nvidia-container-cli
* Makefile: FHS conformant manpage installation pathes ([#5577](https://github.com/containerd/containerd/pull/5577))
* Makefile: FHS conformant manpage installation pathes
* Add proper Go version before project checks ([#5594](https://github.com/containerd/containerd/pull/5594))
* Add proper Go version before project checks
* Enable cri-integration in Windows Periodic Tests ([#5580](https://github.com/containerd/containerd/pull/5580))
* Enable cri-integration in Windows Periodic Tests
* adds explanation for seccomp unset/unconfined default vs runtime default ([#5573](https://github.com/containerd/containerd/pull/5573))
* adds explanation for seccomp unset/unconfined default vs runtime default
* Fix cleanup context of teardownPodNetwork ([#5569](https://github.com/containerd/containerd/pull/5569))
* Fix cleanup context of teardownPodNetwork
* update integration/client go.sum ([#5572](https://github.com/containerd/containerd/pull/5572))
* update integration/client go.sum
* Revert diff/walking error change ([#5566](https://github.com/containerd/containerd/pull/5566))
* Revert diff/walking error change
* Update opencontainers/selinux to v1.8.2 ([#5562](https://github.com/containerd/containerd/pull/5562))
* Update opencontainers/selinux to v1.8.2
* fix invalid validation error checking ([#5565](https://github.com/containerd/containerd/pull/5565))
* fix invalid validation error checking
* diff/walking: fix defer cleanup ([#5551](https://github.com/containerd/containerd/pull/5551))
* diff/walking: fix defer cleanup
* Windows periodic job: Add creation timestamp to RG ([#5559](https://github.com/containerd/containerd/pull/5559))
* Add creation timestamp to RG
* Fix error case in Windows layer cleanup ([#5328](https://github.com/containerd/containerd/pull/5328))
* Fix error case in Windows layer cleanup
* Use DeactivateLayer to unlock layers that we cannot rename ([#5422](https://github.com/containerd/containerd/pull/5422))
* Small typo fix "reimporst"
* Use DeactivateLayer to recover layers that we cannot rename
* tests: Symlink volume tests ([#5284](https://github.com/containerd/containerd/pull/5284))
* tests: Symlink volume tests
* Makefile: fix DESTDIR environment variable behaviour ([#5535](https://github.com/containerd/containerd/pull/5535))
* Makefile: fix DESTDIR environment variable behaviour
* Change Wrapf of non-error to an actual error ([#5560](https://github.com/containerd/containerd/pull/5560))
* Change Wrapf of non-error to an actual error
* Install apparmor parser for arm64 environment
* scrub the stale TODO ([#5536](https://github.com/containerd/containerd/pull/5536))
* scrub the stale TODO
* docs: explicitly mention containerd's Prometheus path ([#5554](https://github.com/containerd/containerd/pull/5554))
* docs: explicitly mention containerd's Prometheus path
* integration: Cleanup containerd on test teardown ([#5553](https://github.com/containerd/containerd/pull/5553))
* integration: Cleanup containerd on test teardown
* docs/cri: update links ([#5548](https://github.com/containerd/containerd/pull/5548))
* docs/cri: update ocicrypt link
* docs/cri: fix broken links
* Update Windows periodic tests ([#5544](https://github.com/containerd/containerd/pull/5544))
* Update Windows periodic tests
* Add CI periodic Windows Jobs. ([#5165](https://github.com/containerd/containerd/pull/5165))
* Schedule Windows job daily after midnight.
* Update windows-periodic.yml
* Add CI periodic Windows Jobs.
* Rename atomicWrite to writeToCompletion ([#5273](https://github.com/containerd/containerd/pull/5273))
* Rename atomicWrite to writeToCompletion
* Do not run btrfs tests if btrfs kernel module is not loaded ([#5539](https://github.com/containerd/containerd/pull/5539))
* Do not run btrfs tests if btrfs kernel module is not loaded
* Fix incorrect UA used for registry authentication ([#5533](https://github.com/containerd/containerd/pull/5533))
* Fix incorrect UA used for registry authentication
* ctr: parse mount options with embedded = character ([#5531](https://github.com/containerd/containerd/pull/5531))
* ctr: parse mount options with embedded = character
* Fix mounts for FreeBSD ([#5472](https://github.com/containerd/containerd/pull/5472))
* Add ruleset=4 option
* Remove mountpoints not commonly mounted on FreeBSD
* Add copyright header & make sure compilation succeeds on all platforms
* Fix mounts for FreeBSD
* ctr: make exec pty behavior consistent with run ([#5527](https://github.com/containerd/containerd/pull/5527))
* ctr: exec handle pty resize after Start
* ctr: exec setup IO with console
* Makefile: use $@ for target file names ([#5534](https://github.com/containerd/containerd/pull/5534))
* Makefile: use $@ for target file names
* Fix small typo ([#5528](https://github.com/containerd/containerd/pull/5528))
* Fix small typo
* Don't check for apparmor_parser to be present ([#5519](https://github.com/containerd/containerd/pull/5519))
* update the link
* Don't check for apparmor_parser to be present
* Remove useless lines ([#5520](https://github.com/containerd/containerd/pull/5520))
* Remove useless lines
* Fixed typos in docs ([#5509](https://github.com/containerd/containerd/pull/5509))
* fixed typos
* Try next mirror in case of non-404 errors, too ([#5275](https://github.com/containerd/containerd/pull/5275))
* Try next mirror in case of non-404 errors, too
* bump runc version to v1.0.0-rc95 ([#5514](https://github.com/containerd/containerd/pull/5514))
* bump runc version to v1.0.0-rc95
* update runc binary to v1.0.0-rc95 ([#5511](https://github.com/containerd/containerd/pull/5511))
* update runc binary to v1.0.0-rc95
* Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0 ([#5508](https://github.com/containerd/containerd/pull/5508))
* Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0
* Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1 ([#5507](https://github.com/containerd/containerd/pull/5507))
* Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
* Makefile: allow overriding install command via environment ([#5493](https://github.com/containerd/containerd/pull/5493))
* Makefile: allow overriding install command via environment
* tests: Adds support for Windows cri-integration tests ([#5163](https://github.com/containerd/containerd/pull/5163))
* tests: Adds support for Windows cri-integration tests
* Update docker resolver to authorize redirects ([#5504](https://github.com/containerd/containerd/pull/5504))
* Update docker resolver to authorize redirects
* bump hcsshim version to v0.8.17 ([#5505](https://github.com/containerd/containerd/pull/5505))
* bump hcsshim version to v0.8.17
* Release binary update for imgcrypt ([#5498](https://github.com/containerd/containerd/pull/5498))
* just release ctd-decoder not ctr-enc
* Merge remote-tracking branch 'upstream/master'
* Pin integration test image for alpine
* cri-integration tests: Pull images once ([#5313](https://github.com/containerd/containerd/pull/5313))
* tests: Prepull images used in tests
* plugin: optimize the check for the last registration ([#5440](https://github.com/containerd/containerd/pull/5440))
* plugin: optimize the check for the last registration
* metadata: modify NewLeaseManager to return leases.Manager ([#5465](https://github.com/containerd/containerd/pull/5465))
* metadata: modify NewLeaseManager to return leases.Manager
* Skip TLS verification for localhost ([#5100](https://github.com/containerd/containerd/pull/5100))
* Skip TLS verification for localhost
* Merge remote-tracking branch 'upstream/master'
* Makefile: make sure manpages are built before install-man ([#5492](https://github.com/containerd/containerd/pull/5492))
* Makefile: make sure manpages are built before install-man
* adds description for hosts.toml ([#5309](https://github.com/containerd/containerd/pull/5309))
* adds credentials description
* adds description for hosts.toml
* Prepare default branch rename ([#5459](https://github.com/containerd/containerd/pull/5459))
* Prepare default branch rename
* Merge remote-tracking branch 'upstream/master'
* Update runc to rc94 ([#5473](https://github.com/containerd/containerd/pull/5473))
* Update vendored runc to v1.0.0.0-rc94
* Update the runc binary used with containerd to runc v1.0.0-rc94
* Fix `content.ReaderAt` close ([#5468](https://github.com/containerd/containerd/pull/5468))
* Fix content.ReaderAt close
* Update releases doc with updated support timeline ([#5466](https://github.com/containerd/containerd/pull/5466))
* Update releases doc with updated support timeline
* tests: add test for adaptor ([#5452](https://github.com/containerd/containerd/pull/5452))
* tests: add test for adaptor
* Makefile: allow overriding go command by environment ([#5450](https://github.com/containerd/containerd/pull/5450))
* Makefile: allow overriding go command by environment
* update to new cri-tools make install ([#5462](https://github.com/containerd/containerd/pull/5462))
* update to new cri-tools make install
* Update Go to 1.16.4 ([#5461](https://github.com/containerd/containerd/pull/5461))
* Update Go to 1.16.4
* Merge remote-tracking branch 'upstream/release/1.5'
* [release/1.5] go.mod: cut circular dependency on github.com/containerd/containerd ([#5457](https://github.com/containerd/containerd/pull/5457))
* go.mod: cut circular dependency on github.com/containerd/containerd
* integration/client: go mod tidy
* oci: fix WithDevShmSize ([#5063](https://github.com/containerd/containerd/pull/5063))
* oci: fix WithDevShmSize
* [release/1.5] cherry-pick: windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink ([#5454](https://github.com/containerd/containerd/pull/5454))
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink ([#5411](https://github.com/containerd/containerd/pull/5411))
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
* doc: add missing namespaces package ([#5448](https://github.com/containerd/containerd/pull/5448))
* doc: add missing namespaces package
* update seccomp version ([#5445](https://github.com/containerd/containerd/pull/5445))
* update seccomp version
* Update golang.org/x/sys to add linux/ppc support ([#5436](https://github.com/containerd/containerd/pull/5436))
* Update golang.org/x/sys to add linux/ppc support
* go.mod: cut circular dependency on github.com/containerd/containerd ([#5441](https://github.com/containerd/containerd/pull/5441))
* go.mod: cut circular dependency on github.com/containerd/containerd
* integration/client: go mod tidy
* Fix different registry hosts referencing the same auth config. ([#5446](https://github.com/containerd/containerd/pull/5446))
* Fix different registry hosts referencing the same auth config.
</p>
</details>
### Changes from containerd/cgroups
<details><summary>24 commits</summary>
<p>
* cgroup: Optionally add process and task to a subsystems subset ([#203](https://github.com/containerd/cgroups/pull/203))
* cgroup: Optionally add process and task to a subsystems subset
* replace pkg/errors from vendor ([#208](https://github.com/containerd/cgroups/pull/208))
* replace pkg/errors from vendor
* cgroup.go: avoid panic on nil interface ([#207](https://github.com/containerd/cgroups/pull/207))
* cgroup.go: avoid panic on nil interface
* Improvements on cgroup v2 support ([#204](https://github.com/containerd/cgroups/pull/204))
* cgroupv2: reset lastErr to nil when subtree control is successfully written
* cgroupv2: enable controllers before setting resources in NewChild()
* v2: remove unimplemented errors and ErrorHandler, IgnoreNotExist ([#201](https://github.com/containerd/cgroups/pull/201))
* v2: remove ErrorHandler and IgnoreNotExist as they are not implemented
* v2: remove errors that are never returned
* v1: reduce duplicated code ([#202](https://github.com/containerd/cgroups/pull/202))
* v1: reduce duplicated code
* cgroup v1: implement AddProc() ([#200](https://github.com/containerd/cgroups/pull/200))
* cgroup v1: implement AddProc()
* Rename branch from master to main ([#199](https://github.com/containerd/cgroups/pull/199))
* Rename branch from master to main
* utils: export ParseCgroupFile() ([#197](https://github.com/containerd/cgroups/pull/197))
* utils: export ParseCgroupFile()
* go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations ([#194](https://github.com/containerd/cgroups/pull/194))
* go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations
* Use /proc/partitions to get device names ([#195](https://github.com/containerd/cgroups/pull/195))
* Use /proc/partitions to get device names
</p>
</details>
### Changes from containerd/console
<details><summary>6 commits</summary>
<p>
* Fix CI ([#55](https://github.com/containerd/console/pull/55))
* Fix CI
* Stop using pkg/errors
* Add support for z/OS ([#46](https://github.com/containerd/console/pull/46))
* Console test on z/OS
* Add support for z/OS
</p>
</details>
### Changes from containerd/continuity
<details><summary>28 commits</summary>
<p>
* fs: use syscall.Timespec.Unix ([#193](https://github.com/containerd/continuity/pull/193))
* fs: use syscall.Timespec.Unix
* Update CI Go version to 1.17 ([#192](https://github.com/containerd/continuity/pull/192))
* Update CI Go version to 1.17
* Build containerd/continuity on multiple Unix OSes ([#190](https://github.com/containerd/continuity/pull/190))
* Build containerd/continuity on multiple Unix OSes
* Do not log errors before returning them ([#191](https://github.com/containerd/continuity/pull/191))
* Do not log errors before returning them
* Copy Windows file metadata ([#188](https://github.com/containerd/continuity/pull/188))
* Copy Windows file metadata
* fix fmt.Errorf("%w", err) on err == nil ([#187](https://github.com/containerd/continuity/pull/187))
* fix fmt.Errorf("%w", err) on err == nil
* Remove direct dependency on github.com/pkg/errors ([#185](https://github.com/containerd/continuity/pull/185))
* run gofmt with Go 1.17
* remove direct dependency on github.com/pkg/errors
* Fix darwin issues ([#186](https://github.com/containerd/continuity/pull/186))
* update AUTHORS
* darwin: use utimensat syscall instead of utimes
* fix darwin usage of du command
* go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125 ([#161](https://github.com/containerd/continuity/pull/161))
* go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125
* fs/stat: add FreeBSD, and cleanup some nolint-comments ([#184](https://github.com/containerd/continuity/pull/184))
* reformat nolint comments
* fs/stat: add FreeBSD
* Rename branch from master to main ([#182](https://github.com/containerd/continuity/pull/182))
* Rename branch from master to main
* testutil/loopback: print more debug info ([#180](https://github.com/containerd/continuity/pull/180))
* testutil/loopback: print more debug info
</p>
</details>
### Changes from containerd/go-cni
<details><summary>18 commits</summary>
<p>
* run setup on networks in parallel ([#76](https://github.com/containerd/go-cni/pull/76))
* switch to direct index
* run setup on networks in parallel
* remove: Continue on "not found" errors ([#74](https://github.com/containerd/go-cni/pull/74))
* remove: Continue on "not found" errors
* go.mod: github.com/containernetworking/cni v1.0.1 ([#72](https://github.com/containerd/go-cni/pull/72))
* go.mod: github.com/containernetworking/cni v1.0.1
* remove direct dependency on github.com/pkg/errors ([#71](https://github.com/containerd/go-cni/pull/71))
* remove direct dependency on github.com/pkg/errors
* update CNI to v1.0.0 ([#70](https://github.com/containerd/go-cni/pull/70))
* test: add TestLibCNIType100
* update CNI to v1.0.0
* Rename branch from master to main ([#69](https://github.com/containerd/go-cni/pull/69))
* Rename branch from master to main
* result: change Raw from a struct field to a method ([#68](https://github.com/containerd/go-cni/pull/68))
* result: change Raw from a struct field to a method
* result: expose raw result ([#67](https://github.com/containerd/go-cni/pull/67))
* result: expose raw result
</p>
</details>
### Changes from containerd/imgcrypt
<details><summary>32 commits</summary>
<p>
* CHANGES: Updated CHANGES document for 1.1.3 release ([#64](https://github.com/containerd/imgcrypt/pull/64))
* CHANGES: Updated CHANGES document for 1.1.3 release
* docs: update project branch to main ([#63](https://github.com/containerd/imgcrypt/pull/63))
* docs: update project branch to main
* Update linter to match containerd repo ([#61](https://github.com/containerd/imgcrypt/pull/61))
* Update linter to match containerd repo
* update CI golang version
* Bump github.com/containerd/containerd from 1.5.7 to 1.5.8 ([#59](https://github.com/containerd/imgcrypt/pull/59))
* Bump github.com/containerd/containerd from 1.5.7 to 1.5.8
* maint: Update to ocicrypt v1.1.2 ([#57](https://github.com/containerd/imgcrypt/pull/57))
* maint: Update to ocicrypt v1.1.2
* Decouple CreateCryptoConfig() from github.com/urfave/cli ([#56](https://github.com/containerd/imgcrypt/pull/56))
* Decouple CreateCryptoConfig() from github.com/urfave/cli
* Bump github.com/containerd/containerd from 1.5.5 to 1.5.7 ([#55](https://github.com/containerd/imgcrypt/pull/55))
* Bump github.com/containerd/containerd from 1.5.5 to 1.5.7
* replace pkg/errors and bump related library
* README: Fix CRI decryption document URL ([#53](https://github.com/containerd/imgcrypt/pull/53))
* README: Fix CRI decryption document URL
* Bump github.com/containerd/containerd from 1.5.2 to 1.5.4 ([#52](https://github.com/containerd/imgcrypt/pull/52))
* Bump github.com/containerd/containerd from 1.5.2 to 1.5.4
* Bump containerd to 1.5.2 ([#51](https://github.com/containerd/imgcrypt/pull/51))
* Bump containerd to 1.5.2
* images: Implement ConvertFunc for image en- and decryption ([#49](https://github.com/containerd/imgcrypt/pull/49))
* images: Implement ConvertFunc for image en- and decryption
* Add containerd-release to makefile ([#48](https://github.com/containerd/imgcrypt/pull/48))
* Remove ctr-enc from installation
* vendor sync up with containerd 1.5 ga, and runc94 ([#47](https://github.com/containerd/imgcrypt/pull/47))
* sync up with containerd 1.5 ga, and runc94
* Sync ctr-enc with containerd's ctr v1.5.0-rc.3 ([#46](https://github.com/containerd/imgcrypt/pull/46))
* CICD: Run 'apt update' before pulling packages
* ctr-enc: Set the version for ctr-enc when linking
* Sync ctr-enc with containerd's ctr v1.5.0-rc.3
</p>
</details>
### Changes from containerd/ttrpc
<details><summary>34 commits</summary>
<p>
* Add protoc-gen-go-ttrpc ([#96](https://github.com/containerd/ttrpc/pull/96))
* Add protoc-gen-go-ttrpc
* client: Handle sending/receiving in separate goroutines ([#94](https://github.com/containerd/ttrpc/pull/94))
* client: Handle sending/receiving in separate goroutines
* Run Protobuild in GitHub Actions ([#95](https://github.com/containerd/ttrpc/pull/95))
* Run Protobuild in GitHub Actions
* Re-generate example.pb.go
* replace pkg/errors ([#93](https://github.com/containerd/ttrpc/pull/93))
* replace pkg/errors from vendor
* Rename branch from master to main ([#86](https://github.com/containerd/ttrpc/pull/86))
* Rename branch from master to main
* Make "go test" and "go build" work on macOS ([#85](https://github.com/containerd/ttrpc/pull/85))
* Make the example command buildable on macOS
* Run GitHub Actions on macOS
* Make "go test" work on macOS
* Return Unimplemented when services or methods are not implemented ([#83](https://github.com/containerd/ttrpc/pull/83))
* Return Unimplemented when services or methods are not implemented
* Remove "Very new" and checked TODO items ([#84](https://github.com/containerd/ttrpc/pull/84))
* Remove "Very new" and checked TODO items
* removing glide from ignore ([#82](https://github.com/containerd/ttrpc/pull/82))
* removing glide from ignore
* go.mod: update dependencies ([#79](https://github.com/containerd/ttrpc/pull/79))
* go.mod: github.com/prometheus/procfs v0.6.0
* go.mod: google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
* go.mod: google.golang.org/grpc v1.27.1
* go.mod: github.com/gogo/protobuf v1.3.2
* remove travis, add codecov badge ([#78](https://github.com/containerd/ttrpc/pull/78))
* CI: add codecov badge to readme
* CI: remove travis
* Use GitHub Actions for CI ([#77](https://github.com/containerd/ttrpc/pull/77))
* Use GitHub Actions for CI
* go.mod: sirupsen/logrus v1.7.0 ([#76](https://github.com/containerd/ttrpc/pull/76))
* go.mod: sirupsen/logrus v1.7.0
* go mod tidy
</p>
</details>
### Dependency Changes
* **cloud.google.com/go** v0.81.0 **_new_**
* **github.com/AdaLogics/go-fuzz-headers** 6c3934b029d8 **_new_**
* **github.com/Microsoft/go-winio** v0.4.17 -> v0.5.1
* **github.com/Microsoft/hcsshim** v0.8.16 -> v0.9.2
* **github.com/blang/semver** v3.5.1 **_new_**
* **github.com/cenkalti/backoff/v4** v4.1.2 **_new_**
* **github.com/cespare/xxhash/v2** v2.1.1 -> v2.1.2
* **github.com/cilium/ebpf** v0.4.0 -> v0.7.0
* **github.com/containerd/cgroups** v1.0.1 -> v1.0.2
* **github.com/containerd/console** v1.0.2 -> v1.0.3
* **github.com/containerd/continuity** v0.1.0 -> v0.2.2
* **github.com/containerd/go-cni** v1.0.2 -> v1.1.1
* **github.com/containerd/imgcrypt** v1.1.1 -> v1.1.3
* **github.com/containerd/ttrpc** v1.0.2 -> v1.1.0
* **github.com/containernetworking/cni** v0.8.1 -> v1.0.1
* **github.com/containernetworking/plugins** v0.9.1 -> v1.0.1
* **github.com/containers/ocicrypt** v1.1.1 -> v1.1.2
* **github.com/coreos/go-systemd/v22** v22.1.0 -> v22.3.2
* **github.com/go-logr/logr** v0.2.0 -> v1.2.2
* **github.com/go-logr/stdr** v1.2.2 **_new_**
* **github.com/godbus/dbus/v5** v5.0.3 -> v5.0.6
* **github.com/golang/groupcache** 8c9f03a8e57e -> 41bb18bfe9da
* **github.com/golang/protobuf** v1.3.5 -> v1.5.2
* **github.com/google/go-cmp** v0.5.4 -> v0.5.6
* **github.com/google/gofuzz** v1.1.0 -> v1.2.0
* **github.com/grpc-ecosystem/go-grpc-middleware** v1.3.0 **_new_**
* **github.com/grpc-ecosystem/grpc-gateway** v1.16.0 **_new_**
* **github.com/hashicorp/errwrap** v1.0.0 -> v1.1.0
* **github.com/hashicorp/go-multierror** v1.0.0 -> v1.1.1
* **github.com/imdario/mergo** v0.3.11 -> v0.3.12
* **github.com/intel/goresctrl** v0.2.0 **_new_**
* **github.com/json-iterator/go** v1.1.10 -> v1.1.12
* **github.com/moby/spdystream** v0.2.0 **_new_**
* **github.com/moby/sys/mountinfo** v0.4.1 -> v0.5.0
* **github.com/moby/sys/signal** v0.6.0 **_new_**
* **github.com/moby/sys/symlink** v0.1.0 -> v0.2.0
* **github.com/modern-go/reflect2** v1.0.1 -> v1.0.2
* **github.com/opencontainers/image-spec** v1.0.1 -> 693428a734f5
* **github.com/opencontainers/runc** v1.0.0-rc93 -> v1.1.0
* **github.com/opencontainers/runtime-spec** e6143ca7d51d -> 1c3f411f0417
* **github.com/opencontainers/selinux** v1.8.0 -> v1.10.0
* **github.com/pelletier/go-toml** v1.8.1 -> v1.9.3
* **github.com/prometheus/client_golang** v1.7.1 -> v1.11.0
* **github.com/prometheus/common** v0.10.0 -> v0.30.0
* **github.com/prometheus/procfs** v0.6.0 -> v0.7.3
* **github.com/satori/go.uuid** v1.2.0 **_new_**
* **github.com/sirupsen/logrus** v1.7.0 -> v1.8.1
* **github.com/spf13/pflag** v1.0.5 **_new_**
* **github.com/stretchr/testify** v1.6.1 -> v1.7.0
* **github.com/vishvananda/netlink** f5de75959ad5 **_new_**
* **github.com/vishvananda/netns** 2eb08e3e575f **_new_**
* **go.etcd.io/bbolt** v1.3.5 -> v1.3.6
* **go.opencensus.io** v0.22.3 -> v0.23.0
* **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.28.0 **_new_**
* **go.opentelemetry.io/otel** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/internal/retry** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/sdk** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/trace** v1.3.0 **_new_**
* **go.opentelemetry.io/proto/otlp** v0.11.0 **_new_**
* **golang.org/x/crypto** 0c34fe9e7dc2 -> 32db794688a5
* **golang.org/x/net** e18ecbb05110 -> fe4d6282115f
* **golang.org/x/oauth2** bf48bf16ab8d -> 2bc19b11175f
* **golang.org/x/sync** 09787c993a3a -> 036812b2e83c
* **golang.org/x/sys** 47abb6519492 -> 1d35b9e2eb4e
* **golang.org/x/term** 7de9c90e9dd1 -> 6886f2dfbf5b
* **golang.org/x/text** v0.3.4 -> v0.3.7
* **golang.org/x/time** 3af7569d3a1e -> 1f47c861a9ac
* **google.golang.org/appengine** v1.6.5 -> v1.6.7
* **google.golang.org/grpc** v1.27.1 -> v1.43.0
* **google.golang.org/protobuf** v1.27.1 **_new_**
* **gopkg.in/yaml.v3** 9f266ea9e77c -> 496545a6307b
* **k8s.io/api** v0.20.6 -> v0.22.5
* **k8s.io/apimachinery** v0.20.6 -> v0.22.5
* **k8s.io/apiserver** v0.20.6 -> v0.22.5
* **k8s.io/client-go** v0.20.6 -> v0.22.5
* **k8s.io/component-base** v0.20.6 -> v0.22.5
* **k8s.io/cri-api** v0.20.6 -> v0.23.1
* **k8s.io/klog/v2** v2.4.0 -> v2.30.0
* **k8s.io/utils** 67b214c5f920 -> cb0fa318a74b
* **sigs.k8s.io/structured-merge-diff/v4** v4.0.3 -> v4.1.2
Previous release can be found at [v1.5.0](https://github.com/containerd/containerd/releases/tag/v1.5.0)
containerd 1.6.0-rc.0
Welcome to the v1.6.0-rc.0 release of containerd!
