v26.0.0-rc3

26.0.0-rc3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.0.0 milestone
• moby/moby, 26.0.0 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Security

This release contains a security fix for CVE-2024-29018, a potential data exfiltration from 'internal' networks via authoritative DNS servers.

New

• containerd image store: Implement prometheus metrics moby/moby#47555

Bug fixes and enhancements

• CVE-2024-29018: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589
• containerd image store: Improve docker images performance. moby/moby#47580
• Add explicit deprecation notice message when using remote TCP connections without TLS. Deprecation notice docker/cli#4928. moby/moby#47556
• Use IPv6 nameservers from the host's resolv.conf as upstream resolvers for Docker Engine's internal DNS, rather than listing them in the container's resolv.conf. moby/moby#47512
• rc2 regression: containerd image store: Fix image list not showing images when an image that has no locally available platforms is encountered.
• rootless: fix open /etc/docker/plugins: permission denied moby/moby#47559
• plugin: fix mounting /etc/hosts when running in UserNS moby/moby#47558

API

• Remove Container and ContainerConfig fields from the GET /images/{name}/json response. moby/moby#47430

Packaging updates

• Update Buildx to v0.13.1. docker/docker-ce-packaging#1000
• Update Buildkit to v0.13.1. moby/moby#47582
• Update Compose to v2.25.0. docker/docker-ce-packaging#1002
• Add Ubuntu Noble packages. docker/docker-ce-packaging#1006
• Add Fedora 40 packages. docker/docker-ce-packaging#1005