diff --git a/content/manuals/security/security-announcements.md b/content/manuals/security/security-announcements.md
index 572fcf1663..9b5e49ee0e 100644
--- a/content/manuals/security/security-announcements.md
+++ b/content/manuals/security/security-announcements.md
@@ -4,13 +4,13 @@ keywords: Docker, CVEs, security, notice, Log4J 2, Log4Shell, Text4Shell, announ
title: Docker security announcements
linkTitle: Security announcements
outputs: ["HTML", "markdown", "RSS"]
-type: "security-announcements"
+layout: security-announcements
weight: 80
toc_min: 1
toc_max: 2
---
-{{< rss-button feed="/security/security-announcements/index.xml" text="Subscribe to security RSS feed" >}}
+[Subscribe to security RSS feed](/security/security-announcements/index.xml)
## Docker Desktop 4.54.0 security update: CVE-2025-13743
@@ -94,7 +94,7 @@ _Last updated June, 2024_
Docker is pleased to announce that we have received our SOC 2 Type 2 attestation and ISO 27001 certification with no exceptions or major non-conformities.
-Security is a fundamental pillar to Docker’s operations, which is embedded into our overall mission and company strategy. Docker’s products are core to our user community and our SOC 2 Type 2 attestation and ISO 27001 certification demonstrate Docker’s ongoing commitment to security to our user base.
+Security is a fundamental pillar to Docker's operations, which is embedded into our overall mission and company strategy. Docker's products are core to our user community and our SOC 2 Type 2 attestation and ISO 27001 certification demonstrate Docker's ongoing commitment to security to our user base.
For more information, see the [Blog announcement](https://www.docker.com/blog/docker-announces-soc-2-type-2-attestation-iso-27001-certification/).
@@ -104,7 +104,7 @@ _Last updated February 2, 2024_
We at Docker prioritize the security and integrity of our software and the trust of our users. Security researchers at Snyk Labs identified and reported four security vulnerabilities in the container ecosystem. One of the vulnerabilities, [CVE-2024-21626](https://scout.docker.com/v/CVE-2024-21626), concerns the runc container runtime, and the other three affect BuildKit ([CVE-2024-23651](https://scout.docker.com/v/CVE-2024-23651), [CVE-2024-23652](https://scout.docker.com/v/CVE-2024-23652), and [CVE-2024-23653](https://scout.docker.com/v/CVE-2024-23653)). We want to assure our community that our team, in collaboration with the reporters and open source maintainers, has been diligently working on coordinating and implementing necessary remediations.
-We are committed to maintaining the highest security standards. We have published patched versions of runc, BuildKit, and Moby on January 31 and released an update for Docker Desktop on February 1 to address these vulnerabilities. Additionally, our latest BuildKit and Moby releases included fixes for [CVE-2024-23650](https://scout.docker.com/v/CVE-2024-23650) and [CVE-2024-24557](https://scout.docker.com/v/CVE-2024-24557), discovered respectively by an independent researcher and through Docker’s internal research initiatives.
+We are committed to maintaining the highest security standards. We have published patched versions of runc, BuildKit, and Moby on January 31 and released an update for Docker Desktop on February 1 to address these vulnerabilities. Additionally, our latest BuildKit and Moby releases included fixes for [CVE-2024-23650](https://scout.docker.com/v/CVE-2024-23650) and [CVE-2024-24557](https://scout.docker.com/v/CVE-2024-24557), discovered respectively by an independent researcher and through Docker's internal research initiatives.
| | Versions Impacted |
|:-----------------------|:--------------------------|
@@ -113,7 +113,7 @@ We are committed to maintaining the highest security standards. We have publishe
| `Moby (Docker Engine)` | <= 25.0.1 and <= 24.0.8 |
| `Docker Desktop` | <= 4.27.0 |
-### What should I do if I’m on an affected version?
+### What should I do if I'm on an affected version?
If you are using affected versions of runc, BuildKit, Moby, or Docker Desktop, make sure to update to the latest versions, linked in the following table:
@@ -128,7 +128,7 @@ If you are using affected versions of runc, BuildKit, Moby, or Docker Desktop, m
If you are unable to update to an unaffected version promptly, follow these best practices to mitigate risk:
* Only use trusted Docker images (such as [Docker Official Images](../docker-hub/image-library/trusted-content.md#docker-official-images)).
-* Don’t build Docker images from untrusted sources or untrusted Dockerfiles.
+* Don't build Docker images from untrusted sources or untrusted Dockerfiles.
