Skip to content

Commit bc20cb4

Browse files
ratakolyshkin
rata
authored and
kolyshkin
committed
VERSION: release 1.1.15
[@kolyshkin: rebased; added a CVE link; added 1.1.15 link; changed date to 7 Oct] Signed-off-by: Rodrigo Campos <[email protected]> Signed-off-by: Kir Kolyshkin <[email protected]>
1 parent 2790485 commit bc20cb4

File tree

2 files changed

+22
-2
lines changed

2 files changed

+22
-2
lines changed

CHANGELOG.md

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
66

77
## [Unreleased 1.1.z]
88

9+
## [1.1.15] - 2024-10-07
10+
11+
> How, dear sir, did you cross the flood? By not stopping, friend, and by not
12+
> straining I crossed the flood.
13+
914
### Fixed
1015

16+
* The `-ENOSYS` seccomp stub is now always generated for the native
17+
architecture that `runc` is running on. This is needed to work around some
18+
arguably specification-incompliant behaviour from Docker on architectures
19+
such as ppc64le, where the allowed architecture list is set to `null`. This
20+
ensures that we always generate at least one `-ENOSYS` stub for the native
21+
architecture even with these weird configs. (#4391)
1122
* On a system with older kernel, reading `/proc/self/mountinfo` may skip some
1223
entries, as a consequence runc may not properly set mount propagation,
1324
causing container mounts leak onto the host mount namespace. (#2404, #4425)
1425

26+
### Removed
27+
28+
* In order to fix performance issues in the "lightweight" bindfd protection
29+
against [CVE-2019-5736], the temporary `ro` bind-mount of `/proc/self/exe`
30+
has been removed. runc now creates a binary copy in all cases. (#4392, #2532)
31+
32+
[CVE-2019-5736]: https://www.openwall.com/lists/oss-security/2019/02/11/2
33+
1534
## [1.1.14] - 2024-09-03
1635

1736
> 年を取っていいことは、驚かなくなることね。
@@ -566,7 +585,8 @@ implementation (libcontainer) is *not* covered by this policy.
566585
[1.0.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.0.1
567586

568587
<!-- 1.1.z patch releases -->
569-
[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.14...release-1.1
588+
[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.15...release-1.1
589+
[1.1.15]: https://github.com/opencontainers/runc/compare/v1.1.14...v1.1.15
570590
[1.1.14]: https://github.com/opencontainers/runc/compare/v1.1.13...v1.1.14
571591
[1.1.13]: https://github.com/opencontainers/runc/compare/v1.1.12...v1.1.13
572592
[1.1.12]: https://github.com/opencontainers/runc/compare/v1.1.11...v1.1.12

VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
1.1.14+dev
1+
1.1.15

0 commit comments

Comments
 (0)