The BuildCache.Parent field was removed in API v1.42 in [moby@e0db820].
While we had to keep the Go struct field around to backfil the field for
older API versions, it's no longer part of API v1.42 and up (using the
"omitempty" is just an implementation detail).
This patch corrects the swagger files to match this.
[moby@e0db820]: e0db8207f3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a5d9619093)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When DOCKERD_ROOTLESS_ROOTLESSKIT_MTU is not set, and ...
- DOCKERD_ROOTLESS_ROOTLESSKIT_NET is not set and slirp4netns
is selected, MTU defaults to 65520.
- DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns, MTU defaults
to 1500.
Change the logic so that, however slirp4netns is selected, MTU
defaults to 65520.
Signed-off-by: Rob Murray <rob.murray@docker.com>
(cherry picked from commit a6206f2da9)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This minor release includes 10 security fixes following the security policy:
- net/mail: excessive CPU consumption in ParseAddress
The ParseAddress function constructed domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this could cause excessive CPU consumption.
Thanks to Philippe Antoine (Catena cyber) for reporting this issue.
This is CVE-2025-61725 and Go issue https://go.dev/issue/75680.
- crypto/x509: quadratic complexity when checking name constraints
Due to the design of the name constraint checking algorithm, the processing time
of some inputs scales non-linearly with respect to the size of the certificate.
This affects programs which validate arbitrary certificate chains.
Thanks to Jakub Ciolek for reporting this issue.
This is CVE-2025-58187 and Go issue https://go.dev/issue/75681.
- crypto/tls: ALPN negotiation errors can contain arbitrary text
The crypto/tls conn.Handshake method returns an error on the server-side when
ALPN negotation fails which can contain arbitrary attacker controlled
information provided by the client-side of the connection which is not escaped.
This affects programs which log these errors without any additional form of
sanitization, and may allow injection of attacker controlled information into
logs.
Thanks to National Cyber Security Centre Finland for reporting this issue.
This is CVE-2025-58189 and Go issue https://go.dev/issue/75652.
- encoding/pem: quadratic complexity when parsing some invalid inputs
Due to the design of the PEM parsing function, the processing time for some
inputs scales non-linearly with respect to the size of the input.
This affects programs which parse untrusted PEM inputs.
Thanks to Jakub Ciolek for reporting this issue.
This is CVE-2025-61723 and Go issue https://go.dev/issue/75676.
- net/url: insufficient validation of bracketed IPv6 hostnames
The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.
Thanks to Enze Wang, Jingcheng Yang and Zehui Miao of Tsinghua University for reporting this issue.
This is CVE-2025-47912 and Go issue https://go.dev/issue/75678.
- encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion
When parsing DER payloads, memories were being allocated prior to fully validating the payloads.
This permits an attacker to craft a big empty DER payload to cause memory exhaustion in functions such as asn1.Unmarshal, x509.ParseCertificateRequest, and ocsp.ParseResponse.
Thanks to Jakub Ciolek for reporting this issue.
This is CVE-2025-58185 and Go issue https://go.dev/issue/75671.
- net/http: lack of limit when parsing cookies can cause memory exhaustion
Despite HTTP headers having a default limit of 1 MB, the number of cookies that can be parsed did not have a limit.
By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
net/http now limits the number of cookies accepted to 3000, which can be adjusted using the httpcookiemaxnum GODEBUG option.
Thanks to jub0bs for reporting this issue.
This is CVE-2025-58186 and Go issue https://go.dev/issue/75672.
- crypto/x509: panic when validating certificates with DSA public keys
Validating certificate chains which contain DSA public keys can cause programs
to panic, due to a interface cast that assumes they implement the Equal method.
This affects programs which validate arbitrary certificate chains.
Thanks to Jakub Ciolek for reporting this issue.
This is CVE-2025-58188 and Go issue https://go.dev/issue/75675.
- archive/tar: unbounded allocation when parsing GNU sparse map
tar.Reader did not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions could cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input could result in large allocations.