The seventh major release of containerd includes many improvements and added
support to increase overall compatibility and stability.
### Highlights
#### Runtime
* **Add runtime label to metrics** ([#5744](https://github.com/containerd/containerd/pull/5744))
* **Cleanup task delete logic in v2 shim** ([#5813](https://github.com/containerd/containerd/pull/5813))
* **Add support for shim plugins** ([#5817](https://github.com/containerd/containerd/pull/5817))
* **Decouple shim and task manager** ([#5918](https://github.com/containerd/containerd/pull/5918))
* **Add runc shim support for core scheduling** ([#6011](https://github.com/containerd/containerd/pull/6011))
* **Update shim client connect attempt to fail fast when shim errors** ([#6031](https://github.com/containerd/containerd/pull/6031))
* **Add support for absolute path to shim binaries** ([#6206](https://github.com/containerd/containerd/pull/6206))
#### Windows
* **Add support for Windows HostProcess containers** ([#5131](https://github.com/containerd/containerd/pull/5131))
* **Add support for Windows resource limits** ([#5778](https://github.com/containerd/containerd/pull/5778))
#### CRI
* **Add CNI configuration based on runtime class** ([#4695](https://github.com/containerd/containerd/pull/4695))
* **Add support for Intel RDT** ([#5439](https://github.com/containerd/containerd/pull/5439))
* **Add support for CRI v1 and v1alpha in parallel** ([#5619](https://github.com/containerd/containerd/pull/5619))
* **Add support for unified resources field for cgroups v2** ([#5627](https://github.com/containerd/containerd/pull/5627))
* **Add IP preference configuration for reporting pod IP** ([#5964](https://github.com/containerd/containerd/pull/5964))
* **Implement new CRI pod sandbox stats API** ([#6113](https://github.com/containerd/containerd/pull/6113))
* **Add sandbox and container latency metrics** ([#6111](https://github.com/containerd/containerd/pull/6111))
* **Add namespace to ttrpc and grpc plugin connections** ([#6130](https://github.com/containerd/containerd/pull/6130))
* **Add option to allow ping sockets and privileged ports with no capabilities** ([#6170](https://github.com/containerd/containerd/pull/6170))
* **Add support for configuring swap** ([#6320](https://github.com/containerd/containerd/pull/6320))
#### Other
* **Add a shared namespace label for cross-namespace content sharing** ([#5043](https://github.com/containerd/containerd/pull/5043))
* **Add support for client TLS Auth for grpc** ([#5606](https://github.com/containerd/containerd/pull/5606))
* **Add xfs support for devicemapper snapshotter** ([#5610](https://github.com/containerd/containerd/pull/5610))
* **Add metric exposing build version and revision** ([#5965](https://github.com/containerd/containerd/pull/5965))
* **Add OpenTelemetry trace injection to grpc client** ([#5992](https://github.com/containerd/containerd/pull/5992))
* **Add support for custom fs options in devmapper snapshotter** ([#6122](https://github.com/containerd/containerd/pull/6122))
#### Client
* **Allow WithServices to use custom implementations** ([#5709](https://github.com/containerd/containerd/pull/5709))
* **Support custom compressor for walking differ** ([#5735](https://github.com/containerd/containerd/pull/5735))
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
### Contributors
* Derek McGowan
* Phil Estes
* Wei Fu
* Akihiro Suda
* Maksym Pavlenko
* Sebastiaan van Stijn
* Mike Brown
* Kazuyoshi Kato
* Michael Crosby
* Claudiu Belu
* haoyun
* Stefan Berger
* Daniel Canter
* Gabriel Adrian Samfira
* zounengren
* AdamKorcz
* Adelina Tuvenie
* Brian Goff
* Kohei Tokunaga
* Davanum Srinivas
* Nashwan Azhari
* Samuel Karp
* Shiming Zhang
* Enrico Weigelt, metux IT consult
* Markus Lehtonen
* Alakesh Haloi
* Hajime Tazaki
* Kevin Parsons
* Iceber Gu
* Aditi Sharma
* David Porter
* Gijs Peskens
* Brandon Lum
* Danielle Lancashire
* Jacob MacElroy
* dependabot[bot]
* wanglei
* Alexandre Peixoto Ferreira
* Cody Roseborough
* Fabiano Fidêncio
* Furkan Türkal
* Jiaming Xu
* Kir Kolyshkin
* Miao Wang
* Neil Johnson
* Paul "TBBle" Hampson
* Priyanka Saggu
* Romain Aviolat
* Samuel Ortiz
* Sunghoon Kang
* Takumasa Sakao
* Tobias Klauser
* Tõnis Tiigi
* Zhiyu Li
* ningmingxiao
* Alexander Minbaev
* Alexey Ivanov
* Artem Khramov
* Ben Hutchings
* Cory Bennett
* Da McGrady
* Dan Williams
* Eng Zer Jun
* Eric Ernst
* Ethan Chen
* Fupan Li
* Gaurav Gahlot
* Gunju Kim
* Jacob Blain Christen
* James Sturtevant
* Jan Klippel
* Jayme Howard
* Jiajun Jiang
* Jintao Zhang
* Justin Terry
* Kaijie Chen
* Kante
* Kern Walster
* Kitt Hsu
* Lantao Liu
* Ma Xinjian
* Manabu Sugimoto
* Manuel Alejandro de Brito Fontes
* Mark Rossetti
* Markus Lippert
* Mikko Ylinen
* Ng Yang
* Nicolas Chariglione
* Olli Janatuinen
* Peri Thompson
* Quan Tian
* Radostin Stoyanov
* Rui Lopes
* Sambhav Kothari
* Sebastian Hasler
* Sergey Kanzhelev
* Yang Yang
* Yifan Yuan
* Zilong Wang
* Zufar Dhiyaulhaq
* botieking98
* chenxiaoyu
* jayonlau
* jerryzhuang
* linrunlong
* scuzhanglei
* wangzhan
* Étienne Guesnet
### Changes
<details><summary>946 commits</summary>
<p>
* Prepare release notes for v1.6.0-rc.0 ([#6431](https://github.com/containerd/containerd/pull/6431))
* Prepare release notes for v1.6.0-rc.0
* Integration: Switch to using `auth` Gcloud action in Windows workflow. ([#6397](https://github.com/containerd/containerd/pull/6397))
* Integration: Switch to `upload-cloud-storage` Gcloud action.
* Integration: Switch to using `auth` Gcloud action in Windows workflow.
* remove io/ioutil ([#6426](https://github.com/containerd/containerd/pull/6426))
* remove io/ioutil
* test: e2e node COS cgroupv2 script ([#6418](https://github.com/containerd/containerd/pull/6418))
* test: e2e node COS cgroupv2 script
* Integration: Enable CRITest on Windows 2022. ([#6378](https://github.com/containerd/containerd/pull/6378))
* Enable critest tests on Windows Server 2022.
* Parametrize CRITest test images in Windows Periodic workflow.
* Update error message for apparmor parser ([#6415](https://github.com/containerd/containerd/pull/6415))
* Update error message for apparmor parser
* Fix wrong log message ([#6419](https://github.com/containerd/containerd/pull/6419))
* Fix wrong log message
* Followup errors change ([#6414](https://github.com/containerd/containerd/pull/6414))
* Fix incorrect error wrapped when closing ingest file
* Fix seek error used without nil check
* Fix followup items from errors replacement
* Updates CRI API & Kubernetes to 1.23 ([#6351](https://github.com/containerd/containerd/pull/6351))
* Update k/k to 1.23.0
* Updating adoption of containerd for AKS ([#6416](https://github.com/containerd/containerd/pull/6416))
* Updating adoption of containerd for AKS
* update the adoption status of containerd in GKE ([#6413](https://github.com/containerd/containerd/pull/6413))
* update the adoption status of containerd in GKE
* go.mod: update github.com/containerd/{continuity,go-cni,imgcrypt} ([#6410](https://github.com/containerd/containerd/pull/6410))
* go.mod: update github.com/containerd/{continuity,go-cni,imgcrypt}
* replace github.com/pkg/errors with native errors ([#6366](https://github.com/containerd/containerd/pull/6366))
* feat: replace github.com/pkg/errors to errors
* corrected link in cri architecture documentation ([#6412](https://github.com/containerd/containerd/pull/6412))
* corrected link in cri architecture documentation
* remotes/docker: allow fetching "refresh token" (aka "identity token", "offline token") ([#6396](https://github.com/containerd/containerd/pull/6396))
* remotes/docker: allow fetching "refresh token" (aka "identity token")
* remotes/docker/config: allow setting custom AuthorizerOpts
* Prepare release notes for v1.6.0-beta.5 ([#6407](https://github.com/containerd/containerd/pull/6407))
* Prepare release notes for v1.6.0-beta.5
* Integration: Check GCP secrets on Windows CI artifact upload. ([#6292](https://github.com/containerd/containerd/pull/6292))
* Integration: Check GCP secrets on Windows CI artifact upload.
* Github Security Advisory [GHSA-mvff-h3cj-wj9c](https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c)
* only relabel cri managed host mounts
* Add support for Intel RDT ([#5439](https://github.com/containerd/containerd/pull/5439))
* cri: add ignore_rdt_not_enabled_errors config option
* Update dependencies
* cri: annotations for controlling RDT class
* tasks: add Linux rdt support
* cmd: add --rdt-class command line option
* oci: implement WithRdt
* fix: use _ for consistency ([#6391](https://github.com/containerd/containerd/pull/6391))
* fix: use _ for consistency
* content/local: use syscall.Timespec.Unix ([#6403](https://github.com/containerd/containerd/pull/6403))
* content/local: use syscall.Timespec.Unix
* docs: improve plugin documentation ([#6207](https://github.com/containerd/containerd/pull/6207))
* docs: document the runtime shim plugin config options
* docs: use proper markdown lists in containerd-config.toml.5.md
* fix(ctr): enable networking for Windows containers ([#6304](https://github.com/containerd/containerd/pull/6304))
* fix(ctr): enable networking for Windows containers
* Fix $(PWD) issue for Windows makefile ([#6394](https://github.com/containerd/containerd/pull/6394))
* Fix $(PWD) issue for Windows makefile
* only test abstract uds on linux ([#6395](https://github.com/containerd/containerd/pull/6395))
* fix: only test abstract unix socket on linux
* Fix restart container test ([#6390](https://github.com/containerd/containerd/pull/6390))
* Expect ErrorNotFound on Windows after Kill()
* Replace tskill with taskkill
* fix when kernel version < 4.13rc1 by using index=off cause test error ([#6291](https://github.com/containerd/containerd/pull/6291))
* fix when kernel version < 4.13rc1 by using index=off cause overlay test error
* Fix no-daemon flag for integration/client tests ([#6384](https://github.com/containerd/containerd/pull/6384))
* Fix no-daemon flag for integration/client tests
* Enable lazy init for ext4 with devicemapper ([#6122](https://github.com/containerd/containerd/pull/6122))
* Enable lazy init for ext4 with devicemapper
* Fix flakiness on Windows for list stats ([#6385](https://github.com/containerd/containerd/pull/6385))
* Fix flakiness on Windows for list stats
* cri-integration: Add Windows defaults and fix spaces issue ([#6347](https://github.com/containerd/containerd/pull/6347))
* cri-integration: Add Windows default paths
* Upgrade OpenTelemetry dependencies ([#6383](https://github.com/containerd/containerd/pull/6383))
* Upgrade k8s.io/klog/v2 from 2.9.0 to 2.20.0
* Use insecure.NewCredentials instead of grpc.WithInsecure
* Upgrade OpenTelemetry dependencies
* Fix default makefile target for windows ([#6322](https://github.com/containerd/containerd/pull/6322))
* Fix default makefile target for windows
* Disable TestContainerHook on Windows ([#6379](https://github.com/containerd/containerd/pull/6379))
* Disable TestContainerHook on Windows
* seutil: Fix setting the "container_kvm_t" label ([#6372](https://github.com/containerd/containerd/pull/6372))
* seutil: Fix setting the "container_kvm_t" label
* Remove Windows integration testing for 2004. ([#6350](https://github.com/containerd/containerd/pull/6350))
* Remove Windows integration testing for 2004.
* OCI: Mount (accessible) host devices in privileged rootless containers ([#6308](https://github.com/containerd/containerd/pull/6308))
* OCI: Mount (accessible) host devices in privileged rootless containers
* oci.getDevices(): move "non-dir, non '/dev/console'" case into switch
* cri: add support for configuring swap ([#6320](https://github.com/containerd/containerd/pull/6320))
* fixup: check for swap accounting
* fixup: handle diff between cgroupsv1 and v2
* cri: add support for configuring swap
* Integration: Enable TestVolumeOwnership on Windows ([#6275](https://github.com/containerd/containerd/pull/6275))
* Replace find with native Go code
* Enable TestVolumeOwnership on Windows
* Prepare release notes for v1.6.0-beta.4 ([#6296](https://github.com/containerd/containerd/pull/6296))
* Prepare release notes for v1.6.0-beta.4
* refactor: functions for error log and error return ([#6358](https://github.com/containerd/containerd/pull/6358))
* feat: Errorf usage
* Split apart runc shim into plugin components ([#6021](https://github.com/containerd/containerd/pull/6021))
* Use task plugin for runc shim
* Seperate shim manager and task service
* Split runc shim into plugin components
* Add shutdown package
* CRI update for sandbox sizing ([#6155](https://github.com/containerd/containerd/pull/6155))
* cri, sandbox: pass sandbox resource details if available, applicable
* medatada: make namespaces' deletion error less cryptic ([#6354](https://github.com/containerd/containerd/pull/6354))
* medatada: make namespaces' deletion error less cryptic
* ListContainerStats to return stats response if ContainerStatsFilter is nil ([#6373](https://github.com/containerd/containerd/pull/6373))
* add-list-stat: return container list if filter is nil
* integration: deflake TestContainerdRestart ([#6369](https://github.com/containerd/containerd/pull/6369))
* integration: deflake TestContainerdRestart
* feat: add timeout for bolt open ([#6225](https://github.com/containerd/containerd/pull/6225))
* feat: support custom timeout for blot open
* Update Go to 1.17.5 ([#6333](https://github.com/containerd/containerd/pull/6333))
* Update Go to 1.17.5
* cri/server: use consistent alias for pkg/ioutil ([#6332](https://github.com/containerd/containerd/pull/6332))
* cri/server: use consistent alias for pkg/ioutil
* Disable restart monitor test in Windows ([#6364](https://github.com/containerd/containerd/pull/6364))
* Disable restart monitor test in Windows
* Don't fail-fast on Windows integration tests ([#6338](https://github.com/containerd/containerd/pull/6338))
* Don't fail-fast on Windows integration tests
* Update restart monitor test to output daemon logs on failure ([#6355](https://github.com/containerd/containerd/pull/6355))
* Run windows parallel integration test as short
* Update restart monitor test to output daemon logs on failure
* go.mod: update image-spec to latest (v1.0.3-dev) ([#6263](https://github.com/containerd/containerd/pull/6263))
* images/converter: remove deprecated types
* go.mod: update image-spec to latest (v1.0.3-dev)
* Skip WithAdditionalGIDs on Darwin ([#6353](https://github.com/containerd/containerd/pull/6353))
* Skip WithAdditionalGIDs on Darwin
* Use RFC3339 format on Windows periodic resource group creation so cleanup works ([#6303](https://github.com/containerd/containerd/pull/6303))
* Use RFC3339 format so rg cleanup works
* update runc to v1.0.3 ([#6330](https://github.com/containerd/containerd/pull/6330))
* go.mod: github.com/opencontainers/runc v1.0.3
* update runc binary to v1.0.3
* Unblock native snapshotter on Darwin ([#6329](https://github.com/containerd/containerd/pull/6329))
* Allow native snapshotter on Darwin
* Do not use `go get` to install executables ([#6328](https://github.com/containerd/containerd/pull/6328))
* Do not use `go get` to install executables
* Include runtime v2 in default builtins ([#6326](https://github.com/containerd/containerd/pull/6326))
* Include runtime v2 in default builtins
* Add Windows Server 2022 CI runs ([#6314](https://github.com/containerd/containerd/pull/6314))
* Add Windows Server 2022 CI runs
* Set explicit ACL on test files ([#6324](https://github.com/containerd/containerd/pull/6324))
* Use a single RUN command
* Set explicit ACL on test files
* integration: align tags of test images ([#6311](https://github.com/containerd/containerd/pull/6311))
* integration: align tags of test images
* Set CONTAINERD_ROOT in Windows cri-integration ([#6325](https://github.com/containerd/containerd/pull/6325))
* Set CONTAINERD_ROOT in Windows cri-integration
* export oci.DeviceFromPath() ([#6312](https://github.com/containerd/containerd/pull/6312))
* export oci.DeviceFromPath()
* Update volume test images ([#6321](https://github.com/containerd/containerd/pull/6321))
* Update continuity dependency
* Update volume test images
* Update TestRestartMonitor expected time check ([#6201](https://github.com/containerd/containerd/pull/6201))
* Add error logging on cleanup
* Update TestRestartMonitor expected time check
* Move test volume images from gcr to ghcr ([#6319](https://github.com/containerd/containerd/pull/6319))
* Move volume images from gcr to ghcr
* Revert shim service plugin migration ([#6301](https://github.com/containerd/containerd/pull/6301))
* Revert shim plugin migration
* Authenticate against ghcr.io ([#6317](https://github.com/containerd/containerd/pull/6317))
* Add permissions
* Authenticate against ghcr.io
* oci/deviceFromPath(): correctly check device types ([#6306](https://github.com/containerd/containerd/pull/6306))
* oci/deviceFromPath(): correctly check device types
* Skip TestExportAndImportMultiLayer on Windows ([#6315](https://github.com/containerd/containerd/pull/6315))
* Skip TestExportAndImportMultiLayer on Windows
* Integration: Add image build workflow ([#6290](https://github.com/containerd/containerd/pull/6290))
* Add image build workflow
* Integration: Separate Windows Periodic Tests workflow trigger. ([#6286](https://github.com/containerd/containerd/pull/6286))
* Integration: Separate Windows Periodic Tests workflow trigger.
* Build volume test images on Windows ([#6274](https://github.com/containerd/containerd/pull/6274))
* Build volume test images on Windows
* Add VMware TKG & TCE to Containerd adopters ([#6297](https://github.com/containerd/containerd/pull/6297))
* Add VMware TKG & TCE to Containerd adopters
* Vagrantfile: update to Fedora 35 ([#6293](https://github.com/containerd/containerd/pull/6293))
* Vagrantfile: update to Fedora 35
* Update README.md repo->org ([#6269](https://github.com/containerd/containerd/pull/6269))
* Update README.md repo->org
* Fix executable file not found when restoring shims ([#6278](https://github.com/containerd/containerd/pull/6278))
* Fix executable file not found when restoring shims
* ctr/snapshots/diff: show media-type in stderr ([#6271](https://github.com/containerd/containerd/pull/6271))
* ctr/snapshots/diff: don't show the media-type in output
* ctr: Add Linux Capabilities control flags ([#6289](https://github.com/containerd/containerd/pull/6289))
* ctr: Add Linux Capabilities control flags
* integration: add stats result in error message ([#6270](https://github.com/containerd/containerd/pull/6270))
* integration: add stats result in error message
* releases: mark 1.4 as Extended ([#6287](https://github.com/containerd/containerd/pull/6287))
* docs: mark 1.4 as Extended
* docs: fix RELEASES.md gRPC API anchor
* feat: skip ci for fork ([#6284](https://github.com/containerd/containerd/pull/6284))
* feat: skip ci for fork
* content/local: Close the file if Seek fails ([#6280](https://github.com/containerd/containerd/pull/6280))
* content/local: Close the file if Seek fails
* Integration: Remove explicit version passing to `azure/CLI`. ([#6268](https://github.com/containerd/containerd/pull/6268))
* Integration: Remove explicit version passing to `azure/CLI`.
* Fix wrong make target on documentation ([#6276](https://github.com/containerd/containerd/pull/6276))
* Fix wrong make target on documentation
* fix: server error return ([#6272](https://github.com/containerd/containerd/pull/6272))
* fix: server error return
* Prepare release notes for v1.6.0-beta.3 ([#6267](https://github.com/containerd/containerd/pull/6267))
* Prepare release notes for v1.6.0-beta.3
* Update API version in go.mod
* Update release name to use consistent format
* feat:support custom callopts on client side ([#6254](https://github.com/containerd/containerd/pull/6254))
* fix: make max recv/send msg size setting default
* feat:support custom callopts on client side
* [CRI] Fix panic when registry.mirrors use localhost ([#6258](https://github.com/containerd/containerd/pull/6258))
* [CRI] Fix panic when registry.mirrors use localhost
* Add support for TMP override on toml ([#6241](https://github.com/containerd/containerd/pull/6241))
* Add support for TMP override on toml
* CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options ([#6170](https://github.com/containerd/containerd/pull/6170))
* CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options
* Github Security Advisory [GHSA-5j5w-g665-5m35](https://github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35)
* schema1: reject ambiguous documents
* images: validate document type before unmarshal
* [cri] add sandbox and container latency metrics ([#6111](https://github.com/containerd/containerd/pull/6111))
* [cri] add sandbox and container latency metrics
* Integration: Generalize Windows CI setup scripts for any username. ([#6255](https://github.com/containerd/containerd/pull/6255))
* Generalize Windows CI setup script for any user.
* Standardize cmdlet capitalization in Windows CI scripts.
