From bbc33ec46bb3c7e1604b73a164632828e31d24f2 Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Thu, 7 Nov 2024 21:19:07 +0100 Subject: [PATCH] Add NVIDIA Container Toolkit v1.17.0 release notes (#122) Signed-off-by: Evan Lezar --- container-toolkit/release-notes.md | 47 ++++++++++++++++++++++++++++++ container-toolkit/versions.json | 7 +++-- repo.toml | 2 +- 3 files changed, 53 insertions(+), 3 deletions(-) diff --git a/container-toolkit/release-notes.md b/container-toolkit/release-notes.md index e2d2d7935..706a12686 100644 --- a/container-toolkit/release-notes.md +++ b/container-toolkit/release-notes.md @@ -10,6 +10,53 @@ This document describes the new features, improvements, fixed and known issues f ______________________________________________________________________ +## NVIDIA Container Toolkit 1.17.0 + +This version includes updates for: + +* [NVIDIA CVE-2024-0134](https://nvidia.custhelp.com/app/answers/detail/a_id/5585) + +To view any published security bulletins for NVIDIA products, refer to the NVIDIA product security page at . + +For more information regarding NVIDIA security vulnerability remediation policies, refer to . + +--- + +This release of the NVIDIA Container Toolkit `v1.17.0` is a feature update and bugfix release. + +The following packages are included: + +- `nvidia-container-toolkit 1.17.0` +- `libnvidia-container-tools 1.17.0` +- `libnvidia-container1 1.17.0` + +The following `container-toolkit` conatiners are included: + +- `nvcr.io/nvidia/k8s/container-toolkit:v1.17.0-ubi8` +- `nvcr.io/nvidia/k8s/container-toolkit:v1.17.0-ubuntu20.04` (also as `nvcr.io/nvidia/k8s/container-toolkit:v1.16.1`) + +### Fixes and Features + +- Fixed a bug where symlinks created as a container starts could escape the container root. This fix addresses CVE-2024-0134. +- Fixed a bug with locating `libcuda.so` in the ldcache while generating CDI specifications. This fix enables the toolkit to locate driver libraries on systems that use a custom path for the driver installation. +- Fixed a bug related to creating symlink chains on Tegra-based sytems. This fix ensures that behavior is consistent across multiple runs of containers and do not depend on a random sort order. +- Fixed a bug where VDPAU driver libraries are not discovered in CDI spec generation. + +- Added support for requesting IMEX channels as volume mounts. +- Added a `disable-imex-channel-creation` feature flag to disable the creation of IMEX channel device nodes when creating a container. +- Added IMEX channel device nodes to the CDI specifications in `management` mode. +- Added the creation of select driver symlinks (e.g. `libcuda.so`) in CDI specification generation to match the behavior in the `legacy` mode. + + +### Enhancements to container-toolkit Container Images + +- Added support for querying current container runtime configurations from the command line instead of config files. This ensures that the effective config is used when configuring the NVIDIA Container Runtimes. +- Updated the CUDA base image version to 12.6.2. + +#### Enhancements to libnvidia-container + +- Added a `--no-create-imex-channels` command line option. + ## NVIDIA Container Toolkit 1.16.2 **This release provides critical security updates and is recommended for all users.** diff --git a/container-toolkit/versions.json b/container-toolkit/versions.json index baf02d7fe..385486da9 100644 --- a/container-toolkit/versions.json +++ b/container-toolkit/versions.json @@ -1,10 +1,13 @@ { - "latest": "1.16.2", + "latest": "1.17.0", "versions": [ + { + "version": "1.17.0" + }, { "version": "1.16.2" - }, + }, { "version": "1.16.1" }, diff --git a/repo.toml b/repo.toml index edb72ca96..dc8d4f02b 100644 --- a/repo.toml +++ b/repo.toml @@ -77,7 +77,7 @@ project_build_order = [ docs_root = "${root}/container-toolkit" project = "container-toolkit" name = "NVIDIA Container Toolkit" -version = "1.16.2" +version = "1.17.0" copyright_start = 2020 redirects = [ { path="concepts.html", target="index.html" },