From f44702edcf3b30f418c2f93c2172be4b9a5ebabf Mon Sep 17 00:00:00 2001 From: Usha Mandya Date: Wed, 10 Nov 2021 13:47:50 +0000 Subject: [PATCH 1/4] Explicitly state the hourly timeframe for pull rate limits Signed-off-by: Usha Mandya --- docker-hub/download-rate-limit.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/docker-hub/download-rate-limit.md b/docker-hub/download-rate-limit.md index 81c4b23e6a..faae89268b 100644 --- a/docker-hub/download-rate-limit.md +++ b/docker-hub/download-rate-limit.md @@ -7,12 +7,11 @@ title: Download rate limit ## What is the download rate limit on Docker Hub Docker Hub limits the number of Docker image downloads ("pulls") -based on the account type of the user pulling the image. -See the [pricing page](https://www.docker.com/pricing){: target="_blank" rel="noopener" class="_"} for current options. +based on the account type of the user pulling the image. Pull rates limits are based on individual IP address. For anonymous users, the rate limit is set to 100 pulls per 6 hours per IP address. For [authenticated](#how-do-i-authenticate-pull-requests) users, it is 200 pulls per 6 hour period per IP address. There are no limits for users with a paid Docker subscription. -Some images are unlimited through our [Open Source](https://www.docker.com/blog/expanded-support-for-open-source-software-projects/){: target="_blank" rel="noopener" class="_"} and [Publisher](https://www.docker.com/partners/programs){: target="_blank" rel="noopener" class="_"} programs. +Some images are unlimited through our [Open Source](https://www.docker.com/blog/expanded-support-for-open-source-software-projects/){: target="_blank" rel="noopener" class="_"} and [Publisher](https://www.docker.com/partners/programs){: target="_blank" rel="noopener" class="_"} programs. Unlimited pulls by IP is also available through our [Large Organization](https://www.docker.com/pricing){: target="_blank" rel="noopener" class="_"} plan. -Unlimited pulls by IP is also available through our [Large Organization](https://www.docker.com/pricing){: target="_blank" rel="noopener" class="_"} plan. +See [Docker Pricing](https://www.docker.com/pricing){: target="_blank" rel="noopener" class="_"} and [Resource Consumption Updates FAQ](https://www.docker.com/pricing/resource-consumption-updates){: target="_blank" rel="noopener" class="_"} for details. ## Definition of limits @@ -79,17 +78,17 @@ ratelimit-limit: 100;w=21600 ratelimit-remaining: 76;w=21600 ``` -This means my limit is 100 per 21600 seconds (6 hours), and I have 76 pulls remaining. +This means my limit is 100 pulls per 21600 seconds (6 hours), and I have 76 pulls remaining. > Remember that these headers are best-effort and there will be small variations. ### I don't see any RateLimit headers -If you do not see these headers, that means pulling that image would not count towards pull limits. This could be because you are authenticated with a user associated with a Pro/Team Docker Hub account, or because the image or your IP is unlimited in partnership with a publisher, provider, or an open-source organization. +If you do not see these headers, that means pulling that image would not count towards pull limits. This could be because you are authenticated with a Docker Hub account associated with a Pro, Team, or a Business subscription, or because the image or your IP is unlimited in partnership with a publisher, provider, or an open-source organization. ## I'm being limited even though I have a paid Docker subscription -To take advantage of the higher limits included in a paid Docker subscription, you must [authenticate pulls](#how-do-i-authenticate-pull-requests) with your user account. +To take advantage of the higher limits included in a paid Docker subscription, you must [authenticate pulls](#how-do-i-authenticate-pull-requests) with your user account. A Pro, Team, or a Business tier does not increase limits on your images for other users. See our [Open Source](https://www.docker.com/blog/expanded-support-for-open-source-software-projects/){: target="_blank" rel="noopener" class="_"}, [Publisher](https://www.docker.com/partners/programs){: target="_blank" rel="noopener" class="_"}, or [Large Organization](https://www.docker.com/pricing){: target="_blank" rel="noopener" class="_"} offerings. From d54fb973545a110d0f6b385b81e6c289af0214d6 Mon Sep 17 00:00:00 2001 From: Usha Mandya <47779042+usha-mandya@users.noreply.github.com> Date: Fri, 26 Nov 2021 12:53:40 +0000 Subject: [PATCH 2/4] Remove the 'per ip' limit for authenticated users --- docker-hub/download-rate-limit.