From 870e4c15f20ae9518bd0aac4dd677d3a25a67aad Mon Sep 17 00:00:00 2001
From: Kaniska <kaniska244@github.com>
Date: Mon, 19 Jan 2026 06:06:44 +0000
Subject: [PATCH 1/2] [docker-in-docker] - Fix for multiple vulnerability
 issues related to docker compose-switch component.

---
 src/docker-in-docker/README.md                       | 2 +-
 src/docker-in-docker/devcontainer-feature.json       | 4 ++--
 src/docker-in-docker/install.sh                      | 2 +-
 test/docker-in-docker/docker_build.sh                | 1 -
 test/docker-in-docker/docker_buildx.sh               | 1 -
 test/docker-in-docker/docker_compose_v2.sh           | 1 -
 test/docker-in-docker/docker_specific_moby_buildx.sh | 1 -
 7 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/docker-in-docker/README.md b/src/docker-in-docker/README.md
index 3fdbcc312..9c5370c4e 100644
--- a/src/docker-in-docker/README.md
+++ b/src/docker-in-docker/README.md
@@ -22,7 +22,7 @@ Create child containers *inside* a container, independent from the host's docker
 | azureDnsAutoDetection | Allow automatically setting the dockerd DNS server when the installation script detects it is running in Azure | boolean | true |
 | dockerDefaultAddressPool | Define default address pools for Docker networks. e.g. base=192.168.0.0/16,size=24 | string | - |
 | installDockerBuildx | Install Docker Buildx | boolean | true |
-| installDockerComposeSwitch | Install Compose Switch (provided docker compose is available) which is a replacement to the Compose V1 docker-compose (python) executable. It translates the command line into Compose V2 docker compose then runs the latter. | boolean | true |
+| installDockerComposeSwitch | Install Compose Switch (provided docker compose is available) which is a replacement to the Compose V1 docker-compose (python) executable. It translates the command line into Compose V2 docker compose then runs the latter. | boolean | false |
 | disableIp6tables | Disable ip6tables (this option is only applicable for Docker versions 27 and greater) | boolean | false |
 
 ## Customizations
diff --git a/src/docker-in-docker/devcontainer-feature.json b/src/docker-in-docker/devcontainer-feature.json
index 33b0ad31c..56520a200 100644
--- a/src/docker-in-docker/devcontainer-feature.json
+++ b/src/docker-in-docker/devcontainer-feature.json
@@ -1,6 +1,6 @@
 {
     "id": "docker-in-docker",
-    "version": "2.13.0",
+    "version": "2.14.0",
     "name": "Docker (Docker-in-Docker)",
     "documentationURL": "https://github.com/devcontainers/features/tree/main/src/docker-in-docker",
     "description": "Create child containers *inside* a container, independent from the host's docker instance. Installs Docker extension in the container along with needed CLIs.",
@@ -53,7 +53,7 @@
         },
         "installDockerComposeSwitch": {
             "type": "boolean",
-            "default": true,
+            "default": false,
             "description": "Install Compose Switch (provided docker compose is available) which is a replacement to the Compose V1 docker-compose (python) executable. It translates the command line into Compose V2 docker compose then runs the latter."
         },
         "disableIp6tables": {
diff --git a/src/docker-in-docker/install.sh b/src/docker-in-docker/install.sh
index 10f3ef06c..3f30158e5 100755
--- a/src/docker-in-docker/install.sh
+++ b/src/docker-in-docker/install.sh
@@ -16,7 +16,7 @@ AZURE_DNS_AUTO_DETECTION="${AZUREDNSAUTODETECTION:-"true"}"
 DOCKER_DEFAULT_ADDRESS_POOL="${DOCKERDEFAULTADDRESSPOOL:-""}"
 USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}"
 INSTALL_DOCKER_BUILDX="${INSTALLDOCKERBUILDX:-"true"}"
-INSTALL_DOCKER_COMPOSE_SWITCH="${INSTALLDOCKERCOMPOSESWITCH:-"true"}"
+INSTALL_DOCKER_COMPOSE_SWITCH="${INSTALLDOCKERCOMPOSESWITCH:-"false"}"
 MICROSOFT_GPG_KEYS_URI="https://packages.microsoft.com/keys/microsoft.asc"
 MICROSOFT_GPG_KEYS_ROLLING_URI="https://packages.microsoft.com/keys/microsoft-rolling.asc"
 DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES="trixie bookworm buster bullseye bionic focal jammy noble"
diff --git a/test/docker-in-docker/docker_build.sh b/test/docker-in-docker/docker_build.sh
index 322a819fc..a0502fa9e 100755
--- a/test/docker-in-docker/docker_build.sh
+++ b/test/docker-in-docker/docker_build.sh
@@ -9,7 +9,6 @@ source dev-container-features-test-lib
 check "docker-buildx" docker buildx version
 check "docker-build" docker build ./
 