* feat: use rwmutex instead ([#6253](https://github.com/containerd/containerd/pull/6253))
* feat: use rwmutex instead
* Allow absolute path to shim binaries ([#6206](https://github.com/containerd/containerd/pull/6206))
* Fix package alias
* Support custom runtime path when launching tasks
* Add runtime path in CreateTaskRequest
* Close file if permission modification fails ([#6246](https://github.com/containerd/containerd/pull/6246))
* Close file if permission modification fails
* release: change tar name to match prior releases ([#6250](https://github.com/containerd/containerd/pull/6250))
* release: change tar name to match prior releases
* Fix wrong error returned for image index lookup ([#6237](https://github.com/containerd/containerd/pull/6237))
* Fix wrong error returned for image index lookup
* Fix containerd fails to pull OCI image with non-`http(s)://` urls ([#6221](https://github.com/containerd/containerd/pull/6221))
* Fix containerd fails to pull OCI image with non-`http(s)://` urls
* Prepare release notes for v1.6.0-beta.2 ([#6223](https://github.com/containerd/containerd/pull/6223))
* Prepare release notes for v1.6.0-beta.2
* Add arm64 to releases ([#6196](https://github.com/containerd/containerd/pull/6196))
* Rename release dockerfile to omit distro name
* release: improve dockerfile
* Add arm64 to releases
* use write lock when updating container stats ([#6236](https://github.com/containerd/containerd/pull/6236))
* use write lock when updating container stats
* go.mod: Bump hcsshim to v0.9.1 ([#6230](https://github.com/containerd/containerd/pull/6230))
* go.mod: Bump hcsshim to v0.9.1
* go.mod: Bump ttrpc to 1.1.0 ([#6228](https://github.com/containerd/containerd/pull/6228))
* go.mod: Bump ttrpc to 1.1.0
* go.mod: bump moby/sys/symlink v0.2.0, moby/sys/signal v0.6.0, moby/sys/mountinfo v0.5.0 ([#6213](https://github.com/containerd/containerd/pull/6213))
* go.mod: github.com/moby/sys/mountinfo v0.5.0
* go.mod: github.com/moby/sys/signal v0.6.0
* go.mod: github.com/moby/sys/symlink v0.2.0
* go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
* cleanup: add more description on comment ([#6222](https://github.com/containerd/containerd/pull/6222))
* cleanup: add more description on comment
* Update Go to 1.17.3 ([#6211](https://github.com/containerd/containerd/pull/6211))
* Update Go to 1.17.3
* CI: bump up crun: 1.0 -> 1.3 ([#6214](https://github.com/containerd/containerd/pull/6214))
* CI: bump up crun: 1.0 -> 1.3
* Pin az CLI version in windows-periodic workflow ([#6205](https://github.com/containerd/containerd/pull/6205))
* Pin az CLI version
* Decouple task manager ([#5918](https://github.com/containerd/containerd/pull/5918))
* Address PR comments
* Fix build after rebase
* Migrate task directory
* Expose shim process interface
* Fix after rebase
* Cleanup shim loading
* Move shim restore to a separate file
* Fix backward compatibility with old task shims
* Add plugin dependency between shim and shim services
* Rework task create and cleanup flow
* Add task manager
* Rename task manager to shim manager
* [cri] Implement k8s 1.23 CRI Pod Sandbox and Container Stats ([#6113](https://github.com/containerd/containerd/pull/6113))
* Implement CRI container and pods stats
* Vendor latest k8s.io/cri-api and netlink
* test: Add grace period for restart monitor test ([#6200](https://github.com/containerd/containerd/pull/6200))
* test: Add grace period for restart monitor test
* integration: Enables TestRuntimeHandler for Windows ([#6179](https://github.com/containerd/containerd/pull/6179))
* integration: Enables TestRuntimeHandler for Windows
* Add mkdir on Dockerfile ([#6171](https://github.com/containerd/containerd/pull/6171))
* Add mkdir on Dockerfile
* sys/reaper: avoid leaky goroutine when exec timeout ([#6189](https://github.com/containerd/containerd/pull/6189))
* sys/reaper: avoid leaky goroutine when exec timeout
* adds additional debug out to timebox cni setup ([#6184](https://github.com/containerd/containerd/pull/6184))
* adds additional debug out to timebox cni setup
* converter: Allow hooks during image conversion ([#6176](https://github.com/containerd/containerd/pull/6176))
* converter: Allow hooks during image conversion
* compression: support zstd with skippable frame ([#6177](https://github.com/containerd/containerd/pull/6177))
* compression: support zstd with skippable frame
* integration: Enables TestVolumeCopyUp for Windows ([#6182](https://github.com/containerd/containerd/pull/6182))
* integration: Enables TestVolumeCopyUp for Windows
* integration: Enable some tests for Windows (part 2) ([#6121](https://github.com/containerd/containerd/pull/6121))
* integration: Enable some tests for Windows (part 2)
* integration: Enable some tests for Windows ([#6085](https://github.com/containerd/containerd/pull/6085))
* integration: Enable some tests for Windows
* Update doc to version 2 syntax ([#6125](https://github.com/containerd/containerd/pull/6125))
* feat(doc): update to version 2 syntax
* fix shim reaper wait command execute blocked ([#6166](https://github.com/containerd/containerd/pull/6166))
* fix shim reaper wait command execute blocked
* content: close stream after commit request ([#6145](https://github.com/containerd/containerd/pull/6145))
* content: close stream after commit request
* Generating token options with each scope as a separate string. ([#6165](https://github.com/containerd/containerd/pull/6165))
* Adding scope tests for ParseAuthHeader
* Adding tests for GenerateTokenOptions
* Generate token options with each scope as a separate string.
* vendor: Updates go-cni ([#6167](https://github.com/containerd/containerd/pull/6167))
* vendor: Updates go-cni
* commands: Enables task metrics for Windows ([#6159](https://github.com/containerd/containerd/pull/6159))
* commands: Enables task metrics for Windows
* vendor: update moby/sys for darwin support ([#6149](https://github.com/containerd/containerd/pull/6149))
* vendor: update moby/sys for darwin support
* Prepare v1.6.0-beta.1 ([#6144](https://github.com/containerd/containerd/pull/6144))
* Prepare release notes for v1.6.0-beta.1
* Update mailmap
* Update api vendor
* bump cni to spec v1.0.0 ([#6136](https://github.com/containerd/containerd/pull/6136))
* bump CNI to spec v1.0.0
* Inject otel traces to grpc client. ([#5992](https://github.com/containerd/containerd/pull/5992))
* Inject otel traces to grpc client.
* client: expose (*image).platform ([#6142](https://github.com/containerd/containerd/pull/6142))
* client: expose (*image).platform
* Adding documentation for Core Scheduling ([#6128](https://github.com/containerd/containerd/pull/6128))
* feat(doc): add Core Scheduling documentation
* Ensure namespace is proxied to grpc/ttrpc plugins ([#6130](https://github.com/containerd/containerd/pull/6130))
* Ensure namespace is proxied to grpc/ttrpc plugins
* fix #6054 MaxConcurrentDownloads is not effect when Unpack is true ([#6109](https://github.com/containerd/containerd/pull/6109))
* fix #6054 MaxConcurrentDownloads is not effect when Unpack is true
* Output a warning for label image labels instead of erroring ([#6124](https://github.com/containerd/containerd/pull/6124))
* Output a warning for label image labels instead of erroring
* Fix spelling mistake in Windows snapshotter ([#6132](https://github.com/containerd/containerd/pull/6132))
* Fix spelling mistake in Windows snapshotter
* Windows: Cleanup rm- prefixed layers ([#6126](https://github.com/containerd/containerd/pull/6126))
* Windows: Cleanup rm- prefixed layers
* cleanup deprecated package `io/ioutil ` ([#6118](https://github.com/containerd/containerd/pull/6118))
* io/ioutil package has been deprecated in Go 1.16 that replaces io/ioutil functions
* close Writer after use which may memory leak ([#6115](https://github.com/containerd/containerd/pull/6115))
* close Writer after use which may leak mem
* Adds Windows resource limits support ([#5778](https://github.com/containerd/containerd/pull/5778))
* Adds Windows resource limits support
* Prepare release notes for v1.6.0-beta.0 ([#6098](https://github.com/containerd/containerd/pull/6098))
* Prepare release notes for v1.6.0-beta.0
* Add error message to in TestContainerdRestart integration test ([#6105](https://github.com/containerd/containerd/pull/6105))
* Add error message to in TestContainerdRestart integration test
* Fix typo in the NewContainer function documentation ([#6110](https://github.com/containerd/containerd/pull/6110))
* Fix typo in the NewContainer function documentation
* Update cgroups to v1.0.2 ([#6104](https://github.com/containerd/containerd/pull/6104))
* Update cgroups to v1.0.2
* btrfs: verify file content after mount ([#6100](https://github.com/containerd/containerd/pull/6100))
* test: check file content after mount
* Update test timeout based on recent cancellations ([#6107](https://github.com/containerd/containerd/pull/6107))
* Update test timeout based on recent cancellations
* Check the pid in cri test teardown ([#6106](https://github.com/containerd/containerd/pull/6106))
* Remove extra test_teardown
* Check the pid in cri test teardown
* add runc shim support for sched core ([#6011](https://github.com/containerd/containerd/pull/6011))
* fix integration client vendor
* add runc shim support for sched core
* integration: Enables Windows containerd restart test ([#5579](https://github.com/containerd/containerd/pull/5579))
* integration: Enables Windows containerd restart test
* vendor: Bump hcsshim to 0.9.0 ([#6099](https://github.com/containerd/containerd/pull/6099))
* vendor: Bump hcsshim to 0.9.0
* [cri] Add CNI conf based on runtime class ([#4695](https://github.com/containerd/containerd/pull/4695))
* Add CNI conf based on runtime class
* Update Go to 1.17.2 ([#6102](https://github.com/containerd/containerd/pull/6102))
* Update Go to 1.17.2
* integration: Adds test for multilayer image import ([#5933](https://github.com/containerd/containerd/pull/5933))
* integration: Adds test for multilayer image import
* runtime: should fail fast if dial error on shim ([#6031](https://github.com/containerd/containerd/pull/6031))
* runtime: should fail fast if dial error on shim
* Fixes Windows containers with image volumes ([#6034](https://github.com/containerd/containerd/pull/6034))
* Windows: Fixes Windows containers with image volumes
* run `gofmt` with GO 1.17 ([#6094](https://github.com/containerd/containerd/pull/6094))
* run `gofmt` with Go 1.17
* pkg/cap: remove an outdated comment ([#6088](https://github.com/containerd/containerd/pull/6088))
* pkg/cap: remove an outdated comment
* Update go otel 1.0.1 ([#6066](https://github.com/containerd/containerd/pull/6066))
* Update go otel 1.0.1
* Update ADOPTERS.md with additional uses ([#6086](https://github.com/containerd/containerd/pull/6086))
* Update ADOPTERS.md with additional uses
* modify the way for checking cos ([#6082](https://github.com/containerd/containerd/pull/6082))
* modify the way for checking cos
* Fuzzing: Add fuzzers + small modifications ([#5915](https://github.com/containerd/containerd/pull/5915))
* Fuzzing: Add 4 fuzzers + small modifications
* Fixes for Windows CI ([#6081](https://github.com/containerd/containerd/pull/6081))
* Pin mingw to version 10.2.0
* Update to golang 1.17.1
* Install nssm
* Github Security Advisory [GHSA-c2h3-6mxw-7mvq](https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq)
* btrfs: reduce permissions on plugin directories
* v1 runtime: reduce permissions for bundle dir
* v2 runtime: reduce permissions for bundle dir
* task service: return known error type ([#6079](https://github.com/containerd/containerd/pull/6079))
* task service: return known error type
* refactor: move from io/ioutil to io and os package ([#5973](https://github.com/containerd/containerd/pull/5973))
* refactor: move from io/ioutil to io and os package
* fix: import from k8s.io/utils/clock instead ([#6076](https://github.com/containerd/containerd/pull/6076))
* fix: update vendor
* cleanup: import from k8s.io/utils/clock/testing instead
* cleanup: import from k8s.io/utils/clock instead
* feat: enable integration cri remote client to call with grpc calloptions ([#6069](https://github.com/containerd/containerd/pull/6069))
* feat: enable cri remote client to call with grpc calloptions
* cleanup k8s ansible yaml (carry for #5713) ([#6074](https://github.com/containerd/containerd/pull/6074))
* cleanup k8s ansible yaml (carry for https://github.com/jayonlau <jayonlau@gmail.com>)
* feat: support import image for specific platform ([#6070](https://github.com/containerd/containerd/pull/6070))
* fix: wrong flag type
* feat: support import image for specific platform
* Update mirror images to take target image name ([#6065](https://github.com/containerd/containerd/pull/6065))
* Update mirror images to take target image name
* fix: make exec-id flag required in exec command ([#6059](https://github.com/containerd/containerd/pull/6059))
* fix: make exec-id flag required in exec command
* images: enable converter to uncompress zstd ([#6052](https://github.com/containerd/containerd/pull/6052))
* images: enable converter to uncompress zstd
* replace deprecated function with Domain and Path ([#5922](https://github.com/containerd/containerd/pull/5922))
* replace deprecated function
* integration: Adds Windows HostProcess tests ([#5853](https://github.com/containerd/containerd/pull/5853))
* integration: Adds Windows HostProcess tests
* Fix main branch build is broken ([#6047](https://github.com/containerd/containerd/pull/6047))
* Fix main branch build is broken
* Add open telemetry logging hook for logrus ([#6003](https://github.com/containerd/containerd/pull/6003))
* Add open telemetry logging hook for logrus
* Change `oci.WithUser` behavior for LCOW ([#6023](https://github.com/containerd/containerd/pull/6023))
* Change oci.WithUser behavior for LCOW
* switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound) ([#5946](https://github.com/containerd/containerd/pull/5946))
* switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound)
* import: Raise error if the imported image is filtered out ([#5926](https://github.com/containerd/containerd/pull/5926))
* import: Raise error if the imported image is filtered out
* Fix panic in metadata content writer on copy error ([#6043](https://github.com/containerd/containerd/pull/6043))
* Fix panic in metadata content writer on copy error
* Move tracing to plugin ([#6001](https://github.com/containerd/containerd/pull/6001))
* Move tracing to plugin
* ctr: Fixes Windows image import ([#5916](https://github.com/containerd/containerd/pull/5916))
* ctr: Fixes Windows image import
* update open go.opentelemetry.io v1.0.0 to fix import path ([#6017](https://github.com/containerd/containerd/pull/6017))
* go.mod: update opentelemetry modules to v1.0.0
* fix error string format ([#5979](https://github.com/containerd/containerd/pull/5979))
* fix error string format
* Add github action to mirror image ([#6036](https://github.com/containerd/containerd/pull/6036))
* Add github action to mirror image
* add current process state to the error message ([#6027](https://github.com/containerd/containerd/pull/6027))
* add current process state to the error message
* FreeBSD: fix tar headers & the nil check on getxattr ([#5991](https://github.com/containerd/containerd/pull/5991))
* FreeBSD: fix tar headers & the nil check on getxattr
* gha: collect VMs' IP addresses ([#6035](https://github.com/containerd/containerd/pull/6035))
* gha: collect Vagrant VMs' IP addresses
* bump continuity and console version that remove pkg/errors ([#6033](https://github.com/containerd/containerd/pull/6033))
* bump continuity and console version that remove pkg/errors
* import: Add option to prevent duplicated digest image ([#5997](https://github.com/containerd/containerd/pull/5997))
* import: Add option to skip creating digest image
* ctr namespaces: improve usage string ([#5998](https://github.com/containerd/containerd/pull/5998))
* ctr namespaces: improve usage string
* bump console version to v1.0.3 that remove pkg/errors ([#6028](https://github.com/containerd/containerd/pull/6028))
* bump console version to v1.0.3 that remove pkg/errors
* Use github images for integration tests ([#6032](https://github.com/containerd/containerd/pull/6032))
* Use github images for integration tests
* Fix typo ([#5995](https://github.com/containerd/containerd/pull/5995))
* Fix typo
* Enable image config labels in ctr and CRI container creation ([#6012](https://github.com/containerd/containerd/pull/6012))
* Enable image config labels in ctr and CRI container creation
* Make sure exit signals trigger an exit during init ([#5970](https://github.com/containerd/containerd/pull/5970))
* Make sure exit signals trigger an exit during init
* task delete: Closes task IO before waiting ([#5974](https://github.com/containerd/containerd/pull/5974))
* task delete: Closes task IO before waiting
* CI: bump up crun to 1.0 ([#5985](https://github.com/containerd/containerd/pull/5985))
* CI: bump up crun to 1.0
* seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted) ([#5982](https://github.com/containerd/containerd/pull/5982))
* seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)
* Update to Go 1.17.1 ([#5990](https://github.com/containerd/containerd/pull/5990))
* Update to Go 1.17.1
* CI: Switch to available latest images ([#5987](https://github.com/containerd/containerd/pull/5987))
* CI: Switch to available latest images
* add xfs support to devicemapper snapshotter ([#5610](https://github.com/containerd/containerd/pull/5610))
* add xfs support to devicemapper snapshotter
* Fixes task kill --force on Windows ([#5956](https://github.com/containerd/containerd/pull/5956))
* Fixes task kill --force on Windows
* Add support for shim plugins ([#5817](https://github.com/containerd/containerd/pull/5817))
* Add support for shim plugins
* vendor: update continuity for darwin support ([#5976](https://github.com/containerd/containerd/pull/5976))
* vendor: update continuity for darwin support
* replace uses of os/exec with golang.org/x/sys/execabs ([#5906](https://github.com/containerd/containerd/pull/5906))
* replace uses of os/exec with golang.org/x/sys/execabs
* complete integration test for pulling image with labels ([#5972](https://github.com/containerd/containerd/pull/5972))
* Additional integration tests for pulling image with labels
* Fix content copy to not ignore unexpected EOF ([#5966](https://github.com/containerd/containerd/pull/5966))
* Fix content copy to not ignore unexpected EOF
* add ip_pref CNI options for primary pod ip ([#5964](https://github.com/containerd/containerd/pull/5964))
* add ip_pref CNI options for primary pod ip
* cri: add devices for privileged container ([#5939](https://github.com/containerd/containerd/pull/5939))
* cri: add devices for privileged container
* sandbox: Allows the sandbox to be deleted in NotReady state ([#5954](https://github.com/containerd/containerd/pull/5954))
* sandbox: Allows the sandbox to be deleted in NotReady state
* pin protobuild version to tag ([#5969](https://github.com/containerd/containerd/pull/5969))
* pin protobuild version to tag
* Add metric exposing build version&revision ([#5965](https://github.com/containerd/containerd/pull/5965))
* use a const metric for build_info
* Add metric exposing build version&revision
* Feature: containerd-cri support LinuxContainerResources.Unified ([#5627](https://github.com/containerd/containerd/pull/5627))
* add cri test case
* feature: add field LinuxContainerResources.Unified on cri
* integration: investigate TestRestartMonitor's failure ([#5861](https://github.com/containerd/containerd/pull/5861))
* integration: investigate TestRestartMonitor's failure
* Use issue forms for bug reporting ([#5917](https://github.com/containerd/containerd/pull/5917))
* Address issue forms feedback
* Use issue forms for bug reporting
* cri: patch update image labels ([#5945](https://github.com/containerd/containerd/pull/5945))
* cri: patch update image labels
* darwin: runtime support ([#5936](https://github.com/containerd/containerd/pull/5936))
* darwin: runtime support
* darwin: use the default values for socketRoot variable
* Update RELEASES.md ([#5858](https://github.com/containerd/containerd/pull/5858))
* Update RELEASES.md
* archive: Add WriteDiff error logs ([#5949](https://github.com/containerd/containerd/pull/5949))
* archive: Add WriteDiff error logs
* replace deprecated Dialer with ContextDialer ([#5958](https://github.com/containerd/containerd/pull/5958))
* replace deprecated Dail with DailContext
* Add WS2022 support in Windows Periodic tests ([#5951](https://github.com/containerd/containerd/pull/5951))
* Add WS2022 support in Windows Periodic tests
* Content fuzzer: Clean up temp store dir ([#5943](https://github.com/containerd/containerd/pull/5943))
* content fuzzer: Clean up tempdir
* using Hosts replace deprecated field ([#5944](https://github.com/containerd/containerd/pull/5944))
* using Hosts replace deprecated field
* fix document non-synchronous ([#5947](https://github.com/containerd/containerd/pull/5947))
* fix document non-synchronous in crictl.md
* go.mod: Update hcsshim to v0.8.21 ([#5929](https://github.com/containerd/containerd/pull/5929))
* go.mod: Update hcsshim to v0.8.21
* Makefile.linux: build on RISC-V with PIE ([#5937](https://github.com/containerd/containerd/pull/5937))
* Makefile.linux: build on riscv with PIE
* Fix cwd flag for `ctr tasks exec` ([#5932](https://github.com/containerd/containerd/pull/5932))
* Fix cwd flag for `ctr tasks exec`
* Update Pause image in tests & config ([#5927](https://github.com/containerd/containerd/pull/5927))
* Update Pause image in tests & config
* cri: Devices ownership from SecurityContext ([#5122](https://github.com/containerd/containerd/pull/5122))
* cri: Devices ownership from SecurityContext
* Fix pull fails on unexpected EOF ([#5921](https://github.com/containerd/containerd/pull/5921))
* Fix pull fails on unexpected EOF
* Fix dir support for devices ([#5845](https://github.com/containerd/containerd/pull/5845))
* Adding testing of two devices
* Fix dir support for devices V3 (#4847)
* windows: The DefaultSpec platform should match the Default matcher ([#5914](https://github.com/containerd/containerd/pull/5914))
* windows: The DefaultSpec platform should match the Default matcher
* Add RunAsUserName functionality for the Windows pod sandbox container ([#5865](https://github.com/containerd/containerd/pull/5865))
* Add RunAsUserName functionality for the Windows Pod Sandbox Container
* bump up runc v1.0.2 ([#5899](https://github.com/containerd/containerd/pull/5899))
* go.mod: update runc to v1.0.2
* update runc binary to v1.0.2
* Run `go fmt` with Go 1.17 ([#5903](https://github.com/containerd/containerd/pull/5903))
* Run `go fmt` with Go 1.17
* go.mod: github.com/pelletier/go-toml v1.9.3 ([#5905](https://github.com/containerd/containerd/pull/5905))
* go.mod: github.com/pelletier/go-toml v1.9.3
* cri: filter selinux xattr for image volumes ([#5902](https://github.com/containerd/containerd/pull/5902))
* cri: filter selinux xattr for image volumes
* Add Windows HostProcess Support ([#5131](https://github.com/containerd/containerd/pull/5131))
* Added windows hostProcess cni skip
* script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0 ([#5897](https://github.com/containerd/containerd/pull/5897))
* script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0
* Update to Go 1.17 ([#5889](https://github.com/containerd/containerd/pull/5889))
* Bump integration timeout to 35 min
* Update to Go 1.17
* integration: fix TestContainerPids ([#5896](https://github.com/containerd/containerd/pull/5896))
* integration: fix TestContainerPids
* [ctr] add HOSTNAME env for host network ([#5891](https://github.com/containerd/containerd/pull/5891))
* [ctr] add HOSTNAME env for host network
* Fuzzing: Add fuzzer ([#5886](https://github.com/containerd/containerd/pull/5886))
* Fuzzing: Add fuzzer
* Make Cgroup driver configurable in gce configure script ([#5884](https://github.com/containerd/containerd/pull/5884))
* Add env for SystemdCgroup driver
* Allow expanded DNS configuration ([#5878](https://github.com/containerd/containerd/pull/5878))
* Allow expanded DNS configuration
* Fuzzing: Add 4 fuzzers ([#5863](https://github.com/containerd/containerd/pull/5863))
* Fuzzing: Add 4 fuzzers
* Cleanup v2 shim ([#5813](https://github.com/containerd/containerd/pull/5813))
* Cleanup v2 shim
* Fuzzing: Add experimental version of container fuzzer ([#5840](https://github.com/containerd/containerd/pull/5840))
* Use http.Get to download binaries instead of exec.Command
* Fuzzing: Add experimental version of container fuzzer
* add cpu-shares to ctr ([#5846](https://github.com/containerd/containerd/pull/5846))
* add cpu-shares to ctr
* docs: rename master to main (it was opposite on the actual commit) ([#5847](https://github.com/containerd/containerd/pull/5847))
* docs: rename main to master
* content: return the error with its timestamp ([#5849](https://github.com/containerd/containerd/pull/5849))
* content: return the error with its timestamp
* Fix bad `make protos` failure ([#5857](https://github.com/containerd/containerd/pull/5857))
* Fix bad `make protos` failure
* replace cri and point to new location ([#5851](https://github.com/containerd/containerd/pull/5851))
