6a0099bc8a
cmd/docker-trust: bump golang.org/x/crypto v0.45.0
...
Hello gophers,
We have tagged version v0.45.0 of golang.org/x/crypto in order to address two
security issues.
This version fixes a vulnerability in the golang.org/x/crypto/ssh package and a
vulnerability in the golang.org/x/crypto/ssh/agent package which could cause
programs to consume unbounded memory or panic respectively.
SSH servers parsing GSSAPI authentication requests don't validate the number of
mechanisms specified in the request, allowing an attacker to cause unbounded
memory consumption.
Thanks to Jakub Ciolek for reporting this issue.
This is CVE-2025-58181 and Go issue https://go.dev/issue/76363 .
SSH Agent servers do not validate the size of messages when processing new
identity requests, which may cause the program to panic if the message is
malformed due to an out of bounds read.
Thanks to Jakub Ciolek for reporting this issue.
This is CVE-2025-47914 and Go issue https://go.dev/issue/76364 .
Cheers, Go Security team
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2025-11-27 14:38:30 +01:00
c90166ffa6
cmd/docker-trust: update dependencies
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2025-11-27 14:37:10 +01:00
eee3e3d015
Merge pull request #6671 from docker/dependabot/github_actions/actions/checkout-6
...
build(deps): bump actions/checkout from 5 to 6
2025-11-27 10:42:16 +01:00
3247a5aae3
Merge pull request #6675 from vvoland/img-list-noellipsis
...
build / prepare-plugins (push) Has been cancelled
build / plugins (push) Has been cancelled
codeql / codeql (push) Has been cancelled
e2e / tests (alpine, 25, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 25, local) (push) Has been cancelled
e2e / tests (alpine, 27, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 27, local) (push) Has been cancelled
e2e / tests (alpine, 28, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 28, local) (push) Has been cancelled
e2e / tests (alpine, 29-rc, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 29-rc, local) (push) Has been cancelled
e2e / tests (debian, 25, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 25, local) (push) Has been cancelled
e2e / tests (debian, 27, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 27, local) (push) Has been cancelled
e2e / tests (debian, 28, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 28, local) (push) Has been cancelled
e2e / tests (debian, 29-rc, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 29-rc, local) (push) Has been cancelled
test / ctn (push) Has been cancelled
test / host (macos-14) (push) Has been cancelled
test / host (macos-15) (push) Has been cancelled
test / host (macos-15-intel) (push) Has been cancelled
validate / validate (lint) (push) Has been cancelled
validate / validate (shellcheck) (push) Has been cancelled
validate / validate (update-authors) (push) Has been cancelled
validate / validate (validate-vendor) (push) Has been cancelled
validate / validate-md (push) Has been cancelled
validate / validate-make (manpages) (push) Has been cancelled
validate / validate-make (yamldocs) (push) Has been cancelled
image/tree: Allow image names to overflow instead of truncating
2025-11-24 21:35:37 +00:00
4759615835
image/tree: Allow image names to overflow instead of truncating
...
Users were experiencing poor UX when image names were truncated in the
table output.
Instead of cutting off long image names with ellipsis, the names now
wrap to the next line to ensure full visibility.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com >
2025-11-24 22:12:37 +01:00
3099d4716c
build(deps): bump actions/checkout from 5 to 6
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-11-21 08:04:55 +00:00
511dad69d0
Merge pull request #6667 from thaJeztah/use_format
...
build / prepare-plugins (push) Has been cancelled
build / plugins (push) Has been cancelled
codeql / codeql (push) Has been cancelled
e2e / tests (alpine, 25, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 25, local) (push) Has been cancelled
e2e / tests (alpine, 27, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 27, local) (push) Has been cancelled
e2e / tests (alpine, 28, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 28, local) (push) Has been cancelled
e2e / tests (alpine, 29-rc, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 29-rc, local) (push) Has been cancelled
e2e / tests (debian, 25, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 25, local) (push) Has been cancelled
e2e / tests (debian, 27, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 27, local) (push) Has been cancelled
e2e / tests (debian, 28, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 28, local) (push) Has been cancelled
e2e / tests (debian, 29-rc, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 29-rc, local) (push) Has been cancelled
test / ctn (push) Has been cancelled
test / host (macos-14) (push) Has been cancelled
test / host (macos-15) (push) Has been cancelled
test / host (macos-15-intel) (push) Has been cancelled
validate / validate (lint) (push) Has been cancelled
validate / validate (shellcheck) (push) Has been cancelled
validate / validate (update-authors) (push) Has been cancelled
validate / validate (validate-vendor) (push) Has been cancelled
validate / validate-md (push) Has been cancelled
validate / validate-make (manpages) (push) Has been cancelled
validate / validate-make (yamldocs) (push) Has been cancelled
image ls: allow custom format in cli config
2025-11-20 16:31:07 +00:00
11f24b8458
Merge pull request #6668 from robmry/builttime-format
...
docker version: restore top-level BuildTime to RFC3339Nano format
2025-11-20 16:21:40 +00:00
d84396d4eb
image ls: allow custom format in cli config
...
