This is the fourteenth patch release in the 1.1.z release branch of
runc. It includes a fix for a low severity security issue
(CVE-2024-45310) as well as some minor build-related fixes (including Go
1.23 support).
Fix CVE-2024-45310, a low-severity attack that allowed
maliciously configured containers to create empty files and directories on
the host.
The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":
The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.
However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.
Thanks to all of the contributors who made this release possible:
This is the fourteenth patch release in the 1.1.z release branch of
runc. It includes a fix for a low severity security issue
(CVE-2024-45310) as well as some minor build-related fixes (including Go
1.23 support).
Fix CVE-2024-45310, a low-severity attack that allowed
maliciously configured containers to create empty files and directories on
the host.
The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":
The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.
However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.
Thanks to all of the contributors who made this release possible:
This is the fourteenth patch release in the 1.1.z release branch of
runc. It includes a fix for a low severity security issue
(CVE-2024-45310) as well as some minor build-related fixes (including Go
1.23 support).
Fix CVE-2024-45310, a low-severity attack that allowed
maliciously configured containers to create empty files and directories on
the host.
The runc binary distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":
The versions of these libraries were not modified from their upstream versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under the LGPL-2.1.
However we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.
Thanks to all of the contributors who made this release possible:
To trigger a single review, invoke the @coderabbitai review command.
You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.
Tips
### Chat
There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai):
- Review comments: Directly reply to a review comment made by CodeRabbit. Example:
-- `I pushed a fix in commit , please review it.`
-- `Generate unit testing code for this file.`
- `Open a follow-up GitHub issue for this discussion.`
- Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples:
-- `@coderabbitai generate unit testing code for this file.`
-- `@coderabbitai modularize this function.`
- PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
-- `@coderabbitai generate interesting stats about this repository and render them as a table.`
-- `@coderabbitai read src/utils.ts and generate unit testing code.`
-- `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.`
-- `@coderabbitai help me debug CodeRabbit configuration file.`
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.
### CodeRabbit Commands (Invoked using PR comments)
- `@coderabbitai pause` to pause the reviews on a PR.
- `@coderabbitai resume` to resume the paused reviews.
- `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
- `@coderabbitai full review` to do a full review from scratch and review all the files again.
- `@coderabbitai summary` to regenerate the summary of the PR.
- `@coderabbitai resolve` resolve all the CodeRabbit review comments.
- `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository.
- `@coderabbitai help` to get help.
### Other keywords and placeholders
- Add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed.
- Add `@coderabbitai summary` to generate the high-level summary at a specific location in the PR description.
- Add `@coderabbitai` anywhere in the PR title to generate the title automatically.
### CodeRabbit Configuration File (`.coderabbit.yaml`)
- You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository.
- Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information.
- If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json`
### Documentation and Community
- Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit.
- Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback.
- Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.
Bumps the go_modules group with 4 updates in the /ee/webhooks directory: github.com/gorilla/schema, github.com/opencontainers/runc, github.com/rs/cors and google.golang.org/grpc. Bumps the go_modules group with 4 updates in the /ee/orchestration directory: github.com/gorilla/schema, github.com/opencontainers/runc, github.com/rs/cors and google.golang.org/grpc. Bumps the go_modules group with 4 updates in the /ee/auth directory: github.com/gorilla/schema, github.com/opencontainers/runc, github.com/rs/cors and google.golang.org/grpc. Bumps the go_modules group with 3 updates in the /ee/wallets directory: github.com/gorilla/schema, github.com/rs/cors and google.golang.org/grpc. Bumps the go_modules group with 2 updates in the /ee/stargate directory: github.com/gorilla/schema and google.golang.org/grpc. Bumps the go_modules group with 3 updates in the /ee/search directory: github.com/gorilla/schema, github.com/rs/cors and google.golang.org/grpc. Bumps the go_modules group with 3 updates in the /ee/reconciliation directory: github.com/gorilla/schema, github.com/rs/cors and google.golang.org/grpc. Bumps the go_modules group with 2 updates in the /ee/gateway directory: google.golang.org/grpc and github.com/quic-go/quic-go. Bumps the go_modules group with 2 updates in the /ee/agent directory: github.com/gorilla/schema and google.golang.org/grpc.
