This repository has been archived by the owner on Oct 13, 2023. It is now read-only.
19.03.8
GordonTheTurtle
released this
11 Mar 20:06
·
564 commits
to 19.03
since this release
Changelog
For official release notes for Docker Engine CE and Docker Engine EE, visit the
release notes page.
19.03.8 (2020-03-10)
Runtime
- Improve mitigation for CVE-2019-14271 for some nscd configuration.
19.03.7 (2020-03-03)
Builder
- builder-next: Fix deadlock issues in corner cases. moby/moby#40557
Runtime
- overlay: remove modprobe execs. moby/moby#40462
- selinux: better error messages when setting file labels moby/moby#40547
- Speed up initial stats collection moby/moby#40549
- rootless: use certs.d from XDG_CONFIG_HOME. moby/moby#40461
- Bump Golang 1.12.17. moby/moby#40533
- Bump google.golang.org/grpc to v1.23.1. moby/moby#40566
- Update containerd binary to v1.2.13. moby/moby#40540
- Prevent showing stopped containers as running in an edge case. moby/moby#40555
- Prevent potential lock. moby/moby#40604
Client
- Bump Golang 1.12.17. docker/cli#2342
- Bump google.golang.org/grpc to v1.23.1. docker/cli#1884 docker/cli#2373
19.03.6 (2020-02-12)
Builder
- builder-next: Allow modern sign hashes for ssh forwarding. docker/engine#453
- builder-next: Clear onbuild rules after triggering. docker/engine#453
- builder-next: Fix issue with directory permissions when usernamespaces is enabled. moby/moby#40440
- Bump hcsshim to fix docker build failing on Windows 1903. docker/engine#429
Networking
- Shorten controller ID in exec-root to not hit UNIX_PATH_MAX. docker/engine#424
- Fix panic in drivers/overlay/encryption.go. docker/engine#424
- Fix hwaddr set race between us and udev. docker/engine#439
Runtime
- Bump Golang 1.12.16. moby/moby#40433
- Update containerd binary to v1.2.12. moby/moby#40433
- Update to runc v1.0.0-rc10. moby/moby#40433
- Fix possible runtime panic in Lgetxattr. docker/engine#454
- rootless: fix proxying UDP packets. docker/engine#434
19.03.5 (2019-11-13)
Builder
- builder-next: Added
entitlements
in builder config. docker/engine#412
- Fix builder-next: permission errors on using build secrets or ssh forwarding with userns-remap. docker/engine#420
- Fix builder-next: copying a symlink inside an already copied directory. docker/engine#420
- Fix builder-next: fatal error: concurrent map writes. docker/engine#422
Runtime
- Bump Golang to 1.12.12. docker/engine#418
- Update to RootlessKit to v0.7.0 to harden slirp4netns with mount namespace and seccomp. docker/engine#397
- Fix to propagate GetContainer error from event processor. docker/engine#407
- Fix push of OCI image. docker/engine#405
19.03.4 (2019-10-17)
Networking
- Rollback libnetwork changes so
DOCKER-USER
iptables chain is back. docker/engine#404
19.03.3 (2019-10-07)
Known Issues
-
DOCKER-USER
iptables chain is missing docker/for-linux#810. Users cannot perform additional container network traffic filtering on top of this iptables chain. You are not affected by this issue if you are not customizing iptables chains on top ofDOCKER-USER
.Workaround is to insert the iptables chain after docker daemon starts.
