Merge pull request #9081 from docker/relnotes-july-patch

updating relnotes for july patch

ee/dtr/release-notes.md

@@ -21,6 +21,33 @@ to upgrade your installation to the latest release.
 
 # Version 2.6
 
+## 2.6.8
+(2019-7-17)
+
+### Bug fixes
+
+* Fixed a bug where non-admin user repository pagination was broken. (docker/dhe-deploy #10464)
+* Fixed a bug where the `dockersearch` API returned incorrect results when the search query ended in a digit. (docker/dhe-deploy #10434)
+
+### Security
+
+* Bumped the Golang version for DTR to `1.12.7`. (docker/dhe-deploy #10460)
+* Bumped the Alpine version of the base images to `3.9.4`. (docker/dhe-deploy #10460)
+
+### Known issues
+
+* Docker Engine Enterprise Edition (Docker EE) Upgrade
+  * There are [important changes to the upgrade process](/ee/upgrade) that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before `18.09` to version `18.09` or greater. For DTR-specific changes, see [2.5 to 2.6 upgrade](/ee/dtr/admin/upgrade/#25-to-26-upgrade).
+* Web Interface
+  * Poll mirroring for Docker plugins such as `docker/imagefs` is currently broken. (docker/dhe-deploy #9490)
+  * When viewing the details of a scanned image tag, the header may display a different vulnerability count from the layer details. (docker/dhe-deploy #9474)
+  * In order to set a tag limit for pruning purposes, immutability must be turned off for a repository. This limitation is not clear in the **Repository Settings** view. (docker/dhe-deploy #9554)
+* Webhooks
+  * When configured for "Image promoted from repository" events, a webhook notification is triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
+  * HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
+* System
+  * When upgrading from `2.5` to `2.6`, the system will run a `metadatastoremigration` job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](/ee/dtr/admin/upgrade/#25-to-26-upgrade).
+
 ## 2.6.7
 (2019-6-27)
 
@@ -305,6 +332,45 @@ to upgrade your installation to the latest release.
 >
 > Upgrade path from 2.5.x to 2.6: Upgrade directly to 2.6.4.
 
+## 2.5.13
+(2019-07-17)
+
+### Bug fix
+
+* Fixed a bug where the dockersearch API returned incorrect results when the search query ended in a digit. (docker/dhe-deploy #10435)
+
+### Security
+
+* Bumped the Golang version for DTR to `1.12.7`. (docker/dhe-deploy#10463)
+* Bumped the Alpine version of the base images to `3.9.4`. (docker/dhe-deploy#10463)
+
+### Known issues
+
+* Web Interface
+  * The web interface shows "This repository has no tags" in repositories where tags
+  have long names. As a workaround, reduce the length of the name for the
+  repository and tag.
+  * When deleting a repository with signed images, the DTR web interface no longer
+  shows instructions on how to delete trust data.
+  * There's no web interface support to update mirroring policies when rotating the TLS
+  certificates used by DTR. Use the API instead.
+  * The web interface for promotion policies is currently broken if you have a large number
+  of repositories.
+  * Clicking "Save & Apply" on a promotion policy doesn't work.
+* Webhooks
+  * There is no webhook event for when an image is pulled.
+  * HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
+  * When configured for "Image promoted from repository" events, a webhook notification will be triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
+* Online garbage collection
+  * The events API won't report events when tags and manifests are deleted.
+  * The events API won't report blobs deleted by the garbage collection job.
+* Docker EE Advanced features
+  * Scanning any new push after metadatastore migration will not yet work.
+  * Pushes to repos with promotion policies (repo as source) are broken when an
+  image has a layer over 100MB.
+  * On upgrade the scanningstore container may restart with this error message:
+  FATAL:  database files are incompatible with server
+
 ## 2.5.12
 (2019-06-27)
 
@@ -849,9 +915,22 @@ specify `--log-protocol`.
 > **Important DTR Upgrade Information**
 > If you have manifest lists enabled on any of your repositories:
 >
-> Upgrade path from 2.4.x to 2.5: Do not opt into garbage collection, or directly upgrade to 2.5.10 if you need to opt into > garbage collection.
+> Upgrade path from 2.4.x to 2.5: Do not opt into garbage collection, or directly upgrade to 2.5.10 if you need to opt into garbage collection.
 > Upgrade path from 2.5.x to 2.6: Upgrade directly to 2.6.4.
 
