Skip to content
This repository has been archived by the owner on Oct 13, 2023. It is now read-only.

v19.03.14

Latest
Compare
Choose a tag to compare
@tiborvass tiborvass released this 02 Dec 00:14
· 9854 commits to master since this release
5eb3275

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.14 (2020-12-01)

Security

  • CVE-2020-15257: Update bundled static binaries of containerd to v1.3.9 moby/moby#41731. Package managers should update the containerd.io package.

Builder

  • Beta versions of apparmor are now parsed correctly preventing build failures moby/moby#41542

Networking

Runtime

Rootless

  • Lock state dir for preventing automatic clean-up by systemd-tmpfiles moby/moby#41635
  • dockerd-rootless.sh: support new containerd shim socket path convention moby/moby#41557

Logging

19.03.13 (2020-09-16)

Builder

  • buildkit: Fix nil dereference in cache logic moby/moby#41279
  • buildkit: Treat unix sockets as regular files during COPY/ADD moby/moby#41269
  • buildkit: Ignore system and security xattrs in calculation to ensure consistent COPY caching regardless of SELinux environment moby/moby#41222
  • buildkit: Make --cache-from behavior more reliable moby/moby#41222
  • buildkit: Fix infinite loop burning CPU when exporting cache moby/moby#41185

Client

Networking

Rootless

Runtime

Windows

  • Fix slow windows container start time when using servercore image moby/moby#41192

19.03.12 (2020-06-18)

Client

  • Fix bug preventing logout from registry when using multiple config files (e.g. Windows vs WSL2 when using Docker Desktop) docker/cli#2592
  • Fix regression preventing context metadata to be read docker/cli#2586
  • Bump Golang 1.13.12 docker/cli#2575

Networking

Runtime

19.03.11 (2020-06-01)

Network

  • Disable IPv6 Router Advertisements to prevent address spoofing CVE-2020-13401

19.03.10 (2020-05-29)

Client

Networking

Runtime

  • Avoid potential panic on s390x by upgrading Go to 1.13.11 moby/moby#40978

Packaging

19.03.9 (2020-05-14)

Builder

  • buildkit: Fix concurrent map write panic when building multiple images in parallel. moby/moby#40780
  • buildkit: Fix issue preventing chowning of non-root-owned files between stages with userns. moby/moby#40955
  • Avoid creation of irrelevant temporary files on Windows. moby/moby#40877

Client

Logging

  • Avoid situation preventing container logs to rotate due to closing a closed log file. moby/moby#40921

Networking

Runtime

Rootless

  • Now rootlesskit-docker-proxy returns detailed error message on exposing privileged ports. moby/moby#40863
  • Supports numeric ID in /etc/subuid and /etc/subgid. moby/moby#40951

Security

Swarm

  • Increase refill rate for logger to avoid hanging on service logs. moby/moby#40628
  • Fix issue where single swarm manager is stuck in Down state after reboot. moby/moby#40831
  • tasks.db no longer grows indefinitely. moby/moby#40830

19.03.8 (2020-03-10)

Runtime

19.03.7 (2020-03-03)

Builder

Runtime

Client

19.03.6 (2020-02-12)

Builder

Networking

Runtime

19.03.5 (2019-11-13)

Builder

  • Fix builder-next: permission errors on using build secrets or ssh forwarding with userns-remap. docker/engine#420
  • Fix builder-next: copying a symlink inside an already copied directory. docker/engine#420
  • Fix builder-next: fatal error: concurrent map writes. docker/engine#422

Runtime

19.03.4 (2019-10-17)

Networking

  • Rollback libnetwork changes so DOCKER-USER iptables chain is back. docker/engine#404

19.03.3 (2019-10-07)

Known Issues

  • DOCKER-USER iptables chain is missing docker/for-linux#810. Users cannot perform additional container network traffic filtering on top of this iptables chain. You are not affected by this issue if you are not customizing iptables chains on top of DOCKER-USER.

