19.03.3-rc1

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.3 (2019-10-02)

Builder

• Fix builder-next: resolve digest for third party registries. docker/engine#339
• Fix builder-next: user namespace builds when daemon started with socket activation. docker/engine#373
• Fix builder-next: session: release forwarded ssh socket connection per connection. docker/engine#373
• Fix builder-next: llbsolver: error on multiple cache importers. docker/engine#373

Networking

• Fix various libnetwork issues for iptables, DNS queries, and more. docker/engine#330

Runtime

• Bump Golang to 1.12.10. docker/engine#387
• Bump containerd to 1.2.10. docker/engine#385
• Distribution: modify warning logic when pulling v2 schema1 manifests. docker/engine#368

• Fix POST /images/create returning a 500 status code when providing an incorrect platform option. docker/engine#365
• Fix POST /build returning a 500 status code when providing an incorrect platform option. docker/engine#365
• Fix panic on 32-bit ARMv7 caused by misaligned struct member. docker/engine#363
• Fix to return "invalid parameter" when linking to non-existing container. docker/engine#352
• Fix overlay2: busy error on mount when using kernel >= 5.2. docker/engine#332
• Fix docker rmi stuck in certain misconfigured systems, e.g. dead NFS share. docker/engine#335
• Fix handling of blocked I/O of exec'd processes. docker/engine#296
• Fix jsonfile logger: follow logs stuck when max-size is set and max-file=1. docker/engine#378

19.03.2 (2019-08-29)

Builder

• Fix "COPY --from" to non-existing directory on Windows. moby/moby#39695
• Fix builder-next: metadata commands not having created time in history. moby/moby#39456
• Fix builder-next: close progress on layer export error. moby/moby#39782

• Update buildkit to 588c73e1e4. moby/moby#39781

Client

• Fix Windows absolute path detection on non-Windows. docker/cli#1990
• Fix to zsh completion script for docker login --username.
• Fix context: produce consistent output on context create. docker/cli#1985
• Fix support for HTTP proxy env variable. docker/cli#2059

Logging

• Fix for reading journald logs. moby/moby#37819 moby/moby#38859

Networking

• Prevent panic on network attach to a container with disabled networking. moby/moby#39589

Runtime

• Bump Golang to 1.12.8.

• Fix a potential engine panic when using XFS disk quota for containers. moby/moby#39644

Swarm

• Fix an issue where nodes with lots of tasks could not be removed. docker/swarmkit#2867

19.03.1 (2019-07-25)

Runtime

• Fix CVE-2019-14271 loading of nsswitch based config inside chroot under Glibc.

19.03.0 (2019-07-22)

Deprecation

• Deprecate image manifest v2 schema1 in favor of v2 schema2. Future version of Docker will remove support for v2 schema1 altogether. moby/moby#39365
• Remove v1.10 migrator. moby/moby#38265
• Skip deprecated storage-drivers in auto-selection. moby/moby#38019
• Deprecate aufs storage driver and add warning. moby/moby#38090

Client

• Add --pids-limit flag to docker update. docker/cli#1765
• Add systctl support for services. docker/cli#1754
• Add support for template_driver in composefiles. docker/cli#1746
• Add --device support for Windows. docker/cli#1606
• Data Path Port configuration support. docker/cli#1509
• Fast context switch: commands. docker/cli#1501
• Support --mount type=bind,bind-nonrecursive,... docker/cli#1430
• Add maximum replicas per node. docker/cli#1410 docker/cli#1612
• Add option to pull images quietly. docker/cli#882
• Add a separate --domainname flag. docker/cli#1130
• Add support for secret drivers in docker stack deploy. docker/cli#1783
• Add ability to use swarm Configs as CredentialSpecs on services. docker/cli#1781
• Add --security-opt systempaths=unconfined support. docker/cli#1808
• Basic framework for writing and running CLI plugins. docker/cli#1564 docker/cli#1898
• Docker App v0.8.0. docker/docker-ce-packaging#341
• Docker buildx. docker/docker-ce-packaging#336

• Bump google.golang.org/grpc to v1.20.1. docker/cli#1884
• Cli change to pass driver specific options to docker run. docker/cli#1767
• Bump Golang 1.12.5. docker/cli#1875
• The docker system info output now segregates information relevant to the client and daemon. docker/cli#1638
• (Experimental) When targetting Kubernetes, add support for x-pull-secret: some-pull-secret in compose-files service configs. docker/cli#1617
• (Experimental) When targetting Kubernetes, add support for x-pull-policy: <Never|Always|IfNotPresent> in compose-files service configs. docker/cli#1617
• cp, save, export: Prevent overwriting irregular files. docker/cli#1515
• Allow npipe volume type on stack file. docker/cli#1195

• Fix tty initial size error. docker/cli#1529
• Fix labels copying value from environment variables. docker/cli#1671

API

• Update API version to v1.40. moby/moby#38089
• Add warnings to /info endpoint, and move detection to the daemon. moby/moby#37502
• Add HEAD support for /_ping endpoint. moby/moby#38570
• Add Cache-Control headers to disable caching /_ping endpoint. moby/moby#38569
• Add containerd, runc, and docker-init versions to /version. moby/moby#37974

• Add undocumented /grpc endpoint and register BuildKit's controller. moby/moby#38990

Builder

• builder-next: allow setting buildkit outputs. docker/cli#1766
• builder-next: look for a Dockerfile specific dockerignore file (eg. Dockerfile.dockerignore) for ignored paths. docker/engine#215
• builder-next: automatically detect if process execution is possible for x86, arm and arm64 binaries. docker/engine#215
• builder-next: added inline cache support --cache-from. docker/engine#215
• builder-next: allow outputs configuration. moby/moby#38898

• builder-next: update buildkit to 1f89ec1. docker/engine#260
• builder-next: buildkit now also uses systemd's resolv.conf. docker/engine#260
• builder-next: use Dockerfile frontend version docker/dockerfile:1.1 by default. docker/engine#215
• builder-next: no longer rely on an external image for COPY/ADD operations. docker/engine#215

• Builder: fix COPY --from should preserve ownership. moby/moby#38599
• builder-next: fix gcr workaround token cache. docker/engine#212
• builder-next: call stopprogress on download error. docker/engine#215

Experimental

• Enable checkpoint/restore of contain...

19.03.3-beta2

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.3 (2019-10-02)

Builder

• Fix builder-next: resolve digest for third party registries. docker/engine#339
• Fix builder-next: user namespace builds when daemon started with socket activation. docker/engine#373
• Fix builder-next: session: release forwarded ssh socket connection per connection. docker/engine#373
• Fix builder-next: llbsolver: error on multiple cache importers. docker/engine#373

Networking

• Fix various libnetwork issues for iptables, DNS queries, and more. docker/engine#330

Runtime

• Bump Golang to 1.12.10. docker/engine#387
• Bump containerd to 1.2.10. docker/engine#385
• Distribution: modify warning logic when pulling v2 schema1 manifests. docker/engine#368

• Fix POST /images/create returning a 500 status code when providing an incorrect platform option. docker/engine#365
• Fix POST /build returning a 500 status code when providing an incorrect platform option. docker/engine#365
• Fix panic on 32-bit ARMv7 caused by misaligned struct member. docker/engine#363
• Fix to return "invalid parameter" when linking to non-existing container. docker/engine#352
• Fix overlay2: busy error on mount when using kernel >= 5.2. docker/engine#332
• Fix docker rmi stuck in certain misconfigured systems, e.g. dead NFS share. docker/engine#335
• Fix handling of blocked I/O of exec'd processes. docker/engine#296
• Fix jsonfile logger: follow logs stuck when max-size is set and max-file=1. docker/engine#378

19.03.2 (2019-08-29)

Builder

• Fix "COPY --from" to non-existing directory on Windows. moby/moby#39695
• Fix builder-next: metadata commands not having created time in history. moby/moby#39456
• Fix builder-next: close progress on layer export error. moby/moby#39782

• Update buildkit to 588c73e1e4. moby/moby#39781

Client

• Fix Windows absolute path detection on non-Windows. docker/cli#1990
• Fix to zsh completion script for docker login --username.
• Fix context: produce consistent output on context create. docker/cli#1985
• Fix support for HTTP proxy env variable. docker/cli#2059

Logging

• Fix for reading journald logs. moby/moby#37819 moby/moby#38859

Networking

• Prevent panic on network attach to a container with disabled networking. moby/moby#39589

Runtime

• Bump Golang to 1.12.8.

