From 474a9e2597c78eb7188f5772d7bd21011a75386d Mon Sep 17 00:00:00 2001
From: Vinayak Bhardwaj <vinayak.bhardwaj@harness.io>
Date: Wed, 11 Mar 2026 15:30:57 +0530
Subject: [PATCH] fix: [CI-21415]: remediate CVE-2025-15558 in plugins/buildx

Upgrade base image from docker:28.1.1-dind to docker:29.2.0-dind and
bundled buildx binary from v0.23.0 to v0.32.0 to resolve
CVE-2025-15558 (github.com/docker/cli privilege escalation on Windows,
fixed in docker/cli v29.2.0).

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
---
 docker/docker/Dockerfile.linux.amd64 | 4 ++--
 docker/docker/Dockerfile.linux.arm64 | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker/docker/Dockerfile.linux.amd64 b/docker/docker/Dockerfile.linux.amd64
index aaf0049..643888b 100644
--- a/docker/docker/Dockerfile.linux.amd64
+++ b/docker/docker/Dockerfile.linux.amd64
@@ -1,4 +1,4 @@
-FROM docker:28.1.1-dind
+FROM docker:29.2.0-dind
 
 ENV DOCKER_HOST=unix:///var/run/docker.sock
 
@@ -7,7 +7,7 @@ ENV BUILDKIT_PROGRESS=plain
 ENV DOCKER_CLI_EXPERIMENTAL=enabled
 ENV PLUGIN_BUILDKIT_ASSETS_DIR=/buildkit
 
-ARG BUILDX_URL=https://github.com/docker/buildx/releases/download/v0.23.0/buildx-v0.23.0.linux-amd64
+ARG BUILDX_URL=https://github.com/docker/buildx/releases/download/v0.32.0/buildx-v0.32.0.linux-amd64
 
 RUN mkdir -p $HOME/.docker/cli-plugins && \
     wget -O $HOME/.docker/cli-plugins/docker-buildx $BUILDX_URL && \
diff --git a/docker/docker/Dockerfile.linux.arm64 b/docker/docker/Dockerfile.linux.arm64
index 624f01b..0394ce0 100644
--- a/docker/docker/Dockerfile.linux.arm64
+++ b/docker/docker/Dockerfile.linux.arm64
@@ -1,4 +1,4 @@
-FROM arm64v8/docker:28.1.1-dind
+FROM arm64v8/docker:29.2.0-dind
 
 ENV DOCKER_HOST=unix:///var/run/docker.sock
 
@@ -7,7 +7,7 @@ ENV BUILDKIT_PROGRESS=plain
 ENV DOCKER_CLI_EXPERIMENTAL=enabled
 ENV PLUGIN_BUILDKIT_ASSETS_DIR=/buildkit
 
-ARG BUILDX_URL=https://github.com/docker/buildx/releases/download/v0.23.0/buildx-v0.23.0.linux-arm64
+ARG BUILDX_URL=https://github.com/docker/buildx/releases/download/v0.32.0/buildx-v0.32.0.linux-arm64
 
 RUN mkdir -p $HOME/.docker/cli-plugins && \
     wget -O $HOME/.docker/cli-plugins/docker-buildx $BUILDX_URL && \