From c7c3822ad95767aa8f4ec43889e97de64e89fffe Mon Sep 17 00:00:00 2001 From: Michael Simons Date: Wed, 7 Aug 2024 09:32:42 -0500 Subject: [PATCH] Fix MD syntax violations --- .markdownlint.json | 6 +----- .../docker-hub/README.aspire-dashboard.md | 7 ++++--- .portal-docs/docker-hub/README.aspnet.md | 1 + .portal-docs/docker-hub/README.md | 4 ++-- .portal-docs/docker-hub/README.monitor-base.md | 1 + .portal-docs/docker-hub/README.monitor.md | 1 + .portal-docs/docker-hub/README.runtime-deps.md | 1 + .portal-docs/docker-hub/README.runtime.md | 1 + .portal-docs/docker-hub/README.samples.md | 1 + .portal-docs/docker-hub/README.sdk.md | 1 + .../mar/README.aspire-dashboard.portal.md | 7 ++++--- .portal-docs/mar/README.aspnet.portal.md | 1 + .portal-docs/mar/README.monitor-base.portal.md | 1 + .portal-docs/mar/README.monitor.portal.md | 1 + .portal-docs/mar/README.runtime-deps.portal.md | 1 + .portal-docs/mar/README.runtime.portal.md | 1 + .portal-docs/mar/README.samples.portal.md | 1 + .portal-docs/mar/README.sdk.portal.md | 1 + CONTRIBUTING.md | 2 +- README.aspire-dashboard.md | 7 ++++--- README.aspnet.md | 1 + README.md | 5 +++-- README.monitor-base.md | 1 + README.monitor.md | 1 + README.runtime-deps.md | 1 + README.runtime.md | 1 + README.samples.md | 1 + README.sdk.md | 1 + SECURITY.md | 1 - documentation/azurelinux.md | 16 ++++++++-------- documentation/distroless.md | 1 + documentation/ubuntu-chiseled.md | 1 + eng/readme-templates/About.product-family.md | 4 ++-- eng/readme-templates/Support.md | 1 + eng/readme-templates/Use.aspire-dashboard.md | 6 +++--- samples/build-for-a-platform.md | 2 +- samples/build-in-sdk-container.md | 8 ++++---- samples/releasesapi/README.md | 4 ++-- samples/releasesapp/README.md | 2 +- samples/run-aspnetcore-https-development.md | 1 - 40 files changed, 64 insertions(+), 42 deletions(-) diff --git a/.markdownlint.json b/.markdownlint.json index 9857898f13..6568071c67 100644 --- a/.markdownlint.json +++ b/.markdownlint.json @@ -8,16 +8,12 @@ "MD004": false, // ul-style Unordered list style "MD005": false, // list-indent Inconsistent indentation for list items at the same level "MD007": false, // ul-indent Unordered list indentation - "MD009": false, // no-trailing-spaces Trailing spaces - "MD010": false, // no-hard-tabs Hard tabs - "MD011": false, // no-reversed-links Reversed link syntax - "MD012": false, // no-multiple-blanks Multiple consecutive blank lines + //"MD011": false, // no-reversed-links Reversed link syntax "MD013": false, // line length "MD014": false, // commands-show-output Dollar signs used before commands without showing output "MD022": false, // blanks-around-headings Headings should be surrounded by blank lines "MD024": false, // no-duplicate-heading Multiple headings with the same content "MD025": false, // single-title/single-h1 Multiple top-level headings in the same document - "MD026": false, // no-trailing-punctuation Trailing punctuation in heading "MD028": false, // no-blanks-blockquote Blank line inside blockquote "MD031": false, // blanks-around-fences Fenced code blocks should be surrounded by blank lines "MD032": false, // blanks-around-lists Lists should be surrounded by blank lines diff --git a/.portal-docs/docker-hub/README.aspire-dashboard.md b/.portal-docs/docker-hub/README.aspire-dashboard.md index 439aaa6466..44ce206bba 100644 --- a/.portal-docs/docker-hub/README.aspire-dashboard.md +++ b/.portal-docs/docker-hub/README.aspire-dashboard.md @@ -23,9 +23,9 @@ The dashboard shows: The dashboard must be configured when it is started. The configuration is done via environment variables. The following environment variables are supported: -- `ASPNETCORE_URLS` specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to http://localhost:18888. -- `DOTNET_DASHBOARD_OTLP_ENDPOINT_URL` specifies the [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to http://localhost:18889. -- `DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` specifies