Setting a custom format in the cli cofig should still be supported,
and not produce an error when specifying "--tree". Specifyihg both
"--tree" and "--format" still produces an error, but we could consider
allowing "json" format in a future update.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2025-11-20 16:20:33 +00:00
6751cd1690
docker version: restore top-level BuildTime to RFC3339Nano
...
Introduced by bff56f0rob.murray@docker.com >
2025-11-20 15:57:24 +00:00
8108357bcb
Merge pull request #6662 from dvdksn/doc-update-http-proxy-link
...
build / prepare-plugins (push) Has been cancelled
build / plugins (push) Has been cancelled
codeql / codeql (push) Has been cancelled
e2e / tests (alpine, 25, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 25, local) (push) Has been cancelled
e2e / tests (alpine, 27, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 27, local) (push) Has been cancelled
e2e / tests (alpine, 28, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 28, local) (push) Has been cancelled
e2e / tests (alpine, 29-rc, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 29-rc, local) (push) Has been cancelled
e2e / tests (debian, 25, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 25, local) (push) Has been cancelled
e2e / tests (debian, 27, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 27, local) (push) Has been cancelled
e2e / tests (debian, 28, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 28, local) (push) Has been cancelled
e2e / tests (debian, 29-rc, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 29-rc, local) (push) Has been cancelled
test / ctn (push) Has been cancelled
test / host (macos-14) (push) Has been cancelled
test / host (macos-15) (push) Has been cancelled
test / host (macos-15-intel) (push) Has been cancelled
validate / validate (lint) (push) Has been cancelled
validate / validate (shellcheck) (push) Has been cancelled
validate / validate (update-authors) (push) Has been cancelled
validate / validate (validate-vendor) (push) Has been cancelled
validate / validate-md (push) Has been cancelled
validate / validate-make (manpages) (push) Has been cancelled
validate / validate-make (yamldocs) (push) Has been cancelled
chore: update link/linktext to dockerd proxy config
2025-11-17 11:19:50 +01:00
3a842587f9
chore: update link/linktext to dockerd proxy config
...
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com >
2025-11-17 11:00:04 +01:00
eedd9698e9
Merge pull request #6659 from vvoland/fix-system-version
...
build / prepare-plugins (push) Has been cancelled
build / plugins (push) Has been cancelled
codeql / codeql (push) Has been cancelled
e2e / tests (alpine, 25, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 25, local) (push) Has been cancelled
e2e / tests (alpine, 27, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 27, local) (push) Has been cancelled
e2e / tests (alpine, 28, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 28, local) (push) Has been cancelled
e2e / tests (alpine, 29-rc, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 29-rc, local) (push) Has been cancelled
e2e / tests (debian, 25, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 25, local) (push) Has been cancelled
e2e / tests (debian, 27, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 27, local) (push) Has been cancelled
e2e / tests (debian, 28, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 28, local) (push) Has been cancelled
e2e / tests (debian, 29-rc, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 29-rc, local) (push) Has been cancelled
test / ctn (push) Has been cancelled
test / host (macos-14) (push) Has been cancelled
test / host (macos-15) (push) Has been cancelled
test / host (macos-15-intel) (push) Has been cancelled
validate / validate (lint) (push) Has been cancelled
validate / validate (shellcheck) (push) Has been cancelled
validate / validate (update-authors) (push) Has been cancelled
validate / validate (validate-vendor) (push) Has been cancelled
validate / validate-md (push) Has been cancelled
validate / validate-make (manpages) (push) Has been cancelled
validate / validate-make (yamldocs) (push) Has been cancelled
cli/command/system: Fix missing components in version output
2025-11-13 22:27:39 +01:00
dd2c493825
cli/command/system: Fix missing components in version output
...
The `Components` weren't actually copied to the output struct.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com >
2025-11-13 21:19:41 +01:00
67cef775fe
Merge pull request #6658 from vvoland/img-list-all-dangling
...
image/tree: Only show untagged images when --all flag is used
2025-11-13 20:53:26 +01:00
207bf52c27
image/tree: Only show untagged images when --all flag is used
...
In non-expanded view, untagged images should only be displayed when the
--all flag is explicitly provided by the user.
Previously, untagged images were accidentally always shown in the
non-expanded view regardless of the --all flag setting.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com >
2025-11-13 20:23:42 +01:00
2cfd9df568
Merge pull request #6654 from vvoland/img-list-nocolor
...
image/tree: Respect NO_COLOR env variable
2025-11-13 15:10:10 +01:00
be9e6308f5
image/tree: Respect NO_COLOR env variable
...
