Skip to content

Docker Registry v2.6.2
Compare
Choose a tag to compare
@stevvooe stevvooe released this 20 Jul 21:20
· 3328 commits to main since this release
v2.6.2
This tag was signed with the committer’s verified signature.
stevvooe Stephen Day
GPG key ID: 67B3DED84EDC823F
Verified
Learn about vigilant mode.
48294d9

This release is a special security release to address an issue allowing
an attacker to force arbitrarily-sized memory allocations in a registry
instance through the manifest endpoint. The problem has been mitigated
by limiting the size of reads for image manifest content.

Details for mitigation are in 29fa466

CVE-2017-11468 has been assigned for this issue.

Changelog

48294d9 Merge pull request #2343 from stevvooe/prepare-2.6.2
04ce686 release: prepare for 2.6.2 release
c829241 Merge pull request #2341 from stevvooe/limit-payload-size-26
29fa466 registry/{storage,handlers}: limit content sizes
42ea75c Merge pull request #2284 from mstanleyjones/release/2.6
ed2b686 Put architecture.md back into distribution repo

Assets 2
Loading