diff --git a/Dockerfile b/Dockerfile
index cfe29a65fbf6..c7e22db80cc7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@
 # check=skip=InvalidBaseImagePlatform
 
 ARG ALPINE_VERSION=3.21
-ARG GO_VERSION=1.23
+ARG GO_VERSION=1.23.8
 ARG HTMLTEST_VERSION=0.17.0
 ARG HUGO_VERSION=0.141.0
 ARG NODE_VERSION=22
diff --git a/_vendor/modules.txt b/_vendor/modules.txt
index add37c275805..a945859abb37 100644
--- a/_vendor/modules.txt
+++ b/_vendor/modules.txt
@@ -1,6 +1,6 @@
 # github.com/moby/moby v28.0.2+incompatible
-# github.com/moby/buildkit v0.20.1
-# github.com/docker/buildx v0.22.0
+# github.com/moby/buildkit v0.21.0
+# github.com/docker/buildx v0.23.0
 # github.com/docker/cli v28.0.4+incompatible
 # github.com/docker/compose/v2 v2.35.0
 # github.com/docker/scout-cli v1.15.0
diff --git a/content/manuals/build/buildkit/dockerfile-release-notes.md b/content/manuals/build/buildkit/dockerfile-release-notes.md
index 6aada35dcd6a..35e5a586b04c 100644
--- a/content/manuals/build/buildkit/dockerfile-release-notes.md
+++ b/content/manuals/build/buildkit/dockerfile-release-notes.md
@@ -13,6 +13,37 @@ issues, and bug fixes in [Dockerfile reference](/reference/dockerfile.md).
 
 For usage, see the [Dockerfile frontend syntax](frontend.md) page.
 
+## 1.15.0
+
+{{< release-date date="2025-04-15" >}}
+
+The full release note for this release is available
+[on GitHub](https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.15.0).
+
+```dockerfile
+# syntax=docker/dockerfile:1.15.0
+```
+
+- Build error for invalid target now shows suggestions for correct possible names. [moby/buildkit#5851](https://github.com/moby/buildkit/pull/5851)
+- Fix SBOM attestation producing error for Windows targets. [moby/buildkit#5837](https://github.com/moby/buildkit/pull/5837)
+- Fix recursive `ARG` producing an infinite loop when processing an outline request. [moby/buildkit#5823](https://github.com/moby/buildkit/pull/5823)
+- Fix parsing syntax directive from JSON that would fail if the JSON had other datatypes than strings. [moby/buildkit#5815](https://github.com/moby/buildkit/pull/5815)
+- Fix platform in image config being in unnormalized form (regression from 1.12). [moby/buildkit#5776](https://github.com/moby/buildkit/pull/5776)
+- Fix copying into destination directory when directory is not present with WCOW. [moby/buildkit#5249](https://github.com/moby/buildkit/pull/5249)
+
+## 1.14.1
+
+{{< release-date date="2025-03-05" >}}
+
+The full release note for this release is available
+[on GitHub](https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.14.1).
+
+```dockerfile
+# syntax=docker/dockerfile:1.14.1
+```
+
+- Normalize platform in image config. [moby/buildkit#5776](https://github.com/moby/buildkit/pull/5776)
+
 ## 1.14.0
 
 {{< release-date date="2025-02-19" >}}
diff --git a/content/manuals/build/release-notes.md b/content/manuals/build/release-notes.md
index 978cf201ca49..14a60eef2e79 100644
--- a/content/manuals/build/release-notes.md
+++ b/content/manuals/build/release-notes.md
@@ -10,6 +10,54 @@ toc_max: 2
 This page contains information about the new features, improvements, and bug
 fixes in [Docker Buildx](https://github.com/docker/buildx).
 
+## 0.23.0
+
+{{< release-date date="2025-04-15" >}}
+
+The full release note for this release is available
+[on GitHub](https://github.com/docker/buildx/releases/tag/v0.23.0).
