You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Note: We encourage questions about usage of SingularityCE to be made via the Google Group or Slack channels [..]
See: https://sylabs.io/resources/community for links.
I would have done this, but that link gives me a "Page not found"
Description of issue
It is written that this issue has been fixed in PRO edition, but there has been no mention of this being fixed in CE edition -- wanted to enquire if it has been fixed in later versions(as the report mentions version 3.5.x-3.6.x)? There is no mention about this CVE fixing in the changelog either. Any answer is appreciated
The text was updated successfully, but these errors were encountered:
A fix for CVE-2021-33622 was only released for SingularityPRO 3.5 because the precise issue covered by that CVE was not present in Singularity 3.7, which was the supported open source release at that time. Open source Singularity 3.5.x - 3.6.x were affected by this CVE, but we only support and provide fixes for the latest open source SingularityCE version, which was 3.7 at the time. There is no patch and no changelog entry for the CVE as it was not present in 3.7.
A similar, but different, issue was present in open-source 3.7 as CVE-2021-32635. This was fixed in release 3.7.4 - see GHSA-5mv9-q7fq-9394
I would have done this, but that link gives me a "Page not found"
Type of issue
Question regarding fix for CVE-2021-33622
Description of issue
It is written that this issue has been fixed in PRO edition, but there has been no mention of this being fixed in CE edition -- wanted to enquire if it has been fixed in later versions(as the report mentions version 3.5.x-3.6.x)? There is no mention about this CVE fixing in the changelog either. Any answer is appreciated
The text was updated successfully, but these errors were encountered: