Skip to content

v1.0.0-rc.2

Pre-release
Pre-release

Choose a tag to compare

View all tags
@github-actions github-actions released this 17 May 00:55
· 103 commits to main since this release
v1.0.0-rc.2
a440662
sockguard

sockguard is a default-deny Docker socket proxy written in Go. It filters every request by HTTP method, path, and request body — so a compromised API consumer can't escalate through the socket.

sockguard v1.0.0-rc.2 — release candidate 2

⚠️ Pre-release. This is the candidate that froze the v1.0 proxy contract on 2026-05-16. For production use the stable v1.0.0.

⚠️ Breaking change

A non-loopback plaintext TCP listener now requires two insecure acknowledgments instead of one: listen.insecure_allow_plain_tcp (unencrypted transport) and the new listen.insecure_allow_unauthenticated_clients (any host that can reach the port can impersonate a client). One flag without the other is rejected at config validation, so the dangerous mode can't be reached by a single fat-fingered flag. The same applies to admin.listen.*. Existing plaintext non-loopback TCP configs must add insecure_allow_unauthenticated_clients: true (env: SOCKGUARD_LISTEN_INSECURE_ALLOW_UNAUTHENTICATED_CLIENTS).

🔄 Changed

  • request_body.exec.allowed_commands entries are now glob-matched argv templates instead of exact strings. Each token follows the same dialect as path rules (* matches a run of non-slash characters, ** matches any sequence), so an operator can allowlist an exec whose argv carries a variable run ID, timestamp, or generated path — e.g. ["drydock", "finalize", "*"] — without enumerating every literal form. Tokens with no glob metacharacters keep matching exactly as before.
  • A rule whose match.path contains a literal % is now a config-validation error instead of a startup warning — sockguard percent-decodes paths before matching, so such a pattern can never fire, and a silently dead rule is a security-intent gap.

🐛 Fixed

  • Oversized request bodies on the exec, plugin, and swarm inspectors now return 413 Request Entity Too Large instead of 403. All body inspectors now share one size-rejection contract.

🔒 Security

Hardening from the 2026-05-16 branch review:

  • The visibility pattern-filter response buffer (GET /containers/json, /images/json with response.name_patterns / image_patterns) is now capped at 8 MiB — a larger upstream response is rejected with 502 instead of being buffered unbounded, closing an out-of-memory DoS.
  • The visibility middleware now honors rollout mode — an invisible single-resource inspect under mode: warn / audit is forwarded with a would_deny verdict instead of a hard 404, so operators can measure visibility-policy impact before enforcing.
  • The reverse-proxy and side-channel transports now set ResponseHeaderTimeout: 30s — a Docker daemon that accepts a connection but never sends headers can no longer pin a goroutine indefinitely.

📥 Install

docker pull ghcr.io/codeswhat/sockguard:1.0.0-rc.2

📦 ghcr.io/codeswhat/sockguard:1.0.0-rc.2 · 📖 Documentation · 🔎 Full diff

Assets 13
Loading