The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
nslookup
, fall back to the external resolvers when they get a SERVFAIL
answer from the internal server. So, the internal DNS server can now be configured to forward requests to the external resolvers, by setting "features": {"windows-dns-proxy": true }
in the daemon.json
file. moby/moby#47584
[!NOTE] This will be the new default behavior in Docker Engine 27.0.
[!WARNING] The
windows-dns-proxy
feature flag will be removed in a future release.
Subpath
not being passed to the container config. moby/moby#47711
WORKDIR <directory>/
build step (directory with a trailing slash). moby/moby#47723
docker images
failing when any image in the store has unexpected target. moby/moby#47738
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
This release contains a security fix for CVE-2024-32473, an unexpected configuration of IPv6 on IPv4-only interfaces.
CVE-2024-32473: Ensure IPv6 is disabled on interfaces only allocated an IPv4 address by the engine. moby#GHSA-x84c-p2g9-rqv9
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
--sysctl
options prevented container startup. moby/moby#47646
platform
from image config
OCI descriptor in docker save
output. moby/moby#47694
docker save
will now have a non-empty mediaType
field in index.json
moby/moby#47701
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
This release contains a security fix for CVE-2024-29018, a potential data exfiltration from 'internal' networks via authoritative DNS servers.
Subpath
field to the VolumeOptions
making it possible to mount a subpath of a volume. moby/moby#45687
volume-subpath
support to the mount flag (--mount type=volume,...,volume-subpath=<subpath>
). docker/cli#4331
=
separators and [ipv6]
in compose files for docker stack deploy
. docker/cli#4860
DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK
environment variable to false
(defaults to true
). This lets containers connect to the host by using IP address 10.0.2.2
. moby/moby#47352
docker image ls
no longer creates duplicates entries for multi-platform images. moby/moby#45967
[!WARNING]
Containers created using Docker Engine 25.0.0 may have duplicate MAC addresses, they must be re-created. Containers created using version 25.0.0 or 25.0.1 with user-defined MAC addresses will get generated MAC addresses when they are started using 25.0.2. They must also be re-created.
/etc/hosts
if successful. moby/moby#47062
[!NOTE]
By default, IPv6 will remain enabled on a container's loopback interface when the container is not connected to an IPv6-enabled network. For example, containers that are only connected to an IPv4-only network now have the
::1
address on their loopback interface.To disable IPv6 in a container, use option
--sysctl net.ipv6.conf.all.disable_ipv6=1
in thecreate
orrun
command, or the equivalentsysctls
option in the service configuration section of a Compose file.If IPv6 is not available in a container because it has been explicitly disabled for the container, or the host's networking stack does not have IPv6 enabled (or for any other reason) the container's
/etc/hosts
file will not include IPv6 entries.
ADD
Dockerfile instruction failing with lsetxattr <file>: operation not supported
when unpacking archive with xattrs onto a filesystem that doesn't support them. moby/moby#47175
docker container start
failing when used with --checkpoint
. moby/moby#47456
docker image ls
with ambiguous argument. docker/cli#4849
@docker_cli_[UUID]
files on OpenBSD. docker/cli#4862
resolv.conf
as upstream resolvers for Docker Engine's internal DNS, rather than listing them in the container's resolv.conf
. moby/moby#47512
--userns-remap
option is used. moby/moby#46786
Pulling fs layer
status. moby/moby#47432
GET /images/{id}/json
omits the Created
field (previously it was 0001-01-01T00:00:00Z
) if the Created
field is missing from the image config. moby/moby#47451
Created
field in GET /images/{id}/json
with 0001-01-01T00:00:00Z
for API version <= 1.43. moby/moby#47387
is_automated
field in the POST /images/search
endpoint results is always false
now. Consequently, searching for is-automated=true
will yield no results, while is-automated=false
will be a no-op. moby/moby#47465
Container
and ContainerConfig
fields from the GET /images/{name}/json
response. moby/moby#47430
Remove Container
and ContainerConfig
fields from the GET /images/{name}/json
response. moby/moby#47430
Deprecate the ability to accept remote TCP connections without TLS. Deprecation notice docker/cli#4928 moby/moby#47556.
Remove deprecated API versions (API < v1.24) moby/moby#47155
Disable pulling of deprecated image formats by default. These image formats are deprecated, and support will be removed in a future version. moby/moby#47459
image: remove deprecated IDFromDigest moby/moby#47198
Remove the deprecated github.com/docker/docker/pkg/loopback
package. moby/moby#47128
pkg/system: remove deprecated ErrNotSupportedOperatingSystem
, IsOSSupported
moby/moby#47129
pkg/homedir: remove deprecated Key() and GetShortcutString() moby/moby#47130
pkg/containerfs: remove deprecated ResolveScopedPath moby/moby#47131
The daemon flag --oom-score-adjust
was deprecated in v24.0 and is now removed. moby/moby#46113
Remove deprecated aliases from the api/types package. These types were deprecated in v25.0.0, which provided temporary aliases. moby/moby#47148
These aliases are now removed: types.Info
, types.Commit
, types.PluginsInfo
, types.NetworkAddressPool
, types.Runtime
, types.SecurityOpt
, types.KeyValue
, types.DecodeSecurityOptions
, types.CheckpointCreateOptions
, types.CheckpointListOptions
, types.CheckpointDeleteOptions
, types.Checkpoint
, types.ImageDeleteResponseItem
, types.ImageSummary
, types.ImageMetadata
, types.ServiceUpdateResponse
, types.ServiceCreateResponse
, types.ResizeOptions
, types.ContainerAttachOptions
, types.ContainerCommitOptions
, types.ContainerRemoveOptions
, types.ContainerStartOptions
, types.ContainerListOptions
, types.ContainerLogsOptions
cli/command/container: remove deprecated NewStartOptions()
docker/cli#4811
cli/command: remove deprecated DockerCliOption
, InitializeOpt
docker/cli#4810
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
This release contains a security fix for CVE-2024-29018, a potential data exfiltration from 'internal' networks via authoritative DNS servers.