the [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to http://localhost:18890. +- `ASPNETCORE_URLS` specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to `http://localhost:18888`. +- `DOTNET_DASHBOARD_OTLP_ENDPOINT_URL` specifies the [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to `http://localhost:18889`. +- `DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` specifies the [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to `http://localhost:18890`. - `DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS` specifies the dashboard doesn't use authentication and accepts anonymous access. This setting is a shortcut to configuring `Dashboard:Frontend:AuthMode` and `Dashboard:Otlp:AuthMode` to `Unsecured`. - `DOTNET_DASHBOARD_CONFIG_FILE_PATH` specifies the path for an optional JSON configuration file. @@ -126,6 +126,7 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/docker-hub/README.aspnet.md b/.portal-docs/docker-hub/README.aspnet.md index 955b2781e0..1859fe2cc8 100644 --- a/.portal-docs/docker-hub/README.aspnet.md +++ b/.portal-docs/docker-hub/README.aspnet.md @@ -87,6 +87,7 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/docker-hub/README.md b/.portal-docs/docker-hub/README.md index 88b2f51a86..ba50349f24 100644 --- a/.portal-docs/docker-hub/README.md +++ b/.portal-docs/docker-hub/README.md @@ -21,8 +21,8 @@ You can use C# or F# to write .NET apps. -- [C#](https://docs.microsoft.com/dotnet/csharp/) is powerful, type-safe, and object-oriented while retaining the expressiveness and elegance of C-style languages. Anyone familiar with C and similar languages will find it straightforward to write in C#. -- [F#](https://docs.microsoft.com/dotnet/fsharp/) is a cross-platform, open-source, functional programming language for .NET. It also includes object-oriented and imperative programming. +* [C#](https://docs.microsoft.com/dotnet/csharp/) is powerful, type-safe, and object-oriented while retaining the expressiveness and elegance of C-style languages. Anyone familiar with C and similar languages will find it straightforward to write in C#. +* [F#](https://docs.microsoft.com/dotnet/fsharp/) is a cross-platform, open-source, functional programming language for .NET. It also includes object-oriented and imperative programming. [.NET](https://github.com/dotnet/core) is open source (MIT and Apache 2 licenses) and was contributed to the [.NET Foundation](http://dotnetfoundation.org) by Microsoft in 2014. It can be freely adopted by individuals and companies, including for personal, academic or commercial purposes. Multiple companies use .NET as part of apps, tools, new platforms and hosting services. diff --git a/.portal-docs/docker-hub/README.monitor-base.md b/.portal-docs/docker-hub/README.monitor-base.md index f431d4389d..4a4ca80420 100644 --- a/.portal-docs/docker-hub/README.monitor-base.md +++ b/.portal-docs/docker-hub/README.monitor-base.md @@ -69,6 +69,7 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/docker-hub/README.monitor.md b/.portal-docs/docker-hub/README.monitor.md index 4e85d11f40..da3e985498 100644 --- a/.portal-docs/docker-hub/README.monitor.md +++ b/.portal-docs/docker-hub/README.monitor.md @@ -70,6 +70,7 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/docker-hub/README.runtime-deps.md b/.portal-docs/docker-hub/README.runtime-deps.md index 94a8742177..2205910cfa 100644 --- a/.portal-docs/docker-hub/README.runtime-deps.md +++ b/.portal-docs/docker-hub/README.runtime-deps.md @@ -68,6 +68,7 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/docker-hub/README.runtime.md b/.portal-docs/docker-hub/README.runtime.md index 94299a1313..88c07cdca2 100644 --- a/.portal-docs/docker-hub/README.runtime.md +++ b/.portal-docs/docker-hub/README.runtime.md @@ -76,6 +76,7 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/docker-hub/README.samples.md b/.portal-docs/docker-hub/README.samples.md