• Fix a potential engine panic when using XFS disk quota for containers. moby/moby#39644

Swarm

• Fix an issue where nodes with lots of tasks could not be removed. docker/swarmkit#2867

19.03.1 (2019-07-25)

Runtime

• Fix CVE-2019-14271 loading of nsswitch based config inside chroot under Glibc.

19.03.0 (2019-07-22)

Deprecation

• Deprecate image manifest v2 schema1 in favor of v2 schema2. Future version of Docker will remove support for v2 schema1 altogether. moby/moby#39365
• Remove v1.10 migrator. moby/moby#38265
• Skip deprecated storage-drivers in auto-selection. moby/moby#38019
• Deprecate aufs storage driver and add warning. moby/moby#38090

Client

• Add --pids-limit flag to docker update. docker/cli#1765
• Add systctl support for services. docker/cli#1754
• Add support for template_driver in composefiles. docker/cli#1746
• Add --device support for Windows. docker/cli#1606
• Data Path Port configuration support. docker/cli#1509
• Fast context switch: commands. docker/cli#1501
• Support --mount type=bind,bind-nonrecursive,... docker/cli#1430
• Add maximum replicas per node. docker/cli#1410 docker/cli#1612
• Add option to pull images quietly. docker/cli#882
• Add a separate --domainname flag. docker/cli#1130
• Add support for secret drivers in docker stack deploy. docker/cli#1783
• Add ability to use swarm Configs as CredentialSpecs on services. docker/cli#1781
• Add --security-opt systempaths=unconfined support. docker/cli#1808
• Basic framework for writing and running CLI plugins. docker/cli#1564 docker/cli#1898
• Docker App v0.8.0. docker/docker-ce-packaging#341
• Docker buildx. docker/docker-ce-packaging#336

• Bump google.golang.org/grpc to v1.20.1. docker/cli#1884
• Cli change to pass driver specific options to docker run. docker/cli#1767
• Bump Golang 1.12.5. docker/cli#1875
• The docker system info output now segregates information relevant to the client and daemon. docker/cli#1638
• (Experimental) When targetting Kubernetes, add support for x-pull-secret: some-pull-secret in compose-files service configs. docker/cli#1617
• (Experimental) When targetting Kubernetes, add support for x-pull-policy: <Never|Always|IfNotPresent> in compose-files service configs. docker/cli#1617
• cp, save, export: Prevent overwriting irregular files. docker/cli#1515
• Allow npipe volume type on stack file. docker/cli#1195

• Fix tty initial size error. docker/cli#1529
• Fix labels copying value from environment variables. docker/cli#1671

API

• Update API version to v1.40. moby/moby#38089
• Add warnings to /info endpoint, and move detection to the daemon. moby/moby#37502
• Add HEAD support for /_ping endpoint. moby/moby#38570
• Add Cache-Control headers to disable caching /_ping endpoint. moby/moby#38569
• Add containerd, runc, and docker-init versions to /version. moby/moby#37974

• Add undocumented /grpc endpoint and register BuildKit's controller. moby/moby#38990

Builder

• builder-next: allow setting buildkit outputs. docker/cli#1766
• builder-next: look for a Dockerfile specific dockerignore file (eg. Dockerfile.dockerignore) for ignored paths. docker/engine#215
• builder-next: automatically detect if process execution is possible for x86, arm and arm64 binaries. docker/engine#215
• builder-next: added inline cache support --cache-from. docker/engine#215
• builder-next: allow outputs configuration. moby/moby#38898

• builder-next: update buildkit to 1f89ec1. docker/engine#260
• builder-next: buildkit now also uses systemd's resolv.conf. docker/engine#260
• builder-next: use Dockerfile frontend version docker/dockerfile:1.1 by default. docker/engine#215
• builder-next: no longer rely on an external image for COPY/ADD operations. docker/engine#215

• Builder: fix COPY --from should preserve ownership. moby/moby#38599
• builder-next: fix gcr workaround token cache. docker/engine#212
• builder-next: call stopprogress on download error. docker/engine#215

Experimental

• Enable checkpoint/restore of contain...

19.03.3-beta1

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.3 (2019-10-02)

Builder

• Fix builder-next: resolve digest for third party registries. docker/engine#339
• Fix builder-next: user namespace builds when daemon started with socket activation. docker/engine#339
• Fix builder-next: session: release forwarded ssh socket connection per connection. docker/engine#339
• Fix builder-next: llbsolver: error on multiple cache importers. docker/engine#339

Networking

• Fix various libnetwork issues for iptables, DNS queries, and more. docker/engine#330

Runtime

• Bump Golang to 1.12.9. docker/engine#366
• Bump containerd to 1.2.9. docker/engine#349
• Distribution: modify warning logic when pulling v2 schema1 manifests. docker/engine#368

• Fix POST /images/create returning a 500 status code when providing an incorrect platform option. docker/engine#365
• Fix POST /build returning a 500 status code when providing an incorrect platform option. docker/engine#365
• Fix atomic: patch 64bit alignment on 32bit systems. docker/engine#363
• Fix to ensure parent dir exists for mount cleanup file. docker/engine#360
• Fix to return "invalid parameter" when linking to non-existing container. docker/engine#352
• Fix overlay2 busy error on mount. docker/engine#332
• Fix docker rmi -f hang. docker/engine#335
• Fix handling of blocked I/O of exec'd processes. docker/engine#296

19.03.2 (2019-08-29)

Builder

• Fix "COPY --from" to non-existing directory on Windows. moby/moby#39695
• Fix builder-next: metadata commands not having created time in history. moby/moby#39456
• Fix builder-next: close progress on layer export error. moby/moby#39782

• Update buildkit to 588c73e1e4. moby/moby#39781

Client

• Fix Windows absolute path detection on non-Windows. docker/cli#1990
• Fix to zsh completion script for docker login --username.
• Fix context: produce consistent output on context create. docker/cli#1985
• Fix support for HTTP proxy env variable. docker/cli#2059

Logging

• Fix for reading journald logs. moby/moby#37819 moby/moby#38859

Networking

• Prevent panic on network attach to a container with disabled networking. moby/moby#39589

Runtime

• Bump Golang to 1.12.8.

• Fix a potential engine panic when using XFS disk quota for containers. moby/moby#39644

Swarm

• Fix an issue where nodes with lots of tasks could not be removed. docker/swarmkit#2867

19.03.1 (2019-07-25)

Runtime

• Fix CVE-2019-14271 loading of nsswitch based config inside chroot under Glibc.

