v19.03.14

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.14 (2020-12-01)

Security

• CVE-2020-15257: Update bundled static binaries of containerd to v1.3.9 moby/moby#41731. Package managers should update the containerd.io package.

Builder

• Beta versions of apparmor are now parsed correctly preventing build failures moby/moby#41542

Networking

• Fix panic when swarmkit service keeps failing to start moby/moby#41635

Runtime

• Return correct errors instead of spurrious -EINVAL moby/moby#41293

Rootless

• Lock state dir for preventing automatic clean-up by systemd-tmpfiles moby/moby#41635
• dockerd-rootless.sh: support new containerd shim socket path convention moby/moby#41557

Logging

• gcplogs: Fix memory/connection leak moby/moby#41522
• awslogs: Support for AWS imdsv2 moby/moby#41494

19.03.13 (2020-09-16)

Builder

• buildkit: Fix nil dereference in cache logic moby/moby#41279
• buildkit: Treat unix sockets as regular files during COPY/ADD moby/moby#41269
• buildkit: Ignore system and security xattrs in calculation to ensure consistent COPY caching regardless of SELinux environment moby/moby#41222
• buildkit: Make --cache-from behavior more reliable moby/moby#41222
• buildkit: Fix infinite loop burning CPU when exporting cache moby/moby#41185

Client

• Bump Golang 1.13.15 docker/cli#2674
• Fix config file permission issues (~/.docker/config.json) docker/cli#2631
• build: Fix panic on terminals with zero height docker/cli#2719
• windows: Fix potential issue with newline character in console docker/cli#2623

Networking

• Clean up network sandbox on failure moby/moby#41081
• Fix shallow error messages by forwarding deadline-related errors to user moby/moby#41312
• Fix leaking of netns file descriptors moby/moby#41287

Rootless

• Fix port forwarder resource leak moby/moby#41277

Runtime

• Bump Golang 1.13.15 moby/moby#41334
• Update to containerd 1.3.7 moby/moby#40408

Windows

• Fix slow windows container start time when using servercore image moby/moby#41192

19.03.12 (2020-06-18)

Client

• Fix bug preventing logout from registry when using multiple config files (e.g. Windows vs WSL2 when using Docker Desktop) docker/cli#2592
• Fix regression preventing context metadata to be read docker/cli#2586
• Bump Golang 1.13.12 docker/cli#2575

Networking

• Fix regression preventing daemon start up in a systemd-nspawn environment moby/moby#41124 moby/libnetwork#2567
• Fix the retry logic for creating overlay networks in swarm moby/moby#41124 moby/libnetwork#2565

Runtime

• Bump Golang 1.13.12 moby/moby#41082

19.03.11 (2020-06-01)

Network

• Disable IPv6 Router Advertisements to prevent address spoofing CVE-2020-13401

19.03.10 (2020-05-29)

Client

• Fix version negotiation with older engine docker/cli#2538
• Avoid setting SSH flags through hostname docker/cli#2560
• Fix panic when DOCKER_CLI_EXPERIMENTAL is invalid docker/cli#2558
• Avoid potential panic on s390x by upgrading Go to 1.13.11 docker/cli#2532

Networking

• Fix DNS fallback regression moby/moby#41009

Runtime

• Avoid potential panic on s390x by upgrading Go to 1.13.11 moby/moby#40978

Packaging

• Fix ARM builds on ARM64 moby/moby#41027

19.03.9 (2020-05-14)

Builder

• buildkit: Fix concurrent map write panic when building multiple images in parallel. moby/moby#40780
• buildkit: Fix issue preventing chowning of non-root-owned files between stages with userns. moby/moby#40955
• Avoid creation of irrelevant temporary files on Windows. moby/moby#40877

Client

• Fix panic on single-character volumes. docker/cli#2471
• Lazy daemon feature detection to avoid long timeouts on simple commands. docker/cli#2442
• docker context inspect on Windows is now faster. docker/cli#2516
• Bump Golang 1.13.10. docker/cli#2431
• Bump gopkg.in/yaml.v2 to v2.2.8. docker/cli#2470

Logging

• Avoid situation preventing container logs to rotate due to closing a closed log file. moby/moby#40921

Networking

• Fix potential panic upon restart. moby/moby#40809
• Assign the correct network value to the default bridge Subnet field. moby/moby#40565

Runtime

• Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid. moby/moby#40562
• Improve ARM platform matching. moby/moby#40758
• overlay2: show backing filesystem. moby/moby#40652
• Update CRIU to v3.13 "Silicon Willet". moby/moby#40850
• Only show registry v2 schema1 deprecation warning upon successful fallback, as opposed to any registry error. moby/moby#40681
• Use FILE_SHARE_DELETE for log files on Windows. moby/moby#40563
• Bump Golang 1.13.10. moby/moby#40803

Rootless

• Now rootlesskit-docker-proxy returns detailed error message on exposing privileged ports. moby/moby#40863
• Supports numeric ID in /etc/subuid and /etc/subgid. moby/moby#40951

Security

• apparmor: add missing rules for userns. moby/moby#40564
• SElinux: fix ENOTSUP errors not being detected when relabeling. moby/moby#40946

Swarm

• Increase refill rate for logger to avoid hanging on service logs. moby/moby#40628
• Fix issue where single swarm manager is stuck in Down state after reboot. moby/moby#40831
• tasks.db no longer grows indefinitely. moby/moby#40830

19.03.8 (2020-03-10)

Runtime

• Improve mitigation for CVE-2019-14271 for some nscd configuration.

19.03.7 (2020-03-03)

Builder

• builder-next: Fix deadlock issues in corner cases. moby/moby#40557

Runtime

• overlay: remove modprobe execs. moby/moby#40462
• selinux: better error messages when setting file labels moby/moby#40547
• Speed up initial stats collection moby/moby#40549

• rootless: use certs.d from XDG_CONFIG_HOME. moby/moby#40461
• Bump Golang 1.12.17. moby/moby#40533
• Bump google.golang.org/grpc to v1.23.1. moby/moby#40566
• Update containerd binary to v1.2.13. moby/moby#40540
• Prevent showing stopped containers as running in an edge case. moby/moby#40555
• Prevent potential lock. moby/moby#40604

Client

• Bump Golang 1.12.17. docker/cli#2342
• Bump google.golang.org/grpc to v1.23.1. docker/cli#1884 docker/cli#2373

19.03.6 (2020-02-12)

Bui...

19.03.13

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.13 (2020-09-16)

Builder

• buildkit: Fix nil dereference in cache logic moby/moby#41279
• buildkit: Treat unix sockets as regular files during COPY/ADD moby/moby#41269
• buildkit: Ignore system and security xattrs in calculation to ensure consistent COPY caching regardless of SELinux environment moby/moby#41222
• buildkit: Make --cache-from behavior more reliable moby/moby#41222
• buildkit: Fix infinite loop burning CPU when exporting cache moby/moby#41185

Client

• Bump Golang 1.13.15 docker/cli#2674
• Fix config file permission issues (~/.docker/config.json) docker/cli#2631
• build: Fix panic on terminals with zero height docker/cli#2719
• windows: Fix potential issue with newline character in console docker/cli#2623

Networking

• Clean up network sandbox on failure moby/moby#41081
• Fix shallow error messages by forwarding deadline-related errors to user moby/moby#41312
• Fix leaking of netns file descriptors moby/moby#41287

Rootless

• Fix port forwarder resource leak moby/moby#41277

Runtime

• Bump Golang 1.13.15 moby/moby#41334
• Update to containerd 1.3.7 moby/moby#40408

Windows

• Fix slow windows container start time when using servercore image moby/moby#41192

19.03.12 (2020-06-18)

Client

• Fix bug preventing logout from registry when using multiple config files (e.g. Windows vs WSL2 when using Docker Desktop) docker/cli#2592
• Fix regression preventing context metadata to be read docker/cli#2586
• Bump Golang 1.13.12 docker/cli#2575

Networking

• Fix regression preventing daemon start up in a systemd-nspawn environment moby/moby#41124 moby/libnetwork#2567
• Fix the retry logic for creating overlay networks in swarm moby/moby#41124 moby/libnetwork#2565

