Skip to content

Commit f19387a

Browse files
cypharcyphar
committed
VERSION: release v1.1.5
Signed-off-by: Aleksa Sarai <[email protected]>
1 parent 58a9abe commit f19387a

File tree

2 files changed

+24
-4
lines changed

2 files changed

+24
-4
lines changed

CHANGELOG.md

Lines changed: 23 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,26 @@ This file documents all notable changes made to this project since runc 1.0.
44
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
55
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
66

7-
## [Unreleased]
7+
## [Unreleased 1.1.z]
8+
9+
## [1.1.5] - 2023-03-29
10+
11+
> 囚われた屈辱は
12+
> 反撃の嚆矢だ
13+
14+
### Fixed
15+
16+
* Prohibit container's `/proc` and `/sys` to be symlinks (CVE-2019-19921,
17+
CVE-2023-27561, CVE-2023-28642, #3785)
18+
* rootless: rework /sys/fs/cgroup mounts to avoid exposing the host's cgroup
19+
hierarchy into the container. (CVE-2023-25809)
20+
* Fix the inability to use `/dev/null` when inside a container. (#3620)
21+
* Fix changing the ownership of host's `/dev/null` caused by fd redirection
22+
(a regression in 1.1.1). (#3674, #3731)
23+
* Fix rare runc exec/enter unshare error on older kernels, inlcuding
24+
CentOS < 7.7. (#3776)
25+
* nsexec: Check for errors in `write_log()`. (#3721)
26+
* Various CI fixes and updates. (#3618, #3630, #3640, #3729)
827

928
## [1.1.4] - 2022-08-24
1029

@@ -315,7 +334,7 @@ implementation (libcontainer) is *not* covered by this policy.
315334
cgroups at all during `runc update`). (#2994)
316335

317336
<!-- minor releases -->
318-
[Unreleased]: https://github.com/opencontainers/runc/compare/v1.1.4...HEAD
337+
[Unreleased]: https://github.com/opencontainers/runc/compare/v1.1.0...HEAD
319338
[1.1.0]: https://github.com/opencontainers/runc/compare/v1.1.0-rc.1...v1.1.0
320339
[1.0.0]: https://github.com/opencontainers/runc/releases/tag/v1.0.0
321340

@@ -326,7 +345,8 @@ implementation (libcontainer) is *not* covered by this policy.
326345
[1.0.1]: https://github.com/opencontainers/runc/compare/v1.0.0...v1.0.1
327346

328347
<!-- 1.1.z patch releases -->
329-
[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.4...release-1.1
348+
[Unreleased 1.1.z]: https://github.com/opencontainers/runc/compare/v1.1.5...release-1.1
349+
[1.1.5]: https://github.com/opencontainers/runc/compare/v1.1.3...v1.1.5
330350
[1.1.4]: https://github.com/opencontainers/runc/compare/v1.1.3...v1.1.4
331351
[1.1.3]: https://github.com/opencontainers/runc/compare/v1.1.2...v1.1.3
332352
[1.1.2]: https://github.com/opencontainers/runc/compare/v1.1.1...v1.1.2

VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
1.1.4+dev
1+
1.1.5

0 commit comments

Comments
 (0)