New
runc v1.2.9 -- "Stars hide your fires, let me rest tonight."
This is the ninth patch release of the 1.2.z release series of runc, and primarily contains a few fixes for some regressions introduced in 1.2.8.
Fixed
- libct: fix mips compilation. (#4962, #4965)
- When configuring a
tmpfsmount, only set themode=argument if the target path already existed. This fixes a regression introduced in our CVE-2025-52881 mitigation patches. (#4971, #4974) - Fix various file descriptor leaks and add additional tests to detect them as comprehensively as possible. (#5007, #5021, #5027)
Changed
- Downgrade
github.com/cyphar/filepath-securejoindependency tov0.5.2, which should make it easier for some downstreams to importruncwithout pulling in too many extra packages. (#5027)