* If you are a Docker Business customer using Docker Desktop and unable to update to v4.27.1, make sure to enable [Hardened Docker Desktop](/manuals/enterprise/security/hardened-desktop/_index.md) features such as:
* [Enhanced Container Isolation](/manuals/enterprise/security/hardened-desktop/enhanced-container-isolation/_index.md), which mitigates the impact of CVE-2024-21626 in the case of running containers from malicious images.
* [Image Access Management](/manuals/enterprise/security/hardened-desktop/image-access-management.md), and [Registry Access Management](/manuals/enterprise/security/hardened-desktop/registry-access-management.md), which give organizations control over which images and repositories their users can access.
diff --git a/data/security_announcements.yaml b/data/security_announcements.yaml
deleted file mode 100644
index 0290f82dd0..0000000000
--- a/data/security_announcements.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
-announcements:
- - title: "Docker Desktop 4.44.3 security update: CVE-2025-9074"
- date: "2025-08-20"
- anchor: "docker-desktop-4443-security-update-cve-2025-9074"
- summary: "Security fix for CVE-2025-9074"
- description: "Fixed CVE-2025-9074 where a malicious container running on Docker Desktop could access the Docker Engine and launch additional containers without requiring the Docker socket to be mounted. This could allow unauthorized access to user files on the host system. Enhanced Container Isolation (ECI) does not mitigate this vulnerability."
-
- - title: "Docker Desktop 4.44.0 security update: CVE-2025-23266"
- date: "2025-07-31"
- anchor: "docker-desktop-4440-security-update-cve-2025-23266"
- summary: "NVIDIA Container Toolkit vulnerability awareness"
- description: "CVE-2025-23266 is a critical vulnerability affecting the NVIDIA Container Toolkit in CDI mode up to version 1.17.7. Docker Desktop includes version 1.17.8, which is not impacted. However, older versions of Docker Desktop that bundled earlier toolkit versions may be affected if CDI mode was manually enabled. Upgrade to Docker Desktop 4.44 or later to ensure you're using the patched version."
-
- - title: "Docker Desktop 4.43.0 security update: CVE-2025-6587"
- date: "2025-07-03"
- anchor: "docker-desktop-4430-security-update-cve-2025-6587"
- summary: "Security fix for CVE-2025-6587"
- description: "Fixed CVE-2025-6587 where sensitive system environment variables were included in Docker Desktop diagnostic logs, allowing for potential secret exposure."
-
- - title: "Docker Desktop 4.41.0 Security Update: CVE-2025-3224, CVE-2025-4095, and CVE-2025-3911"
- date: "2025-05-15"
- anchor: "docker-desktop-4410-security-update-cve-2025-3224-cve-2025-4095-and-cve-2025-3911"
- summary: "Three security vulnerabilities fixed"
- description: "Three vulnerabilities in Docker Desktop were fixed on April 28 in the 4.41.0 release: CVE-2025-3224 (elevation of privilege during updates), CVE-2025-4095 (Registry Access Management policy bypass on macOS), and CVE-2025-3911 (sensitive information exposure in log files). We strongly encourage updating to Docker Desktop 4.41.0."
-
- - title: "Docker Desktop 4.34.2 Security Update: CVE-2024-8695 and CVE-2024-8696"
- date: "2024-09-13"
- summary: "Docker Extensions RCE vulnerabilities fixed"
- description: "Two remote code execution (RCE) vulnerabilities in Docker Desktop related to Docker Extensions were reported by Cure53 and fixed on September 12 in the 4.34.2 release. CVE-2024-8695 (Critical) and CVE-2024-8696 (High) could be abused by malicious extensions. No existing extensions exploiting the vulnerabilities were found. We strongly encourage updating to Docker Desktop 4.34.2."
-
- - title: "Deprecation of password logins on CLI when SSO enforced"
- date: "2024-07-01"
- anchor: "deprecation-of-password-logins-on-cli-when-sso-enforced"
- summary: "CLI password authentication ending for SSO-enforced organizations"
- description: "When SSO enforcement was first introduced, Docker provided a grace period to continue using passwords on the Docker CLI. On September 16, 2024, this grace period will end and passwords will no longer authenticate to Docker Hub via the Docker CLI when SSO is enforced. Affected users must switch to Personal Access Tokens (PATs) to continue signing in."
-
- - title: "SOC 2 Type 2 attestation and ISO 27001 certification"
- date: "2024-06-01"
- anchor: "soc-2-type-2-attestation-and-iso-27001-certification"
- summary: "Docker achieves security certifications"
- description: "Docker has received SOC 2 Type 2 attestation and ISO 27001 certification with no exceptions or major non-conformities. Security is a fundamental pillar to Docker's operations, and these certifications demonstrate Docker's ongoing commitment to security for our user base."
