Sourced from github.com/opencontainers/runc's changelog.

[1.1.7] - 2023-04-26

Ночевала тучка золотая на груди утеса-великана.

Fixed

• When used with systemd v240+, systemd cgroup drivers no longer skip DeviceAllow rules if the device does not exist (a regression introduced in runc 1.1.3). This fix also reverts the workaround added in runc 1.1.5, removing an extra warning emitted by runc run/start. (#3845, #3708, #3671)

Added

• The source code now has a new file, runc.keyring, which contains the keys used to sign runc releases. (#3838)

[1.1.6] - 2023-04-11

In this world nothing is certain but death and taxes.

Compatibility

• This release can no longer be built from sources using Go 1.16. Using a latest maintained Go 1.20.x or Go 1.19.x release is recommended. Go 1.17 can still be used.

Fixed

• systemd cgroup v1 and v2 drivers were deliberately ignoring UnitExist error from systemd while trying to create a systemd unit, which in some scenarios may result in a container not being added to the proper systemd unit and cgroup. (#3780, #3806)
• systemd cgroup v2 driver was incorrectly translating cpuset range from spec's resources.cpu.cpus to systemd unit property (AllowedCPUs) in case of more than 8 CPUs, resulting in the wrong AllowedCPUs setting. (#3808)
• systemd cgroup v1 driver was prefixing container's cgroup path with the path of PID 1 cgroup, resulting in inability to place PID 1 in a non-root cgroup. (#3811)
• runc run/start may return "permission denied" error when starting a rootless container when the file to be executed does not have executable bit set for the user, not taking the CAP_DAC_OVERRIDE capability into account. This is a regression in runc 1.1.4, as well as in Go 1.20 and 1.20.1 (#3715, #3817)
• cgroup v1 drivers are now aware of misc controller. (#3823)
• Various CI fixes and improvements, mostly to ensure Go 1.19.x and Go 1.20.x compatibility.

• 860f061 VERSION: release 1.1.7
• 2648033 Merge pull request #3838 from cyphar/1.1-release-gpgkeys
• f72cd0a Merge pull request #3845 from kolyshkin/1.1-rm-warning
• c1063b1 runc.keyring: add Akihiro Suda
• b0fae8c scripts: keyring validate: print some more information
• 79a52b4 libct/cg/sd: use systemd version when generating dev props
• 6a806d4 runc.keyring: add Kolyshkin
• b6f686f keyring: add Aleksa's <[email protected]> signing key
• 63355bf keyring: add Aleksa's <[email protected]> signing key
• 3bdb63b keyring: verify runc.keyring has legitimate maintainer keys
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)