Affected by GO-2022-0344 and 7 other vulnerabilities

GO-2022-0344: containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd

GO-2022-0360: Ambiguous OCI manifest parsing in github.com/containerd/containerd

GO-2022-0482: containerd CRI plugin: Host memory exhaustion through ExecSync in github.com/containerd/containerd

GO-2022-0784: containerd-shim API Exposed to Host Network Containers in github.com/containerd/containerd

GO-2022-0803: containerd v1.2.x can be coerced into leaking credentials during image pull in github.com/containerd/containerd

GO-2022-0921: Archive package allows chmod of file outside of unpack target directory in github.com/containerd/containerd

GO-2022-0938: Insufficiently restricted permissions on plugin directories in github.com/containerd/containerd

GO-2022-1147: containerd CRI stream server vulnerable to host memory exhaustion via terminal in github.com/containerd/containerd

The highest tagged major version is v2.

gc

package

v1.0.0-alpha2 Latest Latest Go to latest Published: Jul 26, 2017 License: Apache-2.0, CC-BY-SA-4.0 Imports: 0 Imported by: 456

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Package gc experiments with providing central gc tooling to ensure deterministic resource removal within containerd.

For now, we just have a single exported implementation that can be used under certain use cases.

This section is empty.

This section is empty.

func Tricolor(roots []string, all []string, refs func(ref string) []string) []string

Tricolor implements basic, single-thread tri-color GC. Given the roots, the complete set and a refs function, this returns the unreachable objects.

Correct usage requires that the caller not allow the arguments to change until the result is used to delete objects in the system.

It will allocate memory proportional to the size of the reachable set.

We can probably use this to inform a design for incremental GC by injecting callbacks to the set modification algorithms.

This section is empty.