mirror of
https://github.com/opencontainers/runc.git
synced 2026-07-11 06:03:57 +08:00
VERSION: release 1.1.12
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
This commit is contained in:
+20
-1
@@ -6,6 +6,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||
|
||||
## [Unreleased 1.1.z]
|
||||
|
||||
## [1.1.12] - 2024-01-31
|
||||
|
||||
> Now you're thinking with Portals™!
|
||||
|
||||
### Security
|
||||
|
||||
* Fix [CVE-2024-21626][cve-2024-21626], a container breakout attack that took
|
||||
advantage of a file descriptor that was leaked internally within runc (but
|
||||
never leaked to the container process). In addition to fixing the leak,
|
||||
several strict hardening measures were added to ensure that future internal
|
||||
leaks could not be used to break out in this manner again. Based on our
|
||||
research, while no other container runtime had a similar leak, none had any
|
||||
of the hardening steps we've introduced (and some runtimes would not check
|
||||
for any file descriptors that a calling process may have leaked to them,
|
||||
allowing for container breakouts due to basic user error).
|
||||
|
||||
[cve-2024-21626]: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
|
||||
|
||||
## [1.1.11] - 2024-01-01
|
||||
|
||||
> Happy New Year!
|
||||
@@ -493,7 +511,8 @@ implementation (libcontainer) is *not* covered by this policy.
|
||||
[1.0.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.0.1
|
||||
|
||||
<!-- 1.1.z patch releases -->
|
||||
[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.11...release-1.1
|
||||
[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.12...release-1.1
|
||||
[1.1.12]: https://github.com/opencontainers/runc/compare/v1.1.11...v1.1.12
|
||||
[1.1.11]: https://github.com/opencontainers/runc/compare/v1.1.10...v1.1.11
|
||||
[1.1.10]: https://github.com/opencontainers/runc/compare/v1.1.9...v1.1.10
|
||||
[1.1.9]: https://github.com/opencontainers/runc/compare/v1.1.8...v1.1.9
|
||||
|
||||
Reference in New Issue
Block a user