From 07d11ab01154a0206e99da5244152484873694a9 Mon Sep 17 00:00:00 2001
From: Gus Eggert <gus@gus.dev>
Date: Wed, 9 Mar 2022 10:31:07 -0500
Subject: [PATCH 1/3] fix: listen on loopback for API and gateway ports in
 docker-compose.yaml (#8773)

(cherry picked from commit 816a128aaf963d72c4930852ce32b9a4e31924a1)
---
 docker-compose.yaml | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/docker-compose.yaml b/docker-compose.yaml
index eaf947cb3..447a1474b 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -10,11 +10,18 @@ services:
     environment:
       - IPFS_PATH=/data/ipfs
     ports:
+      # Swarm listens on all interfaces, so is remotely reachable.
       - 4001:4001/tcp
       - 4001:4001/udp
-      - 5001:5001
-      - 8080:8080
-      - 8081:8081
+      
+      # The following ports only listen on the loopback interface, so are not remotely reachable by default.
+      # If you want to override these or add more ports, see https://docs.docker.com/compose/extends/ .
+      
+      # API port, which includes admin operations, so you probably don't want this remotely accessible.
+      - 127.0.0.1:5001:5001
+      
+      # HTTP Gateway
+      - 127.0.0.1:8080:8080
 volumes:
   ipfs_path:
   ipfs_fuse:

From b21eeef406a76cd52e5a3672cd702b93c4baca3d Mon Sep 17 00:00:00 2001
From: Gus Eggert <gus@gus.dev>
Date: Wed, 16 Mar 2022 17:50:11 -0400
Subject: [PATCH 2/3] docs: update changelog v0.12.1

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3d4cbefe2..502c6cc83 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # go-ipfs changelog
 
+## v0.12.1 2022-03-10
+This patch release [fixes](https://github.com/ipfs/go-ipfs/commit/816a128aaf963d72c4930852ce32b9a4e31924a1) a security issue with the `docker-compose.yaml` file, introduced in v0.11.0, in which the IPFS daemon API listens on all interfaces instead of only the loopback interface, which could allow remote callers to control your IPFS daemon. If you use the included `docker-compose.yaml` file, it is recommended to upgrade.
+
 ## v0.12.0 2022-02-17
 
 We're happy to announce go-ipfs 0.12.0. This release switches the storage of IPLD blocks to be keyed by multihash instead of CID.

From 6f9f6b58b5ad784f99c82d9668141bb7ce3ce388 Mon Sep 17 00:00:00 2001
From: Gus Eggert <gus@gus.dev>
Date: Wed, 16 Mar 2022 17:50:31 -0400
Subject: [PATCH 3/3] Release v0.12.1

---
 version.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version.go b/version.go
index 07019c1aa..128abc9e2 100644
--- a/version.go
+++ b/version.go
@@ -4,7 +4,7 @@ package ipfs
 var CurrentCommit string
 
 // CurrentVersionNumber is the current application's version literal
-const CurrentVersionNumber = "0.12.0"
+const CurrentVersionNumber = "0.12.1"
 
 const ApiVersion = "/go-ipfs/" + CurrentVersionNumber + "/"