28.2.2

28.2.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.2.2 milestone
• moby/moby, 28.2.2 milestone

Bug fixes and enhancements

• containerd image store: Fix a regression causing docker build --push to fail. This reverts the fix for docker build not persisting overridden images as dangling. moby/moby#50105

Networking

• When creating the iptables DOCKER-USER chain, do not add an explicit RETURN rule, allowing users to append as well as insert their own rules. Existing rules are not removed on upgrade, but it won't be replaced after a reboot. moby/moby#50098

28.2.1

28.2.1

Packaging updates

• Fix packaging regression in v28.2.0 which broke creating the docker group/user on fresh installations. docker-ce-packaging#1209

28.2.0

28.2.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.2.0 milestone
• moby/moby, 28.2.0 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Note

RHEL packages are currently not available and will be released later.

New

• Add {{.Platform}} as formatting option for docker ps to show the platform of the image the container is running. docker/cli#6042
• Add support for relative parent paths (../) on bind mount sources when using docker run/create with -v/--volume or --mount type=bind options. docker/cli#4966
• CDI is now enabled by default. moby/moby#49963
• Show discovered CDI devices in docker info. docker/cli#6078
• docker image rm: add --platform option to remove a variant from multi-platform images. docker/cli#6109
• containerd image store: Initial BuildKit support for building Windows container images on Windows (requires an opt-in with DOCKER_BUILDKIT=1). moby/moby#49740

Bug fixes and enhancements

• Add a new log option for fluentd log driver (fluentd-write-timeout), which enables specifying write timeouts for fluentd connections. moby/moby#49911
• Add support for DOCKER_AUTH_CONFIG for the experimental --use-api-socket option. docker/cli#6019
• Fix docker exec waiting for 10 seconds if a non-existing user or group was specified. moby/moby#49868
• Fix docker swarm init ignoring cacert option of --external-ca. docker/cli#5995
• Fix an issue where the CLI would not correctly save the configuration file (~/.docker/config.json) if it was a relative symbolic link. docker/cli#5282
• Fix containers with --restart always policy using CDI devices failing to start on daemon restart. moby/moby#49990
• Fix shell-completion to only complete some flags once, even though they can be set multiple times. docker/cli#6030
• Fix the plugin does not implement PluginAddr interface error for Swarm CSI drivers. moby/moby#49961
• Improve docker login error messages for invalid options. docker/cli#6036
• Make sure the terminal state is restored if the CLI is forcefully terminated. docker/cli#6058
• Update the default seccomp profile to match the libseccomp v2.6.0. The new syscalls are: listmount, statmount, lsm_get_self_attr, lsm_list_modules, lsm_set_self_attr, mseal, uretprobe, riscv_hwprobe, getxattrat, listxattrat, removexattrat, and setxattrat. This prevents containers from receiving EPERM errors when using them. moby/moby#50077
• docker inspect: add shell completion, improve flag-description for --type and improve validation. docker/cli#6052
• containerd image store: Enable BuildKit garbage collector by default. moby/moby#49899
• containerd image store: Fix docker build not persisting overridden images as dangling. moby/moby#49702
• containerd image store: Fix docker system df reporting a negative reclaimable space amount. moby/moby#49707
• containerd image store: Fix duplicate PUT requests when pushing a multi-platform image. moby/moby#49949

Packaging updates

• Drop Ubuntu 20.04 "Focal" packages as it reached end of life. docker/docker-ce-packaging#1200
• Fix install location for RPM-based docker-ce man-pages. docker/docker-ce-packaging#1203
• Update BuildKit to v0.22.0. moby/moby#50046
• Update Buildx to v0.24.0. docker/docker-ce-packaging#1205
• Update Compose to v2.36.2. docker/docker-ce-packaging#1208
• Update Go runtime to 1.24.3. docker/docker-ce-packaging#1192, docker/cli#6060, moby/moby#49174

