Docker Registry v2.5.2
This release is a special security release to address an issue allowing
an attacker to force arbitrarily-sized memory allocations in a registry
instance through the manifest endpoint. The problem has been mitigated
by limiting the size of reads for image manifest content.
Details for mitigation are in 58d239d.
CVE-2017-11468 has been assigned for this issue.
Changelog
0bae751 Merge pull request #2344 from stevvooe/prepare-2.5.2
48cb60a release: prepare for 2.5.2 release
2b0952d Merge pull request #2342 from stevvooe/limit-payload-size-25
58d239d registry/{storage,handlers}: limit content sizes
9bc9d21 Merge pull request #2122 from
mstanleyjones/configuration_changes_backport
fcbea60 Improve formatting of configuration.md
6b114e6 Merge pull request #2081 from Windfarer/release/2.5
6c985f7 Update main.go
2c3b616 Merge pull request #2054 from mstanleyjones/2.5_metadata_fixes
5adfbe3 Remove newlines from end of error strings
cfe7079 Satisfy the latest go lint rules
abd2d76 Metadata and formatting fixes needed for Jekyll build
6b3ccf9 Convert Markdown frontmatter to YAML
a8402a2 Merge pull request #1985 from johndmulhausen/master
0a22649 Update to fix lint errors