diff --git a/buildx/working-with-buildx.md b/buildx/working-with-buildx.md index f4b374e2d6..2725dd4b11 100644 --- a/buildx/working-with-buildx.md +++ b/buildx/working-with-buildx.md @@ -14,24 +14,66 @@ multiple nodes concurrently. ## Install -Docker Buildx is included in Docker Desktop and Docker Linux packages when -installed using the [DEB or RPM packages](../engine/install/index.md). +### Windows and macOS -You can also download the latest `buildx` binary from the -[Docker buildx](https://github.com/docker/buildx/releases/latest){:target="_blank" rel="noopener" class="_"} releases page -on GitHub, copy it to `~/.docker/cli-plugins` folder with name -`docker-buildx` and change the permission to execute: +Docker Buildx is included in [Docker Desktop](../desktop/index.md) for Windows +and macOS. -```console -$ chmod a+x ~/.docker/cli-plugins/docker-buildx -``` +### Linux packages -Here is how to use buildx inside a Dockerfile through the +Docker Linux packages also include Docker Buildx when installed using the +[DEB or RPM packages](../engine/install/index.md). + +### Manual download + +> **Important** +> +> This section is for unattended installation of the buildx component. These +> instructions are mostly suitable for testing purposes. We do not recommend +> installing buildx using manual download in production environments as they +> will not be updated automatically with security updates. +> +> On Windows and macOS, we recommend that you install [Docker Desktop](../desktop/index.md) +> instead. For Linux, we recommend that you follow the [instructions specific for your distribution](#linux-packages). +{: .important} + +You can also download the latest binary from the [releases page on GitHub](https://github.com/docker/buildx/releases/latest){:target="_blank" rel="noopener" class="_"}. + +Rename the relevant binary and copy it to the destination matching your OS: + +| OS | Binary name | Destination folder | +| -------- | -------------------- | -----------------------------------------| +| Linux | `docker-buildx` | `$HOME/.docker/cli-plugins` | +| macOS | `docker-buildx` | `$HOME/.docker/cli-plugins` | +| Windows | `docker-buildx.exe` | `%USERPROFILE%\.docker\cli-plugin` | + +Or copy it into one of these folders for installing it system-wide. + +On Unix environments: + +* `/usr/local/lib/docker/cli-plugins` OR `/usr/local/libexec/docker/cli-plugins` +* `/usr/lib/docker/cli-plugins` OR `/usr/libexec/docker/cli-plugins` + +On Windows: + +* `C:\ProgramData\Docker\cli-plugins` +* `C:\Program Files\Docker\cli-plugins` + +> **Note** +> +> On Unix environments, it may also be necessary to make it executable with `chmod +x`: +> ```shell +> $ chmod +x ~/.docker/cli-plugins/docker-buildx +> ``` + +### Dockerfile + +Here is how to install and use Buildx inside a Dockerfile through the [`docker/buildx-bin`](https://hub.docker.com/r/docker/buildx-bin) image: ```dockerfile FROM docker -COPY --from=docker/buildx-bin /buildx /usr/libexec/docker/cli-plugins/docker-buildx +COPY --from=docker/buildx-bin:latest /buildx /usr/libexec/docker/cli-plugins/docker-buildx RUN docker buildx version ``` diff --git a/go/buildx.md b/go/buildx.md new file mode 100644 index 0000000000..537cffc3d7 --- /dev/null +++ b/go/buildx.md @@ -0,0 +1,6 @@ +--- +title: How to install Buildx +description: Instructions on installing Buildx +keywords: Docker, buildx, multi-arch +redirect_to: /buildx/working-with-buildx/#install +--- diff --git a/security/index.md b/security/index.md index f9089058fb..34ca3cef21 100644 --- a/security/index.md +++ b/security/index.md @@ -6,6 +6,19 @@ toc_min: 1 toc_max: 2 --- +## CVE-2021-45449 + +Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the user’s local files. This vulnerability has been fixed in version 4.3.2 or higher. Users should update to this version and may want to update their password. Users should not send local log files to anyone. Users can manually delete their log files, they can be located in the following folder: `~/Library/Containers/com.docker.docker/Data/log/host/` on Mac, and in `C:\Users\\AppData\Roaming\Docker\log\host\` on Windows. When a user installs 4.3.2 or higher, we will delete their local log files, so there is no risk of leakage after an update. + +Additionally, these logs may be included when users upload diagnostics, meaning access tokens and passwords might have been shared with Docker. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1, and the user has logged in while on 4.3.0, 4.3.1 and have gone through the process of submitting diagnostics to Docker. Only Docker support Engineers working on an active support case could have access to the diagnostic files, minimizing leakage risk from these files. We have deleted all potentially sensitive diagnostic files from our data storage and will continue to delete diagnostics reported from the affected versions on an ongoing basis. +For detailed information, see [CVE-2021-45449](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45449){: target="_blank" rel="noopener" class="_"}. + + +### References + +* [Release Notes (Windows)](../desktop/windows/release-notes/index.md) +* [Release Notes (Mac)](../desktop/mac/release-notes/index.md) + ## Log4j 2 CVE-2021-44228 The [Log4j 2 CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228){: @@ -31,14 +44,14 @@ target="_blank" rel="noopener" class="_"}, the fix made in version 2.15.0 was > For a more complete fix to this vulnerability, we recommended that you update to 2.17.0 where possible. {: .important} -## Scan images using the `docker scan` command +### Scan images using the `docker scan` command The configuration for the `docker scan` command previously shipped in Docker Desktop versions 4.3.0 and earlier unfortunately do not detect this vulnerability on scans. You must update your Docker Desktop installation to 4.3.1 or higher to fix this issue. For detailed instructions, see [Scan images for Log4j2 CVE](../engine/scan/index.md#scan-images-for-log4j-2-cve). -## Scan images on Docker Hub +### Scan images on Docker Hub Docker Hub security scans triggered **after 1700 UTC 13 December 2021** are now correctly identifying the Log4j2 CVE. Scans before this date **do not**