19.03.0 (2019-07-22)

Deprecation

• Deprecate image manifest v2 schema1 in favor of v2 schema2. Future version of Docker will remove support for v2 schema1 altogether. moby/moby#39365
• Remove v1.10 migrator. moby/moby#38265
• Skip deprecated storage-drivers in auto-selection. moby/moby#38019
• Deprecate aufs storage driver and add warning. moby/moby#38090

Client

• Add --pids-limit flag to docker update. docker/cli#1765
• Add systctl support for services. docker/cli#1754
• Add support for template_driver in composefiles. docker/cli#1746
• Add --device support for Windows. docker/cli#1606
• Data Path Port configuration support. docker/cli#1509
• Fast context switch: commands. docker/cli#1501
• Support --mount type=bind,bind-nonrecursive,... docker/cli#1430
• Add maximum replicas per node. docker/cli#1410 docker/cli#1612
• Add option to pull images quietly. docker/cli#882
• Add a separate --domainname flag. docker/cli#1130
• Add support for secret drivers in docker stack deploy. docker/cli#1783
• Add ability to use swarm Configs as CredentialSpecs on services. docker/cli#1781
• Add --security-opt systempaths=unconfined support. docker/cli#1808
• Basic framework for writing and running CLI plugins. docker/cli#1564 docker/cli#1898
• Docker App v0.8.0. docker/docker-ce-packaging#341
• Docker buildx. docker/docker-ce-packaging#336

• Bump google.golang.org/grpc to v1.20.1. docker/cli#1884
• Cli change to pass driver specific options to docker run. docker/cli#1767
• Bump Golang 1.12.5. docker/cli#1875
• The docker system info output now segregates information relevant to the client and daemon. docker/cli#1638
• (Experimental) When targetting Kubernetes, add support for x-pull-secret: some-pull-secret in compose-files service configs. docker/cli#1617
• (Experimental) When targetting Kubernetes, add support for x-pull-policy: <Never|Always|IfNotPresent> in compose-files service configs. docker/cli#1617
• cp, save, export: Prevent overwriting irregular files. docker/cli#1515
• Allow npipe volume type on stack file. docker/cli#1195

• Fix tty initial size error. docker/cli#1529
• Fix labels copying value from environment variables. docker/cli#1671

API

• Update API version to v1.40. moby/moby#38089
• Add warnings to /info endpoint, and move detection to the daemon. moby/moby#37502
• Add HEAD support for /_ping endpoint. moby/moby#38570
• Add Cache-Control headers to disable caching /_ping endpoint. moby/moby#38569
• Add containerd, runc, and docker-init versions to /version. moby/moby#37974

• Add undocumented /grpc endpoint and register BuildKit's controller. moby/moby#38990

Builder

• builder-next: allow setting buildkit outputs. docker/cli#1766
• builder-next: look for a Dockerfile specific dockerignore file (eg. Dockerfile.dockerignore) for ignored paths. docker/engine#215
• builder-next: automatically detect if process execution is possible for x86, arm and arm64 binaries. docker/engine#215
• builder-next: added inline cache support --cache-from. docker/engine#215
• builder-next: allow outputs configuration. moby/moby#38898

• builder-next: update buildkit to 1f89ec1. docker/engine#260
• builder-next: buildkit now also uses systemd's resolv.conf. docker/engine#260
• builder-next: use Dockerfile frontend version docker/dockerfile:1.1 by default. docker/engine#215
• builder-next: no longer rely on an external image for COPY/ADD operations. docker/engine#215

• Builder: fix COPY --from should preserve ownership. moby/moby#38599
• builder-next: fix gcr workaround token cache. docker/engine#212
• builder-next: call stopprogress on download error. docker/engine#215

Experimental

• Enable checkpoint/restore of containers with TTY. moby/moby#38405
• LCOW: Add support for memory and CPU li...

18.09.9

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

18.09.9 (2019-08-29)

Client

• Fix Windows absolute path detection on non-Windows. docker/cli#1990
• Fix Docker refusing to load key from delegation.key on Windows. docker/cli#1968
• Completion scripts updates for bash and zsh.

Logging

• Fix for reading journald logs. moby/moby#37819 moby/moby#38859

Networking

• Prevent panic on network attach to a container with disabled networking. moby/moby#39589
• Fix service port for an application becomes unavailable randomly. docker/libnetwork#2069
• Fix cleaning up --config-only networks after --config-from networks have ungracefully exited. docker/libnetwork#2373

Runtime

• Update to Go 1.11.13.
• Fix a potential engine panic when using XFS disk quota for containers. moby/moby#39644

Swarm

• Fix "grpc: received message larger than max" errors. moby/moby#39306
• Fix an issue where nodes with lots of tasks could not be removed. docker/swarmkit#2867

18.09.8 (2019-07-17)

Client

• Fix Rollback config type interpolation. docker/cli#1973

Runtime

• Fix CVE-2019-13509 in DebugRequestMiddleware: unconditionally scrub data field.

18.09.7 (2019-06-27)

Builder

• Fix panic when building dockerfiles containing only comments. moby/moby#38487
• builder: add workaround for gcr auth issue. moby/moby#38246
• builder-next: fix gcr workaround token cache. moby/moby#39183

Runtime

• Performance optimizations in aufs and layer store for massively parallel container creation/removal. moby/moby#39107
• Update to containerd 1.2.6. moby/moby#39016

• Fix: CVE-2018-15664 symlink-exchange attack with directory traversal. moby/moby#39357
• Windows: fix support for docker service create --limit-cpu. moby/moby#39190
• daemon: fix mirrors validation. moby/moby#38991
• Stop sorting uid and gid ranges in id maps. moby/moby#39288

Logging

• Fix to allow large log lines for logger plugins. moby/moby#39038

18.09.6 (2019-05-02)

Builder

• Fix COPY and ADD with multiple <src> do not invalidate cache if DOCKER_BUILDKIT=1. moby/moby#38964

Networking

• Cleanup the cluster provider when the agent is closed. docker/libnetwork#2354
• Windows: pick a random host port if the user does not specify a host port. docker/libnetwork#2369

18.09.5 (2019-04-11)

Builder

• Fix DOCKER_BUILDKIT=1 docker build --squash .. docker/engine#176

Client

• Fix tty initial size error. docker/cli#1775
• Fix dial-stdio goroutine leakage. docker/cli#1795
• Fix the stack informer's selector used to track deployment. docker/cli#1794

Networking

• Fix network=host using wrong resolv.conf with systemd-resolved. docker/engine#180
• Fix Windows ARP entries getting corrupted randomly under load. docker/engine#192

Runtime

• Fix stopped containers with restart policy showing as Restarting. docker/engine#181
• Fix to use original process spec for execs. docker/engine#178

Swarm Mode

• Fix leaking task resources when nodes are deleted. docker/engine#185

18.09.4 (2019-03-27)

Builder

• Add validation for git ref so it can't be misinterpreted as a flag. moby/moby#38944

Runtime

• Fix docker cp error with filenames greater than 100 characters. moby/moby#38634
• Fix layer/layer_store: ensure NewInputTarStream resources are released. moby/moby#38413

• Increase GRPC limit for GetConfigs. moby/moby#38800
• Update to containerd 1.2.5. docker/engine#173

Swarm Mode

• Fix nil pointer exception when joining node to swarm. moby/moby#38618

18.09.3 (2019-02-28)

Networking

• Windows: avoid regeneration of network ids to prevent broken references to networks. docker/engine#149

Runtime

• Update to Go 1.10.8.
• Modify some of the names in the container name generator. docker/engine#159

• When copying existing folder, ignore xattr set errors when the target filesystem doesn't support xattr. docker/engine#135
• Graphdriver: fix "device" mode not being detected if "character-device" bit is set. docker/engine#160
• Fix nil pointer derefence on failure to connect to containerd. docker/engine#162
• Delete stale containerd object on start failure. docker/engine#154

18.09.2 (2019-02-11)

Security

• Update runc to address a critical vulnerability that allows specially-crafted containers to gain administrative privileges on the host. (CVE-2019-5736)

18.09.1 (2019-01-09)

Builder

• Fix inefficient networking config. docker/engine#123
• Fix docker system prune doesn't accept until filter. docker/engine#122
• Avoid unset credentials in containerd. docker/engine#122

• Update to BuildKit 0.3.3. docker/engine#122

• Additional warnings for use of deprecated legacy overlay and devicemapper storage dirvers. docker/engine#85

Client

• Add bash completion for experimental CLI commands (manifest). docker/cli#1542

• Fix yamldocs outputing [flags] in usage output. docker/cli#1540
• Fix setting default schema to tcp for docker host. docker/cli#1454
• prune: perform image pruning before build cache pruning. docker/cli#1532
• Fix bash completion for service update --force. docker/cli#1526

