You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are aware of [CVE-2025-23266](https://nvd.nist.gov/vuln/detail/CVE-2025-23266), a critical vulnerability affecting the NVIDIA Container Toolkit in CDI mode up to version 1.17.7. Docker Desktop includes version 1.17.8, which is not impacted. However, older versions of Docker Desktop that bundled earlier toolkit versions may be affected if CDI mode was manually enabled. Uprade to Docker Desktop 4.44 or later to ensure you're using the patched version.
58
+
55
59
### Bug fixes and enhancements
56
60
57
61
#### For all platforms
58
62
59
63
- Fixed an issue pulling images with zstd differential layers when the containerd image store is enabled.
60
-
- Fixed a bug causing containers launched with the `--restart` flag to fail to restart properly when using Enhanced Container Isolation.
61
-
- Improved interaction between [Kubernetes custom registry images](https://docs.docker.com/desktop/features/kubernetes/#configuring-a-custom-image-registry-for-kubernetes-control-plane-images) and Enhanced Container Isolation (ECI), so the [ECI Docker Socket image list](https://docs.docker.com/security/for-admins/hardened-desktop/enhanced-container-isolation/config/#image-list) no longer needs to be manually updated when using a custom registry for Kubernetes control plane images.
62
-
- Fixed a bug where a Docker Desktop Kubernetes cluster (in "kind" mode) fails to start after restarting Docker Desktop if the user is required to be logged in but is currently logged out.
63
-
64
-
- Fixed a bug that prevented mounting of MCP secrets into containers when [Enhanced Container Isolation](https://docs.docker.com/security/for-admins/hardened-desktop/enhanced-container-isolation/) is enabled.
64
+
- Fixed a bug causing containers launching with the `--restart` flag to not restart properly when using Enhanced Container Isolation.
65
+
- Improved interaction between [Kubernetes custom registry images](/manuals/desktop/features/kubernetes/#configuring-a-custom-image-registry-for-kubernetes-control-plane-images) and Enhanced Container Isolation (ECI), so the [ECI Docker Socket image list](/enterprise/security/hardened-desktop/enhanced-container-isolation/config/#image-list) no longer needs to be manually updated when using a custom registry for Kubernetes control plane images.
66
+
- Fixed a bug where a Docker Desktop Kubernetes cluster in kind mode fails to start after restarting Docker Desktop if the user is required to be signed in but is currently signed out.
67
+
- Fixed a bug that prevented the mounting of MCP secrets into containers when [Enhanced Container Isolation](/enterprise/security/hardened-desktop/enhanced-container-isolation/) is enabled.
65
68
- Fixed a bug preventing the use of `--publish-all` when `--publish` was already specified.
66
-
- Fixed a bug causing images screen to scroll infinitely. Fixes [#7725](https://github.com/docker/for-mac/issues/7725).
67
-
- Fixed blank Volumes page while on Resource Saver mode.
69
+
- Fixed a bug causing the **Images** view to scroll infinitely. Fixes [#7725](https://github.com/docker/for-mac/issues/7725).
70
+
- Fixed a bug which caused the **Volumes** tab to be blank while in Resource Saver mode.
68
71
- Updated terms of service text on first launch.
69
72
70
73
#### For Mac
@@ -73,15 +76,14 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
73
76
- Fixed regression since 4.42.0 on DockerVMM by re-introducing performance boost on general usage.
74
77
- Removed QEMU hypervisor and switched to Apple Virtualization as the new default. See [blog post](https://www.docker.com/blog/docker-desktop-for-mac-qemu-virtualization-option-to-be-deprecated-in-90-days/).
75
78
- Fixed a bug preventing Traefik from autodetecting containers' ports. Fixes [docker/for-mac#7693](https://github.com/docker/for-mac/issues/7693).
76
-
-Remove eBPF which blocked `io_uring`. To enable `io_uring` in a container, use `--security-opt seccomp=unconfined`. Fixes [docker/for-mac#7707](https://github.com/docker/for-mac/issues/7707).
79
+
-Removed eBPF which blocked `io_uring`. To enable `io_uring` in a container, use `--security-opt seccomp=unconfined`. Fixes [docker/for-mac#7707](https://github.com/docker/for-mac/issues/7707).
77
80
78
81
#### For Windows
79
82
80
83
- Re-added `docker-users` group to the named pipe security descriptors.
81
84
- Fixed an installer crash when the current user has no `SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` registry key.
82
85
- Fixed a bug where Docker Desktop could leak a `com.docker.build` process and fail to start. Fixed [docker/for-win#14840](https://github.com/docker/for-win/issues/14840).
83
-
- Fixed a bug that was preventing Docker Desktop Kubernetes in "kind" mode from starting when using WSL with `cgroups v1` and Enhanced Container Isolation (ECI) is enabled.
84
-
86
+
- Fixed a bug that was preventing Docker Desktop Kubernetes in kind mode from starting when using WSL with `cgroups v1` and Enhanced Container Isolation (ECI) is enabled.
We are aware of [CVE-2025-23266](https://nvd.nist.gov/vuln/detail/CVE-2025-23266), a critical vulnerability affecting the NVIDIA Container Toolkit in CDI mode up to version 1.17.7. Docker Desktop includes version 1.17.8, which is not impacted. However, older versions of Docker Desktop that bundled earlier toolkit versions may be affected if CDI mode was manually enabled. Upgrade to Docker Desktop 4.44 or later to ensure you're using the patched version.
0 commit comments