docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14103 from docker/master 

Publish updates from master
This commit is contained in:
Usha Mandya 2022-01-13 21:29:48 +05:30 committed by GitHub
parent 40ade1ab89 8d12a2de7e
commit 2b825a8a54
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 74 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
buildx/working-with-buildx.md
View File

@ -14,24 +14,66 @@ multiple nodes concurrently.
## Install ## Install
Docker Buildx is included in Docker Desktop and Docker Linux packages when ### Windows and macOS
installed using the [DEB or RPM packages](../engine/install/index.md).
You can also download the latest `buildx` binary from the Docker Buildx is included in [Docker Desktop](../desktop/index.md) for Windows
[Docker buildx](https://github.com/docker/buildx/releases/latest){:target="_blank" rel="noopener" class="_"} releases page and macOS.
on GitHub, copy it to `~/.docker/cli-plugins` folder with name
`docker-buildx` and change the permission to execute:
```console ### Linux packages
$ chmod a+x ~/.docker/cli-plugins/docker-buildx
```
Here is how to use buildx inside a Dockerfile through the Docker Linux packages also include Docker Buildx when installed using the
[DEB or RPM packages](../engine/install/index.md).
### Manual download
> **Important**
>
> This section is for unattended installation of the buildx component. These
> instructions are mostly suitable for testing purposes. We do not recommend
> installing buildx using manual download in production environments as they
> will not be updated automatically with security updates.
>
> On Windows and macOS, we recommend that you install [Docker Desktop](../desktop/index.md)
> instead. For Linux, we recommend that you follow the [instructions specific for your distribution](#linux-packages).
{: .important}
You can also download the latest binary from the [releases page on GitHub](https://github.com/docker/buildx/releases/latest){:target="_blank" rel="noopener" class="_"}.
Rename the relevant binary and copy it to the destination matching your OS:
| OS | Binary name | Destination folder |
| -------- | -------------------- | -----------------------------------------|
| Linux | `docker-buildx` | `$HOME/.docker/cli-plugins` |
| macOS | `docker-buildx` | `$HOME/.docker/cli-plugins` |
| Windows | `docker-buildx.exe` | `%USERPROFILE%\.docker\cli-plugin` |
Or copy it into one of these folders for installing it system-wide.
On Unix environments:
* `/usr/local/lib/docker/cli-plugins` OR `/usr/local/libexec/docker/cli-plugins`
* `/usr/lib/docker/cli-plugins` OR `/usr/libexec/docker/cli-plugins`
On Windows:
* `C:\ProgramData\Docker\cli-plugins`
* `C:\Program Files\Docker\cli-plugins`
> **Note**
>
> On Unix environments, it may also be necessary to make it executable with `chmod +x`:
> ```shell
> $ chmod +x ~/.docker/cli-plugins/docker-buildx
> ```
### Dockerfile
Here is how to install and use Buildx inside a Dockerfile through the
[`docker/buildx-bin`](https://hub.docker.com/r/docker/buildx-bin) image: [`docker/buildx-bin`](https://hub.docker.com/r/docker/buildx-bin) image:
```dockerfile ```dockerfile
FROM docker FROM docker
COPY --from=docker/buildx-bin /buildx /usr/libexec/docker/cli-plugins/docker-buildx COPY --from=docker/buildx-bin:latest /buildx /usr/libexec/docker/cli-plugins/docker-buildx
RUN docker buildx version RUN docker buildx version
``` ```

6
go/buildx.md Normal file
View File

@ -0,0 +1,6 @@
---
title: How to install Buildx
description: Instructions on installing Buildx
keywords: Docker, buildx, multi-arch
redirect_to: /buildx/working-with-buildx/#install
---

17
security/index.md
View File

@ -6,6 +6,19 @@ toc_min: 1
toc_max: 2 toc_max: 2
--- ---
## CVE-2021-45449
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or password) on the user's machine during login. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1 and the user has logged in while on 4.3.0, 4.3.1. Gaining access to this data would require having access to the users local files. This vulnerability has been fixed in version 4.3.2 or higher. Users should update to this version and may want to update their password. Users should not send local log files to anyone. Users can manually delete their log files, they can be located in the following folder: `~/Library/Containers/com.docker.docker/Data/log/host/` on Mac, and in `C:\Users\<username>\AppData\Roaming\Docker\log\host\` on Windows. When a user installs 4.3.2 or higher, we will delete their local log files, so there is no risk of leakage after an update.
Additionally, these logs may be included when users upload diagnostics, meaning access tokens and passwords might have been shared with Docker. This only affects users if they are on Docker Desktop 4.3.0, 4.3.1, and the user has logged in while on 4.3.0, 4.3.1 and have gone through the process of submitting diagnostics to Docker. Only Docker support Engineers working on an active support case could have access to the diagnostic files, minimizing leakage risk from these files. We have deleted all potentially sensitive diagnostic files from our data storage and will continue to delete diagnostics reported from the affected versions on an ongoing basis.
For detailed information, see [CVE-2021-45449](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45449){: target="_blank" rel="noopener" class="_"}.
### References
* [Release Notes (Windows)](../desktop/windows/release-notes/index.md)
* [Release Notes (Mac)](../desktop/mac/release-notes/index.md)
## Log4j 2 CVE-2021-44228 ## Log4j 2 CVE-2021-44228
The [Log4j 2 CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228){: The [Log4j 2 CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228){:
@ -31,14 +44,14 @@ target="_blank" rel="noopener" class="_"}, the fix made in version 2.15.0 was
> For a more complete fix to this vulnerability, we recommended that you update to 2.17.0 where possible. > For a more complete fix to this vulnerability, we recommended that you update to 2.17.0 where possible.
{: .important} {: .important}
## Scan images using the `docker scan` command ### Scan images using the `docker scan` command
The configuration for the `docker scan` command previously shipped in Docker The configuration for the `docker scan` command previously shipped in Docker
Desktop versions 4.3.0 and earlier unfortunately do not detect this Desktop versions 4.3.0 and earlier unfortunately do not detect this
vulnerability on scans. You must update your Docker Desktop installation to vulnerability on scans. You must update your Docker Desktop installation to
4.3.1 or higher to fix this issue. For detailed instructions, see [Scan images for Log4j2 CVE](../engine/scan/index.md#scan-images-for-log4j-2-cve). 4.3.1 or higher to fix this issue. For detailed instructions, see [Scan images for Log4j2 CVE](../engine/scan/index.md#scan-images-for-log4j-2-cve).
## Scan images on Docker Hub ### Scan images on Docker Hub
Docker Hub security scans triggered **after 1700 UTC 13 December 2021** are now Docker Hub security scans triggered **after 1700 UTC 13 December 2021** are now
correctly identifying the Log4j2 CVE. Scans before this date **do not** correctly identifying the Log4j2 CVE. Scans before this date **do not**