Skip to content

runc v1.5.0 -- "Why do we even have that lever?!"

Latest
Latest

Choose a tag to compare

View all tags
@cyphar cyphar released this 19 Jun 11:44
· 170 commits to main since this release
v1.5.0
This tag was signed with the committer’s verified signature.
cyphar Aleksa Sarai
GPG key ID: 2897FAD2B7E9446F
Verified
Learn about vigilant mode.
c4bb595
This commit was signed with the committer’s verified signature.
cyphar Aleksa Sarai
GPG key ID: 2897FAD2B7E9446F
Verified
Learn about vigilant mode.

This is the somewhat-delayed^Wlong-awaited first stable release of the
1.5.z release branch of runc. It contains a handful of fixes for issues
found in 1.5.0-rc.3 and an important dependency bump for libpathrs.

This is the third release of runc following our new release and support
policy (see RELEASES.md for more details). This means that, as of this
release:

  • The runc 1.2.z (and earlier) release branches are now completely
    unsupported.
  • The runc 1.3.z release branch will now only receive high severity
    CVE fixes, and will no longer be supported in less than 6 months (end
    of October 2026).
  • The runc 1.4.z release branch will now only recieve security and
    "significant" bugfixes.
  • Users are encouraged to plan migrating to runc 1.5.0 as soon as
    possible.
  • Despite this release being delayed by over a month, users should
    still expect a runc 1.6.0 release in late October 2026.

Added

  • runc version and runc features now provide version information about
    libpathrs (when runc is built with the libpathrs build tag). (#5291, #5328)

Fixed

  • Since runc 1.3.0, the org.opencontainers.runc.version annotation included
    in runc features contained an extraneous \n, possibly causing issues with
    tools that parse the output. It is now properly stripped. (#5329, #5330,
    #5331, #5335)

Changed

  • runc (when built with the libpathrs build tag) now depends on libpathrs
    v0.2.5     or later, and attempting to build with older versions will cause
    compilation errors. (#5291, #5328)
  • Switched to go-criu v8.3.0, which reduces our binary size from ~16MB to
    ~14MB. (#5312, #5326)

Static Linking Notices

The runc binaries distributed with this release are statically linked with
the following GNU LGPL-2.1 licensed libraries, with runc acting
as a "work that uses the Library":

Similarly, the runc binaries distributed with this release are also
statically linked with the following MPLv2 licensed libraries,
with runc acting as a "Larger Work":

The versions of these libraries were not modified from their upstream versions,
but in order to comply with their corresponding licenses, we have attached the
complete source code for those libraries which (when combined with the attached
runc source code) may be used to exercise your rights under their respective
licenses.

However, we strongly suggest that you make use of your distribution's packages
or download them from the authoritative upstream sources, especially since
these libraries are related to the security of your containers.

Thanks to the following contributors who made this release possible:

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Assets 25
Loading