v23.0.8

23.0.8

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 23.0.8 milestone
• moby/moby, 23.0.8 milestone

Bug Fixes and Enhancements

• Make one-shot stats faster. #46617
• Fix "Rootful-in-Rootless" Docker-in-Docker on systemd >= 250. #46627
• Add IP_NF_MANGLE to the "generally required" list in check-config.sh because it is required by Swarm. #46675
• Write overlay2 layer metadata atomically. #46704
• Update github.com/klauspost/compress to v1.17.2 to fix data corruption with zstd output in "best". #46710

Packaging Updates

• Update Go to 1.20.10. #46625
• Update golang.org/x/net to v0.17.0. #46691

v20.10.27

v20.10.27

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 20.10.27 milestone
• moby/moby, 20.10.27 milestone

Bug Fixes and Enhancements

• Fix dockerd-rootless-setuptools.sh when user name contains a backslash. #46424
• Add IP_NF_MANGLE to check-config.sh to the "generally required" list in check-config.sh because it is required by Swarm. #46674
• Fix a deadlock in libnetwork which could prevent containers from starting. #46693
• Write overlay2 layer metadata atomically. #46705
• Support building with Go 1.20. #46694 #46695 #46696

Packaging Updates

• Update to go1.20.10, golang/org/x/net v0.17.0. #46692

v25.0.0-beta.1

25.0.0-beta.1

This is a pre-release of the upcoming 25.0.0 release.

Pre-releases are intended for testing new releases: only install in a test environment!

curl -fsSL https://get.docker.com -o get-docker.sh
sudo CHANNEL=test sh get-docker.sh

Known issues:

• There is no changelog yet; an overview of pull requests included in this release can be found on GitHub:
  • docker cli: all pull requests for 25.0.0 / all "changelog" pull requests for 25.0.0
  • docker engine: all pull requests for 25.0.0 / all "changelog" pull requests for 25.0.0
• dockerd now uses systemd's default LimitNOFILE which on older versions of systemd, such as used by CentOS 7 is very low and may limit the number of containers that can be run. Set LimitNOFILE=1048576 to get the previous behavior.
• There are no packages available yet for the s390x and ppc64le architectures
• There may be bugs! ⚠️

Bugs and regressions can be reported in these issue trackers:

• Related to the CLI: https://github.com/docker/cli/issues
• Related to the Docker Engine https://github.com/moby/moby/issues

When reporting issues, include [25.0.0-beta] in the issue title

v24.0.7

24.0.7

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.7 milestone
• moby/moby, 24.0.7 milestone

Bug fixes and enhancements

• Write overlay2 layer metadata atomically. moby/moby#46703
• Fix "Rootful-in-Rootless" Docker-in-Docker on systemd version 250 and later. moby/moby#46626
• Fix dockerd-rootless-setuptools.sh when username contains a backslash. moby/moby#46407
• Fix a bug that would prevent network sandboxes to be fully deleted when stopping containers with no network attachments and when dockerd --bridge=none is used. moby/moby#46702
• Fix a bug where cancelling an API request could interrupt container restart. moby/moby#46697
• Fix an issue where containers would fail to start when providing --ip-range with a range larger than the subnet. docker/for-mac#6870
• Fix data corruption with zstd output. moby/moby#46709
• Fix the conditions under which the container's MAC address is applied. moby/moby#46478
• Improve the performance of the stats collector. moby/moby#46448
• Fix an issue with source policy rules ending up in the wrong order. moby/moby#46441

Packaging updates

• Add support for Fedora 39 and Ubuntu 23.10. docker/docker-ce-packaging#940, docker/docker-ce-packaging#955
• Fix docker.socket not getting disabled when uninstalling the docker-ce RPM package. docker/docker-ce-packaging#852
• Upgrade Go to go1.20.10. docker/docker-ce-packaging#951
• Upgrade containerd to v1.7.6 (static binaries only). moby/moby#46103
• Upgrade the containerd.io package to v1.6.24.

