Skip to content

Singularity 3.7.4
Compare
Choose a tag to compare
@dtrudg dtrudg released this 26 May 17:44
v3.7.4
a29667c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Singularity 3.7.4 is the most recent stable release of Singularity prior to Sylabs' fork from github.com/hpcng/singularity which will take effect from the SingularityCE 3.8.0 onward.

This is a security release that has been coordinated with HPCng. We recommend all users upgrade to this version.

The downloads provided here are identical to those provided at https://github.com/hpcng/singularity/releases/tag/v3.7.4

This release is provided for convenience to users arriving from outdated links. Future releases posted here will be made from the code-base of this Sylabs fork.

Security Related Fixes

CVE-2021-32635: Due to incorrect use of a default URL, singularity action commands (run/shell/exec) specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint (cloud.sylabs.io) rather than the configured remote endpoint. An attacker may be able to push a malicious container to the default remote endpoint with a URI that is identical to the URI used by a victim with a non-default remote endpoint, thus executing the malicious container.

Please see the published security advisory at github.com/sylabs/singularity/security/advisories for further detail.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: [email protected]

Have fun!

Downloads

Please use the singularity-3.7.4.tar.gz download below to obtain and install Singularity 3.7.4. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Assets 4
Loading