Banjot Chanana

Docker Security Update: CVE-2019-5736 and Container Security Best Practices

On Monday, February 11, Docker released an update to fix a privilege escalation vulnerability (CVE-2019-5736) in runC, the Open Container Initiative (OCI) runtime specification used in Docker Engine and containerd. This vulnerability makes it possible for a malicious actor that has created a specially-crafted container image to gain administrative privileges on the host. Docker engineering worked with runC maintainers on the OCI to issue a patch for this vulnerability. Docker recommends immediately applying the update to avoid any potential security threats. For Docker Engine-Community, this means updating to 18.09.2 or 18.06.3. For Docker Engine- Enterprise, this means updating to 18.09.2, 18.03.1-ee-6, or 17.06.2-ee-19. Read the release notes before applying the update due to specific instructions for Ubuntu and RHEL operating systems. For Docker Desktop, users should download the update for Mac or Windows. Summary of the Docker Engine versions that address the vulnerability:   Continue reading…

Manik Taneja

Introducing Docker Engine 18.09

Last week, we launched Docker Enterprise 2.1 – advancing our leadership in the enterprise container platform market. That platform is built on Docker Engine 18.09 which was also released last week for both Community and Enterprise users. Docker Engine 18.09 represents a significant advancement of the world’s leading container engine, introducing new architectures and features that improve container performance and accelerate adoption for every type of Docker user –  whether you’re a developer, an IT admin, working at a startup or at a large, established company. Built on containerd Docker Engine – Community and Docker Engine – Enterprise both ship with containerd 1.2. Donated and maintained by Docker and under the auspices of the Cloud Native Computing Foundation (CNCF), containerd is being adopted as the primary container runtime across multiple platforms and clouds, while progressing towards Graduation in CNCF. BuildKit Improvements Docker Engine Continue reading…

Jim Armstrong

Get to Know Docker Desktop

Today on the Edge release channels, we released a new beta version of Docker Desktop, the product formerly known as Docker for Windows and Docker for Mac. You can download this new Edge release for both Windows and macOS. Docker Desktop enables you to start coding and containerizing in minutes and is the easiest way to run Docker Engine, Docker Swarm and Kubernetes on Mac and Windows. In addition to simple setup, Docker Desktop also includes other great features and capabilities such as: Fast edit-test cycles with volume mounting for code and data, including file change notifications. If you want to switch from Swarm to Kubernetes for orchestration, it’s a click of a button in the Docker Desktop UI. On Windows desktops, you can develop both Windows and Linux containers with Docker Desktop using a toggle selection in the UI. Docker Desktop handles the setup Continue reading…

Jenny Fong

Top Questions from VMworld 2018

Last week, the Docker team had a chance to interact with the attendees of VMworld to talk about containers and container platforms. We spoke to companies in all stages of their containerization journey – some were just getting started and figuring out where containers may be used, others had started early containerization projects, some had mature container environments. Here are some of the most common questions we were asked. Q: We have developers that are using Docker containers now, but what is the relevancy of containers to me (as an IT or virtualization admin)? A: While developers were the first to adopt containers, there are many benefits of containers for IT: Server consolidation: While virtualization did increase the number of virtual machines per server, studies show that servers are still greatly underutilized. On average, Docker Enterprise customers see 50% greater server Continue reading…

Get the Latest Docker News by Email

Docker Weekly is a newsletter with the latest content on Docker and the agenda for the upcoming weeks.

Andrew Weiss

An Update on the Docker FIPS 140-2 Compliance Initiative

Last year, we announced our pursuit of FIPS 140-2 validation of the Docker Enterprise container platform. This meant starting with the included cryptography components at the Docker Engine foundation to better address the rigorous security requirements of government agencies and others in regulated industries. Over the last year, we’ve progressed through the NIST Cryptographic Module Validation Program (CMVP), from “Implementation Under Test” to “Module In Process” and are nearing full completion of validation. Track our progress online at NIST’s CMVP website and as of this post, we are “Module In Process, Coordination”. We are anticipating full validation of Docker Engine – Enterprise in the coming months. Recently Docker Engine – Enterprise version 18.03 was released, our first to include the FIPS 140-2 compliant modules currently undergoing validation by the NIST CMVP. These modules cover the cryptography elements in Docker Engine – Enterprise and are used when Continue reading…

Patrick Chanezon

Containerd, BuildKit and a Reflection about the Enduring Value of Docker Engine

Two weeks ago was our eighth DockerCon in just four years. Our community of contributors, developers, IT users, enterprises and ecosystem partners has grown exponentially into the millions,  anchored on our founder Solomon Hykes’ simple premise of democratizing the use of the software container. Today as was from the beginning, Docker creates simple tooling and a universal packaging approach that bundles up all application dependencies inside the container.  Docker Engine enables applications to run anywhere consistently on any infrastructure, solving “dependency hell” for developers and operations teams, and eliminating the “it works on my laptop!” problem. In the past 2 years, Docker Engine’s codebase has been refactored into several reusable components, the most important being containerd, the core container runtime, and BuildKit, the part of Docker Engine used to build images. In the contribute and collaborate track at DockerCon, Michael Continue reading…

Dee Kumar

WEBINAR Q&A: Modernize Traditional Applications with Docker Enterprise Edition

This week at DockerCon, we announced the Modernize Traditional Applications (MTA) Program to help enterprises make their existing legacy apps more secure, more efficient and portable to hybrid cloud infrastructure. This webinar covers the importance of “WHY NOW and HOW” to start modernizing traditional applications with Docker Enterprise Edition. Legacy applications often serve critical business needs and have to be maintained for a long time. The maintenance of these applications can become expensive and very time consuming. Some applications may have been written decades ago, grown to millions of lines of code  and the team that built and deployed the app may no longer be at your company. That can pose a challenge for app maintenance, security and support. Docker Enterprise Edition and the Image2Docker Tool presents a unique opportunity to modernize these apps into containers to make them portable, more secure and Continue reading…

Kelly Hackenburg

Docker Announces Expansion To China Through Commercial Partnership with Alibaba Cloud

The containerization movement fueled by Docker has extended across all geographic boundaries since the very beginning. Some of Docker’s earliest success stories were from Chinese based, web-scale companies running Docker in production before Docker had released its 1.0 version. Additionally, through the grass roots efforts of the development community, we have thriving Docker Meetups in 20 of China’s largest cities. This is a testament to the innovative spirit within the Chinese developer community because the ability to deliver great community content from Docker Hub has been highly constrained. That is why a partnership with China’s largest public cloud provider is so significant. Docker, in concert with Alibaba Cloud, is going to deliver a China-based instance of Docker Hub to ensure optimal access and performance to the thousands of Dockerized images that will serve as the foundation of a new generation Continue reading…