Merge pull request #14076 from docker/master

Updates from master

config/containers/logging/gelf.md

@@ -52,7 +52,7 @@ You can set the logging driver for a specific container by setting the
 
 ```console
 $ docker run \
-      --log-driver gelf –-log-opt gelf-address=udp://1.2.3.4:12201 \
+      --log-driver gelf --log-opt gelf-address=udp://1.2.3.4:12201 \
       alpine echo hello world
 ```
 

docker-hub/access-tokens.md

@@ -1,5 +1,5 @@
 ---
-title: Managing access tokens
+title: Manage access tokens
 description: Learn how to create and manage your personal Docker Hub access tokens to securely push and pull images programmatically.
 keywords: docker hub, hub, security, PAT, personal access token
 ---

engine/release-notes/index.md

@@ -22,6 +22,57 @@ for Docker Engine.
 
 # Version 20.10
 
+## 20.10.12
+2021-12-13
+
+This release of Docker Engine contains changes in packaging only, and provides
+updates to the `docker scan` and `docker buildx` commands. Versions of `docker scan`
+before v0.11.0 are not able to detect the [Log4j 2 CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228).
+We are shipping an updated version of `docker scan` in this release to help you
+scan your images for this vulnerability.
+
+> **Note**
+>
+> The `docker scan` command on Linux is currently only supported on x86 platforms.
+> We do not yet provide a package for other hardware architectures on Linux.
+
+The `docker scan` feature is provided as a separate package and, depending on your
+upgrade or installation method, 'docker scan' may not be updated automatically to
+the latest version. Use the instructions below to update `docker scan` to the latest
+version. You can also use these instructions to install, or upgrade the `docker scan`
+package without upgrading the Docker Engine:
+
+On `.deb` based distros, such as Ubuntu and Debian:
+
+```console
+$ apt-get update && apt-get install docker-scan-plugin
+```
+
+On rpm-based distros, such as CentOS or Fedora:
+
+```console
+$ yum install docker-scan-plugin
+```
+
+After upgrading, verify you have the latest version of `docker scan` installed:
+
+```console
+$ docker scan --accept-license --version
+Version:    v0.12.0
+Git commit: 1074dd0
+Provider:   Snyk (1.790.0 (standalone))
+```
+
+[Read our blog post on CVE-2021-44228](https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/)
+to learn how to use the `docker scan` command to check if images are vulnerable.
+
+## Packaging
+
+- Update `docker scan` to [v0.12.0](https://github.com/docker/scan-cli-plugin/releases/tag/v0.12.0).
+- Update `docker buildx` to [v0.7.1](https://github.com/docker/buildx/releases/tag/v0.7.1).
+- Update Golang runtime to Go 1.16.12.
+
+
 ## 20.10.11
 2021-11-17
 

language/golang/develop.md

@@ -166,7 +166,7 @@ oliver@hki:~$
 
 ### Meet the example application
 
-Now that we have started and configured the database engine, we can swith our attention to the application. 
+Now that we have started and configured the database engine, we can switch our attention to the application. 
 
 The example application for this module is an extended version of `docker-gs-ping` application we've used in the previous modules. You have two options:
 

single-sign-on/index.md

@@ -1,8 +1,12 @@
 ---
 description: Single Sign-on
 keywords: Single Sign-on, SSO, sign-on
-title: Configure Single Sign-on
+title: Configure Single Sign-on for Administrators
 ---
+> **Update to Single Sign-on**
+>
+>Single Sign-on (SSO) will be available for General Availability (GA) starting mid-January 2022.
+{: .important}
 
 Docker Single Sign-on (SSO) allows users to authenticate using their identity providers (IdPs) to access Docker. Docker currently supports SAML 2.0 and Azure AD IdPs through Auth0. You can enable SSO on organization's that are part of the Docker Business subscription. To upgrade your existing account to a Docker Business subscription, see [Upgrade your subscription](../subscription/upgrade/){:target="blank" rel="noopener" class=""}.
 
@@ -27,6 +31,11 @@ We currently support enabling SSO on a single organization. If you have any user
 * Confirm that all CI/CD pipelines have replaced their passwords with PATs.
 * Test SSO using your domain email address and IdP password to successfully log in and log out of Docker Hub.
 
