You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Fix daemon failing to start on Windows when a container created before v28.0.0 was present. [moby/moby#49626](https://github.com/moby/moby/pull/49626)
37
+
- Fix possible error on `docker buildx prune` with the `--min-free-space`. [moby/moby#49623](https://github.com/moby/moby/pull/49623)
38
+
- Mask Linux thermal interrupt info in a container's `/proc` and `/sys` by default. Mitigates potential [Thermal Side-Channel Vulnerability Exploit](https://github.com/moby/moby/security/advisories/GHSA-6fw5-f8r9-fgfm). [moby/moby#49560](https://github.com/moby/moby/pull/49560)
39
+
- Fix spurious `io: read/write on closed pipe` error in the daemon log when closing container. [moby/moby#49590](https://github.com/moby/moby/pull/49590)
40
+
- containerd image store: Improve performance of `docker ps` when running large number of containers. [moby/moby#49365](https://github.com/moby/moby/pull/49365)
41
+
- Fix the Docker daemon failing too early if the containerd socket isn't immediately available. [moby/moby#49603](https://github.com/moby/moby/pull/49603)
42
+
- Fix an issue where user-specified `OTEL_RESOURCE_ATTRIBUTES` were being overridden by CLI's internal telemetry attributes. The CLI now properly merges user-specified attributes with internal ones, allowing both to coexist. [docker/cli#5842](https://github.com/docker/cli/pull/5842)
43
+
- Fix CLI-specific attributes (`docker.cli.*`) being unintentionally passed to downstream OTel services. [docker/cli#5842](https://github.com/docker/cli/pull/5842)
44
+
45
+
### Packaging updates
46
+
47
+
- Update `contrib/check-config.sh` to check for more kernel modules related to iptables. [moby/moby#49622](https://github.com/moby/moby/pull/49622)
48
+
- Update BuildKit to [v0.20.1](https://github.com/moby/buildkit/releases/tag/v0.20.1). [moby/moby#49587](https://github.com/moby/moby/pull/49587)
49
+
- Update Go runtime to [1.23.7](https://go.dev/doc/devel/release#go1.23.7). [docker/cli#5890](https://github.com/docker/cli/pull/5890), [moby/moby#49580](https://github.com/moby/moby/pull/49580)
50
+
- Update containerd (static binaries only) to [v1.7.26](https://github.com/containerd/containerd/releases/tag/v1.7.26). [moby/moby#49553](https://github.com/moby/moby/pull/49553)
51
+
- Update RootlessKit to [v2.3.4](https://github.com/rootless-containers/rootlesskit/releases/tag/v2.3.4). [moby/moby#49614](https://github.com/moby/moby/pull/49614)
52
+
- Update Compose to [v2.34.0](https://github.com/docker/compose/releases/tag/v2.34.0). [docker/docker-ce-packaging#1172](https://github.com/docker/docker-ce-packaging/pull/1172)
53
+
54
+
### Networking
55
+
56
+
- Allow container startup when an endpoint is attached to a macvlan network where the parent interface is down. [moby/moby#49630](https://github.com/moby/moby/pull/49630)
57
+
- Do not skip DNAT for packets originating in a gateway_mode=routed network. [moby/moby#49577](https://github.com/moby/moby/pull/49577)
58
+
- Add environment variable `DOCKER_INSECURE_NO_IPTABLES_RAW=1` to allow Docker to run on systems where the Linux kernel can't provide `CONFIG_IP_NF_RAW` support. When enabled, Docker will not create rules in the iptables `raw` table. Warning: This is not recommended for production environments as it reduces security by allowing other hosts on the local network to route to ports published to host addresses, even when they are published to `127.0.0.1.` This option bypasses some of the security hardening introduced in Docker Engine 28.0.0. [moby/moby#49621](https://github.com/moby/moby/pull/49621)
59
+
60
+
### Go SDK
61
+
62
+
- Move various types and consts from `cli-plugins/manager` to a separate package. [docker/cli#5902](https://github.com/docker/cli/pull/5902)
63
+
-`cli/command`: Move `PrettyPrint` utility to `cli/command/formatter`. [docker/cli#5916](https://github.com/docker/cli/pull/5916)
64
+
- Update minimum required Go version to go1.23. [moby/moby#49541](https://github.com/moby/moby/pull/49541)
65
+
66
+
### Deprecations
67
+
68
+
- Go-SDK: Deprecate `opts.PortOpt`, `opts.ConfigOpt` and `opts.SecretOpt`. These types were moved to the `opts/swarmopts` package. [docker/cli#5907](https://github.com/docker/cli/pull/5907)
69
+
- Go-SDK: Deprecate `cli-plugins/manager.ResourceAttributesEnvvar` const. This const was used internally, but holds the `OTEL_RESOURCE_ATTRIBUTES` name, which is part of the OpenTelemetry specification. Users of this const should define their own. This const will be removed in the next release. [docker/cli#5881](https://github.com/docker/cli/pull/5881)
70
+
- Go-SDK: `registry`: deprecate `HostCertsDir`: this function was only used internally and will be removed in the next release. [moby/moby#49612](https://github.com/moby/moby/pull/49612)
71
+
- Go-SDK: `cli/command/image`: Deprecate and internalize `TrustedPush`. [docker/cli#5894](https://github.com/docker/cli/pull/5894)
72
+
- Go-SDK: `cli/command`: deprecate `Cli.RegistryClient`. This method was only used internally and will be removed in the next release. Use [`client.NewRegistryClient`](https://pkg.go.dev/github.com/docker/[email protected]+incompatible/cli/registry/client#NewRegistryClient) instead. [docker/cli#5889](https://github.com/docker/cli/pull/5889), [docker/cli#5889](https://github.com/docker/cli/pull/5889)
73
+
- Go-SDK: `cli/command`: deprecate `Cli.NotaryClient`: use [`trust.GetNotaryRepository`](https://pkg.go.dev/github.com/docker/[email protected]+incompatible/cli/trust#GetNotaryRepository) instead. This method is no longer used and will be removed in the next release. [docker/cli#5885](https://github.com/docker/cli/pull/5885)
74
+
- Go-SDK: `registry`: deprecate `SetCertsDir`: the cert-directory is now automatically selected when running with rootlessKit, and should no longer be set manually. [moby/moby#49612](https://github.com/moby/moby/pull/49612)
0 commit comments