- What I did: To address the issue related to potential credential leakage when specifying a registry URL without a hostname, I added validation checks for the registry URL's validity and the presence of a hostname when passing the registry address in the CLI.
- How I did it: As fixing the bug on the server side seemed unfeasible due to the data formation for client-side authentication, which results in passing an empty hostname string and attempting login to the default address with private credentials, I incorporated corresponding checks into the code.
- How to verify it: You can verify it by using the command docker login http:///path, which should output the following message: "Server address must include a hostname: ''".
- Description for the changelog:
Added validation checks for the registry URL's validity and the presence of a hostname when passing the registry address in the CLI to prevent potential credential leakage. [GitHub issue #47795](https://github.com/moby/moby/issues/47795)
- What I did: To address the issue related to potential credential leakage when specifying a registry URL without a hostname, I added validation checks for the registry URL's validity and the presence of a hostname when passing the registry address in the CLI.
- How I did it: As fixing the bug on the server side seemed unfeasible due to the data formation for client-side authentication, which results in passing an empty hostname string and attempting login to the default address with private credentials, I incorporated corresponding checks into the code.
- How to verify it: You can verify it by using the command
docker login http:///path
, which should output the following message: "Server address must include a hostname: ''".- Description for the changelog:
- Link to the relevant code snippet in Moby: Moby Code - registry/service.go#L55
fixes: https://github.com/moby/moby/issues/47795