+
+### New
+
+- New `buildx history export` command allows exporting the build record into a bundle that can be imported to [Docker Desktop](/desktop/). [docker/buildx#3073](https://github.com/docker/buildx/pull/3073)
+
+### Enhancements
+
+- New `--local` and `--filter` flags allow filtering history records in `buildx history ls`. [docker/buildx#3091](https://github.com/docker/buildx/pull/3091)
+- Compose compatibility has been updated to v2.6.0. [docker/buildx#3080](https://github.com/docker/buildx/pull/3080), [docker/buildx#3105](https://github.com/docker/buildx/pull/3105)
+- Support CLI environment variables in standalone mode. [docker/buildx#3087](https://github.com/docker/buildx/pull/3087)
+
+### Bug fixes
+
+- Fix `--print` output for Bake producing output with unescaped variables that could cause build errors later. [docker/buildx#3097](https://github.com/docker/buildx/pull/3097)
+- Fix `additional_contexts` field not working correctly when pointing to another service. [docker/buildx#3090](https://github.com/docker/buildx/pull/3090)
+- Fix empty validation block crashing the Bake HCL parser. [docker/buildx#3101](https://github.com/docker/buildx/pull/3101)
+
+## 0.22.0
+
+{{< release-date date="2025-03-18" >}}
+
+The full release note for this release is available
+[on GitHub](https://github.com/docker/buildx/releases/tag/v0.22.0).
+
+### New
+
+- New command `buildx history import` lets you import build records into Docker Desktop for further debugging in the [Build UI](/desktop/use-desktop/builds/). This command requires [Docker Desktop](/desktop/) to be installed. [docker/buildx#3039](https://github.com/docker/buildx/pull/3039)
+
+### Enhancements
+
+- History records can now be opened by offset from the latest in `history inspect`, `history logs` and `history open` commands (e.g. `^1`). [docker/buildx#3049](https://github.com/docker/buildx/pull/3049), [docker/buildx#3055](https://github.com/docker/buildx/pull/3055)
+- Bake now supports the `+=` operator to append when using `--set` for overrides. [docker/buildx#3031](https://github.com/docker/buildx/pull/3031)
+- Docker container driver adds GPU devices to the container if available. [docker/buildx#3063](https://github.com/docker/buildx/pull/3063)
+- Annotations can now be set when using overrides with Bake. [docker/buildx#2997](https://github.com/docker/buildx/pull/2997)
+- NetBSD binaries are now included in the release. [docker/buildx#2901](https://github.com/docker/buildx/pull/2901)
+- The `inspect` and `create` commands now return an error if a node fails to boot. [docker/buildx#3062](https://github.com/docker/buildx/pull/3062)
+
+### Bug fixes
+
+- Fix double pushing with Docker driver when the containerd image store is enabled. [docker/buildx#3023](https://github.com/docker/buildx/pull/3023)
+- Fix multiple tags being pushed for `imagetools create` command. Now only the final manifest pushes by tag. [docker/buildx#3024](https://github.com/docker/buildx/pull/3024)
+
 ## 0.21.0
 
 {{< release-date date="2025-02-19" >}}
diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md
index 3fdcf7b0054d..9b61004cf50f 100644
--- a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md
+++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md
@@ -182,7 +182,7 @@ The following `admin-settings.json` code and table provides an example of the re
 }
 ```
 
-### General 
+### General
 
 |Parameter|OS|Description|Version|
 |:-------------------------------|---|:-------------------------------|---|
@@ -195,7 +195,7 @@ The following `admin-settings.json` code and table provides an example of the re
 | `desktopTerminalEnabled` |  | If `value` is set to `false`, developers cannot use the Docker terminal to interact with the host machine and execute commands directly from Docker Desktop. |  |
 |`exposeDockerAPIOnTCP2375`| Windows only| Exposes the Docker API on a specified port. If `value` is set to true, the Docker API is exposed on port 2375. Note: This is unauthenticated and should only be enabled if protected by suitable firewall rules.|  |
 
-### File sharing and emulation 
+### File sharing and emulation
 
 |Parameter|OS|Description|Version|
 |:-------------------------------|---|:-------------------------------|---|
@@ -241,7 +241,7 @@ The following `admin-settings.json` code and table provides an example of the re
 | &nbsp; &nbsp; &nbsp; &nbsp;`dockerDaemonOptions` |  | Overrides the options in the Linux daemon config file. See the [Docker Engine reference](/reference/cli/dockerd/#daemon-configuration-file).|  |
 
 > [!NOTE]
-> 
+>
 > This setting is not available to configure via the Docker Admin Console.
