Skip to content

Commit fe09117

Browse files
cypharcyphar
committed
merge #5046 into opencontainers/runc:release-1.4
Li Fu Bang (2): VERSION: back to development VERSION: release 1.4.0 LGTMs: rata cyphar
2 parents 7d84a12 + ead7182 commit fe09117

File tree

2 files changed

+29
-2
lines changed

2 files changed

+29
-2
lines changed

CHANGELOG.md

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
66

77
## [Unreleased 1.4.z]
88

9+
## [1.4.0] - 2025-11-27
10+
11+
> 路漫漫其修远兮,吾将上下而求索!
12+
13+
### Deprecated ###
14+
- Deprecate cgroup v1. (#4956)
15+
- Deprecate `CleanPath`, `StripRoot`, `WithProcfd`, and `WithProcfdFile` from
16+
`libcontainer/utils`. (#4985)
17+
918
### Breaking ###
1019
- The handling of `pids.limit` has been updated to match the newer guidance
1120
from the OCI runtime specification. In particular, now a maximum limit value
@@ -21,6 +30,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
2130
- cgroups: improve `cpuacct.usage_all` resilience when parsing data from
2231
patched kernels (such as the Tencent kernels). (opencontainers/cgroups#46,
2332
opencontainers/cgroups#50)
33+
- libct: close child fds on `prepareCgroupFD` error. (#4936)
34+
- libct: fix mips compilation. (#4962, #4967)
35+
- When configuring a `tmpfs` mount, only set the `mode=` argument if the target
36+
path already existed. This fixes a regression introduced in our
37+
[CVE-2025-52881][] mitigation patches. (#4971, #4976)
38+
- Fix various file descriptor leaks and add additional tests to detect them as
39+
comprehensively as possible. (#5007, #5021, #5034)
40+
- The "hallucination" helpers added as part of the [CVE-2025-52881][]
41+
mitigation have been made more generic and now apply to all of our `pathrs`
42+
helper functions, which should ensure we will not regress dangling symlink
43+
users. (#4985)
44+
45+
### Changed
46+
- libct: switch to `(*CPUSet).Fill`. (#4927)
47+
- docs/spec-conformance.md: update for spec v1.3.0. (#4948)
48+
49+
[CVE-2025-52881]: https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm
2450

2551
## [1.4.0-rc.3] - 2025-11-05
2652

@@ -1392,7 +1418,8 @@ implementation (libcontainer) is *not* covered by this policy.
13921418
[1.3.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.2.0...v1.3.0-rc.1
13931419

13941420
<!-- 1.4.z patch releases -->
1395-
[Unreleased 1.4.z]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.3...release-1.4
1421+
[Unreleased 1.4.z]: https://github.com/opencontainers/runc/compare/v1.4.0...release-1.4
1422+
[1.4.0]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.3...v1.4.0
13961423
[1.4.0-rc.3]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.2...v1.4.0-rc.3
13971424
[1.4.0-rc.2]: https://github.com/opencontainers/runc/compare/v1.4.0-rc.1...v1.4.0-rc.2
13981425
[1.4.0-rc.1]: https://github.com/opencontainers/runc/compare/v1.3.0...v1.4.0-rc.1

VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
1.4.0-rc.3+dev
1+
1.4.0+dev

0 commit comments

Comments
 (0)