Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
The Docker CLI
8,980 Commits 11 Branches 241 Tags 240 MiB
Go 91.3%
Shell 5.8%
Go-Checksums 1.3%
Dockerfile 1.1%
Makefile 0.3%
Other 0.2%
Go to file
Sebastiaan van Stijn 4b00be585c
update to go1.20.8 
go1.20.8 (released 2023-09-06) includes two security fixes to the html/template
package, as well as bug fixes to the compiler, the go command, the runtime,
and the crypto/tls, go/types, net/http, and path/filepath packages. See the
Go 1.20.8 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.8+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.20.7...go1.20.8

From the security mailing:

[security] Go 1.21.1 and Go 1.20.8 are released

Hello gophers,

We have just released Go versions 1.21.1 and 1.20.8, minor point releases.

These minor releases include 4 security fixes following the security policy:

- cmd/go: go.mod toolchain directive allows arbitrary execution
  The go.mod toolchain directive, introduced in Go 1.21, could be leveraged to
  execute scripts and binaries relative to the root of the module when the "go"
  command was executed within the module. This applies to modules downloaded using
  the "go" command from the module proxy, as well as modules downloaded directly
  using VCS software.

  Thanks to Juho Nurminen of Mattermost for reporting this issue.

  This is CVE-2023-39320 and Go issue https://go.dev/issue/62198.

- html/template: improper handling of HTML-like comments within script contexts
  The html/template package did not properly handle HMTL-like "<!--" and "-->"
  comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may
  cause the template parser to improperly interpret the contents of <script>
  contexts, causing actions to be improperly escaped. This could be leveraged to
  perform an XSS attack.

  Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this
  issue.

  This is CVE-2023-39318 and Go issue https://go.dev/issue/62196.

- html/template: improper handling of special tags within script contexts
  The html/template package did not apply the proper rules for handling occurrences
  of "<script", "<!--", and "</script" within JS literals in <script> contexts.
  This may cause the template parser to improperly consider script contexts to be
  terminated early, causing actions to be improperly escaped. This could be
  leveraged to perform an XSS attack.

  Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this
  issue.

  This is CVE-2023-39319 and Go issue https://go.dev/issue/62197.

- crypto/tls: panic when processing post-handshake message on QUIC connections
  Processing an incomplete post-handshake message for a QUIC connection caused a panic.

  Thanks to Marten Seemann for reporting this issue.

  This is CVE-2023-39321 and CVE-2023-39322 and Go issue https://go.dev/issue/62266.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 		2023-09-11 15:49:14 +02:00
.circleci dummy circleci config 2022-02-25 21:15:39 +01:00
.github update to go1.20.8 2023-09-11 15:49:14 +02:00
cli Create default EndpointSettings if no --network provided 2023-09-10 17:19:43 +02:00
cli-plugins cli: SetupRootCommand: remove redundant flags return 2023-06-28 16:26:50 +02:00
cmd/docker cmd/docker: areFlagsSupported: don't Ping if not needed 2023-08-22 09:34:09 +02:00
contrib/completion Stop slowing bash init by caching plugins path slowly 2023-08-23 13:40:29 +03:00
dockerfiles update to go1.20.8 2023-09-11 15:49:14 +02:00
docs cli/command/system: fix "docker events" not supporting --format=json 2023-08-29 14:48:49 +02:00
e2e update to go1.20.8 2023-09-11 15:49:14 +02:00
experimental experimental: fix broken link to "checkpoint and restore" page 2021-09-07 13:30:48 +02:00
internal/test e2e: Skip tests with platform-specific digests on other platforms 2023-04-27 10:57:56 +02:00
man Merge pull request #4524 from thaJeztah/docs_update_golang_links 2023-08-25 17:22:47 +02:00
opts vendor: github.com/docker/docker a65c948e7edf (v25.0.0-dev) 2023-08-28 21:11:17 +02:00
scripts update cli-docs-tool to v0.6.0 2023-08-28 01:58:58 +02:00
service/logs service/logs: use strings.Cut 2022-12-29 15:19:31 +01:00
templates staticcheck: ignore SA1019: strings.Title is deprecated 2022-03-28 17:23:06 +02:00
vendor vendor: github.com/docker/docker 06499c52e2b1 (v25.0.0-dev) 2023-09-08 01:55:58 +02:00
.dockerignore validate manpages target 2022-02-25 17:11:17 +01:00
.gitattributes fix linguist with .gitattributes 2021-12-16 21:16:02 +01:00
.gitignore validate manpages target 2022-02-25 17:11:17 +01:00
.golangci.yml vendor: gotest.tools/v3 v3.5.0 2023-07-29 21:04:40 +02:00
.mailmap Update mailmap and AUTHORS 2022-12-01 10:04:48 +01:00
AUTHORS Update AUTHORS header to indicate it's generated 2022-12-01 10:05:22 +01:00
CONTRIBUTING.md CONTRIBUTING.md: update links 2023-08-25 14:09:07 +02:00
Dockerfile update to go1.20.8 2023-09-11 15:49:14 +02:00
LICENSE Add project files 2017-04-17 17:49:33 -04:00
MAINTAINERS MAINTAINERS: add myself as curator 2023-02-07 10:13:53 -07:00
Makefile docs: generate markdown 2023-01-06 22:36:47 +01:00
NOTICE switch kr/pty to creack/pty v1.1.7 2019-07-29 16:45:41 -07:00
README.md README: fix badges 2023-01-13 19:18:26 +01:00
TESTING.md tweak description of login/logout 2022-04-04 10:44:11 +02:00
VERSION Update version to v25.0.0-dev 2023-05-08 08:57:19 +02:00
codecov.yml Drop support for (archived) Compose-on-Kubernetes 2022-02-22 13:47:34 +01:00
docker-bake.hcl update to go1.20.8 2023-09-11 15:49:14 +02:00
docker.Makefile docs: generate markdown 2023-01-06 22:36:47 +01:00
vendor.mod vendor: github.com/docker/docker 06499c52e2b1 (v25.0.0-dev) 2023-09-08 01:55:58 +02:00
vendor.sum vendor: github.com/docker/docker 06499c52e2b1 (v25.0.0-dev) 2023-09-08 01:55:58 +02:00

README.md

Docker CLI

PkgGoDev Build Status Test Status Go Report Card Codecov

About

This repository is the home of the cli used in the Docker CE and Docker EE products.

Development

docker/cli is developed using Docker.

Build CLI from source:

docker buildx bake

Build binaries for all supported platforms:

docker buildx bake cross

Build for a specific platform:

docker buildx bake --set binary.platform=linux/arm64

Build dynamic binary for glibc or musl:

USE_GLIBC=1 docker buildx bake dynbinary

Run all linting:

docker buildx bake lint shellcheck

Run test:

docker buildx bake test

List all the available targets:

make help

In-container development environment

Start an interactive development environment:

make -f docker.Makefile shell

Legal

Brought to you courtesy of our legal counsel. For more context, please see the NOTICE document in this repo.

Use and transfer of Docker may be subject to certain restrictions by the United States and other governments.

It is your responsibility to ensure that your use and/or transfer does not violate applicable laws.

For more information, please see https://www.bis.doc.gov

Licensing

docker/cli is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.