v1.29.5

What's Changed

• [release-1.29] Properly validate cache IDs and sources by @dashea in #5787
• [release-1.29] Fix CVE-2024-11218 by @cevich in #5955

Full Changelog: v1.29.4...v1.29.5

v1.39.0

What's Changed

Notable changes

• Bump to c/common v0.61.0, c/image v5.33.0, c/storage v1.56.0, Buildah to v1.38.0 by @TomSweeneyRedHat in #5830
• CI VMs: bump again by @edsantiago in #5833
• Finish updating to go 1.22 by @nalind in #5835
• (not just) Makefile cleanups by @kolyshkin in #5832
• executor: allow to specify --no-pivot-root by @giuseppe in #5838
• Makefile: list sources via find conditionally by @danishprakash in #5807
• Tests: make _prefetch() parallel-safe by @edsantiago in #5841
• [skip-ci] Packit: f39 and rhel cleanups by @lsm5 in #5849
• CI: remove some inter-job dependencies, run cross-compile task with make -j, use /tmp for Go build cache by @nalind in #5856
• copier: use .PAXRecords instead of .Xattrs by @nalind in #5875
• Add context to an error message by @nalind in #5873
• manifest add: add --artifact-annotation by @nalind in #5854
• chroot: on Linux, try to pivot_root before falling back to chroot by @nalind in #5874
• Fix an error message in the chroot unit test by @nalind in #5876
• stage_executor: set avoidLookingCache only if mounting stage and not additional build context by @flouthoc in #5693
• Allow cache mounts to be stages and additional build contexts by @nalind in #5897
• New VM Images by @Luap99 in #5900
• [skip-ci] RPM: cleanup changelog conditionals by @lsm5 in #5888
• copy-preserving-extended-attributes: use a different base image by @nalind in #5901
• Add support for --security-opt mask and unmask by @rhatdan in #5883
• [CI:DOCS] Touch up changelogs by @TomSweeneyRedHat in #5907
• relabel(): correct a misleading parameter name by @nalind in #5922
• Add more checks to the --mount flag parsing logic by @nalind in #5925
• chroot mount flags integration test: copy binaries by @nalind in #5926
• bump github.com/vbatts/tar-split by @nalind in #5930
• fix broken doc link by @cheesesashimi in #5936
• run_freebsd.go: only import runtime-spec once by @nalind in #5935
• Update c/image and update tests by @mtrmac in #5932
• refactor: replace golang.org/x/exp with stdlib by @Juneezee in #5937
• Run(): always clean up options.ExternalImageMounts by @nalind in #5924
• Accept image names as sources for cache mounts by @nalind in #5934
• [skip-ci] RPM: use default gobuild macro on RHEL by @lsm5 in #5938
• vendor to latest c/{common,image,storage} by @Luap99 in #5929
• build, run: record hash or digest in image history for sources used in --mount by @flouthoc in #5691
• pkg/overlay: cleanups by @nalind in #5927
• bats tests - parallelize by @edsantiago in #5552
• CI, .cirrus: parallelize containerized integration by @flouthoc in #5947

Dependency updates

• Update module github.com/moby/sys/capability to v0.4.0 by @renovate in #5836
• Update module github.com/opencontainers/runc to v1.2.2 by @renovate in #5840
• Update module github.com/moby/buildkit to v0.17.2 by @renovate in #5844
• Update module github.com/stretchr/testify to v1.10.0 by @renovate in #5846
• Update github.com/opencontainers/runtime-tools digest to f7e3563 by @renovate in #5852
• Update golang.org/x/exp digest to 2d47ceb by @renovate in #5853
• Update module github.com/moby/buildkit to v0.18.1 by @renovate in #5848
• Update module golang.org/x/crypto to v0.30.0 by @renovate in #5859
• Update module github.com/docker/docker to v27.4.0-rc.4+incompatible by @renovate in #5863
• Update module github.com/cyphar/filepath-securejoin to v0.3.5 by @renovate in #5865
• Update module github.com/docker/docker to v27.4.0+incompatible by @renovate in #5870
• Update module github.com/opencontainers/runc to v1.2.3 by @renovate in #5871
• Update module golang.org/x/crypto to v0.31.0 by @renovate in #5872
• fix(deps): update module github.com/moby/buildkit to v0.18.2 by @renovate in #5879
• fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.6 by @renovate in #5880
• fix(deps): update module github.com/containers/ocicrypt to v1.2.1 by @renovate in #5878
• fix(deps): update module github.com/docker/docker to v27.4.1+incompatible by @renovate in #5882
• fix(deps): update module github.com/opencontainers/runc to v1.2.4 by @renovate in #5898
• fix(deps): update module golang.org/x/crypto to v0.32.0 by @renovate in #5896
• chore(deps): update module golang.org/x/net to v0.33.0 [security] by @renovate in #5887
• fix(deps): update github.com/containers/luksy digest to a3a812d by @renovate in #5890
• fix(deps): update module github.com/docker/docker to v27.5.0+incompatible by @renovate in #5904
• fix(deps): update module github.com/containers/image/v5 to v5.33.1 by @renovate in #5909
• fix(deps): update module github.com/containers/common to v0.61.1 by @renovate in #5912
• fix(deps): update module github.com/moby/buildkit to v0.19.0 by @renovate in #5923
• fix(deps): update module github.com/docker/docker to v27.5.1+incompatible by @renovate in #5933
• Update module github.com/containers/storage to v1.57.0 by @renovate in #5957