Networking

• Fix iptables compatibility on debian. docker/engine#107

Packaging

• Add docker.socket requirement for docker.service. docker/docker-ce-packaging#276
• Add socket activation for RHEL-based distributions. docker/docker-ce-packaging#274

• Add libseccomp requirement for RPM packages. docker/docker-ce-packaging#266

Runtime

• Add /proc/asound to masked paths. docker/engine#126
• Update to containerd 1.2.1-rc.0. docker/engine#121

• Windows: allow process isolation. docker/engine#81

• Windows: DetachVhd attempt in cleanup docker/engine#113
• API: properly handle invalid JSON to return a 400 status. docker/engine#110
• API: ignore default address-pools on API < 1.39. docker/engine#118
• API: add missing default address pool fields to swagger. docker/engine#119
• awslogs: account for UTF-8 normalization in limits. docker/engine#112
• Prohibit reading more than 1MB in HTTP error responses. docker/engine#114
• apparmor: allow receiving of signals from docker kill. docker/engine#116
• overlay2: use index=off if possible (fix EBUSY on mount). docker/engine#84

18.09.0 (2018-11-08)

Deprecation

For more information on the list of deprecated flags and APIs, have a look at
https://docs.docker.com/engine/deprecated/ where you can find the target removal dates

• Deprecate devicemapper storage driver docker/cli#1455 / [docker/cli#1424...

19.03.2

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.2 (2019-08-29)

Builder

• Fix "COPY --from" to non-existing directory on Windows. moby/moby#39695
• Fix builder-next: metadata commands not having created time in history. moby/moby#39456
• Fix builder-next: close progress on layer export error. moby/moby#39782

• Update buildkit to 588c73e1e4. moby/moby#39781

Client

• Fix Windows absolute path detection on non-Windows. docker/cli#1990
• Fix to zsh completion script for docker login --username.
• Fix context: produce consistent output on context create. docker/cli#1985
• Fix support for HTTP proxy env variable. docker/cli#2059

Logging

• Fix for reading journald logs. moby/moby#37819 moby/moby#38859

Networking

• Prevent panic on network attach to a container with disabled networking. moby/moby#39589

Runtime

• Bump Golang to 1.12.8.

• Fix a potential engine panic when using XFS disk quota for containers. moby/moby#39644

Swarm

• Fix an issue where nodes with lots of tasks could not be removed. docker/swarmkit#2867

19.03.1 (2019-07-25)

Runtime

• Fix CVE-2019-14271 loading of nsswitch based config inside chroot under Glibc.

19.03.0 (2019-07-22)

Deprecation

• Deprecate image manifest v2 schema1 in favor of v2 schema2. Future version of Docker will remove support for v2 schema1 altogether. moby/moby#39365
• Remove v1.10 migrator. moby/moby#38265
• Skip deprecated storage-drivers in auto-selection. moby/moby#38019
• Deprecate aufs storage driver and add warning. moby/moby#38090

Client

• Add --pids-limit flag to docker update. docker/cli#1765
• Add systctl support for services. docker/cli#1754
• Add support for template_driver in composefiles. docker/cli#1746
• Add --device support for Windows. docker/cli#1606
• Data Path Port configuration support. docker/cli#1509
• Fast context switch: commands. docker/cli#1501
• Support --mount type=bind,bind-nonrecursive,... docker/cli#1430
• Add maximum replicas per node. docker/cli#1410 docker/cli#1612
• Add option to pull images quietly. docker/cli#882
• Add a separate --domainname flag. docker/cli#1130
• Add support for secret drivers in docker stack deploy. docker/cli#1783
• Add ability to use swarm Configs as CredentialSpecs on services. docker/cli#1781
• Add --security-opt systempaths=unconfined support. docker/cli#1808
• Basic framework for writing and running CLI plugins. docker/cli#1564 docker/cli#1898
• Docker App v0.8.0. docker/docker-ce-packaging#341
• Docker buildx. docker/docker-ce-packaging#336

• Bump google.golang.org/grpc to v1.20.1. docker/cli#1884
• Cli change to pass driver specific options to docker run. docker/cli#1767
• Bump Golang 1.12.5. docker/cli#1875
• The docker system info output now segregates information relevant to the client and daemon. docker/cli#1638
• (Experimental) When targetting Kubernetes, add support for x-pull-secret: some-pull-secret in compose-files service configs. docker/cli#1617
• (Experimental) When targetting Kubernetes, add support for x-pull-policy: <Never|Always|IfNotPresent> in compose-files service configs. docker/cli#1617
• cp, save, export: Prevent overwriting irregular files. docker/cli#1515
• Allow npipe volume type on stack file. docker/cli#1195

• Fix tty initial size error. docker/cli#1529
• Fix labels copying value from environment variables. docker/cli#1671

API

• Update API version to v1.40. moby/moby#38089
• Add warnings to /info endpoint, and move detection to the daemon. moby/moby#37502
• Add HEAD support for /_ping endpoint. moby/moby#38570
• Add Cache-Control headers to disable caching /_ping endpoint. moby/moby#38569
• Add containerd, runc, and docker-init versions to /version. moby/moby#37974

• Add undocumented /grpc endpoint and register BuildKit's controller. moby/moby#38990

Builder

• builder-next: allow setting buildkit outputs. docker/cli#1766
• builder-next: look for a Dockerfile specific dockerignore file (eg. Dockerfile.dockerignore) for ignored paths. docker/engine#215
• builder-next: automatically detect if process execution is possible for x86, arm and arm64 binaries. docker/engine#215
• builder-next: added inline cache support --cache-from. docker/engine#215
• builder-next: allow outputs configuration. moby/moby#38898

• builder-next: update buildkit to 1f89ec1. docker/engine#260
• builder-next: buildkit now also uses systemd's resolv.conf. docker/engine#260
• builder-next: use Dockerfile frontend version docker/dockerfile:1.1 by default. docker/engine#215
• builder-next: no longer rely on an external image for COPY/ADD operations. docker/engine#215

• Builder: fix COPY --from should preserve ownership. moby/moby#38599
• builder-next: fix gcr workaround token cache. docker/engine#212
• builder-next: call stopprogress on download error. docker/engine#215

Experimental

• Enable checkpoint/restore of containers with TTY. moby/moby#38405
• LCOW: Add support for memory and CPU limits. moby/moby#37296

• Windows: Experimental: ContainerD runtime. moby/moby#38541
• Windows: Experimental: LCOW requires Windows RS5+. moby/moby#39108

Security

• mount: add BindOptions.NonRecursive (API v1.40). moby/moby#38003
• seccomp: whitelist io_pgetevents(). moby/moby#38895
• seccomp: allow ptrace(2) for 4.8+ kernels. moby/moby#38137

Runtime

• Allow running dockerd as a non-root user (Rootless mode). moby/moby#380050
• Rootless: optional support for lxc-user-nic SUID binary. docker/engine#208
• Add DeviceRequests to HostConfig to support NVIDIA GPUs. moby/moby#38828
• Add --device support for Windows. moby/moby#37638
• Add memory.kernelTCP support for linux. moby/moby#37043

• Making it possible to pass Windows credential specs directly to the engine. moby/moby#38777
• Add pids-limit support in docker update. moby/moby#32519
• Add support for exact list of capabilities. moby/moby#38380
• daemon: use 'private' ipc mode by default. moby/moby#35621
• daemon: switch to semaphore-gated WaitGroup for startup tasks. moby/moby#38301
• Use idtools.LookupGroup instead of parsing /etc/group file for docker.sock ownership to fix: api.go doesn't respect nsswitch.conf. moby/moby#38126
• cli: fix images filter when use multi reference filter. moby/moby#38171
• B...