* archive docs and point to new location fix #https://github.com/containerd/cri/issues/1624
* docs: remove FOSSA's badge ([#5856](https://github.com/containerd/containerd/pull/5856))
* docs: remove FOSSA's badge
* BUILDING.md: remove some bits about building runc ([#5850](https://github.com/containerd/containerd/pull/5850))
* BUILDING.md: remove some bits about building runc
* BUILDING.md: markdown fixes
* go.mod: update k8s deps to v1.22.0 ([#5836](https://github.com/containerd/containerd/pull/5836))
* go.mod: update kubernetes to v1.22.0
* [Scripts] Add trap to cri-integration test script ([#5852](https://github.com/containerd/containerd/pull/5852))
* Add trap to cri-integration test script
* docs: list all snapshotter-related build flags ([#5848](https://github.com/containerd/containerd/pull/5848))
* docs: list all snapshotter-related build flags
* Move plugin context events into separate plugin ([#5835](https://github.com/containerd/containerd/pull/5835))
* Move plugin context events into separate plugin
* Fix Linux CI Linter using Go 1.15.14 ([#5839](https://github.com/containerd/containerd/pull/5839))
* Fix Linux CI Linter using go 1.15.14
* Update Go to 1.16.7 ([#5842](https://github.com/containerd/containerd/pull/5842))
* Update Go to 1.16.7
* Cleanup CI ([#5838](https://github.com/containerd/containerd/pull/5838))
* Cleanup CI
* Remove redundant build tags ([#5834](https://github.com/containerd/containerd/pull/5834))
* Remove redundant build tags
* Change default directories on Darwin ([#5830](https://github.com/containerd/containerd/pull/5830))
* Change default directories on Darwin
* [otel-tracing] Initial opentelemetry support ([#5731](https://github.com/containerd/containerd/pull/5731))
* [otel-tracing] vendor and go modules changes
* [otel-tracing] Initial opentelemetry support
* remove go 1.13 from containerd
* Fuzzing: Fix for OSS-fuzz issue 36825 ([#5829](https://github.com/containerd/containerd/pull/5829))
* Fuzzing: Fix for OSS-fuzz issue 36825
* Fuzzing: Add two fuzzers ([#5825](https://github.com/containerd/containerd/pull/5825))
* Fuzzing: Add two more fuzzers
* scripts: linting fixes, and remove support for Debian Jessie (as it's EOL) ([#5760](https://github.com/containerd/containerd/pull/5760))
* scripts: declare ROOT closer to where it's used, and some DRY changes
* scripts: add missing quotes, and minor linting issues
* test/build-utils.sh: remove support for Debian Jessie
* platforms: Format(): use path.Join() instead of joinNotEmpty() ([#5821](https://github.com/containerd/containerd/pull/5821))
* platforms: Format(): use path.Join() instead of joinNotEmpty()
* Fuzzing: Remove panics of container_fuzzer ([#5823](https://github.com/containerd/containerd/pull/5823))
* Fuzzing: Remove panics of container_fuzzer
* Fuzzing: Add container fuzzer ([#5785](https://github.com/containerd/containerd/pull/5785))
* Change protoc link
* Split fuzzer to two fuzzers
* Fuzzing: Add container fuzzer
* runtime: fix the issue of create new socket with abstract address ([#5746](https://github.com/containerd/containerd/pull/5746))
* runtime: fix the issue of create new socket with abstract address
* mergo: Upgrade to 0.3.12 to fix panic ([#5809](https://github.com/containerd/containerd/pull/5809))
* mergo: Upgrade to 0.3.12 to fix panic
* ci: install criu from PPA ([#5802](https://github.com/containerd/containerd/pull/5802))
* ci: install criu from PPA
* Update release workflow to upload binary without CNI ([#5144](https://github.com/containerd/containerd/pull/5144))
* Split release steps into multiple tasks
* Update release workflow to upload binary without CNI
* Enable critest on Windows Periodic Jobs ([#5725](https://github.com/containerd/containerd/pull/5725))
* Enable critest on Windows
* Script to check if entries in go.mod files are in sync ([#5792](https://github.com/containerd/containerd/pull/5792))
* Script to check if entries in go.mod files are in sync
* Add a sharedNamespace label ([#5043](https://github.com/containerd/containerd/pull/5043))
* Add shared content label to namespaces
* platforms: add "ios" as known OS, "loong64" as known ARCH ([#5784](https://github.com/containerd/containerd/pull/5784))
* platforms: add "ios" as known OS, "loong64" as known ARCH
* Updates the location of protobuf downloads ([#5804](https://github.com/containerd/containerd/pull/5804))
* Updates the location of protobuf downloads in docs
* Update protobuf install to use correct repository ([#5803](https://github.com/containerd/containerd/pull/5803))
* Update protobuf install to use correct repository
* overlay: expose upperdir location of each snapshot via an optional label ([#5624](https://github.com/containerd/containerd/pull/5624))
* overlay: add an optional label of upperdir location of each snapshot
* Support SIGRTMIN+n signals ([#5693](https://github.com/containerd/containerd/pull/5693))
* Support SIGRTMIN+n signals
* respect context timeout in shim binary call ([#5800](https://github.com/containerd/containerd/pull/5800))
* respect context timeout in shim binary call
* Introduce a new go module - containerd/api for use in standalone clients ([#5716](https://github.com/containerd/containerd/pull/5716))
* Introduce a new go module - containerd/api for use in standalone clients
* grpc config add options tcp_client_ca_cert ([#5606](https://github.com/containerd/containerd/pull/5606))
* grpc config add options tcp_tls_ca
* integration: Windows volume-copy-up images ([#5162](https://github.com/containerd/containerd/pull/5162))
* integration: Windows volume-copy-up images
* add CRI support matrix to RELEASES.md ([#5795](https://github.com/containerd/containerd/pull/5795))
* add CRI support matrix to RELEASES.md
* adding a little more clarity ([#5794](https://github.com/containerd/containerd/pull/5794))
* adding a little more clarity
* update gotestsum to v1.7.0 ([#5793](https://github.com/containerd/containerd/pull/5793))
* update gotestsum to v1.7.0
* Discard blocks when removing a thin device ([#5756](https://github.com/containerd/containerd/pull/5756))
* Discard blocks when removing a thin device
* Makefile: fix passing build tags ([#5590](https://github.com/containerd/containerd/pull/5590))
* Makefile: pass build tags to manpage build process
* Makefile: fix tags parameter computation
* Add runtime label to metrics ([#5744](https://github.com/containerd/containerd/pull/5744))
* Add runtime label to metrics
* interface about shim build check ([#5745](https://github.com/containerd/containerd/pull/5745))
* interface about shim build check
* integration: log all processes to investigate the test failure ([#5775](https://github.com/containerd/containerd/pull/5775))
* integration: log all processes to investigate the test failure
* Fuzzing: Add archive fuzzer ([#5779](https://github.com/containerd/containerd/pull/5779))
* Fuzzing: Add archive fuzzer
* Add docker.Fetch fuzzer ([#5687](https://github.com/containerd/containerd/pull/5687))
* Add docker fetch fuzzer
* Support custom compressor for walking differ ([#5735](https://github.com/containerd/containerd/pull/5735))
* Support custom compressor for walking differ
* remotes/docker/pusher.go: Fix missing Close() on push to docker remote ([#5770](https://github.com/containerd/containerd/pull/5770))
* remotes/docker/pusher.go: Fix missing Close()
* remotes/docker/fetcher.go: Fix missing Close() on fetch from docker remote ([#5769](https://github.com/containerd/containerd/pull/5769))
* remotes/docker/fetcher.go: Fix missing Close()
* Update cpuguy83/go-md2man binary to v2.0.1 ([#5771](https://github.com/containerd/containerd/pull/5771))
* Update cpuguy83/go-md2man binary to v2.0.1
* Refactor / optimize contrib/Dockerfile.test ([#5750](https://github.com/containerd/containerd/pull/5750))
* Dockerfile.test: build containerd in separate stage
* Dockerfile.test: add GOLANG_IMAGE build arg to allow overriding
* Dockerfile.test: clean up apt indexes after installing
* Dockerfile.test: build critools in a separate stage
* Dockerfile.test: build cni in a separate stage
* Dockerfile.test: standard directory to collect build aftifacts
* Dockerfile.test: split dev stage, and optimize order
* Dockerfile.test: skip curl, gcc, git and make install
* install-critools: make sure DESTDIR exists
* update gotestsum to current master ([#5754](https://github.com/containerd/containerd/pull/5754))
* update gotestsum to current master
* Github Security Advisory [GHSA-c72p-9xmj-rx3w](https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w)
* Add test for archive breakout test for lchmod
* Use systemd cgroup driver for Kubernetes e2e tests with cgroupsv2 ([#5755](https://github.com/containerd/containerd/pull/5755))
* Use systemd cgroup driver for cgroupv2 tests
* update runc to v1.0.1 ([#5751](https://github.com/containerd/containerd/pull/5751))
* go.mod: runc v1.0.1
* update runc binary to v1.0.1
* runtime: runc v2: remove redundant validation ([#5737](https://github.com/containerd/containerd/pull/5737))
* runtime: runc v2: remove redundant validation
* Add timestamp to flaky restart monitor test ([#5727](https://github.com/containerd/containerd/pull/5727))
* Move loop check to before sleep
* Add timestamp to flaky restart monitor test
* Update Go to 1.16.6 ([#5722](https://github.com/containerd/containerd/pull/5722))
* integration/client: go mod tidy
* Update Go to 1.16.6
* client: surface a connection error more clearly ([#4447](https://github.com/containerd/containerd/pull/4447))
* client: surface a connection error more clearly
* Fix missing Body.Close() calls on push to docker remote ([#5712](https://github.com/containerd/containerd/pull/5712))
* Fix missing Body.Close() calls on push to docker remote
* remove pkg/cri/platforms package ([#5710](https://github.com/containerd/containerd/pull/5710))
* remove pkg/cri/platforms package
* Allow WithServices to use custom implementations ([#5709](https://github.com/containerd/containerd/pull/5709))
* Allow WithServices to use custom implementations
* [Vendor] Update hcsshim to 0.8.18 ([#5673](https://github.com/containerd/containerd/pull/5673))
* [Vendor] Update hcsshim to 0.8.18
* test integration: Adds a test that restarts a failed container ([#5578](https://github.com/containerd/containerd/pull/5578))
* test integration: Adds a test that restarts a failed container
* [CRI] move up to CRI v1 and support v1alpha in parallel ([#5619](https://github.com/containerd/containerd/pull/5619))
* use fu wei's suggeted interface pick for marshaling
* add alpha version
* move up to CRI v1 and support v1alpha in parallel
* gha: make release workflow work in forks ([#5682](https://github.com/containerd/containerd/pull/5682))
* gha: make release workflow work in forks
* Add unit test for plugin ([#5666](https://github.com/containerd/containerd/pull/5666))
* Add unit test for plugin
* Dockerfile.test: add "cri-in-userns" (aka rootless) test stage ([#5700](https://github.com/containerd/containerd/pull/5700))
* Dockerfile.test: add "cri-in-userns" (aka rootless) test stage
* Update for distribution spec 1.0 ([#5676](https://github.com/containerd/containerd/pull/5676))
* Add support for registry host path override
* Update documenation for OCI distribution 1.0
* archive: cleanup lchmod logic ([#5702](https://github.com/containerd/containerd/pull/5702))
* Cleanup lchmod logic in archive
* Install specific golang version in Windows CI. ([#5571](https://github.com/containerd/containerd/pull/5571))
* Install specific golang version in Windows CI.
* Add ctr command label in NewContainerOpts ([#5660](https://github.com/containerd/containerd/pull/5660))
* feat: Add snapshotter label to the new snapshot for container.
* snapshot/devmapper: log exported methods correctly ([#5655](https://github.com/containerd/containerd/pull/5655))
* snapshot/devmapper: log exported methods correctly
* Makefile: fix DESTDIR and PREFIX concatenation ([#5662](https://github.com/containerd/containerd/pull/5662))
* Makefile: fix DESTDIR and PREFIX concatenation
* Cri integration cleanup ([#5287](https://github.com/containerd/containerd/pull/5287))
* tests: Use EnsureImageExists for image pulling
* tests: Refactors PodSandbox creation
* move sys.FMountat() into mount package and un-export ([#5641](https://github.com/containerd/containerd/pull/5641))
* un-export mount.FMountat
* move sys.FMountat() into mount package
* sandbox: send pod UID to CNI plugins as K8S_POD_UID ([#5640](https://github.com/containerd/containerd/pull/5640))
* sandbox: send pod UID to CNI plugins as K8S_POD_UID
* sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils ([#5639](https://github.com/containerd/containerd/pull/5639))
* sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils
* content/local: inline sys.StatATimeAsTime() ([#5633](https://github.com/containerd/containerd/pull/5633))
* content/local: inline sys.StatATimeAsTime()
* allow multi gpu to be specified via ctr ([#5636](https://github.com/containerd/containerd/pull/5636))
* allow multi gpu to be specified via ctr
* go.mod: runc v1.0.0
* update runc binary to v1.0.0 GA
* fixing some doc links ([#5629](https://github.com/containerd/containerd/pull/5629))
* fixing some doc links
* Sync integration/go.mod with root go.mod ([#5623](https://github.com/containerd/containerd/pull/5623))
* Sync integration/go.mod with root go.mod
* archive: Expose ChangeWriter to allow customized diff computing ([#5615](https://github.com/containerd/containerd/pull/5615))
* archive: Expose ChangeWriter to allow customized diff computing
* CI: Switch to the available latest images ([#5625](https://github.com/containerd/containerd/pull/5625))
* CI: Switch to available latest images
* fix deprecation config for default runtime
* Re-enable criu in main integration runs ([#5614](https://github.com/containerd/containerd/pull/5614))
* Re-enable criu in main integration runs
* runtime,v2: Enable debug when containerd is on debug+ log level ([#5617](https://github.com/containerd/containerd/pull/5617))
* runtime,v2: Enable debug when containerd is on debug+ log level
* github.com/golang/protobuf/proto is deprecated
* Update github.com/golang/protobuf from v1.3.5 to v1.4.3
* Update google.golang.org/grpc from v1.27.1 to v1.38.0
* Increase golangci-lint timeout
* ctr flags of container rootfs propagation ([#5611](https://github.com/containerd/containerd/pull/5611))
* command line flags of setting container rootfs propagation
* add cgroupv2 setup for cos with a flag
* Update gotestsum to add timestamps to junit output ([#5612](https://github.com/containerd/containerd/pull/5612))
* Update gotestsum to add timestamps to junit output
* Allow to pass --no-cgroups option to nvidia-container-cli ([#5604](https://github.com/containerd/containerd/pull/5604))
* Allow to pass --no-cgroup option to nvidia-container-cli
* Makefile: FHS conformant manpage installation pathes ([#5577](https://github.com/containerd/containerd/pull/5577))
* Makefile: FHS conformant manpage installation pathes
* Add proper Go version before project checks ([#5594](https://github.com/containerd/containerd/pull/5594))
* Add proper Go version before project checks
* Enable cri-integration in Windows Periodic Tests ([#5580](https://github.com/containerd/containerd/pull/5580))
* Enable cri-integration in Windows Periodic Tests
* adds explanation for seccomp unset/unconfined default vs runtime default ([#5573](https://github.com/containerd/containerd/pull/5573))
* adds explanation for seccomp unset/unconfined default vs runtime default
* Fix cleanup context of teardownPodNetwork ([#5569](https://github.com/containerd/containerd/pull/5569))
* Fix cleanup context of teardownPodNetwork
* update integration/client go.sum ([#5572](https://github.com/containerd/containerd/pull/5572))
* update integration/client go.sum
* Revert diff/walking error change ([#5566](https://github.com/containerd/containerd/pull/5566))
* Revert diff/walking error change
* Update opencontainers/selinux to v1.8.2 ([#5562](https://github.com/containerd/containerd/pull/5562))
* Update opencontainers/selinux to v1.8.2
* fix invalid validation error checking ([#5565](https://github.com/containerd/containerd/pull/5565))
* fix invalid validation error checking
* diff/walking: fix defer cleanup ([#5551](https://github.com/containerd/containerd/pull/5551))
* diff/walking: fix defer cleanup
* Windows periodic job: Add creation timestamp to RG ([#5559](https://github.com/containerd/containerd/pull/5559))
* Add creation timestamp to RG
* Fix error case in Windows layer cleanup ([#5328](https://github.com/containerd/containerd/pull/5328))
* Fix error case in Windows layer cleanup
* Use DeactivateLayer to unlock layers that we cannot rename ([#5422](https://github.com/containerd/containerd/pull/5422))
* Small typo fix "reimporst"
* Use DeactivateLayer to recover layers that we cannot rename
* tests: Symlink volume tests ([#5284](https://github.com/containerd/containerd/pull/5284))
* tests: Symlink volume tests
* Makefile: fix DESTDIR environment variable behaviour ([#5535](https://github.com/containerd/containerd/pull/5535))
* Makefile: fix DESTDIR environment variable behaviour
* Change Wrapf of non-error to an actual error ([#5560](https://github.com/containerd/containerd/pull/5560))
* Change Wrapf of non-error to an actual error
* Install apparmor parser for arm64 environment
* scrub the stale TODO ([#5536](https://github.com/containerd/containerd/pull/5536))
* scrub the stale TODO
* docs: explicitly mention containerd's Prometheus path ([#5554](https://github.com/containerd/containerd/pull/5554))
* docs: explicitly mention containerd's Prometheus path
* integration: Cleanup containerd on test teardown ([#5553](https://github.com/containerd/containerd/pull/5553))
* integration: Cleanup containerd on test teardown
* docs/cri: update links ([#5548](https://github.com/containerd/containerd/pull/5548))
* docs/cri: update ocicrypt link
* docs/cri: fix broken links
* Update Windows periodic tests ([#5544](https://github.com/containerd/containerd/pull/5544))
* Update Windows periodic tests
* Add CI periodic Windows Jobs. ([#5165](https://github.com/containerd/containerd/pull/5165))
* Schedule Windows job daily after midnight.
* Update windows-periodic.yml
* Add CI periodic Windows Jobs.
* Rename atomicWrite to writeToCompletion ([#5273](https://github.com/containerd/containerd/pull/5273))
* Rename atomicWrite to writeToCompletion
* Do not run btrfs tests if btrfs kernel module is not loaded ([#5539](https://github.com/containerd/containerd/pull/5539))
* Do not run btrfs tests if btrfs kernel module is not loaded
* Fix incorrect UA used for registry authentication ([#5533](https://github.com/containerd/containerd/pull/5533))
* Fix incorrect UA used for registry authentication
* ctr: parse mount options with embedded = character ([#5531](https://github.com/containerd/containerd/pull/5531))
* ctr: parse mount options with embedded = character
* Fix mounts for FreeBSD ([#5472](https://github.com/containerd/containerd/pull/5472))
* Add ruleset=4 option
* Remove mountpoints not commonly mounted on FreeBSD
* Add copyright header & make sure compilation succeeds on all platforms
* Fix mounts for FreeBSD
* ctr: make exec pty behavior consistent with run ([#5527](https://github.com/containerd/containerd/pull/5527))
* ctr: exec handle pty resize after Start
* ctr: exec setup IO with console
* Makefile: use $@ for target file names ([#5534](https://github.com/containerd/containerd/pull/5534))
* Makefile: use $@ for target file names
* Fix small typo ([#5528](https://github.com/containerd/containerd/pull/5528))
* Fix small typo
* Don't check for apparmor_parser to be present ([#5519](https://github.com/containerd/containerd/pull/5519))
* update the link
* Don't check for apparmor_parser to be present
* Remove useless lines ([#5520](https://github.com/containerd/containerd/pull/5520))
* Remove useless lines
* Fixed typos in docs ([#5509](https://github.com/containerd/containerd/pull/5509))
* fixed typos
* Try next mirror in case of non-404 errors, too ([#5275](https://github.com/containerd/containerd/pull/5275))
* Try next mirror in case of non-404 errors, too
* bump runc version to v1.0.0-rc95 ([#5514](https://github.com/containerd/containerd/pull/5514))
* bump runc version to v1.0.0-rc95
* update runc binary to v1.0.0-rc95 ([#5511](https://github.com/containerd/containerd/pull/5511))
* update runc binary to v1.0.0-rc95
* Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0 ([#5508](https://github.com/containerd/containerd/pull/5508))
* Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0
* Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1 ([#5507](https://github.com/containerd/containerd/pull/5507))
* Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
* Makefile: allow overriding install command via environment ([#5493](https://github.com/containerd/containerd/pull/5493))
* Makefile: allow overriding install command via environment
* tests: Adds support for Windows cri-integration tests ([#5163](https://github.com/containerd/containerd/pull/5163))
* tests: Adds support for Windows cri-integration tests
* Update docker resolver to authorize redirects ([#5504](https://github.com/containerd/containerd/pull/5504))
* Update docker resolver to authorize redirects
* bump hcsshim version to v0.8.17 ([#5505](https://github.com/containerd/containerd/pull/5505))
* bump hcsshim version to v0.8.17
* Release binary update for imgcrypt ([#5498](https://github.com/containerd/containerd/pull/5498))
* just release ctd-decoder not ctr-enc
* Merge remote-tracking branch 'upstream/master'
* Pin integration test image for alpine
* cri-integration tests: Pull images once ([#5313](https://github.com/containerd/containerd/pull/5313))
* tests: Prepull images used in tests
* plugin: optimize the check for the last registration ([#5440](https://github.com/containerd/containerd/pull/5440))
* plugin: optimize the check for the last registration
* metadata: modify NewLeaseManager to return leases.Manager ([#5465](https://github.com/containerd/containerd/pull/5465))
* metadata: modify NewLeaseManager to return leases.Manager
* Skip TLS verification for localhost ([#5100](https://github.com/containerd/containerd/pull/5100))
* Skip TLS verification for localhost
* Merge remote-tracking branch 'upstream/master'
* Makefile: make sure manpages are built before install-man ([#5492](https://github.com/containerd/containerd/pull/5492))
* Makefile: make sure manpages are built before install-man
* adds description for hosts.toml ([#5309](https://github.com/containerd/containerd/pull/5309))
* adds credentials description
* adds description for hosts.toml
* Prepare default branch rename ([#5459](https://github.com/containerd/containerd/pull/5459))
* Prepare default branch rename
* Merge remote-tracking branch 'upstream/master'
* Update runc to rc94 ([#5473](https://github.com/containerd/containerd/pull/5473))
* Update vendored runc to v1.0.0.0-rc94
* Update the runc binary used with containerd to runc v1.0.0-rc94
* Fix `content.ReaderAt` close ([#5468](https://github.com/containerd/containerd/pull/5468))
* Fix content.ReaderAt close
* Update releases doc with updated support timeline ([#5466](https://github.com/containerd/containerd/pull/5466))
* Update releases doc with updated support timeline
* tests: add test for adaptor ([#5452](https://github.com/containerd/containerd/pull/5452))
* tests: add test for adaptor
* Makefile: allow overriding go command by environment ([#5450](https://github.com/containerd/containerd/pull/5450))
* Makefile: allow overriding go command by environment
* update to new cri-tools make install ([#5462](https://github.com/containerd/containerd/pull/5462))
* update to new cri-tools make install
* Update Go to 1.16.4 ([#5461](https://github.com/containerd/containerd/pull/5461))
* Update Go to 1.16.4
* Merge remote-tracking branch 'upstream/release/1.5'
* [release/1.5] go.mod: cut circular dependency on github.com/containerd/containerd ([#5457](https://github.com/containerd/containerd/pull/5457))
* go.mod: cut circular dependency on github.com/containerd/containerd
* integration/client: go mod tidy
* oci: fix WithDevShmSize ([#5063](https://github.com/containerd/containerd/pull/5063))
* oci: fix WithDevShmSize
* [release/1.5] cherry-pick: windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink ([#5454](https://github.com/containerd/containerd/pull/5454))
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink ([#5411](https://github.com/containerd/containerd/pull/5411))
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
* doc: add missing namespaces package ([#5448](https://github.com/containerd/containerd/pull/5448))
* doc: add missing namespaces package
* update seccomp version ([#5445](https://github.com/containerd/containerd/pull/5445))
* update seccomp version
* Update golang.org/x/sys to add linux/ppc support ([#5436](https://github.com/containerd/containerd/pull/5436))
* Update golang.org/x/sys to add linux/ppc support
* go.mod: cut circular dependency on github.com/containerd/containerd ([#5441](https://github.com/containerd/containerd/pull/5441))
* go.mod: cut circular dependency on github.com/containerd/containerd
* integration/client: go mod tidy
* Fix different registry hosts referencing the same auth config. ([#5446](https://github.com/containerd/containerd/pull/5446))
* Fix different registry hosts referencing the same auth config.