-check "installs compose-switch" bash -c "[[ -f /usr/local/bin/compose-switch ]]"
 check "docker compose" bash -c "docker compose version | grep -E '2.[0-9]+.[0-9]+'"
 check "docker-compose" bash -c "docker-compose --version | grep -E '2.[0-9]+.[0-9]+'"
 
diff --git a/test/docker-in-docker/docker_buildx.sh b/test/docker-in-docker/docker_buildx.sh
index c571596fc..5de764098 100755
--- a/test/docker-in-docker/docker_buildx.sh
+++ b/test/docker-in-docker/docker_buildx.sh
@@ -13,7 +13,6 @@ check "docker-buildx" docker buildx version
 check "docker-build" docker build ./
 
 check "installs docker-compose v1 install" bash -c "type docker-compose"
-check "installs compose-switch" bash -c "[[ -f /usr/local/bin/compose-switch ]]"
 
 # Report result
 reportResults
diff --git a/test/docker-in-docker/docker_compose_v2.sh b/test/docker-in-docker/docker_compose_v2.sh
index 5a512d2c5..aefd40d6e 100755
--- a/test/docker-in-docker/docker_compose_v2.sh
+++ b/test/docker-in-docker/docker_compose_v2.sh
@@ -10,7 +10,6 @@ source dev-container-features-test-lib
 check "docker compose" bash -c "docker compose version | grep -E '2.[0-9]+.[0-9]+'"
 check "docker-compose" bash -c "docker-compose --version | grep -E '2.[0-9]+.[0-9]+'"
 check "installs compose-switch as docker-compose" bash -c "[[ -f /usr/local/bin/docker-compose ]]"
-check "installs compose-switch" bash -c "[[ -f /usr/local/bin/compose-switch ]]"
 
 # Report result
 reportResults
diff --git a/test/docker-in-docker/docker_specific_moby_buildx.sh b/test/docker-in-docker/docker_specific_moby_buildx.sh
index b2d4610a1..8428170e9 100755
--- a/test/docker-in-docker/docker_specific_moby_buildx.sh
+++ b/test/docker-in-docker/docker_specific_moby_buildx.sh
@@ -14,7 +14,6 @@ check "docker-buildx" docker buildx version
 check "docker-build" docker build ./
 
 check "installs docker-compose v1 install" bash -c "type docker-compose"
-check "installs compose-switch" bash -c "[[ -f /usr/local/bin/compose-switch ]]"
 
 # Report result
 reportResults

From 48df1b12ed2d10de16e011ff86f17e92ca2545e1 Mon Sep 17 00:00:00 2001
From: Kaniska <kaniska244@github.com>
Date: Mon, 19 Jan 2026 16:31:27 +0000
Subject: [PATCH 2/2] Corrections in test scripts as per review comment.

---
 test/docker-in-docker/docker_build.sh         |  2 ++
 .../docker_build_with_compose_switch.sh       | 22 +++++++++++++++++++
 test/docker-in-docker/docker_buildx.sh        |  2 ++
 test/docker-in-docker/docker_compose_v2.sh    |  2 ++
 .../docker_specific_moby_buildx.sh            |  2 ++
 test/docker-in-docker/scenarios.json          | 12 ++++++++++
 6 files changed, 42 insertions(+)
 create mode 100644 test/docker-in-docker/docker_build_with_compose_switch.sh

diff --git a/test/docker-in-docker/docker_build.sh b/test/docker-in-docker/docker_build.sh
index a0502fa9e..da5d31a3b 100755
--- a/test/docker-in-docker/docker_build.sh
+++ b/test/docker-in-docker/docker_build.sh
@@ -15,5 +15,7 @@ check "docker-compose" bash -c "docker-compose --version | grep -E '2.[0-9]+.[0-
 check "docker-buildx" bash -c "docker buildx version"
 check "docker-buildx-path" bash -c "ls -la /usr/libexec/docker/cli-plugins/docker-buildx"
 
