From 000f71b2d64ef84724d62ca6cb115aae42eb00ed Mon Sep 17 00:00:00 2001 From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> Date: Thu, 13 Feb 2025 12:26:57 +0000 Subject: [PATCH 1/5] ENGDOCS-2427 (#22026) ## Description ## Related issues or tickets ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --- content/manuals/desktop/features/wsl/_index.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/content/manuals/desktop/features/wsl/_index.md b/content/manuals/desktop/features/wsl/_index.md index d0eadf5526d0..cf84a0e65cc7 100644 --- a/content/manuals/desktop/features/wsl/_index.md +++ b/content/manuals/desktop/features/wsl/_index.md @@ -103,6 +103,15 @@ Docker Desktop does not require any particular Linux distributions to be install > > Note that Docker Desktop version 4.30 and later keeps using the `docker-desktop-data` distribution if it was already created by an earlier version of Docker Desktop and has not been freshly installed or factory reset. +## WSL 2 security in Docker Desktop + +Docker Desktop’s WSL 2 integration operates within the existing security model of WSL and does not introduce additional security risks beyond standard WSL behavior. + +Docker Desktop runs within its own dedicated WSL distribution, `docker-desktop`, which follows the same isolation properties as any other WSL distribution. The only interaction between Docker Desktop and other installed WSL distributions occurs when the Docker Desktop **WSL integration** feature is enabled in settings. This feature allows easy access to the Docker CLI from integrated distributions. + +WSL is designed to facilitate interoperability between Windows and Linux environments. Its file system is accessible from the Windows host `\\wsl$`, meaning Windows processes can read and modify files within WSL. This behavior is not specific to Docker Desktop, but rather a core aspect of WSL itself. + +For organizations concerned about security risks related to WSL and want stricter isolation and security controls, run Docker Desktop in Hyper-V mode instead of WSL 2. ## Additional resources From da13512a3d8dff41195c4d4671d9a0905547be7b Mon Sep 17 00:00:00 2001 From: Nicolas De loof Date: Thu, 13 Feb 2025 14:32:49 +0100 Subject: [PATCH 2/5] Bump compose v2.33.0 (#22025) ## Description Bump compose to v2.33.0 ## Related issues or tickets https://docker.atlassian.net/browse/APCLI-966 ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --------- Signed-off-by: Nicolas De Loof Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> --- _vendor/modules.txt | 2 +- .../manuals/compose/releases/release-notes.md | 39 +++++++++++++++++++ go.mod | 2 +- hugo.yaml | 2 +- 4 files changed, 42 insertions(+), 3 deletions(-) diff --git a/_vendor/modules.txt b/_vendor/modules.txt index ae4caa515541..24989ba511d1 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -2,5 +2,5 @@ # github.com/moby/buildkit v0.19.0 # github.com/docker/buildx v0.20.1 # github.com/docker/cli v27.5.1+incompatible -# github.com/docker/compose/v2 v2.32.4 +# github.com/docker/compose/v2 v2.33.0 # github.com/docker/scout-cli v1.15.0 diff --git a/content/manuals/compose/releases/release-notes.md b/content/manuals/compose/releases/release-notes.md index 3cf8874e34f4..4a93a7da337e 100644 --- a/content/manuals/compose/releases/release-notes.md +++ b/content/manuals/compose/releases/release-notes.md @@ -13,6 +13,45 @@ aliases: For more detailed information, see the [release notes in the Compose repo](https://github.com/docker/compose/releases/). +## 2.33.0 + +{{< release-date date="2025-02-13" >}} + +### Bug fixes and enhancements + +- Introduced a hint to promote the use of [Bake](/build/bake/) +- Introduced support for the `additional_context` attribute referencing another service +- Added support for `BUILDKIT_PROGRESS` +- Compose now warns you when a published Compose application includes environment variables +- Added a `--with-env` flag to publish a Compose application with environment variables +- Updated `ls --quiet` help description +- Fixed multiple issues delegating build to Bake +- Updated help in `stats` command +- Fixed support for "builtin" seccomp profile +- Fixed support for `watch` with multiple services +- Removed exit code per error type used by legacy metrics system +- Fixed test coverage for `compatibility` +- Removed raw os.Args sent to OpenTelemetry +- Enabled copyloopvar linter +- Fixed provenance for binaries and generate SBOM +- Main branch for docs upstream validation is now used +- Added codeowners file +- Added Docker Engine v28.x to the test-matrix + +### Update + +- Dependencies upgrade: Bump compose-go v2.4.8 +- Dependencies upgrade: Bump buildx v0.20.1 +- Dependencies upgrade: Bump docker to v27.5.1 +- Dependencies upgrade: Bump golangci-lint to v1.63.4 +- Dependencies upgrade: Bump golang.org/x/sys from 0.28.0 to 0.30.0 +- Dependencies upgrade: Bump github.com/moby/term v0.5.2 +- Dependencies upgrade: Bump github.com/otiai10/copy from 1.14.0 to 1.14.1 +- Dependencies