Concourse

v8.2.2 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 10d Pipelines

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

ci-cd concourse containers elm go pipelines

+1 more

runc

Affected surfaces

breaking_upgrade deps

ReleasePort's take

Moderate signal

editorial:auto 10d

The release bumps containerd to v2.3.1 to fix a privilege escalation CVE.

Why it matters: Patch containerd to version v2.3.1 immediately to mitigate the reported privilege‑escalation vulnerability (CVE).

Summary

AI summary

Updates 📦 Bundled Resource Types, 🐞 Bug Fixes, and 🛠️ Misc. Changes across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Bump containerd to v2.3.1 to address a privilege escalation CVE. Bump containerd to v2.3.1 to address a privilege escalation CVE. Source: llm_adapter@2026-05-24 Confidence: low	—
Bugfix	Medium	Fix CF connector issues reported by @IvanChalukov. Fix CF connector issues reported by @IvanChalukov. Source: llm_adapter@2026-05-24 Confidence: high	—
Bugfix	Medium	Use session signing key to derive state signing key. Use session signing key to derive state signing key. Source: llm_adapter@2026-05-24 Confidence: high	—

Full changelog

What's Changed

🐞 Bug Fixes

Fix CF connector by @IvanChalukov in https://github.com/concourse/concourse/pull/9580
Use session signing key to derive state signing key by @taylorsilva in https://github.com/concourse/concourse/pull/9579

🛠️ Misc. Changes

Bump containerd to v2.3.1 to address a privilege escalation CVE in containerd by @taylorsilva in https://github.com/concourse/concourse/pull/9582

📦 Bundled Resource Types

bosh-io-release: v1.3.4
bosh-io-stemcell: v1.5.4
docker-image: v1.13.1
git: v1.22.3
github-release: v1.14.0
hg: v1.5.4
mock: v0.14.5
pool: v1.8.1
registry-image: v1.17.0
s3: v2.5.4
semver: v2.0.1
time: v1.11.3

Full Changelog: https://github.com/concourse/concourse/compare/v8.2.1...v8.2.2

Security Fixes

containerd upgraded to v2.3.1 – addresses privilege escalation CVE (unspecified ID)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Concourse

Get notified when new releases ship.

About Concourse

Concourse is a container-based automation system written in Go. It's mostly used for CI/CD.

All releases →