This is a security-related point release, bringing the following fix thanks to Justin Riley (@jtriley):

PR1387/1397 - python: strip “Authorization” header on (urllib) redirects to different domains

The security fix prevents Singularity from leaking credentials if:

  • You are logging in to a Docker registry with credentials
  • The registry redirects you to a 3rd party host (e.g. S3 for download of layers)

The fix ensures that in this situation the HTTP “Authorization” header is stripped from the redirected request, to prevent leaking of registry credentials to the 3rd party.

For the full release announcement and downloads, please see the release on GitHub.