Skip to content

Commit

Permalink
Merge pull request #447 from dtrudg/391changelog
Browse files Browse the repository at this point in the history
CHANGELOG entry / INSTALL changes for 3.9.1
  • Loading branch information
dtrudg authored Nov 22, 2021
2 parents 021d8e3 + b507791 commit da90882
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 3 deletions.
14 changes: 14 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,19 @@
# SingularityCE Changelog

## v3.9.1 \[2021-11-22\]

This is a security release for SingularityCE 3.9, addressing a security issue in
SingularityCE's dependencies.

### Security Related Fixes

- [CVE-2021-41190](https://github.com/advisories/GHSA-mc8v-mgrf-8f4m) /
[GHSA-77vh-xpmg-72qh](https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh):
OCI specifications allow ambiguous documents that contain both "manifests" and
"layers" fields. Interpretation depends on the presence / value of a
Content-Type header. SingularityCE dependencies handling the retrieval of OCI
images have been updated to versions that reject ambiguous documents.

## v3.9.0 \[2021-11-16\]

This is the first release of SingularityCE 3.9, the Community Edition of the
Expand Down
6 changes: 3 additions & 3 deletions INSTALL.md
Original file line number Diff line number Diff line change
Expand Up @@ -107,10 +107,10 @@ cd singularity
By default your clone will be on the `master` branch which is where development
of SingularityCE happens. To build a specific version of SingularityCE, check
out a [release tag](https://github.com/sylabs/singularity/tags) before
compiling. E.g. to build the 3.9.0 release checkout the `v3.9.0` tag:
compiling. E.g. to build the 3.9.1 release checkout the `v3.9.1` tag:

```sh
git checkout v3.9.0
git checkout v3.9.1
```

## Compiling SingularityCE
Expand Down Expand Up @@ -161,7 +161,7 @@ build and install the RPM like this:
<!-- markdownlint-disable MD013 -->

```sh
export VERSION=3.9.0 # this is the singularity version, change as you need
export VERSION=3.9.1 # this is the singularity version, change as you need

# Fetch the source
wget https://github.com/sylabs/singularity/releases/download/v${VERSION}/singularity-ce-${VERSION}.tar.gz
Expand Down

0 comments on commit da90882

Please sign in to comment.