You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: RELEASE_NOTES.md
+9
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,14 @@
1
1
# Release Notes
2
2
3
+
## 5.2.5
4
+
### Security
5
+
- This release addresses [CVE-2024-9675](https://access.redhat.com/security/cve/cve-2024-9675), which allows arbitrary access to the host filesystem from `RUN --mount type=cache` arguments to a Dockerfile being built.
6
+
- This release also addresses [CVE-2024-9676](https://access.redhat.com/security/cve/cve-2024-9676), which allows malicious images with a symlink `/etc/passwd` or `/etc/group` to potentially cause a denial of service through reading a FIFO on the host.
7
+
8
+
### Misc
9
+
- Updated Buildah to v1.37.5
10
+
- Updated the containers/storage library to v1.55.1
11
+
3
12
## 5.2.4
4
13
### Security
5
14
- This release addresses [CVE-2024-9407](https://github.com/advisories/GHSA-fhqq-8f65-5xfc), which allows arbitrary access to the host filesystem from `RUN --mount` arguments to a Dockerfile being built.
0 commit comments