diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fcffb71..a45e8c4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -694,6 +694,13 @@ jobs:
 
   allow:
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        buildx-version:
+          - v0.19.0-rc2
+          - v0.18.0
+          - v0.17.1
     steps:
       -
         name: Checkout
@@ -702,7 +709,7 @@ jobs:
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
-          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          version: ${{ matrix.buildx-version }}
           driver-opts: |
             image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
       -
diff --git a/src/context.ts b/src/context.ts
index c2a1e03..499b58f 100644
--- a/src/context.ts
+++ b/src/context.ts
@@ -83,9 +83,13 @@ async function getBakeArgs(inputs: Inputs, definition: BakeDefinition, toolkit:
     args.push(inputs.source);
   }
   if (await toolkit.buildx.versionSatisfies('>=0.17.0')) {
-    if (inputs.allow.length > 0) {
-      args.push('--allow', inputs.allow.join(','));
+    if (await toolkit.buildx.versionSatisfies('>=0.18.0')) {
+      // allow filesystem entitlements by default
+      inputs.allow.push('fs=*');
     }
+    await Util.asyncForEach(inputs.allow, async allow => {
+      args.push('--allow', allow);
+    });
   }
   await Util.asyncForEach(inputs.files, async file => {
     args.push('--file', file);