Updates
github.com/gorilla/schemafrom 1.2.0 to 1.4.1Release notes
Sourced from github.com/gorilla/schema's releases.
Commits
cd59f2fMerge pull request from GHSA-3669-72x9-r9p3180f71efix: indirection through nil pointer to embedded struct (#211)a377fd6fix: fix assertion testbe699f4fix delete pointer slice test50924fffix:test: fix commentc44c90dfix:test: add assertion7d1c58efix: decode error message4548527fix: test data993e5b1fix: add test7487651fix: if default element type of value are setted in slice , raise errorUpdates
github.com/opencontainers/runcfrom 1.1.13 to 1.1.14Release notes
Sourced from github.com/opencontainers/runc's releases.
Changelog
Sourced from github.com/opencontainers/runc's changelog.
Commits
2c9f560VERSION: release 1.1.14a86c3d8Merge commit from forkf0b652e[1.1] rootfs: try to scope MkdirAll to stay inside the rootfs8781993[1.1] rootfs: consolidate mountpoint creation logic6419fbaMerge pull request #4382 from rata/Makefile-override-fixes0514204Makefile: Add EXTRA_VERSION18cdc34Revert "allow overriding VERSION value in Makefile"f3f71a9Merge pull request #4372 from kolyshkin/1.1-go1237f75aec[1.1] Add Go 1.23, drop 1.21931f463Merge pull request #4361 from austinvazquez/backport-protobuf-updates-to-1.1Updates
github.com/rs/corsfrom 1.10.1 to 1.11.0Commits
4c32059Normalize allowed request headers and store them in a sorted set (fixes #170)...8d33ca4Complete documentation; deprecate AllowOriginRequestFunc in favour of AllowOr...af821aeMerge branch 'jub0bs-master'0bcf73fUpdate benchmarkeacc8e8Fix skewed middleware benchmarks (#165)9297f15Respect the documented precedence of options (#163)73f81b4Fix readme benchmark rendering (#161)Updates
google.golang.org/grpcfrom 1.64.0 to 1.64.1Release notes
Sourced from google.golang.org/grpc's releases.
Commits
4d833deChange version to 1.64.1 (#7381)e9193a4*: update deps (#7375)ab29241metadata: remove String method (#7374)355b9a5Change version to 1.64.1-dev (#7219)Updates
github.com/gorilla/schemafrom 1.2.0 to 1.4.1Release notes
Sourced from github.com/gorilla/schema's releases.
Commits
cd59f2fMerge pull request from GHSA-3669-72x9-r9p3180f71efix: indirection through nil pointer to embedded struct (#211)a377fd6fix: fix assertion testbe699f4fix delete pointer slice test50924fffix:test: fix commentc44c90dfix:test: add assertion7d1c58efix: decode error message4548527fix: test data993e5b1fix: add test7487651fix: if default element type of value are setted in slice , raise errorUpdates
github.com/opencontainers/runcfrom 1.1.13 to 1.1.14Release notes
Sourced from github.com/opencontainers/runc's releases.
Changelog
Sourced from github.com/opencontainers/runc's changelog.
Commits
2c9f560VERSION: release 1.1.14a86c3d8Merge commit from forkf0b652e[1.1] rootfs: try to scope MkdirAll to stay inside the rootfs8781993[1.1] rootfs: consolidate mountpoint creation logic6419fbaMerge pull request #4382 from rata/Makefile-override-fixes0514204Makefile: Add EXTRA_VERSION18cdc34Revert "allow overriding VERSION value in Makefile"f3f71a9Merge pull request #4372 from kolyshkin/1.1-go1237f75aec[1.1] Add Go 1.23, drop 1.21931f463Merge pull request #4361 from austinvazquez/backport-protobuf-updates-to-1.1Updates
github.com/rs/corsfrom 1.10.1 to 1.11.0Commits
4c32059Normalize allowed request headers and store them in a sorted set (fixes #170)...8d33ca4Complete documentation; deprecate AllowOriginRequestFunc in favour of AllowOr...af821aeMerge branch 'jub0bs-master'0bcf73fUpdate benchmarkeacc8e8Fix skewed middleware benchmarks (#165)9297f15Respect the documented precedence of options (#163)73f81b4Fix readme benchmark rendering (#161)Updates
google.golang.org/grpcfrom 1.64.0 to 1.64.1Release notes
Sourced from google.golang.org/grpc's releases.
