-
Notifications
You must be signed in to change notification settings - Fork 5.7k
Comparing changes
Open a pull request
base repository: docker/compose
base: v2.29.1
head repository: docker/compose
compare: v2.29.2
- 11 commits
- 10 files changed
- 5 contributors
Commits on Jul 25, 2024
-
go1.21.12 (released 2024-07-02) includes security fixes to the net/http package, as well as bug fixes to the compiler, the go command, the runtime, and the crypto/x509, net/http, net/netip, and os packages. See the Go 1.21.12 milestone on our issue tracker for details: - https://github.com/golang/go/issues?q=milestone%3AGo1.21.12+label%3ACherryPickApproved - full diff: golang/go@go1.21.11...go1.21.12 From the security mailing: > Hello gophers, > > We have just released Go versions 1.22.5 and 1.21.12, minor point releases. > > These minor releases include 1 security fixes following the security policy: > > * net/http: denial of service due to improper 100-continue handling > > The net/http HTTP/1.1 client mishandled the case where a server responds > to a request with an “Expect: 100-continue” header with a non-informational > (200 or higher) status. This mishandling could leave a client connection > in an invalid state, where the next request sent on the connection will fail. > > An attacker sending a request to a net/http/httputil.ReverseProxy proxy can > exploit this mishandling to cause a denial of service by sending > “Expect: 100-continue” requests which elicit a non-informational response > from the backend. Each such request leaves the proxy with an invalid connection, > and causes one subsequent request using that connection to fail. > > Thanks to Geoff Franks for reporting this issue. > > This is CVE-2024-24791 and Go issue https://go.dev/issue/67555. Signed-off-by: Sebastiaan van Stijn <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3f55382 - Browse repository at this point
Copy the full SHA 3f55382View commit details -
go.mod: golang.org/x/sys v0.22.0
full diff: golang/sys@v0.21.0...v0.22.0 Signed-off-by: Sebastiaan van Stijn <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c79f15d - Browse repository at this point
Copy the full SHA c79f15dView commit details -
gp.mod: github.com/gofrs/flock v0.12.1
- fix: missing read-write flag in reopenFDOnError fixes a regression that could result in a `ERROR: bad file descriptor`. gofrs/flock@b659e1e introduced a regression where `f.flag` would not be in read-write mode [1] but read-only [2] which breaks people using NFS protocol. [1]: gofrs/flock@b659e1e#diff-87c2c4fe0fb43f4b38b4bee45c1b54cfb694c61e311f93b369caa44f6c1323ffR192 [2]: gofrs/flock@b659e1e#diff-22145325dded38eb5288ed3321a113d8260ccc70747ee04d4551bfd2fba975fdR69 full diff: gofrs/flock@v0.12.0...v0.12.1 Signed-off-by: Sebastiaan van Stijn <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d851852 - Browse repository at this point
Copy the full SHA d851852View commit details -
remove all dependabot update PRs for OTel dependencies
Signed-off-by: Guillaume Lours <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for adba639 - Browse repository at this point
Copy the full SHA adba639View commit details -
bump engine and cli to v27.1.1, buildx to v0.16.1
Signed-off-by: Guillaume Lours <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b1850ea - Browse repository at this point
Copy the full SHA b1850eaView commit details -
Fix stop on file chane for sync-restart action
Signed-off-by: Joana Hrotko <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ea4ccf6 - Browse repository at this point
Copy the full SHA ea4ccf6View commit details
Commits on Aug 5, 2024
-
docs: Update docker compose kill usage
Signed-off-by: Jan Brasna <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1601ead - Browse repository at this point
Copy the full SHA 1601eadView commit details -
Removes redundant condition from toAPIBuildOptions in build.go
Signed-off-by: Mayank Kapur <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 69384a9 - Browse repository at this point
Copy the full SHA 69384a9View commit details
Commits on Aug 9, 2024
-
initial sync for root directory
Signed-off-by: Joana Hrotko <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 485c0eb - Browse repository at this point
Copy the full SHA 485c0ebView commit details -
initial sync files that modified after image creation
Signed-off-by: Joana Hrotko <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9c03797 - Browse repository at this point
Copy the full SHA 9c03797View commit details
Commits on Aug 14, 2024
-
Signed-off-by: Joana Hrotko <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2340367 - Browse repository at this point
Copy the full SHA 2340367View commit details
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v2.29.1...v2.29.2