diff --git a/CHANGELOG.md b/CHANGELOG.md index 03e9e0fd8e..8bb79ca138 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,19 @@ # SingularityCE Changelog +## v3.9.1 \[2021-11-22\] + +This is a security release for SingularityCE 3.9, addressing a security issue in +SingularityCE's dependencies. + +### Security Related Fixes + +- [CVE-2021-41190](https://github.com/advisories/GHSA-mc8v-mgrf-8f4m) / + [GHSA-77vh-xpmg-72qh](https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh): + OCI specifications allow ambiguous documents that contain both "manifests" and + "layers" fields. Interpretation depends on the presence / value of a + Content-Type header. SingularityCE dependencies handling the retrieval of OCI + images have been updated to versions that reject ambiguous documents. + ## v3.9.0 \[2021-11-16\] This is the first release of SingularityCE 3.9, the Community Edition of the diff --git a/INSTALL.md b/INSTALL.md index 9df716976f..8f406bbfa5 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -107,10 +107,10 @@ cd singularity By default your clone will be on the `master` branch which is where development of SingularityCE happens. To build a specific version of SingularityCE, check out a [release tag](https://github.com/sylabs/singularity/tags) before -compiling. E.g. to build the 3.9.0 release checkout the `v3.9.0` tag: +compiling. E.g. to build the 3.9.1 release checkout the `v3.9.1` tag: ```sh -git checkout v3.9.0 +git checkout v3.9.1 ``` ## Compiling SingularityCE @@ -161,7 +161,7 @@ build and install the RPM like this: ```sh -export VERSION=3.9.0 # this is the singularity version, change as you need +export VERSION=3.9.1 # this is the singularity version, change as you need # Fetch the source wget https://github.com/sylabs/singularity/releases/download/v${VERSION}/singularity-ce-${VERSION}.tar.gz