iptables -N DOCKER-USER iptables -I FORWARD -j DOCKER-USER iptables -A DOCKER-USER -j RETURN
Builder
- Fix builder-next: resolve digest for third party registries. docker/engine#339
- Fix builder-next: user namespace builds when daemon started with socket activation. docker/engine#373
- Fix builder-next: session: release forwarded ssh socket connection per connection. docker/engine#373
- Fix builder-next: llbsolver: error on multiple cache importers. docker/engine#373
Networking
- Fix various libnetwork issues for iptables, DNS queries, and more. docker/engine#330
Runtime
- Bump Golang to 1.12.10. docker/engine#387
- Bump containerd to 1.2.10. docker/engine#385
- Distribution: modify warning logic when pulling v2 schema1 manifests. docker/engine#368
- Fix
POST /images/create
returning a 500 status code when providing an incorrect platform option. docker/engine#365 - Fix
POST /build
returning a 500 status code when providing an incorrect platform option. docker/engine#365 - Fix panic on 32-bit ARMv7 caused by misaligned struct member. docker/engine#363
- Fix to return "invalid parameter" when linking to non-existing container. docker/engine#352
- Fix overlay2: busy error on mount when using kernel >= 5.2. docker/engine#332
- Fix
docker rmi
stuck in certain misconfigured systems, e.g. dead NFS share. docker/engine#335 - Fix handling of blocked I/O of exec'd processes. docker/engine#296
- Fix jsonfile logger: follow logs stuck when
max-size
is set andmax-file=1
. docker/engine#378
Client
- Mitigate against YAML files that have excessive aliasing. docker/cli#2119
19.03.2 (2019-08-29)
Builder
- Fix "COPY --from" to non-existing directory on Windows. moby/moby#39695
- Fix builder-next: metadata commands not having created time in history. moby/moby#39456
- Fix builder-next: close progress on layer export error. moby/moby#39782
- Update buildkit to 588c73e1e4. moby/moby#39781
Client
- Fix Windows absolute path detection on non-Windows. docker/cli#1990
- Fix to zsh completion script for
docker login --username
. - Fix context: produce consistent output on
context create
. docker/cli#1985 - Fix support for HTTP proxy env variable. docker/cli#2059
Logging
- Fix for reading journald logs. moby/moby#37819 moby/moby#38859
Networking
- Prevent panic on network attach to a container with disabled networking. moby/moby#39589
Runtime
- Bump Golang to 1.12.8.
- Fix a potential engine panic when using XFS disk quota for containers. moby/moby#39644
Swarm
- Fix an issue where nodes with lots of tasks could not be removed. docker/swarmkit#2867
19.03.1 (2019-07-25)
Runtime
- Fix CVE-2019-14271 loading of nsswitch based config inside chroot under Glibc.
19.03.0 (2019-07-22)
Deprecation
- Deprecate image manifest v2 schema1 in favor of v2 schema2. Future version of Docker will remove support for v2 schema1 altogether. moby/moby#39365
- Remove v1.10 migrator. moby/moby#38265
- Skip deprecated storage-drivers in auto-selection. moby/moby#38019
- Deprecate
aufs
storage driver and add warning. moby/moby#38090
Client
- Add
--pids-limit
flag todocker update
. docker/cli#1765 - Add systctl support for services. docker/cli#1754
- Add support for
template_driver
in composefiles. docker/cli#1746 - Add --device support for Windows. docker/cli#1606
- Data Path Port configuration support. docker/cli#1509
- Fast context switch: commands. docker/cli#1501
- Support --mount type=bind,bind-nonrecursive,... docker/cli#1430
- Add maximum replicas per node. docker/cli#1410 docker/cli#1612
- Add option to pull images quietly. docker/cli#882
- Add a separate
--domainname
flag. docker/cli#1130 - Add support for secret drivers in
docker stack deploy
. docker/cli#1783 - Add ability to use swarm
Configs
asCredentialSpecs
on services. docker/cli#1781 - Add
--security-opt systempaths=unconfined
support. docker/cli#1808 - Basic framework for writing and running CLI plugins. docker/cli#1564 docker/cli#1898
- Docker App v0.8.0. docker/docker-ce-packaging#341
- Docker buildx. docker/docker-ce-packaging#336
- Bump google.golang.org/grpc to v1.20.1. docker/cli#1884
- Cli change to pass driver specific options to docker run. docker/cli#1767
- Bump Golang 1.12.5. docker/cli#1875
- The
docker system info
output now segregates information relevant to the client and daemon. docker/cli#1638 - (Experimental) When targetting Kubernetes, add support for
x-pull-secret: some-pull-secret
in compose-files service configs. docker/cli#1617 - (Experimental) When targetting Kubernetes, add support for
x-pull-policy: <Never|Always|IfNotPresent>
in compose-files service configs. docker/cli#1617 - cp, save, export: Prevent overwriting irregular files. docker/cli#1515
- Allow npipe volume type on stack file. docker/cli#1195
- Fix tty initial size error. docker/cli#1529
- Fix labels copying value from environment variables. docker/cli#1671