+check "Not installing compose-switch by default" bash -c "[[ ! -f /usr/local/bin/compose-switch ]]"
+
 # Report result
 reportResults
diff --git a/test/docker-in-docker/docker_build_with_compose_switch.sh b/test/docker-in-docker/docker_build_with_compose_switch.sh
new file mode 100644
index 000000000..ff4f7b58f
--- /dev/null
+++ b/test/docker-in-docker/docker_build_with_compose_switch.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -e
+
+# Optional: Import test library
+source dev-container-features-test-lib
+
+# Definition specific tests
+check "docker-buildx" docker buildx version
+check "docker-build" docker build ./
+
+check "docker compose" bash -c "docker compose version | grep -E '2.[0-9]+.[0-9]+'"
+check "docker-compose" bash -c "docker-compose --version | grep -E '2.[0-9]+.[0-9]+'"
+
+check "docker-buildx" bash -c "docker buildx version"
+check "docker-buildx-path" bash -c "ls -la /usr/libexec/docker/cli-plugins/docker-buildx"
+
+check "installs compose-switch as the flag is on" bash -c "[[ -f /usr/local/bin/compose-switch ]]"
+
+# Report result
+reportResults
+
diff --git a/test/docker-in-docker/docker_buildx.sh b/test/docker-in-docker/docker_buildx.sh
index 5de764098..b66f7c57f 100755
--- a/test/docker-in-docker/docker_buildx.sh
+++ b/test/docker-in-docker/docker_buildx.sh
@@ -14,5 +14,7 @@ check "docker-build" docker build ./
 
 check "installs docker-compose v1 install" bash -c "type docker-compose"
 
+check "Not installing compose-switch by default" bash -c "[[ ! -f /usr/local/bin/compose-switch ]]"
+
 # Report result
 reportResults
diff --git a/test/docker-in-docker/docker_compose_v2.sh b/test/docker-in-docker/docker_compose_v2.sh
index aefd40d6e..854206cd1 100755
--- a/test/docker-in-docker/docker_compose_v2.sh
+++ b/test/docker-in-docker/docker_compose_v2.sh
@@ -11,5 +11,7 @@ check "docker compose" bash -c "docker compose version | grep -E '2.[0-9]+.[0-9]
 check "docker-compose" bash -c "docker-compose --version | grep -E '2.[0-9]+.[0-9]+'"
 check "installs compose-switch as docker-compose" bash -c "[[ -f /usr/local/bin/docker-compose ]]"
 
+check "Not installing compose-switch by default" bash -c "[[ ! -f /usr/local/bin/compose-switch ]]"
+
 # Report result
 reportResults
diff --git a/test/docker-in-docker/docker_specific_moby_buildx.sh b/test/docker-in-docker/docker_specific_moby_buildx.sh
index 8428170e9..a6a7062d6 100755
--- a/test/docker-in-docker/docker_specific_moby_buildx.sh
+++ b/test/docker-in-docker/docker_specific_moby_buildx.sh
@@ -15,5 +15,7 @@ check "docker-build" docker build ./
 
 check "installs docker-compose v1 install" bash -c "type docker-compose"
 
+check "Not installing compose-switch by default" bash -c "[[ ! -f /usr/local/bin/compose-switch ]]"
+
 # Report result
 reportResults
diff --git a/test/docker-in-docker/scenarios.json b/test/docker-in-docker/scenarios.json
index 334cb7798..baeaa6769 100644
--- a/test/docker-in-docker/scenarios.json
+++ b/test/docker-in-docker/scenarios.json
@@ -55,6 +55,18 @@
         },
         "remoteUser": "node"
     },
+    "docker_build_with_compose_switch": {
+        "image": "mcr.microsoft.com/devcontainers/javascript-node:0-18",
+        "features": {
+            "docker-in-docker": {
+                "version": "latest",
+                "moby": "false",
+                "dockerDashComposeVersion": "v2",
+                "installDockerComposeSwitch": true
+            }
+        },
+        "remoteUser": "node"
+    },    
     "docker_build_2": {
         "image": "ubuntu:noble",
         "features": {