The maintainers of curl, the popular command-line tool and library for transferring data with URLs, released curl 8.4.0 on October 11, 2023. This version included a fix for two common vulnerabilities and exposures (CVEs), one of which the curl maintainers rate as “HIGH” severity and described as “probably the worst curl security flaw in a long time.” But you can use Docker Scout to check whether you’re using the curl library as a dependency in any of the container images in your organization.
security
Changes to How Docker Handles Personal Authentication Tokens
Docker is improving the visibility of Docker Desktop and Hub users’ personal access tokens. Specifically, we are changing how tokens are handled across sessions between the two tools. Learn more about this security improvement.
Docker Scout Demo and Q&A
We share highlights from a recent webinar: “Docker Scout: Live Demo, Insights, and Q&A,” which is also now available on-demand.
Container Security and Why It Matters
Container security is the process of using relevant toolings to protect your images from malware and vulnerabilities.
We look at security for containers in a scalable environment and how Docker can help.
Protecting Secrets with Docker
Keeping your secrets secret is an ongoing process, but it’s worth the effort. Learn about Docker features you can use to help prevent leaking secrets.
5 Developer Workstation Security Best Practices
Learn how Hardened Docker Desktop can help you follow the five most critical developer workstation security best practices.
New in Docker Desktop 4.15: Improving Usability and Performance for Easier Builds
Docker Desktop 4.15 is here, packed with usability upgrades to help you find the images you want, manage your containers, discover vulnerabilities, and more.
Find and Fix Vulnerabilities Faster Now that Docker’s a CNA
Docker is now officially a CNA under MITRE, which means you should get better notifications and documentation when we publish a vulnerability.
Security Advisory: High Severity OpenSSL Vulnerabilities
UPDATE: The OpenSSL Project has officially disclosed two high-severity vulnerabilities: CVE-2022-3602 and CVE-2022-3786. These CVEs impact all OpenSSL versions after 3.0. The sole exception is version 3.0.7, which contains fixes for those latest vulnerabilities. Previously, these CVEs were thought to be “critical.” Learn more here.