Runtime

• Bump Golang 1.13.12 moby/moby#41082

19.03.11 (2020-06-01)

Network

• Disable IPv6 Router Advertisements to prevent address spoofing CVE-2020-13401

19.03.10 (2020-05-29)

Client

• Fix version negotiation with older engine docker/cli#2538
• Avoid setting SSH flags through hostname docker/cli#2560
• Fix panic when DOCKER_CLI_EXPERIMENTAL is invalid docker/cli#2558
• Avoid potential panic on s390x by upgrading Go to 1.13.11 docker/cli#2532

Networking

• Fix DNS fallback regression moby/moby#41009

Runtime

• Avoid potential panic on s390x by upgrading Go to 1.13.11 moby/moby#40978

Packaging

• Fix ARM builds on ARM64 moby/moby#41027

19.03.9 (2020-05-14)

Builder

• buildkit: Fix concurrent map write panic when building multiple images in parallel. moby/moby#40780
• buildkit: Fix issue preventing chowning of non-root-owned files between stages with userns. moby/moby#40955
• Avoid creation of irrelevant temporary files on Windows. moby/moby#40877

Client

• Fix panic on single-character volumes. docker/cli#2471
• Lazy daemon feature detection to avoid long timeouts on simple commands. docker/cli#2442
• docker context inspect on Windows is now faster. docker/cli#2516
• Bump Golang 1.13.10. docker/cli#2431
• Bump gopkg.in/yaml.v2 to v2.2.8. docker/cli#2470

Logging

• Avoid situation preventing container logs to rotate due to closing a closed log file. moby/moby#40921

Networking

• Fix potential panic upon restart. moby/moby#40809
• Assign the correct network value to the default bridge Subnet field. moby/moby#40565

Runtime

• Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid. moby/moby#40562
• Improve ARM platform matching. moby/moby#40758
• overlay2: show backing filesystem. moby/moby#40652
• Update CRIU to v3.13 "Silicon Willet". moby/moby#40850
• Only show registry v2 schema1 deprecation warning upon successful fallback, as opposed to any registry error. moby/moby#40681
• Use FILE_SHARE_DELETE for log files on Windows. moby/moby#40563
• Bump Golang 1.13.10. moby/moby#40803

Rootless

• Now rootlesskit-docker-proxy returns detailed error message on exposing privileged ports. moby/moby#40863
• Supports numeric ID in /etc/subuid and /etc/subgid. moby/moby#40951

Security

• apparmor: add missing rules for userns. moby/moby#40564
• SElinux: fix ENOTSUP errors not being detected when relabeling. moby/moby#40946

Swarm

• Increase refill rate for logger to avoid hanging on service logs. moby/moby#40628
• Fix issue where single swarm manager is stuck in Down state after reboot. moby/moby#40831
• tasks.db no longer grows indefinitely. moby/moby#40830

19.03.8 (2020-03-10)

Runtime

• Improve mitigation for CVE-2019-14271 for some nscd configuration.

19.03.7 (2020-03-03)

Builder

• builder-next: Fix deadlock issues in corner cases. moby/moby#40557

Runtime

• overlay: remove modprobe execs. moby/moby#40462
• selinux: better error messages when setting file labels moby/moby#40547
• Speed up initial stats collection moby/moby#40549

• rootless: use certs.d from XDG_CONFIG_HOME. moby/moby#40461
• Bump Golang 1.12.17. moby/moby#40533
• Bump google.golang.org/grpc to v1.23.1. moby/moby#40566
• Update containerd binary to v1.2.13. moby/moby#40540
• Prevent showing stopped containers as running in an edge case. moby/moby#40555
• Prevent potential lock. moby/moby#40604

Client

• Bump Golang 1.12.17. docker/cli#2342
• Bump google.golang.org/grpc to v1.23.1. docker/cli#1884 docker/cli#2373

19.03.6 (2020-02-12)

Builder

• builder-next: Allow modern sign hashes for ssh forwarding. docker/engine#453
• builder-next: Clear onbuild rules after triggering. docker/engine#453
• builder-next: Fix issue with directory permissions when usernamespaces is enabled. moby/moby#40440
• Bump hcsshim to fix docker build failing on Windows 1903. docker/engine#429

Networking

• Shorten controller ID in exec-root to not hit UNIX_PATH_MAX. docker/engine#424
• Fix panic in drivers/overlay/encryption.go. docker/engine#424
• Fix hwaddr set race between us and udev. docker/engine#439

Runtime

• Bump Golang 1.12.16. moby/moby#40433
• Update containerd binary to v1.2.12. moby/moby#40433
• Update to runc v1.0.0-rc10. moby/moby#40433

• Fix possible runtime panic in Lgetxattr. docker/engine#454
• rootless: fix proxying UDP packets. docker/engine#434

19.03.5 (2019-11-13)

...

19.03.13-beta2

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.13-beta2 (2020-08-04)

Builder

• buildkit: Fix nil dereference in cache moby/moby#41279
• buildkit: Add --force flag in git fetch command, improved socket handling in copy, remote cache optimizations moby/moby#41269
• buildkit: Content hash fixes, fix inline cache duplicate blob handling moby/moby#41222
• buildkit: Avoid recursive loop on cache-export moby/moby#41185

Client

• Fix config file permissions issues docker/cli#2631

Networking

• Fix container netns file descriptor leak moby/moby#41287
• Fix network sandbox cleanup on failure moby/moby#41081

Rootless

• Bump rootlesskit from v0.9.5 to v0.10.0 moby/moby#41277

Runtime

• Bump Golang 1.13.14 moby/moby#41235
• Fix plugin double lock bug moby/moby#41274
• Bump hcsshim to fix slow Windows container start with servercore image moby/moby#41192

19.03.12 (2020-06-18)

Client

• Fix bug preventing logout from registry when using multiple config files (e.g. Windows vs WSL2 when using Docker Desktop) docker/cli#2592
• Fix regression preventing context metadata to be read docker/cli#2586
• Bump Golang 1.13.12 docker/cli#2575

Networking

• Fix regression preventing daemon start up in a systemd-nspawn environment moby/moby#41124 moby/libnetwork#2567
• Fix the retry logic for creating overlay networks in swarm moby/moby#41124 moby/libnetwork#2565

Runtime

• Bump Golang 1.13.12 moby/moby#41082

19.03.11 (2020-06-01)

Network

• Disable IPv6 Router Advertisements to prevent address spoofing CVE-2020-13401

19.03.10 (2020-05-29)

Client

• Fix version negotiation with older engine docker/cli#2538
• Avoid setting SSH flags through hostname docker/cli#2560
• Fix panic when DOCKER_CLI_EXPERIMENTAL is invalid docker/cli#2558
• Avoid potential panic on s390x by upgrading Go to 1.13.11 docker/cli#2532

Networking

• Fix DNS fallback regression moby/moby#41009

Runtime

• Avoid potential panic on s390x by upgrading Go to 1.13.11 moby/moby#40978

Packaging

• Fix ARM builds on ARM64 moby/moby#41027

19.03.9 (2020-05-14)

Builder

• buildkit: Fix concurrent map write panic when building multiple images in parallel. moby/moby#40780
• buildkit: Fix issue preventing chowning of non-root-owned files between stages with userns. moby/moby#40955
• Avoid creation of irrelevant temporary files on Windows. moby/moby#40877

Client

• Fix panic on single-character volumes. docker/cli#2471
• Lazy daemon feature detection to avoid long timeouts on simple commands. docker/cli#2442
• docker context inspect on Windows is now faster. docker/cli#2516
• Bump Golang 1.13.10. docker/cli#2431
• Bump gopkg.in/yaml.v2 to v2.2.8. docker/cli#2470

Logging

• Avoid situation preventing container logs to rotate due to closing a closed log file. moby/moby#40921

Networking

• Fix potential panic upon restart. moby/moby#40809
• Assign the correct network value to the default bridge Subnet field. moby/moby#40565

Runtime

• Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid. moby/moby#40562
• Improve ARM platform matching. moby/moby#40758
• overlay2: show backing filesystem. moby/moby#40652
• Update CRIU to v3.13 "Silicon Willet". moby/moby#40850
• Only show registry v2 schema1 deprecation warning upon successful fallback, as opposed to any registry error. moby/moby#40681
• Use FILE_SHARE_DELETE for log files on Windows. moby/moby#40563
• Bump Golang 1.13.10. moby/moby#40803

Rootless

• Now rootlesskit-docker-proxy returns detailed error message on exposing privileged ports. moby/moby#40863
• Supports numeric ID in /etc/subuid and /etc/subgid. moby/moby#40951

Security

• apparmor: add missing rules for userns. moby/moby#40564
• SElinux: fix ENOTSUP errors not being detected when relabeling. moby/moby#40946

Swarm

• Increase refill rate for logger to avoid hanging on service logs. moby/moby#40628
• Fix issue where single swarm manager is stuck in Down state after reboot. moby/moby#40831
• tasks.db no longer grows indefinitely. moby/moby#40830

19.03.8 (2020-03-10)

Runtime

• Improve mitigation for CVE-2019-14271 for some nscd configuration.

