The Docker CLI
Go to file
Sebastiaan van Stijn 99e34836ce
update go to go1.20.4
go1.20.4 (released 2023-05-02) includes three security fixes to the html/template
package, as well as bug fixes to the compiler, the runtime, and the crypto/subtle,
crypto/tls, net/http, and syscall packages. See the Go 1.20.4 milestone on our
issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.20.4+label%3ACherryPickApproved

release notes: https://go.dev/doc/devel/release#go1.20.4
full diff: https://github.com/golang/go/compare/go1.20.3...go1.20.4

from the announcement:

> These minor releases include 3 security fixes following the security policy:
>
> - html/template: improper sanitization of CSS values
>
>   Angle brackets (`<>`) were not considered dangerous characters when inserted
>   into CSS contexts. Templates containing multiple actions separated by a '/'
>   character could result in unexpectedly closing the CSS context and allowing
>   for injection of unexpected HMTL, if executed with untrusted input.
>
>   Thanks to Juho Nurminen of Mattermost for reporting this issue.
>
>   This is CVE-2023-24539 and Go issue https://go.dev/issue/59720.
>
> - html/template: improper handling of JavaScript whitespace
>
>   Not all valid JavaScript whitespace characters were considered to be
>   whitespace. Templates containing whitespace characters outside of the character
>   set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain
>   actions may not be properly sanitized during execution.
>
>   Thanks to Juho Nurminen of Mattermost for reporting this issue.
>
>   This is CVE-2023-24540 and Go issue https://go.dev/issue/59721.
>
> - html/template: improper handling of empty HTML attributes
>
>   Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}")
>   executed with empty input could result in output that would have unexpected
>   results when parsed due to HTML normalization rules. This may allow injection
>   of arbitrary attributes into tags.
>
>   Thanks to Juho Nurminen of Mattermost for reporting this issue.
>
>   This is CVE-2023-29400 and Go issue https://go.dev/issue/59722.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit fd0621d0fe)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-17 11:57:51 +02:00
.circleci dummy circleci config 2022-02-25 21:15:39 +01:00
.github update go to go1.20.4 2023-07-17 11:57:51 +02:00
cli cli/connhelper/commandconn: remove name for unused arg (revive) 2023-07-15 15:25:23 +02:00
cli-plugins cli-plugins/manager: fix deprecation comment of Metadata.Experimental 2023-05-09 22:21:46 +02:00
cmd/docker Handle empty DOCKER_BUILDKIT like unset 2023-04-19 15:53:40 +02:00
contrib/completion volumes: prune: add --all / -a option 2023-04-26 12:06:39 +02:00
dockerfiles update go to go1.20.4 2023-07-17 11:57:51 +02:00
docs docs: fix example for proxies in daemon.json 2023-05-19 17:29:05 +02:00
e2e update go to go1.20.4 2023-07-17 11:57:51 +02:00
experimental experimental: fix broken link to "checkpoint and restore" page 2021-09-07 13:30:48 +02:00
internal/test internal/test: FakeCli: remove name for unused arg (revive) 2023-07-15 15:25:45 +02:00
man docs: update dockerd usage output for new proxy-options 2023-04-13 13:59:39 +02:00
opts opts: NormalizeCapability(): fix redefinition of the built-in function (revive) 2023-07-15 15:21:17 +02:00
scripts scripts/docs/generate-md.sh: fix location of generate code 2023-04-09 23:00:14 +02:00
service/logs service/logs: use strings.Cut 2022-12-29 15:19:31 +01:00
templates staticcheck: ignore SA1019: strings.Title is deprecated 2022-03-28 17:23:06 +02:00
vendor [23.0] vendor: github.com/docker/docker 0420d2b33c42 (23.0.7-dev) 2023-07-15 15:57:36 +02:00
.dockerignore validate manpages target 2022-02-25 17:11:17 +01:00
.gitattributes fix linguist with .gitattributes 2021-12-16 21:16:02 +01:00
.gitignore validate manpages target 2022-02-25 17:11:17 +01:00
.golangci.yml Use gofumpt if available, and enable gofumpt linter 2022-09-30 19:14:36 +02:00
.mailmap Update mailmap and AUTHORS 2022-12-01 10:04:48 +01:00
AUTHORS Update AUTHORS header to indicate it's generated 2022-12-01 10:05:22 +01:00
CONTRIBUTING.md Use gofumpt if available, and enable gofumpt linter 2022-09-30 19:14:36 +02:00
Dockerfile update go to go1.20.4 2023-07-17 11:57:51 +02:00
LICENSE Add project files 2017-04-17 17:49:33 -04:00
MAINTAINERS Add Sam Thibault (sam-thibault) as curator 2022-11-25 11:35:41 +01:00
Makefile docs: generate markdown 2023-01-06 22:36:47 +01:00
NOTICE switch kr/pty to creack/pty v1.1.7 2019-07-29 16:45:41 -07:00
README.md README: fix badges 2023-01-13 19:18:26 +01:00
TESTING.md tweak description of login/logout 2022-04-04 10:44:11 +02:00
VERSION Update version to v23.0.0-dev 2022-11-24 19:43:32 +01:00
codecov.yml Drop support for (archived) Compose-on-Kubernetes 2022-02-22 13:47:34 +01:00
docker-bake.hcl update go to go1.20.4 2023-07-17 11:57:51 +02:00
docker.Makefile docs: generate markdown 2023-01-06 22:36:47 +01:00
vendor.mod [23.0] vendor: github.com/docker/docker 0420d2b33c42 (23.0.7-dev) 2023-07-15 15:57:36 +02:00
vendor.sum [23.0] vendor: github.com/docker/docker 0420d2b33c42 (23.0.7-dev) 2023-07-15 15:57:36 +02:00

README.md

Docker CLI

PkgGoDev Build Status Test Status Go Report Card Codecov

About

This repository is the home of the cli used in the Docker CE and Docker EE products.

Development

docker/cli is developed using Docker.

Build CLI from source:

docker buildx bake

Build binaries for all supported platforms:

docker buildx bake cross

Build for a specific platform:

docker buildx bake --set binary.platform=linux/arm64 

Build dynamic binary for glibc or musl:

USE_GLIBC=1 docker buildx bake dynbinary 

Run all linting:

docker buildx bake lint shellcheck

Run test:

docker buildx bake test

List all the available targets:

make help

In-container development environment

Start an interactive development environment:

make -f docker.Makefile shell

Brought to you courtesy of our legal counsel. For more context, please see the NOTICE document in this repo.

Use and transfer of Docker may be subject to certain restrictions by the United States and other governments.

It is your responsibility to ensure that your use and/or transfer does not violate applicable laws.

For more information, please see https://www.bis.doc.gov

Licensing

docker/cli is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.