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-hub/download-rate-limit.md b/docker-hub/download-rate-limit.md index faae89268b..333d45823b 100644 --- a/docker-hub/download-rate-limit.md +++ b/docker-hub/download-rate-limit.md @@ -7,7 +7,7 @@ title: Download rate limit ## What is the download rate limit on Docker Hub Docker Hub limits the number of Docker image downloads ("pulls") -based on the account type of the user pulling the image. Pull rates limits are based on individual IP address. For anonymous users, the rate limit is set to 100 pulls per 6 hours per IP address. For [authenticated](#how-do-i-authenticate-pull-requests) users, it is 200 pulls per 6 hour period per IP address. There are no limits for users with a paid Docker subscription. +based on the account type of the user pulling the image. Pull rates limits are based on individual IP address. For anonymous users, the rate limit is set to 100 pulls per 6 hours per IP address. For [authenticated](#how-do-i-authenticate-pull-requests) users, it is 200 pulls per 6 hour period. There are no limits for users with a paid Docker subscription. Some images are unlimited through our [Open Source](https://www.docker.com/blog/expanded-support-for-open-source-software-projects/){: target="_blank" rel="noopener" class="_"} and [Publisher](https://www.docker.com/partners/programs){: target="_blank" rel="noopener" class="_"} programs. Unlimited pulls by IP is also available through our [Large Organization](https://www.docker.com/pricing){: target="_blank" rel="noopener" class="_"} plan. From 3d9c6aff712854b04c104fdc348d2df7e9b89028 Mon Sep 17 00:00:00 2001 From: Jake Levirne <51732+jakelevirne@users.noreply.github.com> Date: Sun, 13 Feb 2022 17:10:21 -0500 Subject: [PATCH 3/4] Minor typo - fixed case --- language/nodejs/run-containers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/language/nodejs/run-containers.md b/language/nodejs/run-containers.md index b7cd450ac9..f0ed48a538 100644 --- a/language/nodejs/run-containers.md +++ b/language/nodejs/run-containers.md @@ -95,7 +95,7 @@ CONTAINER ID IMAGE COMMAND CREATED ce02b3179f0f node-docker "docker-entrypoint.s…" 6 minutes ago Up 6 minutes 0.0.0.0:8000->8000/tcp wonderful_kalam ``` -The `ps` command tells a bunch of stuff about our running containers. We can see the Container ID, The image running inside the container, the command that was used to start the container, when it was created, the status, ports that exposed and the name of the container. +The `ps` command tells a bunch of stuff about our running containers. We can see the Container ID, the image running inside the container, the command that was used to start the container, when it was created, the status, ports that exposed and the name of the container. You are probably wondering where the name of our container is coming from. Since we didn’t provide a name for the container when we started it, Docker generated a random name. We’ll fix this in a minute but first we need to stop the container. To stop the container, run the `docker stop` command which does just that, stops the container. You will need to pass the name of the container or you can use the container id. From 8f2705816fd2a9bdf1a08c7bfd1e515b1caae066 Mon Sep 17 00:00:00 2001 From: Mathieu Champlon Date: Thu, 17 Feb 2022 17:29:05 +0100 Subject: [PATCH 4/4] Add CVE mentions with brief descriptions --- desktop/mac/release-notes/index.md | 4 ++++ desktop/windows/release-notes/index.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/desktop/mac/release-notes/index.md b/desktop/mac/release-notes/index.md index ff3a65b6bb..6cbb46d6de 100644 --- a/desktop/mac/release-notes/index.md +++ b/desktop/mac/release-notes/index.md @@ -33,6 +33,10 @@ Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/pro > chip](https://desktop.docker.com/mac/main/arm64/Docker.dmg?utm_source=docker&utm_medium=webreferral&utm_campaign=docs-driven-download-mac-arm64){: > .button .primary-btn } +### Security + +- Fixed [CVE-2021-44719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44719){: target="_blank" rel="noopener" class="_"} where Docker Desktop could be used to access any user file on the host from a container, bypassing the allowed list of shared folders. + ### New - Docker Desktop 4.5.0 introduces a new version of the Docker menu which creates a consistent user experience across all operating systems. For more information, see the blog post [New Docker Menu & Improved Release Highlights with Docker Desktop 4.5](https://www.docker.com/blog/new-docker-menu-improved-release-highlights-with-docker-desktop-4-5/){: target="_blank" rel="noopener" class="_"} diff --git a/desktop/windows/release-notes/index.md b/desktop/windows/release-notes/index.md index 44d1b4f8e7..8ec50c562e 100644 --- a/desktop/windows/release-notes/index.md +++ b/desktop/windows/release-notes/index.md @@ -32,6 +32,10 @@ Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/pro > Windows](https://desktop.docker.com/win/main/amd64/Docker%20Desktop%20Installer.exe?utm_source=docker&utm_medium=webreferral&utm_campaign=docs-driven-download-win-amd64){: > .button .primary-btn } +### Security + +- Fixed [CVE-2022-23774](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23774){: target="_blank" rel="noopener" class="_"} where Docker Desktop allows attackers to move arbitrary files. + ### Bug fixes and minor changes - Fixed an issue that caused new installations to default to the Hyper-V backend instead of WSL 2.