Merge pull request #22631 from docker/published-update

publish updates from main

Author: sarahsanders-docker

Dockerfile

@@ -2,7 +2,7 @@
 # check=skip=InvalidBaseImagePlatform
 
 ARG ALPINE_VERSION=3.21
-ARG GO_VERSION=1.23.8
+ARG GO_VERSION=1.24
 ARG HTMLTEST_VERSION=0.17.0
 ARG HUGO_VERSION=0.141.0
 ARG NODE_VERSION=22

content/manuals/build/metadata/annotations.md

@@ -11,7 +11,7 @@ arbitrary information and attach it to your image, which helps consumers and
 tools understand the origin, contents, and how to use the image.
 
 Annotations are similar to, and in some sense overlap with, [labels]. Both
-serve the same purpose: attach metadata to a resource. As a general principle,
+serve the same purpose: to attach metadata to a resource. As a general principle,
 you can think of the difference between annotations and labels as follows:
 
 - Annotations describe OCI image components, such as [manifests], [indexes],
@@ -68,7 +68,7 @@ For examples on how to add annotations to images built with GitHub Actions, see
 You can also add annotations to an image created using `docker buildx
 imagetools create`. This command only supports adding annotations to an index
 or manifest descriptors, see
-[CLI reference](/reference/cli/docker/buildx/imagetools/create.md#annotations).
+[CLI reference](/reference/cli/docker/buildx/imagetools/create.md#annotation).
 
 ## Inspect annotations
 

content/manuals/desktop/setup/install/enterprise-deployment/faq.md

@@ -83,4 +83,18 @@ Add-LocalGroupMember -Group $Group -Member $CurrentUser
 
 > [!NOTE]
 >
-> After adding a new user to the `docker-users` group, the user must sign out and then sign back in for the changes to take effect.
+> After adding a new user to the `docker-users` group, the user must sign out and then sign back in for the changes to take effect.
+
+## MDM
+
+Common questions about deploying Docker Desktop using mobile device management
+(MDM) tools such as Jamf, Intune, or Workspace ONE.
+
+### Why doesn't my MDM tool apply all Docker Desktop configuration settings at once?
+
+Some MDM tools, such as Workspace ONE, may not support applying multiple
+configuration settings in a single XML file. In these cases, you may need to
+deploy each setting in a separate XML file.
+
+Refer to your MDM provider's documentation for specific deployment
+requirements or limitations.

content/manuals/docker-hub/repos/manage/access.md

@@ -132,3 +132,42 @@ To configure team repository permissions:
 Organizations can use OATs. OATs let you assign fine-grained repository access
 permissions to tokens. For more details, see [Organization access
 tokens](/manuals/security/for-admins/access-tokens.md).
+
+## Gated distribution
+
+{{< summary-bar feature_name="Gated distribution" >}}
+
+Gated distribution allows publishers to securely share private container images with external customers or partners, without giving them full organization access or visibility into your teams, collaborators, or other repositories.
+
+This feature is ideal for commercial software publishers who want to control who can pull specific images while preserving a clean separation between internal users and external consumers.
+
+### Key features
+
+- **Private repository distribution**: Content is stored in private repositories and only accessible to explicitly invited users.
+
+- **External access without organization membership**: External users don't need to be added to your internal organization to pull images.
+
+- **Pull-only permissions**: External users receive pull-only access and cannot push or modify repository content.
+
+- **Invite-only access**: Access is granted through authenticated email invites, managed via API.
+
+### Invite distributor members via API
+
+> [!NOTE]
+> When you invite members, you assign them a role. See [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md) for details about the access permissions for each role.
+
+Distributor members (used for gated distribution) can only be invited using the Docker Hub API. UI-based invitations are not currently supported for this role. To invite distributor members, use the Bulk create invites API endpoint.
+
+To invite distributor members:
+
+1. Use the [Authentication API](https://docs.docker.com/reference/api/hub/latest/#tag/authentication-api/operation/AuthCreateAccessToken) to generate a bearer token for your Docker Hub account.
+
+2. Create a team in the Hub UI or use the [Teams API](https://docs.docker.com/reference/api/hub/latest/#tag/groups/paths/~1v2~1orgs~1%7Borg_name%7D~1groups/post).
+
+3. Grant repository access to the team:
+   - In the Hub UI: Navigate to your repository settings and add the team with "Read-only" permissions
+   - Using the [Repository Teams API](https://docs.docker.com/reference/api/hub/latest/#tag/repositories/paths/~1v2~1repositories~1%7Bnamespace%7D~1%7Brepository%7D~1groups/post): Assign the team to your repositories with "read-only" access level
+
+4. Use the [Bulk create invites endpoint](https://docs.docker.com/reference/api/hub/latest/#tag/invites/paths/~1v2~1invites~1bulk/post) to send email invites with the distributor member role. In the request body, set the "role" field to "distributor_member".
+
+5. The invited user will receive an email with a link to accept the invite. After signing in with their Docker ID, they'll be granted pull-only access to the specified private repository as a distributor member.

