v0.12.0

What's Changed

• adding option of using buffered image reader for faster dmverity hashing by @SethHollandsworth in #2013
• Fix process handle leak when launching a job container by @kevpar in #2020
• Revert "gcs: Support routing container stdio to sidecar" by @kevpar in #2023
• internal/exec: Fix stdio pipe problems by @kevpar in #2021
• Allow mounting multiple dev nodes per assigned device by @katiewasnothere in #2003
• tests: update docker images by @anmaxvl in #2012
• Don't create container scratch per base layer by @ambarve in #2002
• Removing internal tests from hcsshim's cri-containerd tests by @yyatmsft in #1998
• Fix CodeQL pipeline failure by @helsaawy in #2032
• Update Cmd IO handling by @helsaawy in #1937
• [deps] Omni-bus dependency update by @helsaawy in #2039
• Upgrade to go1.21 by @kiashok in #2033

New Contributors

• @yyatmsft made their first contribution in #1998

Full Changelog: v0.12.0-rc.3...v0.12.0

v0.12.0-rc.3

What's Changed

• SNP Direct DM-Verity Boot by @darracott in #1952
• tests: update test images used for cri-containerd tests by @anmaxvl in #1991
• Add CodeQL suppression for tar extraction code by @ambarve in #2006
• Update nvidia hook log file paths to use container bundle path as base dir by @katiewasnothere in #1999
• Switch to using new errdefs repo by @kiashok in #2016

Full Changelog: v0.12.0-rc.2...v0.12.0-rc.3

v0.12.0-rc.2

What's Changed

• CI: add CodeQL workflow and schedule by @anmaxvl in #1962
• Add additional registry values to uVM via annotation by @helsaawy in #1963
• uvmboot and gcs.test bug fix by @helsaawy in #1966
• Add support for Linux kernel 6.x to fetch attestation report by @takuro-sato in #1886
• cimfs: Add cim layer mount/unmount functionality. by @ambarve in #1955
• Update build tags, lint entire repo for Linux by @helsaawy in #1968
• Check for SNP before fetching SNP report by @darracott in #1967
• Build components in CodeQL pipeline by @helsaawy in #1970
• [deps] Omnibus dependency updata by @helsaawy in #1977
• Fix CodeQL code scanning alerts by @helsaawy in #1972
• RemoveVSMB uses the wrong hostPath for file shares by @helsaawy in #1974
• [test] Update manifest; go generate by @helsaawy in #1919
• Bump actions/setup-go from 4 to 5 by @dependabot in #1978
• Lint common error wrapping issues, update README by @helsaawy in #1969
• Bump actions/upload-artifact from 3 to 4 by @dependabot in #1985
• Bump github/codeql-action from 2 to 3 by @dependabot in #1983
• Bump actions/download-artifact from 3 to 4 by @dependabot in #1984
• Use CimFS layers for Process isolated WCOW by @ambarve in #1971
• Minor CimFS bug fixes by @ambarve in #1980

New Contributors

• @takuro-sato made their first contribution in #1886

Full Changelog: v0.12.0-rc.1...v0.12.0-rc.2

v0.12.0-rc.1

What's Changed

• Clean up NVIDIA hook by @katiewasnothere in #1879
• Add OutputHandlerCreator type for UVMs by @helsaawy in #1875
• [test]Exclude features, add any feature check by @helsaawy in #1853
• Skip shim tests if shim binary is not found by @helsaawy in #1893
• add support for verity checking partitioned disks by @anmaxvl in #1810
• defaulting to unbuffered reader for dmverity hashing by @SethHollandsworth in #1887
• Fix closing stdin by @rumpl in #1899
• Bump actions/checkout from 3 to 4 by @dependabot in #1885
• Update containerd log dependency by @dmcgowan in #1898
• Add constants for supported mount types by @kiashok in #1920
• Bump go.uber.org/mock from 0.2.0 to 0.3.0 by @dependabot in #1907
• Support adding mount to running containers by @kiashok in #1918
• Use "hcsschema" in internal/hcs by @helsaawy in #1901
• Embed version info; print benchmark config by @helsaawy in #1874
• Bump golang.org/x/net from 0.10.0 to 0.17.0 by @dependabot in #1931
• Add Close/WaitCtx to UtilityVM & System by @helsaawy in #1876
• [test] Log to ETW for benchmarks; retry layer removal by @helsaawy in #1947
• Also use test/go.sum for caching go dependencies by @helsaawy in #1895
• Update go_version in release workflow yaml by @hgarvison in #1945
• minor refactor in dmverity-vhd tool by @anmaxvl in #1948
• Standardize LCOW uVM bootfiles update by @helsaawy in #1861
• cimfs: Add a LayerWriter for writing cim layers by @ambarve in #1873
• Create container subdirectories for process dump by @kiashok in #1929
• Adding a new "DisableHostPort" network flag by @jayanthAP in #1938

New Contributors

• @rumpl made their first contribution in #1899
• @jayanthAP made their first contribution in #1938

