You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Fix CLI-specific attributes (`docker.cli.*`) being unintentionally passed to downstream OTel services. [docker/cli#5842](https://github.com/docker/cli/pull/5842)
37
+
- containerd image store: Improve performance of `docker ps` when running large number of containers. [moby/moby#49365](https://github.com/moby/moby/pull/49365)
38
+
- Fix spurious `io: read/write on closed pipe` error in the daemon log when closing container. [moby/moby#49590](https://github.com/moby/moby/pull/49590)
39
+
- Mask Linux thermal interrupt info in a container's `/proc` and `/sys` by default. Mitigates potential [Thermal Side-Channel Vulnerability Exploit](https://github.com/moby/moby/security/advisories/GHSA-6fw5-f8r9-fgfm). [moby/moby#49560](https://github.com/moby/moby/pull/49560)
40
+
- Fix the Docker daemon failing too early if the containerd socket isn't immediately available. [moby/moby#49603](https://github.com/moby/moby/pull/49603)
41
+
- Fix daemon failing to start on Windows when a container created before v28.0.0 was present. [moby/moby#49626](https://github.com/moby/moby/pull/49626)
42
+
- Fix possible error on `docker buildx prune` with the `--min-free-space`. [moby/moby#49623](https://github.com/moby/moby/pull/49623)
43
+
- Fix an issue where user-specified `OTEL_RESOURCE_ATTRIBUTES` were being overridden by CLI's internal telemetry attributes. The CLI now properly merges user-specified attributes with internal ones, allowing both to coexist. [docker/cli#5842](https://github.com/docker/cli/pull/5842)
44
+
- containerd image store: Fix spurious `reference for unknown type: application/vnd.in-toto+json` warning being logged to the daemon's log. [moby/moby#49652](https://github.com/moby/moby/pull/49652)
45
+
- containerd image store: Fix integer overflow in User ID handling passed via `--user`. [moby/moby#49652](https://github.com/moby/moby/pull/49652)
46
+
47
+
### Packaging updates
48
+
49
+
- Update Go runtime to [1.23.7](https://go.dev/doc/devel/release#go1.23.7). [docker/cli#5890](https://github.com/docker/cli/pull/5890), [moby/moby#49580](https://github.com/moby/moby/pull/49580), [docker/docker-ce-packaging#1171](https://github.com/docker/docker-ce-packaging/pull/1171)
50
+
- Update Compose to [v2.34.0](https://github.com/docker/compose/releases/tag/v2.34.0). [docker/docker-ce-packaging#1172](https://github.com/docker/docker-ce-packaging/pull/1172)
51
+
- Update containerd (static binaries only) to [v1.7.26](https://github.com/containerd/containerd/releases/tag/v1.7.26). [moby/moby#49553](https://github.com/moby/moby/pull/49553)
52
+
- Update BuildKit to [v0.20.1](https://github.com/moby/buildkit/releases/tag/v0.20.1). [moby/moby#49587](https://github.com/moby/moby/pull/49587)
53
+
- Update RootlessKit to [v2.3.4](https://github.com/rootless-containers/rootlesskit/releases/tag/v2.3.4). [moby/moby#49614](https://github.com/moby/moby/pull/49614)
54
+
- Update containerd (static binaries only) to [v1.7.27](https://www.github.com/containerd/containerd/releases/tag/v1.7.27). [moby/moby#49656](https://github.com/moby/moby/pull/49656)
55
+
- Update Buildx to [v0.22.0](https://github.com/docker/buildx/releases/tag/v0.22.0). [docker/docker-ce-packaging#1175](https://github.com/docker/docker-ce-packaging/pull/1175)
56
+
- Update `contrib/check-config.sh` to check for more kernel modules related to iptables. [moby/moby#49622](https://github.com/moby/moby/pull/49622)
57
+
58
+
### Networking
59
+
60
+
- Do not skip DNAT for packets originating in a gateway_mode=routed network. [moby/moby#49577](https://github.com/moby/moby/pull/49577)
61
+