Security

• Deny containers access to /sys/devices/virtual/powercap by default. This change hardens against CVE-2020-8694, CVE-2020-8695, and CVE-2020-12912, and an attack known as the PLATYPUS attack. For more details, see advisory, commit.

v23.0.7

23.0.7

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 23.0.7 milestone
• moby/moby, 23.0.7 milestone

Bug Fixes and Enhancements

• Fix reloading the insecure-registries daemon configuration. #45572
• Allow empty body for POST /commit again. #45569
• Fix an issue which prevented encrypted overlay networks from functioning when the Swarm data path port is not set to 4789. #45638
• Fix an issue with graceful container shutdown. #45775
• Fix host-gateway support in docker build. #45791
• Fix missing Topology in Swarm cluster volume NodeCSIInfo. #45809
• seccomp: always allow name_to_handle_at(2). #45834
• Fix an issue which prevented volumes mounted to a live-restored container from being removed. #45825
• client: resolve an incompatibility with Go 1.20.6, Go 1.20.7, Go 1.19.11 and Go 1.19.12. #45971
• Fix an issue which prevented process capabilities from being retained when starting a container as a non-root user with --security-opt=no-new-privileges. #46222
• Fixed a bug which caused named volumes that set custom device or type volume option to be unmounted when restarting the daemon and not live-restoring it properly. #46367
• windows: fix --register-service when executed from within binary directory. #46216
• Fix dockerd-rootless-setuptools.sh when user name contains a backslash. #46408

Packaging Updates

• Update Go to 1.20.7. #46141
• Update containerd to v1.6.22. #46104
• Update runc to v1.1.9. #46229
• Delete Upstart init scripts and clean up sysvinit. #46046

v20.10.26

20.10.26

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 20.10.26 milestone
• moby/moby, 20.10.26 milestone

Bug Fixes and Enhancements

• Support filesystems which do not support extended file attributes with the VFS graph driver. #45466
• Fix AppArmor profile docker-default /proc/sys rule. #45716
• seccomp: always allow name_to_handle_at(2). #45835
• Fix an issue which prevented volumes mounted to a live-restored container from being removed. #45840
• client: resolve an incompatibility with Go 1.20.6, Go 1.20.7, Go 1.19.11 and Go 1.19.12. #45972
• windows: fix --register-service when executed from within binary directory. #46217

Packaging Updates

• Update Go to 1.19.12. #46142
• Update containerd to v1.6.22. #46105
• Update runc to v1.1.8. #46031
• Delete Upstart init scripts and clean up sysvinit. #46047

v24.0.6

24.0.6

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.6 milestone
• moby/moby, 24.0.6 milestone

Bug fixes and enhancements

• containerd storage backend: Fix docker ps failing when a container image is no longer present in the content store. moby/moby#46095
• containerd storage backend: Fix docker ps -s -a and docker container prune failing when a container image config is no longer present in the content store. moby/moby#46097
• containerd storage backend: Fix docker inspect failing when a container image config is no longer (or was never) present in the content store. moby/moby#46244
• containerd storage backend: Fix diff and export with the overlayfs snapshotter by using reference-counted rootfs mounts. moby/moby#46266
• containerd storage backend: Fix a misleading error message when the image platforms available locally do not match the desired platform. moby/moby#46300
• containerd storage backend: Fix the FROM scratch Dockerfile instruction with the classic builder. moby/moby#46302
• containerd storage backend: Fix mismatched image rootfs and manifest layers errors with the classic builder. moby/moby#46310
• Warn when pulling Docker Image Format v1, and Docker Image manifest version 2, schema 1 images from all registries. moby/moby#46290
• Fix live-restore of volumes with custom volume options. moby/moby#46366
• Fix incorrectly dropping capabilities bits when running a container as a non-root user (note: this change was already effectively present due to a regression). moby/moby#46221
• Fix network isolation iptables rules preventing IPv6 Neighbor Solicitation packets from being exchanged between containers. moby/moby#46214
• Fix dockerd.exe --register-service not working when the binary is in the current directory on Windows. moby/moby#46215
• Add a hint suggesting the use of a PAT to docker login against Docker Hub. docker/cli#4500
• Improve shell startup time for users of Bash completion for the CLI. docker/cli#4517
• Improve the speed of some commands by skipping GET /_ping when possible. docker/cli#4508
• Fix credential scopes when using a PAT to docker manifest inspect an image on Docker Hub. docker/cli#4512
• Fix docker events not supporting --format=json. docker/cli#4544

Packaging updates

• Upgrade Go to go1.20.7. moby/moby#46140, docker/cli#4476, docker/docker-ce-packaging#932
• Upgrade containerd to v1.7.3 (static binaries only). moby/moby#46103
• Upgrade Compose to v2.21.0. docker/docker-ce-packaging#936

v24.0.5

24.0.5

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.5 milestone
• moby/moby, 24.0.5 milestone