upgrade: Bump github.com/jonboulle/clockwork from 0.4.0 to 0.5.0 +- Dependencies upgrade: Bump github.com/spf13/pflag from 1.0.5 to 1.0.6 +- Dependencies upgrade: Bump golang.org/x/sync from 0.10.0 to 0.11.0 +- Dependencies upgrade: Bump gotest.tools/v3 from 3.5.1 to 3.5.2 + ## 2.32.4 {{< release-date date="2025-01-16" >}} diff --git a/go.mod b/go.mod index fc8141cfeb4b..01444cbfba7a 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.23.1 require ( github.com/docker/buildx v0.20.1 // indirect github.com/docker/cli v27.5.1+incompatible // indirect - github.com/docker/compose/v2 v2.32.4 // indirect + github.com/docker/compose/v2 v2.33.0 // indirect github.com/docker/scout-cli v1.15.0 // indirect github.com/moby/buildkit v0.19.0 // indirect github.com/moby/moby v27.5.1+incompatible // indirect diff --git a/hugo.yaml b/hugo.yaml index f82c878f764e..8a0fae47d5a5 100644 --- a/hugo.yaml +++ b/hugo.yaml @@ -118,7 +118,7 @@ params: # (Used to show e.g., "latest" and "latest"-1 in engine install examples docker_ce_version_prev: "27.5.0" # Latest Docker Compose version - compose_version: "v2.32.4" + compose_version: "v2.33.0" # Latest BuildKit version buildkit_version: "0.16.0" From 6c3cc9396c089a4ab5969847d2620c561a962653 Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Thu, 13 Feb 2025 09:04:07 -0500 Subject: [PATCH 3/5] security: update manage members and SSO users FAQs (#22021) ## Description - During Kapa triage, I noticed two uncertain answers: one regarding SCIM enablement impact on existing licensed users and one about deleting a user with SSO enabled - These updates address both to improve future Kapa convos and sources - Update to `members.md` that adds a callout about removing members from an org, clarifying that SSO w/ SCIM enabled is a little different (must be done in IdP) - Update to `user-faqs.md` that adds a new FAQ clarifying the impact of enabling SCIM for existing licensed users ## Related issues or tickets - https://docker.atlassian.net/browse/ENGDOCS-2404 - https://docker.atlassian.net/browse/ENGDOCS-2403 ## Reviews - [ ] Technical review - [ ] Editorial review --- content/manuals/admin/organization/members.md | 4 ++++ content/manuals/security/faqs/single-sign-on/users-faqs.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/content/manuals/admin/organization/members.md b/content/manuals/admin/organization/members.md index 8b589eac3959..822c4f195fa1 100644 --- a/content/manuals/admin/organization/members.md +++ b/content/manuals/admin/organization/members.md @@ -141,6 +141,10 @@ To add a member to a team with the Admin Console: ### Remove a member from a team +> [!NOTE] +> +> If your organization uses single sign-on (SSO) with [SCIM](/manuals/security/for-admins/provisioning/scim.md) enabled, you should remove members from your identity provider (IdP). This will automatically remove members from Docker. If SCIM is disabled, you must manually manage members in Docker. + Organization owners can remove a member from a team in Docker Hub or Admin Console. Removing the member from the team will revoke their access to the permitted resources. {{< tabs >}} diff --git a/content/manuals/security/faqs/single-sign-on/users-faqs.md b/content/manuals/security/faqs/single-sign-on/users-faqs.md index 64a9c62ec45a..5488e1fa4485 100644 --- a/content/manuals/security/faqs/single-sign-on/users-faqs.md +++ b/content/manuals/security/faqs/single-sign-on/users-faqs.md @@ -100,3 +100,7 @@ No, we don't differentiate the two in product. ### Is user information visible in Docker Hub? All Docker accounts have a public profile associated with their namespace. If you don't want user information (for example, full name) to be visible, you can remove those attributes from your SSO and SCIM mappings. Alternatively, you can use a different identifier to replace a user's full name. + +### What happens to existing licensed users when SCIM is enabled? + +Enabling SCIM does not immediately remove or modify existing licensed users in your Docker organization. They retain their current access and roles, but after enabling SCIM, you will manage them in your identity provider (IdP). If SCIM is later disabled, previously SCIM-managed users remain in Docker but are no longer automatically updated or removed based on your IdP. \ No newline at end of file From b95f15af10de8e88afc8734263c8651af92b4d87 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Thu, 13 Feb 2025 16:35:14 +0100 Subject: [PATCH 4/5] bake: update files lookup order (#22029) ## Related issues or tickets * fixes https://github.com/docker/docs/issues/22018 ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- content/manuals/build/bake/overrides.