</p>
</details>
### Changes from containerd/cgroups
<details><summary>24 commits</summary>
<p>
* cgroup: Optionally add process and task to a subsystems subset ([#203](https://github.com/containerd/cgroups/pull/203))
* cgroup: Optionally add process and task to a subsystems subset
* replace pkg/errors from vendor ([#208](https://github.com/containerd/cgroups/pull/208))
* replace pkg/errors from vendor
* cgroup.go: avoid panic on nil interface ([#207](https://github.com/containerd/cgroups/pull/207))
* cgroup.go: avoid panic on nil interface
* Improvements on cgroup v2 support ([#204](https://github.com/containerd/cgroups/pull/204))
* cgroupv2: reset lastErr to nil when subtree control is successfully written
* cgroupv2: enable controllers before setting resources in NewChild()
* v2: remove unimplemented errors and ErrorHandler, IgnoreNotExist ([#201](https://github.com/containerd/cgroups/pull/201))
* v2: remove ErrorHandler and IgnoreNotExist as they are not implemented
* v2: remove errors that are never returned
* v1: reduce duplicated code ([#202](https://github.com/containerd/cgroups/pull/202))
* v1: reduce duplicated code
* cgroup v1: implement AddProc() ([#200](https://github.com/containerd/cgroups/pull/200))
* cgroup v1: implement AddProc()
* Rename branch from master to main ([#199](https://github.com/containerd/cgroups/pull/199))
* Rename branch from master to main
* utils: export ParseCgroupFile() ([#197](https://github.com/containerd/cgroups/pull/197))
* utils: export ParseCgroupFile()
* go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations ([#194](https://github.com/containerd/cgroups/pull/194))
* go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations
* Use /proc/partitions to get device names ([#195](https://github.com/containerd/cgroups/pull/195))
* Use /proc/partitions to get device names
</p>
</details>
### Changes from containerd/console
<details><summary>6 commits</summary>
<p>
* Fix CI ([#55](https://github.com/containerd/console/pull/55))
* Fix CI
* Stop using pkg/errors
* Add support for z/OS ([#46](https://github.com/containerd/console/pull/46))
* Console test on z/OS
* Add support for z/OS
</p>
</details>
### Changes from containerd/continuity
<details><summary>28 commits</summary>
<p>
* fs: use syscall.Timespec.Unix ([#193](https://github.com/containerd/continuity/pull/193))
* fs: use syscall.Timespec.Unix
* Update CI Go version to 1.17 ([#192](https://github.com/containerd/continuity/pull/192))
* Update CI Go version to 1.17
* Build containerd/continuity on multiple Unix OSes ([#190](https://github.com/containerd/continuity/pull/190))
* Build containerd/continuity on multiple Unix OSes
* Do not log errors before returning them ([#191](https://github.com/containerd/continuity/pull/191))
* Do not log errors before returning them
* Copy Windows file metadata ([#188](https://github.com/containerd/continuity/pull/188))
* Copy Windows file metadata
* fix fmt.Errorf("%w", err) on err == nil ([#187](https://github.com/containerd/continuity/pull/187))
* fix fmt.Errorf("%w", err) on err == nil
* Remove direct dependency on github.com/pkg/errors ([#185](https://github.com/containerd/continuity/pull/185))
* run gofmt with Go 1.17
* remove direct dependency on github.com/pkg/errors
* Fix darwin issues ([#186](https://github.com/containerd/continuity/pull/186))
* update AUTHORS
* darwin: use utimensat syscall instead of utimes
* fix darwin usage of du command
* go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125 ([#161](https://github.com/containerd/continuity/pull/161))
* go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125
* fs/stat: add FreeBSD, and cleanup some nolint-comments ([#184](https://github.com/containerd/continuity/pull/184))
* reformat nolint comments
* fs/stat: add FreeBSD
* Rename branch from master to main ([#182](https://github.com/containerd/continuity/pull/182))
* Rename branch from master to main
* testutil/loopback: print more debug info ([#180](https://github.com/containerd/continuity/pull/180))
* testutil/loopback: print more debug info
</p>
</details>
### Changes from containerd/go-cni
<details><summary>18 commits</summary>
<p>
* run setup on networks in parallel ([#76](https://github.com/containerd/go-cni/pull/76))
* switch to direct index
* run setup on networks in parallel
* remove: Continue on "not found" errors ([#74](https://github.com/containerd/go-cni/pull/74))
* remove: Continue on "not found" errors
* go.mod: github.com/containernetworking/cni v1.0.1 ([#72](https://github.com/containerd/go-cni/pull/72))
* go.mod: github.com/containernetworking/cni v1.0.1
* remove direct dependency on github.com/pkg/errors ([#71](https://github.com/containerd/go-cni/pull/71))
* remove direct dependency on github.com/pkg/errors
* update CNI to v1.0.0 ([#70](https://github.com/containerd/go-cni/pull/70))
* test: add TestLibCNIType100
* update CNI to v1.0.0
* Rename branch from master to main ([#69](https://github.com/containerd/go-cni/pull/69))
* Rename branch from master to main
* result: change Raw from a struct field to a method ([#68](https://github.com/containerd/go-cni/pull/68))
* result: change Raw from a struct field to a method
* result: expose raw result ([#67](https://github.com/containerd/go-cni/pull/67))
* result: expose raw result
</p>
</details>
### Changes from containerd/imgcrypt
<details><summary>32 commits</summary>
<p>
* CHANGES: Updated CHANGES document for 1.1.3 release ([#64](https://github.com/containerd/imgcrypt/pull/64))
* CHANGES: Updated CHANGES document for 1.1.3 release
* docs: update project branch to main ([#63](https://github.com/containerd/imgcrypt/pull/63))
* docs: update project branch to main
* Update linter to match containerd repo ([#61](https://github.com/containerd/imgcrypt/pull/61))
* Update linter to match containerd repo
* update CI golang version
* Bump github.com/containerd/containerd from 1.5.7 to 1.5.8 ([#59](https://github.com/containerd/imgcrypt/pull/59))
* Bump github.com/containerd/containerd from 1.5.7 to 1.5.8
* maint: Update to ocicrypt v1.1.2 ([#57](https://github.com/containerd/imgcrypt/pull/57))
* maint: Update to ocicrypt v1.1.2
* Decouple CreateCryptoConfig() from github.com/urfave/cli ([#56](https://github.com/containerd/imgcrypt/pull/56))
* Decouple CreateCryptoConfig() from github.com/urfave/cli
* Bump github.com/containerd/containerd from 1.5.5 to 1.5.7 ([#55](https://github.com/containerd/imgcrypt/pull/55))
* Bump github.com/containerd/containerd from 1.5.5 to 1.5.7
* replace pkg/errors and bump related library
* README: Fix CRI decryption document URL ([#53](https://github.com/containerd/imgcrypt/pull/53))
* README: Fix CRI decryption document URL
* Bump github.com/containerd/containerd from 1.5.2 to 1.5.4 ([#52](https://github.com/containerd/imgcrypt/pull/52))
* Bump github.com/containerd/containerd from 1.5.2 to 1.5.4
* Bump containerd to 1.5.2 ([#51](https://github.com/containerd/imgcrypt/pull/51))
* Bump containerd to 1.5.2
* images: Implement ConvertFunc for image en- and decryption ([#49](https://github.com/containerd/imgcrypt/pull/49))
* images: Implement ConvertFunc for image en- and decryption
* Add containerd-release to makefile ([#48](https://github.com/containerd/imgcrypt/pull/48))
* Remove ctr-enc from installation
* vendor sync up with containerd 1.5 ga, and runc94 ([#47](https://github.com/containerd/imgcrypt/pull/47))
* sync up with containerd 1.5 ga, and runc94
* Sync ctr-enc with containerd's ctr v1.5.0-rc.3 ([#46](https://github.com/containerd/imgcrypt/pull/46))
* CICD: Run 'apt update' before pulling packages
* ctr-enc: Set the version for ctr-enc when linking
* Sync ctr-enc with containerd's ctr v1.5.0-rc.3
</p>
</details>
### Changes from containerd/ttrpc
<details><summary>34 commits</summary>
<p>
* Add protoc-gen-go-ttrpc ([#96](https://github.com/containerd/ttrpc/pull/96))
* Add protoc-gen-go-ttrpc
* client: Handle sending/receiving in separate goroutines ([#94](https://github.com/containerd/ttrpc/pull/94))
* client: Handle sending/receiving in separate goroutines
* Run Protobuild in GitHub Actions ([#95](https://github.com/containerd/ttrpc/pull/95))
* Run Protobuild in GitHub Actions
* Re-generate example.pb.go
* replace pkg/errors ([#93](https://github.com/containerd/ttrpc/pull/93))
* replace pkg/errors from vendor
* Rename branch from master to main ([#86](https://github.com/containerd/ttrpc/pull/86))
* Rename branch from master to main
* Make "go test" and "go build" work on macOS ([#85](https://github.com/containerd/ttrpc/pull/85))
* Make the example command buildable on macOS
* Run GitHub Actions on macOS
* Make "go test" work on macOS
* Return Unimplemented when services or methods are not implemented ([#83](https://github.com/containerd/ttrpc/pull/83))
* Return Unimplemented when services or methods are not implemented
* Remove "Very new" and checked TODO items ([#84](https://github.com/containerd/ttrpc/pull/84))
* Remove "Very new" and checked TODO items
* removing glide from ignore ([#82](https://github.com/containerd/ttrpc/pull/82))
* removing glide from ignore
* go.mod: update dependencies ([#79](https://github.com/containerd/ttrpc/pull/79))
* go.mod: github.com/prometheus/procfs v0.6.0
* go.mod: google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
* go.mod: google.golang.org/grpc v1.27.1
* go.mod: github.com/gogo/protobuf v1.3.2
* remove travis, add codecov badge ([#78](https://github.com/containerd/ttrpc/pull/78))
* CI: add codecov badge to readme
* CI: remove travis
* Use GitHub Actions for CI ([#77](https://github.com/containerd/ttrpc/pull/77))
* Use GitHub Actions for CI
* go.mod: sirupsen/logrus v1.7.0 ([#76](https://github.com/containerd/ttrpc/pull/76))
* go.mod: sirupsen/logrus v1.7.0
* go mod tidy
</p>
</details>
### Dependency Changes
* **github.com/AdaLogics/go-fuzz-headers** 6c3934b029d8 **_new_**
* **github.com/Microsoft/go-winio** v0.4.17 -> v0.5.1
* **github.com/Microsoft/hcsshim** v0.8.16 -> v0.9.1
* **github.com/bits-and-blooms/bitset** v1.2.0 **_new_**
* **github.com/blang/semver** v3.5.1 **_new_**
* **github.com/cenkalti/backoff/v4** v4.1.2 **_new_**
* **github.com/cilium/ebpf** v0.4.0 -> v0.6.2
* **github.com/containerd/cgroups** v1.0.1 -> v1.0.2
* **github.com/containerd/console** v1.0.2 -> v1.0.3
* **github.com/containerd/continuity** v0.1.0 -> v0.2.2
* **github.com/containerd/go-cni** v1.0.2 -> v1.1.1
* **github.com/containerd/imgcrypt** v1.1.1 -> v1.1.3
* **github.com/containerd/ttrpc** v1.0.2 -> v1.1.0
* **github.com/containernetworking/cni** v0.8.1 -> v1.0.1
* **github.com/containernetworking/plugins** v0.9.1 -> v1.0.1
* **github.com/containers/ocicrypt** v1.1.1 -> v1.1.2
* **github.com/go-logr/logr** v0.2.0 -> v1.2.2
* **github.com/go-logr/stdr** v1.2.2 **_new_**
* **github.com/golang/groupcache** 8c9f03a8e57e -> 41bb18bfe9da
* **github.com/golang/protobuf** v1.3.5 -> v1.5.2
* **github.com/google/go-cmp** v0.5.4 -> v0.5.6
* **github.com/google/gofuzz** v1.1.0 -> v1.2.0
* **github.com/grpc-ecosystem/go-grpc-middleware** v1.3.0 **_new_**
* **github.com/grpc-ecosystem/grpc-gateway** v1.16.0 **_new_**
* **github.com/hashicorp/errwrap** v1.0.0 -> v1.1.0
* **github.com/hashicorp/go-multierror** v1.0.0 -> v1.1.1
* **github.com/imdario/mergo** v0.3.11 -> v0.3.12
* **github.com/intel/goresctrl** v0.2.0 **_new_**
* **github.com/json-iterator/go** v1.1.10 -> v1.1.12
* **github.com/moby/spdystream** v0.2.0 **_new_**
* **github.com/moby/sys/signal** v0.6.0 **_new_**
* **github.com/modern-go/reflect2** v1.0.1 -> v1.0.2
* **github.com/opencontainers/image-spec** v1.0.1 -> 693428a734f5
* **github.com/opencontainers/runc** v1.0.0-rc93 -> v1.0.3
* **github.com/opencontainers/runtime-spec** e6143ca7d51d -> 1c3f411f0417
* **github.com/opencontainers/selinux** v1.8.0 -> v1.8.2
* **github.com/pelletier/go-toml** v1.8.1 -> v1.9.3
* **github.com/prometheus/client_golang** v1.7.1 -> v1.11.0
* **github.com/prometheus/common** v0.10.0 -> v0.30.0
* **github.com/prometheus/procfs** v0.6.0 -> v0.7.3
* **github.com/satori/go.uuid** v1.2.0 **_new_**
* **github.com/sirupsen/logrus** v1.7.0 -> v1.8.1
* **github.com/spf13/pflag** v1.0.5 **_new_**
* **github.com/stretchr/testify** v1.6.1 -> v1.7.0
* **github.com/vishvananda/netlink** f5de75959ad5 **_new_**
* **github.com/vishvananda/netns** 2eb08e3e575f **_new_**
* **go.etcd.io/bbolt** v1.3.5 -> v1.3.6
* **go.opencensus.io** v0.22.3 -> v0.23.0
* **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.28.0 **_new_**
* **go.opentelemetry.io/otel** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/internal/retry** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/sdk** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/trace** v1.3.0 **_new_**
* **go.opentelemetry.io/proto/otlp** v0.11.0 **_new_**
* **golang.org/x/crypto** 0c34fe9e7dc2 -> 32db794688a5
* **golang.org/x/net** e18ecbb05110 -> fe4d6282115f
* **golang.org/x/oauth2** bf48bf16ab8d -> 2bc19b11175f
* **golang.org/x/sync** 09787c993a3a -> 036812b2e83c
* **golang.org/x/sys** 47abb6519492 -> 1d35b9e2eb4e
* **golang.org/x/term** 7de9c90e9dd1 -> 6886f2dfbf5b
* **golang.org/x/text** v0.3.4 -> v0.3.7
* **golang.org/x/time** 3af7569d3a1e -> 1f47c861a9ac
* **google.golang.org/appengine** v1.6.5 -> v1.6.7
* **google.golang.org/grpc** v1.27.1 -> v1.43.0
* **google.golang.org/protobuf** v1.27.1 **_new_**
* **gopkg.in/yaml.v3** 9f266ea9e77c -> 496545a6307b
* **k8s.io/api** v0.20.6 -> v0.23.0
* **k8s.io/apimachinery** v0.20.6 -> v0.23.0
* **k8s.io/apiserver** v0.20.6 -> v0.23.0
* **k8s.io/client-go** v0.20.6 -> v0.23.0
* **k8s.io/component-base** v0.20.6 -> v0.23.0
* **k8s.io/cri-api** v0.20.6 -> v0.23.0
* **k8s.io/utils** 67b214c5f920 -> cb0fa318a74b
* **sigs.k8s.io/json** c049b76a60c6 **_new_**
Previous release can be found at [v1.5.0](https://github.com/containerd/containerd/releases/tag/v1.5.0)
containerd 1.6.0-beta.5
Welcome to the v1.6.0-beta.5 release of containerd!
The seventh major release of containerd includes many improvements and added
support to increase overall compatibility and stability.
### Highlights
#### Runtime
* **Add runtime label to metrics** ([#5744](https://github.com/containerd/containerd/pull/5744))
* **Cleanup task delete logic in v2 shim** ([#5813](https://github.com/containerd/containerd/pull/5813))
* **Add support for shim plugins** ([#5817](https://github.com/containerd/containerd/pull/5817))
* **Decouple shim and task manager** ([#5918](https://github.com/containerd/containerd/pull/5918))
* **Add runc shim support for core scheduling** ([#6011](https://github.com/containerd/containerd/pull/6011))
* **Update shim client connect attempt to fail fast when shim errors** ([#6031](https://github.com/containerd/containerd/pull/6031))
* **Add support for absolute path to shim binaries** ([#6206](https://github.com/containerd/containerd/pull/6206))
#### Windows
* **Add support for Windows HostProcess containers** ([#5131](https://github.com/containerd/containerd/pull/5131))
* **Add support for Windows resource limits** ([#5778](https://github.com/containerd/containerd/pull/5778))
#### CRI
* **Add CNI configuration based on runtime class** ([#4695](https://github.com/containerd/containerd/pull/4695))
* **Add support for Intel RDT** ([#5439](https://github.com/containerd/containerd/pull/5439))
* **Add support for CRI v1 and v1alpha in parallel** ([#5619](https://github.com/containerd/containerd/pull/5619))
* **Add support for unified resources field for cgroups v2** ([#5627](https://github.com/containerd/containerd/pull/5627))
* **Add IP preference configuration for reporting pod IP** ([#5964](https://github.com/containerd/containerd/pull/5964))
* **Implement new CRI pod sandbox stats API** ([#6113](https://github.com/containerd/containerd/pull/6113))
* **Add sandbox and container latency metrics** ([#6111](https://github.com/containerd/containerd/pull/6111))
* **Add namespace to ttrpc and grpc plugin connections** ([#6130](https://github.com/containerd/containerd/pull/6130))
* **Add option to allow ping sockets and privileged ports with no capabilities** ([#6170](https://github.com/containerd/containerd/pull/6170))
* **Add support for configuring swap** ([#6320](https://github.com/containerd/containerd/pull/6320))
#### Other
* **Add a shared namespace label for cross-namespace content sharing** ([#5043](https://github.com/containerd/containerd/pull/5043))
* **Add support for client TLS Auth for grpc** ([#5606](https://github.com/containerd/containerd/pull/5606))
* **Add xfs support for devicemapper snapshotter** ([#5610](https://github.com/containerd/containerd/pull/5610))
* **Add metric exposing build version and revision** ([#5965](https://github.com/containerd/containerd/pull/5965))
* **Add OpenTelemetry trace injection to grpc client** ([#5992](https://github.com/containerd/containerd/pull/5992))
* **Add support for custom fs options in devmapper snapshotter** ([#6122](https://github.com/containerd/containerd/pull/6122))
#### Client
* **Allow WithServices to use custom implementations** ([#5709](https://github.com/containerd/containerd/pull/5709))
* **Support custom compressor for walking differ** ([#5735](https://github.com/containerd/containerd/pull/5735))
See the changelog for complete list of changes
Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.
### Contributors
* Derek McGowan
* Phil Estes
* Wei Fu
* Akihiro Suda
* Maksym Pavlenko
* Sebastiaan van Stijn
* Kazuyoshi Kato
* Michael Crosby
* Mike Brown
* Claudiu Belu
* haoyun
* Daniel Canter
* Gabriel Adrian Samfira
* zounengren
* AdamKorcz
* Adelina Tuvenie
* Brian Goff
* Kohei Tokunaga
* Davanum Srinivas
* Shiming Zhang
* Samuel Karp
* Enrico Weigelt, metux IT consult
* Markus Lehtonen
* Alakesh Haloi
* Hajime Tazaki
* Kevin Parsons
* Iceber Gu
* Nashwan Azhari
* Aditi Sharma
* Gijs Peskens
* Danielle Lancashire
* David Porter
* Jacob MacElroy
* wanglei
* Alexandre Peixoto Ferreira
* Cody Roseborough
* Furkan
* Jiaming Xu
* Kir Kolyshkin
* Miao Wang
* Neil Johnson
* Paul "TBBle" Hampson
* Priyanka Saggu
* Romain Aviolat
* Sunghoon Kang
* Tõnis Tiigi
* Zhiyu Li
* Alexander Minbaev
* Alexey Ivanov
* Artem Khramov
* Ben Hutchings
* Cory Bennett
* Da McGrady
* Dan Williams
* Eng Zer Jun
* Eric Ernst
* Ethan Chen
* Fabiano Fidêncio
* Fabiano Fidêncio
* Fupan Li
* Gaurav Gahlot
* Gunju Kim
* Jacob Blain Christen
* James Sturtevant
* Jayme Howard
* Jintao Zhang
* Justin Terry
* Kaijie Chen
* Kern Walster
* Kitt Hsu
* Lantao Liu
* Ma Xinjian
* Manabu Sugimoto
* Markus Lippert
* Mikko Ylinen
* Ng Yang
* Nicolas Chariglione
* Olli Janatuinen
* Peri Thompson
* Quan Tian
* Radostin Stoyanov
* Rui Lopes
* Sambhav Kothari
* Samuel Ortiz
* Sebastian Hasler
* Takumasa Sakao
* Tobias Klauser
* Yang Yang
* Yifan Yuan
* Zilong Wang
* Zufar Dhiyaulhaq
* botieking98
* chenxiaoyu
* jayonlau
* jerryzhuang
* kerthcet
* levinxo
* linrunlong
* ningmingxiao
* scuzhanglei
* wangzhan
* Étienne Guesnet
### Changes
<details><summary>911 commits</summary>
<p>
* Prepare release notes for v1.6.0-beta.5 ([#6407](https://github.com/containerd/containerd/pull/6407))
* Prepare release notes for v1.6.0-beta.5
* Integration: Check GCP secrets on Windows CI artifact upload. ([#6292](https://github.com/containerd/containerd/pull/6292))
* Integration: Check GCP secrets on Windows CI artifact upload.
* Github Security Advisory [GHSA-mvff-h3cj-wj9c](https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c)
* only relabel cri managed host mounts
* Add support for Intel RDT ([#5439](https://github.com/containerd/containerd/pull/5439))
* cri: add ignore_rdt_not_enabled_errors config option
* Update dependencies
* cri: annotations for controlling RDT class
* tasks: add Linux rdt support
* cmd: add --rdt-class command line option
* oci: implement WithRdt
* fix: use _ for consistency ([#6391](https://github.com/containerd/containerd/pull/6391))
* fix: use _ for consistency
* content/local: use syscall.Timespec.Unix ([#6403](https://github.com/containerd/containerd/pull/6403))
* content/local: use syscall.Timespec.Unix
* docs: improve plugin documentation ([#6207](https://github.com/containerd/containerd/pull/6207))
* docs: document the runtime shim plugin config options
* docs: use proper markdown lists in containerd-config.toml.5.md
* fix(ctr): enable networking for Windows containers ([#6304](https://github.com/containerd/containerd/pull/6304))
* fix(ctr): enable networking for Windows containers
* Fix $(PWD) issue for Windows makefile ([#6394](https://github.com/containerd/containerd/pull/6394))
* Fix $(PWD) issue for Windows makefile
* only test abstract uds on linux ([#6395](https://github.com/containerd/containerd/pull/6395))
* fix: only test abstract unix socket on linux
* Fix restart container test ([#6390](https://github.com/containerd/containerd/pull/6390))
* Expect ErrorNotFound on Windows after Kill()
* Replace tskill with taskkill
* fix when kernel version < 4.13rc1 by using index=off cause test error ([#6291](https://github.com/containerd/containerd/pull/6291))
* fix when kernel version < 4.13rc1 by using index=off cause overlay test error
* Fix no-daemon flag for integration/client tests ([#6384](https://github.com/containerd/containerd/pull/6384))
* Fix no-daemon flag for integration/client tests
* Enable lazy init for ext4 with devicemapper ([#6122](https://github.com/containerd/containerd/pull/6122))
* Enable lazy init for ext4 with devicemapper
* Fix flakiness on Windows for list stats ([#6385](https://github.com/containerd/containerd/pull/6385))
* Fix flakiness on Windows for list stats
* cri-integration: Add Windows defaults and fix spaces issue ([#6347](https://github.com/containerd/containerd/pull/6347))
* cri-integration: Add Windows default paths
* Upgrade OpenTelemetry dependencies ([#6383](https://github.com/containerd/containerd/pull/6383))
* Upgrade k8s.io/klog/v2 from 2.9.0 to 2.20.0
* Use insecure.NewCredentials instead of grpc.WithInsecure
* Upgrade OpenTelemetry dependencies
* Fix default makefile target for windows ([#6322](https://github.com/containerd/containerd/pull/6322))
* Fix default makefile target for windows
* Disable TestContainerHook on Windows ([#6379](https://github.com/containerd/containerd/pull/6379))
* Disable TestContainerHook on Windows
* seutil: Fix setting the "container_kvm_t" label ([#6372](https://github.com/containerd/containerd/pull/6372))
* seutil: Fix setting the "container_kvm_t" label
* Remove Windows integration testing for 2004. ([#6350](https://github.com/containerd/containerd/pull/6350))
* Remove Windows integration testing for 2004.