Networking

• Add bridge network option "com.docker.network.bridge.trusted_host_interfaces", accepting a colon-separated list of interface names. These interfaces have direct access to published ports on container IP addresses. moby/moby#49832
• Add daemon option "allow-direct-routing" to disable filtering of packets from outside the host addressed directly to containers. moby/moby#49832
• Do not display network options com.docker.network.enable_ipv4 or com.docker.network.enable_ipv6 in inspect output if they have been overridden by EnableIPv4 or EnableIPv6 in the network create request. moby/moby#49866
• Fix an issue that could cause network deletion to fail after a daemon restart, with error "has active endpoints" listing empty endpoint names. moby/moby#49901
• Fix an issue where docker network inspect --verbose could sometimes crash the daemon. moby/moby#49937
• Fix an issue where the load-balancer IP address for an overlay network would not be released in certain cases if the Swarm was lacking an ingress network. moby/moby#49948
• Improve the reliability of NetworkDB in busy clusters and lossy networks. moby/moby#49932
• Improvements to the reliability and convergence speed of NetworkDB. moby/moby#49939

API

• Update API version to 1.50.
• DELETE /images/{name} now supports a platforms query parameter. It accepts an array of JSON-encoded OCI Platform objects, allowing for selecting a specific platforms to delete content for. moby/moby#49982
• GET /info now includes a DiscoveredDevices field. This is an array of DeviceInfo objects, each providing details about a device discovered by a device driver. moby/moby#49980

Go SDK

• api/types/container: add ContainerState and constants for container state. moby/moby#49965
• api/types/container: change Summary.State to a ContainerState. moby/moby#49991
• api/types/container: define HealthStatus type for health-status constants. moby/moby#49876
• api/types: deprecate BuildResult, ImageBuildOptions, ImageBuildOutput, ImageBuildResponse, BuilderVersion, BuilderV1, and BuilderBuildKi which were moved to api/types/build. moby/moby#50025

Deprecations

• API: Deprecated: GET /images/{name}/json no longer returns the following fields: Config, Hostname, Domainname, AttachStdin, AttachStdout, AttachStderr, Tty, OpenStdin, StdinOnce, Image, NetworkDisabled (already omitted unless set), MacAddress (already omitted unless set), StopTimeout (already omitted unless set). These additional fields were included in the response due to an implementation detail but not part of the image's Configuration, were marked deprecated in API v1.46, and are now omitted. moby/moby#48457
• Go-SDK: Deprecate builder/remotecontext.Rel(). This function was needed on older versions of Go, but can now be replaced by filepath.Rel(). moby/moby#49843
• Go-SDK: api/types: deprecate BuildCachePruneOptions in favor of api/types/builder.CachePruneOptions. moby/moby#50015
• Go-SDK: api/types: deprecate BuildCachePruneReport in favor of api/types/builder.CachePruneReport. moby/moby#50015
• Go-SDK: api/types: deprecate NodeListOptions, NodeRemoveOptions, ServiceCreateOptions, ServiceUpdateOptions, RegistryAuthFromSpec, RegistryAuthFromPreviousSpec, ServiceListOptions, ServiceInspectOptions, and SwarmUnlockKeyResponse which were moved to api/types/swarm. moby/moby#50027
• Go-SDK: api/types: deprecate SecretCreateResponse, SecretListOptions, ConfigCreateResponse, ConfigListOptions which were moved to api/types/swarm. [moby/moby...

28.2.0-rc.2

28.2.0-rc.2

For a full list of changes from the last release candidate refer to the diff:

• moby/moby, 28.2.0-rc.1...28.2.0-rc.2
• docker/cli, 28.2.0-rc.1...28.2.0-rc.2

New

• Add {{.Platform}} as formatting option for docker ps to show the platform of the image the container is running. docker/cli#6042
• Add support for relative parent paths (../) on bind mount sources when using docker run/create with -v/--volume or --mount type=bind options. docker/cli#4966
• Windows: Initial BuildKit support (opt-in with DOCKER_BUILDKIT=1). moby/moby#49740

Bug fixes and enhancements

• Fix docker swarm init ignoring cacert option of --external-ca. docker/cli#5995
• Fix an issue where the CLI would not correctly save the configuration file (~/.docker/config.json) if it was a relative symbolic link. docker/cli#5282

Packaging updates

• Drop Ubuntu 20.04 "Focal" packages as it reached EOL. docker/docker-ce-packaging#1200
• Fix install location for RPM-based docker-ce man-pages. docker/docker-ce-packaging#1203
• Update BuildKit to v0.22.0. moby/moby#50046
• Update Buildx to v0.24.0. docker/docker-ce-packaging#1205
• Update Compose to v2.36.1. docker/docker-ce-packaging#1194

