Skip to content

Apptainer 1.1.2 Security release
Compare
Choose a tag to compare
@DrDaveD DrDaveD released this 06 Oct 19:56
· 1771 commits to main since this release
v1.1.2
84ee054
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Changes in this release

  • CVE-2022-39237: The sif dependency included in Apptainer before this release does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. This release updates to sif v2.8.1 which corrects this issue. See the linked advisory for references and a workaround.
Assets 12