* OCI: Mount (accessible) host devices in privileged rootless containers ([#6308](https://github.com/containerd/containerd/pull/6308))
* OCI: Mount (accessible) host devices in privileged rootless containers
* oci.getDevices(): move "non-dir, non '/dev/console'" case into switch
* cri: add support for configuring swap ([#6320](https://github.com/containerd/containerd/pull/6320))
* fixup: check for swap accounting
* fixup: handle diff between cgroupsv1 and v2
* cri: add support for configuring swap
* Integration: Enable TestVolumeOwnership on Windows ([#6275](https://github.com/containerd/containerd/pull/6275))
* Replace find with native Go code
* Enable TestVolumeOwnership on Windows
* Prepare release notes for v1.6.0-beta.4 ([#6296](https://github.com/containerd/containerd/pull/6296))
* Prepare release notes for v1.6.0-beta.4
* refactor: functions for error log and error return ([#6358](https://github.com/containerd/containerd/pull/6358))
* feat: Errorf usage
* Split apart runc shim into plugin components ([#6021](https://github.com/containerd/containerd/pull/6021))
* Use task plugin for runc shim
* Seperate shim manager and task service
* Split runc shim into plugin components
* Add shutdown package
* CRI update for sandbox sizing ([#6155](https://github.com/containerd/containerd/pull/6155))
* cri, sandbox: pass sandbox resource details if available, applicable
* medatada: make namespaces' deletion error less cryptic ([#6354](https://github.com/containerd/containerd/pull/6354))
* medatada: make namespaces' deletion error less cryptic
* ListContainerStats to return stats response if ContainerStatsFilter is nil ([#6373](https://github.com/containerd/containerd/pull/6373))
* add-list-stat: return container list if filter is nil
* integration: deflake TestContainerdRestart ([#6369](https://github.com/containerd/containerd/pull/6369))
* integration: deflake TestContainerdRestart
* feat: add timeout for bolt open ([#6225](https://github.com/containerd/containerd/pull/6225))
* feat: support custom timeout for blot open
* Update Go to 1.17.5 ([#6333](https://github.com/containerd/containerd/pull/6333))
* Update Go to 1.17.5
* cri/server: use consistent alias for pkg/ioutil ([#6332](https://github.com/containerd/containerd/pull/6332))
* cri/server: use consistent alias for pkg/ioutil
* Disable restart monitor test in Windows ([#6364](https://github.com/containerd/containerd/pull/6364))
* Disable restart monitor test in Windows
* Don't fail-fast on Windows integration tests ([#6338](https://github.com/containerd/containerd/pull/6338))
* Don't fail-fast on Windows integration tests
* Update restart monitor test to output daemon logs on failure ([#6355](https://github.com/containerd/containerd/pull/6355))
* Run windows parallel integration test as short
* Update restart monitor test to output daemon logs on failure
* go.mod: update image-spec to latest (v1.0.3-dev) ([#6263](https://github.com/containerd/containerd/pull/6263))
* images/converter: remove deprecated types
* go.mod: update image-spec to latest (v1.0.3-dev)
* Skip WithAdditionalGIDs on Darwin ([#6353](https://github.com/containerd/containerd/pull/6353))
* Skip WithAdditionalGIDs on Darwin
* Use RFC3339 format on Windows periodic resource group creation so cleanup works ([#6303](https://github.com/containerd/containerd/pull/6303))
* Use RFC3339 format so rg cleanup works
* update runc to v1.0.3 ([#6330](https://github.com/containerd/containerd/pull/6330))
* go.mod: github.com/opencontainers/runc v1.0.3
* update runc binary to v1.0.3
* Unblock native snapshotter on Darwin ([#6329](https://github.com/containerd/containerd/pull/6329))
* Allow native snapshotter on Darwin
* Do not use `go get` to install executables ([#6328](https://github.com/containerd/containerd/pull/6328))
* Do not use `go get` to install executables
* Include runtime v2 in default builtins ([#6326](https://github.com/containerd/containerd/pull/6326))
* Include runtime v2 in default builtins
* Add Windows Server 2022 CI runs ([#6314](https://github.com/containerd/containerd/pull/6314))
* Add Windows Server 2022 CI runs
* Set explicit ACL on test files ([#6324](https://github.com/containerd/containerd/pull/6324))
* Use a single RUN command
* Set explicit ACL on test files
* integration: align tags of test images ([#6311](https://github.com/containerd/containerd/pull/6311))
* integration: align tags of test images
* Set CONTAINERD_ROOT in Windows cri-integration ([#6325](https://github.com/containerd/containerd/pull/6325))
* Set CONTAINERD_ROOT in Windows cri-integration
* export oci.DeviceFromPath() ([#6312](https://github.com/containerd/containerd/pull/6312))
* export oci.DeviceFromPath()
* Update volume test images ([#6321](https://github.com/containerd/containerd/pull/6321))
* Update continuity dependency
* Update volume test images
* Update TestRestartMonitor expected time check ([#6201](https://github.com/containerd/containerd/pull/6201))
* Add error logging on cleanup
* Update TestRestartMonitor expected time check
* Move test volume images from gcr to ghcr ([#6319](https://github.com/containerd/containerd/pull/6319))
* Move volume images from gcr to ghcr
* Revert shim service plugin migration ([#6301](https://github.com/containerd/containerd/pull/6301))
* Revert shim plugin migration
* Authenticate against ghcr.io ([#6317](https://github.com/containerd/containerd/pull/6317))
* Add permissions
* Authenticate against ghcr.io
* oci/deviceFromPath(): correctly check device types ([#6306](https://github.com/containerd/containerd/pull/6306))
* oci/deviceFromPath(): correctly check device types
* Skip TestExportAndImportMultiLayer on Windows ([#6315](https://github.com/containerd/containerd/pull/6315))
* Skip TestExportAndImportMultiLayer on Windows
* Integration: Add image build workflow ([#6290](https://github.com/containerd/containerd/pull/6290))
* Add image build workflow
* Integration: Separate Windows Periodic Tests workflow trigger. ([#6286](https://github.com/containerd/containerd/pull/6286))
* Integration: Separate Windows Periodic Tests workflow trigger.
* Build volume test images on Windows ([#6274](https://github.com/containerd/containerd/pull/6274))
* Build volume test images on Windows
* Add VMware TKG & TCE to Containerd adopters ([#6297](https://github.com/containerd/containerd/pull/6297))
* Add VMware TKG & TCE to Containerd adopters
* Vagrantfile: update to Fedora 35 ([#6293](https://github.com/containerd/containerd/pull/6293))
* Vagrantfile: update to Fedora 35
* Update README.md repo->org ([#6269](https://github.com/containerd/containerd/pull/6269))
* Update README.md repo->org
* Fix executable file not found when restoring shims ([#6278](https://github.com/containerd/containerd/pull/6278))
* Fix executable file not found when restoring shims
* ctr/snapshots/diff: show media-type in stderr ([#6271](https://github.com/containerd/containerd/pull/6271))
* ctr/snapshots/diff: don't show the media-type in output
* ctr: Add Linux Capabilities control flags ([#6289](https://github.com/containerd/containerd/pull/6289))
* ctr: Add Linux Capabilities control flags
* integration: add stats result in error message ([#6270](https://github.com/containerd/containerd/pull/6270))
* integration: add stats result in error message
* releases: mark 1.4 as Extended ([#6287](https://github.com/containerd/containerd/pull/6287))
* docs: mark 1.4 as Extended
* docs: fix RELEASES.md gRPC API anchor
* feat: skip ci for fork ([#6284](https://github.com/containerd/containerd/pull/6284))
* feat: skip ci for fork
* content/local: Close the file if Seek fails ([#6280](https://github.com/containerd/containerd/pull/6280))
* content/local: Close the file if Seek fails
* Integration: Remove explicit version passing to `azure/CLI`. ([#6268](https://github.com/containerd/containerd/pull/6268))
* Integration: Remove explicit version passing to `azure/CLI`.
* Fix wrong make target on documentation ([#6276](https://github.com/containerd/containerd/pull/6276))
* Fix wrong make target on documentation
* fix: server error return ([#6272](https://github.com/containerd/containerd/pull/6272))
* fix: server error return
* Prepare release notes for v1.6.0-beta.3 ([#6267](https://github.com/containerd/containerd/pull/6267))
* Prepare release notes for v1.6.0-beta.3
* Update API version in go.mod
* Update release name to use consistent format
* feat:support custom callopts on client side ([#6254](https://github.com/containerd/containerd/pull/6254))
* fix: make max recv/send msg size setting default
* feat:support custom callopts on client side
* [CRI] Fix panic when registry.mirrors use localhost ([#6258](https://github.com/containerd/containerd/pull/6258))
* [CRI] Fix panic when registry.mirrors use localhost
* Add support for TMP override on toml ([#6241](https://github.com/containerd/containerd/pull/6241))
* Add support for TMP override on toml
* CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options ([#6170](https://github.com/containerd/containerd/pull/6170))
* CRI: Support enable_unprivileged_icmp and enable_unprivileged_ports options
* Github Security Advisory [GHSA-5j5w-g665-5m35](https://github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35)
* schema1: reject ambiguous documents
* images: validate document type before unmarshal
* [cri] add sandbox and container latency metrics ([#6111](https://github.com/containerd/containerd/pull/6111))
* [cri] add sandbox and container latency metrics
* Integration: Generalize Windows CI setup scripts for any username. ([#6255](https://github.com/containerd/containerd/pull/6255))
* Generalize Windows CI setup script for any user.
* Standardize cmdlet capitalization in Windows CI scripts.
* feat: use rwmutex instead ([#6253](https://github.com/containerd/containerd/pull/6253))
* feat: use rwmutex instead
* Allow absolute path to shim binaries ([#6206](https://github.com/containerd/containerd/pull/6206))
* Fix package alias
* Support custom runtime path when launching tasks
* Add runtime path in CreateTaskRequest
* Close file if permission modification fails ([#6246](https://github.com/containerd/containerd/pull/6246))
* Close file if permission modification fails
* release: change tar name to match prior releases ([#6250](https://github.com/containerd/containerd/pull/6250))
* release: change tar name to match prior releases
* Fix wrong error returned for image index lookup ([#6237](https://github.com/containerd/containerd/pull/6237))
* Fix wrong error returned for image index lookup
* Fix containerd fails to pull OCI image with non-`http(s)://` urls ([#6221](https://github.com/containerd/containerd/pull/6221))
* Fix containerd fails to pull OCI image with non-`http(s)://` urls
* Prepare release notes for v1.6.0-beta.2 ([#6223](https://github.com/containerd/containerd/pull/6223))
* Prepare release notes for v1.6.0-beta.2
* Add arm64 to releases ([#6196](https://github.com/containerd/containerd/pull/6196))
* Rename release dockerfile to omit distro name
* release: improve dockerfile
* Add arm64 to releases
* use write lock when updating container stats ([#6236](https://github.com/containerd/containerd/pull/6236))
* use write lock when updating container stats
* go.mod: Bump hcsshim to v0.9.1 ([#6230](https://github.com/containerd/containerd/pull/6230))
* go.mod: Bump hcsshim to v0.9.1
* go.mod: Bump ttrpc to 1.1.0 ([#6228](https://github.com/containerd/containerd/pull/6228))
* go.mod: Bump ttrpc to 1.1.0
* go.mod: bump moby/sys/symlink v0.2.0, moby/sys/signal v0.6.0, moby/sys/mountinfo v0.5.0 ([#6213](https://github.com/containerd/containerd/pull/6213))
* go.mod: github.com/moby/sys/mountinfo v0.5.0
* go.mod: github.com/moby/sys/signal v0.6.0
* go.mod: github.com/moby/sys/symlink v0.2.0
* go.mod: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
* cleanup: add more description on comment ([#6222](https://github.com/containerd/containerd/pull/6222))
* cleanup: add more description on comment
* Update Go to 1.17.3 ([#6211](https://github.com/containerd/containerd/pull/6211))
* Update Go to 1.17.3
* CI: bump up crun: 1.0 -> 1.3 ([#6214](https://github.com/containerd/containerd/pull/6214))
* CI: bump up crun: 1.0 -> 1.3
* Pin az CLI version in windows-periodic workflow ([#6205](https://github.com/containerd/containerd/pull/6205))
* Pin az CLI version
* Decouple task manager ([#5918](https://github.com/containerd/containerd/pull/5918))
* Address PR comments
* Fix build after rebase
* Migrate task directory
* Expose shim process interface
* Fix after rebase
* Cleanup shim loading
* Move shim restore to a separate file
* Fix backward compatibility with old task shims
* Add plugin dependency between shim and shim services
* Rework task create and cleanup flow
* Add task manager
* Rename task manager to shim manager
* [cri] Implement k8s 1.23 CRI Pod Sandbox and Container Stats ([#6113](https://github.com/containerd/containerd/pull/6113))
* Implement CRI container and pods stats
* Vendor latest k8s.io/cri-api and netlink
* test: Add grace period for restart monitor test ([#6200](https://github.com/containerd/containerd/pull/6200))
* test: Add grace period for restart monitor test
* integration: Enables TestRuntimeHandler for Windows ([#6179](https://github.com/containerd/containerd/pull/6179))
* integration: Enables TestRuntimeHandler for Windows
* Add mkdir on Dockerfile ([#6171](https://github.com/containerd/containerd/pull/6171))
* Add mkdir on Dockerfile
* sys/reaper: avoid leaky goroutine when exec timeout ([#6189](https://github.com/containerd/containerd/pull/6189))
* sys/reaper: avoid leaky goroutine when exec timeout
* adds additional debug out to timebox cni setup ([#6184](https://github.com/containerd/containerd/pull/6184))
* adds additional debug out to timebox cni setup
* converter: Allow hooks during image conversion ([#6176](https://github.com/containerd/containerd/pull/6176))
* converter: Allow hooks during image conversion
* compression: support zstd with skippable frame ([#6177](https://github.com/containerd/containerd/pull/6177))
* compression: support zstd with skippable frame
* integration: Enables TestVolumeCopyUp for Windows ([#6182](https://github.com/containerd/containerd/pull/6182))
* integration: Enables TestVolumeCopyUp for Windows
* integration: Enable some tests for Windows (part 2) ([#6121](https://github.com/containerd/containerd/pull/6121))
* integration: Enable some tests for Windows (part 2)
* integration: Enable some tests for Windows ([#6085](https://github.com/containerd/containerd/pull/6085))
* integration: Enable some tests for Windows
* Update doc to version 2 syntax ([#6125](https://github.com/containerd/containerd/pull/6125))
* feat(doc): update to version 2 syntax
* fix shim reaper wait command execute blocked ([#6166](https://github.com/containerd/containerd/pull/6166))
* fix shim reaper wait command execute blocked
* content: close stream after commit request ([#6145](https://github.com/containerd/containerd/pull/6145))
* content: close stream after commit request
* Generating token options with each scope as a separate string. ([#6165](https://github.com/containerd/containerd/pull/6165))
* Adding scope tests for ParseAuthHeader
* Adding tests for GenerateTokenOptions
* Generate token options with each scope as a separate string.
* vendor: Updates go-cni ([#6167](https://github.com/containerd/containerd/pull/6167))
* vendor: Updates go-cni
* commands: Enables task metrics for Windows ([#6159](https://github.com/containerd/containerd/pull/6159))
* commands: Enables task metrics for Windows
* vendor: update moby/sys for darwin support ([#6149](https://github.com/containerd/containerd/pull/6149))
* vendor: update moby/sys for darwin support
* Prepare v1.6.0-beta.1 ([#6144](https://github.com/containerd/containerd/pull/6144))
* Prepare release notes for v1.6.0-beta.1
* Update mailmap
* Update api vendor
* bump cni to spec v1.0.0 ([#6136](https://github.com/containerd/containerd/pull/6136))
* bump CNI to spec v1.0.0
* Inject otel traces to grpc client. ([#5992](https://github.com/containerd/containerd/pull/5992))
* Inject otel traces to grpc client.
