v26.1.4

26.1.4

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.1.4 milestone
• moby/moby, 26.1.4 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Security

This release updates the Go runtime to 1.21.11 which contains security fixes for:

• CVE-2024-24789
• CVE-2024-24790
• A symlink time of check to time of use race condition during directory removal reported by Addison Crump (@addisoncrump).

Bug fixes and enhancements

• Fixed an issue where rapidly promoting a node after another node was demoted could cause the promoted node to fail its promotion. moby/moby#47870
• Prevent daemon log being spammed with superfluous response.WriteHeader call ... message. moby/moby#47843
• Don't show empty hints when plugins returns an empty hook message. docker/cli#5083
• Added ContextType: "moby" to the context list/inspect output to address a compatibility issue with Visual Studio Container Tools. docker/cli#5095

Packaging updates

• Update containerd (static binaries only) to v1.7.17. moby/moby#47841
• CVE-2024-24789, CVE-2024-24790: Update Go runtime to 1.21.11. moby/moby#47904
• Update Compose to v2.27.1. docker/docker-ce-packages#1022
• Update Buildx to v0.14.1. docker/docker-ce-packages#1021

v23.0.12

23.0.12

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

• moby/moby, 23.0.12 milestone

There is no corresponding docker/cli v23.0.12 release as no changes have been made since v23.0.10.

v26.1.3

26.1.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.1.3 milestone
• moby/moby, 26.1.3 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Fix a regression that prevented the use of DNS servers within a --internal network. moby/moby#47832
• When the internal DNS server's own address is supplied as an external server address, ignore it to avoid unproductive recursion. moby/moby#47833

Packaging updates

• Allow runc to kill containers when confined to the runc profile in AppArmor version 4.0.0 and later. moby/moby#47829

v26.1.2

26.1.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.1.2 milestone
• moby/moby, 26.1.2 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Fix issue where the CLI process would sometimes hang when a container failed to start. docker/cli#5062

Packaging updates

• Update Go runtime to 1.21.10. moby/moby#47806

v23.0.11

23.0.11

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

• moby/moby, 23.0.11 milestone

There is no corresponding docker/cli v23.0.11 release as no changes have been made since v23.0.10.

v26.1.1

26.1.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.1.1 milestone
• moby/moby, 26.1.1 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Fix docker run -d printing an context canceled spurious error when OTEL is configured. docker/cli#5044
• Experimental environment variable DOCKER_BRIDGE_PRESERVE_KERNEL_LL=1 will prevent the daemon from removing the kernel-assigned link local address on a Linux bridge. moby/moby#47775
• Resolve an issue preventing container creation on hosts with a read-only /proc/sys/net filesystem. If IPv6 cannot be disabled on an interface due to this, either disable IPv6 by default on the host or ensure /proc/sys/net is read-write. Otherwise, start dockerd with DOCKER_ALLOW_IPV6_ON_IPV4_INTERFACE=1 to bypass the error. moby/moby#47769

Note

The DOCKER_ALLOW_IPV6_ON_IPV4_INTERFACE is added as a temporary fix and will be phased out in a future major release after simplifying the IPv6 enablement process.

Packaging updates

• Update BuildKit to v0.13.2. moby/moby#47762
• Update Compose to v2.27.0. docker/docker-ce-packages#1017

v26.1.0

26.1.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.1.0 milestone
• moby/moby, 26.1.0 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

New

• Add configurable OpenTelemetry utilities and basic instrumentation to commands.
  For more information, see OpenTelemetry for the Docker CLI. docker/cli#4889

Bug fixes and enhancements

• Native Windows containers are configured with an internal DNS server for container name resolution, and external DNS servers for other lookups. Not all resolvers, including nslookup, fall back to the external resolvers when they get a SERVFAIL answer from the internal server. So, the internal DNS server can now be configured to forward requests to the external resolvers, by setting "features": {"windows-dns-proxy": true } in the daemon.json file. moby/moby#47584

Note

This will be the new default behavior in Docker Engine 27.0.

Warning

The windows-dns-proxy feature flag will be removed in a future release.

• Swarm: Fix Subpath not being passed to the container config. moby/moby#47711
• Classic builder: Fix cache miss on WORKDIR <directory>/ build step (directory with a trailing slash). moby/moby#47723
• containerd image store: Fix docker images failing when any image in the store has unexpected target. moby/moby#47738

v26.0.2

26.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.0.2 milestone
• moby/moby, 26.0.2 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Security

This release contains a security fix for CVE-2024-32473, an unexpected configuration of IPv6 on IPv4-only interfaces.

Bug fixes and enhancements

• CVE-2024-32473: Ensure IPv6 is disabled on interfaces only allocated an IPv4 address by the engine. moby#GHSA-x84c-p2g9-rqv9

v26.0.1

26.0.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.0.1 milestone
• moby/moby, 26.0.1 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Fix a regression that meant network interface specific --sysctl options prevented container startup. moby/moby#47646
• Remove erroneous platform from image config OCI descriptor in docker save output. moby/moby#47694
• containerd image store: OCI archives produced by docker save will now have a non-empty mediaType field in index.json moby/moby#47701
• Fix a regression that prevented the internal resolver from forwarding requests from IPvlan L3 networks to external resolvers. moby/moby#47705
• Prevent the use of external resolvers in IPvlan and Macvlan networks created with no parent interface specified. moby/moby#47705

Packaging updates

• Update Go runtime to 1.21.9 moby/moby#47671, docker/cli#4987
• Update Compose to v1.26.1 , docker/docker-ce-packaging#1009
• Update containerd to v1.7.15 (static binaries only) moby/moby#47692

v23.0.10

23.0.10

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 23.0.10 milestone
• moby/moby, 23.0.10 milestone