Deprecations

• Go-SDK: api/types: deprecate NodeListOptions, NodeRemoveOptions, ServiceCreateOptions, ServiceUpdateOptions, RegistryAuthFromSpec, RegistryAuthFromPreviousSpec, ServiceListOptions, ServiceInspectOptions, and SwarmUnlockKeyResponse which were moved to api/types/swarm. moby/moby#50027
• Remove deprecated IsAutomated formatting placeholder from docker search. docker/cli#6091
• Remove support for pulling legacy v2, schema 1 images and remove DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE environment-variable. moby/moby#50036, moby/moby#42300
• errdefs: Deprecate errdefs.FromStatusCode. Use containerd's [errhttp.ToNative] instead. moby/moby#50030

v28.2.0-rc.1

28.2.0-rc.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.2.0 milestone
• moby/moby, 28.2.0 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

New

• CDI is now enabled by default. moby/moby#49963
• Show discovered CDI devices in docker info. docker/cli#6078

Bug fixes and enhancements

• Add a new log option for fluentd log driver (fluentd-write-timeout), which lets specify write timeouts for fluentd connections. moby/moby#49911
• Add support for DOCKER_AUTH_CONFIG for the (experimental) --use-api-socket option. docker/cli#6019
• Fix docker exec waiting for 10 seconds if a non-existing user or group was specified. moby/moby#49868
• Fix containers with --restart always policy using CDI devices failing to start on daemon restart. moby/moby#49990
• Fix shell-completion to only complete some flags once, even though they can be set multiple times. docker/cli#6030
• Fix the plugin does not implement PluginAddr interface error for Swarm CSI drivers. moby/moby#49961
• Improve docker login error-messages for invalid options. docker/cli#6036
• Make sure the terminal state is restored if the CLI is forcefully terminated. docker/cli#6058
• docker inspect: add shell completion, improve flag-description for --type and improve validation. docker/cli#6052
• containerd image store: Enable BuildKit garbage collector by default. moby/moby#49899
• containerd image store: Fix docker build not persisting overriden images as dangling. moby/moby#49702
• containerd image store: Fix docker system df reporting a negative reclaimable amount. moby/moby#49707
• containerd image store: Fix duplicate PUT requests when pushing a multi-platform image. moby/moby#49949

Packaging updates

• Update BuildKit to v0.22.0-rc1. moby/moby#49986
• Update Compose to v2.36.0. docker/docker-ce-packaging#1189
• Update Go runtime to 1.24.3. docker/docker-ce-packaging#1192, docker/cli#6060, moby/moby#49174

Networking

• Add bridge network option "com.docker.network.bridge.trusted_host_interfaces", accepting a space-separated list of interface names. These interfaces are allowed direct access published ports on container IP addresses. moby/moby#49832
• Add daemon option "allow-direct-routing" to disable filtering of packets from outside the host addressed directly to containers. moby/moby#49832
• Do not display network options com.docker.network.enable_ipv4 or com.docker.network.enable_ipv6 in inspect output if they have been overridden by EnableIPv4 or EnableIPv6 in the network create request. moby/moby#49866
• Fix an issue that could cause network deletion to fail after a daemon restart, with error "has active endpoints" listing empty endpoint names. moby/moby#49901
• Fix an issue where docker network inspect --verbose could sometimes crash the daemon. moby/moby#49937
• Fix an issue where the load-balancer IP address for an overlay network would not be released in certain cases if the Swarm was lacking an ingress network. moby/moby#49948
• Improve the reliability of NetworkDB in busy clusters and lossy networks. moby/moby#49932
• Improvements to the reliability and convergence speed of NetworkDB. moby/moby#49939

API

• API: GET /info now includes a DiscoveredDevices field. This is an array of DeviceInfo objects, each providing details about a device discovered by a device driver. moby/moby#49980

Go SDK

• api/types/container: add ContainerState and constants for container state. moby/moby#49965
• api/types/container: change Summary.State to a ContainerState. moby/moby#49991
• api/types/container: define HealthStatus type for health-status constants. moby/moby#49876
• api/types: deprecate BuildResult, ImageBuildOptions, ImageBuildOutput, ImageBuildResponse, BuilderVersion, BuilderV1, and BuilderBuildKi which were moved to api/types/build.. moby/moby#50025

