diff --git a/cache/runc-amd64 b/cache/runc-amd64
new file mode 100644
index 00000000000..bc6b75283a3
Binary files /dev/null and b/cache/runc-amd64 differ
diff --git a/cache/runc-arm64 b/cache/runc-arm64
new file mode 100644
index 00000000000..8e2a3735dd2
Binary files /dev/null and b/cache/runc-arm64 differ
diff --git a/cache/runc-ppc64le b/cache/runc-ppc64le
new file mode 100644
index 00000000000..b35c94d3601
Binary files /dev/null and b/cache/runc-ppc64le differ
diff --git a/cache/runc.json b/cache/runc.json
new file mode 100644
index 00000000000..b293993fdd3
--- /dev/null
+++ b/cache/runc.json
@@ -0,0 +1,7 @@
+{
+  "tagName": "v1.2.0",
+  "url": "https://github.com/opencontainers/runc/releases/tag/v1.2.0",
+  "description": "This is the long-awaited release of runc 1.2.0! The primary changes from rc3\r\nare general improvements and fixes for minor regressions related to the\r\nnew /proc/self/exe cloning logic in runc 1.2, follow-on patches related\r\nto CVE-2024-45310, as well as some other minor changes.\r\n * In order to alleviate the remaining concerns around the memory usage and\r\n   (arguably somewhat unimportant, but measurable) performance overhead of\r\n   memfds for cloning `/proc/self/exe`, we have added a new protection using\r\n   `overlayfs` that is used if you have enough privileges and the running\r\n   kernel supports it. It has effectively no performance nor memory overhead\r\n   (compared to no cloning at all). (#4448)\r\n * The original fix for [CVE-2024-45310][cve-2024-45310] was intentionally very\r\n   limited in scope to make it easier to review, however it also did not handle\r\n   all possible `os.MkdirAll` cases and thus could lead to regressions. We have\r\n   switched to the more complete implementation in the newer versions of\r\n   `github.com/cyphar/filepath-securejoin`. (#4393, #4400, #4421, #4430)\r\n * In certain situations (a system with lots of mounts or racing mounts) we\r\n   could accidentally end up leaking mounts from the container into the host.\r\n   This has been fixed. (#4417)\r\n * The fallback logic for `O_TMPFILE` clones of `/proc/self/exe` had a minor\r\n   bug that would cause us to miss non-`noexec` directories and thus fail to\r\n   start containers on some systems. (#4444)\r\n * Sometimes the cloned `/proc/self/exe` file descriptor could be placed in a\r\n   way that it would get clobbered by the Go runtime. We had a fix for this\r\n   already but it turns out it could still break in rare circumstances, but it\r\n   has now been fixed. (#4294, #4452)\r\n * It is not possible for `runc kill` to work properly in some specific\r\n   configurations (such as rootless containers with no cgroups and a shared pid\r\n   namespace). We now output a warning for such configurations. (#4398)\r\n * memfd-bind: update the documentation and make path handling with the systemd\r\n   unit more idiomatic. (#4428)\r\n * We now use v0.16 of Cilium's eBPF library, including fixes that quite a few\r\n   downstreams asked for. (#4397, #4396)\r\n * Some internal `runc init` synchronisation that was no longer necessary (due\r\n   to the `/proc/self/exe` cloning move to Go) was removed. (#4441)\r\n\r\n[cve-2024-45310]: https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv\r\n\r\n### Static Linking Notices ###\r\n\r\nThe `runc` binary distributed with this release are *statically linked* with\r\nthe following [GNU LGPL-2.1][lgpl-2.1] licensed libraries, with `runc` acting\r\nas a \"work that uses the Library\":\r\n\r\n[lgpl-2.1]: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html\r\n\r\n  - [libseccomp](https://github.com/seccomp/libseccomp)\r\n\r\nThe versions of these libraries were not modified from their upstream versions,\r\nbut in order to comply with the LGPL-2.1 (&sect;6(a)), we have attached the\r\ncomplete source code for those libraries which (when combined with the attached\r\nrunc source code) may be used to exercise your rights under the LGPL-2.1.