* client: expose (*image).platform ([#6142](https://github.com/containerd/containerd/pull/6142))
* client: expose (*image).platform
* Adding documentation for Core Scheduling ([#6128](https://github.com/containerd/containerd/pull/6128))
* feat(doc): add Core Scheduling documentation
* Ensure namespace is proxied to grpc/ttrpc plugins ([#6130](https://github.com/containerd/containerd/pull/6130))
* Ensure namespace is proxied to grpc/ttrpc plugins
* fix #6054 MaxConcurrentDownloads is not effect when Unpack is true ([#6109](https://github.com/containerd/containerd/pull/6109))
* fix #6054 MaxConcurrentDownloads is not effect when Unpack is true
* Output a warning for label image labels instead of erroring ([#6124](https://github.com/containerd/containerd/pull/6124))
* Output a warning for label image labels instead of erroring
* Fix spelling mistake in Windows snapshotter ([#6132](https://github.com/containerd/containerd/pull/6132))
* Fix spelling mistake in Windows snapshotter
* Windows: Cleanup rm- prefixed layers ([#6126](https://github.com/containerd/containerd/pull/6126))
* Windows: Cleanup rm- prefixed layers
* cleanup deprecated package `io/ioutil ` ([#6118](https://github.com/containerd/containerd/pull/6118))
* io/ioutil package has been deprecated in Go 1.16 that replaces io/ioutil functions
* close Writer after use which may memory leak ([#6115](https://github.com/containerd/containerd/pull/6115))
* close Writer after use which may leak mem
* Adds Windows resource limits support ([#5778](https://github.com/containerd/containerd/pull/5778))
* Adds Windows resource limits support
* Prepare release notes for v1.6.0-beta.0 ([#6098](https://github.com/containerd/containerd/pull/6098))
* Prepare release notes for v1.6.0-beta.0
* Add error message to in TestContainerdRestart integration test ([#6105](https://github.com/containerd/containerd/pull/6105))
* Add error message to in TestContainerdRestart integration test
* Fix typo in the NewContainer function documentation ([#6110](https://github.com/containerd/containerd/pull/6110))
* Fix typo in the NewContainer function documentation
* Update cgroups to v1.0.2 ([#6104](https://github.com/containerd/containerd/pull/6104))
* Update cgroups to v1.0.2
* btrfs: verify file content after mount ([#6100](https://github.com/containerd/containerd/pull/6100))
* test: check file content after mount
* Update test timeout based on recent cancellations ([#6107](https://github.com/containerd/containerd/pull/6107))
* Update test timeout based on recent cancellations
* Check the pid in cri test teardown ([#6106](https://github.com/containerd/containerd/pull/6106))
* Remove extra test_teardown
* Check the pid in cri test teardown
* add runc shim support for sched core ([#6011](https://github.com/containerd/containerd/pull/6011))
* fix integration client vendor
* add runc shim support for sched core
* integration: Enables Windows containerd restart test ([#5579](https://github.com/containerd/containerd/pull/5579))
* integration: Enables Windows containerd restart test
* vendor: Bump hcsshim to 0.9.0 ([#6099](https://github.com/containerd/containerd/pull/6099))
* vendor: Bump hcsshim to 0.9.0
* [cri] Add CNI conf based on runtime class ([#4695](https://github.com/containerd/containerd/pull/4695))
* Add CNI conf based on runtime class
* Update Go to 1.17.2 ([#6102](https://github.com/containerd/containerd/pull/6102))
* Update Go to 1.17.2
* integration: Adds test for multilayer image import ([#5933](https://github.com/containerd/containerd/pull/5933))
* integration: Adds test for multilayer image import
* runtime: should fail fast if dial error on shim ([#6031](https://github.com/containerd/containerd/pull/6031))
* runtime: should fail fast if dial error on shim
* Fixes Windows containers with image volumes ([#6034](https://github.com/containerd/containerd/pull/6034))
* Windows: Fixes Windows containers with image volumes
* run `gofmt` with GO 1.17 ([#6094](https://github.com/containerd/containerd/pull/6094))
* run `gofmt` with Go 1.17
* pkg/cap: remove an outdated comment ([#6088](https://github.com/containerd/containerd/pull/6088))
* pkg/cap: remove an outdated comment
* Update go otel 1.0.1 ([#6066](https://github.com/containerd/containerd/pull/6066))
* Update go otel 1.0.1
* Update ADOPTERS.md with additional uses ([#6086](https://github.com/containerd/containerd/pull/6086))
* Update ADOPTERS.md with additional uses
* modify the way for checking cos ([#6082](https://github.com/containerd/containerd/pull/6082))
* modify the way for checking cos
* Fuzzing: Add fuzzers + small modifications ([#5915](https://github.com/containerd/containerd/pull/5915))
* Fuzzing: Add 4 fuzzers + small modifications
* Fixes for Windows CI ([#6081](https://github.com/containerd/containerd/pull/6081))
* Pin mingw to version 10.2.0
* Update to golang 1.17.1
* Install nssm
* Github Security Advisory [GHSA-c2h3-6mxw-7mvq](https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq)
* btrfs: reduce permissions on plugin directories
* v1 runtime: reduce permissions for bundle dir
* v2 runtime: reduce permissions for bundle dir
* task service: return known error type ([#6079](https://github.com/containerd/containerd/pull/6079))
* task service: return known error type
* refactor: move from io/ioutil to io and os package ([#5973](https://github.com/containerd/containerd/pull/5973))
* refactor: move from io/ioutil to io and os package
* fix: import from k8s.io/utils/clock instead ([#6076](https://github.com/containerd/containerd/pull/6076))
* fix: update vendor
* cleanup: import from k8s.io/utils/clock/testing instead
* cleanup: import from k8s.io/utils/clock instead
* feat: enable integration cri remote client to call with grpc calloptions ([#6069](https://github.com/containerd/containerd/pull/6069))
* feat: enable cri remote client to call with grpc calloptions
* cleanup k8s ansible yaml (carry for #5713) ([#6074](https://github.com/containerd/containerd/pull/6074))
* cleanup k8s ansible yaml (carry for https://github.com/jayonlau <jayonlau@gmail.com>)
* feat: support import image for specific platform ([#6070](https://github.com/containerd/containerd/pull/6070))
* fix: wrong flag type
* feat: support import image for specific platform
* Update mirror images to take target image name ([#6065](https://github.com/containerd/containerd/pull/6065))
* Update mirror images to take target image name
* fix: make exec-id flag required in exec command ([#6059](https://github.com/containerd/containerd/pull/6059))
* fix: make exec-id flag required in exec command
* images: enable converter to uncompress zstd ([#6052](https://github.com/containerd/containerd/pull/6052))
* images: enable converter to uncompress zstd
* replace deprecated function with Domain and Path ([#5922](https://github.com/containerd/containerd/pull/5922))
* replace deprecated function
* integration: Adds Windows HostProcess tests ([#5853](https://github.com/containerd/containerd/pull/5853))
* integration: Adds Windows HostProcess tests
* Fix main branch build is broken ([#6047](https://github.com/containerd/containerd/pull/6047))
* Fix main branch build is broken
* Add open telemetry logging hook for logrus ([#6003](https://github.com/containerd/containerd/pull/6003))
* Add open telemetry logging hook for logrus
* Change `oci.WithUser` behavior for LCOW ([#6023](https://github.com/containerd/containerd/pull/6023))
* Change oci.WithUser behavior for LCOW
* switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound) ([#5946](https://github.com/containerd/containerd/pull/5946))
* switch usage directly to errdefs.(ErrAlreadyExists and ErrNotFound)
* import: Raise error if the imported image is filtered out ([#5926](https://github.com/containerd/containerd/pull/5926))
* import: Raise error if the imported image is filtered out
* Fix panic in metadata content writer on copy error ([#6043](https://github.com/containerd/containerd/pull/6043))
* Fix panic in metadata content writer on copy error
* Move tracing to plugin ([#6001](https://github.com/containerd/containerd/pull/6001))
* Move tracing to plugin
* ctr: Fixes Windows image import ([#5916](https://github.com/containerd/containerd/pull/5916))
* ctr: Fixes Windows image import
* update open go.opentelemetry.io v1.0.0 to fix import path ([#6017](https://github.com/containerd/containerd/pull/6017))
* go.mod: update opentelemetry modules to v1.0.0
* fix error string format ([#5979](https://github.com/containerd/containerd/pull/5979))
* fix error string format
* Add github action to mirror image ([#6036](https://github.com/containerd/containerd/pull/6036))
* Add github action to mirror image
* add current process state to the error message ([#6027](https://github.com/containerd/containerd/pull/6027))
* add current process state to the error message
* FreeBSD: fix tar headers & the nil check on getxattr ([#5991](https://github.com/containerd/containerd/pull/5991))
* FreeBSD: fix tar headers & the nil check on getxattr
* gha: collect VMs' IP addresses ([#6035](https://github.com/containerd/containerd/pull/6035))
* gha: collect Vagrant VMs' IP addresses
* bump continuity and console version that remove pkg/errors ([#6033](https://github.com/containerd/containerd/pull/6033))
* bump continuity and console version that remove pkg/errors
* import: Add option to prevent duplicated digest image ([#5997](https://github.com/containerd/containerd/pull/5997))
* import: Add option to skip creating digest image
* ctr namespaces: improve usage string ([#5998](https://github.com/containerd/containerd/pull/5998))
* ctr namespaces: improve usage string
* bump console version to v1.0.3 that remove pkg/errors ([#6028](https://github.com/containerd/containerd/pull/6028))
* bump console version to v1.0.3 that remove pkg/errors
* Use github images for integration tests ([#6032](https://github.com/containerd/containerd/pull/6032))
* Use github images for integration tests
* Fix typo ([#5995](https://github.com/containerd/containerd/pull/5995))
* Fix typo
* Enable image config labels in ctr and CRI container creation ([#6012](https://github.com/containerd/containerd/pull/6012))
* Enable image config labels in ctr and CRI container creation
* Make sure exit signals trigger an exit during init ([#5970](https://github.com/containerd/containerd/pull/5970))
* Make sure exit signals trigger an exit during init
* task delete: Closes task IO before waiting ([#5974](https://github.com/containerd/containerd/pull/5974))
* task delete: Closes task IO before waiting
* CI: bump up crun to 1.0 ([#5985](https://github.com/containerd/containerd/pull/5985))
* CI: bump up crun to 1.0
* seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted) ([#5982](https://github.com/containerd/containerd/pull/5982))
* seccomp: support "clone3" (return ENOSYS unless SYS_ADMIN is granted)
* Update to Go 1.17.1 ([#5990](https://github.com/containerd/containerd/pull/5990))
* Update to Go 1.17.1
* CI: Switch to available latest images ([#5987](https://github.com/containerd/containerd/pull/5987))
* CI: Switch to available latest images
* add xfs support to devicemapper snapshotter ([#5610](https://github.com/containerd/containerd/pull/5610))
* add xfs support to devicemapper snapshotter
* Fixes task kill --force on Windows ([#5956](https://github.com/containerd/containerd/pull/5956))
* Fixes task kill --force on Windows
* Add support for shim plugins ([#5817](https://github.com/containerd/containerd/pull/5817))
* Add support for shim plugins
* vendor: update continuity for darwin support ([#5976](https://github.com/containerd/containerd/pull/5976))
* vendor: update continuity for darwin support
* replace uses of os/exec with golang.org/x/sys/execabs ([#5906](https://github.com/containerd/containerd/pull/5906))
* replace uses of os/exec with golang.org/x/sys/execabs
* complete integration test for pulling image with labels ([#5972](https://github.com/containerd/containerd/pull/5972))
* Additional integration tests for pulling image with labels
* Fix content copy to not ignore unexpected EOF ([#5966](https://github.com/containerd/containerd/pull/5966))
* Fix content copy to not ignore unexpected EOF
* add ip_pref CNI options for primary pod ip ([#5964](https://github.com/containerd/containerd/pull/5964))
* add ip_pref CNI options for primary pod ip
* cri: add devices for privileged container ([#5939](https://github.com/containerd/containerd/pull/5939))
* cri: add devices for privileged container
* sandbox: Allows the sandbox to be deleted in NotReady state ([#5954](https://github.com/containerd/containerd/pull/5954))
* sandbox: Allows the sandbox to be deleted in NotReady state
* pin protobuild version to tag ([#5969](https://github.com/containerd/containerd/pull/5969))
* pin protobuild version to tag
* Add metric exposing build version&revision ([#5965](https://github.com/containerd/containerd/pull/5965))
* use a const metric for build_info
* Add metric exposing build version&revision
* Feature: containerd-cri support LinuxContainerResources.Unified ([#5627](https://github.com/containerd/containerd/pull/5627))
* add cri test case
* feature: add field LinuxContainerResources.Unified on cri
* integration: investigate TestRestartMonitor's failure ([#5861](https://github.com/containerd/containerd/pull/5861))
* integration: investigate TestRestartMonitor's failure
* Use issue forms for bug reporting ([#5917](https://github.com/containerd/containerd/pull/5917))
* Address issue forms feedback
* Use issue forms for bug reporting
* cri: patch update image labels ([#5945](https://github.com/containerd/containerd/pull/5945))
* cri: patch update image labels
* darwin: runtime support ([#5936](https://github.com/containerd/containerd/pull/5936))
* darwin: runtime support
* darwin: use the default values for socketRoot variable
* Update RELEASES.md ([#5858](https://github.com/containerd/containerd/pull/5858))
* Update RELEASES.md
* archive: Add WriteDiff error logs ([#5949](https://github.com/containerd/containerd/pull/5949))
* archive: Add WriteDiff error logs
* replace deprecated Dialer with ContextDialer ([#5958](https://github.com/containerd/containerd/pull/5958))
* replace deprecated Dail with DailContext
* Add WS2022 support in Windows Periodic tests ([#5951](https://github.com/containerd/containerd/pull/5951))
* Add WS2022 support in Windows Periodic tests
* Content fuzzer: Clean up temp store dir ([#5943](https://github.com/containerd/containerd/pull/5943))
* content fuzzer: Clean up tempdir
* using Hosts replace deprecated field ([#5944](https://github.com/containerd/containerd/pull/5944))
* using Hosts replace deprecated field
* fix document non-synchronous ([#5947](https://github.com/containerd/containerd/pull/5947))
* fix document non-synchronous in crictl.md
* go.mod: Update hcsshim to v0.8.21 ([#5929](https://github.com/containerd/containerd/pull/5929))
* go.mod: Update hcsshim to v0.8.21
* Makefile.linux: build on RISC-V with PIE ([#5937](https://github.com/containerd/containerd/pull/5937))
* Makefile.linux: build on riscv with PIE
* Fix cwd flag for `ctr tasks exec` ([#5932](https://github.com/containerd/containerd/pull/5932))
* Fix cwd flag for `ctr tasks exec`
* Update Pause image in tests & config ([#5927](https://github.com/containerd/containerd/pull/5927))
* Update Pause image in tests & config
* cri: Devices ownership from SecurityContext ([#5122](https://github.com/containerd/containerd/pull/5122))
* cri: Devices ownership from SecurityContext
* Fix pull fails on unexpected EOF ([#5921](https://github.com/containerd/containerd/pull/5921))
* Fix pull fails on unexpected EOF
* Fix dir support for devices ([#5845](https://github.com/containerd/containerd/pull/5845))
* Adding testing of two devices
* Fix dir support for devices V3 (#4847)
* windows: The DefaultSpec platform should match the Default matcher ([#5914](https://github.com/containerd/containerd/pull/5914))
* windows: The DefaultSpec platform should match the Default matcher
* Add RunAsUserName functionality for the Windows pod sandbox container ([#5865](https://github.com/containerd/containerd/pull/5865))
* Add RunAsUserName functionality for the Windows Pod Sandbox Container
* bump up runc v1.0.2 ([#5899](https://github.com/containerd/containerd/pull/5899))
* go.mod: update runc to v1.0.2
* update runc binary to v1.0.2
* Run `go fmt` with Go 1.17 ([#5903](https://github.com/containerd/containerd/pull/5903))
* Run `go fmt` with Go 1.17
* go.mod: github.com/pelletier/go-toml v1.9.3 ([#5905](https://github.com/containerd/containerd/pull/5905))
* go.mod: github.com/pelletier/go-toml v1.9.3
* cri: filter selinux xattr for image volumes ([#5902](https://github.com/containerd/containerd/pull/5902))
* cri: filter selinux xattr for image volumes
* Add Windows HostProcess Support ([#5131](https://github.com/containerd/containerd/pull/5131))
* Added windows hostProcess cni skip
* script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0 ([#5897](https://github.com/containerd/containerd/pull/5897))
* script: update golangci-lint from v1.38.0 and v1.36.0 to v1.42.0
* Update to Go 1.17 ([#5889](https://github.com/containerd/containerd/pull/5889))
* Bump integration timeout to 35 min
* Update to Go 1.17
* integration: fix TestContainerPids ([#5896](https://github.com/containerd/containerd/pull/5896))
* integration: fix TestContainerPids
* [ctr] add HOSTNAME env for host network ([#5891](https://github.com/containerd/containerd/pull/5891))
* [ctr] add HOSTNAME env for host network
* Fuzzing: Add fuzzer ([#5886](https://github.com/containerd/containerd/pull/5886))
* Fuzzing: Add fuzzer
* Make Cgroup driver configurable in gce configure script ([#5884](https://github.com/containerd/containerd/pull/5884))
* Add env for SystemdCgroup driver
* Allow expanded DNS configuration ([#5878](https://github.com/containerd/containerd/pull/5878))
* Allow expanded DNS configuration
* Fuzzing: Add 4 fuzzers ([#5863](https://github.com/containerd/containerd/pull/5863))
* Fuzzing: Add 4 fuzzers
* Cleanup v2 shim ([#5813](https://github.com/containerd/containerd/pull/5813))
* Cleanup v2 shim
* Fuzzing: Add experimental version of container fuzzer ([#5840](https://github.com/containerd/containerd/pull/5840))
* Use http.Get to download binaries instead of exec.Command
* Fuzzing: Add experimental version of container fuzzer
* add cpu-shares to ctr ([#5846](https://github.com/containerd/containerd/pull/5846))
* add cpu-shares to ctr
* docs: rename master to main (it was opposite on the actual commit) ([#5847](https://github.com/containerd/containerd/pull/5847))
* docs: rename main to master
* content: return the error with its timestamp ([#5849](https://github.com/containerd/containerd/pull/5849))
* content: return the error with its timestamp
* Fix bad `make protos` failure ([#5857](https://github.com/containerd/containerd/pull/5857))
* Fix bad `make protos` failure
* replace cri and point to new location ([#5851](https://github.com/containerd/containerd/pull/5851))
* archive docs and point to new location fix #https://github.com/containerd/cri/issues/1624
* docs: remove FOSSA's badge ([#5856](https://github.com/containerd/containerd/pull/5856))
* docs: remove FOSSA's badge
* BUILDING.md: remove some bits about building runc ([#5850](https://github.com/containerd/containerd/pull/5850))
* BUILDING.md: remove some bits about building runc
* BUILDING.md: markdown fixes
* go.mod: update k8s deps to v1.22.0 ([#5836](https://github.com/containerd/containerd/pull/5836))
* go.mod: update kubernetes to v1.22.0
* [Scripts] Add trap to cri-integration test script ([#5852](https://github.com/containerd/containerd/pull/5852))
* Add trap to cri-integration test script
* docs: list all snapshotter-related build flags ([#5848](https://github.com/containerd/containerd/pull/5848))
* docs: list all snapshotter-related build flags
* Move plugin context events into separate plugin ([#5835](https://github.com/containerd/containerd/pull/5835))
* Move plugin context events into separate plugin
* Fix Linux CI Linter using Go 1.15.14 ([#5839](https://github.com/containerd/containerd/pull/5839))
* Fix Linux CI Linter using go 1.15.14
* Update Go to 1.16.7 ([#5842](https://github.com/containerd/containerd/pull/5842))
* Update Go to 1.16.7
* Cleanup CI ([#5838](https://github.com/containerd/containerd/pull/5838))
* Cleanup CI
* Remove redundant build tags ([#5834](https://github.com/containerd/containerd/pull/5834))
* Remove redundant build tags
* Change default directories on Darwin ([#5830](https://github.com/containerd/containerd/pull/5830))
* Change default directories on Darwin
* [otel-tracing] Initial opentelemetry support ([#5731](https://github.com/containerd/containerd/pull/5731))
* [otel-tracing] vendor and go modules changes
* [otel-tracing] Initial opentelemetry support
* remove go 1.13 from containerd
* Fuzzing: Fix for OSS-fuzz issue 36825 ([#5829](https://github.com/containerd/containerd/pull/5829))
* Fuzzing: Fix for OSS-fuzz issue 36825
* Fuzzing: Add two fuzzers ([#5825](https://github.com/containerd/containerd/pull/5825))
* Fuzzing: Add two more fuzzers
* scripts: linting fixes, and remove support for Debian Jessie (as it's EOL) ([#5760](https://github.com/containerd/containerd/pull/5760))
* scripts: declare ROOT closer to where it's used, and some DRY changes
* scripts: add missing quotes, and minor linting issues
* test/build-utils.sh: remove support for Debian Jessie
* platforms: Format(): use path.Join() instead of joinNotEmpty() ([#5821](https://github.com/containerd/containerd/pull/5821))
* platforms: Format(): use path.Join() instead of joinNotEmpty()
* Fuzzing: Remove panics of container_fuzzer ([#5823](https://github.com/containerd/containerd/pull/5823))
* Fuzzing: Remove panics of container_fuzzer
* Fuzzing: Add container fuzzer ([#5785](https://github.com/containerd/containerd/pull/5785))
* Change protoc link
* Split fuzzer to two fuzzers
* Fuzzing: Add container fuzzer
* runtime: fix the issue of create new socket with abstract address ([#5746](https://github.com/containerd/containerd/pull/5746))
* runtime: fix the issue of create new socket with abstract address
* mergo: Upgrade to 0.3.12 to fix panic ([#5809](https://github.com/containerd/containerd/pull/5809))
* mergo: Upgrade to 0.3.12 to fix panic
* ci: install criu from PPA ([#5802](https://github.com/containerd/containerd/pull/5802))
* ci: install criu from PPA
* Update release workflow to upload binary without CNI ([#5144](https://github.com/containerd/containerd/pull/5144))
* Split release steps into multiple tasks
* Update release workflow to upload binary without CNI
* Enable critest on Windows Periodic Jobs ([#5725](https://github.com/containerd/containerd/pull/5725))
* Enable critest on Windows
* Script to check if entries in go.mod files are in sync ([#5792](https://github.com/containerd/containerd/pull/5792))
* Script to check if entries in go.mod files are in sync
* Add a sharedNamespace label ([#5043](https://github.com/containerd/containerd/pull/5043))
* Add shared content label to namespaces
* platforms: add "ios" as known OS, "loong64" as known ARCH ([#5784](https://github.com/containerd/containerd/pull/5784))
* platforms: add "ios" as known OS, "loong64" as known ARCH
* Updates the location of protobuf downloads ([#5804](https://github.com/containerd/containerd/pull/5804))
* Updates the location of protobuf downloads in docs
* Update protobuf install to use correct repository ([#5803](https://github.com/containerd/containerd/pull/5803))
* Update protobuf install to use correct repository
* overlay: expose upperdir location of each snapshot via an optional label ([#5624](https://github.com/containerd/containerd/pull/5624))
* overlay: add an optional label of upperdir location of each snapshot
* Support SIGRTMIN+n signals ([#5693](https://github.com/containerd/containerd/pull/5693))
* Support SIGRTMIN+n signals
* respect context timeout in shim binary call ([#5800](https://github.com/containerd/containerd/pull/5800))
* respect context timeout in shim binary call
* Introduce a new go module - containerd/api for use in standalone clients ([#5716](https://github.com/containerd/containerd/pull/5716))
* Introduce a new go module - containerd/api for use in standalone clients
* grpc config add options tcp_client_ca_cert ([#5606](https://github.com/containerd/containerd/pull/5606))
* grpc config add options tcp_tls_ca
* integration: Windows volume-copy-up images ([#5162](https://github.com/containerd/containerd/pull/5162))
* integration: Windows volume-copy-up images
* add CRI support matrix to RELEASES.md ([#5795](https://github.com/containerd/containerd/pull/5795))
* add CRI support matrix to RELEASES.md
* adding a little more clarity ([#5794](https://github.com/containerd/containerd/pull/5794))
* adding a little more clarity
* update gotestsum to v1.7.0 ([#5793](https://github.com/containerd/containerd/pull/5793))
* update gotestsum to v1.7.0
* Discard blocks when removing a thin device ([#5756](https://github.com/containerd/containerd/pull/5756))
* Discard blocks when removing a thin device
* Makefile: fix passing build tags ([#5590](https://github.com/containerd/containerd/pull/5590))
* Makefile: pass build tags to manpage build process
* Makefile: fix tags parameter computation
* Add runtime label to metrics ([#5744](https://github.com/containerd/containerd/pull/5744))
* Add runtime label to metrics
* interface about shim build check ([#5745](https://github.com/containerd/containerd/pull/5745))
* interface about shim build check
* integration: log all processes to investigate the test failure ([#5775](https://github.com/containerd/containerd/pull/5775))
* integration: log all processes to investigate the test failure
* Fuzzing: Add archive fuzzer ([#5779](https://github.com/containerd/containerd/pull/5779))
* Fuzzing: Add archive fuzzer
* Add docker.Fetch fuzzer ([#5687](https://github.com/containerd/containerd/pull/5687))
* Add docker fetch fuzzer
* Support custom compressor for walking differ ([#5735](https://github.com/containerd/containerd/pull/5735))
* Support custom compressor for walking differ
* remotes/docker/pusher.go: Fix missing Close() on push to docker remote ([#5770](https://github.com/containerd/containerd/pull/5770))
* remotes/docker/pusher.go: Fix missing Close()
* remotes/docker/fetcher.go: Fix missing Close() on fetch from docker remote ([#5769](https://github.com/containerd/containerd/pull/5769))
* remotes/docker/fetcher.go: Fix missing Close()
* Update cpuguy83/go-md2man binary to v2.0.1 ([#5771](https://github.com/containerd/containerd/pull/5771))
* Update cpuguy83/go-md2man binary to v2.0.1
* Refactor / optimize contrib/Dockerfile.test ([#5750](https://github.com/containerd/containerd/pull/5750))
* Dockerfile.test: build containerd in separate stage
* Dockerfile.test: add GOLANG_IMAGE build arg to allow overriding
* Dockerfile.test: clean up apt indexes after installing
* Dockerfile.test: build critools in a separate stage
* Dockerfile.test: build cni in a separate stage
* Dockerfile.test: standard directory to collect build aftifacts
* Dockerfile.test: split dev stage, and optimize order
* Dockerfile.test: skip curl, gcc, git and make install
* install-critools: make sure DESTDIR exists
* update gotestsum to current master ([#5754](https://github.com/containerd/containerd/pull/5754))
* update gotestsum to current master
* Github Security Advisory [GHSA-c72p-9xmj-rx3w](https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w)
* Add test for archive breakout test for lchmod
* Use systemd cgroup driver for Kubernetes e2e tests with cgroupsv2 ([#5755](https://github.com/containerd/containerd/pull/5755))
* Use systemd cgroup driver for cgroupv2 tests
* update runc to v1.0.1 ([#5751](https://github.com/containerd/containerd/pull/5751))
* go.mod: runc v1.0.1
* update runc binary to v1.0.1
* runtime: runc v2: remove redundant validation ([#5737](https://github.com/containerd/containerd/pull/5737))
* runtime: runc v2: remove redundant validation
* Add timestamp to flaky restart monitor test ([#5727](https://github.com/containerd/containerd/pull/5727))
* Move loop check to before sleep
* Add timestamp to flaky restart monitor test
* Update Go to 1.16.6 ([#5722](https://github.com/containerd/containerd/pull/5722))
* integration/client: go mod tidy
* Update Go to 1.16.6
* client: surface a connection error more clearly ([#4447](https://github.com/containerd/containerd/pull/4447))
* client: surface a connection error more clearly
* Fix missing Body.Close() calls on push to docker remote ([#5712](https://github.com/containerd/containerd/pull/5712))
* Fix missing Body.Close() calls on push to docker remote
* remove pkg/cri/platforms package ([#5710](https://github.com/containerd/containerd/pull/5710))
* remove pkg/cri/platforms package
* Allow WithServices to use custom implementations ([#5709](https://github.com/containerd/containerd/pull/5709))
* Allow WithServices to use custom implementations
* [Vendor] Update hcsshim to 0.8.18 ([#5673](https://github.com/containerd/containerd/pull/5673))
* [Vendor] Update hcsshim to 0.8.18
* test integration: Adds a test that restarts a failed container ([#5578](https://github.com/containerd/containerd/pull/5578))
* test integration: Adds a test that restarts a failed container
* [CRI] move up to CRI v1 and support v1alpha in parallel ([#5619](https://github.com/containerd/containerd/pull/5619))
* use fu wei's suggeted interface pick for marshaling
* add alpha version
* move up to CRI v1 and support v1alpha in parallel
* gha: make release workflow work in forks ([#5682](https://github.com/containerd/containerd/pull/5682))
* gha: make release workflow work in forks
* Add unit test for plugin ([#5666](https://github.com/containerd/containerd/pull/5666))
* Add unit test for plugin
* Dockerfile.test: add "cri-in-userns" (aka rootless) test stage ([#5700](https://github.com/containerd/containerd/pull/5700))
* Dockerfile.test: add "cri-in-userns" (aka rootless) test stage
* Update for distribution spec 1.0 ([#5676](https://github.com/containerd/containerd/pull/5676))
* Add support for registry host path override
* Update documenation for OCI distribution 1.0
* archive: cleanup lchmod logic ([#5702](https://github.com/containerd/containerd/pull/5702))
* Cleanup lchmod logic in archive
* Install specific golang version in Windows CI. ([#5571](https://github.com/containerd/containerd/pull/5571))
* Install specific golang version in Windows CI.
* Add ctr command label in NewContainerOpts ([#5660](https://github.com/containerd/containerd/pull/5660))
* feat: Add snapshotter label to the new snapshot for container.