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/manuals/build/bake/overrides.md b/content/manuals/build/bake/overrides.md index c3b9f501a126..1d6bd60b7274 100644 --- a/content/manuals/build/bake/overrides.md +++ b/content/manuals/build/bake/overrides.md @@ -55,8 +55,8 @@ If you don't specify any files, Bake will use the following lookup order: 3. `docker-compose.yml` 4. `docker-compose.yaml` 5. `docker-bake.json` -6. `docker-bake.override.json` -7. `docker-bake.hcl` +6. `docker-bake.hcl` +7. `docker-bake.override.json` 8. `docker-bake.override.hcl` If more than one Bake file is found, all files are loaded and merged into a From 98f736896ae0ef964e5db540350f2ed6a8873b0b Mon Sep 17 00:00:00 2001 From: Craig Osterhout <103533812+craig-osterhout@users.noreply.github.com> Date: Thu, 13 Feb 2025 09:46:54 -0800 Subject: [PATCH 5/5] accounts: update nav (#21983) ## Description The account settings screen will now have left navigation. Updated navigation in steps related to "account settings". ## Related issues or tickets ENGDOCS-2415 ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review Signed-off-by: Craig --- .../manuals/accounts/deactivate-user-account.md | 5 +++-- content/manuals/accounts/manage-account.md | 14 +++++++------- .../admin/organization/convert-account.md | 6 +++--- .../security/for-developers/2fa/_index.md | 2 +- .../security/for-developers/2fa/disable-2fa.md | 2 +- .../for-developers/2fa/new-recovery-code.md | 2 +- .../security/for-developers/access-tokens.md | 16 ++++++++++------ 7 files changed, 26 insertions(+), 21 deletions(-) diff --git a/content/manuals/accounts/deactivate-user-account.md b/content/manuals/accounts/deactivate-user-account.md index 8639c5c43c58..887f83f86bfa 100644 --- a/content/manuals/accounts/deactivate-user-account.md +++ b/content/manuals/accounts/deactivate-user-account.md @@ -41,5 +41,6 @@ Once you have completed all the previous steps, you can deactivate your account. 1. Sign in to [Docker Home](https://app.docker.com/login). 2. Select your avatar to open the drop-down menu. 3. Select **Account settings**. -4. In the **Account management** section, select **Deactivate account**. -5. To confirm, select **Deactivate account**. +4. Select **Deactivate**. +5. Select **Deactivate account**. +6. To confirm, select **Deactivate account**. diff --git a/content/manuals/accounts/manage-account.md b/content/manuals/accounts/manage-account.md index 316a8d654e3b..0372d3f54a9e 100644 --- a/content/manuals/accounts/manage-account.md +++ b/content/manuals/accounts/manage-account.md @@ -17,7 +17,7 @@ You can centrally manage the settings for your Docker account using Docker Home. 2. In Docker Home, select your avatar in the top-right corner to open the drop-down. 3. Select **Account settings**. -From the Account settings page, you can take any of the following actions. +From the Account Center page, you can take any of the following actions. ### Update account information @@ -35,7 +35,7 @@ Make your changes here, then select **Save** to save your settings. ### Update email address -To update your email address, select the arrow icon. +To update your email address, select **Email**. 1. Enter your new email address. 2. Enter your password to confirm the change. @@ -47,22 +47,22 @@ Once you verify your email address, your account information will update. You can change your password by initiating a password reset via email. -To change your password, select **Reset password**. +To change your password, select **Password** and then **Reset password**. Follow the instructions in the password reset email. ## Manage security settings -You can manage the security settings for your account in Docker Home. - +To update your two-factor authentication (2FA) settings, select **2FA**. For information on two-factor authentication (2FA) for your account, see [Enable two-factor authentication](../security/for-developers/2fa/_index.md) to get started. +To manage personal access tokens, select **Personal access tokens**. For information on personal access tokens, see [Create and manage access tokens](../security/for-developers/access-tokens.md). ## Account management -You can take administrative actions for your account in Docker Home. - +To convert your account into an organization, select **Convert**. For more information on converting your account, see [Convert an account into an organization](../admin/organization/convert-account.md). +To deactivate your account, select **Deactivate**. For information on deactivating your account, see [Deactivating a user account](./deactivate-user-account.md). diff --git a/content/manuals/admin/organization/convert-account.md b/content/manuals/admin/organization/convert-account.md index da6eaada9b3f..3ac7f86f965e 100644 --- a/content/manuals/admin/organization/convert-account.md +++ b/content/manuals/admin/organization/convert-account.md @@ -60,10 +60,10 @@ Consider the following effects of converting your account: 4. Select **Account settings**. -5. In the **Account management** section, select **Convert account**. +5. Select **Convert**. 