Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: moby/moby
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v26.1.4
Choose a base ref
...
head repository: moby/moby
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v26.1.5
Choose a head ref
  • 9 commits
  • 14 files changed
  • 4 contributors

Commits on Jun 9, 2024

  1. docs: api: image inspect: remove Container and ContainerConfig 

    The Container and ContainerConfig fields have been deprecated, and removed
since API v1.45 in commit 03cddc6.

This patch fixes the swagger and documentation to no longer mention them
as they are no longer returned by API v1.45 and higher.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ac27a53)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
    @thaJeztah
    thaJeztah committed Jun 9, 2024
    Configuration menu
    Copy the full SHA
    daba246 View commit details
    Browse the repository at this point in the history

Commits on Jun 10, 2024

  1. Merge pull request #47940 from thaJeztah/26.1_backport_api_remove_con… 

    …tainer_containerconfig

[26.1 backport] docs: api: image inspect: remove Container and ContainerConfig
    @thaJeztah
    thaJeztah authored Jun 10, 2024
    Configuration menu
    Copy the full SHA
    d642804 View commit details
    Browse the repository at this point in the history

Commits on Jun 14, 2024

  1. builder/mobyexporter: Add missing nil check 

    Add a nil check to handle a case where the image config JSON would
deserialize into a nil map.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 642242a)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
    @vvoland
    vvoland committed Jun 14, 2024
    Configuration menu
    Copy the full SHA
    c1d4587 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #47986 from vvoland/v26.1-47985 

    [26.1 backport] builder/mobyexporter: Add missing nil check
    @thaJeztah
    thaJeztah authored Jun 14, 2024
    Configuration menu
    Copy the full SHA
    f533464 View commit details
    Browse the repository at this point in the history

Commits on Jul 3, 2024

  1. update to go1.21.12 

    - https://github.com/golang/go/issues?q=milestone%3AGo1.21.12+label%3ACherryPickApproved
- full diff: golang/go@go1.21.11...go1.21.12

These minor releases include 1 security fixes following the security policy:

net/http: denial of service due to improper 100-continue handling

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Thanks to Geoff Franks for reporting this issue.

This is CVE-2024-24791 and Go issue https://go.dev/issue/67555.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.21.12

**- Description for the changelog**

```markdown changelog
Update Go runtime to 1.21.12
```

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 4d1d7c3)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
    @vvoland
    vvoland committed Jul 3, 2024
    Configuration menu
    Copy the full SHA
    6fbdce4 View commit details
    Browse the repository at this point in the history

Commits on Jul 4, 2024

  1. Merge pull request #48123 from vvoland/v26.1-48120 

    [26.1 backport] update to go1.21.12
    @vvoland
    vvoland authored Jul 4, 2024
    Configuration menu
    Copy the full SHA
    6bc4906 View commit details
    Browse the repository at this point in the history

Commits on Jul 17, 2024

  1. Authz plugin security fixes for 0-length content and path validation 

    Signed-off-by: Jameson Hyde <jameson.hyde@docker.com>

fix comments

(cherry picked from commit 9659c3a)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 2ac8a47)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
    @jamesonhyde-docker @vvoland
    jamesonhyde-docker authored and vvoland committed Jul 17, 2024
    Configuration menu
    Copy the full SHA
    820cab9 View commit details
    Browse the repository at this point in the history

  2. If url includes scheme, urlPath will drop hostname, which would not m… 

    …atch the auth check

Signed-off-by: Jameson Hyde <jameson.hyde@docker.com>
(cherry picked from commit 754fb8d)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 5282cb2)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
    @jamesonhyde-docker @vvoland
    jamesonhyde-docker authored and vvoland committed Jul 17, 2024
    Configuration menu
    Copy the full SHA
    9cc85ea View commit details
    Browse the repository at this point in the history

Commits on Jul 23, 2024

  1. Merge commit from fork 

    [26.1] AuthZ plugin security fixes
    @thaJeztah
    thaJeztah authored Jul 23, 2024
    Configuration menu
    Copy the full SHA
    411e817 View commit details
    Browse the repository at this point in the history
Loading