index 599ea4a476..1c984c049c 100644 --- a/.portal-docs/docker-hub/README.samples.md +++ b/.portal-docs/docker-hub/README.samples.md @@ -95,6 +95,7 @@ These sample images are not intended for production use and may be subject to br ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/docker-hub/README.sdk.md b/.portal-docs/docker-hub/README.sdk.md index b517aa9182..bf0a970133 100644 --- a/.portal-docs/docker-hub/README.sdk.md +++ b/.portal-docs/docker-hub/README.sdk.md @@ -78,6 +78,7 @@ View the current tags at the [Microsoft Artifact Registry portal](https://mcr.mi ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/mar/README.aspire-dashboard.portal.md b/.portal-docs/mar/README.aspire-dashboard.portal.md index 0798e2d844..d192b56448 100644 --- a/.portal-docs/mar/README.aspire-dashboard.portal.md +++ b/.portal-docs/mar/README.aspire-dashboard.portal.md @@ -41,9 +41,9 @@ The dashboard shows: The dashboard must be configured when it is started. The configuration is done via environment variables. The following environment variables are supported: -- `ASPNETCORE_URLS` specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to http://localhost:18888. -- `DOTNET_DASHBOARD_OTLP_ENDPOINT_URL` specifies the [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to http://localhost:18889. -- `DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` specifies the [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to http://localhost:18890. +- `ASPNETCORE_URLS` specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to `http://localhost:18888`. +- `DOTNET_DASHBOARD_OTLP_ENDPOINT_URL` specifies the [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to `http://localhost:18889`. +- `DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` specifies the [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to `http://localhost:18890`. - `DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS` specifies the dashboard doesn't use authentication and accepts anonymous access. This setting is a shortcut to configuring `Dashboard:Frontend:AuthMode` and `Dashboard:Otlp:AuthMode` to `Unsecured`. - `DOTNET_DASHBOARD_CONFIG_FILE_PATH` specifies the path for an optional JSON configuration file. @@ -122,6 +122,7 @@ Limits are per-resource. For example, a `MaxLogCount` value of 10,000 configures #### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/mar/README.aspnet.portal.md b/.portal-docs/mar/README.aspnet.portal.md index a655cb7d72..b5bb50c1d4 100644 --- a/.portal-docs/mar/README.aspnet.portal.md +++ b/.portal-docs/mar/README.aspnet.portal.md @@ -83,6 +83,7 @@ The [Image Variants documentation](https://github.com/dotnet/dotnet-docker/blob/ #### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/mar/README.monitor-base.portal.md b/.portal-docs/mar/README.monitor-base.portal.md index ae69a6187f..e257c4aa7e 100644 --- a/.portal-docs/mar/README.monitor-base.portal.md +++ b/.portal-docs/mar/README.monitor-base.portal.md @@ -65,6 +65,7 @@ The following Dockerfiles demonstrate how you can use this base image to build a #### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/mar/README.monitor.portal.md b/.portal-docs/mar/README.monitor.portal.md index 19a9a0cb42..c8a7bc8a61 100644 --- a/.portal-docs/mar/README.monitor.portal.md +++ b/.portal-docs/mar/README.monitor.portal.md @@ -66,6 +66,7 @@ See the [documentation](https://go.microsoft.com/fwlink/?linkid=2158052) for how #### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/mar/README.runtime-deps.portal.md b/.portal-docs/mar/README.runtime-deps.portal.md index 122de74fd3..f92e11a81d 100644 --- a/.portal-docs/mar/README.runtime-deps.portal.md +++ b/.portal-docs/mar/README.runtime-deps.portal.md @@ -64,6 +64,7 @@ The [Image Variants documentation](https://github.com/dotnet/dotnet-docker/blob/ #### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/mar/README.runtime.portal.md b/.portal-docs/mar/README.runtime.portal.md