 
 ### Kubernetes
@@ -250,7 +250,16 @@ The following `admin-settings.json` code and table provides an example of the re
 |:-------------------------------|---|:-------------------------------|---|
 |`kubernetes`|  | If `enabled` is set to true, a Kubernetes single-node cluster is started when Docker Desktop starts. If `showSystemContainers` is set to true, Kubernetes containers are displayed in the Docker Desktop Dashboard and when you run `docker ps`.  `imagesRepository` lets you specify which repository Docker Desktop pulls the Kubernetes images from. For example, `"imagesRepository": "registry-1.docker.io/docker"`.  |  |
 
-### Features in development 
+> [!NOTE]
+>
+> When using the `imagesRepository` setting and Enhanced Container Isolation (ECI), add the following images to the [ECI Docker socket mount image list](#enhanced-container-isolation):
+>
+> `<custom-image-repo>/desktop-cloud-provider-kind:*`
+> `<custom-image-repo>/desktop-containerd-registry-mirror:*`
+>
+> These containers mount the Docker socket, so you must add the images to the ECI images list. If not, ECI will block the mount and Kubernetes won't start.
+
+### Features in development
 
 |Parameter|OS|Description|Version|
 |:-------------------------------|---|:-------------------------------|---|
@@ -258,7 +267,7 @@ The following `admin-settings.json` code and table provides an example of the re
 | `allowBetaFeatures`| | If `value` is set to `false`, beta features are disabled.|  |
 | `enableDockerAI` | | If `value` is set to `false`, Docker AI (Ask Gordon) features are disabled. |  |
 
-### Enhanced Container Isolation 
+### Enhanced Container Isolation
 
 |Parameter|OS|Description|Version|
 |:-------------------------------|---|:-------------------------------|---|
@@ -282,4 +291,4 @@ For settings to take effect:
 
 So as not to disrupt your developers' workflow, Docker doesn't automatically mandate that developers re-launch and re-authenticate once a change has been made.
 
-In Docker Desktop, developers see the relevant settings grayed out.
\ No newline at end of file
+In Docker Desktop, developers see the relevant settings grayed out.
diff --git a/content/reference/cli/docker/buildx/history/export.md b/content/reference/cli/docker/buildx/history/export.md
new file mode 100644
index 000000000000..6f38ca206415
--- /dev/null
+++ b/content/reference/cli/docker/buildx/history/export.md
@@ -0,0 +1,16 @@
+---
+datafolder: buildx
+datafile: docker_buildx_history_export
+title: docker buildx history export
+layout: cli
+aliases:
+- /engine/reference/commandline/buildx_history_export/
+---
+
+<!--
+This page is automatically generated from Docker's source code. If you want to
+suggest a change to the text that appears here, open a ticket or pull request
+in the source repository on GitHub:
+
+https://github.com/docker/buildx
+-->
diff --git a/data/buildx/docker_buildx_build.yaml b/data/buildx/docker_buildx_build.yaml
index d92407407222..57a0d8cbfeac 100644
--- a/data/buildx/docker_buildx_build.yaml
+++ b/data/buildx/docker_buildx_build.yaml
@@ -1433,7 +1433,7 @@ examples: |-
     ###### `type=file` usage
 
     In the following example, `type=file` is automatically detected because no
-    environment variable mathing `aws` (the ID) is set.
+    environment variable matching `aws` (the ID) is set.
 
     ```console
     $ docker buildx build --secret id=aws,src=$HOME/.aws/credentials .