+## Creating a Personal Access Token (PAT)
+
+Before you configure SSO for your organization, each member of your organization must [create an access token](../docker-hub/access-tokens.md). There is currently a grace period, which will expire in the near future. Before enforcing the usage of PATs, your users will be able to log in from Docker Desktop CLI using their previous credentials during this transition period.
+In addition, all email addresses should be added to your IdP.
+
 ## Configure SSO
 
 To configure SSO, log into [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"} to obtain the **ACS URL** and **Entity IDs** to complete the IdP server configuration process. You can only configure SSO with a single IdP.  When this is complete, log back into [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"} and complete the SSO enablement process.
@@ -35,20 +44,40 @@ To configure SSO, log into [Docker Hub](https://hub.docker.com){: target="_blank
 
 1. Log into [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"} as an administrator and navigate to Organizations and select the organization that you want to enable SSO on.
 2. Click **Settings** and select the Security tab.
-3. Select an authentication method based on your identity provider.
+3. Select an authentication method based on your identity provider. Docker currently supports **SAML 2.0** and **Azure AD**.
-    Note: Docker currently supports **SAML 2.0** and **Azure AD**.
 4. Copy the ID and/or URL in the **Identity Provider Set Up**.
-    Note: for SAML 2.0, copy the Entity ID and ACS URL. For Azure AD, copy your Redirect URL/Reply URL.
+    For SAML 2.0, copy the **Entity ID** and **ACS URL**. For Azure AD, copy your **Redirect URL/Reply URL**.
 5. Log into your IdP to complete the IdP server configuration process. Refer to your IdP documentation for detailed instructions.
-6. Complete the fields in the **Configuration Settings** section and click **Save**.
+6. Complete the fields in the **Configuration Settings** section and click **Save**. If you want to change your IdP, you must delete your existing provider and configure SSO with your new IdP.
 
 ![SSO SAML](images/sso-saml.png){:width="500px"}
 
-### Domain
+### Domain control
 
-1. Click **Add Domain** and specify the email domains that are allowed to authenticate via your server.
+Click Add Domain and specify the corporate domain you’d like to manage with SSO. Domains should be formatted without protocol or www information, for example, yourcompany.com.
-    Note: This should include all email domains users will use to access Docker. Public domains are not permitted, such as gmail.com, outlook.com, etc. Also, the email domain should be set as the primary email.
+
-2. Click **Send Verification** to receive an email for the domains you have specified and verify your domain.
+> **Note**
+   >
+   > This should include all email domains and sub-domains users will use to access Docker.
+   > Public domains are not permitted, such as gmail.com, outlook.com, etc.
+   > Also, the email domain should be set as the primary email.
+
+## Domain verfication
+
+To verify ownership of a domain, add a TXT record to your Domain Name System (DNS) settings.
+
+1. Copy the provided TXT record value and navigate to your DNS host and locate the **Settings** page to add a new record.
+2. Select the option to add a new record and paste the TXT record value into the applicable field. For example, the **Value**, **Answer** or **Description** field.
+
+    Your DNS record may have the following fields:
+    * Record type: enter your 'TXT' record value
+    * Name/Host/Alias: leave the default (@ or blank)
+    * Time to live (TTL): enter **86400**
+
+3. After you have updated the fields, click **Save**.
+
+    Note: It can take up to 72 hours for DNS changes to take effect,  depending on your DNS host. The Domains table will have an Unverified status during this time.
+4. In the Security section of your Docker organization, click **Verify** next to the domain you want to verify after 72 hours.
 
 ### Test your SSO configuration
 
@@ -60,7 +89,7 @@ After you’ve completed the SSO configuration process in Docker Hub, you can te
 ## Enforce SSO in Docker Hub
 
 Before you enforce SSO in Docker Hub, you must complete the following:
-Test SSO by logging in and out successfully, confirm that all members in your org have upgraded to Docker Desktop version 4.4.0, PATs are created for each member,  CI/CD passwords are converted to PAT.
+Test SSO by logging in and out successfully, confirm that all members in your org have upgraded to Docker Desktop version 4.4.0, PATs are created for each member, CI/CD passwords are converted to PAT.
 
 Admins can force users to authenticate with Docker Desktop by provisioning a registry.json configuration file. The registry.json file will force users to authenticate as a user that is configured in the allowedOrgs list in the registry.json file. For info on how to configure a registry.json file see Configure registry.json.