index d6ce874948..f0f605551b 100644 --- a/.portal-docs/mar/README.runtime.portal.md +++ b/.portal-docs/mar/README.runtime.portal.md @@ -72,6 +72,7 @@ The [Image Variants documentation](https://github.com/dotnet/dotnet-docker/blob/ #### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/mar/README.samples.portal.md b/.portal-docs/mar/README.samples.portal.md index 94f9e539cd..75278aa374 100644 --- a/.portal-docs/mar/README.samples.portal.md +++ b/.portal-docs/mar/README.samples.portal.md @@ -91,6 +91,7 @@ These sample images are not intended for production use and may be subject to br #### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/.portal-docs/mar/README.sdk.portal.md b/.portal-docs/mar/README.sdk.portal.md index 016b047a75..0d29aadba1 100644 --- a/.portal-docs/mar/README.sdk.portal.md +++ b/.portal-docs/mar/README.sdk.portal.md @@ -74,6 +74,7 @@ The [Image Variants documentation](https://github.com/dotnet/dotnet-docker/blob/ #### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b7314be683..84bf91d4ca 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -12,7 +12,7 @@ Please keep in mind that the GitHub issue tracker is intended for reporting **no If you're reporting the presence of a disclosed security vulnerability, such as a CVE reported in one of our container images, please follow our documented [guidance on vulnerability reporting](https://github.com/dotnet/dotnet-docker/blob/main/documentation/vulnerability-reporting.md). -If you believe you have an issue that affects the security of .NET, please do NOT create an issue and instead email your issue details to secure@microsoft.com. +If you believe you have an issue that affects the security of .NET, please do NOT create an issue and instead email your issue details to . Your report may be eligible for our [bug bounty](https://www.microsoft.com/en-us/msrc/bounty-dot-net-core), but ONLY if it is reported through email. ## Bugs and Feature Requests diff --git a/README.aspire-dashboard.md b/README.aspire-dashboard.md index 3ccae77e6e..4dce2ce48c 100644 --- a/README.aspire-dashboard.md +++ b/README.aspire-dashboard.md @@ -23,9 +23,9 @@ The dashboard shows: The dashboard must be configured when it is started. The configuration is done via environment variables. The following environment variables are supported: -- `ASPNETCORE_URLS` specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to http://localhost:18888. -- `DOTNET_DASHBOARD_OTLP_ENDPOINT_URL` specifies the [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to http://localhost:18889. -- `DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` specifies the [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to http://localhost:18890. +- `ASPNETCORE_URLS` specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to `http://localhost:18888`. +- `DOTNET_DASHBOARD_OTLP_ENDPOINT_URL` specifies the [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to `http://localhost:18889`. +- `DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` specifies the [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to `http://localhost:18890`. - `DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS` specifies the dashboard doesn't use authentication and accepts anonymous access. This setting is a shortcut to configuring `Dashboard:Frontend:AuthMode` and `Dashboard:Otlp:AuthMode` to `Unsecured`. - `DOTNET_DASHBOARD_CONFIG_FILE_PATH` specifies the path for an optional JSON configuration file. @@ -139,6 +139,7 @@ You can retrieve a list of all available tags for dotnet/aspire-dashboard at htt ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/README.aspnet.md b/README.aspnet.md index edcaf86c0d..b3af3b3f19 100644 --- a/README.aspnet.md +++ b/README.aspnet.md @@ -272,6 +272,7 @@ For tags contained in the old dotnet/core/aspnet repository, you can retrieve a ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/README.md b/README.md index 