From a3fab9bf804d126c8c69e2fbb0ed88997e11af37 Mon Sep 17 00:00:00 2001
From: Gabriela Georgieva <gabriela.georgieva@docker.com>
Date: Wed, 3 May 2023 14:22:58 +0200
Subject: [PATCH] Add security fix to the Docker Desktop 4.19 release notes
 (#17235)

Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com>
---
 desktop/release-notes.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/desktop/release-notes.md b/desktop/release-notes.md
index 2bd65893ba..dfe0380c56 100644
--- a/desktop/release-notes.md
+++ b/desktop/release-notes.md
@@ -92,6 +92,7 @@ For frequently asked questions about Docker Desktop releases, see [FAQs](faqs/ge
 
 #### For all platforms
 
+- Fixed a security issue allowing users to bypass Image Access Management (IAM) restrictions configured by their organisation by avoiding `registry.json` enforced login via deleting the `credsStore` key from their Docker CLI configuration file. Only affects Docker Business customers. 
 - Fixed [CVE-2023-24532](https://github.com/advisories/GHSA-x2w5-7wp4-5qff).
 - Fixed [CVE-2023-25809](https://github.com/advisories/GHSA-m8cg-xc2p-r3fc).
 - Fixed [CVE-2023-27561](https://github.com/advisories/GHSA-vpvm-3wq2-2wvm).