docker images
performance. moby/moby#47580
resolv.conf
as upstream resolvers for Docker Engine's internal DNS, rather than listing them in the container's resolv.conf
. moby/moby#47512
image list
not showing images when an image that has no locally available platforms is encountered.open /etc/docker/plugins: permission denied
moby/moby#47559
Container
and ContainerConfig
fields from the GET /images/{name}/json
response. moby/moby#47430
Update Buildx to v0.13.1. docker/docker-ce-packaging#1000
Update Buildkit to v0.13.1. moby/moby#47582
Update Compose to v2.25.0. docker/docker-ce-packaging#1002
Add Ubuntu Noble packages. docker/docker-ce-packaging#1006
Add Fedora 40 packages. docker/docker-ce-packaging#1005
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
This release contains a security fix for CVE-2024-29018, a potential data exfiltration from 'internal' networks via authoritative DNS servers.
CVE-2024-29018: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589
plugin: fix mounting /etc/hosts when running in UserNS. moby/moby#47588
rootless: fix open /etc/docker/plugins: permission denied
. moby/moby#47587
Fix multiple parallel docker build
runs leaking disk space. moby/moby#47527
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK
to false, defaults true. It allows to connect to host by using 10.0.2.2 IP moby/moby#47352
docker build
runs leaking disk space. moby/moby#47523
docker pull
regression introduced in rc1 causing a wrong pull progress message moby/moby#47475
ERROR: failed to solve: unknown blob <digest> in history
. moby/moby#47520
is_automated
field in the POST /images/search
endpoint results is always false
now. Consequently, searching for is-automated=true
will yield no results, while is-automated=false
will be a no-op. moby/moby#47465
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
docker start
failing when used with --checkpoint
moby/moby#47466
Pulling fs layer
status moby/moby#47484
GET /images/{id}/json
omits the Created
field (previously it was 0001-01-01T00:00:00Z
) if the Created
field is missing from the image config. moby/moby#47451
Created
field in GET /images/{id}/json
with 0001-01-01T00:00:00Z
for API version <= 1.43. moby/moby#47387
NetworkMode
name-or-id is not the same as the name-or-id used in NetworkSettings.Networks
. moby/moby#47510
Full Changelog: https://github.com/moby/moby/compare/v25.0.3...v25.0.4
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Subpath
field to the VolumeOptions
making it possible to mount a subpath of a volume. moby/moby#45687
volume-subpath
option to mount flag (--mount type=volume,...,volume-subpath=<subpath>
) docker/cli#4331
image list
will no longer produce multiple duplicates image entries for multi-platform images moby/moby#45967
=
separators and [ipv6]
in compose files for docker stack deploy
docker/cli#4860
ADD
Dockerfile instruction failing with lsetxattr <file>: operation not supported
when unpacking archive with xattrs onto a filesystem that doesn't support them. moby/moby#47175
docker start
failing when used with --checkpoint
moby/moby#47456
@docker_cli_[UUID]
files on OpenBSD https://github.com/docker/cli/pull/4862
--userns-remap
option is used moby/moby#46786
Pulling fs layer
status moby/moby#47432
[!NOTE]
Containers created using 25.0.0 may have duplicate MAC addresses, they must be re-created. Containers created using 25.0.0 or 25.0.1 with user-defined MAC addresses will get generated MAC addresses when they are started using 25.0.2. They must also be re-created.
GET /images/{id}/json
omits the Created
field (previously it was 0001-01-01T00:00:00Z
) if the Created
field is missing from the image config. moby/moby#47451
Created
field in GET /images/{id}/json
with 0001-01-01T00:00:00Z
for API version <= 1.43. moby/moby#47387
github.com/docker/docker/pkg/loopback
package. moby/moby#47128
ErrNotSupportedOperatingSystem
, IsOSSupported
moby/moby#47129
--oom-score-adjust
has been deprecated in v24.0 and is now removed. moby/moby#46113
types.Info
, types.Commit
, types.PluginsInfo
, types.NetworkAddressPool
, types.Runtime
, types.SecurityOpt
, types.KeyValue
, types.DecodeSecurityOptions
, types.CheckpointCreateOptions
, types.CheckpointListOptions
, types.CheckpointDeleteOptions
, types.Checkpoint
, types.ImageDeleteResponseItem
, types.ImageSummary
, types.ImageMetadata
, types.ServiceUpdateResponse
, types.ServiceCreateResponse
, types.ResizeOptions
, types.ContainerAttachOptions
, types.ContainerCommitOptions
, types.ContainerRemoveOptions
, types.ContainerStartOptions
, types.ContainerListOptions
, types.ContainerLogsOptions
NewStartOptions()
docker/cli#4811
DockerCliOption
, InitializeOpt
docker/cli#4810