This release is a security release with security fixes in the CLI, runtime, as
well as updated versions of the containerd.io package and the Go runtime.
Client
- CVE-2021-41092
Ensure default auth config has address field set, to prevent credentials being
sent to the default registry.
Runtime
- CVE-2021-41089
Create parent directories inside a chroot duringdocker cp
to prevent a specially
crafted container from changing permissions of existing files in the host’s filesystem. - CVE-2021-41091
Lock down file permissions to prevent unprivileged users from discovering and
executing programs in/var/lib/docker
.
Packaging
- Update Golang runtime to Go 1.16.8, which contains fixes for CVE-2021-36221
and CVE-2021-39293 - Update static binaries and containerd.io rpm and deb packages to containerd
v1.4.11 and runc v1.0.2 to address CVE-2021-41103. - Update the bundled buildx version to v0.6.3 for rpm and deb packages.
Assets 2
转自 https://github.com/moby/moby/releases/tag/v20.10.9