19.03.7 (2020-03-03)

Builder

• builder-next: Fix deadlock issues in corner cases. moby/moby#40557

Runtime

• overlay: remove modprobe execs. moby/moby#40462
• selinux: better error messages when setting file labels moby/moby#40547
• Speed up initial stats collection moby/moby#40549

• rootless: use certs.d from XDG_CONFIG_HOME. moby/moby#40461
• Bump Golang 1.12.17. moby/moby#40533
• Bump google.golang.org/grpc to v1.23.1. moby/moby#40566
• Update containerd binary to v1.2.13. moby/moby#40540
• Prevent showing stopped containers as running in an edge case. moby/moby#40555
• Prevent potential lock. moby/moby#40604

Client

• Bump Golang 1.12.17. docker/cli#2342
• Bump google.golang.org/grpc to v1.23.1. docker/cli#1884 docker/cli#2373

19.03.6 (2020-02-12)

Builder

• builder-next: Allow modern sign hashes for ssh forwarding. docker/engine#453
• builder-next: Clear onbuild rules after triggering. docker/engine#453
• builder-next: Fix issue with directory permissions when usernamespaces is enabled. moby/moby#40440
• Bump hcsshim to fix docker build failing on Windows 1903. docker/engine#429

Networking

• Shorten controller ID in exec-root to not hit UNIX_PATH_MAX. docker/engine#424
• Fix panic in drivers/overlay/encryption.go. docker/engine#424
• Fix hwaddr set race between us and udev. docker/engine#439

Runtime

• Bump Golang 1.12.16. moby/moby#40433
• Update containerd binary to v1.2.12. moby/moby#40433
• Update to runc v1.0.0-rc10. moby/moby#40433

• Fix possible runtime panic in Lgetxattr. docker/engine#454
• rootless: fix proxying UDP packets. docker/engine#434

19.03.5 (2019-11-13)

Builder

• builder-next: Added entitlements in builder config. docker/engine#412

• Fix builder-next: permission errors on using build secrets or ssh forwarding with userns-remap. docker/engine#420
• Fix builder-next: copying a symlink inside an already copied directory. [docker-archive/engine#420](https://github.com/d...

19.03.13-beta1

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.12 (2020-06-18)

Client

• Fix bug preventing logout from registry when using multiple config files (e.g. Windows vs WSL2 when using Docker Desktop) docker/cli#2592
• Fix regression preventing context metadata to be read docker/cli#2586
• Bump Golang 1.13.12 docker/cli#2575

Networking

• Fix regression preventing daemon start up in a systemd-nspawn environment moby/moby#41124 moby/libnetwork#2567
• Fix the retry logic for creating overlay networks in swarm moby/moby#41124 moby/libnetwork#2565

Runtime

• Bump Golang 1.13.12 moby/moby#41082

19.03.11 (2020-06-01)

Network

• Disable IPv6 Router Advertisements to prevent address spoofing CVE-2020-13401

19.03.10 (2020-05-29)

Client

• Fix version negotiation with older engine docker/cli#2538
• Avoid setting SSH flags through hostname docker/cli#2560
• Fix panic when DOCKER_CLI_EXPERIMENTAL is invalid docker/cli#2558
• Avoid potential panic on s390x by upgrading Go to 1.13.11 docker/cli#2532

Networking

• Fix DNS fallback regression moby/moby#41009

Runtime

• Avoid potential panic on s390x by upgrading Go to 1.13.11 moby/moby#40978

Packaging

• Fix ARM builds on ARM64 moby/moby#41027

19.03.9 (2020-05-14)

Builder

• buildkit: Fix concurrent map write panic when building multiple images in parallel. moby/moby#40780
• buildkit: Fix issue preventing chowning of non-root-owned files between stages with userns. moby/moby#40955
• Avoid creation of irrelevant temporary files on Windows. moby/moby#40877

Client

• Fix panic on single-character volumes. docker/cli#2471
• Lazy daemon feature detection to avoid long timeouts on simple commands. docker/cli#2442
• docker context inspect on Windows is now faster. docker/cli#2516
• Bump Golang 1.13.10. docker/cli#2431
• Bump gopkg.in/yaml.v2 to v2.2.8. docker/cli#2470

Logging

• Avoid situation preventing container logs to rotate due to closing a closed log file. moby/moby#40921

Networking

• Fix potential panic upon restart. moby/moby#40809
• Assign the correct network value to the default bridge Subnet field. moby/moby#40565

Runtime

• Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid. moby/moby#40562
• Improve ARM platform matching. moby/moby#40758
• overlay2: show backing filesystem. moby/moby#40652
• Update CRIU to v3.13 "Silicon Willet". moby/moby#40850
• Only show registry v2 schema1 deprecation warning upon successful fallback, as opposed to any registry error. moby/moby#40681
• Use FILE_SHARE_DELETE for log files on Windows. moby/moby#40563
• Bump Golang 1.13.10. moby/moby#40803

Rootless

• Now rootlesskit-docker-proxy returns detailed error message on exposing privileged ports. moby/moby#40863
• Supports numeric ID in /etc/subuid and /etc/subgid. moby/moby#40951

Security

• apparmor: add missing rules for userns. moby/moby#40564
• SElinux: fix ENOTSUP errors not being detected when relabeling. moby/moby#40946

Swarm

• Increase refill rate for logger to avoid hanging on service logs. moby/moby#40628
• Fix issue where single swarm manager is stuck in Down state after reboot. moby/moby#40831
• tasks.db no longer grows indefinitely. moby/moby#40830

19.03.8 (2020-03-10)

Runtime

• Improve mitigation for CVE-2019-14271 for some nscd configuration.

19.03.7 (2020-03-03)

Builder

• builder-next: Fix deadlock issues in corner cases. moby/moby#40557

Runtime

• overlay: remove modprobe execs. moby/moby#40462
• selinux: better error messages when setting file labels moby/moby#40547
• Speed up initial stats collection moby/moby#40549

• rootless: use certs.d from XDG_CONFIG_HOME. moby/moby#40461
• Bump Golang 1.12.17. moby/moby#40533
• Bump google.golang.org/grpc to v1.23.1. moby/moby#40566
• Update containerd binary to v1.2.13. moby/moby#40540
• Prevent showing stopped containers as running in an edge case. moby/moby#40555
• Prevent potential lock. moby/moby#40604

Client

• Bump Golang 1.12.17. docker/cli#2342
• Bump google.golang.org/grpc to v1.23.1. docker/cli#1884 docker/cli#2373

19.03.6 (2020-02-12)

Builder

• builder-next: Allow modern sign hashes for ssh forwarding. docker/engine#453
• builder-next: Clear onbuild rules after triggering. docker/engine#453
• builder-next: Fix issue with directory permissions when usernamespaces is enabled. moby/moby#40440
• Bump hcsshim to fix docker build failing on Windows 1903. docker/engine#429

Networking

• Shorten controller ID in exec-root to not hit UNIX_PATH_MAX. docker/engine#424
• Fix panic in drivers/overlay/encryption.go. docker/engine#424
• Fix hwaddr set race between us and udev. docker/engine#439

Runtime

• Bump Golang 1.12.16. moby/moby#40433
• Update containerd binary to v1.2.12. moby/moby#40433
• Update to runc v1.0.0-rc10. moby/moby#40433

• Fix possible runtime panic in Lgetxattr. docker/engine#454
• rootless: fix proxying UDP packets. docker/engine#434

19.03.5 (2019-11-13)

Builder

• builder-next: Added entitlements in builder config. docker/engine#412

• Fix builder-next: permission errors on using build secrets or ssh forwarding with userns-remap. docker/engine#420
• Fix builder-next: copying a symlink inside an already copied directory. docker/engine#420
• Fix builder-next: fatal error: concurrent map writes. docker/engine#422

Runtime

• Bump Golang to 1.12.12. docker/engine#418
• Update to RootlessKit to v0.7.0 to harden slirp4netns with mount namespace and seccomp. docker/engine#397

• Fix to propagate GetContainer error from event processor. docker/engine#407
• Fix push of OCI image. docker/engine#405

19.03.4 (2019-10-17)

Networking

• Rollback libnetwork changes so DOCKER-USER iptables chain is back. docker/engine#404

19.03.3 (2019-10-07)

Known Issues

• DOCKER-USER iptables chain is missing docker/for-linux#810. Users cannot perform additional container network traffic filtering on top of this iptables chain. You are not affected by this issue if you are not customizing iptables chains on top of DOCKER-USER.

