Go to file

Paweł Gronowski fe7fc2ff7f update to go1.24.4

- https://github.com/golang/go/issues?q=milestone%3AGo1.24.4+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.24.3...go1.24.4

This release includes 3 security fixes following the security policy:

- net/http: sensitive headers not cleared on cross-origin redirect

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this issue.

This is CVE-2025-4673 and Go issue https://go.dev/issue/73816.

- os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location.

OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

Thanks to Junyoung Park and Dong-uk Kim of KAIST Hacking Lab for discovering this issue.

This is CVE-2025-0913 and Go issue https://go.dev/issue/73702.

- crypto/x509: usage of ExtKeyUsageAny disables policy validation

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

Thanks to Krzysztof Skrzętnicki (@Tener) of Teleport for reporting this issue.

This is CVE-2025-22874 and Go issue https://go.dev/issue/73612.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>

2025-06-09 16:25:41 +02:00

.github

update to go1.24.4

2025-06-09 16:25:41 +02:00

cli

cli/config/configfile: explicitly ignore error

2025-05-28 09:55:33 +02:00

cli-plugins

golangci-lint: enable exhaustive linter

2025-05-19 20:14:04 +02:00

cmd/docker

vendor: github.com/docker/docker 7937f0846c13 (master, v28.x dev)

2025-05-19 14:07:50 +02:00

contrib

move hack/otel to contrib

2025-04-17 23:57:50 +02:00

dockerfiles

update to go1.24.4

2025-06-09 16:25:41 +02:00

docs

docs: fix link to live-restore

2025-06-02 12:56:04 +02:00

e2e

update to go1.24.4

2025-06-09 16:25:41 +02:00

experimental

deprecate experimental graphdriver plugins

2024-06-18 16:47:00 +02:00

internal

cli/internal/oauth: move to top-level "internal"

2025-05-06 20:09:28 +02:00

man

man: rewrite to use cli-docs-tool manpage generator

2025-03-25 17:07:40 +01:00

opts

feat: relative parent paths on bind mount src

2025-05-22 08:15:32 +02:00

pkg/kvfile

move parsing key-value files to a separate package

2024-10-04 12:27:10 +02:00

scripts

set CGO_ENABLED=1 on loong64

2025-04-16 14:52:19 +08:00

templates

update go:build tags to go1.23 to align with vendor.mod

2025-04-17 10:43:47 +02:00

vendor

vendor: github.com/docker/docker v28.2.2

2025-05-30 17:37:57 +02:00

.dockerignore

move winresources into cmd/docker

2025-03-08 22:20:09 +01:00

.gitattributes

fix: binary file line endings

2024-09-06 10:23:23 +02:00

.gitignore

move winresources into cmd/docker

2025-03-08 22:20:09 +01:00

.golangci.yml

update to go1.24.4

2025-06-09 16:25:41 +02:00

.mailmap

update .mailmap and authors

2025-05-16 12:58:03 +02:00

AUTHORS

update .mailmap and authors

2025-05-16 12:58:03 +02:00

codecov.yml

Drop support for (archived) Compose-on-Kubernetes

2022-02-22 13:47:34 +01:00

CONTRIBUTING.md

chore: update commit guidelines in CONTRIBUTING.md

2024-11-26 12:38:28 +01:00

docker-bake.hcl

update to go1.24.4

2025-06-09 16:25:41 +02:00

docker.Makefile

workflow/e2e: only run experimental daemon

2025-03-10 12:26:20 +01:00

Dockerfile

update to go1.24.4

2025-06-09 16:25:41 +02:00

LICENSE

Add project files

2017-04-17 17:49:33 -04:00

MAINTAINERS

not actually a maintainer

2023-11-10 21:35:15 +01:00

Makefile

rewrite using "with-go-mod.sh" script and "go run"

2025-03-21 00:36:47 +01:00

NOTICE

Removed all mentions of "please" from docs and messages

2024-06-11 16:53:40 +02:00

README.md

README: update pkg.go.dev badge, add OpenSSF scorecard

2024-10-12 22:12:38 +02:00

SECURITY.md

add security policy

2024-08-05 11:58:34 +02:00

TESTING.md

tweak description of login/logout

2022-04-04 10:44:11 +02:00

vendor.mod

vendor: github.com/docker/docker v28.2.2

2025-05-30 17:37:57 +02:00

vendor.sum

vendor: github.com/docker/docker v28.2.2

2025-05-30 17:37:57 +02:00

VERSION

bump version to v28.2.0-dev

2025-05-16 13:00:20 +02:00

README.md

Docker CLI

About

This repository is the home of the Docker CLI.

Development

docker/cli is developed using Docker.

Build CLI from source:

docker buildx bake

Build binaries for all supported platforms:

docker buildx bake cross

Build for a specific platform:

docker buildx bake --set binary.platform=linux/arm64

Build dynamic binary for glibc or musl:

USE_GLIBC=1 docker buildx bake dynbinary

Run all linting:

docker buildx bake lint shellcheck

Run test:

docker buildx bake test

List all the available targets:

make help

In-container development environment

Start an interactive development environment:

make -f docker.Makefile shell

Legal

Brought to you courtesy of our legal counsel. For more context, see the NOTICE document in this repo.

Use and transfer of Docker may be subject to certain restrictions by the United States and other governments.

It is your responsibility to ensure that your use and/or transfer does not violate applicable laws.

For more information, see https://www.bis.doc.gov

Licensing

docker/cli is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Languages

Go 92%

Shell 5.5%

Dockerfile 1.1%

Go-Checksums 0.9%

Makefile 0.3%

Other 0.2%