19.03.2-rc1

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.2 (2019-08-28)

Builder

• Fix "COPY --from" to non-existing directory on Windows. moby/moby#39695
• Fix builder-next: metadata commands not having created time in history. moby/moby#39456
• Fix builder-next: close progress on layer export error. moby/moby#39782

• Update buildkit to 588c73e1e4. moby/moby#39781

Client

• Fix Windows absolute path detection on non-Windows. docker/cli#1990
• Fix to zsh completion script for docker login --username.
• Fix context: produce consistent output on context create. docker/cli#1985
• Fix support for HTTP proxy env variable. docker/cli#2059

Logging

• Fix for reading journald logs. moby/moby#37819 moby/moby#38859

Networking

• Prevent panic on network attach to a container with disabled networking. moby/moby#39589

Runtime

• Bump Golang to 1.12.8.

• Fix a potential engine panic when using XFS disk quota for containers. moby/moby#39644

Swarm

• Fix an issue where nodes with lots of tasks could not be removed. docker/swarmkit#2867

19.03.1 (2019-07-25)

Runtime

• Fix CVE-2019-14271 loading of nsswitch based config inside chroot under Glibc.

19.03.0 (2019-07-22)

Deprecation

• Deprecate image manifest v2 schema1 in favor of v2 schema2. Future version of Docker will remove support for v2 schema1 altogether. moby/moby#39365
• Remove v1.10 migrator. moby/moby#38265
• Skip deprecated storage-drivers in auto-selection. moby/moby#38019
• Deprecate aufs storage driver and add warning. moby/moby#38090

Client

• Add --pids-limit flag to docker update. docker/cli#1765
• Add systctl support for services. docker/cli#1754
• Add support for template_driver in composefiles. docker/cli#1746
• Add --device support for Windows. docker/cli#1606
• Data Path Port configuration support. docker/cli#1509
• Fast context switch: commands. docker/cli#1501
• Support --mount type=bind,bind-nonrecursive,... docker/cli#1430
• Add maximum replicas per node. docker/cli#1410 docker/cli#1612
• Add option to pull images quietly. docker/cli#882
• Add a separate --domainname flag. docker/cli#1130
• Add support for secret drivers in docker stack deploy. docker/cli#1783
• Add ability to use swarm Configs as CredentialSpecs on services. docker/cli#1781
• Add --security-opt systempaths=unconfined support. docker/cli#1808
• Basic framework for writing and running CLI plugins. docker/cli#1564 docker/cli#1898
• Docker App v0.8.0. docker/docker-ce-packaging#341
• Docker buildx. docker/docker-ce-packaging#336

• Bump google.golang.org/grpc to v1.20.1. docker/cli#1884
• Cli change to pass driver specific options to docker run. docker/cli#1767
• Bump Golang 1.12.5. docker/cli#1875
• The docker system info output now segregates information relevant to the client and daemon. docker/cli#1638
• (Experimental) When targetting Kubernetes, add support for x-pull-secret: some-pull-secret in compose-files service configs. docker/cli#1617
• (Experimental) When targetting Kubernetes, add support for x-pull-policy: <Never|Always|IfNotPresent> in compose-files service configs. docker/cli#1617
• cp, save, export: Prevent overwriting irregular files. docker/cli#1515
• Allow npipe volume type on stack file. docker/cli#1195

• Fix tty initial size error. docker/cli#1529
• Fix labels copying value from environment variables. docker/cli#1671

API

• Update API version to v1.40. moby/moby#38089
• Add warnings to /info endpoint, and move detection to the daemon. moby/moby#37502
• Add HEAD support for /_ping endpoint. moby/moby#38570
• Add Cache-Control headers to disable caching /_ping endpoint. moby/moby#38569
• Add containerd, runc, and docker-init versions to /version. moby/moby#37974

• Add undocumented /grpc endpoint and register BuildKit's controller. moby/moby#38990

Builder

• builder-next: allow setting buildkit outputs. docker/cli#1766
• builder-next: look for a Dockerfile specific dockerignore file (eg. Dockerfile.dockerignore) for ignored paths. docker/engine#215
• builder-next: automatically detect if process execution is possible for x86, arm and arm64 binaries. docker/engine#215
• builder-next: added inline cache support --cache-from. docker/engine#215
• builder-next: allow outputs configuration. moby/moby#38898

• builder-next: update buildkit to 1f89ec1. docker/engine#260
• builder-next: buildkit now also uses systemd's resolv.conf. docker/engine#260
• builder-next: use Dockerfile frontend version docker/dockerfile:1.1 by default. docker/engine#215
• builder-next: no longer rely on an external image for COPY/ADD operations. docker/engine#215

• Builder: fix COPY --from should preserve ownership. moby/moby#38599
• builder-next: fix gcr workaround token cache. docker/engine#212
• builder-next: call stopprogress on download error. docker/engine#215

Experimental

• Enable checkpoint/restore of containers with TTY. moby/moby#38405
• LCOW: Add support for memory and CPU limits. moby/moby#37296

• Windows: Experimental: ContainerD runtime. moby/moby#38541
• Windows: Experimental: LCOW requires Windows RS5+. moby/moby#39108

Security

• mount: add BindOptions.NonRecursive (API v1.40). moby/moby#38003
• seccomp: whitelist io_pgetevents(). moby/moby#38895
• seccomp: allow ptrace(2) for 4.8+ kernels. moby/moby#38137

Runtime

• Allow running dockerd as a non-root user (Rootless mode). moby/moby#380050
• Rootless: optional support for lxc-user-nic SUID binary. docker/engine#208
• Add DeviceRequests to HostConfig to support NVIDIA GPUs. moby/moby#38828
• Add --device support for Windows. moby/moby#37638
• Add memory.kernelTCP support for linux. moby/moby#37043

• Making it possible to pass Windows credential specs directly to the engine. moby/moby#38777
• Add pids-limit support in docker update. moby/moby#32519
• Add support for exact list of capabilities. moby/moby#38380
• daemon: use 'private' ipc mode by default. moby/moby#35621
• daemon: switch to semaphore-gated WaitGroup for startup tasks. moby/moby#38301
• Use idtools.LookupGroup instead of parsing /etc/group file for docker.sock ownership to fix: api.go doesn't respect nsswitch.conf. moby/moby#38126
• cli: fix images filter when use multi reference filter. moby/moby#38171
• B...

18.09.9-rc1

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

18.09.9 (2019-08-28)

Client

• Fix Windows absolute path detection on non-Windows. docker/cli#1990
• Fix Docker refusing to load key from delegation.key on Windows. docker/cli#1968
• Completion scripts updates for bash and zsh.

Logging

• Fix for reading journald logs. moby/moby#37819 moby/moby#38859

Networking

• Prevent panic on network attach to a container with disabled networking. moby/moby#39589
• Fix service port for an application becomes unavailable randomly. docker/libnetwork#2069
• Fix cleaning up --config-only networks after --config-from networks have ungracefully exited. docker/libnetwork#2373

Runtime

• Update to Go 1.11.13.
• Fix a potential engine panic when using XFS disk quota for containers. moby/moby#39644

Swarm

• Fix "grpc: received message larger than max" errors. moby/moby#39306
• Fix an issue where nodes with lots of tasks could not be removed. docker/swarmkit#2867

18.09.8 (2019-07-17)

Client

• Fix Rollback config type interpolation. docker/cli#1973

Runtime

• Fix CVE-2019-13509 in DebugRequestMiddleware: unconditionally scrub data field.