  Workaround is to insert the iptables chain after docker daemon starts.

  iptables -N DOCKER-USER
  iptables -I FORWARD -j DOCKER-USER
  iptables -A DOCKER-USER -j RETURN
  

Builder

• Fix builder-next: resolve digest for third party registries. docker/engine#339
• Fix builder-next: user namespace ...

19.03.12

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.12 (2020-06-18)

Client

• Fix bug preventing logout from registry when using multiple config files (e.g. Windows vs WSL2 when using Docker Desktop) docker/cli#2592
• Fix regression preventing context metadata to be read docker/cli#2586
• Bump Golang 1.13.12 docker/cli#2575

Networking

• Fix regression preventing daemon start up in a systemd-nspawn environment moby/moby#41124 moby/libnetwork#2567
• Fix the retry logic for creating overlay networks in swarm moby/moby#41124 moby/libnetwork#2565

Runtime

• Bump Golang 1.13.12 moby/moby#41082

19.03.11 (2020-06-01)

Network

• Disable IPv6 Router Advertisements to prevent address spoofing CVE-2020-13401

19.03.10 (2020-05-29)

Client

• Fix version negotiation with older engine docker/cli#2538
• Avoid setting SSH flags through hostname docker/cli#2560
• Fix panic when DOCKER_CLI_EXPERIMENTAL is invalid docker/cli#2558
• Avoid potential panic on s390x by upgrading Go to 1.13.11 docker/cli#2532

Networking

• Fix DNS fallback regression moby/moby#41009

Runtime

• Avoid potential panic on s390x by upgrading Go to 1.13.11 moby/moby#40978

Packaging

• Fix ARM builds on ARM64 moby/moby#41027

19.03.9 (2020-05-14)

Builder

• buildkit: Fix concurrent map write panic when building multiple images in parallel. moby/moby#40780
• buildkit: Fix issue preventing chowning of non-root-owned files between stages with userns. moby/moby#40955
• Avoid creation of irrelevant temporary files on Windows. moby/moby#40877

Client

• Fix panic on single-character volumes. docker/cli#2471
• Lazy daemon feature detection to avoid long timeouts on simple commands. docker/cli#2442
• docker context inspect on Windows is now faster. docker/cli#2516
• Bump Golang 1.13.10. docker/cli#2431
• Bump gopkg.in/yaml.v2 to v2.2.8. docker/cli#2470

Logging

• Avoid situation preventing container logs to rotate due to closing a closed log file. moby/moby#40921

Networking

• Fix potential panic upon restart. moby/moby#40809
• Assign the correct network value to the default bridge Subnet field. moby/moby#40565

Runtime

• Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid. moby/moby#40562
• Improve ARM platform matching. moby/moby#40758
• overlay2: show backing filesystem. moby/moby#40652
• Update CRIU to v3.13 "Silicon Willet". moby/moby#40850
• Only show registry v2 schema1 deprecation warning upon successful fallback, as opposed to any registry error. moby/moby#40681
• Use FILE_SHARE_DELETE for log files on Windows. moby/moby#40563
• Bump Golang 1.13.10. moby/moby#40803

Rootless

• Now rootlesskit-docker-proxy returns detailed error message on exposing privileged ports. moby/moby#40863
• Supports numeric ID in /etc/subuid and /etc/subgid. moby/moby#40951

Security

• apparmor: add missing rules for userns. moby/moby#40564
• SElinux: fix ENOTSUP errors not being detected when relabeling. moby/moby#40946

Swarm

• Increase refill rate for logger to avoid hanging on service logs. moby/moby#40628
• Fix issue where single swarm manager is stuck in Down state after reboot. moby/moby#40831
• tasks.db no longer grows indefinitely. moby/moby#40830

19.03.8 (2020-03-10)

Runtime

• Improve mitigation for CVE-2019-14271 for some nscd configuration.

19.03.7 (2020-03-03)

Builder

• builder-next: Fix deadlock issues in corner cases. moby/moby#40557

Runtime

• overlay: remove modprobe execs. moby/moby#40462
• selinux: better error messages when setting file labels moby/moby#40547
• Speed up initial stats collection moby/moby#40549

• rootless: use certs.d from XDG_CONFIG_HOME. moby/moby#40461
• Bump Golang 1.12.17. moby/moby#40533
• Bump google.golang.org/grpc to v1.23.1. moby/moby#40566
• Update containerd binary to v1.2.13. moby/moby#40540
• Prevent showing stopped containers as running in an edge case. moby/moby#40555
• Prevent potential lock. moby/moby#40604

Client

• Bump Golang 1.12.17. docker/cli#2342
• Bump google.golang.org/grpc to v1.23.1. docker/cli#1884 docker/cli#2373

19.03.6 (2020-02-12)

Builder

• builder-next: Allow modern sign hashes for ssh forwarding. docker/engine#453
• builder-next: Clear onbuild rules after triggering. docker/engine#453
• builder-next: Fix issue with directory permissions when usernamespaces is enabled. moby/moby#40440
• Bump hcsshim to fix docker build failing on Windows 1903. docker/engine#429

Networking

• Shorten controller ID in exec-root to not hit UNIX_PATH_MAX. docker/engine#424
• Fix panic in drivers/overlay/encryption.go. docker/engine#424
• Fix hwaddr set race between us and udev. docker/engine#439

Runtime

• Bump Golang 1.12.16. moby/moby#40433
• Update containerd binary to v1.2.12. moby/moby#40433
• Update to runc v1.0.0-rc10. moby/moby#40433

• Fix possible runtime panic in Lgetxattr. docker/engine#454
• rootless: fix proxying UDP packets. docker/engine#434

19.03.5 (2019-11-13)

Builder

• builder-next: Added entitlements in builder config. docker/engine#412

• Fix builder-next: permission errors on using build secrets or ssh forwarding with userns-remap. docker/engine#420
• Fix builder-next: copying a symlink inside an already copied directory. docker/engine#420
• Fix builder-next: fatal error: concurrent map writes. docker/engine#422

Runtime

• Bump Golang to 1.12.12. docker/engine#418
• Update to RootlessKit to v0.7.0 to harden slirp4netns with mount namespace and seccomp. docker/engine#397

• Fix to propagate GetContainer error from event processor. docker/engine#407
• Fix push of OCI image. docker/engine#405

19.03.4 (2019-10-17)

Networking

• Rollback libnetwork changes so DOCKER-USER iptables chain is back. docker/engine#404

19.03.3 (2019-10-07)

Known Issues

• DOCKER-USER iptables chain is missing docker/for-linux#810. Users cannot perform additional container network traffic filtering on top of this iptables chain. You are not affected by this issue if you are not customizing iptables chains on top of DOCKER-USER.

  Workaround is to insert the iptables chain after docker daemon starts.

  iptables -N DOCKER-USER
  iptables -I FORWARD -j DOCKER-USER
  iptables -A DOCKER-USER -j RE...
  