content/manuals/engine/install/debian.md

@@ -42,6 +42,7 @@ To get started with Docker Engine on Debian, make sure you
 To install Docker Engine, you need the 64-bit version of one of these Debian
 versions:
 
+- Debian Trixie 13 (testing)
 - Debian Bookworm 12 (stable)
 - Debian Bullseye 11 (oldstable)
 
@@ -144,7 +145,7 @@ Docker from the repository.
    ```console
    $ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
    ```
-  
+
    {{< /tab >}}
    {{< tab name="Specific version" >}}
 

content/manuals/engine/install/fedora.md

@@ -26,8 +26,9 @@ To get started with Docker Engine on Fedora, make sure you
 To install Docker Engine, you need a maintained version of one of the following
 Fedora versions:
 
-- Fedora 40
+- Fedora 42
 - Fedora 41
+- Fedora 40
 
 ### Uninstall old versions
 

content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md

@@ -12,70 +12,73 @@ weight: 10
 
 {{< summary-bar feature_name="Hardened Docker Desktop" >}}
 
-Settings Management helps you control key Docker Desktop settings, like proxies and network configurations, on your developers' machines within your organization.
-
-For an extra layer of security, you can also use Settings Management to enable and lock in [Enhanced Container Isolation](../enhanced-container-isolation/_index.md), which prevents containers from modifying any Settings Management configurations.
+Settings Management lets administrators configure and enforce Docker Desktop
+settings across ennd-user machines. It helps maintain consistent configurations
+and enhances security within your organization.
 
 ## Who is it for?
 
-- For organizations that want to configure Docker Desktop to be within their organization's centralized control.
-- For organizations that want to create a standardized Docker Desktop environment at scale.
-- For Docker Business customers who want to confidently manage their use of Docker Desktop within tightly regulated environments.
+Settings Management is designed for organizations that:
+
+- Require centralized control over Docker Desktop configurations.
+- Aim to standardize Docker Desktop environments across teams.
+- Operate in regulated environments and need to enforce compliance.
 
-## How does it work?
+This feature is available with a Docker Business subscription.
 
-You can configure several Docker Desktop settings using either:
+## How it works
 
- - An `admin-settings.json` file. This file is located on the Docker Desktop host and can only be accessed by developers with root or administrator privileges.
- - Creating a settings policy in the Docker Admin Console.
+Administrators can define settings using one of the following methods:
 
-Settings that are defined by an administrator override any previous values set by developers and ensure that these cannot be modified.
+- [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md): Create and assign settings policies through the
+Docker Admin Console.
+- [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md): Place a configuration file on the
+user's machine to enforce settings.
 
-## What features can I configure with Settings Management?
+Enforced settings override user-defined configurations and can't be modified
+by developers.
 
