Download Latest Version containerd-2.3.1-linux-s390x.tar.gz (33.8 MB)
Email in envelope

Get an email when there's a new version of containerd

Home / v2.2.4
Name Modified Size InfoDownloads / Week
Parent folder
containerd-2.2.4-attestation.intoto.jsonl 2026-05-20 12.3 kB
0
containerd-2.2.4-linux-amd64.tar.gz 2026-05-20 35.4 MB
0
containerd-2.2.4-linux-amd64.tar.gz.sha256sum 2026-05-20 102 Bytes
0
containerd-2.2.4-linux-arm64.tar.gz 2026-05-20 32.1 MB
0
containerd-2.2.4-linux-arm64.tar.gz.sha256sum 2026-05-20 102 Bytes
0
containerd-2.2.4-linux-ppc64le.tar.gz 2026-05-20 32.3 MB
0
containerd-2.2.4-linux-ppc64le.tar.gz.sha256sum 2026-05-20 104 Bytes
0
containerd-2.2.4-linux-riscv64.tar.gz 2026-05-20 32.7 MB
0
containerd-2.2.4-linux-riscv64.tar.gz.sha256sum 2026-05-20 104 Bytes
0
containerd-2.2.4-linux-s390x.tar.gz 2026-05-20 34.7 MB
0
containerd-2.2.4-linux-s390x.tar.gz.sha256sum 2026-05-20 102 Bytes
0
containerd-2.2.4-windows-amd64.tar.gz 2026-05-20 39.9 MB
1 1 weekly downloads
containerd-2.2.4-windows-amd64.tar.gz.sha256sum 2026-05-20 104 Bytes
0
containerd-static-2.2.4-linux-amd64.tar.gz 2026-05-20 34.0 MB
0
containerd-static-2.2.4-linux-amd64.tar.gz.sha256sum 2026-05-20 109 Bytes
0
containerd-static-2.2.4-linux-arm64.tar.gz 2026-05-20 30.5 MB
0
containerd-static-2.2.4-linux-arm64.tar.gz.sha256sum 2026-05-20 109 Bytes
0
containerd-static-2.2.4-linux-ppc64le.tar.gz 2026-05-20 30.5 MB
0
containerd-static-2.2.4-linux-ppc64le.tar.gz.sha256sum 2026-05-20 111 Bytes
0
containerd-static-2.2.4-linux-riscv64.tar.gz 2026-05-20 31.4 MB
0
containerd-static-2.2.4-linux-riscv64.tar.gz.sha256sum 2026-05-20 111 Bytes
0
containerd-static-2.2.4-linux-s390x.tar.gz 2026-05-20 33.0 MB
0
containerd-static-2.2.4-linux-s390x.tar.gz.sha256sum 2026-05-20 109 Bytes
0
containerd 2.2.4 source code.tar.gz 2026-05-20 11.5 MB
0
containerd 2.2.4 source code.zip 2026-05-20 16.0 MB
0
README.md 2026-05-20 5.4 kB
0
Totals: 26 Items   394.0 MB 1

Welcome to the v2.2.4 release of containerd!

The fourth patch release for containerd 2.2 contains various fixes and updates including security patches.

  • containerd

  • CVE-2026-46680

  • go-jose

  • CVE-2026-34986

  • Use mount manager during image volume processing to support snapshotters that require writable block volumes (e.g., EROFS) (#13242)

  • Fix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (#13448)

  • Apply hardening to block AF_ALG in default socket policy (#13408)
  • Fix bugs in sandbox service affecting sandbox creation configuration and event publishing (#13266)

  • Set AppArmor abi conditionally to support versions < 3.0 (#13275)

  • Disable overlay "rebase" capability when running in a user namespace to fix layer extraction failures (#13393)

  • Support both "volatile" and "fsync=volatile" mount options for volatile snapshotter (#13296)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

  • Wei Fu
  • Akihiro Suda
  • Chris Henzie
  • Paweł Gronowski
  • Samuel Karp
  • Brian Goff
  • Champ-Goblem
  • Chris Chang
  • LEI WANG
  • Phil Estes
  • William Myers
21 commits

* oci: return explicit error for out-of-range USER values ([#13448](https://github.com/containerd/containerd/pull/13448)) * [`d20c6267b`](https://github.com/containerd/containerd/commit/d20c6267b88bfd52277337184916e293c627542a) oci: return explicit error for out-of-range USER values * seccomp: Block AF_ALG in default socket policy ([#13408](https://github.com/containerd/containerd/pull/13408)) * [`db34dc4b4`](https://github.com/containerd/containerd/commit/db34dc4b4a111883d21ebf088d0fd0db48d82558) seccomp: Block AF_ALG in default socket policy * [`214b141ee`](https://github.com/containerd/containerd/commit/214b141ee94410058db80602efdfa47d21d77513) seccomp: Document socket rule scope and socketcall limitation * update Go to 1.25.10, 1.26.3 ([#13375](https://github.com/containerd/containerd/pull/13375)) * [`c2b1856fa`](https://github.com/containerd/containerd/commit/c2b1856fae4f237cda30f59f879b7a0f15ad6033) update Go to 1.25.10, 1.26.3 * overlay: disable "rebase" capability when running in UserNS ([#13393](https://github.com/containerd/containerd/pull/13393)) * [`63874d262`](https://github.com/containerd/containerd/commit/63874d262ca46871ff291ef5005e739e55702d07) overlay: disable "rebase" capability when running in UserNS * Support both styles of volatile mount option ([#13296](https://github.com/containerd/containerd/pull/13296)) * [`2c7d48acf`](https://github.com/containerd/containerd/commit/2c7d48acf2d91a8ac11d11c24c27461acf276101) Support both styles of volatile mount option * Bump go-jose/go-jose to v4.1.4 to fix GHSA-78h2-9frx-2jm8 ([#13292](https://github.com/containerd/containerd/pull/13292)) * [`80311db63`](https://github.com/containerd/containerd/commit/80311db633ba2bf339badb18c0ce152994911d27) chore: update go-jose for CVE-2026-34986 * sandbox: forward Create fields, fix event topics ([#13266](https://github.com/containerd/containerd/pull/13266)) * [`caa29a741`](https://github.com/containerd/containerd/commit/caa29a741321999d2296fc3d89f190b15ce40495) sandbox: forward Create fields, fix event topics * apparmor: Set abi conditionally ([#13275](https://github.com/containerd/containerd/pull/13275)) * [`5ab0a1206`](https://github.com/containerd/containerd/commit/5ab0a12065f2a0724d3f8d20012f2065db6d5716) apparmor: Set abi conditionally * Parameterize K8s version in node-e2e workflow ([#13247](https://github.com/containerd/containerd/pull/13247)) * [`f9c34f7b1`](https://github.com/containerd/containerd/commit/f9c34f7b1446ff186a717bddd6aa55d68f9e3385) Parameterize K8s version in node-e2e workflow * cri: use mount manager when image has volumes ([#13242](https://github.com/containerd/containerd/pull/13242)) * [`39dc2a475`](https://github.com/containerd/containerd/commit/39dc2a47585c42037d6a900dff7570b23fa53745) cri: use mount manager when image has volumes

Previous release can be found at v2.2.3

  • containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04).
  • containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent.

In addition to containerd, typically you will have to install runc and CNI plugins from their official sites too.

See also the Getting Started documentation.

Source: README.md, updated 2026-05-20