19.03.11

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.11 (2020-06-01)

Network

• Disable IPv6 Router Advertisements to prevent address spoofing CVE-2020-13401

19.03.10 (2020-05-29)

Client

• Fix version negotiation with older engine docker/cli#2538
• Avoid setting SSH flags through hostname docker/cli#2560
• Fix panic when DOCKER_CLI_EXPERIMENTAL is invalid docker/cli#2558
• Avoid potential panic on s390x by upgrading Go to 1.13.11 docker/cli#2532

Networking

• Fix DNS fallback regression moby/moby#41009

Runtime

• Avoid potential panic on s390x by upgrading Go to 1.13.11 moby/moby#40978

Packaging

• Fix ARM builds on ARM64 moby/moby#41027

19.03.9 (2020-05-14)

Builder

• buildkit: Fix concurrent map write panic when building multiple images in parallel. moby/moby#40780
• buildkit: Fix issue preventing chowning of non-root-owned files between stages with userns. moby/moby#40955
• Avoid creation of irrelevant temporary files on Windows. moby/moby#40877

Client

• Fix panic on single-character volumes. docker/cli#2471
• Lazy daemon feature detection to avoid long timeouts on simple commands. docker/cli#2442
• docker context inspect on Windows is now faster. docker/cli#2516
• Bump Golang 1.13.10. docker/cli#2431
• Bump gopkg.in/yaml.v2 to v2.2.8. docker/cli#2470

Logging

• Avoid situation preventing container logs to rotate due to closing a closed log file. moby/moby#40921

Networking

• Fix potential panic upon restart. moby/moby#40809
• Assign the correct network value to the default bridge Subnet field. moby/moby#40565

Runtime

• Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid. moby/moby#40562
• Improve ARM platform matching. moby/moby#40758
• overlay2: show backing filesystem. moby/moby#40652
• Update CRIU to v3.13 "Silicon Willet". moby/moby#40850
• Only show registry v2 schema1 deprecation warning upon successful fallback, as opposed to any registry error. moby/moby#40681
• Use FILE_SHARE_DELETE for log files on Windows. moby/moby#40563
• Bump Golang 1.13.10. moby/moby#40803

Rootless

• Now rootlesskit-docker-proxy returns detailed error message on exposing privileged ports. moby/moby#40863
• Supports numeric ID in /etc/subuid and /etc/subgid. moby/moby#40951

Security

• apparmor: add missing rules for userns. moby/moby#40564
• SElinux: fix ENOTSUP errors not being detected when relabeling. moby/moby#40946

Swarm

• Increase refill rate for logger to avoid hanging on service logs. moby/moby#40628
• Fix issue where single swarm manager is stuck in Down state after reboot. moby/moby#40831
• tasks.db no longer grows indefinitely. moby/moby#40830

19.03.8 (2020-03-10)

Runtime

• Improve mitigation for CVE-2019-14271 for some nscd configuration.

19.03.7 (2020-03-03)

Builder

• builder-next: Fix deadlock issues in corner cases. moby/moby#40557

Runtime

• overlay: remove modprobe execs. moby/moby#40462
• selinux: better error messages when setting file labels moby/moby#40547
• Speed up initial stats collection moby/moby#40549

• rootless: use certs.d from XDG_CONFIG_HOME. moby/moby#40461
• Bump Golang 1.12.17. moby/moby#40533
• Bump google.golang.org/grpc to v1.23.1. moby/moby#40566
• Update containerd binary to v1.2.13. moby/moby#40540
• Prevent showing stopped containers as running in an edge case. moby/moby#40555
• Prevent potential lock. moby/moby#40604

Client

• Bump Golang 1.12.17. docker/cli#2342
• Bump google.golang.org/grpc to v1.23.1. docker/cli#1884 docker/cli#2373

19.03.6 (2020-02-12)

Builder

• builder-next: Allow modern sign hashes for ssh forwarding. docker/engine#453
• builder-next: Clear onbuild rules after triggering. docker/engine#453
• builder-next: Fix issue with directory permissions when usernamespaces is enabled. moby/moby#40440
• Bump hcsshim to fix docker build failing on Windows 1903. docker/engine#429

Networking

• Shorten controller ID in exec-root to not hit UNIX_PATH_MAX. docker/engine#424
• Fix panic in drivers/overlay/encryption.go. docker/engine#424
• Fix hwaddr set race between us and udev. docker/engine#439

Runtime

• Bump Golang 1.12.16. moby/moby#40433
• Update containerd binary to v1.2.12. moby/moby#40433
• Update to runc v1.0.0-rc10. moby/moby#40433

• Fix possible runtime panic in Lgetxattr. docker/engine#454
• rootless: fix proxying UDP packets. docker/engine#434

19.03.5 (2019-11-13)

Builder

• builder-next: Added entitlements in builder config. docker/engine#412

• Fix builder-next: permission errors on using build secrets or ssh forwarding with userns-remap. docker/engine#420
• Fix builder-next: copying a symlink inside an already copied directory. docker/engine#420
• Fix builder-next: fatal error: concurrent map writes. docker/engine#422

Runtime

• Bump Golang to 1.12.12. docker/engine#418
• Update to RootlessKit to v0.7.0 to harden slirp4netns with mount namespace and seccomp. docker/engine#397

• Fix to propagate GetContainer error from event processor. docker/engine#407
• Fix push of OCI image. docker/engine#405

19.03.4 (2019-10-17)

Networking

• Rollback libnetwork changes so DOCKER-USER iptables chain is back. docker/engine#404

19.03.3 (2019-10-07)

Known Issues

• DOCKER-USER iptables chain is missing docker/for-linux#810. Users cannot perform additional container network traffic filtering on top of this iptables chain. You are not affected by this issue if you are not customizing iptables chains on top of DOCKER-USER.

  Workaround is to insert the iptables chain after docker daemon starts.

  iptables -N DOCKER-USER
  iptables -I FORWARD -j DOCKER-USER
  iptables -A DOCKER-USER -j RETURN
  

Builder

• Fix builder-next: resolve digest for third party registries. docker/engine#339
• Fix builder-next: user namespace builds when daemon started with socket activation. docker/engine#373
• Fix builder-next: session: release forwarded ssh socket connection per connection. docker/engine#373
• Fix builder-next: llbsolver: error on multiple cache importers. docker/engine#373

Networking

• Fix various libnetwork issues for iptables, DNS queries, and more. docker/engine#330

Runtime

• Bump Golang to 1.12.10. docker/engine#387
• Bump containerd to 1.2.10. docker/engine#385
• Distribution: modify warning logic when pulling v2 schema1 manifests. docker/engine#368

• Fix POST /images/create returning a 500 status cod...

19.03.10

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.10 (2020-05-29)

Client

• Fix version negotiation with older engine docker/cli#2538
• Avoid setting SSH flags through hostname docker/cli#2560
• Fix panic when DOCKER_CLI_EXPERIMENTAL is invalid docker/cli#2558
• Avoid potential panic on s390x by upgrading Go to 1.13.11 docker/cli#2532

Networking

• Fix DNS fallback regression moby/moby#41009

Runtime

• Avoid potential panic on s390x by upgrading Go to 1.13.11 moby/moby#40978

Packaging

• Fix ARM builds on ARM64 moby/moby#41027

19.03.9 (2020-05-14)

Builder

• buildkit: Fix concurrent map write panic when building multiple images in parallel. moby/moby#40780
• buildkit: Fix issue preventing chowning of non-root-owned files between stages with userns. moby/moby#40955
• Avoid creation of irrelevant temporary files on Windows. moby/moby#40877

Client

• Fix panic on single-character volumes. docker/cli#2471
• Lazy daemon feature detection to avoid long timeouts on simple commands. docker/cli#2442
• docker context inspect on Windows is now faster. docker/cli#2516
• Bump Golang 1.13.10. docker/cli#2431
• Bump gopkg.in/yaml.v2 to v2.2.8. docker/cli#2470

Logging

• Avoid situation preventing container logs to rotate due to closing a closed log file. moby/moby#40921

Networking

• Fix potential panic upon restart. moby/moby#40809
• Assign the correct network value to the default bridge Subnet field. moby/moby#40565

Runtime

• Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid. moby/moby#40562
• Improve ARM platform matching. moby/moby#40758
• overlay2: show backing filesystem. moby/moby#40652
• Update CRIU to v3.13 "Silicon Willet". moby/moby#40850
• Only show registry v2 schema1 deprecation warning upon successful fallback, as opposed to any registry error. moby/moby#40681
• Use FILE_SHARE_DELETE for log files on Windows. moby/moby#40563
• Bump Golang 1.13.10. moby/moby#40803

Rootless

• Now rootlesskit-docker-proxy returns detailed error message on exposing privileged ports. moby/moby#40863
• Supports numeric ID in /etc/subuid and /etc/subgid. moby/moby#40951

Security

• apparmor: add missing rules for userns. moby/moby#40564
• SElinux: fix ENOTSUP errors not being detected when relabeling. moby/moby#40946

Swarm

• Increase refill rate for logger to avoid hanging on service logs. moby/moby#40628
• Fix issue where single swarm manager is stuck in Down state after reboot. moby/moby#40831
• tasks.db no longer grows indefinitely. moby/moby#40830

19.03.8 (2020-03-10)

Runtime

• Improve mitigation for CVE-2019-14271 for some nscd configuration.