* snapshot/devmapper: log exported methods correctly ([#5655](https://github.com/containerd/containerd/pull/5655))
* snapshot/devmapper: log exported methods correctly
* Makefile: fix DESTDIR and PREFIX concatenation ([#5662](https://github.com/containerd/containerd/pull/5662))
* Makefile: fix DESTDIR and PREFIX concatenation
* Cri integration cleanup ([#5287](https://github.com/containerd/containerd/pull/5287))
* tests: Use EnsureImageExists for image pulling
* tests: Refactors PodSandbox creation
* move sys.FMountat() into mount package and un-export ([#5641](https://github.com/containerd/containerd/pull/5641))
* un-export mount.FMountat
* move sys.FMountat() into mount package
* sandbox: send pod UID to CNI plugins as K8S_POD_UID ([#5640](https://github.com/containerd/containerd/pull/5640))
* sandbox: send pod UID to CNI plugins as K8S_POD_UID
* sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils ([#5639](https://github.com/containerd/containerd/pull/5639))
* sys: remove StatAtime(), StatCtime(), StatMtime() and StatATimeAsTime() utils
* content/local: inline sys.StatATimeAsTime() ([#5633](https://github.com/containerd/containerd/pull/5633))
* content/local: inline sys.StatATimeAsTime()
* allow multi gpu to be specified via ctr ([#5636](https://github.com/containerd/containerd/pull/5636))
* allow multi gpu to be specified via ctr
* go.mod: runc v1.0.0
* update runc binary to v1.0.0 GA
* fixing some doc links ([#5629](https://github.com/containerd/containerd/pull/5629))
* fixing some doc links
* Sync integration/go.mod with root go.mod ([#5623](https://github.com/containerd/containerd/pull/5623))
* Sync integration/go.mod with root go.mod
* archive: Expose ChangeWriter to allow customized diff computing ([#5615](https://github.com/containerd/containerd/pull/5615))
* archive: Expose ChangeWriter to allow customized diff computing
* CI: Switch to the available latest images ([#5625](https://github.com/containerd/containerd/pull/5625))
* CI: Switch to available latest images
* fix deprecation config for default runtime
* Re-enable criu in main integration runs ([#5614](https://github.com/containerd/containerd/pull/5614))
* Re-enable criu in main integration runs
* runtime,v2: Enable debug when containerd is on debug+ log level ([#5617](https://github.com/containerd/containerd/pull/5617))
* runtime,v2: Enable debug when containerd is on debug+ log level
* github.com/golang/protobuf/proto is deprecated
* Update github.com/golang/protobuf from v1.3.5 to v1.4.3
* Update google.golang.org/grpc from v1.27.1 to v1.38.0
* Increase golangci-lint timeout
* ctr flags of container rootfs propagation ([#5611](https://github.com/containerd/containerd/pull/5611))
* command line flags of setting container rootfs propagation
* add cgroupv2 setup for cos with a flag
* Update gotestsum to add timestamps to junit output ([#5612](https://github.com/containerd/containerd/pull/5612))
* Update gotestsum to add timestamps to junit output
* Allow to pass --no-cgroups option to nvidia-container-cli ([#5604](https://github.com/containerd/containerd/pull/5604))
* Allow to pass --no-cgroup option to nvidia-container-cli
* Makefile: FHS conformant manpage installation pathes ([#5577](https://github.com/containerd/containerd/pull/5577))
* Makefile: FHS conformant manpage installation pathes
* Add proper Go version before project checks ([#5594](https://github.com/containerd/containerd/pull/5594))
* Add proper Go version before project checks
* Enable cri-integration in Windows Periodic Tests ([#5580](https://github.com/containerd/containerd/pull/5580))
* Enable cri-integration in Windows Periodic Tests
* adds explanation for seccomp unset/unconfined default vs runtime default ([#5573](https://github.com/containerd/containerd/pull/5573))
* adds explanation for seccomp unset/unconfined default vs runtime default
* Fix cleanup context of teardownPodNetwork ([#5569](https://github.com/containerd/containerd/pull/5569))
* Fix cleanup context of teardownPodNetwork
* update integration/client go.sum ([#5572](https://github.com/containerd/containerd/pull/5572))
* update integration/client go.sum
* Revert diff/walking error change ([#5566](https://github.com/containerd/containerd/pull/5566))
* Revert diff/walking error change
* Update opencontainers/selinux to v1.8.2 ([#5562](https://github.com/containerd/containerd/pull/5562))
* Update opencontainers/selinux to v1.8.2
* fix invalid validation error checking ([#5565](https://github.com/containerd/containerd/pull/5565))
* fix invalid validation error checking
* diff/walking: fix defer cleanup ([#5551](https://github.com/containerd/containerd/pull/5551))
* diff/walking: fix defer cleanup
* Windows periodic job: Add creation timestamp to RG ([#5559](https://github.com/containerd/containerd/pull/5559))
* Add creation timestamp to RG
* Fix error case in Windows layer cleanup ([#5328](https://github.com/containerd/containerd/pull/5328))
* Fix error case in Windows layer cleanup
* Use DeactivateLayer to unlock layers that we cannot rename ([#5422](https://github.com/containerd/containerd/pull/5422))
* Small typo fix "reimporst"
* Use DeactivateLayer to recover layers that we cannot rename
* tests: Symlink volume tests ([#5284](https://github.com/containerd/containerd/pull/5284))
* tests: Symlink volume tests
* Makefile: fix DESTDIR environment variable behaviour ([#5535](https://github.com/containerd/containerd/pull/5535))
* Makefile: fix DESTDIR environment variable behaviour
* Change Wrapf of non-error to an actual error ([#5560](https://github.com/containerd/containerd/pull/5560))
* Change Wrapf of non-error to an actual error
* Install apparmor parser for arm64 environment
* scrub the stale TODO ([#5536](https://github.com/containerd/containerd/pull/5536))
* scrub the stale TODO
* docs: explicitly mention containerd's Prometheus path ([#5554](https://github.com/containerd/containerd/pull/5554))
* docs: explicitly mention containerd's Prometheus path
* integration: Cleanup containerd on test teardown ([#5553](https://github.com/containerd/containerd/pull/5553))
* integration: Cleanup containerd on test teardown
* docs/cri: update links ([#5548](https://github.com/containerd/containerd/pull/5548))
* docs/cri: update ocicrypt link
* docs/cri: fix broken links
* Update Windows periodic tests ([#5544](https://github.com/containerd/containerd/pull/5544))
* Update Windows periodic tests
* Add CI periodic Windows Jobs. ([#5165](https://github.com/containerd/containerd/pull/5165))
* Schedule Windows job daily after midnight.
* Update windows-periodic.yml
* Add CI periodic Windows Jobs.
* Rename atomicWrite to writeToCompletion ([#5273](https://github.com/containerd/containerd/pull/5273))
* Rename atomicWrite to writeToCompletion
* Do not run btrfs tests if btrfs kernel module is not loaded ([#5539](https://github.com/containerd/containerd/pull/5539))
* Do not run btrfs tests if btrfs kernel module is not loaded
* Fix incorrect UA used for registry authentication ([#5533](https://github.com/containerd/containerd/pull/5533))
* Fix incorrect UA used for registry authentication
* ctr: parse mount options with embedded = character ([#5531](https://github.com/containerd/containerd/pull/5531))
* ctr: parse mount options with embedded = character
* Fix mounts for FreeBSD ([#5472](https://github.com/containerd/containerd/pull/5472))
* Add ruleset=4 option
* Remove mountpoints not commonly mounted on FreeBSD
* Add copyright header & make sure compilation succeeds on all platforms
* Fix mounts for FreeBSD
* ctr: make exec pty behavior consistent with run ([#5527](https://github.com/containerd/containerd/pull/5527))
* ctr: exec handle pty resize after Start
* ctr: exec setup IO with console
* Makefile: use $@ for target file names ([#5534](https://github.com/containerd/containerd/pull/5534))
* Makefile: use $@ for target file names
* Fix small typo ([#5528](https://github.com/containerd/containerd/pull/5528))
* Fix small typo
* Don't check for apparmor_parser to be present ([#5519](https://github.com/containerd/containerd/pull/5519))
* update the link
* Don't check for apparmor_parser to be present
* Remove useless lines ([#5520](https://github.com/containerd/containerd/pull/5520))
* Remove useless lines
* Fixed typos in docs ([#5509](https://github.com/containerd/containerd/pull/5509))
* fixed typos
* Try next mirror in case of non-404 errors, too ([#5275](https://github.com/containerd/containerd/pull/5275))
* Try next mirror in case of non-404 errors, too
* bump runc version to v1.0.0-rc95 ([#5514](https://github.com/containerd/containerd/pull/5514))
* bump runc version to v1.0.0-rc95
* update runc binary to v1.0.0-rc95 ([#5511](https://github.com/containerd/containerd/pull/5511))
* update runc binary to v1.0.0-rc95
* Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0 ([#5508](https://github.com/containerd/containerd/pull/5508))
* Bump github.com/Microsoft/go-winio from 0.4.15 to 0.5.0
* Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1 ([#5507](https://github.com/containerd/containerd/pull/5507))
* Bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
* Makefile: allow overriding install command via environment ([#5493](https://github.com/containerd/containerd/pull/5493))
* Makefile: allow overriding install command via environment
* tests: Adds support for Windows cri-integration tests ([#5163](https://github.com/containerd/containerd/pull/5163))
* tests: Adds support for Windows cri-integration tests
* Update docker resolver to authorize redirects ([#5504](https://github.com/containerd/containerd/pull/5504))
* Update docker resolver to authorize redirects
* bump hcsshim version to v0.8.17 ([#5505](https://github.com/containerd/containerd/pull/5505))
* bump hcsshim version to v0.8.17
* Release binary update for imgcrypt ([#5498](https://github.com/containerd/containerd/pull/5498))
* just release ctd-decoder not ctr-enc
* Merge remote-tracking branch 'upstream/master'
* Pin integration test image for alpine
* cri-integration tests: Pull images once ([#5313](https://github.com/containerd/containerd/pull/5313))
* tests: Prepull images used in tests
* plugin: optimize the check for the last registration ([#5440](https://github.com/containerd/containerd/pull/5440))
* plugin: optimize the check for the last registration
* metadata: modify NewLeaseManager to return leases.Manager ([#5465](https://github.com/containerd/containerd/pull/5465))
* metadata: modify NewLeaseManager to return leases.Manager
* Skip TLS verification for localhost ([#5100](https://github.com/containerd/containerd/pull/5100))
* Skip TLS verification for localhost
* Merge remote-tracking branch 'upstream/master'
* Makefile: make sure manpages are built before install-man ([#5492](https://github.com/containerd/containerd/pull/5492))
* Makefile: make sure manpages are built before install-man
* adds description for hosts.toml ([#5309](https://github.com/containerd/containerd/pull/5309))
* adds credentials description
* adds description for hosts.toml
* Prepare default branch rename ([#5459](https://github.com/containerd/containerd/pull/5459))
* Prepare default branch rename
* Merge remote-tracking branch 'upstream/master'
* Update runc to rc94 ([#5473](https://github.com/containerd/containerd/pull/5473))
* Update vendored runc to v1.0.0.0-rc94
* Update the runc binary used with containerd to runc v1.0.0-rc94
* Fix `content.ReaderAt` close ([#5468](https://github.com/containerd/containerd/pull/5468))
* Fix content.ReaderAt close
* Update releases doc with updated support timeline ([#5466](https://github.com/containerd/containerd/pull/5466))
* Update releases doc with updated support timeline
* tests: add test for adaptor ([#5452](https://github.com/containerd/containerd/pull/5452))
* tests: add test for adaptor
* Makefile: allow overriding go command by environment ([#5450](https://github.com/containerd/containerd/pull/5450))
* Makefile: allow overriding go command by environment
* update to new cri-tools make install ([#5462](https://github.com/containerd/containerd/pull/5462))
* update to new cri-tools make install
* Update Go to 1.16.4 ([#5461](https://github.com/containerd/containerd/pull/5461))
* Update Go to 1.16.4
* Merge remote-tracking branch 'upstream/release/1.5'
* [release/1.5] go.mod: cut circular dependency on github.com/containerd/containerd ([#5457](https://github.com/containerd/containerd/pull/5457))
* go.mod: cut circular dependency on github.com/containerd/containerd
* integration/client: go mod tidy
* oci: fix WithDevShmSize ([#5063](https://github.com/containerd/containerd/pull/5063))
* oci: fix WithDevShmSize
* [release/1.5] cherry-pick: windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink ([#5454](https://github.com/containerd/containerd/pull/5454))
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink ([#5411](https://github.com/containerd/containerd/pull/5411))
* windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
* doc: add missing namespaces package ([#5448](https://github.com/containerd/containerd/pull/5448))
* doc: add missing namespaces package
* update seccomp version ([#5445](https://github.com/containerd/containerd/pull/5445))
* update seccomp version
* Update golang.org/x/sys to add linux/ppc support ([#5436](https://github.com/containerd/containerd/pull/5436))
* Update golang.org/x/sys to add linux/ppc support
* go.mod: cut circular dependency on github.com/containerd/containerd ([#5441](https://github.com/containerd/containerd/pull/5441))
* go.mod: cut circular dependency on github.com/containerd/containerd
* integration/client: go mod tidy
* Fix different registry hosts referencing the same auth config. ([#5446](https://github.com/containerd/containerd/pull/5446))
* Fix different registry hosts referencing the same auth config.
</p>
</details>
### Changes from containerd/cgroups
<details><summary>24 commits</summary>
<p>
* cgroup: Optionally add process and task to a subsystems subset ([#203](https://github.com/containerd/cgroups/pull/203))
* cgroup: Optionally add process and task to a subsystems subset
* replace pkg/errors from vendor ([#208](https://github.com/containerd/cgroups/pull/208))
* replace pkg/errors from vendor
* cgroup.go: avoid panic on nil interface ([#207](https://github.com/containerd/cgroups/pull/207))
* cgroup.go: avoid panic on nil interface
* Improvements on cgroup v2 support ([#204](https://github.com/containerd/cgroups/pull/204))
* cgroupv2: reset lastErr to nil when subtree control is successfully written
* cgroupv2: enable controllers before setting resources in NewChild()
* v2: remove unimplemented errors and ErrorHandler, IgnoreNotExist ([#201](https://github.com/containerd/cgroups/pull/201))
* v2: remove ErrorHandler and IgnoreNotExist as they are not implemented
* v2: remove errors that are never returned
* v1: reduce duplicated code ([#202](https://github.com/containerd/cgroups/pull/202))
* v1: reduce duplicated code
* cgroup v1: implement AddProc() ([#200](https://github.com/containerd/cgroups/pull/200))
* cgroup v1: implement AddProc()
* Rename branch from master to main ([#199](https://github.com/containerd/cgroups/pull/199))
* Rename branch from master to main
* utils: export ParseCgroupFile() ([#197](https://github.com/containerd/cgroups/pull/197))
* utils: export ParseCgroupFile()
* go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations ([#194](https://github.com/containerd/cgroups/pull/194))
* go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations
* Use /proc/partitions to get device names ([#195](https://github.com/containerd/cgroups/pull/195))
* Use /proc/partitions to get device names
</p>
</details>
### Changes from containerd/console
<details><summary>6 commits</summary>
<p>
* Fix CI ([#55](https://github.com/containerd/console/pull/55))
* Fix CI
* Stop using pkg/errors
* Add support for z/OS ([#46](https://github.com/containerd/console/pull/46))
* Console test on z/OS
* Add support for z/OS
</p>
</details>
### Changes from containerd/continuity
<details><summary>20 commits</summary>
<p>
* Copy Windows file metadata ([#188](https://github.com/containerd/continuity/pull/188))
* Copy Windows file metadata
* fix fmt.Errorf("%w", err) on err == nil ([#187](https://github.com/containerd/continuity/pull/187))
* fix fmt.Errorf("%w", err) on err == nil
* Remove direct dependency on github.com/pkg/errors ([#185](https://github.com/containerd/continuity/pull/185))
* run gofmt with Go 1.17
* remove direct dependency on github.com/pkg/errors
* Fix darwin issues ([#186](https://github.com/containerd/continuity/pull/186))
* update AUTHORS
* darwin: use utimensat syscall instead of utimes
* fix darwin usage of du command
* go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125 ([#161](https://github.com/containerd/continuity/pull/161))
* go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125
* fs/stat: add FreeBSD, and cleanup some nolint-comments ([#184](https://github.com/containerd/continuity/pull/184))
* reformat nolint comments
* fs/stat: add FreeBSD
* Rename branch from master to main ([#182](https://github.com/containerd/continuity/pull/182))
* Rename branch from master to main
* testutil/loopback: print more debug info ([#180](https://github.com/containerd/continuity/pull/180))
* testutil/loopback: print more debug info
</p>
</details>
### Changes from containerd/go-cni
<details><summary>15 commits</summary>
<p>
* remove: Continue on "not found" errors ([#74](https://github.com/containerd/go-cni/pull/74))
* remove: Continue on "not found" errors
* go.mod: github.com/containernetworking/cni v1.0.1 ([#72](https://github.com/containerd/go-cni/pull/72))
* go.mod: github.com/containernetworking/cni v1.0.1
* remove direct dependency on github.com/pkg/errors ([#71](https://github.com/containerd/go-cni/pull/71))
* remove direct dependency on github.com/pkg/errors
* update CNI to v1.0.0 ([#70](https://github.com/containerd/go-cni/pull/70))
* test: add TestLibCNIType100
* update CNI to v1.0.0
* Rename branch from master to main ([#69](https://github.com/containerd/go-cni/pull/69))
* Rename branch from master to main
* result: change Raw from a struct field to a method ([#68](https://github.com/containerd/go-cni/pull/68))
* result: change Raw from a struct field to a method
* result: expose raw result ([#67](https://github.com/containerd/go-cni/pull/67))
* result: expose raw result
</p>
</details>
### Changes from containerd/ttrpc
<details><summary>34 commits</summary>
<p>
* Add protoc-gen-go-ttrpc ([#96](https://github.com/containerd/ttrpc/pull/96))
* Add protoc-gen-go-ttrpc
* client: Handle sending/receiving in separate goroutines ([#94](https://github.com/containerd/ttrpc/pull/94))
* client: Handle sending/receiving in separate goroutines
* Run Protobuild in GitHub Actions ([#95](https://github.com/containerd/ttrpc/pull/95))
* Run Protobuild in GitHub Actions
* Re-generate example.pb.go
* replace pkg/errors ([#93](https://github.com/containerd/ttrpc/pull/93))
* replace pkg/errors from vendor
* Rename branch from master to main ([#86](https://github.com/containerd/ttrpc/pull/86))
* Rename branch from master to main
* Make "go test" and "go build" work on macOS ([#85](https://github.com/containerd/ttrpc/pull/85))
* Make the example command buildable on macOS
* Run GitHub Actions on macOS
* Make "go test" work on macOS
* Return Unimplemented when services or methods are not implemented ([#83](https://github.com/containerd/ttrpc/pull/83))
* Return Unimplemented when services or methods are not implemented
* Remove "Very new" and checked TODO items ([#84](https://github.com/containerd/ttrpc/pull/84))
* Remove "Very new" and checked TODO items
* removing glide from ignore ([#82](https://github.com/containerd/ttrpc/pull/82))
* removing glide from ignore
* go.mod: update dependencies ([#79](https://github.com/containerd/ttrpc/pull/79))
* go.mod: github.com/prometheus/procfs v0.6.0
* go.mod: google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
* go.mod: google.golang.org/grpc v1.27.1
* go.mod: github.com/gogo/protobuf v1.3.2
* remove travis, add codecov badge ([#78](https://github.com/containerd/ttrpc/pull/78))
* CI: add codecov badge to readme
* CI: remove travis
* Use GitHub Actions for CI ([#77](https://github.com/containerd/ttrpc/pull/77))
* Use GitHub Actions for CI
* go.mod: sirupsen/logrus v1.7.0 ([#76](https://github.com/containerd/ttrpc/pull/76))
* go.mod: sirupsen/logrus v1.7.0
* go mod tidy
</p>
</details>
### Dependency Changes
* **github.com/AdaLogics/go-fuzz-headers** 6c3934b029d8 **_new_**
* **github.com/Microsoft/go-winio** v0.4.17 -> v0.5.1
* **github.com/Microsoft/hcsshim** v0.8.16 -> v0.9.1
* **github.com/bits-and-blooms/bitset** v1.2.0 **_new_**
* **github.com/blang/semver** v3.5.1 **_new_**
* **github.com/cenkalti/backoff/v4** v4.1.2 **_new_**
* **github.com/cilium/ebpf** v0.4.0 -> v0.6.2
* **github.com/containerd/cgroups** v1.0.1 -> v1.0.2
* **github.com/containerd/console** v1.0.2 -> v1.0.3
* **github.com/containerd/continuity** v0.1.0 -> 8e53e7cac79d
* **github.com/containerd/go-cni** v1.0.2 -> aa8bf14323a5
* **github.com/containerd/ttrpc** v1.0.2 -> v1.1.0
* **github.com/containernetworking/cni** v0.8.1 -> v1.0.1
* **github.com/containernetworking/plugins** v0.9.1 -> v1.0.1
* **github.com/go-logr/logr** v0.2.0 -> v1.2.2
* **github.com/go-logr/stdr** v1.2.2 **_new_**
* **github.com/golang/groupcache** 8c9f03a8e57e -> 41bb18bfe9da
* **github.com/golang/protobuf** v1.3.5 -> v1.5.2
* **github.com/google/go-cmp** v0.5.4 -> v0.5.6
* **github.com/google/gofuzz** v1.1.0 -> v1.2.0
* **github.com/grpc-ecosystem/go-grpc-middleware** v1.3.0 **_new_**
* **github.com/grpc-ecosystem/grpc-gateway** v1.16.0 **_new_**
* **github.com/hashicorp/errwrap** v1.0.0 -> v1.1.0
* **github.com/hashicorp/go-multierror** v1.0.0 -> v1.1.1
* **github.com/imdario/mergo** v0.3.11 -> v0.3.12
* **github.com/intel/goresctrl** v0.2.0 **_new_**
* **github.com/json-iterator/go** v1.1.10 -> v1.1.11
* **github.com/moby/spdystream** v0.2.0 **_new_**
* **github.com/moby/sys/signal** v0.6.0 **_new_**
* **github.com/opencontainers/image-spec** v1.0.1 -> 693428a734f5
* **github.com/opencontainers/runc** v1.0.0-rc93 -> v1.0.3
* **github.com/opencontainers/runtime-spec** e6143ca7d51d -> 1c3f411f0417
* **github.com/opencontainers/selinux** v1.8.0 -> v1.8.2
* **github.com/pelletier/go-toml** v1.8.1 -> v1.9.3
* **github.com/prometheus/client_golang** v1.7.1 -> v1.11.0
* **github.com/prometheus/common** v0.10.0 -> v0.30.0
* **github.com/prometheus/procfs** v0.6.0 -> v0.7.3
* **github.com/satori/go.uuid** v1.2.0 **_new_**
* **github.com/sirupsen/logrus** v1.7.0 -> v1.8.1
* **github.com/spf13/pflag** v1.0.5 **_new_**
* **github.com/stretchr/testify** v1.6.1 -> v1.7.0
* **github.com/vishvananda/netlink** f5de75959ad5 **_new_**
* **github.com/vishvananda/netns** 2eb08e3e575f **_new_**
* **go.etcd.io/bbolt** v1.3.5 -> v1.3.6
* **go.opencensus.io** v0.22.3 -> v0.22.4
* **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.28.0 **_new_**
* **go.opentelemetry.io/otel** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/internal/retry** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/sdk** v1.3.0 **_new_**
* **go.opentelemetry.io/otel/trace** v1.3.0 **_new_**
* **go.opentelemetry.io/proto/otlp** v0.11.0 **_new_**
* **golang.org/x/net** e18ecbb05110 -> fe4d6282115f
* **golang.org/x/oauth2** bf48bf16ab8d -> f6687ab2804c
* **golang.org/x/sync** 09787c993a3a -> 036812b2e83c
* **golang.org/x/sys** 47abb6519492 -> 1d35b9e2eb4e
* **golang.org/x/term** 7de9c90e9dd1 -> 6a3ed077a48d
* **golang.org/x/text** v0.3.4 -> v0.3.7
* **golang.org/x/time** 3af7569d3a1e -> 1f47c861a9ac
* **google.golang.org/appengine** v1.6.5 -> v1.6.6
* **google.golang.org/grpc** v1.27.1 -> v1.43.0
* **google.golang.org/protobuf** v1.27.1 **_new_**
* **gopkg.in/yaml.v3** 9f266ea9e77c -> 496545a6307b
* **k8s.io/api** v0.20.6 -> v0.22.0
* **k8s.io/apimachinery** v0.20.6 -> v0.22.1
* **k8s.io/apiserver** v0.20.6 -> v0.22.0
* **k8s.io/client-go** v0.20.6 -> v0.22.0
* **k8s.io/component-base** v0.20.6 -> v0.22.0
* **k8s.io/cri-api** v0.20.6 -> v0.23.0-alpha.4
* **k8s.io/utils** 67b214c5f920 -> cb0fa318a74b
Previous release can be found at [v1.5.0](https://github.com/containerd/containerd/releases/tag/v1.5.0)
PreviousNext