GRR v1.19.8

• Handle an error case in deletion that could lead to an infinite loop in Golang (https://www.pivotaltracker.com/story/show/168908417)
• Bump go (to 1.13.1, https://www.pivotaltracker.com/story/show/168804803)
• Bump containerd (to 1.3.0, https://www.pivotaltracker.com/story/show/168805196)
• Bump runc (to 1.0.0-rc9, https://www.pivotaltracker.com/story/show/168804818)

GRR v1.19.7

release v1.19.7

GRR v1.19.6

• Fixes a problem in delete that can sometimes lead to leaking containers. We recommend all users of v1.19.2+ upgrade to this version.

GRR v1.19.5

Bumps libseccomp due to https://www.cloudfoundry.org/blog/cve-2019-9893/

GRR v1.19.4: Continue to not panic

• Various improvements to the dontpanic diagnostic tool
• Bump containerd to fix a bug that could lead to leaking sockets (https://www.pivotaltracker.com/story/show/165536505)
• Improvemed resiliency to edge cases in Containerd mode (https://www.pivotaltracker.com/story/show/159850215)

GRR v1.19.3: File, Sparse File

Various fixes, including:

• We now limit the size of the sparse file (when doing this does not result in less than 20GB of sparse file space) to avoid encroaching on the reserved_space_for_other_jobs. This is necessary because sparse files do not reclaim free space, so it's is possible for the underlying sparse file to exceed the size of the actual mounted loop device in some cases if this is not done. See https://www.pivotaltracker.com/story/show/165764224 for more.
• Better handling of empty logs from Image Plugin (cloudfoundry/guardian#128, thanks @aminjam!)
• More permissive of some docker registries that incorrectly report blob size (https://www.pivotaltracker.com/story/show/166465168)
• Fixes some issues for volume services in rootless mode (https://www.pivotaltracker.com/story/show/164649716)

GRR v1.19.1

• Upgrades xfs tools for better compatibility on GCE (#164426628)
• Fixes an issue encountered when trying to StreamIn to the root / of a container (#164536184)

GRR v1.19.0: The (Experimental) One With the New CPU Entitlements

• Announcing the new (experimental) CPU entitlement plugin. This allows the platform to expose an actionable cpu metric that users can understand and auto-scale on. Operator Guide, User Guide/CF CLI Plugin
  • This feature is experimental and subject to change, feedback very welcome.
• Works around some race conditions in container deletion to do with the freezer group while we investigate further (#163303619)
• Bump runC for improvements to CVE fix which was causing issues on a small number of systems (#164300827)
• Improve startup diagnostics when cleanup takes a long time (#162046202)

GRR v1.18.3: Dontpanic dontpanic

• Ensure dontpanic works properly in bpm

GRR v1.18.2

• Addressed CVE-2019-5736 - while Garden was not vulnerable to this issue unless using privileged containers, it did remove a layer of security
• Addressed a race condition in GrootFS that could cause repeated container create failures (#119)
• Removed some erroneous error messages from Garden startup logs (tracker: #163617086)