Skip to content

Commit

Permalink
Merge pull request opencontainers#4422 from rata/release-1.1.15
Browse files Browse the repository at this point in the history
Release v1.1.15
  • Loading branch information
kolyshkin authored Oct 7, 2024
2 parents ed38aea + 9f4baaa commit 0683379
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 4 deletions.
24 changes: 21 additions & 3 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased 1.1.z]

## [1.1.15] - 2024-10-07

> How, dear sir, did you cross the flood? By not stopping, friend, and by not
> straining I crossed the flood.
### Fixed

* The `-ENOSYS` seccomp stub is now always generated for the native
architecture that `runc` is running on. This is needed to work around some
arguably specification-incompliant behaviour from Docker on architectures
such as ppc64le, where the allowed architecture list is set to `null`. This
ensures that we always generate at least one `-ENOSYS` stub for the native
architecture even with these weird configs. (#4391)
* On a system with older kernel, reading `/proc/self/mountinfo` may skip some
entries, as a consequence runc may not properly set mount propagation,
causing container mounts leak onto the host mount namespace. (#2404, #4425)

### Removed

* In order to fix performance issues in the "lightweight" bindfd protection
against [CVE-2019-5736], the temporary `ro` bind-mount of `/proc/self/exe`
has been removed. runc now creates a binary copy in all cases. (#4392, #2532)

[CVE-2019-5736]: https://www.openwall.com/lists/oss-security/2019/02/11/2

## [1.1.14] - 2024-09-03

> 年を取っていいことは、驚かなくなることね。
Expand All @@ -34,8 +53,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
(#4370, #4382)
* rootfs: consolidate mountpoint creation logic. (#4359)

### Changed

## [1.1.13] - 2024-06-13

> There is no certainty in the world. This is the only certainty I have.
Expand Down Expand Up @@ -568,7 +585,8 @@ implementation (libcontainer) is *not* covered by this policy.
[1.0.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.0.1

<!-- 1.1.z patch releases -->
[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.14...release-1.1
[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.15...release-1.1
[1.1.15]: https://github.com/opencontainers/runc/compare/v1.1.14...v1.1.15
[1.1.14]: https://github.com/opencontainers/runc/compare/v1.1.13...v1.1.14
[1.1.13]: https://github.com/opencontainers/runc/compare/v1.1.12...v1.1.13
[1.1.12]: https://github.com/opencontainers/runc/compare/v1.1.11...v1.1.12
Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.1.14+dev
1.1.15+dev

0 comments on commit 0683379

Please sign in to comment.