Why don't LXC team announce the release of LXC 2.0.10 and LXC 2.0.11?

I want to use LXC 2.0.x to support my work. LXC 2.0.10 and LXC 2.0.11 release tarballs are available, but I can’t find a formal announcement in LXC News.

I believe @brauner is still working on those.

OK, thank you.

Well, technically there will be the fix for the runc CVE though that’s nothing embargoed and isn’t considered to be a security issue due to LXC not guaranteeing root safety for privileged containers.

CVE-2018-6556 is still affecting LXC 2.0.9. What about LXC 2.0.11?

Hmm, good point, CVE-2018-6556 is fixed with 2.0.10.

@brauner can you make sure that’s in the summary for 2.0.10?

Excuse me, I’m not sure if CVE-2016-10124 is still affecting LXC 2.0.x. I only find the Security fix in LXC 1.0.10 release announcement.

That CVE does not affect 2.0.x as it was fixed by some rework in LXC 2.0 and the CVE was to track that code getting backported to 1.0.x.