Singularity 3.6.0 is an important security release, as well as including a large number of new features and improvements. Singularity 3.6.0 is now available in the current software set (swset/2019a) and we advise to use this new release. Please read the release notes carefully, especially regarding the security content and compatibility of SIF signatures. In particular, note that 3.6.0 necessarily uses a new format for SIF signatures, which is incompatible with older versions of Singularity. 3.6.0 has a
--legacy-insecure flag to verify the older insecure signatures temporarily if needed in your workflows, but older versions cannot verify containers signed by 3.6.0.
Additionnaly, you can also follow information about security vulnerabilities from the repository’s maintainers.