5ea521e5e2..9b43bda55e 100644 --- a/README.md +++ b/README.md @@ -16,8 +16,8 @@ You can use C# or F# to write .NET apps. -- [C#](https://docs.microsoft.com/dotnet/csharp/) is powerful, type-safe, and object-oriented while retaining the expressiveness and elegance of C-style languages. Anyone familiar with C and similar languages will find it straightforward to write in C#. -- [F#](https://docs.microsoft.com/dotnet/fsharp/) is a cross-platform, open-source, functional programming language for .NET. It also includes object-oriented and imperative programming. +* [C#](https://docs.microsoft.com/dotnet/csharp/) is powerful, type-safe, and object-oriented while retaining the expressiveness and elegance of C-style languages. Anyone familiar with C and similar languages will find it straightforward to write in C#. +* [F#](https://docs.microsoft.com/dotnet/fsharp/) is a cross-platform, open-source, functional programming language for .NET. It also includes object-oriented and imperative programming. [.NET](https://github.com/dotnet/core) is open source (MIT and Apache 2 licenses) and was contributed to the [.NET Foundation](http://dotnetfoundation.org) by Microsoft in 2014. It can be freely adopted by individuals and companies, including for personal, academic or commercial purposes. Multiple companies use .NET as part of apps, tools, new platforms and hosting services. @@ -102,6 +102,7 @@ The [Image Variants documentation](https://github.com/dotnet/dotnet-docker/blob/ ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/README.monitor-base.md b/README.monitor-base.md index 7a7f1e3e89..47508de311 100644 --- a/README.monitor-base.md +++ b/README.monitor-base.md @@ -94,6 +94,7 @@ You can retrieve a list of all available tags for dotnet/monitor/base at https:/ ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/README.monitor.md b/README.monitor.md index db965b3aba..48cdc94b9c 100644 --- a/README.monitor.md +++ b/README.monitor.md @@ -103,6 +103,7 @@ You can retrieve a list of all available tags for dotnet/monitor at https://mcr. ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/README.runtime-deps.md b/README.runtime-deps.md index 2ebe2e451b..b3a546cb3c 100644 --- a/README.runtime-deps.md +++ b/README.runtime-deps.md @@ -185,6 +185,7 @@ For tags contained in the old dotnet/core/runtime-deps repository, you can retri ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/README.runtime.md b/README.runtime.md index 77c6cc0b5b..2e4c823f8c 100644 --- a/README.runtime.md +++ b/README.runtime.md @@ -228,6 +228,7 @@ For tags contained in the old dotnet/core/runtime repository, you can retrieve a ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/README.samples.md b/README.samples.md index f167231346..dfec42f114 100644 --- a/README.samples.md +++ b/README.samples.md @@ -136,6 +136,7 @@ These sample images are not intended for production use and may be subject to br ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/README.sdk.md b/README.sdk.md index 5cad73060a..0de50b72ad 100644 --- a/README.sdk.md +++ b/README.sdk.md @@ -198,6 +198,7 @@ For tags contained in the old dotnet/core/sdk repository, you can retrieve a lis ### CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/SECURITY.md b/SECURITY.md index 65c85cb0bb..aec7ca2233 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -15,4 +15,3 @@ Reports via MSRC may qualify for the .NET Core Bug Bounty. Details of the .NET C Please do not open issues for anything you think might have a security implication. If you're reporting the presence of a disclosed security vulnerability, such as a CVE reported in one of our container images, please follow the documented guidance on vulnerability reporting in [vulnerability-reporting.md](https://github.com/dotnet/dotnet-docker/blob/main/documentation/vulnerability-reporting.md). - diff --git a/documentation/azurelinux.md b/documentation/azurelinux.md index e0f125f4d3..40dda9a8b4 100644 --- a/documentation/azurelinux.md +++ b/documentation/azurelinux.md @@ -18,20 +18,20 @@ General distroless .NET containers documentation is available [here](./distroles Azure Linux distroless .NET images are available for all supported .NET versions in the following image repos: -- [`mcr.microsoft.com/dotnet/runtime`](../README.runtime.md) -- [`mcr.microsoft.com/dotnet/aspnet`](../README.aspnet.md) -- [`mcr.microsoft.com/dotnet/runtime-deps`](../README.runtime-deps.md) (for self-contained or AOT apps) +* [`mcr.microsoft.com/dotnet/runtime`](../README.runtime.md) +* [`mcr.microsoft.com/dotnet/aspnet`](../README.aspnet.md) +* [`mcr.microsoft.com/dotnet/runtime-deps`](../README.runtime-deps.md) (for self-contained or AOT apps) You can use the following image tags: -- `8.0-cbl-mariner2.0-distroless` -- `6.0-cbl-mariner2.0-distroless` +* `8.0-cbl-mariner2.0-distroless` +* `6.0-cbl-mariner2.0-distroless` ### Installing Additional Packages If your app requires additional packages besides `icu` and `tzdata`, you can follow the same pattern that .NET uses to install the .NET runtime dependencies. -#### Azure Linux 3.0 (Preview): +#### Azure Linux 3.0 (Preview) ```Dockerfile FROM mcr.microsoft.com/dotnet/nightly/aspnet:8.0-azurelinux3.0-distroless AS base @@ -82,7 +82,7 @@ FROM base COPY --from=installer /staging2/ / ``` -#### Azure Linux 2.0: +#### Azure Linux 2.0 ```Dockerfile FROM mcr.microsoft.com/dotnet/aspnet:6.0-cbl-mariner2.0-distroless AS base @@ -141,7 +141,7 @@ The easiest way to enable local Visual Studio debugging while not modifying the To enable Container Fast Mode debugging without affecting your app's production image, you can create a new stage based off the `base` stage (called `debug` in the example) that contains the debugging tools, and then point the VS Fast Mode tools to that debug stage. -Here's an example chart showing the inheritance of the build stages: +Here's an example chart showing the inheritance of the build stages: ```mermaid flowchart TD diff --git a/documentation/distroless.md b/documentation/distroless.md index e466e40a7a..10a93283af 100644 --- a/documentation/distroless.md +++ b/documentation/distroless.md @@ -12,6 +12,7 @@ They contain the following features: We offer distroless .NET images for two operating systems: [Ubuntu Chiseled](./ubuntu-chiseled.md) and [Azure Linux](./azurelinux.md). .NET distroless images are available for the following image repos: + - [`mcr.microsoft.com/dotnet/runtime`](../README.runtime.md) - [`mcr.microsoft.com/dotnet/aspnet`](../README.aspnet.md) - [`mcr.microsoft.com/dotnet/runtime-deps`](../README.runtime-deps.md) (for self-contained or AOT apps) diff --git a/documentation/ubuntu-chiseled.md b/documentation/ubuntu-chiseled.md index 6566ea2954..b63b77a135 100644 --- a/documentation/ubuntu-chiseled.md +++ b/documentation/ubuntu-chiseled.md @@ -24,6 +24,7 @@ If you have a compelling use case for a distroless SDK image, please leave a com ## How do I use Ubuntu Chiseled .NET images? Please see our sample Dockerfiles for examples on how to use Ubuntu Chiseled .NET images: + - [aspnetapp](../samples/aspnetapp/Dockerfile.chiseled) - [dotnetapp](../samples/dotnetapp/Dockerfile.chiseled) - [releasesapi](../samples/releasesapi/Dockerfile.ubuntu-chiseled) (and [icu version](../samples/releasesapi/Dockerfile.ubuntu-chiseled-icu)) diff --git a/eng/readme-templates/About.product-family.md b/eng/readme-templates/About.product-family.md index 1d8a1e1fa9..deedd915f2 100644 --- a/eng/readme-templates/About.product-family.md +++ b/eng/readme-templates/About.product-family.md @@ -4,8 +4,8 @@ You can use C# or F# to write .NET apps. -- [C#](https://docs.microsoft.com/dotnet/csharp/) is powerful, type-safe, and object-oriented while retaining the expressiveness and elegance of C-style languages. Anyone familiar with C and similar languages will find it straightforward to write in C#. -- [F#](https://docs.microsoft.com/dotnet/fsharp/) is