\r\n\r\nHowever we strongly suggest that you make use of your distribution's packages\r\nor download them from the authoritative upstream sources, especially since\r\nthese libraries are related to the security of your containers.\r\n\r\n<hr/>\r\n\r\nThanks to all of the contributors who made this release possible:\r\n\r\n * Akhil Mohan <akhilerm@gmail.com>\r\n * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>\r\n * Aleksa Sarai <cyphar@cyphar.com>\r\n * Amir M. Ghazanfari <a.m.ghazanfari76@gmail.com>\r\n * Kir Kolyshkin <kolyshkin@gmail.com>\r\n * Rafael Roquetto <rafael.roquetto@grafana.com>\r\n * Rodrigo Campos <rodrigoca@microsoft.com>\r\n * Sebastiaan van Stijn <github@gone.nl>\r\n * Stavros Panakakis <stavrospanakakis@gmail.com>\r\n * lifubang <lifubang@acmcoder.com>\r\n\r\nSigned-off-by: Aleksa Sarai <cyphar@cyphar.com>",
+  "publishedAt": "2024-10-22T09:12:21Z",
+  "isLatest": true
+}
\ No newline at end of file
diff --git a/roles/kubespray-defaults/defaults/main/checksums.yml b/roles/kubespray-defaults/defaults/main/checksums.yml
index d1096cd36e6..d4b25eaf12e 100644
--- a/roles/kubespray-defaults/defaults/main/checksums.yml
+++ b/roles/kubespray-defaults/defaults/main/checksums.yml
@@ -750,6 +750,7 @@ cri_dockerd_archive_checksums:
     0.3.5: 0
 runc_checksums:
   arm:
+    v1.2.0: 0
     v1.1.13: 0
     v1.1.12: 0
     v1.1.11: 0
@@ -757,6 +758,7 @@ runc_checksums:
     v1.1.9: 0
     v1.1.8: 0
   arm64:
+    v1.2.0: 3d4f66dc1d91f1b2a46713d185a506a604f1fe9f2f2b89c281eb1c5c13677ff0
     v1.1.13: 4b93701752f5338ed51592b38e039aef8c1a59856d1225df21eba84c2830743c
     v1.1.12: 879f910a05c95c10c64ad8eb7d5e3aa8e4b30e65587b3d68e009a3565aed5bb8
     v1.1.11: 9f1ee53f06b78cc4a115ca6ae4eec10567999539ce828a22c5351edba043ed12
@@ -764,6 +766,7 @@ runc_checksums:
     v1.1.9: b43e9f561e85906f469eef5a7b7992fc586f750f44a0e011da4467e7008c33a0
     v1.1.8: 7c22cb618116d1d5216d79e076349f93a672253d564b19928a099c20e4acd658
   amd64:
+    v1.2.0: 3bbb68e49bc89dd2607f11d2ff0fa699963ebada39c32ad8a6aab0d40435c1ed
     v1.1.13: bcfc299c1ab255e9d045ffaf2e324c0abaf58f599831a7c2c4a80b33f795de94
     v1.1.12: aadeef400b8f05645768c1476d1023f7875b78f52c7ff1967a6dbce236b8cbd8
     v1.1.11: 77ae134de014613c44d25e6310a57a219a7a91155cd47d069a0f22a2cad5caea
@@ -771,6 +774,7 @@ runc_checksums:
     v1.1.9: b9bfdd4cb27cddbb6172a442df165a80bfc0538a676fbca1a6a6c8f4c6933b43
     v1.1.8: 1d05ed79854efc707841dfc7afbf3b86546fc1d0b3a204435ca921c14af8385b
   ppc64le:
+    v1.2.0: 0bd876309958ec00a0e86df3f549f025ad7ae32d981536c1a2932465b479be70
     v1.1.13: 4675d51dc0b08ad8e17d3065f2e4ce47760728945f33d3092385e792357e6519
     v1.1.12: 4069d1d57724126e116ad6dbd84409082d1b0afee1ee960b17558f146a742bb6
     v1.1.11: e3d1da41f97db1bb7e9a8d96c9092747c14ee53bc9f160048828e63f3a2d0896
diff --git a/roles/kubespray-defaults/defaults/main/download.yml b/roles/kubespray-defaults/defaults/main/download.yml
index 067b673c97f..39796b2e87e 100644
--- a/roles/kubespray-defaults/defaults/main/download.yml
+++ b/roles/kubespray-defaults/defaults/main/download.yml
@@ -75,7 +75,7 @@ image_arch: "{{ host_architecture | default('amd64') }}"
 
 # Versions
 crun_version: 1.14.4
-runc_version: v1.1.13
+runc_version: v1.2.0
 kata_containers_version: 3.1.3
 youki_version: 0.1.0
 gvisor_version: 20240305
diff --git a/version_diff.json b/version_diff.json
new file mode 100644
index 00000000000..6ca0f727ff4
--- /dev/null
+++ b/version_diff.json
@@ -0,0 +1,17 @@
+{
+  "runc": {
+    "current_version": "v1.1.13",
+    "latest_version": "v1.2.0",
+    "release": {
+      "tagName": "v1.2.0",
+      "url": "https://github.com/opencontainers/runc/releases/tag/v1.2.0",