Commits
4d833deChange version to 1.64.1 (#7381)e9193a4*: update deps (#7375)ab29241metadata: remove String method (#7374)355b9a5Change version to 1.64.1-dev (#7219)Updates
github.com/gorilla/schemafrom 1.2.0 to 1.4.1Release notes
Sourced from github.com/gorilla/schema's releases.
Commits
cd59f2fMerge pull request from GHSA-3669-72x9-r9p3180f71efix: indirection through nil pointer to embedded struct (#211)a377fd6fix: fix assertion testbe699f4fix delete pointer slice test50924fffix:test: fix commentc44c90dfix:test: add assertion7d1c58efix: decode error message4548527fix: test data993e5b1fix: add test7487651fix: if default element type of value are setted in slice , raise errorUpdates
github.com/opencontainers/runcfrom 1.1.13 to 1.1.14Release notes
Sourced from github.com/opencontainers/runc's releases.
Changelog
Sourced from github.com/opencontainers/runc's changelog.
Commits
2c9f560VERSION: release 1.1.14a86c3d8Merge commit from forkf0b652e[1.1] rootfs: try to scope MkdirAll to stay inside the rootfs8781993[1.1] rootfs: consolidate mountpoint creation logic6419fbaMerge pull request #4382 from rata/Makefile-override-fixes0514204Makefile: Add EXTRA_VERSION18cdc34Revert "allow overriding VERSION value in Makefile"f3f71a9Merge pull request #4372 from kolyshkin/1.1-go1237f75aec[1.1] Add Go 1.23, drop 1.21931f463Merge pull request #4361 from austinvazquez/backport-protobuf-updates-to-1.1Updates
github.com/rs/corsfrom 1.10.1 to 1.11.0Commits
4c32059Normalize allowed request headers and store them in a sorted set (fixes #170)...8d33ca4Complete documentation; deprecate AllowOriginRequestFunc in favour of AllowOr...af821aeMerge branch 'jub0bs-master'0bcf73fUpdate benchmarkeacc8e8Fix skewed middleware benchmarks (#165)9297f15Respect the documented precedence of options (#163)73f81b4Fix readme benchmark rendering (#161)Updates
google.golang.org/grpcfrom 1.64.0 to 1.64.1Release notes
Sourced from google.golang.org/grpc's releases.
Commits
4d833deChange version to 1.64.1 (#7381)e9193a4*: update deps (#7375)ab29241metadata: remove String method (#7374)355b9a5Change version to 1.64.1-dev (#7219)Updates
github.com/gorilla/schemafrom 1.2.0 to 1.4.1Release notes
Sourced from github.com/gorilla/schema's releases.
Commits
cd59f2fMerge pull request from GHSA-3669-72x9-r9p3180f71efix: indirection through nil pointer to embedded struct (#211)a377fd6fix: fix assertion testbe699f4fix delete pointer slice test50924fffix:test: fix commentc44c90dfix:test: add assertion7d1c58efix: decode error message4548527fix: test data993e5b1fix: add test7487651fix: if default element type of value are setted in slice , raise errorUpdates
github.com/rs/corsfrom 1.10.1 to 1.11.0Commits
4c32059Normalize allowed request headers and store them in a sorted set (fixes #170)...8d33ca4Complete documentation; deprecate AllowOriginRequestFunc in favour of AllowOr...af821aeMerge branch 'jub0bs-master'0bcf73fUpdate benchmarkeacc8e8Fix skewed middleware benchmarks (#165)9297f15Respect the documented precedence of options (#163)73f81b4Fix readme benchmark rendering (#161)Updates
google.golang.org/grpcfrom 1.64.0 to 1.64.1Release notes
Sourced from google.golang.org/grpc's releases.