Skip to content

v0.10.5
Compare
Choose a tag to compare
@github-actions github-actions released this 18 Oct 20:09
· 3967 commits to master since this release
v0.10.5
bc26045
This commit was signed with the committer’s verified signature. The key has expired.
tonistiigi Tõnis Tiigi
GPG key ID: AFA9DE5F8AB7AF39
Expired
Verified
Learn about vigilant mode.

https://hub.docker.com/r/moby/buildkit

Notable changes:

This release contains two security fixes.

  • Provide mitigation for Git vulnerability CVE-2022-39253. In systems with Git version lower than 2.38.1 invoking a build of a maliciously crafted Git repository with BUILDKIT_CONTEXT_KEEP_GIT_DIR=1 build-arg could lead to copying arbitrary file system paths into resulting containers/images.
  • Add additional validation when loading content for image@digest references from the local build cache. The new validation makes sure that the same repository name populated the local data and invalid name and digest combinations are detected.
Assets 12
Loading