19.03.7 (2020-03-03)

Builder

• builder-next: Fix deadlock issues in corner cases. moby/moby#40557

Runtime

• overlay: remove modprobe execs. moby/moby#40462
• selinux: better error messages when setting file labels moby/moby#40547
• Speed up initial stats collection moby/moby#40549

• rootless: use certs.d from XDG_CONFIG_HOME. moby/moby#40461
• Bump Golang 1.12.17. moby/moby#40533
• Bump google.golang.org/grpc to v1.23.1. moby/moby#40566
• Update containerd binary to v1.2.13. moby/moby#40540
• Prevent showing stopped containers as running in an edge case. moby/moby#40555
• Prevent potential lock. moby/moby#40604

Client

• Bump Golang 1.12.17. docker/cli#2342
• Bump google.golang.org/grpc to v1.23.1. docker/cli#1884 docker/cli#2373

19.03.6 (2020-02-12)

Builder

• builder-next: Allow modern sign hashes for ssh forwarding. docker/engine#453
• builder-next: Clear onbuild rules after triggering. docker/engine#453
• builder-next: Fix issue with directory permissions when usernamespaces is enabled. moby/moby#40440
• Bump hcsshim to fix docker build failing on Windows 1903. docker/engine#429

Networking

• Shorten controller ID in exec-root to not hit UNIX_PATH_MAX. docker/engine#424
• Fix panic in drivers/overlay/encryption.go. docker/engine#424
• Fix hwaddr set race between us and udev. docker/engine#439

Runtime

• Bump Golang 1.12.16. moby/moby#40433
• Update containerd binary to v1.2.12. moby/moby#40433
• Update to runc v1.0.0-rc10. moby/moby#40433

• Fix possible runtime panic in Lgetxattr. docker/engine#454
• rootless: fix proxying UDP packets. docker/engine#434

19.03.5 (2019-11-13)

Builder

• builder-next: Added entitlements in builder config. docker/engine#412

• Fix builder-next: permission errors on using build secrets or ssh forwarding with userns-remap. docker/engine#420
• Fix builder-next: copying a symlink inside an already copied directory. docker/engine#420
• Fix builder-next: fatal error: concurrent map writes. docker/engine#422

Runtime

• Bump Golang to 1.12.12. docker/engine#418
• Update to RootlessKit to v0.7.0 to harden slirp4netns with mount namespace and seccomp. docker/engine#397

• Fix to propagate GetContainer error from event processor. docker/engine#407
• Fix push of OCI image. docker/engine#405

19.03.4 (2019-10-17)

Networking

• Rollback libnetwork changes so DOCKER-USER iptables chain is back. docker/engine#404

19.03.3 (2019-10-07)

Known Issues

• DOCKER-USER iptables chain is missing docker/for-linux#810. Users cannot perform additional container network traffic filtering on top of this iptables chain. You are not affected by this issue if you are not customizing iptables chains on top of DOCKER-USER.

  Workaround is to insert the iptables chain after docker daemon starts.

  iptables -N DOCKER-USER
  iptables -I FORWARD -j DOCKER-USER
  iptables -A DOCKER-USER -j RETURN
  

Builder

• Fix builder-next: resolve digest for third party registries. docker/engine#339
• Fix builder-next: user namespace builds when daemon started with socket activation. docker/engine#373
• Fix builder-next: session: release forwarded ssh socket connection per connection. docker/engine#373
• Fix builder-next: llbsolver: error on multiple cache importers. docker/engine#373

Networking

• Fix various libnetwork issues for iptables, DNS queries, and more. docker/engine#330

Runtime

• Bump Golang to 1.12.10. docker/engine#387
• Bump containerd to 1.2.10. docker/engine#385
• Distribution: modify warning logic when pulling v2 schema1 manifests. docker/engine#368

• Fix POST /images/create returning a 500 status code when providing an incorrect platform option. docker/engine#365
• Fix POST /build returning a 500 status code when providing an incorrect...

19.03.9

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.9 (2020-05-14)

Builder

• buildkit: Fix concurrent map write panic when building multiple images in parallel. moby/moby#40780
• buildkit: Fix issue preventing chowning of non-root-owned files between stages with userns. moby/moby#40955
• Avoid creation of irrelevant temporary files on Windows. moby/moby#40877

Client

• Fix panic on single-character volumes. docker/cli#2471
• Lazy daemon feature detection to avoid long timeouts on simple commands. docker/cli#2442
• docker context inspect on Windows is now faster. docker/cli#2516
• Bump Golang 1.13.10. docker/cli#2431
• Bump gopkg.in/yaml.v2 to v2.2.8. docker/cli#2470

Logging

• Avoid situation preventing container logs to rotate due to closing a closed log file. moby/moby#40921

Networking

• Fix potential panic upon restart. moby/moby#40809
• Assign the correct network value to the default bridge Subnet field. moby/moby#40565

Runtime

• Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid. moby/moby#40562
• Improve ARM platform matching. moby/moby#40758
• overlay2: show backing filesystem. moby/moby#40652
• Update CRIU to v3.13 "Silicon Willet". moby/moby#40850
• Only show registry v2 schema1 deprecation warning upon successful fallback, as opposed to any registry error. moby/moby#40681
• Use FILE_SHARE_DELETE for log files on Windows. moby/moby#40563
• Bump Golang 1.13.10. moby/moby#40803

Rootless

• Now rootlesskit-docker-proxy returns detailed error message on exposing privileged ports. moby/moby#40863
• Supports numeric ID in /etc/subuid and /etc/subgid. moby/moby#40951

Security

• apparmor: add missing rules for userns. moby/moby#40564
• SElinux: fix ENOTSUP errors not being detected when relabeling. moby/moby#40946

Swarm

• Increase refill rate for logger to avoid hanging on service logs. moby/moby#40628
• Fix issue where single swarm manager is stuck in Down state after reboot. moby/moby#40831
• tasks.db no longer grows indefinitely. moby/moby#40830

19.03.8 (2020-03-10)

Runtime

• Improve mitigation for CVE-2019-14271 for some nscd configuration.

