dependabot[bot]
23a2964eef
Bump github.com/docker/docker from 20.10.23+incompatible to 23.0.4+incompatible ( #11259 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from
20.10.23+incompatible to 23.0.4+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases ">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v23.0.4</h2>
<h2>23.0.4</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/milestone/77?closed=1 ">docker/cli,
23.0.4 milestone</a></li>
<li><a
href="https://github.com/moby/moby/milestone/117?closed=1 ">moby/moby,
23.0.4 milestone</a></li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>Fix a performance regression in Docker CLI 23.0.0 <a
href="https://redirect.github.com/docker/cli/pull/4141 ">docker/cli#4141</a>.</li>
<li>Fix progress indicator on <code>docker cp</code> not functioning as
intended <a
href="https://redirect.github.com/docker/cli/pull/4157 ">docker/cli#4157</a>.</li>
<li>Fix shell completion for <code>docker compose --file</code> <a
href="https://redirect.github.com/docker/cli/pull/4177 ">docker/cli#4177</a>.</li>
<li>Fix an error caused by incorrect handling of
"default-address-pools" in <code>daemon.json</code> <a
href="https://redirect.github.com/moby/moby/pull/45246 ">moby/moby#45246</a>.</li>
</ul>
<h3>Packaging Updates</h3>
<ul>
<li>Fix missing packages for CentOS 9 Stream.</li>
<li>Upgrade Go to <code>1.19.8</code>. <a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/878 ">docker/docker-ce-packaging#878</a>,
<a
href="https://redirect.github.com/docker/cli/pull/4164 ">docker/cli#4164</a>,
<a
href="https://redirect.github.com/moby/moby/pull/45277 ">moby/moby#45277</a>,
which contains fixes for <a
href="https://github.com/advisories/GHSA-fp86-2355-v99r ">CVE-2023-24537</a>,
<a
href="https://github.com/advisories/GHSA-v4m2-x4rp-hv22 ">CVE-2023-24538</a>,
<a
href="https://github.com/advisories/GHSA-8v5j-pwr7-w5f8 ">CVE-2023-24534</a>,
and <a
href="https://github.com/advisories/GHSA-9f7g-gqwh-jpf5 ">CVE-2023-24536</a></li>
</ul>
<h2>v23.0.3</h2>
<h2>23.0.3</h2>
<blockquote>
<p><strong>Note</strong></p>
<p>Due to an issue with CentOS 9 Stream's package repositories, packages
for
CentOS 9 are currently unavailable. Packages for CentOS 9 may be added
later,
or as part of the next (23.0.4) patch release.</p>
</blockquote>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>Fixed a number of issues that can cause Swarm encrypted overlay
networks
to fail to uphold their guarantees, addressing <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28841 ">CVE-2023-28841</a>,
<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840 ">CVE-2023-28840</a>,
and
<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842 ">CVE-2023-28842</a>.
<ul>
<li>A lack of kernel support for encrypted overlay networks now reports
as an error.</li>
<li>Encrypted overlay networks are eagerly set up, rather than waiting
for
multiple nodes to attach.</li>
<li>Encrypted overlay networks are now usable on Red Hat Enterprise
Linux 9
through the use of the <code>xt_bpf</code> kernel module.</li>
<li>Users of Swarm overlay networks should review <a
href="https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw ">GHSA-vwm3-crmr-xfxw</a>
to ensure that unintentional exposure has not occurred.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cbce331930https://redirect.github.com/docker/docker/issues/45330 ">#45330</a>
from kevingentile/buildkit-3770</li>
<li><a
href="5f684cb072https://redirect.github.com/docker/docker/issues/45331 ">#45331</a>
from thaJeztah/23.0_backport_rootless_script_bugs</li>
<li><a
href="3731ce10d423774ada0490e8a0bbf5https://redirect.github.com/docker/docker/issues/45323 ">#45323</a>
from thaJeztah/23.0_backport_vendor_sctp</li>
<li><a
href="9277e64444cdb6200887https://redirect.github.com/docker/docker/issues/45293 ">#45293</a>
from AkihiroSuda/backport-45283-23</li>
<li><a
href="09fbbd56774ca4705bf7https://redirect.github.com/docker/docker/issues/45277 ">#45277</a>
from thaJeztah/23.0_bump_go1.19.8</li>
<li><a
href="d3e52936c3https://github.com/docker/docker/compare/v20.10.23...v23.0.4 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2023-04-21 14:53:55 -07:00
Lucas Manuel Rodriguez
1f97514200
Only set public IPs on host.public_ip and add docs ( #9900 )
...
#9857
The "Public IP address" field is sometimes set to a "Private IP" on the
following types of Fleet deployments:
- Local deployments.
- Deployments where Fleet is on a private network.
- Deployments where an agent connects to Fleet not via the public
internet.
This PR will prevent a private IP to be set on the `host.public_ip`
field.
And this PR also adds documentation on how Fleet deduces the public IPs
of the devices so that a user can make the changes to fix this.
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files )
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- ~[ ] Added/updated tests~
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-02-17 13:00:56 -03:00
