v1.4.1 - [2025-05-14]
- Fix the use of libsubid which had been broken by the revision applied in 1.4.0-rc.2.
- Fix a bug introduced in 1.4.0 that caused arm64 to be mis-converted to arm64v8 and resulted in a failure when pulling OCI containers.
- Fix user database lookup in master process preventing instance from starting correctly on systems using winbind.
- Update minimum go version to 1.23.6 now that it is current in el8 & el9.
- Check for existence of
/run/systemd/systemwhen verifying cgroups can be used via systemd manager. - Compile gocryptfs with the default
GOAMD64microarchitecture of the go compiler instead of always usingGOAMD64=v2. The default value in the upstream go compiler isGOAMD64=v1, to work with older CPUs, although it can have a cost in performance on newer CPUs. It is still possible to setGOAMD64to a newer microarchitecture (v2+). For instance RHEL 9 uses v2 and RHEL 10 uses v3 as their default values. - Add a clear error message if someone tries to use privileged network options while not using setuid mode.
- Allow multi-arch oci-archive files that have a nested index with the manifest. This is the default format (both for Docker and OCI) when using
nerdctl save. - Test if docker-archive is actually an oci-archive (since Docker version 25), and if it is oci then use the OCI parser to avoid bugs in the Docker parser. Save the daemon-daemon references to a temporary docker-archive, to benefit from the same improvements also for those references. Parse as oci-archive.