Deprecations

• Go-SDK: Deprecate builder/remotecontext.Rel(). This function was needed on older versions of Go, but can now be replaced by filepath.Rel(). moby/moby#49843
• Go-SDK: api/types: deprecate BuildCachePruneOptions in favor of api/types/builder.CachePruneOptions. moby/moby#50015
• Go-SDK: api/types: deprecate BuildCachePruneReport in favor of api/types/builder.CachePruneReport. moby/moby#50015
• Go-SDK: api/types: deprecate SecretCreateResponse, SecretListOptions, ConfigCreateResponse, ConfigListOptions which were moved to api/types/swarm. moby/moby#50024
• Go-SDK: client: deprecate IsErrNotFound. moby/moby#50012
• Go-SDK: container: deprecate IsValidHealthString in favor of api/types/container.ValidateHealthStatus. moby/moby#49893
• Go-SDK: container: deprecate StateStatus, WaitCondition, and the related WaitConditionNotRunning, WaitConditionNextExit, and WaitConditionRemoved consts in favor of their equivalents in api/types/container. moby/moby#49874
• Go-SDK: opts: deprecate ListOpts.GetAll in favor of ListOpts.GetSlice. docker/cli#6032
• The BridgeNfIptables and BridgeNfIp6tables fields in the GET /info response were deprecated in API v1.48, and are now omitted in API v1.50. moby/moby#49904

v25.0.10

25.0.10

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

• moby/moby, 25.0.10 milestone
• Changes to the Engine API, see API version history.

Packaging updates

• [25.0] vendor: github.com/golang-jwt/jwt/v4 v4.5.2 by @pendo324 in #49790
• [25.0] Update remaining Ubuntu 20.04 GHA uses to 22.04 and 24.04 #49775 by @aepifanov in #49804
• [25.0]Bump golang 1.23 by @aepifanov in #49967
• [25.0] Dockerfile: update containerd binary to v1.7.27 by @aepifanov in #49970

Full Changelog: v25.0.9...v25.0.10

v25.0.9

25.0.9

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:

• moby/moby, 25.0.9 milestone
• Changes to the Engine API, see API version history.

Packaging updates

• [25.0 backport] ci: update bake-action to v6 by @austinvazquez in #49346
• [25.0 backport] ci: switch from jenkins to gha for arm64 build and tests (and set correct go version for branch) by @thaJeztah in #49321
• [25.0 backport] update to go1.22.11 (fix CVE-2024-45341, CVE-2024-45336) by @austinvazquez in #49345
• [25.0 backport] update to go1.22.12 by @vvoland in #49400
• [25.0 backport] Dockerfile: update runc binary to v1.2.5 by @austinvazquez in #49488

Full Changelog: v25.0.8...v25.0.9

v23.0.18

23.0.18

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• moby/moby, 23.0.18 milestone

What's Changed

• [23.0] Update GHA, Containerd, CI image, and Golang to the actual status by @aepifanov in #49859

Full Changelog: v23.0.17...v23.0.18

v23.0.17

23.0.17

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• moby/moby, 23.0.17 milestone

Packaging updates

• [23.0 backport] Jenkinsfile: modprobe br_netfilter by @thaJeztah in #48996
• [23.0 backport] update xx to v1.6.1 for compatibility with alpine 3.21 by @thaJeztah in #49083
• [23.0 backport] update actions by @aepifanov in #49517

Full Changelog: v23.0.16...v23.0.17

v28.1.1

28.1.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.1.1 milestone
• moby/moby, 28.1.1 milestone

Bug fixes and enhancements

• Fix dockerd-rootless-setuptool.sh incorrectly reporting missing iptables. moby/moby#49833
• containerd image store: Fix a potential daemon crash when using docker load with archives containing zero-size tar headers. moby/moby#49837

Packaging updates

• Update Buildx to v0.23.0. docker/docker-ce-packaging#1185
• Update Compose to v2.35.1. docker/docker-ce-packaging#1188

Networking

• Add a warning to a container's /etc/resolv.conf when no upstream DNS servers were found. moby/moby#49827