Bug fixes and enhancements

• The Go client now avoids using UNIX socket paths in the HTTP Host: header, in order to be compatible with changes introduced in go1.20.6. moby/moby#45962, moby/moby#45990
• containerd storage backend: Fix Variant not being included in docker image inspect and GET /images/{name}/json. moby/moby#46025
• containerd storage backend: Prevent potential garbage collection of content during image export. moby/moby#46021
• containerd storage backend: Prevent duplicate digest entries in RepoDigests. moby/moby#46014
• containerd storage backend: Fix operations taking place against the incorrect tag when working with an image referenced by tag and digest. moby/moby#46013
• containerd storage backend: Fix a panic caused by EXPOSE when building containers with the legacy builder. moby/moby#45921
• Fix a regression causing unintuitive errors to be returned when attempting to create an overlay network on a non-Swarm node. moby/moby#45974
• Properly report errors parsing volume specifications from the command line. docker/cli#4423
• Fix a panic caused when auths: null is found in the CLI config file. docker/cli#4450

Packaging updates

• Use init scripts as provided by moby/moby contrib/init. docker/docker-ce-packaging#914, docker/docker-ce-packaging#926
• Drop Upstart from contrib/init. moby/moby#46044
• Upgrade Go to go1.20.6. docker/cli#4428, moby/moby#45970, docker/docker-ce-packaging#921
• Upgrade Compose to v2.20.2. docker/docker-ce-packaging#924
• Upgrade buildx to v0.11.2. docker/docker-ce-packaging#922

v24.0.4

24.0.4

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.4 milestone
• moby/moby, 24.0.4 milestone

Bug fixes and enhancements

• Fix a regression introduced during 24.0.3 that causes a panic during live-restore of containers with bind mounts. moby/moby#45903

v24.0.3

24.0.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.3 milestone
• moby/moby, 24.0.3 milestone

Bug fixes and enhancements

• containerd image store: Fix an issue where multi-platform images that did not include a manifest for the default platform could not be interacted with. moby/moby#45849
• containerd image store: Fix specious attempts to cache FROM scratch in container builds. moby/moby#45822
• containerd image store: Fix docker cp with snapshotters that cannot mount the same content multiple times. moby/moby#45780, moby/moby#45786
• containerd image store: Fix builds with type=image not being correctly unpacked/stored. moby/moby#45692
• containerd image store: Fix incorrectly attempting to unpack pseudo-images (including attestations) in docker load. moby/moby#45688
• containerd image store: Correctly set the user agent, and include additional information like the snapshotter when interacting with registries. moby/moby#45671, moby/moby#45684
• containerd image store: Fix a failure to unpack already-pulled content after switching between snapshotters. moby/moby#45678
• containerd image store: Fix images that have been re-tagged or with all tags removed being pruned while still in use. moby/moby#45857
• Fix a Swarm CSI issue where the Topology field was not propagated into NodeCSIInfo. moby/moby#45810
• Fix failures to add new Swarm managers caused by a very large raft log. moby/moby#45703, moby/swarmkit#3122, moby/swarmkit#3128
• name_to_handle_at(2) is now always allowed in the default seccomp profile. moby/moby#45833
• Fix an issue that prevented encrypted Swarm overlay networks from working on ports other than the default (4789). moby/moby#45637
• Fix a failure to restore mount reference-counts during live-restore. moby/moby#45824
• Fix various networking-related failures during live-restore. moby/moby#45658, moby/moby#45659
• Fix running containers restoring with a zero (successful) exit status when the daemon is unexpectedly terminated. moby/moby#45801
• Fix a potential panic while executing healthcheck probes. moby/moby#45798
• Fix a panic caused by a race condition in container exec start. moby/moby#45794
• Fix an exception caused by attaching a terminal to an exec with a non-existant command. moby/moby#45643
• Fix host-gateway with BuildKit by passing the IP as a label (also requires docker/buildx#1894). moby/moby#45790
• Fix an issue where POST /containers/{id}/stop would forcefully terminate the container when the request was canceled, instead of waiting until the specified timeout for a 'graceful' stop. moby/moby#45774
• Fix an issue where docker cp -a from the root (/) directory would fail. moby/moby#45748
• Improve compatibility with non-runc container runtimes by more correctly setting resource constraint parameters in the OCI config. moby/moby#45746
• Fix an issue caused by overlapping subuid/subgid ranges in certain configurations (e.g. LDAP) in rootless mode. moby/moby#45747, rootless-containers/rootlesskit#369
• Greatly reduce CPU and memory usage while populating the Debug section of GET /info. moby/moby#45856
• Fix an issue where debug information was not correctly printed during docker info when only the client is in debug mode. docker/cli#4393
• Fix issues related to hung connections when connecting to hosts over a SSH connection. docker/cli#4395

Packaging updates

• Upgrade Go to go1.20.5. moby/moby#45745, docker/cli#4351, docker/docker-ce-packaging#904
• Upgrade Compose to v2.19.1. docker/docker-ce-packaging#916
• Upgrade buildx to v0.11.1. docker/docker-ce-packaging#918