Skip to content

Commit 51d5e94

Browse files
cypharcyphar
committed
VERSION: release 1.1.12
Signed-off-by: Aleksa Sarai <[email protected]>
1 parent 2a4ed3e commit 51d5e94

File tree

2 files changed

+21
-2
lines changed

2 files changed

+21
-2
lines changed

CHANGELOG.md

+20-1
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
66

77
## [Unreleased 1.1.z]
88

9+
## [1.1.12] - 2024-01-31
10+
11+
> Now you're thinking with Portals™!
12+
13+
### Security
14+
15+
* Fix [CVE-2024-21626][cve-2024-21626], a container breakout attack that took
16+
advantage of a file descriptor that was leaked internally within runc (but
17+
never leaked to the container process). In addition to fixing the leak,
18+
several strict hardening measures were added to ensure that future internal
19+
leaks could not be used to break out in this manner again. Based on our
20+
research, while no other container runtime had a similar leak, none had any
21+
of the hardening steps we've introduced (and some runtimes would not check
22+
for any file descriptors that a calling process may have leaked to them,
23+
allowing for container breakouts due to basic user error).
24+
25+
[cve-2024-21626]: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
26+
927
## [1.1.11] - 2024-01-01
1028

1129
> Happy New Year!
@@ -493,7 +511,8 @@ implementation (libcontainer) is *not* covered by this policy.
493511
[1.0.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.0.1
494512

495513
<!-- 1.1.z patch releases -->
496-
[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.11...release-1.1
514+
[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.12...release-1.1
515+
[1.1.12]: https://github.com/opencontainers/runc/compare/v1.1.11...v1.1.12
497516
[1.1.11]: https://github.com/opencontainers/runc/compare/v1.1.10...v1.1.11
498517
[1.1.10]: https://github.com/opencontainers/runc/compare/v1.1.9...v1.1.10
499518
[1.1.9]: https://github.com/opencontainers/runc/compare/v1.1.8...v1.1.9

VERSION

+1-1
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
1.1.11+dev
1+
1.1.12

0 commit comments

Comments
 (0)