Notable Changes
Git sources now support working with SHA-256 based code repositories. #6194
New Checksum has been added to llb.Image to specify verification digest of the image. Unlike the existing digest in the image reference, where digest overrides the tag if both are set, in this mode, the image is resolved by the tag and only verified by checksum. #6234
The remote cache exporter (also used in provenance creation) has been completely rewritten to solve various concurrency and loop issues. There should be no user-visible changes in the cache format itself. #6129
BuildKit daemon now supports a way to add custom fields to the provenance attestation to specify the environment BuildKit is running in. Additional field are picked up from config files in /etc/buildkitd/provenance.d directory. #6210
Containerd executor on Windows now supports HyperVIsolation option. #6224
Included runc container runtime has been updated to v1.3.1 #6236
CNI plugins have been updated to v1.8.0 #6185
Qemu emulation binaries have been updated to v10.0.4. #6215
Fix possible infinite loop when exporting cache #6186
Fix issue where some errors could lose their source or stack information when wrapped with errors.Join. #6226
Multiple fixes to how the builds from Git context are recorded in provenance. #6213
Fix issue where build arguments could be missing in the history record's provenance attestation. #6221
Fix issue where materials=false could be incorrectly set in provenance attestation for a build that used frontend inputs. #6203
Fix not setting the platform in the subject descriptor of the OCI artifact-style attestation manifest. This confused some registries. #6191
Fix some improper formatting in error messages. #6192
Fix issue with checking out annotated tags by full reference. #6244

Deployment:

• gitlab-cloud-runners staging
• gitlab-cloud-runners production
• WMCS and Trusted runners