Skip to content

Commit

Permalink
Release 5.30.1
Browse files Browse the repository at this point in the history 
This fixes CVE-2024-3727 .

Digest values used throughout this library were not always validated.
That allowed attackers to trigger, when pulling untrusted images,
unexpected authenticated registry accesses on behalf of a victim user.

In less common uses of this library (using other transports or not using
the containers/image/v5/copy.Image API), an attacker could also trigger
local path traversals or crashes.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
  • Loading branch information
@mtrmac
mtrmac committed May 9, 2024
1 parent 132678b commit 56e750a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion version/version.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ const (
// VersionMinor is for functionality in a backwards-compatible manner
VersionMinor = 30
// VersionPatch is for backwards-compatible bug fixes
VersionPatch = 0
VersionPatch = 1

// VersionDev indicates development branch. Releases will be empty string.
VersionDev = ""
Expand Down

0 comments on commit 56e750a

Please sign in to comment.