publish updates from main

.github/CODEOWNERS

@@ -3,9 +3,9 @@
 
 # For more details, see https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
 
-/content/manuals/build/ @crazy-max @aevesdocker
+/content/manuals/build/ @crazy-max @ArthurFlag
 
-/content/manuals/build-cloud/ @crazy-max @aevesdocker
+/content/manuals/build-cloud/ @crazy-max @craig-osterhout
 
 /content/manuals/compose/ @aevesdocker
 
@@ -19,11 +19,11 @@
 
 /content/manuals/docker-hub/ @craig-osterhout
 
-/content/manuals/engine/ @thaJeztah @aevesdocker
+/content/manuals/engine/ @thaJeztah @ArthurFlag
 
-/content/reference/api/engine/ @thaJeztah @aevesdocker
+/content/reference/api/engine/ @thaJeztah @ArthurFlag
 
-/content/reference/cli/ @thaJeztah @aevesdocker
+/content/reference/cli/ @thaJeztah @ArthurFlag
 
 /content/manuals/subscription/ @sarahsanders-docker
 
@@ -43,4 +43,4 @@
 
 /content/manuals/ai/ @ArthurFlag
 
-/_vendor @sarahsanders-docker
+/_vendor @sarahsanders-docker @ArthurFlag

content/manuals/ai/model-runner.md

@@ -97,6 +97,22 @@ Model ai/smollm2 pulled successfully
 
 The models also display in the Docker Desktop Dashboard.
 
+#### Pull from Hugging Face
+
+You can also pull GGUF models directly from [Hugging Face](https://huggingface.co/models?library=gguf).
+
+```console
+$ docker model pull hf.co/<model-you-want-to-pull>
+```
+
+For example: 
+
+```console
+$ docker model pull hf.co/bartowski/Llama-3.2-1B-Instruct-GGUF
+```
+
+Pulls the [bartowski/Llama-3.2-1B-Instruct-GGUF](https://huggingface.co/bartowski/Llama-3.2-1B-Instruct-GGUF).
+
 ### List available models
 
 Lists all models currently pulled to your local environment.

content/manuals/security/for-admins/enforce-sign-in/methods.md

@@ -27,7 +27,7 @@ To enforce sign-in for Docker Desktop on Windows, you can configure a registry k
    > [!IMPORTANT]
    >
    > As of Docker Desktop version 4.36 and later, you can add more than one organization. With Docker Desktop version 4.35 and earlier, if you add more than one organization sign-in enforcement silently fails.
-3. Use your organization's name, all lowercase as string data. If you're adding more than one organization, make sure there is an empty space between each organization name.
+3. Use your organization's name, all lowercase as string data. If you're adding more than one organization, make sure they are all on their own line. Don't use any other separators such as spaces or commas.
 4. Restart Docker Desktop.
 5. When Docker Desktop restarts, verify that the **Sign in required!** prompt appears.
 

content/manuals/security/security-announcements.md

@@ -7,6 +7,18 @@ toc_min: 1
 toc_max: 2
 ---
 
+## Docker Desktop 4.41.0 Security Update: CVE-2025-3224, CVE-2025-4095, and CVE-2025-3911
+
+_Last updated May 15, 2025_
+
+Three vulnerabilities in Docker Desktop were fixed on April 28 in the [4.41.0](https://docs.docker.com/desktop/release-notes/#4410) release.
+
+- Fixed [CVE-2025-3224](https://www.cve.org/CVERecord?id=CVE-2025-3224) allowing an attacker with access to a user machine to perform an elevation of privilege when Docker Desktop updates.
+- Fixed [CVE-2025-4095](https://www.cve.org/CVERecord?id=CVE-2025-4095) where Registry Access Management (RAM) policies were not enforced when using a MacOS configuration profile, allowing users to pull images from unapproved registries.
+- Fixed [CVE-2025-3911](https://www.cve.org/CVERecord?id=CVE-2025-3911) allowing an attacker with read access to a user's machine to obtain sensitive information from Docker Desktop log files, including environment variables configured for running containers.
+
+We strongly encourage you to update to Docker Desktop [4.41.0](https://docs.docker.com/desktop/release-notes/#4410).
+
 ## Docker Desktop 4.34.2 Security Update: CVE-2024-8695 and CVE-2024-8696
 
 _Last updated September 13, 2024_

go.mod

@@ -16,6 +16,6 @@ replace (
 	github.com/docker/cli => github.com/docker/cli v28.1.0-rc.2+incompatible
 	github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.36.0
 	github.com/docker/scout-cli => github.com/docker/scout-cli v1.15.0
-	github.com/moby/buildkit => github.com/moby/buildkit v0.20.0
+	github.com/moby/buildkit => github.com/moby/buildkit v0.22.0-rc1
 	github.com/moby/moby => github.com/moby/moby v28.1.0-rc.2+incompatible
 )

go.sum

@@ -372,6 +372,8 @@ github.com/moby/buildkit v0.19.0 h1:w9G1p7sArvCGNkpWstAqJfRQTXBKukMyMK1bsah1HNo=
 github.com/moby/buildkit v0.19.0/go.mod h1:WiHBFTgWV8eB1AmPxIWsAlKjUACAwm3X/14xOV4VWew=
 github.com/moby/buildkit v0.20.0 h1:aF5RujjQ310Pn6SLL/wQYIrSsPXy0sQ5KvWifwq1h8Y=
 github.com/moby/buildkit v0.20.0/go.mod h1:HYFUIK+iGDRxRgdphZ9Nv0y1Fz7mv0HrU7xZoXx217E=
+github.com/moby/buildkit v0.22.0-rc1 h1:Q47jZZws7+0WhucTcm35NRV8NcO6n1SwIikzfqcGKLo=
+github.com/moby/buildkit v0.22.0-rc1/go.mod h1:j4pP5hxiTWcz7xuTK2cyxQislHl/N2WWHzOy43DlLJw=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/moby v24.0.2+incompatible h1:yH+5dRHH1x3XRKzl1THA2aGTy6CHYnkt5N924ADMax8=
 github.com/moby/moby v24.0.2+incompatible/go.mod h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc=