SingularityCE 3.9.1
This is a security release for SingularityCE 3.9, addressing a security issue in SingularityCE's dependencies.
Security Related Fixes
- CVE-2021-41190 / GHSA-77vh-xpmg-72qh: OCI specifications allow ambiguous documents that contain both "manifests" and "layers" fields. Interpretation depends on the presence / value of a Content-Type header. SingularityCE dependencies handling the retrieval of OCI images have been updated to versions that reject ambiguous documents.
Thanks / Reporting Bugs
Thanks to our contributors for code, feedback and, testing efforts!
As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new
If you think that you've discovered a security vulnerability please report it to: [email protected]
Have fun!
Downloads
Source Code
Please use the singularity-ce-3.9.1.tar.gz download below to obtain and install SingularityCE 3.9.0. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.
Packages
RPM / DEB packages are provided for:
- Ubuntu 18.04 (bionic)
- Ubuntu 20.04 (focal)
- RHEL/CentOS 7 (el7)
- RHEL/CentOS/Alma/Rocky 8 (el8)
Note: the +6.g38b50cb
version suffix is introduced by packaging automation added after the 3.9.1 release. There are no code/functionality changes vs the 3.9.1
source code.