ContextQMD
Back to Docker

Docker Engine 26.0 release notes

content/manuals/engine/release-notes/26.0.md

18.09-release13.5 KB
Original Source

This page describes the latest changes, additions, known issues, and fixes for Docker Engine version 26.0.

For more information about:

26.0.2

{{< release-date date="2024-04-18" >}}

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains a security fix for CVE-2024-32473, an unexpected configuration of IPv6 on IPv4-only interfaces.

Bug fixes and enhancements

26.0.1

{{< release-date date="2024-04-11" >}}

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • Fix a regression that meant network interface specific --sysctl options prevented container startup. moby/moby#47646
  • Remove erroneous platform from image config OCI descriptor in docker save output. moby/moby#47694
  • containerd image store: OCI archives produced by docker save will now have a non-empty mediaType field in index.json moby/moby#47701
  • Fix a regression that prevented the internal resolver from forwarding requests from IPvlan L3 networks to external resolvers. moby/moby#47705
  • Prevent the use of external resolvers in IPvlan and Macvlan networks created with no parent interface specified. moby/moby#47705

Packaging updates

26.0.0

{{< release-date date="2024-03-20" >}}

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains a security fix for CVE-2024-29018, a potential data exfiltration from 'internal' networks via authoritative DNS servers.

New

  • Add Subpath field to the VolumeOptions making it possible to mount a subpath of a volume. moby/moby#45687
  • Add volume-subpath support to the mount flag (--mount type=volume,...,volume-subpath=<subpath>). docker/cli#4331
  • Accept = separators and [ipv6] in compose files for docker stack deploy. docker/cli#4860
  • rootless: Add support for enabling host loopback by setting the DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK environment variable to false (defaults to true). This lets containers connect to the host by using IP address 10.0.2.2. moby/moby#47352
  • containerd image store: docker image ls no longer creates duplicates entries for multi-platform images. moby/moby#45967
  • containerd image store: Send Prometheus metrics. moby/moby#47555

Bug fixes and enhancements

  • CVE-2024-29018: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589

  • Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved. moby/moby#47233

    [!WARNING]

    Containers created using Docker Engine 25.0.0 may have duplicate MAC addresses, they must be re-created. Containers created using version 25.0.0 or 25.0.1 with user-defined MAC addresses will get generated MAC addresses when they are started using 25.0.2. They must also be re-created.

  • Always attempt to enable IPv6 on a container's loopback interface, and only include IPv6 in /etc/hosts if successful. moby/moby#47062

    [!NOTE]

    By default, IPv6 will remain enabled on a container's loopback interface when the container is not connected to an IPv6-enabled network. For example, containers that are only connected to an IPv4-only network now have the ::1 address on their loopback interface.

    To disable IPv6 in a container, use option --sysctl net.ipv6.conf.all.disable_ipv6=1 in the create or run command, or the equivalent sysctls option in the service configuration section of a Compose file.

    If IPv6 is not available in a container because it has been explicitly disabled for the container, or the host's networking stack does not have IPv6 enabled (or for any other reason) the container's /etc/hosts file will not include IPv6 entries.

  • Fix ADD Dockerfile instruction failing with lsetxattr <file>: operation not supported when unpacking archive with xattrs onto a filesystem that doesn't support them. moby/moby#47175

  • Fix docker container start failing when used with --checkpoint. moby/moby#47456

  • Restore IP connectivity between the host and containers on an internal bridge network. moby/moby#47356

  • Do not enforce new validation rules for existing swarm networks. moby/moby#47361

  • Restore DNS names for containers in the default "nat" network on Windows. moby/moby#47375

  • Print hint when invoking docker image ls with ambiguous argument. docker/cli#4849

  • Cleanup @docker_cli_[UUID] files on OpenBSD. docker/cli#4862

  • Add explicit deprecation notice message when using remote TCP connections without TLS. docker/cli#4928, moby/moby#47556

  • Use IPv6 nameservers from the host's resolv.conf as upstream resolvers for Docker Engine's internal DNS, rather than listing them in the container's resolv.conf. moby/moby#47512

  • containerd image store: Isolate images with different containerd namespaces when --userns-remap option is used. moby/moby#46786

  • containerd image store: Fix image pull not emitting Pulling fs layer status. moby/moby#47432

API

  • To preserve backwards compatibility, read-only mounts are not recursive by default when using older clients (API version < v1.44). moby/moby#47391
  • GET /images/{id}/json omits the Created field (previously it was 0001-01-01T00:00:00Z) if the Created field is missing from the image config. moby/moby#47451
  • Populate a missing Created field in GET /images/{id}/json with 0001-01-01T00:00:00Z for API version <= 1.43. moby/moby#47387
  • The is_automated field in the POST /images/search endpoint results is always false now. Consequently, searching for is-automated=true will yield no results, while is-automated=false will be a no-op. moby/moby#47465
  • Remove Container and ContainerConfig fields from the GET /images/{name}/json response. moby/moby#47430

Packaging updates

Removed

  • Remove Container and ContainerConfig fields from the GET /images/{name}/json response. moby/moby#47430

  • Deprecate the ability to accept remote TCP connections without TLS. Deprecation notice docker/cli#4928 moby/moby#47556.

  • Remove deprecated API versions (API < v1.24) moby/moby#47155

  • Disable pulling of deprecated image formats by default. These image formats are deprecated, and support will be removed in a future version. moby/moby#47459

  • image: remove deprecated IDFromDigest moby/moby#47198

  • Remove the deprecated github.com/docker/docker/pkg/loopback package. moby/moby#47128

  • pkg/system: remove deprecated ErrNotSupportedOperatingSystem, IsOSSupported moby/moby#47129

  • pkg/homedir: remove deprecated Key() and GetShortcutString() moby/moby#47130

  • pkg/containerfs: remove deprecated ResolveScopedPath moby/moby#47131

  • The daemon flag --oom-score-adjust was deprecated in v24.0 and is now removed. moby/moby#46113

  • Remove deprecated aliases from the api/types package. These types were deprecated in v25.0.0, which provided temporary aliases. moby/moby#47148 These aliases are now removed: types.Info, types.Commit, types.PluginsInfo, types.NetworkAddressPool, types.Runtime, types.SecurityOpt, types.KeyValue, types.DecodeSecurityOptions, types.CheckpointCreateOptions, types.CheckpointListOptions, types.CheckpointDeleteOptions, types.Checkpoint, types.ImageDeleteResponseItem, types.ImageSummary, types.ImageMetadata, types.ServiceUpdateResponse, types.ServiceCreateResponse, types.ResizeOptions, types.ContainerAttachOptions, types.ContainerCommitOptions, types.ContainerRemoveOptions, types.ContainerStartOptions, types.ContainerListOptions, types.ContainerLogsOptions

  • cli/command/container: remove deprecated NewStartOptions() docker/cli#4811

  • cli/command: remove deprecated DockerCliOption, InitializeOpt docker/cli#4810