The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
Find a file
Sebastiaan van Stijn b7c5385b81
update to go1.20.7
Includes a fix for CVE-2023-29409

go1.20.7 (released 2023-08-01) includes a security fix to the crypto/tls
package, as well as bug fixes to the assembler and the compiler. See the
Go 1.20.7 milestone on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.20.7+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.20.6...go1.20.7

From the mailing list announcement:

[security] Go 1.20.7 and Go 1.19.12 are released

Hello gophers,

We have just released Go versions 1.20.7 and 1.19.12, minor point releases.

These minor releases include 1 security fixes following the security policy:

- crypto/tls: restrict RSA keys in certificates to <= 8192 bits

  Extremely large RSA keys in certificate chains can cause a client/server
  to expend significant CPU time verifying signatures. Limit this by
  restricting the size of RSA keys transmitted during handshakes to <=
  8192 bits.

  Based on a survey of publicly trusted RSA keys, there are currently only
  three certificates in circulation with keys larger than this, and all
  three appear to be test certificates that are not actively deployed. It
  is possible there are larger keys in use in private PKIs, but we target
  the web PKI, so causing breakage here in the interests of increasing the
  default safety of users of crypto/tls seems reasonable.

  Thanks to Mateusz Poliwczak for reporting this issue.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.20.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d5cb7cdeae)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-01 23:47:48 +02:00
.github update to go1.20.7 2023-08-01 23:47:48 +02:00
api api/types/filters: fix errors not being matched by errors.Is() 2023-07-29 16:25:07 +02:00
builder vendor: github.com/moby/buildkit v0.11.7-dev 2023-07-24 16:14:03 +02:00
cli cli/debug: use string-literals for easier grep'ing 2023-07-15 00:49:55 +02:00
client client: Client.postHijacked: use Client.buildRequest 2023-07-17 09:41:41 +02:00
cmd build: use daemon id as worker id for the graph driver controller 2023-05-18 22:29:45 +02:00
container container: split security options to a SecurityOptions struct 2023-04-29 00:03:37 +02:00
contrib Remove Upstart scripts 2023-07-21 11:00:50 -06:00
daemon Merge pull request #46095 from vvoland/c8d-refreshimage-refactor-24 2023-07-28 13:11:43 +02:00
distribution fixing consistent aliases for OCI spec imports 2023-06-01 17:22:49 +02:00
dockerversion dockerversion: DockerUserAgent(): allow custom versions to be passed 2023-06-02 11:41:09 +02:00
docs Merge pull request #45869 from thaJeztah/24.0_backport_docs_plugin_disable_force_carry 2023-07-02 23:02:35 +02:00
errdefs errdefs: FromStatusCode() don't log "FIXME" debug message 2022-12-20 16:03:46 +01:00
hack Merge pull request #46120 from thaJeztah/24.0_backport_bump_gotest_tools 2023-08-01 16:27:57 +02:00
image docs: fix JSON format error 2023-02-03 08:16:48 +00:00
integration c8d/resolveImage: Fix Digested and Named reference 2023-07-18 18:02:36 +02:00
integration-cli integration-cli: use string-literals for easier grep'ing 2023-07-15 00:49:35 +02:00
internal Add reusable chroot and unshare utilities 2022-10-26 12:06:31 -04:00
layer layer: NewStoreFromOptions(): include driver-name in error message 2023-03-06 13:06:16 +01:00
libcontainerd daemon: stop setting container resources to zero 2023-06-21 22:16:22 +02:00
libnetwork libnetwork: use string-literals for easier grep'ing 2023-07-15 00:50:47 +02:00
oci daemon: ensure OCI options play nicely together 2023-06-21 22:16:28 +02:00
opts opts: use string-literals for easier grep'ing 2023-07-15 00:51:09 +02:00
pkg pkg/jsonmessage: use string-literals for easier grep'ing 2023-07-15 00:51:38 +02:00
plugin fixing consistent aliases for OCI spec imports 2023-06-01 17:22:49 +02:00
profiles seccomp: add name_to_handle_at to allowlist 2023-06-28 05:46:56 -06:00
project daemon: remove deprecated AuFS storage driver 2023-04-15 01:27:16 +02:00
quota quota: remove gotest.tools from testhelpers 2023-07-17 23:12:28 +02:00
reference reference: add test-coverage for digested references 2023-03-06 13:01:35 +01:00
registry registry/search: pass User-Agent through headers 2023-03-21 14:41:29 +01:00
reports Fix typos 2018-05-16 09:15:43 +08:00
restartmanager restartmanager: remove RestartManager interface 2022-12-28 09:36:58 +01:00
runconfig api/server: allow empty body for POST /commit again 2023-05-18 16:06:57 -04:00
testutil testutil: use dummyhost for non-tcp connections 2023-07-14 20:36:52 +02:00
vendor vendor: gotest.tools/v3 v3.5.0 2023-07-29 20:53:54 +02:00
volume Restore active mount counts on live-restore 2023-06-28 09:45:07 +02:00
.dockerignore ignorefiles: cleanup 2022-11-21 18:43:42 -07:00
.gitattributes chore: fix linguist for Dockerfile 2022-04-27 06:38:41 +02:00
.gitignore hack: introduce validate/no-module 2022-12-12 18:39:06 -07:00
.mailmap .mailmap: cleanup and additions 2022-11-30 12:05:31 +01:00
AUTHORS regenerate AUTHORS 2023-03-06 17:11:00 +01:00
codecov.yml codecov: disable "patch" status 2022-06-07 17:24:46 +02:00
CONTRIBUTING.md CONTRIBUTING.md: drop reference to the Derek GitHub bot 2023-01-10 15:42:09 -07:00
docker-bake.hcl Dockerfile: use default apt mirrors 2023-07-17 11:23:05 -06:00
Dockerfile update to go1.20.7 2023-08-01 23:47:48 +02:00
Dockerfile.e2e hack: Rename .ensure-emptyfs to .build-empty-images 2023-05-25 09:48:58 +02:00
Dockerfile.simple update to go1.20.7 2023-08-01 23:47:48 +02:00
Dockerfile.windows update to go1.20.7 2023-08-01 23:47:48 +02:00
Jenkinsfile Dockerfile: use default apt mirrors 2023-07-17 11:23:05 -06:00
LICENSE Update LICENSE 2018-09-12 14:27:53 +01:00
MAINTAINERS Add akerouanton as curator 2023-03-28 11:01:28 +02:00
Makefile hack/integration: Add TEST_INTEGRATION_FAIL_FAST 2023-07-24 17:05:44 +02:00
NOTICE switch kr/pty to creack/pty v1.1.7 2019-07-29 16:59:08 -07:00
README.md Fix grammar in README.md 2022-11-10 19:49:41 +00:00
ROADMAP.md Fix some typos in ROADMAP.md 2019-01-25 14:27:13 +08:00
SECURITY.md Update SECURITY.md to have an option to keep name anonymous if requested. 2019-06-18 16:37:16 +00:00
TESTING.md TESTING.md: note that integration-cli is deprecated 2020-12-18 07:51:46 +01:00
vendor.mod vendor: gotest.tools/v3 v3.5.0 2023-07-29 20:53:54 +02:00
vendor.sum vendor: gotest.tools/v3 v3.5.0 2023-07-29 20:53:54 +02:00
VENDORING.md fix the bare url and the Summary of http://semver.org 2017-01-17 16:20:11 +08:00

