v1.1.2 -- "I should think I’m going to be a perpetual student." This is the second patch release of the runc 1.1 release branch. It fixes CVE-2022-29162, a minor security issue (which appears to not be exploitable) related to process capabilities. This is a similar bug to the ones found and fixed in Docker and containerd recently (CVE-2022-24769). * A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and CVE-2022-29162. * `runc spec` no longer sets any inheritable capabilities in the created example OCI spec (`config.json`) file. Thanks to all of the contributors who made this release possible: * Aleksa Sarai <cyphar@cyphar.com> * Kir Kolyshkin <kolyshkin@gmail.com> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> [GHSA-f3fp-gc8g-vw66]: https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66