From 5d1c57932ed2d243795b64c5bfd8913e0562433f Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Tue, 25 Jun 2019 08:19:21 -0400 Subject: [PATCH] Minor syntax fixes --- engine/release-notes.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/engine/release-notes.md b/engine/release-notes.md index c42b5f6d52..74d7bf49de 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -218,22 +218,22 @@ error after being deployed. * Traffic cannot egress the HOST because of missing Iptables rules in the FORWARD chain The missing rules are : -``` -sbin/iptables --wait -C FORWARD -o docker_gwbridge -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -/sbin/iptables --wait -C FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -``` - - Workaround: Add these rules back using a script and cron definitions. The script must contain '-C' - commands to check for the presence of a rule and '-A' commands to add rules back. Run the script on a - cron in regular intervals, for example, every minutes. + ``` + sbin/iptables --wait -C FORWARD -o docker_gwbridge -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + /sbin/iptables --wait -C FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + ``` + - Workaround: Add these rules back using a script and cron definitions. The script + must contain '-C' commands to check for the presence of a rule and '-A' commands to add + rules back. Run the script on a cron in regular intervals, for example, every minutes. - Affected versions: 17.06.2-ee-16, 18.09.1, 19.03.0 * [CVE-2018-15664](https://nvd.nist.gov/vuln/detail/CVE-2018-15664) symlink-exchange attack with directory traversal. Workaround until proper fix is available in upcoming patch release: `docker pause` container before doing file operations. [moby/moby#39252](https://github.com/moby/moby/pull/39252) * `docker cp` regression due to CVE mitigation. An error is produced when the source of `docker cp` is set to `/`. * Install Docker Engine - Enterprise fails to install on RHEL on Azure. This affects any RHEL version that uses an Extended Update Support (EUS) image. At the time of this writing, known versions affected are RHEL 7.4, 7.5, and 7.6. -- Workaround options: - - Use an older image and don't get updates. Examples of EUS images are here: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/rhel-images#rhel-images-with-eus. - - Import your own RHEL images into Azure and do not rely on the Extended Update Support (EUS) RHEL images. - - Use a RHEL image that does not contain a minor version in the SKU. These are not attached to EUS repositories. Some examples of those are the first three images (SKUs: 7-RAW, 7-LVM, 7-RAW-CI) listed here : https://docs.microsoft.com/en-us/azure/virtual-machines/linux/rhel-images#list-of-rhel-images-available. + - Workaround options: + - Use an older image and don't get updates. Examples of EUS images are here: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/rhel-images#rhel-images-with-eus. + - Import your own RHEL images into Azure and do not rely on the Extended Update Support (EUS) RHEL images. + - Use a RHEL image that does not contain a minor version in the SKU. These are not attached to EUS repositories. Some examples of those are the first three images (SKUs: 7-RAW, 7-LVM, 7-RAW-CI) listed here : https://docs.microsoft.com/en-us/azure/virtual-machines/linux/rhel-images#list-of-rhel-images-available. ## 18.09.7 2019-06-25