Releases: moby/moby
v26.1.4
26.1.4
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 26.1.4 milestone
- moby/moby, 26.1.4 milestone
- Deprecated and removed features, see Deprecated Features.
- Changes to the Engine API, see API version history.
Security
This release updates the Go runtime to 1.21.11 which contains security fixes for:
- CVE-2024-24789
- CVE-2024-24790
- A symlink time of check to time of use race condition during directory removal reported by Addison Crump (@addisoncrump).
Bug fixes and enhancements
- Fixed an issue where rapidly promoting a node after another node was demoted could cause the promoted node to fail its promotion. moby/moby#47870
- Prevent daemon log being spammed with
superfluous response.WriteHeader call ...
message. moby/moby#47843 - Don't show empty hints when plugins returns an empty hook message. docker/cli#5083
- Added
ContextType: "moby"
to the context list/inspect output to address a compatibility issue with Visual Studio Container Tools. docker/cli#5095
Packaging updates
- Update containerd (static binaries only) to v1.7.17. moby/moby#47841
- CVE-2024-24789, CVE-2024-24790: Update Go runtime to 1.21.11. moby/moby#47904
- Update Compose to v2.27.1. docker/docker-ce-packages#1022
- Update Buildx to v0.14.1. docker/docker-ce-packages#1021
v23.0.12
23.0.12
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:
There is no corresponding docker/cli v23.0.12 release as no changes have been made since v23.0.10.
v26.1.3
26.1.3
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 26.1.3 milestone
- moby/moby, 26.1.3 milestone
- Deprecated and removed features, see Deprecated Features.
- Changes to the Engine API, see API version history.
Bug fixes and enhancements
- Fix a regression that prevented the use of DNS servers within a
--internal
network. moby/moby#47832 - When the internal DNS server's own address is supplied as an external server address, ignore it to avoid unproductive recursion. moby/moby#47833
Packaging updates
- Allow runc to kill containers when confined to the runc profile in AppArmor version 4.0.0 and later. moby/moby#47829
v26.1.2
26.1.2
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 26.1.2 milestone
- moby/moby, 26.1.2 milestone
- Deprecated and removed features, see Deprecated Features.
- Changes to the Engine API, see API version history.
Bug fixes and enhancements
- Fix issue where the CLI process would sometimes hang when a container failed to start. docker/cli#5062
Packaging updates
- Update Go runtime to 1.21.10. moby/moby#47806
v23.0.11
23.0.11
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:
There is no corresponding docker/cli v23.0.11 release as no changes have been made since v23.0.10.
v26.1.1
26.1.1
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 26.1.1 milestone
- moby/moby, 26.1.1 milestone
- Deprecated and removed features, see Deprecated Features.
- Changes to the Engine API, see API version history.
Bug fixes and enhancements
- Fix
docker run -d
printing ancontext canceled
spurious error when OTEL is configured. docker/cli#5044 - Experimental environment variable
DOCKER_BRIDGE_PRESERVE_KERNEL_LL=1
will prevent the daemon from removing the kernel-assigned link local address on a Linux bridge. moby/moby#47775 - Resolve an issue preventing container creation on hosts with a read-only
/proc/sys/net
filesystem. If IPv6 cannot be disabled on an interface due to this, either disable IPv6 by default on the host or ensure/proc/sys/net
is read-write. Otherwise, start dockerd withDOCKER_ALLOW_IPV6_ON_IPV4_INTERFACE=1
to bypass the error. moby/moby#47769
Note
The DOCKER_ALLOW_IPV6_ON_IPV4_INTERFACE
is added as a temporary fix and will be phased out in a future major release after simplifying the IPv6 enablement process.
Packaging updates
- Update BuildKit to v0.13.2. moby/moby#47762
- Update Compose to v2.27.0. docker/docker-ce-packages#1017
v26.1.0
26.1.0
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 26.1.0 milestone
- moby/moby, 26.1.0 milestone
- Deprecated and removed features, see Deprecated Features.
- Changes to the Engine API, see API version history.
New
- Add configurable OpenTelemetry utilities and basic instrumentation to commands.
For more information, see OpenTelemetry for the Docker CLI. docker/cli#4889
Bug fixes and enhancements
- Native Windows containers are configured with an internal DNS server for container name resolution, and external DNS servers for other lookups. Not all resolvers, including
nslookup
, fall back to the external resolvers when they get aSERVFAIL
answer from the internal server. So, the internal DNS server can now be configured to forward requests to the external resolvers, by setting"features": {"windows-dns-proxy": true }
in thedaemon.json
file. moby/moby#47584
Note
This will be the new default behavior in Docker Engine 27.0.
Warning
The windows-dns-proxy
feature flag will be removed in a future release.
- Swarm: Fix
Subpath
not being passed to the container config. moby/moby#47711 - Classic builder: Fix cache miss on
WORKDIR <directory>/
build step (directory with a trailing slash). moby/moby#47723 - containerd image store: Fix
docker images
failing when any image in the store has unexpected target. moby/moby#47738
v26.0.2
26.0.2
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 26.0.2 milestone
- moby/moby, 26.0.2 milestone
- Deprecated and removed features, see Deprecated Features.
- Changes to the Engine API, see API version history.
Security
This release contains a security fix for CVE-2024-32473, an unexpected configuration of IPv6 on IPv4-only interfaces.
Bug fixes and enhancements
- CVE-2024-32473: Ensure IPv6 is disabled on interfaces only allocated an IPv4 address by the engine. moby#GHSA-x84c-p2g9-rqv9
v26.0.1
26.0.1
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 26.0.1 milestone
- moby/moby, 26.0.1 milestone
- Deprecated and removed features, see Deprecated Features.
- Changes to the Engine API, see API version history.
Bug fixes and enhancements
- Fix a regression that meant network interface specific
--sysctl
options prevented container startup. moby/moby#47646 - Remove erroneous
platform
from imageconfig
OCI descriptor indocker save
output. moby/moby#47694 - containerd image store: OCI archives produced by
docker save
will now have a non-emptymediaType
field inindex.json
moby/moby#47701 - Fix a regression that prevented the internal resolver from forwarding requests from IPvlan L3 networks to external resolvers. moby/moby#47705
- Prevent the use of external resolvers in IPvlan and Macvlan networks created with no parent interface specified. moby/moby#47705
Packaging updates
- Update Go runtime to 1.21.9 moby/moby#47671, docker/cli#4987
- Update Compose to v1.26.1 , docker/docker-ce-packaging#1009
- Update containerd to v1.7.15 (static binaries only) moby/moby#47692
v23.0.10
23.0.10
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones: