Published June 25, 2026 | Version v4.5.0
Software Open

sylabs/singularity: SingularityCE 4.5.0

Authors/Creators

  • 1. @sylabs
  • 2. CIQ
  • 3. Nominal
  • 4. Red Hat
  • 5. NVIDIA
  • 6. @NVIDIA
  • 7. @NERSC
  • 8. Sylabs Inc
  • 9. Morgridge Institute for Research
  • 10. @grafana
  • 11. @lampo
  • 12. Lenovo
  • 13. MIT
  • 14. Unité de Bioinformatique Structurale, Institut Pasteur
  • 15. @ambi-robotics
  • 16. Dartmouth College, @dandi, @Debian, @DataLad, @neurodebian, @PyMVPA, @fail2ban

Description

SingularityCE 4.5.0 contains mostly internal code changes and defense-in-depth hardening. The majority of the changes made since release 4.4.2 do not alter behaviour, with the exception of specific points highlighted below.

Like many other open source projects, SingularityCE is increasingly the target of LLM driven analysis. The changes in 4.5.0 aim to minimise false positives, reduce maintainer burden, and provide defense-in-depth in areas where it is appropriate.

If you are a security researcher working on SingularityCE, please see the new AGENTS.md and SECURITY.md content.

If you are a developer, intending to contribute to SingularityCE, please review the LLM policy in CONTRIBUTING.md.

Behaviour Changes

  • In setuid mode, root-ownership checks on singularity.conf and the capabilities / ecl configuration now assert that these files are not writable except by the root owner. Management of these files by an administrator group is no longer possible. The files cannot be relocated by symlink.
  • External helper binaries executed with elevated privileges must also be root-owned, regular executable files that are not writable by group or others.
  • The majority of files that may be created by SingularityCE (e.g. remote configuration, pulled images), can no longer be created through a dangling symlink.
  • If ecl.toml is missing, SIF execution is rejected rather than assuming an inactive ECL configuration. The default install ships an activated = false template, so standard installations are unaffected; sites with custom or partial installs must ensure ecl.toml is present and valid.

Developer / API

  • The following have been removed:
    • UpdateDefinitionRaw() from pkg/build/types.
    • OptSysCtx() from pkg/ocibundle/native/bundle_linux.go
    • CreateLoop() from pkg/ocibundle/tools/loop.go
    • pkg/util/copy
    • pkg/util/sysctl
    • pkg/util/unix
  • The pkg/build/types and pkg/build/types/parser packages can now be used in programs built without cgo. An os.user fallback for i/p/util/user lookups is used when CGO is not available.

Thanks / Reporting Bugs

Thanks to our contributors for code, feedback and, testing efforts!

As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new

If you think that you've discovered a security vulnerability please report it to: security@sylabs.io

Have fun!

Downloads

Source Code

Please use the singularity-ce-4.5.0.tar.gz download below to obtain and install SingularityCE 4.5.0. The GitHub auto-generated 'Source Code' downloads do not include required dependencies etc.

Packages

RPM / DEB packages are provided for:

  • Ubuntu 22.04 (jammy)
  • Ubuntu 24.04 (noble)
  • RHEL/CentOS/AlmaLinux/Rocky 8 (el8)
  • RHEL/CentOS/AlmaLinux/Rocky 9 (el9)
  • RHEL/CentOS/AlmaLinux/Rocky 10 (el10)

These packages were built with Go 1.26.4

Upload-time immutable digests are now provided for release downloads by GitHub. A separate sha256sums file will no longer be provided.

Files

sylabs/singularity-v4.5.0.zip

Files (6.1 MB)

Name Size Download all
md5:83b41cb43c8ab093747147fe30974587
6.1 MB Preview Download

Additional details

Related works

Is supplement to
Software: https://github.com/sylabs/singularity/tree/v4.5.0 (URL)

Software

Repository URL
https://github.com/sylabs/singularity