https://github.com/hpcng/singularity/releases/tag/v3.7.3
Singularity 3.7.3 is a security release. We recommend all users upgrade to this version.
Security Related Fixes
- CVE-2021-29136:
A dependency used by Singularity to extract docker/OCI image layers can
be tricked into modifying host files by creating a malicious layer that
has a symlink with the name "." (or "/"), when running as root. This
vulnerability affects a singularity build or singularity pull as root, from a docker or OCI source.
Thanks / Reporting Bugs
Thanks to our contributors for code, feedback and, testing efforts!
As always, please report any bugs to: https://github.com/hpcng/singularity/issues/new
If you think that you've discovered a security vulnerability please report it to: secu...@sylabs.io
Have fun!