+## 2.4.13
+
+(2019-07-17)
+
+### Bug fix
+
+* Fixed a bug where duplicate scan jobs were causing scans to never exit. (docker/dhe-deploy#10314)
+
+### Security
+
+* Bumped the Golang version for DTR to `1.12.7`. (docker/dhe-deploy#10461)
+* Bumped the Alpine version of the base images to `3.9.4`. (docker/dhe-deploy#10461)
+
 ## 2.4.12
 
 (2019-05-06)

engine/release-notes.md

@@ -29,6 +29,22 @@ consistency and compatibility reasons.
 > `sudo apt install docker-ce docker-ce-cli containerd.io`. See the install instructions
 > for the corresponding linux distro for details.
 
+## 18.09.08
+2019-07-17
+
+### Runtime
+
+* Masked the secrets updated to the log files when running Docker Engine in debug mode. [CVE-2019-13509](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509): If a Docker engine is running in debug mode, and `docker stack deploy` is used to redeploy a stack which includes non-external secrets, the logs will contain the secret.
+
+
+### Client
+
+* Fixed rollback config type interpolation for `parallelism` and `max_failure_ratio` fields.
+
+### Known Issue
+
+* There are [important changes](/ee/upgrade) to the upgrade process that, if not correctly followed, can have an impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or later.
+
 ## 18.09.7
 2019-06-27
 
@@ -358,6 +374,14 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d
 
 ## Older Docker Engine EE Release notes
 
+## 18.03.1-ee-10
+
+2019-07-17
+
+## Runtime
+
+* Masked the secrets updated to the log files when running Docker Engine in debug mode. [CVE-2019-13509](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509): If a Docker engine is running in debug mode, and `docker stack deploy` is used to redeploy a stack which includes non-external secrets, the logs will contain the secret.
+
 ## 18.03.1-ee-9
 
 2019-06-27
@@ -518,6 +542,35 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d
 + Support for `--chown` with `COPY` and `ADD` in `Dockerfile`.
 + Added functionality for the `docker logs` command to include the output of multiple logging drivers.
 
+## 17.06.2-ee-23
+2019-07-17
+
+### Runtime
+
+* Masked the secrets updated to the log files when running Docker Engine in debug mode. [CVE-2019-13509](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509): If a Docker engine is running in debug mode, and `docker stack deploy` is used to redeploy a stack which includes non-external secrets, the logs will contain the secret.
+
+### Known issues
+
+* When all Swarm managers are stopped at the same time, the swarm might end up in a
+split-brain scenario. [Learn more](https://success.docker.com/article/KB000759).
+* Under certain conditions, swarm leader re-election may timeout
+  prematurely. During this period, docker commands may fail. Also during
+  this time, creation of globally-scoped networks may be unstable. As a
+  workaround, wait for leader election to complete before issuing commands
+  to the cluster.
+* It's recommended that users create overlay networks with `/24` blocks (the default) of 256 IP addresses when networks are used by services created using VIP-based endpoint-mode (the default). This is because of limitations with Docker Swarm [moby/moby#30820](moby/moby/issues/30820). Users should _not_ work around this by increasing the IP block size. To work around this limitation, either use `dnsrr` endpoint-mode or use multiple smaller overlay networks.
+* Docker may experience IP exhaustion if many tasks are assigned to a single overlay network, for example if many services are attached to that network or because services on the network are scaled to many replicas. The problem may also manifest when tasks are rescheduled because of node failures. In case of node failure, Docker currently waits 24h to release overlay IP addresses. The problem can be diagnosed by looking for `failed to allocate network IP for task` messages in the Docker logs.
+* SELinux enablement is not supported for containers on IBM Z on RHEL because of missing Red Hat package.
+* If a container is spawned on node A, using the same IP of a container destroyed
+on nodeB within 5 min from the time that it exit, the container on node A is
+not reachable until one of these 2 conditions happens:
+
+1. Container on A sends a packet out,
+2. The timer that cleans the arp entry in the overlay namespace is triggered (around 5 minutes).
+
+As a workaround, send at least a packet out from each container like
+(ping, GARP, etc).
+
 ## 17.06.2-ee-22
 2019-06-27
 
@@ -3173,4 +3226,3 @@ use `--detach` to keep the old behaviour.
 #### Windows
 
 * Block pulling Windows images on non-Windows daemons [#29001](https://github.com/docker/docker/pull/29001)
-