Sourced from github.com/moby/buildkit's releases.

v0.28.1

Welcome to the v0.28.1 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• CrazyMax
• Sebastiaan van Stijn

Notable Changes

• Fix insufficient validation of Git URL #ref:subdir fragments that could allow access to restricted files outside the checked-out repository root. GHSA-4vrq-3vrq-g6gg
• Fix a vulnerability where an untrusted custom frontend could cause files to be written outside the BuildKit state directory. GHSA-4c29-8rgm-jvjj
• Fix a panic when processing invalid .dockerignore patterns during COPY. #6610 moby/patternmatcher#9

Dependency Changes

• github.com/moby/patternmatcher v0.6.0 -> v0.6.1

Previous release can be found at v0.28.0

v0.28.0

buildkit 0.28.0

Welcome to the v0.28.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

• Tõnis Tiigi
• CrazyMax
• Sebastiaan van Stijn
• Jonathan A. Sternberg
• Akihiro Suda
• Amr Mahdi
• Dan Duvall
• David Karlsson
• Jonas Geiler
• Kevin L.
• rsteube

... (truncated)

• 45b038c git: normalize and validate subdir paths
• f5462c2 git: harden ref arg handling
• 71577a5 source: extract SafeFileName into shared pathutil package
• df43783 source/http: use os.Root for saved file operations
• 9ce6f62 source/http: sanitize downloaded filenames
• 099cf80 executor: validate container IDs centrally
• 2642113 Merge pull request #6610 from thaJeztah/0.28_backport_bump_patternmatcher
• 802da78 vendor: github.com/moby/patternmatcher v0.6.1
• 5245d86 Merge pull request #6551 from tonistiigi/v0.28-cherry-picks
• 90ee5de vendor: update x/net to v0.51.0
• Additional commits viewable in compare view