Security Release - Singularity 3.7.4 is now available

Skip to first unread message

David Trudgian

May 26, 2021, 1:48:13 PMMay 26
to Singularity Community Edition

Security Release - Singularity 3.7.4 is now available

Singularity 3.7.4 is a security release, and all users are encouraged to upgrade. Please see below for details of the security issue.

Note: This release has been coordinated with HPCng, and is identical to hpcng/singularity v3.7.4. The upcoming v3.8.0 release of SingularityCE will be the first independent release following the fork.

As always, please report any bugs via:

If you think that you've discovered a security vulnerability please report it to:

v3.7.4 - [2021-05-25]

Security Related Fixes
  • CVE-2021-32635: Due to incorrect use of a default URL, singularity action commands (run/shell/exec) specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint ( rather than the configured remote endpoint. An attacker may be able to push a malicious container to the default remote endpoint with a URI that is identical to the URI used by a victim with a non-default remote endpoint, thus executing the malicious container.

Please see the published security advisory at for further detail.

Reply all
Reply to author
0 new messages