19.03.7 (2020-03-03)

Builder

• builder-next: Fix deadlock issues in corner cases. moby/moby#40557

Runtime

• overlay: remove modprobe execs. moby/moby#40462
• selinux: better error messages when setting file labels moby/moby#40547
• Speed up initial stats collection moby/moby#40549

• rootless: use certs.d from XDG_CONFIG_HOME. moby/moby#40461
• Bump Golang 1.12.17. moby/moby#40533
• Bump google.golang.org/grpc to v1.23.1. moby/moby#40566
• Update containerd binary to v1.2.13. moby/moby#40540
• Prevent showing stopped containers as running in an edge case. moby/moby#40555
• Prevent potential lock. moby/moby#40604

Client

• Bump Golang 1.12.17. docker/cli#2342
• Bump google.golang.org/grpc to v1.23.1. docker/cli#1884 docker/cli#2373

19.03.6 (2020-02-12)

Builder

• builder-next: Allow modern sign hashes for ssh forwarding. docker/engine#453
• builder-next: Clear onbuild rules after triggering. docker/engine#453
• builder-next: Fix issue with directory permissions when usernamespaces is enabled. moby/moby#40440
• Bump hcsshim to fix docker build failing on Windows 1903. docker/engine#429

Networking

• Shorten controller ID in exec-root to not hit UNIX_PATH_MAX. docker/engine#424
• Fix panic in drivers/overlay/encryption.go. docker/engine#424
• Fix hwaddr set race between us and udev. docker/engine#439

Runtime

• Bump Golang 1.12.16. moby/moby#40433
• Update containerd binary to v1.2.12. moby/moby#40433
• Update to runc v1.0.0-rc10. moby/moby#40433

• Fix possible runtime panic in Lgetxattr. docker/engine#454
• rootless: fix proxying UDP packets. docker/engine#434

19.03.5 (2019-11-13)

Builder

• builder-next: Added entitlements in builder config. docker/engine#412

• Fix builder-next: permission errors on using build secrets or ssh forwarding with userns-remap. docker/engine#420
• Fix builder-next: copying a symlink inside an already copied directory. docker/engine#420
• Fix builder-next: fatal error: concurrent map writes. docker/engine#422

Runtime

• Bump Golang to 1.12.12. docker/engine#418
• Update to RootlessKit to v0.7.0 to harden slirp4netns with mount namespace and seccomp. docker/engine#397

• Fix to propagate GetContainer error from event processor. docker/engine#407
• Fix push of OCI image. docker/engine#405

19.03.4 (2019-10-17)

Networking

• Rollback libnetwork changes so DOCKER-USER iptables chain is back. docker/engine#404

19.03.3 (2019-10-07)

Known Issues

• DOCKER-USER iptables chain is missing docker/for-linux#810. Users cannot perform additional container network traffic filtering on top of this iptables chain. You are not affected by this issue if you are not customizing iptables chains on top of DOCKER-USER.

  Workaround is to insert the iptables chain after docker daemon starts.

  iptables -N DOCKER-USER
  iptables -I FORWARD -j DOCKER-USER
  iptables -A DOCKER-USER -j RETURN
  

Builder

• Fix builder-next: resolve digest for third party registries. docker/engine#339
• Fix builder-next: user namespace builds when daemon started with socket activation. docker/engine#373
• Fix builder-next: session: release forwarded ssh socket connection per connection. docker/engine#373
• Fix builder-next: llbsolver: error on multiple cache importers. docker/engine#373

Networking

• Fix various libnetwork issues for iptables, DNS queries, and more. docker/engine#330

Runtime

• Bump Golang to 1.12.10. docker/engine#387
• Bump containerd to 1.2.10. docker/engine#385
• Distribution: modify warning logic when pulling v2 schema1 manifests. docker/engine#368

• Fix POST /images/create returning a 500 status code when providing an incorrect platform option. docker/engine#365
• Fix POST /build returning a 500 status code when providing an incorrect platform option. docker/engine#365
• Fix panic on 32-bit ARMv7 caused by misaligned struct member. docker/engine#363
• Fix to return "invalid parameter" when linking to non-existing container. docker/engine#352
• Fix overlay2: busy error on mount when using kernel >= 5.2. docker/engine#332
• Fix docker rmi stuck in certain misconfigured systems, e.g. dead NFS share. docker/engine#335
• Fix handling of blocked I/O of exec'd processes. docker/engine#296
• Fix jsonfile logger: follow logs stuck when max-size is set and max-file=1. [doc...

19.03.8

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.8 (2020-03-10)

Runtime

• Improve mitigation for CVE-2019-14271 for some nscd configuration.

19.03.7 (2020-03-03)

Builder

• builder-next: Fix deadlock issues in corner cases. moby/moby#40557

Runtime

• overlay: remove modprobe execs. moby/moby#40462
• selinux: better error messages when setting file labels moby/moby#40547
• Speed up initial stats collection moby/moby#40549

• rootless: use certs.d from XDG_CONFIG_HOME. moby/moby#40461
• Bump Golang 1.12.17. moby/moby#40533
• Bump google.golang.org/grpc to v1.23.1. moby/moby#40566
• Update containerd binary to v1.2.13. moby/moby#40540
• Prevent showing stopped containers as running in an edge case. moby/moby#40555
• Prevent potential lock. moby/moby#40604

Client

• Bump Golang 1.12.17. docker/cli#2342
• Bump google.golang.org/grpc to v1.23.1. docker/cli#1884 docker/cli#2373

19.03.6 (2020-02-12)

Builder

• builder-next: Allow modern sign hashes for ssh forwarding. docker/engine#453
• builder-next: Clear onbuild rules after triggering. docker/engine#453
• builder-next: Fix issue with directory permissions when usernamespaces is enabled. moby/moby#40440
• Bump hcsshim to fix docker build failing on Windows 1903. docker/engine#429

Networking

• Shorten controller ID in exec-root to not hit UNIX_PATH_MAX. docker/engine#424
• Fix panic in drivers/overlay/encryption.go. docker/engine#424
• Fix hwaddr set race between us and udev. docker/engine#439

Runtime

• Bump Golang 1.12.16. moby/moby#40433
• Update containerd binary to v1.2.12. moby/moby#40433
• Update to runc v1.0.0-rc10. moby/moby#40433

• Fix possible runtime panic in Lgetxattr. docker/engine#454
• rootless: fix proxying UDP packets. docker/engine#434

19.03.5 (2019-11-13)

Builder

• builder-next: Added entitlements in builder config. docker/engine#412

• Fix builder-next: permission errors on using build secrets or ssh forwarding with userns-remap. docker/engine#420
• Fix builder-next: copying a symlink inside an already copied directory. docker/engine#420
• Fix builder-next: fatal error: concurrent map writes. docker/engine#422

Runtime

• Bump Golang to 1.12.12. docker/engine#418
• Update to RootlessKit to v0.7.0 to harden slirp4netns with mount namespace and seccomp. docker/engine#397

• Fix to propagate GetContainer error from event processor. docker/engine#407
• Fix push of OCI image. docker/engine#405

19.03.4 (2019-10-17)

Networking

• Rollback libnetwork changes so DOCKER-USER iptables chain is back. docker/engine#404

19.03.3 (2019-10-07)

Known Issues

• DOCKER-USER iptables chain is missing docker/for-linux#810. Users cannot perform additional container network traffic filtering on top of this iptables chain. You are not affected by this issue if you are not customizing iptables chains on top of DOCKER-USER.

  Workaround is to insert the iptables chain after docker daemon starts.

  iptables -N DOCKER-USER
  iptables -I FORWARD -j DOCKER-USER
  iptables -A DOCKER-USER -j RETURN
  

Builder

• Fix builder-next: resolve digest for third party registries. docker/engine#339
• Fix builder-next: user namespace builds when daemon started with socket activation. docker/engine#373
• Fix builder-next: session: release forwarded ssh socket connection per connection. docker/engine#373
• Fix builder-next: llbsolver: error on multiple cache importers. docker/engine#373

Networking

• Fix various libnetwork issues for iptables, DNS queries, and more. docker/engine#330

Runtime

• Bump Golang to 1.12.10. docker/engine#387
• Bump containerd to 1.2.10. docker/engine#385
• Distribution: modify warning logic when pulling v2 schema1 manifests. docker/engine#368

• Fix POST /images/create returning a 500 status code when providing an incorrect platform option. docker/engine#365
• Fix POST /build returning a 500 status code when providing an incorrect platform option. docker/engine#365
• Fix panic on 32-bit ARMv7 caused by misaligned struct member. docker/engine#363
• Fix to return "invalid parameter" when linking to non-existing container. docker/engine#352
• Fix overlay2: busy error on mount when using kernel >= 5.2. docker/engine#332
• Fix docker rmi stuck in certain misconfigured systems, e.g. dead NFS share. docker/engine#335
• Fix handling of blocked I/O of exec'd processes. docker/engine#296
• Fix jsonfile logger: follow logs stuck when max-size is set and max-file=1. docker/engine#378

Client

• Mitigate against YAML files that have excessive aliasing. docker/cli#2119

19.03.2 (2019-08-29)

Builder

• Fix "COPY --from" to non-existing directory on Windows. moby/moby#39695
• Fix builder-next: metadata commands not having created time in history. moby/moby#39456
• Fix builder-next: close progress on layer export error. moby/moby#39782

• Update buildkit to 588c73e1e4. moby/moby#39781

Client

• Fix Windows absolute path detection on non-Windows. docker/cli#1990
• Fix to zsh completion script for docker login --username.
• Fix context: produce consistent output on context create. docker/cli#1985
• Fix support for HTTP proxy env variable. docker/cli#2059

Logging

• Fix for reading journald logs. moby/moby#37819 moby/moby#38859

Networking

• Prevent panic on network attach to a container with disabled networking. moby/moby#39589

Runtime

• Bump Golang to 1.12.8.

