Sourced from github.com/moby/moby's releases.
v26.0.0
26.0.0
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 26.0.0 milestone
- moby/moby, 26.0.0 milestone
- Deprecated and removed features, see Deprecated Features.
- Changes to the Engine API, see API version history.
Security
This release contains a security fix for [CVE-2024-29018], a potential data exfiltration from 'internal' networks via authoritative DNS servers.
New
- Add
Subpathfield to theVolumeOptionsmaking it possible to mount a subpath of a volume. moby/moby#45687- Add
volume-subpathsupport to the mount flag (--mount type=volume,...,volume-subpath=<subpath>). docker/cli#4331- Accept
=separators and[ipv6]in compose files fordocker stack deploy. docker/cli#4860- rootless: Add support for enabling host loopback by setting the
DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACKenvironment variable tofalse(defaults totrue). This lets containers connect to the host by using IP address10.0.2.2. moby/moby#47352- containerd image store:
docker image lsno longer creates duplicates entries for multi-platform images. moby/moby#45967- containerd image store: Send Prometheus metrics. moby/moby#47555
Bug fixes and enhancements
- [CVE-2024-29018]: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589
- Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved. moby/moby#47233
[!WARNING]
Containers created using Docker Engine 25.0.0 may have duplicate MAC addresses, they must be re-created. Containers created using version 25.0.0 or 25.0.1 with user-defined MAC addresses will get generated MAC addresses when they are started using 25.0.2. They must also be re-created.
- Always attempt to enable IPv6 on a container's loopback interface, and only include IPv6 in
/etc/hostsif successful. moby/moby#47062[!NOTE]
By default, IPv6 will remain enabled on a container's loopback interface when the container is not connected to an IPv6-enabled network. For example, containers that are only connected to an IPv4-only network now have the
::1address on their loopback interface.To disable IPv6 in a container, use option
--sysctl net.ipv6.conf.all.disable_ipv6=1in thecreateorruncommand, or the equivalentsysctlsoption in the service configuration section of a Compose file.If IPv6 is not available in a container because it has been explicitly disabled for the container, or the host's networking stack does not have IPv6 enabled (or for any other reason) the container's
/etc/hostsfile will not include IPv6 entries.
- Fix
ADDDockerfile instruction failing withlsetxattr <file>: operation not supportedwhen unpacking archive with xattrs onto a filesystem that doesn't support them. moby/moby#47175- Fix
docker container startfailing when used with--checkpoint. moby/moby#47456
... (truncated)
8b79278 Merge pull request #47599 from neersighted/short_id_aliases_removal22726fb api: document changed behavior of the Aliases field in v1.45963e1f3 Merge pull request #47597 from vvoland/c8d-list-fix-shared-size3312b82 c8d/list: Add a test case for images sharing a top layerad8a5a5 c8d/list: Fix diffIDs being outputted instead of chainIDs0c2d83b c8d/list: Handle unpacked layers when calculating shared size330d777 Merge pull request #47591 from vvoland/api-1.453d2a56e docs/api: add documentation for API v1.454531a37 Merge pull request #47580 from vvoland/c8d-list-slow731a640 c8d/list: Generate image summary concurrently