You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
The key has expired.
Security Related Fixes
CVE-2021-41190 / GHSA-77vh-xpmg-72qh:
OCI specifications allow ambiguous documents that contain both "manifests"
and "layers" fields. Interpretation depends on the presence / value of a
Content-Type header. Dependencies handling the retrieval of OCI images
have been updated to versions that reject ambiguous documents.
Changed defaults / behaviours
Building Singularity from source requires go >=1.16. We now aim to support
the two most recent stable versions of Go. This corresponds to the Go Release Maintenance Policy and Security Policy,
ensuring critical bug fixes and security patches are available for all supported language
versions. However, rpm packaging applies a patch to support older native
go installations.
Bug fixes
Sourcing a script based on PATH is now permitted, fixing a regression introduced in 3.6.0.
Environment variables in container definition files are properly scoped, fixing a regression introduced in 3.8.0.