Thanks to Harshit Gupta (Mr HAX) - https://www.linkedin.com/in/iam-harshit-gupta/ for reporting this issue.
This is CVE-2025-58183 and Go issue https://go.dev/issue/75677.
- net/textproto: excessive CPU consumption in Reader.ReadResponse
The Reader.ReadResponse function constructed a response string through
repeated string concatenation of lines. When the number of lines in a response is large,
this could cause excessive CPU consumption.
Thanks to Jakub Ciolek for reporting this issue.
This is CVE-2025-61724 and Go issue https://go.dev/issue/75716.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit d7b4bb25bda9f86dc47bf5a8921ceb8b3a4a498c)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
The default gc policy calculations based on percentage were calculated
improperly. These were calculated correctly in buildkit, but the
calculation method was not copied over correctly when updating the
values.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
(cherry picked from commit 1a7d7cc015)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This change reworks the Go mod tidy/vendor checks to run for all tracked Go modules by the project and fail for any uncommitted changes.
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
(cherry picked from commit f6e1bf2808)
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
The image inspect response has various fields that were deprecated as
part of the legacy builder, or Dockerfile syntax;
- The `Parent` field is only used for the legacy builder, and only set for
images that are built locally (i.e., not persisted when pulling an image).
- The `DockerVersion` field is only set when building images with the legacy
builder, and empty in most cases.
This patch deprecates the fields in the `InspectResponse` go struct, as
these fields will no longer be set in future once the legacy builder is
removed (`Parent`, `DockerVersion`). The legacy builder's deprecation in
[cli@4d8e457] / [cli@fd22746] (docker 23.0, API v1.42), however the related
API fields were kept so that information of legacy images would not be
discarded.
The API continues to return these fields if set, allowing the client to
print the fields for informational purposes when printing the raw response,
but these fields should be considered "transitional", and not be depended
on; deprecating the fields helps raise awareness.
[cli@4d8e457]: 4d8e45782b
[cli@fd22746]: fd2274692f
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bd8a99b400)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `VirtualSize` field was deprecated in [moby@1261fe6], and omitted / removed
in API v1.44 in [moby@913b0f5]. We should not document the field as part of
those API versions as it no longer exists for those.
[moby@1261fe6]: 1261fe69a3
[moby@913b0f5]: 913b0f51ca
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 51cbd2ed16)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Starting with kernel v6.12, kernel memory TCP accounting is deprecated for cgroups v1.
Note: kernel memory TCP accounting is not supported by cgroups v2.
See d046ff46ee
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
(cherry picked from commit fb2f8115c8)
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit 380ded6 restored a now-unused endpoint count to the
store, so that when the daemon is downgraded it exists for
the old code to find.
But, on network deletion, the endpoint count was not loaded
from the store - so the delete code saw the wrong "index",
and logged a warning before deleting it anyway.
Use DeleteObject instead of DeleteObjectAtomic, so the old
index isn't checked.
Signed-off-by: Rob Murray <rob.murray@docker.com>
(cherry picked from commit 94bcf89412)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This field was no longer used since Docker 1.11 (API version 1.23)
through [moby@aee260d] and [engine-api@9a9e468] but kept and deprecated
in [engine-api@167efc7], however the docs still used it in an example.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 08d014cac8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fixes a bug where no checkpoints would produce a `null` response
instead of an empty array:
```
$ docker run -d --name foo nginx:alpine
17fbeff7185733f101c38cb8208359dd0ef141116a1345da2d3c3f58c11f3e14
$ curl --unix-socket /var/run/docker.sock http://local/containers/foo/checkpoints
null
```
With this patch, this becomes:
```
$ curl --unix-socket /var/run/docker.sock http://local/containers/foo/checkpoints
[]
```
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 646e068cf1)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
The `BridgeNfIptables` and `BridgeNfIp6tables` were removed in API v1.50
in commit 6505d3877c, and only returned in
lower API versions.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0fb46d08ad)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