New Contributors

• @cheesesashimi made their first contribution in #5936

Full Changelog: v1.38.0...v1.39.0

v1.27.6

What's Changed

• [release-1.27] Properly validate cache IDs and sources by @dashea in #5797
• [release-1.27] Backport fix for CVE-2024-11218 by @dashea in #5946
• [release-1.27] Bump to 1.27.6 by @dashea in #5958

Full Changelog: v1.27.5...v1.27.6

v1.35.5

What's Changed

• [release-1.35] Address CVE-2024-3727 by @TomSweeneyRedHat in #5521
• [release-1.35] Cross-build on Fedora by @openshift-cherrypick-robot in #5578
• [release-1.35] integration tests: switch some base images by @nalind in #5814
• Fix GHSA-5vpc-35f4-r8w6 (CVE-2024-11218)

Full Changelog: v1.35.4...v1.35.5

v1.26.9

What's Changed

• [release-1.26] backport fix for CVE-2024-11218 by @dashea in #5931
• [release-1.26] Bump version to 1.26.9 by @dashea in #5942

Full Changelog: v1.26.8...v1.26.9

v1.37.6

What's Changed

Notable changes

• [release-1.37][CI:DOCS] touchup changelog by @TomSweeneyRedHat in #5793
• [release-1.37][CI:DOCS] Touch up changelogs by @TomSweeneyRedHat in #5910
• Fix GHSA-5vpc-35f4-r8w6 (CVE-2024-11218)

Full Changelog: v1.37.5...v1.37.6

v1.38.1

What's Changed

Notable changes

• [release-1.38] tag v1.38.1 by @nalind in #5918 (Addresses CVE-2024-11218)
• [release-1.38] Bump c/storage v1.56.1, c/image v5.33.1, c/common v0.61.1 by @TomSweeneyRedHat in #5911

Full Changelog: v1.38.0...v1.38.1

v1.33.12

What's Changed

• [release-1.33] Bump c/storage to v1.51.2, fixes CVE-2024-9676 by @TomSweeneyRedHat in #5799
• [release-1.33] integration tests: switch some base images by @nalind in #5816
• Fix GHSA-5vpc-35f4-r8w6 (CVE-2024-11218)
• [release-1.33] tag v1.33.12 by @nalind in #5921

