Skip to content

v5.2.4
Compare
Choose a tag to compare
@mheon mheon released this 07 Oct 16:04
· 1207 commits to main since this release
v5.2.4
This tag was signed with the committer’s verified signature. The key has expired.
mheon Matt Heon
GPG key ID: 5A0F5FA1CEF5C874
Expired
Learn about vigilant mode.
76d0859
This commit was signed with the committer’s verified signature. The key has expired.
mheon Matt Heon
GPG key ID: 5A0F5FA1CEF5C874
Expired
Learn about vigilant mode.

Security

  • This release addresses CVE-2024-9407, which allows arbitrary access to the host filesystem from RUN --mount arguments to a Dockerfile being built.
  • This release also addresses CVE-2024-9341, allowing the mounting of arbitrary directories from the host into containers on FIPS enabled systems using a malicious image with crafted symlinks.

Misc

  • Updated Buildah to v1.37.4
  • Updated the containers/common library to v0.60.4
Assets 18
Loading