18.09.7 (2019-06-27)

Builder

• Fix panic when building dockerfiles containing only comments. moby/moby#38487
• builder: add workaround for gcr auth issue. moby/moby#38246
• builder-next: fix gcr workaround token cache. moby/moby#39183

Runtime

• Performance optimizations in aufs and layer store for massively parallel container creation/removal. moby/moby#39107
• Update to containerd 1.2.6. moby/moby#39016

• Fix: CVE-2018-15664 symlink-exchange attack with directory traversal. moby/moby#39357
• Windows: fix support for docker service create --limit-cpu. moby/moby#39190
• daemon: fix mirrors validation. moby/moby#38991
• Stop sorting uid and gid ranges in id maps. moby/moby#39288

Logging

• Fix to allow large log lines for logger plugins. moby/moby#39038

18.09.6 (2019-05-02)

Builder

• Fix COPY and ADD with multiple <src> do not invalidate cache if DOCKER_BUILDKIT=1. moby/moby#38964

Networking

• Cleanup the cluster provider when the agent is closed. docker/libnetwork#2354
• Windows: pick a random host port if the user does not specify a host port. docker/libnetwork#2369

18.09.5 (2019-04-11)

Builder

• Fix DOCKER_BUILDKIT=1 docker build --squash .. docker/engine#176

Client

• Fix tty initial size error. docker/cli#1775
• Fix dial-stdio goroutine leakage. docker/cli#1795
• Fix the stack informer's selector used to track deployment. docker/cli#1794

Networking

• Fix network=host using wrong resolv.conf with systemd-resolved. docker/engine#180
• Fix Windows ARP entries getting corrupted randomly under load. docker/engine#192

Runtime

• Fix stopped containers with restart policy showing as Restarting. docker/engine#181
• Fix to use original process spec for execs. docker/engine#178

Swarm Mode

• Fix leaking task resources when nodes are deleted. docker/engine#185

18.09.4 (2019-03-27)

Builder

• Add validation for git ref so it can't be misinterpreted as a flag. moby/moby#38944

Runtime

• Fix docker cp error with filenames greater than 100 characters. moby/moby#38634
• Fix layer/layer_store: ensure NewInputTarStream resources are released. moby/moby#38413

• Increase GRPC limit for GetConfigs. moby/moby#38800
• Update to containerd 1.2.5. docker/engine#173

Swarm Mode

• Fix nil pointer exception when joining node to swarm. moby/moby#38618

18.09.3 (2019-02-28)

Networking

• Windows: avoid regeneration of network ids to prevent broken references to networks. docker/engine#149

Runtime

• Update to Go 1.10.8.
• Modify some of the names in the container name generator. docker/engine#159

• When copying existing folder, ignore xattr set errors when the target filesystem doesn't support xattr. docker/engine#135
• Graphdriver: fix "device" mode not being detected if "character-device" bit is set. docker/engine#160
• Fix nil pointer derefence on failure to connect to containerd. docker/engine#162
• Delete stale containerd object on start failure. docker/engine#154

18.09.2 (2019-02-11)

Security

• Update runc to address a critical vulnerability that allows specially-crafted containers to gain administrative privileges on the host. (CVE-2019-5736)

18.09.1 (2019-01-09)

Builder

• Fix inefficient networking config. docker/engine#123
• Fix docker system prune doesn't accept until filter. docker/engine#122
• Avoid unset credentials in containerd. docker/engine#122

• Update to BuildKit 0.3.3. docker/engine#122

• Additional warnings for use of deprecated legacy overlay and devicemapper storage dirvers. docker/engine#85

Client

• Add bash completion for experimental CLI commands (manifest). docker/cli#1542

• Fix yamldocs outputing [flags] in usage output. docker/cli#1540
• Fix setting default schema to tcp for docker host. docker/cli#1454
• prune: perform image pruning before build cache pruning. docker/cli#1532
• Fix bash completion for service update --force. docker/cli#1526

Networking

• Fix iptables compatibility on debian. docker/engine#107

Packaging

• Add docker.socket requirement for docker.service. docker/docker-ce-packaging#276
• Add socket activation for RHEL-based distributions. docker/docker-ce-packaging#274

• Add libseccomp requirement for RPM packages. docker/docker-ce-packaging#266

Runtime

• Add /proc/asound to masked paths. docker/engine#126
• Update to containerd 1.2.1-rc.0. docker/engine#121

• Windows: allow process isolation. docker/engine#81

• Windows: DetachVhd attempt in cleanup docker/engine#113
• API: properly handle invalid JSON to return a 400 status. docker/engine#110
• API: ignore default address-pools on API < 1.39. docker/engine#118
• API: add missing default address pool fields to swagger. docker/engine#119
• awslogs: account for UTF-8 normalization in limits. docker/engine#112
• Prohibit reading more than 1MB in HTTP error responses. docker/engine#114
• apparmor: allow receiving of signals from docker kill. docker/engine#116
• overlay2: use index=off if possible (fix EBUSY on mount). docker/engine#84

18.09.0 (2018-11-08)

Deprecation

For more information on the list of deprecated flags and APIs, have a look at
https://docs.docker.com/engine/deprecated/ where you can find the target removal dates

• Deprecate devicemapper storage driver docker/cli#1455 / [docker/cli#1424...

19.03.1

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.1 (2019-07-25)

Runtime

• Fix CVE-2019-14271 loading of nsswitch based config inside chroot under Glibc.

19.03.0 (2019-07-22)

Deprecation

• Deprecate image manifest v2 schema1 in favor of v2 schema2. Future version of Docker will remove support for v2 schema1 altogether. moby/moby#39365
• Remove v1.10 migrator. moby/moby#38265
• Skip deprecated storage-drivers in auto-selection. moby/moby#38019
• Deprecate aufs storage driver and add warning. moby/moby#38090

Client

• Add --pids-limit flag to docker update. docker/cli#1765
• Add systctl support for services. docker/cli#1754
• Add support for template_driver in composefiles. docker/cli#1746
• Add --device support for Windows. docker/cli#1606
• Data Path Port configuration support. docker/cli#1509
• Fast context switch: commands. docker/cli#1501
• Support --mount type=bind,bind-nonrecursive,... docker/cli#1430
• Add maximum replicas per node. docker/cli#1410 docker/cli#1612
• Add option to pull images quietly. docker/cli#882
• Add a separate --domainname flag. docker/cli#1130
• Add support for secret drivers in docker stack deploy. docker/cli#1783
• Add ability to use swarm Configs as CredentialSpecs on services. docker/cli#1781
• Add --security-opt systempaths=unconfined support. docker/cli#1808
• Basic framework for writing and running CLI plugins. docker/cli#1564 docker/cli#1898
• Docker App v0.8.0. docker/docker-ce-packaging#341
• Docker buildx. docker/docker-ce-packaging#336

• Bump google.golang.org/grpc to v1.20.1. docker/cli#1884
• Cli change to pass driver specific options to docker run. docker/cli#1767
• Bump Golang 1.12.5. docker/cli#1875
• The docker system info output now segregates information relevant to the client and daemon. docker/cli#1638
• (Experimental) When targetting Kubernetes, add support for x-pull-secret: some-pull-secret in compose-files service configs. docker/cli#1617
• (Experimental) When targetting Kubernetes, add support for x-pull-policy: <Never|Always|IfNotPresent> in compose-files service configs. docker/cli#1617
• cp, save, export: Prevent overwriting irregular files. docker/cli#1515
• Allow npipe volume type on stack file. docker/cli#1195

• Fix tty initial size error. docker/cli#1529
• Fix labels copying value from environment variables. docker/cli#1671

API

• Update API version to v1.40. moby/moby#38089
• Add warnings to /info endpoint, and move detection to the daemon. moby/moby#37502
• Add HEAD support for /_ping endpoint. moby/moby#38570
• Add Cache-Control headers to disable caching /_ping endpoint. moby/moby#38569
• Add containerd, runc, and docker-init versions to /version. moby/moby#37974

• Add undocumented /grpc endpoint and register BuildKit's controller. moby/moby#38990

Builder

• builder-next: allow setting buildkit outputs. docker/cli#1766
• builder-next: look for a Dockerfile specific dockerignore file (eg. Dockerfile.dockerignore) for ignored paths. docker/engine#215
• builder-next: automatically detect if process execution is possible for x86, arm and arm64 binaries. docker/engine#215
• builder-next: added inline cache support --cache-from. docker/engine#215
• builder-next: allow outputs configuration. moby/moby#38898