Full Changelog: v1.33.11...v1.33.12

v1.38.0

What's Changed

Notable changes

• Bump to Buildah v1.37.0 by @TomSweeneyRedHat in #5651
• AddAndCopyOptions: add CertPath, InsecureSkipTLSVerify, Retry fields by @nalind in #5646
• Add PrependedLinkedLayers/AppendedLinkedLayers to CommitOptions by @nalind in #5647
• Use Epoch: 2 and respect the epoch in dependencies. by @jnovy in #5654
• fix(deps): fix test/tools ginkgo typo by @Asutorufa in #5455
• make vendor-in-container: use the caller's Go cache if it exists by @nalind in #5667
• install: On Debian/Ubuntu, add installation of libbtrfs-dev and libdevmapper-dev by @jelmer in #5541
• Drop the e2e test suite by @nalind in #5668
• [CI:DOCS] Update tutorials to keep up with API changes in storage by @nalind in #5665
• Update containerd by @nalind in #5666
• conformance tests: use mirror.gcr.io for most images by @nalind in #5673
• Add(): re-escape any globbed items that included escapes by @nalind in #5676
• unit tests: use test-specific policy.json and registries.conf by @nalind in #5672
• gofix, gofmt the code, add gofmt linter by @kolyshkin in #5680
• conformance: move weirdly-named files out of the repository by @nalind in #5684
• Commit(): retry committing to local storage on storage.LayerUnknown by @nalind in #5686
• CI: enable the gofumpt and whitespace linters by @nalind in #5689
• run: fix a nil pointer dereference on FreeBSD by @dfr in #5694
• [CI:DOCS] buildah-build.1.md: expand the --layer-label description by @nalind in #5701
• [CI:DOCS] update some godocs, use 0o to prefix an octal in a comment by @nalind in #5702
• New VMs by @edsantiago in #5703
• Add a validation script for Makefile $(SOURCES) by @nalind in #5704
• imagebuildah: make scratch config handling toggleable by @nalind in #5690
• copier: handle globbing with "**" path components by @nalind in #5688
• Vendor c/common:9d025e4cb348 by @Honny1 in #5710
• Update to go 1.22 by @Luap99 in #5715
• make use of new pasta option from c/common by @Luap99 in #5724
• add: add support for git sources by @danishprakash in #5438
• manifest add --artifact: handle multiple values by @nalind in #5728
• build: fall back to parsing a TARGETPLATFORM build-arg by @nalind in #5731
• [skip-ci] Packit: Enable sidetags for bodhi updates by @lsm5 in #5730
• imagebuildah.StageExecutor: clean up volumes/volumeCache by @nalind in #5729
• In a container, try to register binfmt_misc by @nalind in #5732
• Do not error on trying to write IMA xattr as rootless by @mheon in #5741
• fix: remove duplicate conditions by @cuishuang in #5745
• [CI:DOCS] Document how entrypoint is configured in buildah config by @rhatdan in #5734
• buildah-manifest-create.1: Fix manpage section by @siretart in #5757
• Document that zstd:chunked is downgraded to zstd when encrypting by @mtrmac in #5759
• CVE-2024-9407: validate "bind-propagation" flag settings by @nalind in #5761
• tests: add quotes to names by @Luap99 in #5765
• Don't set ambient caps; switch to moby/sys/capability by @kolyshkin in #5754
• vendor: update c/common to latest by @Luap99 in #5763
• Make buildah manifest push --all true by default by @k9withabone in #5755
• Audit and tidy OWNERS by @baude in #5770
• [skip-ci] Packit: constrain koji job to fedora package to avoid dupes by @lsm5 in #5774
• Properly validate cache IDs and sources by @mheon in #5778
• Add support for COPY --exclude and ADD --exclude options by @rhatdan in #5733
• Document more buildah build --secret options by @nalind in #5784
• go.mod: remove unnecessary replace by @Luap99 in #5791
• Integration tests: run git daemon on a random-but-bind()able port by @nalind in #5783
• chroot: add newlines at the end of printed error messages by @nalind in #5753
• deps: bump runc to v1.2.0 by @kolyshkin in #5796
• tests: mkcw: bug fixes, refactor by @edsantiago in #5802
• tests: sbom: never write to cwd by @edsantiago in #5803
• tests: blobcache: use unique image name by @edsantiago in #5801
• Handle RUN --mount with relative targets and no configured workdir by @nalind in #5798
• tests: bud: make parallel-safe by @edsantiago in #5804
• tests/tools: update golangci-lint to v1.61.0 by @Luap99 in #5821
• CI VMs: bump f40 -> f41 by @edsantiago in #5820

Dependency updates

• fix(deps): update golang.org/x/exp digest to 8a7402a by @renovate in #5660
• fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.1 by @renovate in #5652
• fix(deps): update module golang.org/x/sys to v0.23.0 by @renovate in #5663
• fix(deps): update module github.com/fsouza/go-dockerclient to v1.11.2 by @renovate in #5658
• fix(deps): update github.com/containers/luksy digest to 1f482a9 by @renovate in #5659
• fix(deps): update module github.com/onsi/gomega to v1.34.1 by @renovate in #5650
• fix(deps): update module golang.org/x/crypto to v0.26.0 by @renovate in #5670
• fix(deps): update module golang.org/x/sys to v0.24.0 by @renovate in #5677
• fix(deps): update module github.com/containers/image/v5 to v5.32.1 by @renovate in #5679
• fix(deps): update module github.com/containers/common to v0.60.1 by @renovate in #5682
• fix(deps): update module github.com/docker/docker to v27.1.2+incompatible by @renovate in #5683
• fix(deps): update module github.com/containers/common to v0.60.2 by @renovate in #5697
• fix(deps): update module github.com/openshift/imagebuilder to v1.2.15 by @renovate in #5700
• fix(deps): update module github.com/docker/docker to v27.2.0+incompatible by @renovate in #5708
• fix(deps): update github.com/containers/luksy digest to 2e7307c by @renovate in #5711
• fix(deps): update golang.org/x/exp digest to 9b4947d by @renovate in #5712
• fix(deps): update module golang.org/x/term to v0.24.0 by @renovate in #5719
• fix(deps): update module github.com/docker/docker to v27.2.1+incompatible by @renovate in #5726
• fix(deps): update module github.com/fsouza/go-dockerclient to v1.12.0 by @renovate in #5687
• fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.2 by @renovate in #5736
• fix(deps): update module github.com/moby/buildkit to v0.16.0 by @renovate in #5383
• chore(deps): update dependency ubuntu to v24 by @renovate in #5756
• fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.3 by @renovate in #5758
• fix(deps): update module golang.org/x/crypto to v0.28.0 by @renovate in #5771
• chore(deps): update dependency containers/a...

v1.33.11

What's Changed

• release-1.33] Bump c/storage to v1.51.2, fixes CVE-2024-9676 by @TomSweeneyRedHat in #5799
• [release-1.33] Address CVE-2024-9675, bump Buildah to v1.33.10 by @TomSweeneyRedHat in #5790

Full Changelog: v1.33.10...v1.33.11