Full Changelog: v0.12.0-rc.0...v0.12.0-rc.1

v0.11.4

What's Changed

• [release/0.11] Update containerd log dependency by @kiashok in #1957

Full Changelog: v0.11.3...v0.11.4

v0.11.3

What's Changed

• [release/0.11] make sure to close files in dmverity-vhd tool (#1770) by @anmaxvl in #1946
• [release/0.11] Create container subdirectories for process dumps by @kiashok in #1956

Full Changelog: v0.11.2...v0.11.3

v0.11.2

What's Changed

• [release/0.11] Add constants for mount types by @kiashok in #1930
• [release/0.11] Cherry pick commits from v0.10.0-rc9 tag by @kiashok in #1923
• [release/0.11] Support adding mount to running containers by @kiashok in #1936

Full Changelog: v0.11.1...v0.11.2

v0.11.1

What's Changed

• Fix closing stdin (#1899) by @rumpl
• defaulting to unbuffered reader for dmverity hashing (#1887) by @SethHollandsworth
• Cleanup tests that are skipped in CI by @kiashok
• skip failing test, use gotestsum (#1820) by @helsaawy
• fix integration test failure (#1799) by @helsaawy
• update to latest containerd/1.6 tag v1.6.23 by @kiashok

Full Changelog: v0.11.0...v0.11.1

v0.11.0

Note: This is the first tag from release/0.11 branch and release/0.11 branch is based off of v0.10.0-rc.8 tag. Tags cut from release/0.11 branch is intended to be used on containerd release/1.7

What's Changed

• Add test network agent for ncproxy dev work by @katiewasnothere in #1067
• Support restarting containerd in tests, add restart test case by @kevpar in #1188
• Export hcsshim annotations into its own package by @anmaxvl in #1201
• Extend integrity protection of LCOW layers to SCSI devices by @anmaxvl in #1170
• Remove block preventing us from making hardlinks to symlinks by @katiewasnothere in #1187
• Fix LayerData not being usable for ComputeStorage package by @dcantah in #1203
• tests: Add CRI tests for integrity protection of LCOW layers by @anmaxvl in #1193
• Fix commandline double quoting for job containers by @dcantah in #1207
• Support updating cpugroup membership by @katiewasnothere in #1202
• Add reconnect logic for stdio pipes by @dcantah in #1197
• Add support for finding net adapters that were assigned with vpci by @katiewasnothere in #1196
• Support booting isolated SNP from a GuestStateFile rather than separate kernel/initrd. by @KenGordon in #1206
• Add tool to install modules in lcow and plumb through shim by @katiewasnothere in #1195
• Add retries when removing device mapper target by @anmaxvl in #1200
• Handling of out-of-order whiteout files during tar expansion by @ambarve in #1218
• Fix permissions issues with sandbox mounts by @katiewasnothere in #1211
• Update readme to list accurate go version by @dcantah in #1220
• Pass disk handle for computestorage.FormatWritableLayerVhd on RS5 by @dcantah in #1204
• go.mod: Bump ttrpc to 1.1.0 by @dcantah in #1223
• Update the Type field name to PolicyType for SetPolicy by @netal in #1194
• Add DefaultContainerAnnotations runhcs option by @anmaxvl in #1210
• security policy appended to container's environment variables by @svolos in #1219
• Add 21H2 definitions to osversion package by @dcantah in #1205
• Rework merkle tree implementation to use io.Reader instead of byte array by @anmaxvl in #1209
• Time synchronization inside LCOW UVM by @ambarve in #1119
• Set default time zone for WCOW UVM by @dcantah in #1192
• Bump github.com/containerd/containerd from 1.5.7 to 1.5.8 by @dependabot in #1231
• Restructure location of various ncproxy apis by @katiewasnothere in #1216
• Fix ReadExt4SuperBlock function by @anmaxvl in #1229
• Support assigning devices into LCOW by @katiewasnothere in #1215
• Add ws2022 image/build to cri-containerd tests by @dcantah in #1160
• Update ncproxy API and adjust hcn support by @katiewasnothere in #1212
• Add function to write hash device by @anmaxvl in #1235
• Add conpty (pseudo console) package by @dcantah in #1228
• Revendor in /test and remove dead code by @dcantah in #1244
• Add E2E test for pulling images with unorderd tar by @ambarve in #1238
• Bump github.com/opencontainers/image-spec from 1.0.1 to 1.0.2 in /test by @dependabot in #1247
• Add new exec package for host process containers by @dcantah in #1233
• Swap to the internal/exec pkg for host process containers by @dcantah in #1248
• HCS fixes for HclEnabled and guest state file type. by @KenGordon in #1250
• Rename conpty.New to conpty.Create by @dcantah in #1254
• Ignore access denied on HcsTerminateProcess by @gabriel-samfira in #1252
• Change redundant conpty.ConPTY struct name by @dcantah in #1259
• Fix deferred os.Umask usage in loops by @anmaxvl in #1256
• Rework TestPseudoConsolePowershell by @dcantah in #1255
• Add endpoint settings to add nic call by @katiewasnothere in #1246
• Wait for waitInitExit() to return by @gabriel-samfira in #1249
• Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 in /test by @dependabot in #1265
• Bump github.com/containerd/containerd from 1.5.8 to 1.5.9 by @dependabot in #1266
• Make kill noop on second run by @gabriel-samfira in #1269
• Rework process dump cri-containerd tests by @dcantah in #1267
• Add ErrInvalidHandle and fix list stats by @gabriel-samfira in #1276
• Fix ReadDMVeritySuperBlock function by @anmaxvl in #1257
• Update Go module version to 1.17 by @dcantah in #1222
• Add new service for querying compute systems' information by @katiewasnothere in #1243
• Fix Test_ExtendedTask_ProcessorInfo CRI test by @anmaxvl in #1283
• Update ncproxy to include new ncproxy network and endpoint types by @katiewasnothere in #1239
• Add logging to layer retry code path by @dcantah in #1281
• Skip flaky TestPseudoConsolePowershell by @dcantah in #1285
• Fix checkptr error with > 1 process in job object by @dcantah in #1284
• Refactor code for security policy by @anmaxvl in #1279
• shim: Don't shadow err return in createPod by @kevpar in #1288
• Bump github.com/opencontainers/runc from 1.0.2 to 1.0.3 by @dependabot in #1241
• Bug fix with runc container lifetime management by @helsaawy in #1272
• Shutdown hcsshim properly by @helsaawy in #1289
• Expand env variables for job containers to job mount path by @jsturtevant in #1292
• Enable gofmt in linter by @dcantah in #1293
• Delete shim workloads tasks in pod. by @helsaawy in #1271
• Add new guest request/resource packages by @anmaxvl in #1240
• Fix Network Namespace Bug For Ctr by @dcantah in #1270
• Fix comment placement for layers.MountContainerLayers by @dcantah in #1295
• Cleanup 'getUserTokenInheritAnnotation' by @dcantah in #1294
• Fix bugs in network setup introduced by a refactor PR by @anmaxvl in #1299
• Put Linux build tag on /internal/guest/transport/vsock.go by @dcantah in #1301
• Skip test for updating VM cpugroup membership for now by @katiewasnothere in #1298
• Linux GCS: Log disk info on ENOSPC errors by @dcantah in #1297
• Disable unsafe container options by @helsaawy in #1260
• Add local user account creation for host process containers by @dcantah in #1286
• all: fix typo by @cuishuang in #1310
• test: use T.TempDir to create temporary test directory by @Juneezee in #1308
• Replace winapi GetQueuedCompletionStatus bind with x/sys/windows by @dcantah in #1307
• fix lint issue by @anmaxvl in #1314
• Bump github.com/containerd/containerd from 1.5.9 to 1.5.10 by @dependabot in #1313
• Working directory enforcement by @anmaxvl in #1305
• Scrubbing env vars from logs by @helsaawy in #1315
• Add helper functions for generating security policy and setup CRI tests by @...

v0.12.0-rc.0

What's Changed

• tests: rego get_properties functional test by @anmaxvl in #1803
• cimfs: Add Offline registry API wrappers and export constants by @ambarve in #1842
• Add support for nodenetsvc v0 and readme to test network agent by @katiewasnothere in #1824
• Allow tar2ext4 to convert slashes by @helsaawy in #1847
• Bump github.com/opencontainers/runc from 1.1.7 to 1.1.8 by @dependabot in #1845
• disable fail fast on windows tests by @helsaawy in #1851
• Bump github.com/opencontainers/runtime-spec from 1.1.0-rc.3 to 1.1.0 by @dependabot in #1852
• Use RtlGetVersion instead of GetVersion by @ambarve in #1846
• Add exec benchmarks by @helsaawy in #1855
• Bump google.golang.org/grpc from 1.56.2 to 1.57.0 in /test by @dependabot in #1859
• Fall back on json encoding from protojson by @helsaawy in #1864
• [ci] Update testing jobs by @helsaawy in #1854
• Bump github.com/google/go-containerregistry from 0.15.2 to 0.16.1 in /test by @dependabot in #1869
• Bump golang.org/x/sys from 0.10.0 to 0.11.0 in /test by @dependabot in #1868
• Bump google.golang.org/grpc from 1.56.2 to 1.57.0 by @dependabot in #1856
• retry device mapper and cryptsetup errors by @anmaxvl in #1721
• computestorage: Fix incorrect syscall in DestroyLayer by @kevpar in #1872
• cimfs: Add helpers for retrieving partition information from a vhdx by @ambarve in #1850
• Add more go vet checks by @helsaawy in #1849
• Allow setting HclEnabled to false by @darracott in #1862
• Fix SVN reference in policy readme by @BryceDFisher in #1877

New Contributors

• @darracott made their first contribution in #1862
• @BryceDFisher made their first contribution in #1877

Full Changelog: v0.10.0...v0.12.0-rc.0