- Add environment variable `DOCKER_INSECURE_NO_IPTABLES_RAW=1` to allow Docker to run on systems where the Linux kernel can't provide `CONFIG_IP_NF_RAW` support. When enabled, Docker will not create rules in the iptables `raw` table. Warning: This is not recommended for production environments as it reduces security by allowing other hosts on the local network to route to ports published to host addresses, even when they are published to `127.0.0.1.` This option bypasses some of the security hardening introduced in Docker Engine 28.0.0. [moby/moby#49621](https://github.com/moby/moby/pull/49621)
62
+
- Fix a bug causing `docker ps` to inconsistently report dual-stack port mappings. [moby/moby#49657](https://github.com/moby/moby/pull/49657)
63
+
- Allow container startup when an endpoint is attached to a macvlan network where the parent interface is down. [moby/moby#49630](https://github.com/moby/moby/pull/49630)
64
+
- Fix a bug that could cause docker-proxy to stop forwarding UDP datagrams to containers. [moby/moby#49649](https://github.com/moby/moby/pull/49649)
65
+
- Fix a bug that was causing docker-proxy to close UDP connections to containers eagerly and resulting in the source address to change needlessly. [moby/moby#49649](https://github.com/moby/moby/pull/49649)
66
+
67
+
### Go SDK
68
+
69
+
- Move various types and consts from `cli-plugins/manager` to a separate package. [docker/cli#5902](https://github.com/docker/cli/pull/5902)
70
+
- Update minimum required Go version to go1.23. [moby/moby#49541](https://github.com/moby/moby/pull/49541)
71
+
- runconfig/errors: split `ErrConflictHostNetwork` into `ErrConflictConnectToHostNetwork` and `ErrConflictDisconnectFromHostNetwork`. [moby/moby#49605](https://github.com/moby/moby/pull/49605)
72
+
-`cli/command`: Move `PrettyPrint` utility to `cli/command/formatter`. [docker/cli#5916](https://github.com/docker/cli/pull/5916)
73
+
74
+
### Deprecations
75
+
76
+
- Go-SDK: Deprecate `opts.PortOpt`, `opts.ConfigOpt` and `opts.SecretOpt`. These types were moved to the `opts/swarmopts` package. [docker/cli#5907](https://github.com/docker/cli/pull/5907)
77
+
- Go-SDK: `cli/command/image`: Deprecate and internalize `TrustedPush`. [docker/cli#5894](https://github.com/docker/cli/pull/5894)
78
+
- Go-SDK: `cli/command`: deprecate `Cli.RegistryClient`. This method was only used internally and will be removed in the next release. Use [`client.NewRegistryClient`](https://pkg.go.dev/github.com/docker/[email protected]+incompatible/cli/registry/client#NewRegistryClient) instead. [docker/cli#5889](https://github.com/docker/cli/pull/5889), [docker/cli#5889](https://github.com/docker/cli/pull/5889)
- Go-SDK: `registry`: deprecate `SetCertsDir`: the cert-directory is now automatically selected when running with rootlessKit, and should no longer be set manually. [moby/moby#49612](https://github.com/moby/moby/pull/49612)
- Go-SDK: Deprecate `cli-plugins/manager.ResourceAttributesEnvvar` const. This const was used internally, but holds the `OTEL_RESOURCE_ATTRIBUTES` name, which is part of the OpenTelemetry specification. Users of this const should define their own. This const will be removed in the next release. [docker/cli#5881](https://github.com/docker/cli/pull/5881)
83
+
- Go-SDK: `cli/command`: deprecate `Cli.NotaryClient`: use [`trust.GetNotaryRepository`](https://pkg.go.dev/github.com/docker/[email protected]+incompatible/cli/trust#GetNotaryRepository) instead. This method is no longer used and will be removed in the next release. [docker/cli#5885](https://github.com/docker/cli/pull/5885)
84
+
- Go-SDK: `cli/command/image`: Deprecate `PushTrustedReference` and move to `cli/trust`. [docker/cli#5894](https://github.com/docker/cli/pull/5894)
85
+
- Go-SDK: `registry`: deprecate `HostCertsDir`: this function was only used internally and will be removed in the next release. [moby/moby#49612](https://github.com/moby/moby/pull/49612)
0 commit comments