Do not use the fancy colored output if NO_COLOR variable is set to 1
following the https://no-color.org/ convention.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com >
2025-11-13 14:56:27 +01:00
88e324150b
Merge pull request #6657 from vvoland/img-list-nonexpanded-untagged
...
image/tree: Fix untagged images in non-expanded view
2025-11-13 13:20:46 +01:00
2ae51e2d69
Merge pull request #6656 from vvoland/img-list-notty-width
...
image/tree: Don't limit name width if non tty
2025-11-13 13:19:30 +01:00
ed281ddf52
image/list: Print legend only if limiting width
...
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com >
2025-11-13 13:00:02 +01:00
aa5d00a3a4
image/tree: Don't limit name width if non tty
...
Previously when no terminal was attached the width was assumed to be 80.
This is too short for most image names which truncated the names when
output was redirect (for example to `grep`).
This disabled the name truncation if the terminal width can't be
determined.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com >
2025-11-13 12:59:46 +01:00
b66b93130c
image/tree: Fix untagged images in non-expanded view
...
In the expanded view there is a separate image entry per each tag.
Fix a bug which caused no entry to be added for untagged images.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com >
2025-11-13 12:47:24 +01:00
c44e8a0727
Merge pull request #6648 from thaJeztah/cli_version_json_format
...
cli/command/system: define struct for formatting version
2025-11-12 18:09:53 +01:00
bff56f0493
cli/command/system: define struct for formatting version
...
The client.ServerVersion method in the moby/client module defines
an output struct that's separate from the API response. These output
structs are not designed to be marshaled as JSON, but the CLI depended
on them defining `json` labels, which it used to format the output
as JSON (`docker version --format=json`); as a result, the JSON output
changed in docker v29, as it would now use the naming based on the Go
struct's fields (`APIVersion` instead of `ApiVersion`).
In future, we should consider having a `--raw` (or similar) option for
the CLI to print API responses as-is, instead of using client structs
or CLI structs for this (this would also make sure the JSON output does
not inherit client-side formatting of fields).
For now, let's create a struct for formatting the output, similar to what
we do for the client-side information.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2025-11-12 14:57:13 +01:00
3d4129b9ea
Merge pull request #6644 from thaJeztah/connhelper_nowarn
...
build / prepare-plugins (push) Has been cancelled
build / plugins (push) Has been cancelled
codeql / codeql (push) Has been cancelled
e2e / tests (alpine, 25, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 25, local) (push) Has been cancelled
e2e / tests (alpine, 27, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 27, local) (push) Has been cancelled
e2e / tests (alpine, 28, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 28, local) (push) Has been cancelled
e2e / tests (alpine, 29-rc, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 29-rc, local) (push) Has been cancelled
e2e / tests (debian, 25, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 25, local) (push) Has been cancelled
e2e / tests (debian, 27, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 27, local) (push) Has been cancelled
e2e / tests (debian, 28, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 28, local) (push) Has been cancelled
e2e / tests (debian, 29-rc, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 29-rc, local) (push) Has been cancelled
test / ctn (push) Has been cancelled
test / host (macos-14) (push) Has been cancelled
test / host (macos-15) (push) Has been cancelled
test / host (macos-15-intel) (push) Has been cancelled
validate / validate (lint) (push) Has been cancelled
validate / validate (shellcheck) (push) Has been cancelled
validate / validate (update-authors) (push) Has been cancelled
validate / validate (validate-vendor) (push) Has been cancelled
validate / validate-md (push) Has been cancelled
validate / validate-make (manpages) (push) Has been cancelled
validate / validate-make (yamldocs) (push) Has been cancelled
cli/connhelper/commandcon: remove warn logs
2025-11-10 22:42:38 +01:00
d787e70a14
cli/connhelper/commandcon: remove warn logs
...
These were originally added in 6f61cf053agithub@gone.nl >
2025-11-10 22:36:41 +01:00
e730f6f0f3
Merge pull request #6643 from thaJeztah/bump_modules2
...
vendor: github.com/moby/moby/api v1.52.0, moby/client v0.1.0
2025-11-10 22:04:44 +01:00
6ac3f93755
Merge pull request #6578 from thaJeztah/bump_otel_semconv
...
cli/command: update to semconv v1.37.0, otel v1.38.0
2025-11-10 22:04:29 +01:00
ebc1995f9f
vendor: github.com/moby/moby/api v1.52.0, moby/client v0.1.0
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2025-11-10 21:57:40 +01:00
31d1a59d07
Merge pull request #6642 from vvoland/swarm-compose-work
...
swarm: revert compose/stack support for memory swappiness
2025-11-10 19:09:49 +01:00
ad96811f12
swarm: Add memory swap support (no stack/compose support)
...
