Docker Registry 2.5.2
This release is a special security release to address an issue allowing
an attacker to force arbitrarily-sized memory allocations in a registry
instance through the manifest endpoint. The problem has been mitigated
by limiting the size of reads for image manifest content.
Details for mitigation are in 58d239d7.
CVE-2017-11468 has been assigned for this issue.
Changelog
0bae7512 Merge pull request #2344 from stevvooe/prepare-2.5.2
48cb60af release: prepare for 2.5.2 release
2b0952dc Merge pull request #2342 from stevvooe/limit-payload-size-25
58d239d7 registry/{storage,handlers}: limit content sizes
9bc9d212 Merge pull request #2122 from
mstanleyjones/configuration_changes_backport
fcbea606 Improve formatting of configuration.md
6b114e6d Merge pull request #2081 from Windfarer/release/2.5
6c985f7f Update main.go
2c3b616f Merge pull request #2054 from mstanleyjones/2.5_metadata_fixes
5adfbe34 Remove newlines from end of error strings
cfe70793 Satisfy the latest go lint rules
abd2d765 Metadata and formatting fixes needed for Jekyll build
6b3ccf96 Convert Markdown frontmatter to YAML
a8402a22 Merge pull request #1985 from johndmulhausen/master
0a22649f Update to fix lint errors