-
- - title: "Docker Security Advisory: Multiple Vulnerabilities in runc, BuildKit, and Moby"
- date: "2024-02-02"
- anchor: "docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby"
- summary: "Critical container ecosystem vulnerabilities addressed"
- description: "Security researchers at Snyk Labs identified four security vulnerabilities: CVE-2024-21626 (runc), CVE-2024-23651, CVE-2024-23652, CVE-2024-23653 (BuildKit), plus CVE-2024-23650 and CVE-2024-24557. Patched versions were published January 31 with Docker Desktop 4.27.1 released February 1. Update to runc ≥1.1.12, BuildKit ≥0.12.5, Moby ≥25.0.2/24.0.9, and Docker Desktop ≥4.27.1."
-
- - title: "Text4Shell CVE-2022-42889"
- date: "2022-10-01"
- anchor: "text4shell-cve-2022-42889"
- summary: "Apache Commons Text library vulnerability"
- description: "CVE-2022-42889 discovered in Apache Commons Text library. Versions up to but not including 1.10.0 are affected. Docker Hub security scans after October 21, 2021 correctly identify this CVE. Several Docker Official Images contained vulnerable versions and have been updated: bonita, Couchbase, Geonetwork, neo4j, sliverpeas, solr, xwiki."
-
- - title: "Log4j 2 CVE-2021-44228"
- date: "2021-12-01"
- anchor: "log4j-2-cve-2021-44228"
- summary: "Critical Log4j 2 remote code execution vulnerability"
- description: "The Log4j 2 CVE-2021-44228 vulnerability allows remote code execution from easily available contexts. Vulnerable versions are 2.0 to 2.14.1 inclusive. First fixed version is 2.15.0, but 2.17.0 recommended for complete fix due to CVE-2021-45046 and CVE-2021-45105. Docker Hub scans after December 13, 2021 correctly identify Log4j 2 CVEs. Multiple Docker Official Images were affected and updated."
\ No newline at end of file
diff --git a/layouts/_shortcodes/rss-button.html b/layouts/_shortcodes/rss-button.html
deleted file mode 100644
index e2da656bc7..0000000000
--- a/layouts/_shortcodes/rss-button.html
+++ /dev/null
@@ -1,14 +0,0 @@
-{{ $feed := .Get "feed" | default "index.xml" }}
-{{ $text := .Get "text" | default "Subscribe to RSS feed" }}
-
\ No newline at end of file
diff --git a/layouts/security-announcements.rss.xml b/layouts/security-announcements.rss.xml
new file mode 100644
index 0000000000..0e85417236
--- /dev/null
+++ b/layouts/security-announcements.rss.xml
@@ -0,0 +1,19 @@
+{{- $_ := .Content -}}
+
+
+ Docker Docs - Security Announcements
+ Docker security announcements and updates
+ {{ .Permalink }}
+ Hugo -- gohugo.io
+ {{ .Site.LanguageCode | default "en" }}
+ {{ now.Format "Mon, 02 Jan 2006 15:04:05 -0700" | safeHTML }}
+
+ {{- range (index .Fragments.Headings 0).Headings }}
+
+ {{ .Title }}
+ {{ $.Permalink }}#{{ .ID }}
+ security-{{ .ID }}
+
+ {{- end }}
+
+
diff --git a/layouts/security-announcements/rss.xml b/layouts/security-announcements/rss.xml
deleted file mode 100644
index 9e2ace1f4b..0000000000
--- a/layouts/security-announcements/rss.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-
-
- {{- if eq .Type "desktop-release" -}}
- Docker Docs - Docker Desktop Releases
- Docker Desktop release announcements
- {{- else if eq .Type "security-announcements" -}}
- Docker Docs - Security Announcements
- Docker security announcements and updates
- {{- else -}}
- Docker Docs
- Docker documentation updates
- {{- end }}
-
- {{ .Permalink }}
- Hugo -- gohugo.io
- {{ .Site.LanguageCode | default "en" }}
- {{ now.Format "Mon, 02 Jan 2006 15:04:05 -0700" | safeHTML }}
-
-
- {{- if eq .Type "desktop-release" -}}
- {{- $releases := hugo.Data.desktop_release.releases -}}
- {{- range $index, $release := $releases -}}
- {{- if lt $index 20 -}}
-
- Docker Desktop {{ $release.version }} Released
- {{ $.Permalink }}#{{ $release.version }}
- {{ dateFormat "Mon, 02 Jan 2006 15:04:05 -0700" $release.date | safeHTML }}
- docker-desktop-{{ $release.version }}
- {{ printf "
%s
" $release.summary | html }}{{ if $release.highlights }}