diff --git a/data/buildx/docker_buildx_history.yaml b/data/buildx/docker_buildx_history.yaml
index e563d56c7bea..cc77851b07e4 100644
--- a/data/buildx/docker_buildx_history.yaml
+++ b/data/buildx/docker_buildx_history.yaml
@@ -5,6 +5,7 @@ usage: docker buildx history
 pname: docker buildx
 plink: docker_buildx.yaml
 cname:
+    - docker buildx history export
     - docker buildx history import
     - docker buildx history inspect
     - docker buildx history logs
@@ -13,6 +14,7 @@ cname:
     - docker buildx history rm
     - docker buildx history trace
 clink:
+    - docker_buildx_history_export.yaml
     - docker_buildx_history_import.yaml
     - docker_buildx_history_inspect.yaml
     - docker_buildx_history_logs.yaml
diff --git a/data/buildx/docker_buildx_history_export.yaml b/data/buildx/docker_buildx_history_export.yaml
new file mode 100644
index 000000000000..e70b8f8fba95
--- /dev/null
+++ b/data/buildx/docker_buildx_history_export.yaml
@@ -0,0 +1,55 @@
+command: docker buildx history export
+short: Export a build into Docker Desktop bundle
+long: Export a build into Docker Desktop bundle
+usage: docker buildx history export [OPTIONS] [REF]
+pname: docker buildx history
+plink: docker_buildx_history.yaml
+options:
+    - option: all
+      value_type: bool
+      default_value: "false"
+      description: Export all records for the builder
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
+    - option: output
+      shorthand: o
+      value_type: string
+      description: Output file path
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
+inherited_options:
+    - option: builder
+      value_type: string
+      description: Override the configured builder instance
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
+    - option: debug
+      shorthand: D
+      value_type: bool
+      default_value: "false"
+      description: Enable debug logging
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
+deprecated: false
+hidden: false
+experimental: false
+experimentalcli: false
+kubernetes: false
+swarm: false
+
diff --git a/data/buildx/docker_buildx_history_ls.yaml b/data/buildx/docker_buildx_history_ls.yaml
index a1bdf1833ee1..ab7a3abbb3b1 100644
--- a/data/buildx/docker_buildx_history_ls.yaml
+++ b/data/buildx/docker_buildx_history_ls.yaml
@@ -5,6 +5,16 @@ usage: docker buildx history ls
 pname: docker buildx history
 plink: docker_buildx_history.yaml
 options:
+    - option: filter
+      value_type: stringArray
+      default_value: '[]'
+      description: Provide filter values (e.g., `status=error`)
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
     - option: format
       value_type: string
       default_value: table
@@ -15,6 +25,16 @@ options:
       experimentalcli: false
       kubernetes: false
       swarm: false
+    - option: local
+      value_type: bool
+      default_value: "false"
+      description: List records for current repository only
+      deprecated: false
+      hidden: false
+      experimental: false
+      experimentalcli: false
+      kubernetes: false
+      swarm: false
     - option: no-trunc
       value_type: bool
       default_value: "false"
diff --git a/go.mod b/go.mod
index 7bb751dbd1d1..b19b80e56f8d 100644
--- a/go.mod
+++ b/go.mod
@@ -5,16 +5,16 @@ go 1.23.8
 toolchain go1.24.1
 
 require (
-	github.com/docker/buildx v0.22.0 // indirect
+	github.com/docker/buildx v0.23.0 // indirect
 	github.com/docker/cli v28.0.4+incompatible // indirect
 	github.com/docker/compose/v2 v2.35.0 // indirect
 	github.com/docker/scout-cli v1.15.0 // indirect
-	github.com/moby/buildkit v0.20.1 // indirect
+	github.com/moby/buildkit v0.21.0 // indirect
 	github.com/moby/moby v28.0.2+incompatible // indirect
 )
 
 replace (
-	github.com/docker/buildx => github.com/docker/buildx v0.22.0
+	github.com/docker/buildx => github.com/docker/buildx v0.23.0
 	github.com/docker/cli => github.com/docker/cli v28.0.2+incompatible
 	github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.35.0
 	github.com/docker/scout-cli => github.com/docker/scout-cli v1.15.0
diff --git a/go.sum b/go.sum
index a5d17463c694..4c52ab50f7f1 100644
--- a/go.sum
+++ b/go.sum
@@ -102,6 +102,8 @@ github.com/docker/buildx v0.21.3 h1:LEmhk3D9WOboMeC+hlfOUnB1jylXcDfGHjqAL7Tvwks=
 github.com/docker/buildx v0.21.3/go.mod h1:8V4UMnlKsaGYwz83BygmIbJIFEAYGHT6KAv8akDZmqo=
 github.com/docker/buildx v0.22.0 h1:pGTcGZa+kxpYUlM/6ACsp1hXhkEDulz++RNXPdE8Afk=
 github.com/docker/buildx v0.22.0/go.mod h1:ThbnUe4kNiStlq6cLXruElyEdSTdPL3k/QerNUmPvHE=
+github.com/docker/buildx v0.23.0 h1:qoYhuWyZ6PVCrWbkxClLzBWDBCUkyFK6Chjzg6nU+V8=
+github.com/docker/buildx v0.23.0/go.mod h1:y/6Zf/y3Bf0zTWqgg8PuNFATcqnuhFmQuNf4VyrnPtg=
 github.com/docker/cli v24.0.2+incompatible h1:QdqR7znue1mtkXIJ+ruQMGQhpw2JzMJLRXp6zpzF6tM=
 github.com/docker/cli v24.0.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/cli v24.0.4+incompatible h1:Y3bYF9ekNTm2VFz5U/0BlMdJy73D+Y1iAAZ8l63Ydzw=