Skip to content

v5.2.5

Compare
Choose a tag to compare
@mheon mheon released this 23 Oct 17:48
· 1173 commits to main since this release
v5.2.5

Security

  • This release addresses CVE-2024-9675, which allows arbitrary access to the host filesystem from RUN --mount type=cache arguments to a Dockerfile being built.
  • This release also addresses CVE-2024-9676, which allows malicious images with a symlink /etc/passwd or /etc/group to potentially cause a denial of service through reading a FIFO on the host.

Misc

  • Updated Buildah to v1.37.5
  • Updated the containers/storage library to v1.55.1