• builder-next: update buildkit to 1f89ec1. docker/engine#260
• builder-next: buildkit now also uses systemd's resolv.conf. docker/engine#260
• builder-next: use Dockerfile frontend version docker/dockerfile:1.1 by default. docker/engine#215
• builder-next: no longer rely on an external image for COPY/ADD operations. docker/engine#215

• Builder: fix COPY --from should preserve ownership. moby/moby#38599
• builder-next: fix gcr workaround token cache. docker/engine#212
• builder-next: call stopprogress on download error. docker/engine#215

Experimental

• Enable checkpoint/restore of containers with TTY. moby/moby#38405
• LCOW: Add support for memory and CPU limits. moby/moby#37296

• Windows: Experimental: ContainerD runtime. moby/moby#38541
• Windows: Experimental: LCOW requires Windows RS5+. moby/moby#39108

Security

• mount: add BindOptions.NonRecursive (API v1.40). moby/moby#38003
• seccomp: whitelist io_pgetevents(). moby/moby#38895
• seccomp: allow ptrace(2) for 4.8+ kernels. moby/moby#38137

Runtime

• Allow running dockerd as a non-root user (Rootless mode). moby/moby#380050
• Rootless: optional support for lxc-user-nic SUID binary. docker/engine#208
• Add DeviceRequests to HostConfig to support NVIDIA GPUs. moby/moby#38828
• Add --device support for Windows. moby/moby#37638
• Add memory.kernelTCP support for linux. moby/moby#37043

• Making it possible to pass Windows credential specs directly to the engine. moby/moby#38777
• Add pids-limit support in docker update. moby/moby#32519
• Add support for exact list of capabilities. moby/moby#38380
• daemon: use 'private' ipc mode by default. moby/moby#35621
• daemon: switch to semaphore-gated WaitGroup for startup tasks. moby/moby#38301
• Use idtools.LookupGroup instead of parsing /etc/group file for docker.sock ownership to fix: api.go doesn't respect nsswitch.conf. moby/moby#38126
• cli: fix images filter when use multi reference filter. moby/moby#38171
• Bump Golang to 1.12.5. docker/engine#209
• Bump containerd to 1.2.6. moby/moby#39016
• Bump runc to 1.0.0-rc8, opencontainers/selinux v1.2.2. docker/engine#210
• Bump google.golang.org/grpc to v1.20.1. docker/engine#215
• Performance optimizations in aufs and layer store for massively parallel container creation/removal. moby/moby#39135 moby/moby#39209
• Pass root to chroot to for chroot Tar/Untar (CVE-2018-15664) moby/moby#39292

• Fix docker --init with /dev bind mount. moby/moby#37665
• Fix: fetch the right device number when greater than 255 and using --device-read-bps option. moby/moby#39212
• Fix: "Path does not exist" error when path definitely exists. moby/moby#39251
• Fix: CVE-2018-15664 symlink-exchange attack with directory traversal. moby/moby#39357
• Fix CVE-2019-13509 in DebugRequestMiddleware: unconditionally scrub data field...

19.03.0

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.0 (2019-07-22)

Deprecation

• Deprecate image manifest v2 schema1 in favor of v2 schema2. Future version of Docker will remove support for v2 schema1 altogether. moby/moby#39365
• Remove v1.10 migrator. moby/moby#38265
• Skip deprecated storage-drivers in auto-selection. moby/moby#38019
• Deprecate aufs storage driver and add warning. moby/moby#38090

Client

• Add --pids-limit flag to docker update. docker/cli#1765
• Add systctl support for services. docker/cli#1754
• Add support for template_driver in composefiles. docker/cli#1746
• Add --device support for Windows. docker/cli#1606
• Data Path Port configuration support. docker/cli#1509
• Fast context switch: commands. docker/cli#1501
• Support --mount type=bind,bind-nonrecursive,... docker/cli#1430
• Add maximum replicas per node. docker/cli#1410 docker/cli#1612
• Add option to pull images quietly. docker/cli#882
• Add a separate --domainname flag. docker/cli#1130
• Add support for secret drivers in docker stack deploy. docker/cli#1783
• Add ability to use swarm Configs as CredentialSpecs on services. docker/cli#1781
• Add --security-opt systempaths=unconfined support. docker/cli#1808
• Basic framework for writing and running CLI plugins. docker/cli#1564 docker/cli#1898
• Docker App v0.8.0. docker/docker-ce-packaging#341
• Docker buildx. docker/docker-ce-packaging#336

• Bump google.golang.org/grpc to v1.20.1. docker/cli#1884
• Cli change to pass driver specific options to docker run. docker/cli#1767
• Bump Golang 1.12.5. docker/cli#1875
• The docker system info output now segregates information relevant to the client and daemon. docker/cli#1638
• (Experimental) When targetting Kubernetes, add support for x-pull-secret: some-pull-secret in compose-files service configs. docker/cli#1617
• (Experimental) When targetting Kubernetes, add support for x-pull-policy: <Never|Always|IfNotPresent> in compose-files service configs. docker/cli#1617
• cp, save, export: Prevent overwriting irregular files. docker/cli#1515
• Allow npipe volume type on stack file. docker/cli#1195

• Fix tty initial size error. docker/cli#1529
• Fix labels copying value from environment variables. docker/cli#1671

API

• Update API version to v1.40. moby/moby#38089
• Add warnings to /info endpoint, and move detection to the daemon. moby/moby#37502
• Add HEAD support for /_ping endpoint. moby/moby#38570
• Add Cache-Control headers to disable caching /_ping endpoint. moby/moby#38569
• Add containerd, runc, and docker-init versions to /version. moby/moby#37974

• Add undocumented /grpc endpoint and register BuildKit's controller. moby/moby#38990

Builder

• builder-next: allow setting buildkit outputs. docker/cli#1766
• builder-next: look for a Dockerfile specific dockerignore file (eg. Dockerfile.dockerignore) for ignored paths. docker/engine#215
• builder-next: automatically detect if process execution is possible for x86, arm and arm64 binaries. docker/engine#215
• builder-next: added inline cache support --cache-from. docker/engine#215
• builder-next: allow outputs configuration. moby/moby#38898

• builder-next: update buildkit to 1f89ec1. docker/engine#260
• builder-next: buildkit now also uses systemd's resolv.conf. docker/engine#260
• builder-next: use Dockerfile frontend version docker/dockerfile:1.1 by default. docker/engine#215
• builder-next: no longer rely on an external image for COPY/ADD operations. docker/engine#215

• Builder: fix COPY --from should preserve ownership. moby/moby#38599
• builder-next: fix gcr workaround token cache. docker/engine#212
• builder-next: call stopprogress on download error. docker/engine#215

Experimental

• Enable checkpoint/restore of containers with TTY. moby/moby#38405
• LCOW: Add support for memory and CPU limits. moby/moby#37296

• Windows: Experimental: ContainerD runtime. moby/moby#38541
• Windows: Experimental: LCOW requires Windows RS5+. moby/moby#39108

Security

• mount: add BindOptions.NonRecursive (API v1.40). moby/moby#38003
• seccomp: whitelist io_pgetevents(). moby/moby#38895
• seccomp: allow ptrace(2) for 4.8+ kernels. moby/moby#38137

Runtime

• Allow running dockerd as a non-root user (Rootless mode). moby/moby#380050
• Rootless: optional support for lxc-user-nic SUID binary. docker/engine#208
• Add DeviceRequests to HostConfig to support NVIDIA GPUs. moby/moby#38828
• Add --device support for Windows. moby/moby#37638
• Add memory.kernelTCP support for linux. moby/moby#37043