• Fix a potential engine panic when using XFS disk quota for containers. moby/moby#39644

Swarm

• Fix an issue where nodes with lots of tasks could not be removed. docker/swarmkit#2867

19.03.1 (2019-07-25)

Runtime

• Fix CVE-2019-14271 loading of nsswitch based config inside chroot under Glibc.

19.03.0 (2019-07-22)

Deprecation

• Deprecate image manifest v2 schema1 in favor of v2 schema2. Future version of Docker will remove support for v2 schema1 altogether. moby/moby#39365
• Remove v1.10 migrator. moby/moby#38265
• Skip deprecated storage-drivers in auto-selection. moby/moby#38019
• Deprecate aufs storage driver and add warning. moby/moby#38090

Client

• Add --pids-limit flag to docker update. docker/cli#1765
• Add systctl support for services. docker/cli#1754
• Add support for template_driver in composefiles. docker/cli#1746
• Add --device support for Windows. docker/cli#1606
• Data Path Port configuration support. docker/cli#1509
• Fast context switch: commands. docker/cli#1501
• Support --mount type=bind,bind-non...

19.03.7

Changelog

For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.

19.03.7 (2020-03-03)

Builder

• builder-next: Fix deadlock issues in corner cases. moby/moby#40557

Runtime

• overlay: remove modprobe execs. moby/moby#40462
• selinux: better error messages when setting file labels moby/moby#40547
• Speed up initial stats collection moby/moby#40549

• rootless: use certs.d from XDG_CONFIG_HOME. moby/moby#40461
• Bump Golang 1.12.17. moby/moby#40533
• Bump google.golang.org/grpc to v1.23.1. moby/moby#40566
• Update containerd binary to v1.2.13. moby/moby#40540
• Prevent showing stopped containers as running in an edge case. moby/moby#40555
• Prevent potential lock. moby/moby#40604

Client

• Bump Golang 1.12.17. docker/cli#2342
• Bump google.golang.org/grpc to v1.23.1. docker/cli#1884 docker/cli#2373

19.03.6 (2020-02-12)

Builder

• builder-next: Allow modern sign hashes for ssh forwarding. docker/engine#453
• builder-next: Clear onbuild rules after triggering. docker/engine#453
• builder-next: Fix issue with directory permissions when usernamespaces is enabled. moby/moby#40440
• Bump hcsshim to fix docker build failing on Windows 1903. docker/engine#429

Networking

• Shorten controller ID in exec-root to not hit UNIX_PATH_MAX. docker/engine#424
• Fix panic in drivers/overlay/encryption.go. docker/engine#424
• Fix hwaddr set race between us and udev. docker/engine#439

Runtime

• Bump Golang 1.12.16. moby/moby#40433
• Update containerd binary to v1.2.12. moby/moby#40433
• Update to runc v1.0.0-rc10. moby/moby#40433

• Fix possible runtime panic in Lgetxattr. docker/engine#454
• rootless: fix proxying UDP packets. docker/engine#434

19.03.5 (2019-11-13)

Builder

• builder-next: Added entitlements in builder config. docker/engine#412

• Fix builder-next: permission errors on using build secrets or ssh forwarding with userns-remap. docker/engine#420
• Fix builder-next: copying a symlink inside an already copied directory. docker/engine#420
• Fix builder-next: fatal error: concurrent map writes. docker/engine#422

Runtime

• Bump Golang to 1.12.12. docker/engine#418
• Update to RootlessKit to v0.7.0 to harden slirp4netns with mount namespace and seccomp. docker/engine#397

• Fix to propagate GetContainer error from event processor. docker/engine#407
• Fix push of OCI image. docker/engine#405

19.03.4 (2019-10-17)

Networking

• Rollback libnetwork changes so DOCKER-USER iptables chain is back. docker/engine#404

19.03.3 (2019-10-07)

Known Issues

• DOCKER-USER iptables chain is missing docker/for-linux#810. Users cannot perform additional container network traffic filtering on top of this iptables chain. You are not affected by this issue if you are not customizing iptables chains on top of DOCKER-USER.

  Workaround is to insert the iptables chain after docker daemon starts.

  iptables -N DOCKER-USER
  iptables -I FORWARD -j DOCKER-USER
  iptables -A DOCKER-USER -j RETURN
  

Builder

• Fix builder-next: resolve digest for third party registries. docker/engine#339
• Fix builder-next: user namespace builds when daemon started with socket activation. docker/engine#373
• Fix builder-next: session: release forwarded ssh socket connection per connection. docker/engine#373
• Fix builder-next: llbsolver: error on multiple cache importers. docker/engine#373

Networking

• Fix various libnetwork issues for iptables, DNS queries, and more. docker/engine#330

Runtime

• Bump Golang to 1.12.10. docker/engine#387
• Bump containerd to 1.2.10. docker/engine#385
• Distribution: modify warning logic when pulling v2 schema1 manifests. docker/engine#368

• Fix POST /images/create returning a 500 status code when providing an incorrect platform option. docker/engine#365
• Fix POST /build returning a 500 status code when providing an incorrect platform option. docker/engine#365
• Fix panic on 32-bit ARMv7 caused by misaligned struct member. docker/engine#363
• Fix to return "invalid parameter" when linking to non-existing container. docker/engine#352
• Fix overlay2: busy error on mount when using kernel >= 5.2. docker/engine#332
• Fix docker rmi stuck in certain misconfigured systems, e.g. dead NFS share. docker/engine#335
• Fix handling of blocked I/O of exec'd processes. docker/engine#296
• Fix jsonfile logger: follow logs stuck when max-size is set and max-file=1. docker/engine#378

Client

• Mitigate against YAML files that have excessive aliasing. docker/cli#2119

19.03.2 (2019-08-29)

Builder

• Fix "COPY --from" to non-existing directory on Windows. moby/moby#39695
• Fix builder-next: metadata commands not having created time in history. moby/moby#39456
• Fix builder-next: close progress on layer export error. moby/moby#39782

• Update buildkit to 588c73e1e4. moby/moby#39781

Client

• Fix Windows absolute path detection on non-Windows. docker/cli#1990
• Fix to zsh completion script for docker login --username.
• Fix context: produce consistent output on context create. docker/cli#1985
• Fix support for HTTP proxy env variable. docker/cli#2059

Logging

• Fix for reading journald logs. moby/moby#37819 moby/moby#38859

Networking

• Prevent panic on network attach to a container with disabled networking. moby/moby#39589

Runtime

• Bump Golang to 1.12.8.

• Fix a potential engine panic when using XFS disk quota for containers. moby/moby#39644

Swarm

• Fix an issue where nodes with lots of tasks could not be removed. docker/swarmkit#2867

19.03.1 (2019-07-25)

Runtime

• Fix CVE-2019-14271 loading of nsswitch based config inside chroot under Glibc.

19.03.0 (2019-07-22)

Deprecation

• Deprecate image manifest v2 schema1 in favor of v2 schema2. Future version of Docker will remove support for v2 schema1 altogether. moby/moby#39365
• Remove v1.10 migrator. moby/moby#38265
• Skip deprecated storage-drivers in auto-selection. moby/moby#38019
• Deprecate aufs storage driver and add warning. moby/moby#38090

Client

• Add --pids-limit flag to docker update. docker/cli#1765
• Add systctl support for services. docker/cli#1754
• Add support for template_driver in composefiles. docker/cli#1746
• Add --device support for Windows. docker/cli#1606
• Data Path Port configuration support. docker/cli#1509
• Fast context switch: commands. docker/cli#1501
• Support --mount type=bind,bind-nonrecursive,... docker/cli#1430
• Add maximum replicas per node. [docker/cli#1410](https://github.com/docker/cli/pull/...