+      "description": "This is the long-awaited release of runc 1.2.0! The primary changes from rc3\r\nare general improvements and fixes for minor regressions related to the\r\nnew /proc/self/exe cloning logic in runc 1.2, follow-on patches related\r\nto CVE-2024-45310, as well as some other minor changes.\r\n * In order to alleviate the remaining concerns around the memory usage and\r\n   (arguably somewhat unimportant, but measurable) performance overhead of\r\n   memfds for cloning `/proc/self/exe`, we have added a new protection using\r\n   `overlayfs` that is used if you have enough privileges and the running\r\n   kernel supports it. It has effectively no performance nor memory overhead\r\n   (compared to no cloning at all). (#4448)\r\n * The original fix for [CVE-2024-45310][cve-2024-45310] was intentionally very\r\n   limited in scope to make it easier to review, however it also did not handle\r\n   all possible `os.MkdirAll` cases and thus could lead to regressions. We have\r\n   switched to the more complete implementation in the newer versions of\r\n   `github.com/cyphar/filepath-securejoin`. (#4393, #4400, #4421, #4430)\r\n * In certain situations (a system with lots of mounts or racing mounts) we\r\n   could accidentally end up leaking mounts from the container into the host.\r\n   This has been fixed. (#4417)\r\n * The fallback logic for `O_TMPFILE` clones of `/proc/self/exe` had a minor\r\n   bug that would cause us to miss non-`noexec` directories and thus fail to\r\n   start containers on some systems. (#4444)\r\n * Sometimes the cloned `/proc/self/exe` file descriptor could be placed in a\r\n   way that it would get clobbered by the Go runtime. We had a fix for this\r\n   already but it turns out it could still break in rare circumstances, but it\r\n   has now been fixed. (#4294, #4452)\r\n * It is not possible for `runc kill` to work properly in some specific\r\n   configurations (such as rootless containers with no cgroups and a shared pid\r\n   namespace). We now output a warning for such configurations. (#4398)\r\n * memfd-bind: update the documentation and make path handling with the systemd\r\n   unit more idiomatic. (#4428)\r\n * We now use v0.16 of Cilium's eBPF library, including fixes that quite a few\r\n   downstreams asked for. (#4397, #4396)\r\n * Some internal `runc init` synchronisation that was no longer necessary (due\r\n   to the `/proc/self/exe` cloning move to Go) was removed. (#4441)\r\n\r\n[cve-2024-45310]: https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv\r\n\r\n### Static Linking Notices ###\r\n\r\nThe `runc` binary distributed with this release are *statically linked* with\r\nthe following [GNU LGPL-2.1][lgpl-2.1] licensed libraries, with `runc` acting\r\nas a \"work that uses the Library\":\r\n\r\n[lgpl-2.1]: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html\r\n\r\n  - [libseccomp](https://github.com/seccomp/libseccomp)\r\n\r\nThe versions of these libraries were not modified from their upstream versions,\r\nbut in order to comply with the LGPL-2.1 (&sect;6(a)), we have attached the\r\ncomplete source code for those libraries which (when combined with the attached\r\nrunc source code) may be used to exercise your rights under the LGPL-2.1.\r\n\r\nHowever we strongly suggest that you make use of your distribution's packages\r\nor download them from the authoritative upstream sources, especially since\r\nthese libraries are related to the security of your containers.\r\n\r\n<hr/>\r\n\r\nThanks to all of the contributors who made this release possible:\r\n\r\n * Akhil Mohan <akhilerm@gmail.com>\r\n * Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>\r\n * Aleksa Sarai <cyphar@cyphar.com>\r\n * Amir M. Ghazanfari <a.m.ghazanfari76@gmail.com>\r\n * Kir Kolyshkin <kolyshkin@gmail.com>\r\n * Rafael Roquetto <rafael.roquetto@grafana.com>\r\n * Rodrigo Campos <rodrigoca@microsoft.com>\r\n * Sebastiaan van Stijn <github@gone.nl>\r\n * Stavros Panakakis <stavrospanakakis@gmail.com>\r\n * lifubang <lifubang@acmcoder.com>\r\n\r\nSigned-off-by: Aleksa Sarai <cyphar@cyphar.com>",
+      "publishedAt": "2024-10-22T09:12:21Z",
+      "isLatest": true,
+      "component": "runc",
+      "owner": "opencontainers",
+      "repo": "runc",
+      "release_type": "release"
+    }
+  }
+}
\ No newline at end of file