security
-
New in Docker Desktop 4.15: Improving Usability and Performance for Easier Builds
Docker Desktop 4.15 is here, packed with usability upgrades to help you find the images you want, manage your containers, discover vulnerabilities, and more.
Read now
-
Find and Fix Vulnerabilities Faster Now that Docker’s a CNA
Docker is now officially a CNA under MITRE, which means you should get better notifications and documentation when we publish a vulnerability.
Read now
-
Security Advisory: High Severity OpenSSL Vulnerabilities
UPDATE: The OpenSSL Project has officially disclosed two high-severity vulnerabilities: CVE-2022-3602 and CVE-2022-3786. These CVEs impact all OpenSSL versions after 3.0. The sole exception is version 3.0.7, which contains fixes for those latest vulnerabilities. Previously, these CVEs were thought to be “critical.” Learn more here.
Read now
-
Security Advisory: CVE-2022-42889 “Text4Shell”
Learn more about the CVE-2022-42889, aka “Text4Shell” vulnerability in the “Apache Commons Text” Java library — and how Docker Security Scans identify it.
Read now
-
What is the Best Container Security Workflow for Your Organization?
Find the best container security workflow for your company with these key takeaways from DockerCon. We’ll cover mindset, structure, toolsets, and more.
Read now
-
The Impacts of an Insecure Software Supply Chain
Today, software regularly integrates open-source code from third-party sources into applications. While this practice empowers developers to create more capable software in a shorter time frame, it brings with it the risk of introducing inadequately vetted code. How aware are we of the security of our open-source code? Most of us use pip or npm…
Read now
-
Apache Log4j 2 CVE-2021-44228
Update: 13 December 2021 As an update to CVE-2021-44228, the fix made in version 2.15.0 was incomplete in certain non-default configurations. An additional issue was identified and is tracked with CVE-2021-45046. For a more complete fix to this vulnerability, it’s recommended to update to Log4j2 2.16.0. ————————————————————————————- Original post below has now been updated: 15…
Read now
-
Building a healthy and secure software supply chain
Securing the software supply chain is now an everyday concern for developers. As attackers increasingly target open-source components as a way to compromise the software supply chain, developers hold the keys to making their projects as secure as they can be. That’s why Docker continues to invest heavily in our developer tools like Docker Desktop…
Read now