mirror of https://github.com/docker/cli.git
6e20b9d93c
This includes 1 security fix:
- net/http: CrossOriginProtection bypass patterns are over-broad
When passing patterns to CrossOriginProtection.AddInsecureBypassPattern,
requests that would have redirected to those patterns (e.g. without a trailing
slash) were also exempted, which might be unexpected.
Thanks to Marco Gazerro for reporting this issue.
This is CVE-2025-47910 and Go issue https://go.dev/issue/75054.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.24.7
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| cli-plugins | ||
| container | ||
| context | ||
| global | ||
| image | ||
| internal/fixtures | ||
| plugin | ||
| registry | ||
| stack | ||
| system | ||
| testdata | ||
| testutils | ||
| trust | ||
| compose-env.connhelper-ssh.yaml | ||
| compose-env.yaml | ||