a cross-platform, open-source, functional programming language for .NET. It also includes object-oriented and imperative programming. +* [C#](https://docs.microsoft.com/dotnet/csharp/) is powerful, type-safe, and object-oriented while retaining the expressiveness and elegance of C-style languages. Anyone familiar with C and similar languages will find it straightforward to write in C#. +* [F#](https://docs.microsoft.com/dotnet/fsharp/) is a cross-platform, open-source, functional programming language for .NET. It also includes object-oriented and imperative programming. [.NET](https://github.com/dotnet/core) is open source (MIT and Apache 2 licenses) and was contributed to the [.NET Foundation](http://dotnetfoundation.org) by Microsoft in 2014. It can be freely adopted by individuals and companies, including for personal, academic or commercial purposes. Multiple companies use .NET as part of apps, tools, new platforms and hosting services. diff --git a/eng/readme-templates/Support.md b/eng/readme-templates/Support.md index 141ffe57a9..21d13a2f8f 100644 --- a/eng/readme-templates/Support.md +++ b/eng/readme-templates/Support.md @@ -26,6 +26,7 @@ {{ARGS["top-header"]}}## CVE Update Policy .NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when: + * We detect the image contains a CVE with a [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) score of "Critical" * **AND** the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages) * **AND** there is a CVE fix for the package available in the affected base image's package repository. diff --git a/eng/readme-templates/Use.aspire-dashboard.md b/eng/readme-templates/Use.aspire-dashboard.md index 962ebb1fad..7f37e6d6b6 100644 --- a/eng/readme-templates/Use.aspire-dashboard.md +++ b/eng/readme-templates/Use.aspire-dashboard.md @@ -14,9 +14,9 @@ The dashboard shows: The dashboard must be configured when it is started. The configuration is done via environment variables. The following environment variables are supported: -- `ASPNETCORE_URLS` specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to http://localhost:18888. -- `DOTNET_DASHBOARD_OTLP_ENDPOINT_URL` specifies the [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to http://localhost:18889. -- `DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` specifies the [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to http://localhost:18890. +- `ASPNETCORE_URLS` specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to `http://localhost:18888`. +- `DOTNET_DASHBOARD_OTLP_ENDPOINT_URL` specifies the [OTLP/gRPC](https://opentelemetry.io/docs/specs/otlp/#otlpgrpc) endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to `http://localhost:18889`. +- `DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL` specifies the [OTLP/HTTP](https://opentelemetry.io/docs/specs/otlp/#otlphttp) endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to `http://localhost:18890`. - `DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS` specifies the dashboard doesn't use authentication and accepts anonymous access. This setting is a shortcut to configuring `Dashboard:Frontend:AuthMode` and `Dashboard:Otlp:AuthMode` to `Unsecured`. - `DOTNET_DASHBOARD_CONFIG_FILE_PATH` specifies the path for an optional JSON configuration file. diff --git a/samples/build-for-a-platform.md b/samples/build-for-a-platform.md index 7f263b4478..87d617ec32 100644 --- a/samples/build-for-a-platform.md +++ b/samples/build-for-a-platform.md @@ -87,4 +87,4 @@ Docker Desktop uses [QEMU](https://www.qemu.org/) for emulation, for example run As a result, we need a reliable pattern that can produce multiple variants of images on one machine, but that doesn't use emulation. That's what this document describes. -Context: https://gitlab.com/qemu-project/qemu/-/issues/249 +Context: https://gitlab.com/qemu-project/qemu/-/issues/249 diff --git a/samples/build-in-sdk-container.md