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com >
2025-11-10 17:48:56 +01:00
6ba06b5fb4
Revert "cli/compose: add schema 3.14 (no changes from 3.13 yet)"
...
This reverts commit d0c86d39efpawel.gronowski@docker.com >
2025-11-10 17:48:55 +01:00
e0716b571f
Revert "Add memory swap to swarm"
...
This reverts commit 71828f2792pawel.gronowski@docker.com >
2025-11-10 17:48:54 +01:00
179efae8b0
Merge pull request #6641 from thaJeztah/bump_modules
...
vendor: github.com/moby/moby/api, moby/client master
2025-11-10 17:03:43 +01:00
4b450f113b
vendor: github.com/moby/moby/api, moby/client master
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2025-11-10 16:32:05 +01:00
ee244f2f44
Merge pull request #6636 from thaJeztah/add_missing_gobuild
...
build / prepare-plugins (push) Has been cancelled
build / plugins (push) Has been cancelled
codeql / codeql (push) Has been cancelled
e2e / tests (alpine, 25, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 25, local) (push) Has been cancelled
e2e / tests (alpine, 27, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 27, local) (push) Has been cancelled
e2e / tests (alpine, 28, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 28, local) (push) Has been cancelled
e2e / tests (alpine, 29-rc, connhelper-ssh) (push) Has been cancelled
e2e / tests (alpine, 29-rc, local) (push) Has been cancelled
e2e / tests (debian, 25, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 25, local) (push) Has been cancelled
e2e / tests (debian, 27, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 27, local) (push) Has been cancelled
e2e / tests (debian, 28, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 28, local) (push) Has been cancelled
e2e / tests (debian, 29-rc, connhelper-ssh) (push) Has been cancelled
e2e / tests (debian, 29-rc, local) (push) Has been cancelled
test / ctn (push) Has been cancelled
test / host (macos-14) (push) Has been cancelled
test / host (macos-15) (push) Has been cancelled
test / host (macos-15-intel) (push) Has been cancelled
validate / validate (lint) (push) Has been cancelled
validate / validate (shellcheck) (push) Has been cancelled
validate / validate (update-authors) (push) Has been cancelled
validate / validate (validate-vendor) (push) Has been cancelled
validate / validate-md (push) Has been cancelled
validate / validate-make (manpages) (push) Has been cancelled
validate / validate-make (yamldocs) (push) Has been cancelled
cli/command/system: add missing "go:build"
2025-11-07 01:34:14 +01:00
0c101c4aa7
Merge pull request #6635 from thaJeztah/bump_modules
...
vendor: github.com/moby/moby/api v1.52.0-rc.1, moby/client v0.1.0-rc.1
2025-11-07 01:31:10 +01:00
1d789e4099
cli/command/system: add missing "go:build"
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2025-11-07 01:27:47 +01:00
b3824015d6
vendor: github.com/moby/moby/api v1.52.0-rc.1, moby/client v0.1.0-rc.1
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2025-11-07 01:26:13 +01:00
c4f240cc7d
Merge pull request #6606 from dvdksn/update-libnetwork-docs-link
...
docs: update link to libnetwork protocol doc
2025-11-07 01:12:41 +01:00
5b443bf269
Merge pull request #6619 from dperny/swarm-memory-swap
...
Add memory swap to swarm
2025-11-07 01:03:26 +01:00
eaa6114d9e
Merge pull request #6634 from thaJeztah/remove_replace
...
vendor.mod: remove replace
2025-11-07 00:55:53 +01:00
c9e6b41293
Merge pull request #6633 from dvdksn/docs-update-dd-documentation-link
...
chore: update broken link to restrucured docker desktop documentation
2025-11-07 00:34:43 +01:00
d67291026e
vendor.mod: remove replace
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2025-11-07 00:32:57 +01:00
41088ed7d0
vendor: go.opentelemetry.io/auto/sdk v1.2.1
...
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com >
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2025-11-07 00:29:26 +01:00
712f569f17
vendor: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0
...
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com >
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2025-11-07 00:29:26 +01:00
7736f5e606
vendor: align other otel packages to v1.38.0
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2025-11-07 00:29:24 +01:00
d45551dac9
cli/command: update to semconv v1.37.0, otel v1.38.0
...
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com >
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2025-11-07 00:27:34 +01:00
71828f2792
Add memory swap to swarm
...
Adds support for setting memory swap settings on Swarm services
* Adds flags `memory-swap` and `memory-swappiness` to `docker service
create` and `docker service update` commands.
* Adds compose fields `memswap_limit` and `mem_swappiness` for `docker
stack` commands.
Signed-off-by: Drew Erny <derny@mirantis.com >
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2025-11-07 00:24:44 +01:00