    Workaround is to insert the iptables chain after docker daemon starts.

    iptables -N DOCKER-USER
    iptables -I FORWARD -j DOCKER-USER
    iptables -A DOCKER-USER -j RETURN
    

Builder

  • Fix builder-next: resolve digest for third party registries. docker/engine#339
  • Fix builder-next: user namespace builds when daemon started with socket activation. docker/engine#373
  • Fix builder-next: session: release forwarded ssh socket connection per connection. docker/engine#373
  • Fix builder-next: llbsolver: error on multiple cache importers. docker/engine#373

Networking

  • Fix various libnetwork issues for iptables, DNS queries, and more. docker/engine#330

Runtime

  • Fix POST /images/create returning a 500 status code when providing an incorrect platform option. docker/engine#365
  • Fix POST /build returning a 500 status code when providing an incorrect platform option. docker/engine#365
  • Fix panic on 32-bit ARMv7 caused by misaligned struct member. docker/engine#363
  • Fix to return "invalid parameter" when linking to non-existing container. docker/engine#352
  • Fix overlay2: busy error on mount when using kernel >= 5.2. docker/engine#332
  • Fix docker rmi stuck in certain misconfigured systems, e.g. dead NFS share. docker/engine#335
  • Fix handling of blocked I/O of exec'd processes. docker/engine#296
  • Fix jsonfile logger: follow logs stuck when max-size is set and max-file=1. docker/engine#378

Client

  • Mitigate against YAML files that have excessive aliasing. docker/cli#2119

19.03.2 (2019-08-29)

Builder

  • Fix "COPY --from" to non-existing directory on Windows. moby/moby#39695
  • Fix builder-next: metadata commands not having created time in history. moby/moby#39456
  • Fix builder-next: close progress on layer export error. moby/moby#39782

Client

  • Fix Windows absolute path detection on non-Windows. docker/cli#1990
  • Fix to zsh completion script for docker login --username.
  • Fix context: produce consistent output on context create. docker/cli#1985
  • Fix support for HTTP proxy env variable. docker/cli#2059

Logging

Networking

  • Prevent panic on network attach to a container with disabled networking. moby/moby#39589

Runtime

  • Bump Golang to 1.12.8.
  • Fix a potential engine panic when using XFS disk quota for containers. moby/moby#39644

Swarm

19.03.1 (2019-07-25)

Runtime

  • Fix CVE-2019-14271 loading of nsswitch based config inside chroot under Glibc.

19.03.0 (2019-07-22)

Deprecation

  • Deprecate image manifest v2 schema1 in favor of v2 schema2. Future version of Docker will remove support for v2 schema1 altogether. moby/moby#39365
  • Remove v1.10 migrator. moby/moby#38265
  • Skip deprecated storage-drivers in auto-selection. moby/moby#38019
  • Deprecate aufs storage driver and add warning. moby/moby#38090

Client

  • Bump google.golang.org/grpc to v1.20.1. docker/cli#1884
  • Cli change to pass driver specific options to docker run. docker/cli#1767
  • Bump Golang 1.12.5. docker/cli#1875
  • The docker system info output now segregates information relevant to the client and daemon. docker/cli#1638
  • (Experimental) When targetting Kubernetes, add support for x-pull-secret: some-pull-secret in compose-files service configs. docker/cli#1617
  • (Experimental) When targetting Kubernetes, add support for x-pull-policy: <Never|Always|IfNotPresent> in compose-files service configs. docker/cli#1617
  • cp, save, export: Prevent overwriting irregular files. docker/cli#1515
  • Allow npipe volume type on stack file. docker/cli#1195

API

  • Add undocumented /grpc endpoint and register BuildKit's controller. moby/moby#38990

Builder

  • builder-next: allow setting buildkit outputs. docker/cli#1766
  • builder-next: look for a Dockerfile specific dockerignore file (eg. Dockerfile.dockerignore) for ignored paths. docker/engine#215
  • builder-next: automatically detect if process execution is possible for x86, arm and arm64 binaries. docker/engine#215
  • builder-next: added inline cache support --cache-from. docker/engine#215
  • builder-next: allow outputs configuration. moby/moby#38898

Experimental

Security

Runtime

Networking

  • Fix to make sure load balancer sandbox is deleted when a service is updated with --network-rm. docker/engine#213

Swarm

Logging