20.10.8

(2021-10-28)

Components

Component

Version

Mirantis Container Runtime

20.10.8

containerd

1.5.8 (from 2021-11-23)

1.5.7 (prior to 2021-11-23)

runc

1.0.2

Deprecation

  • Deprecated support for encrypted TLS private keys. Legacy PEM encryption (as specified in RFC 1423) is insecure by design. Because legacy PEM encryption does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can allow an attacker to recover the plaintext (docker/cli#3219).

  • Deprecated Kubernetes stack support (docker/cli#3174).

Runtime

  • MCR now prints a warning when using the --platform option to pull a single-arch image that does not match the specified architecture (moby/moby#42633).

  • Fixed an issue wherein the following incorrect warning displayed when running cgroups v2:

    Your kernel does not support swap memory limit.
    

    moby/moby#42479

  • Fixed an issue with MCR on Windows wherein containers were not stopped if HcsShutdownComputeSystem returned an ERROR_PROC_NOT_FOUND error (moby/moby#42613).

  • Fixed an issue wherein using a JWT license with an MKE instance that manages MCR caused MCR to log error messages (FIELD-4201).

  • Fixed an issue wherein the docker info and docker version commands did not properly display the MCR license information on nodes that do not belong to a swarm (FIELD-4180).

Client

  • Fixed an issue with MCR on Windows wherein the following incorrect error displayed when trying to call term.StdStreams():

    Invalid standard handle identifier
    

    docker/cli#3132

Packaging

  • Updated containerd to version 1.5.7 to resolve CVE-2021-41103.

  • Updated the Golang runtime to Go version 1.16.7.

  • Updated the FIPS library with certificate number 3993.

  • Updated the bundled buildx version to 0.6.1 for RPM and DEB packages.