b/samples/build-in-sdk-container.md index 6e7cd47b88..a34a0ac21f 100644 --- a/samples/build-in-sdk-container.md +++ b/samples/build-in-sdk-container.md @@ -41,8 +41,8 @@ You can see the built binaries with the following command: ```console % ls out -dotnetapp dotnetapp.pdb -dotnetapp.deps.json dotnetapp.runtimeconfig.json +dotnetapp dotnetapp.pdb +dotnetapp.deps.json dotnetapp.runtimeconfig.json dotnetapp.dll ``` @@ -114,8 +114,8 @@ You can see the built binaries with the following command: ```console > ls ~/dotnetapp -dotnetapp dotnetapp.pdb -dotnetapp.deps.json dotnetapp.runtimeconfig.json +dotnetapp dotnetapp.pdb +dotnetapp.deps.json dotnetapp.runtimeconfig.json dotnetapp.dll ``` diff --git a/samples/releasesapi/README.md b/samples/releasesapi/README.md index f3e3cadeb7..cf26b26788 100644 --- a/samples/releasesapi/README.md +++ b/samples/releasesapi/README.md @@ -1,6 +1,6 @@ # Release Json Report API -This app demonstrates publishing an app as [native AOT](https://learn.microsoft.com/dotnet/core/deploying/native-aot/) in containers. +This app demonstrates publishing an app as [native AOT](https://learn.microsoft.com/dotnet/core/deploying/native-aot/) in containers. > Note: The base images used by this sample are in preview. @@ -22,7 +22,7 @@ It exposes two endpoints: ## App -The app is intended as a sort of compliance report for .NET. The report includes supported major releases and those recently out of support. It includes the latest and latest security patch versions for each of those major releases. +The app is intended as a sort of compliance report for .NET. The report includes supported major releases and those recently out of support. It includes the latest and latest security patch versions for each of those major releases. This same information is available from the [release JSON](https://github.com/dotnet/core/blob/main/release-notes/releases-index.json) files that the team maintains, but that requires a bit of code to provide the same report. diff --git a/samples/releasesapp/README.md b/samples/releasesapp/README.md index bc9ddd8a02..c1833fc8c7 100644 --- a/samples/releasesapp/README.md +++ b/samples/releasesapp/README.md @@ -17,7 +17,7 @@ It will produce output similar to: https://gist.github.com/richlander/4701a33592 ## App -The app is intended as a sort of compliance report for .NET. The report includes supported major releases and those recently out of support. It includes the latest and latest security patch versions for each of those major releases. +The app is intended as a sort of compliance report for .NET. The report includes supported major releases and those recently out of support. It includes the latest and latest security patch versions for each of those major releases. This same information is available from the [release JSON](https://github.com/dotnet/core/blob/main/release-notes/releases-index.json) files that the team maintains, but that requires a bit of code to provide the same report. diff --git a/samples/run-aspnetcore-https-development.md b/samples/run-aspnetcore-https-development.md index ed0d965fc6..e3b1f97f5a 100644 --- a/samples/run-aspnetcore-https-development.md +++ b/samples/run-aspnetcore-https-development.md @@ -220,4 +220,3 @@ docker run --rm -it -p 8001:8001 -e ASPNETCORE_HTTPS_PORTS=8001 -e ASPNETCORE_EN After the application starts, navigate to `https://localhost:8001` in your web browser. > In the case of using https, be sure to check the certificate you're using is trusted on the host. You can start with navigating to https://localhost:8001 in the browser. If you're looking to test https with a domain name (e.g. https://contoso.com:8001), the certificate would also need the appropiate Subject Alternative Name included, and the DNS settings on the host would need to be updated. In the case of using the generated dev certificate, the trusted certificate will be issued from localhost and will not have the SAN added. -