The Moby Project

Moby Project logo

Moby is an open-source project created by Docker to enable and accelerate software containerization.

It provides a "Lego set" of toolkit components, the framework for assembling them into custom container-based systems, and a place for all container enthusiasts and professionals to experiment and exchange ideas. Components include container build tools, a container registry, orchestration tools, a runtime and more, and these can be used as building blocks in conjunction with other tools and projects.

Principles

Moby is an open project guided by strong principles, aiming to be modular, flexible and without too strong an opinion on user experience. It is open to the community to help set its direction.

  • Modular: the project includes lots of components that have well-defined functions and APIs that work together.
  • Batteries included but swappable: Moby includes enough components to build fully featured container systems, but its modular architecture ensures that most of the components can be swapped by different implementations.
  • Usable security: Moby provides secure defaults without compromising usability.
  • Developer focused: The APIs are intended to be functional and useful to build powerful tools. They are not necessarily intended as end user tools but as components aimed at developers. Documentation and UX is aimed at developers not end users.

Audience

The Moby Project is intended for engineers, integrators and enthusiasts looking to modify, hack, fix, experiment, invent and build systems based on containers. It is not for people looking for a commercially supported system, but for people who want to work and learn with open source code.

Relationship with Docker

The components and tools in the Moby Project are initially the open source components that Docker and the community have built for the Docker Project. New projects can be added if they fit with the community goals. Docker is committed to using Moby as the upstream for the Docker Product. However, other projects are also encouraged to use Moby as an upstream, and to reuse the components in diverse ways, and all these uses will be treated in the same way. External maintainers and contributors are welcomed.

The Moby project is not intended as a location for support or feature requests for Docker products, but as a place for contributors to work on open source code, fix bugs, and make the code more useful. The releases are supported by the maintainers, community and users, on a best efforts basis only, and are not intended for customers who want enterprise or commercial support; Docker EE is the appropriate product for these use cases.


Legal

Brought to you courtesy of our legal counsel. For more context, please see the NOTICE document in this repo.

Use and transfer of Moby may be subject to certain restrictions by the United States and other governments.

It is your responsibility to ensure that your use and/or transfer does not violate applicable laws.

For more information, please see https://www.bis.doc.gov

Licensing

Moby is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.