Skip to content

runc v1.2.0-rc.3 -- "The supreme happiness of life is the conviction that we are loved."

Pre-release
Pre-release
Compare
Choose a tag to compare
@cyphar cyphar released this 03 Sep 01:42
· 140 commits to main since this release
v1.2.0-rc.3
This tag was signed with the committer’s verified signature.
cyphar Aleksa Sarai
GPG key ID: 2897FAD2B7E9446F
Learn about vigilant mode.
45471bc
This commit was signed with the committer’s verified signature.
cyphar Aleksa Sarai
GPG key ID: 2897FAD2B7E9446F
Learn about vigilant mode.

This is the third release candidate for the 1.2.0 branch of runc. It includes
all patches and bugfixes included in runc 1.1 patch releases (up to and
including 1.1.14) and also includes a fix for a low severity security issue
(CVE-2024-45310).

  • Fix CVE-2024-45310, a low-severity attack that allowed
    maliciously configured containers to create empty files and directories on
    the host.
  • Document build prerequisites for different platforms. (#4353)
  • Try to delete exec fifo file when failure in creation. (#4319)
  • Revert "libcontainer: seccomp: pass around *os.File for notifyfd". (#4337)
  • Fix link to gvariant documentation in systemd docs. (#4369)
  • Remove pre-go1.17 build-tags. (#4329)
  • libct/userns: assorted (godoc) improvements. (#4330)
  • libct/userns: split userns detection from internal userns code. (#4331)
  • rootfs: consolidate mountpoint creation logic. (#4359)
  • Add Go 1.23, drop 1.21. (#4360)
  • Revert "allow overriding VERSION value in Makefile" and add EXTRA_VERSION.
    (#4370)
  • Mv contrib/cmd tests/cmd (except memfd-bind). (#4377)
  • Makefile: Don't read COMMIT, BUILDTAGS, EXTRA_BUILDTAGS from env vars.
    (#4380)

Static Linking Notices

The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.

However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

Thanks to all of the contributors who made this release possible:

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Assets 23
Loading