6. Review the warning displayed about converting a user account. This action cannot be undone and has considerable implications for your assets and the account. -7. Enter a **Docker ID** to set an organization owner. This is the user account that will manage the organization, and the only way to access the organization settings after conversion. You cannot use the same Docker ID as the account you are trying to convert. +7. Enter a **Username of new owner** to set an organization owner. This is the user account that will manage the organization, and the only way to access the organization settings after conversion. You cannot use the same Docker ID as the account you are trying to convert. -8. Select **Confirm and purchase** to confirm. The new owner receives a notification email. Use that owner account to sign in and manage the new organization. +8. Select **Confirm**. The new owner receives a notification email. Use that owner account to sign in and manage the new organization. diff --git a/content/manuals/security/for-developers/2fa/_index.md b/content/manuals/security/for-developers/2fa/_index.md index 70c17401f3b5..89ba99f6a42e 100644 --- a/content/manuals/security/for-developers/2fa/_index.md +++ b/content/manuals/security/for-developers/2fa/_index.md @@ -27,7 +27,7 @@ Authenticator with a registered YubiKey. 1. Sign in to your [Docker account](https://app.docker.com/login). 2. Select your avatar and then from the drop-down menu, select **Account settings**. -3. Navigate to the **Security** section, then select **Two-factor authentication**. +3. Select **2FA**. 4. Enter your account password, then select **Confirm**. 5. Save your recovery code and store it somewhere safe. You can use your recovery code to recover your account in the event you lose access to your authenticator app. 6. Use a Time-based One-time password (TOTP) mobile app to scan the QR code or enter the text code. diff --git a/content/manuals/security/for-developers/2fa/disable-2fa.md b/content/manuals/security/for-developers/2fa/disable-2fa.md index a0fbb74027a9..213e1f679d28 100644 --- a/content/manuals/security/for-developers/2fa/disable-2fa.md +++ b/content/manuals/security/for-developers/2fa/disable-2fa.md @@ -16,6 +16,6 @@ weight: 30 1. Sign in to your [Docker account](https://app.docker.com/login). 2. Select your avatar and then from the drop-down menu, select **Account settings**. -3. Navigate to the **Security** section, then select **Two-factor authentication**. +3. Select **2FA**. 4. Enter your password, then select **Confirm**. 5. Select **Disable 2FA**. diff --git a/content/manuals/security/for-developers/2fa/new-recovery-code.md b/content/manuals/security/for-developers/2fa/new-recovery-code.md index e608ff55147b..5c19cda2258a 100644 --- a/content/manuals/security/for-developers/2fa/new-recovery-code.md +++ b/content/manuals/security/for-developers/2fa/new-recovery-code.md @@ -13,7 +13,7 @@ access to your Docker Hub account, you can generate a new recovery code. 1. Sign in to your [Docker account](https://app.docker.com/login). 2. Select your avatar and then from the drop-down menu, select **Account settings**. -3. Navigate to the **Security** section, then select **Manage Two-Factor Authentication**. +3. Select **2FA**. 4. Enter your password, then select **Confirm**. 5. Select **Generate new code**. diff --git a/content/manuals/security/for-developers/access-tokens.md b/content/manuals/security/for-developers/access-tokens.md index bda7607ba60f..1c61509edfda 100644 --- a/content/manuals/security/for-developers/access-tokens.md +++ b/content/manuals/security/for-developers/access-tokens.md @@ -29,7 +29,7 @@ Use the Docker Admin Console to create an access token. 2. Select your avatar in the top-right corner and from the drop-down menu select **Account settings**. -3. In the **Security** section, select **Personal access tokens**. +3. Select **Personal access tokens**. 4. Select **Generate new token**. @@ -79,13 +79,17 @@ You can rename, activate, deactivate, or delete a token as needed. You can manag 2. Select your avatar in the top-right corner and from the drop-down menu select **Account settings**. -3. In the **Security** section, select **Personal access tokens**. - This page shows an overview of all your tokens, and lists if the token was generated manually or if it was [auto-generated](#auto-generated-tokens). You can also view the number - of tokens that are activated and deactivated in the toolbar. +3. Select **Personal access tokens**. -4. Select the actions menu on the far right of a token row, then select **Deactivate**, **Edit**, or **Delete** to modify the token. + This page shows an overview of all your + tokens, and lists if the token was generated manually or if it was + [auto-generated](#auto-generated-tokens). You can also view the scope of the + tokens, which tokens are activate and inactive, when they were created, when + they were last used, and their expiration date. -5. After modifying the token, select **Save token**. +4. Select the actions menu on the far right of a token row, then select **Deactivate** or **Activate**, **Edit**, or **Delete** to modify the token. + +5. After editing the token, select **Save token**. ## Auto-generated tokens