-Using the `admin-settings.json` file, you can:
+## Configurable settings
 
-- Turn on and lock in [Enhanced Container Isolation](../enhanced-container-isolation/_index.md)
-- Configure HTTP proxies
-- Configure network settings
-- Configure Kubernetes settings
-- Enforce the use of WSL 2 based engine or Hyper-V
-- Enforce the use of Rosetta for x86_64/amd64 emulation on Apple Silicon
-- Configure Docker Engine
-- Turn off Docker Desktop's ability to checks for updates
-- Turn off Docker Extensions
-- Turn off Docker Scout SBOM indexing
-- Turn off beta and experimental features
-- Turn off Docker AI ([Ask Gordon](/manuals/ai/gordon/_index.md))
-- Turn off Docker Desktop's onboarding survey
-- Control whether developers can use the Docker terminal
-- Control the file sharing implementation for your developers on macOS
-- Specify which paths your developers can add file shares to
-- Configure Air-gapped containers
+Settings Management supports a broad range of Docker Desktop features,
+including proxies, network configurations, and container isolation.
 
-For more details on the syntax and options, see [Configure Settings Management](configure-json-file.md).
+For a full list of settings you can enforce, see the [Settings reference](/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md).
 
-## How do I set up and enforce Settings Management?
+## Set up Settings Management
 
-You first need to [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to ensure that all Docker Desktop developers authenticate with your organization. Since the Settings Management feature requires a Docker Business subscription, enforced sign-in guarantees that only authenticated users have access and that the feature consistently takes effect across all users, even though it may still work without enforced sign-in.
+1. [Enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to
+ensure all developers authenticate with your organization.
+2. Choose a configuration method:
+    - Use the `--admin-settings` installer flag on [macOS](/manuals/desktop/setup/install/mac-install.md#install-from-the-command-line) or [Windows](/manuals/desktop/setup/install/windows-install.md#install-from-the-command-line) to automatically create the `admin-settings.json`.
+    - Manually create and configure the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md).
+    - Create a settings policy in the [Docker Admin Console](configure-admin-console.md).
 
-Next, you must either:
- - Manually [create and configure the `admin-settings.json` file](configure-json-file.md), or use the `--admin-settings` installer flag on [macOS](/manuals/desktop/setup/install/mac-install.md#install-from-the-command-line) or [Windows](/manuals/desktop/setup/install/windows-install.md#install-from-the-command-line) to automatically create the `admin-settings.json` and save it in the correct location.
- - Fill out the **Settings policy** creation form in the [Docker Admin Console](configure-admin-console.md).
+After configuration, developers receive the enforced setting when they:
 
-Once this is done, Docker Desktop developers receive the changed settings when they either:
-- Quit, re-launch, and sign in to Docker Desktop
-- Launch and sign in to Docker Desktop for the first time
+- Quit and relaunch Docker Desktop, then sign in.
+- Launch and sign in to Docker Desktop for the first time.
 
-To avoid disrupting your developers' workflows, Docker doesn't automatically require that developers re-launch and re-authenticate once a change has been made.
+> [!NOTE]
+>
+> Docker Desktop does not automatically prompt users to restart or re-authenticate
+after a settings change.
 
-## What do developers see when the settings are enforced?
+## Developer experience
 
-Enforced settings appear grayed out in Docker Desktop. They can't be edited via the Docker Desktop Dashboard, CLI, or `settings-store.json` (or `settings.json` for Docker Desktop 4.34 and earlier).
+When settings are enforced:
 
-In addition, if Enhanced Container Isolation is enforced, developers can't use privileged containers or similar techniques to modify enforced settings within the Docker Desktop Linux VM. For example, they can't reconfigure proxy and networking, or Docker Engine.
+- Options appear grayed out in Docker Desktop and can't be modified via the
+Dashboard, CLI, or configuration files.
+- If Enhanced Container Isolation is enabled, developers can't use privileged
+containers or similar methods to alter enforced settings within the Docker
+Desktop Linux VM.
 
 ## What's next?
 
-- [Configure Settings Management with a `.json` file](configure-json-file.md)
+- [Configure Settings Management with the `admin-settings.json` file](configure-json-file.md)
 - [Configure Settings Management with the Docker Admin Console](configure-admin-console.md)
+
+## Learn more
+
+To see how each Docker Desktop setting maps across the Docker Dashboard, `admin-settings.json` file, and Admin Console, see the [Settings reference](settings-reference.md).