docker · aevesdocker · Apr 30, 2025 · Apr 29, 2025 · Apr 30, 2025 · Apr 30, 2025
@@ -51,9 +51,11 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
 - [Docker Scout CLI v1.17.1](https://github.com/docker/scout-cli/releases/tag/v1.17.1)
 - [Compose Bridge v0.0.19](https://github.com/docker/compose-bridge-binaries/releases/tag/v0.0.19)
 
-### Security 
+### Security
 
 - Fixed [CVE-2025-3224](https://www.cve.org/CVERecord?id=CVE-2025-3224) allowing an attacker with access to a user machine to perform an elevation of privilege when Docker Desktop updates.
+- Fixed [CVE-2025-4095](https://www.cve.org/CVERecord?id=CVE-2025-4095) where Registry Access Management (RAM) policies were not enforced when using a MacOS configuration profile, allowing users to pull images from unapproved registries.
+- Fixed [CVE-2025-3911](https://www.cve.org/CVERecord?id=CVE-2025-3911) allowing an attacker with read access to a user's machine to obtain sensitive information from Docker Desktop log files, including environment variables configured for running containers.
 
 ### Bug fixes and enhancements
 

@@ -59,6 +59,54 @@ and non-compliant users.
 7. Select a username to view more details about their compliance status, and for
 steps to resolve non-compliant users.
 
+## Understand compliance status
+
+Docker evaluates compliance status based on:
+
+- Compliance status: Whether a user has fetched and applied the latest settings. This is the primary label shown on the reporting page.
+- Domain status: Whether the user's email matches a verified domain.
+- Settings status: Whether a settings policy is applied to the user.
+
+The combination of these statuses determines what actions you need to take.
+
+### Compliance status reference
+
+This reference explains how each status is determined in the reporting dashboard
+based on user domain and settings data. The Admin Console displays the
+highest-priority applicable status according to the following rules.
+
+**Compliance status**
+
+| Compliance status | What it means |
+|-------------------|---------------|
+| Uncontrolled domain | The user's email domain is not verified. |
+| No policy assigned | The user does not have any policy assigned to them. |
+| Non-compliant | The user fetched the correct policy, but hasn't applied it. |
+| Outdated | The user fetched a previous version of the policy. |
+| Unknown | The user hasn't fetched any policy yet, or their compliance can't be determined. |
+| Compliant | The user fetched and applied the latest assigned policy. |
+
+**Domain status**
+
+This reflects how the user’s email domain is evaluated based on the organization’s domain setup.
+
+| Domain status | What it means |
+|---------------|---------------|
+| Verified | The user’s email domain is verified. |
+| Guest user | The user's email domain is not verified. |
+| Domainless | Your organization has no verified domains, and the user's domain is unknown. |
+| Unknown user | Your organization has verified domains, but the user's domain is unknown. |
+
+**Settings status**
+
+This shows whether and how the user is assigned a settings policy.
+
+| Settings status | What it means |
+|-----------------|---------------|
+| Global policy | The user is assigned your organzation's default policy. |
+| User policy | The user is assigned a specific custom policy. |
+| No policy assigned | The user is not assigned to any policy. |
+
 ## Resolve compliance status
 
 To resolve compliance status, you must view a user's compliance status details
@@ -80,8 +128,8 @@ Desktop settings reporting dashboard. Select a compliant user to open their
 compliance status details. Compliant users have the following status details:
 
 - **Compliance status**: Compliant
-- **Domain status**: Verified domain
-- **Settings status**: Compliant
+- **Domain status**: Verified
+- **Settings status**: Global policy or user policy
 - **User is compliant** indicator
 
 No resolution steps are needed for compliant users.

diff --git a/data/redirects.yml b/data/redirects.yml
@@ -297,6 +297,6 @@
 
 # Desktop DMR
 
-"/ai/model-runner/":
+"/model-runner/":
   - /go/model-runner/