API
- Update API version to v1.40. moby/moby#38089
- Add warnings to
/info
endpoint, and move detection to the daemon. moby/moby#37502 - Add HEAD support for
/_ping
endpoint. moby/moby#38570 - Add
Cache-Control
headers to disable caching/_ping
endpoint. moby/moby#38569 - Add containerd, runc, and docker-init versions to /version. moby/moby#37974
- Add undocumented
/grpc
endpoint and register BuildKit's controller. moby/moby#38990
Builder
- builder-next: allow setting buildkit outputs. docker/cli#1766
- builder-next: look for a Dockerfile specific dockerignore file (eg. Dockerfile.dockerignore) for ignored paths. docker/engine#215
- builder-next: automatically detect if process execution is possible for x86, arm and arm64 binaries. docker/engine#215
- builder-next: added inline cache support
--cache-from
. docker/engine#215 - builder-next: allow outputs configuration. moby/moby#38898
- builder-next: update buildkit to 1f89ec1. docker/engine#260
- builder-next: buildkit now also uses systemd's resolv.conf. docker/engine#260
- builder-next: use Dockerfile frontend version
docker/dockerfile:1.1
by default. docker/engine#215 - builder-next: no longer rely on an external image for COPY/ADD operations. docker/engine#215
- Builder: fix
COPY --from
should preserve ownership. moby/moby#38599 - builder-next: fix gcr workaround token cache. docker/engine#212
- builder-next: call stopprogress on download error. docker/engine#215
Experimental
- Enable checkpoint/restore of containers with TTY. moby/moby#38405
- LCOW: Add support for memory and CPU limits. moby/moby#37296
- Windows: Experimental: ContainerD runtime. moby/moby#38541
- Windows: Experimental: LCOW requires Windows RS5+. moby/moby#39108
Security
- mount: add BindOptions.NonRecursive (API v1.40). moby/moby#38003
- seccomp: whitelist
io_pgetevents()
. moby/moby#38895 - seccomp: allow
ptrace(2)
for 4.8+ kernels. moby/moby#38137
Runtime
- Allow running dockerd as a non-root user (Rootless mode). moby/moby#380050
- Rootless: optional support for
lxc-user-nic
SUID binary. docker/engine#208 - Add DeviceRequests to HostConfig to support NVIDIA GPUs. moby/moby#38828
- Add
--device
support for Windows. moby/moby#37638 - Add memory.kernelTCP support for linux. moby/moby#37043
- Making it possible to pass Windows credential specs directly to the engine. moby/moby#38777
- Add pids-limit support in docker update. moby/moby#32519
- Add support for exact list of capabilities. moby/moby#38380
- daemon: use 'private' ipc mode by default. moby/moby#35621
- daemon: switch to semaphore-gated WaitGroup for startup tasks. moby/moby#38301
- Use idtools.LookupGroup instead of parsing /etc/group file for docker.sock ownership to fix: api.go doesn't respect nsswitch.conf. moby/moby#38126
- cli: fix images filter when use multi reference filter. moby/moby#38171
- Bump Golang to 1.12.5. docker/engine#209
- Bump containerd to 1.2.6. moby/moby#39016
- Bump runc to 1.0.0-rc8, opencontainers/selinux v1.2.2. docker/engine#210
- Bump google.golang.org/grpc to v1.20.1. docker/engine#215
- Performance optimizations in aufs and layer store for massively parallel container creation/removal. moby/moby#39135 moby/moby#39209
- Pass root to chroot to for chroot Tar/Untar (CVE-2018-15664) moby/moby#39292
- Fix docker
--init
with/dev
bind mount. moby/moby#37665 - Fix: fetch the right device number when greater than 255 and using
--device-read-bps
option. moby/moby#39212 - Fix: "Path does not exist" error when path definitely exists. moby/moby#39251
- Fix: CVE-2018-15664 symlink-exchange attack with directory traversal. moby/moby#39357
- Fix CVE-2019-13509 in DebugRequestMiddleware: unconditionally scrub data field.
Networking
- Move IPVLAN driver out of experimental. moby/moby#38983 / docker/libnetwork#2230
- Network: add support for 'dangling' filter. moby/moby#31551
- Windows: Forcing a nil IP specified in PortBindings to IPv4zero (0.0.0.0). docker/libnetwork#2376
- Fix to make sure load balancer sandbox is deleted when a service is updated with
--network-rm
. docker/engine#213
Swarm
- Add support for maximum replicas per node. moby/moby#37940
- Add support for GMSA CredentialSpecs from Swarmkit configs. moby/moby#38632
- Add support for sysctl options in services. moby/moby#37701
- Add support for filtering on node labels. moby/moby#37650
- Windows: Support named pipe mounts in docker service create + stack yml. moby/moby#37400
- VXLAN UDP Port configuration support. moby/moby#38102
- Use Service Placement Constraints in Enforcer. docker/swarmkit#2857
- Increase max recv gRPC message size for nodes and secrets. docker/engine#256
Logging
- Enable gcplogs driver on windows. moby/moby#37717
- Add zero padding for RFC5424 syslog format. moby/moby#38335
- Add IMAGE_NAME attribute to journald log events. moby/moby#38032