• Making it possible to pass Windows credential specs directly to the engine. moby/moby#38777
• Add pids-limit support in docker update. moby/moby#32519
• Add support for exact list of capabilities. moby/moby#38380
• daemon: use 'private' ipc mode by default. moby/moby#35621
• daemon: switch to semaphore-gated WaitGroup for startup tasks. moby/moby#38301
• Use idtools.LookupGroup instead of parsing /etc/group file for docker.sock ownership to fix: api.go doesn't respect nsswitch.conf. moby/moby#38126
• cli: fix images filter when use multi reference filter. moby/moby#38171
• Bump Golang to 1.12.5. docker/engine#209
• Bump containerd to 1.2.6. moby/moby#39016
• Bump runc to 1.0.0-rc8, opencontainers/selinux v1.2.2. docker/engine#210
• Bump google.golang.org/grpc to v1.20.1. docker/engine#215
• Performance optimizations in aufs and layer store for massively parallel container creation/removal. moby/moby#39135 moby/moby#39209
• Pass root to chroot to for chroot Tar/Untar (CVE-2018-15664) moby/moby#39292

• Fix docker --init with /dev bind mount. moby/moby#37665
• Fix: fetch the right device number when greater than 255 and using --device-read-bps option. moby/moby#39212
• Fix: "Path does not exist" error when path definitely exists. moby/moby#39251
• Fix: CVE-2018-15664 symlink-exchange attack with directory traversal. moby/moby#39357
• Fix CVE-2019-13509 in DebugRequestMiddleware: unconditionally scrub data field.

Networking

• Move IPVLAN driver out of experimental. moby/moby#38983 / [moby/libnetwork#2230](https://github.com/docker/...

18.09.8

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

18.09.8 (2019-07-17)

Client

• Fix Rollback config type interpolation. docker/cli#1973

Runtime

• Fix CVE-2019-13509 in DebugRequestMiddleware: unconditionally scrub data field.

18.09.7 (2019-06-27)

Builder

• Fix panic when building dockerfiles containing only comments. moby/moby#38487
• builder: add workaround for gcr auth issue. moby/moby#38246
• builder-next: fix gcr workaround token cache. moby/moby#39183

Runtime

• Performance optimizations in aufs and layer store for massively parallel container creation/removal. moby/moby#39107
• Update to containerd 1.2.6. moby/moby#39016

• Fix: CVE-2018-15664 symlink-exchange attack with directory traversal. moby/moby#39357
• Windows: fix support for docker service create --limit-cpu. moby/moby#39190
• daemon: fix mirrors validation. moby/moby#38991
• Stop sorting uid and gid ranges in id maps. moby/moby#39288

Logging

• Fix to allow large log lines for logger plugins. moby/moby#39038

18.09.6 (2019-05-02)

Builder

• Fix COPY and ADD with multiple <src> do not invalidate cache if DOCKER_BUILDKIT=1. moby/moby#38964

Networking

• Cleanup the cluster provider when the agent is closed. docker/libnetwork#2354
• Windows: pick a random host port if the user does not specify a host port. docker/libnetwork#2369

18.09.5 (2019-04-11)

Builder

• Fix DOCKER_BUILDKIT=1 docker build --squash .. docker/engine#176

Client

• Fix tty initial size error. docker/cli#1775
• Fix dial-stdio goroutine leakage. docker/cli#1795
• Fix the stack informer's selector used to track deployment. docker/cli#1794

Networking

• Fix network=host using wrong resolv.conf with systemd-resolved. docker/engine#180
• Fix Windows ARP entries getting corrupted randomly under load. docker/engine#192

Runtime

• Fix stopped containers with restart policy showing as Restarting. docker/engine#181
• Fix to use original process spec for execs. docker/engine#178

Swarm Mode

• Fix leaking task resources when nodes are deleted. docker/engine#185

18.09.4 (2019-03-27)

Builder

• Add validation for git ref so it can't be misinterpreted as a flag. moby/moby#38944

Runtime

• Fix docker cp error with filenames greater than 100 characters. moby/moby#38634
• Fix layer/layer_store: ensure NewInputTarStream resources are released. moby/moby#38413

• Increase GRPC limit for GetConfigs. moby/moby#38800
• Update to containerd 1.2.5. docker/engine#173

Swarm Mode

• Fix nil pointer exception when joining node to swarm. moby/moby#38618

18.09.3 (2019-02-28)

Networking

• Windows: avoid regeneration of network ids to prevent broken references to networks. docker/engine#149

Runtime

• Update to Go 1.10.8.
• Modify some of the names in the container name generator. docker/engine#159

• When copying existing folder, ignore xattr set errors when the target filesystem doesn't support xattr. docker/engine#135
• Graphdriver: fix "device" mode not being detected if "character-device" bit is set. docker/engine#160
• Fix nil pointer derefence on failure to connect to containerd. docker/engine#162
• Delete stale containerd object on start failure. docker/engine#154

18.09.2 (2019-02-11)

Security

• Update runc to address a critical vulnerability that allows specially-crafted containers to gain administrative privileges on the host. (CVE-2019-5736)

18.09.1 (2019-01-09)

Builder

• Fix inefficient networking config. docker/engine#123
• Fix docker system prune doesn't accept until filter. docker/engine#122
• Avoid unset credentials in containerd. docker/engine#122

• Update to BuildKit 0.3.3. docker/engine#122

• Additional warnings for use of deprecated legacy overlay and devicemapper storage dirvers. docker/engine#85

Client

• Add bash completion for experimental CLI commands (manifest). docker/cli#1542

• Fix yamldocs outputing [flags] in usage output. docker/cli#1540
• Fix setting default schema to tcp for docker host. docker/cli#1454
• prune: perform image pruning before build cache pruning. docker/cli#1532
• Fix bash completion for service update --force. docker/cli#1526

Networking

• Fix iptables compatibility on debian. docker/engine#107

Packaging

• Add docker.socket requirement for docker.service. docker/docker-ce-packaging#276
• Add socket activation for RHEL-based distributions. docker/docker-ce-packaging#274

• Add libseccomp requirement for RPM packages. docker/docker-ce-packaging#266

Runtime

• Add /proc/asound to masked paths. docker/engine#126
• Update to containerd 1.2.1-rc.0. docker/engine#121

• Windows: allow process isolation. docker/engine#81

• Windows: DetachVhd attempt in cleanup docker/engine#113
• API: properly handle invalid JSON to return a 400 status. docker/engine#110
• API: ignore default address-pools on API < 1.39. docker/engine#118
• API: add missing default address pool fields to swagger. docker/engine#119
• awslogs: account for UTF-8 normalization in limits. docker/engine#112
• Prohibit reading more than 1MB in HTTP error responses. docker/engine#114
• apparmor: allow receiving of signals from docker kill. docker/engine#116
• overlay2: use index=off if possible (fix EBUSY on mount). docker/engine#84

18.09.0 (2018-11-08)

Deprecation

For more information on the list of deprecated flags and APIs, have a look at
https://docs.docker.com/engine/deprecated/ where you can find the target removal dates

• Deprecate devicemapper storage driver docker/cli#1455 / docker/cli#1424
• Deprecate legacy overlay storage driver docker/cli#1455 / docker/cli#1425
• Remove support for TLS < 1.2 moby/moby#37660
• Remove Ubuntu 14.04 "Trusty Tahr" as a supported platform docker-ce-packaging#255 / docker-ce-packaging#254
• Remove Debian 8 "Jessie" as a supported platform docker-ce-packaging#255 / docker-ce-packaging#254

API

• Update API version to 1.39 moby/moby#37640
• Add support for remote connections using SSH docker/cli#1014
• Builder: add prune options to the API moby/moby#37651
• Add "Warnings" to /info endpoint, and move detection to the daemon moby/moby#37502

• Do not return "<unknown>" in /info response moby/moby#37472

Builder

• Allow BuildKit builds to run without experimental mode enabled. Buildkit can now be confi...