From fc3b11a18c8e631d62dabccdf471a98ea4859fa6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Mon, 10 Feb 2025 17:47:44 +0100 Subject: [PATCH 1/9] update vale settings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paweł Gronowski --- _vale/Docker/Acronyms.yml | 4 ++++ _vale/config/vocabularies/Docker/accept.txt | 3 +++ 2 files changed, 7 insertions(+) diff --git a/_vale/Docker/Acronyms.yml b/_vale/Docker/Acronyms.yml index ca88d6c61d5..f8a3dc49fc6 100644 --- a/_vale/Docker/Acronyms.yml +++ b/_vale/Docker/Acronyms.yml @@ -12,6 +12,7 @@ exceptions: - AI - API - ARM + - ARP - ASP - AUFS - AWS @@ -30,6 +31,7 @@ exceptions: - CSV - CUDA - CVE + - DAD - DCT - DEBUG - DHCP @@ -55,6 +57,7 @@ exceptions: - GRUB - GTK - GUI + - GUID - HEAD - HTML - HTTP @@ -113,6 +116,7 @@ exceptions: - SCIM - SCM - SCSS + - SCTP - SDK - SLES - SLSA diff --git a/_vale/config/vocabularies/Docker/accept.txt b/_vale/config/vocabularies/Docker/accept.txt index d121035f1e4..c96cbe70539 100644 --- a/_vale/config/vocabularies/Docker/accept.txt +++ b/_vale/config/vocabularies/Docker/accept.txt @@ -64,6 +64,7 @@ Laradock Linux LinuxKit Logstash +MAC Mac Mail(chimp|gun) Microsoft @@ -183,6 +184,8 @@ musl nameserver namespace namespacing +netfilter +netlabel npm osquery osxfs From f0af94ed2d464a80193e787fe887588a5d0f460e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Thu, 30 Jan 2025 12:14:19 +0100 Subject: [PATCH 2/9] engine: 28.0.0 release notes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit moby: 8ca767963101763af2d8e44ea24ae0756adcfb05 cli: f7c3d1c796ca399e698e673e222f5c9c5469a8a0 Signed-off-by: Paweł Gronowski --- content/manuals/engine/release-notes/27.md | 4 - content/manuals/engine/release-notes/28.md | 947 +++++++++++++++++++++ 2 files changed, 947 insertions(+), 4 deletions(-) create mode 100644 content/manuals/engine/release-notes/28.md diff --git a/content/manuals/engine/release-notes/27.md b/content/manuals/engine/release-notes/27.md index 9761f4edcf8..75cac5c3e44 100644 --- a/content/manuals/engine/release-notes/27.md +++ b/content/manuals/engine/release-notes/27.md @@ -8,10 +8,6 @@ toc_max: 2 tags: - Release notes aliases: -- /engine/release-notes/ -- /engine/release-notes/latest/ -- /release-notes/docker-ce/ -- /release-notes/docker-engine/ - /engine/release-notes/27.1/ - /engine/release-notes/27.0/ --- diff --git a/content/manuals/engine/release-notes/28.md b/content/manuals/engine/release-notes/28.md new file mode 100644 index 00000000000..091c66f94b5 --- /dev/null +++ b/content/manuals/engine/release-notes/28.md @@ -0,0 +1,947 @@ +--- +title: Docker Engine version 28 release notes +linkTitle: Engine v28 +description: Learn about the new features, bug fixes, and breaking changes for Docker Engine +keywords: docker, docker engine, ce, whats new, release notes +toc_min: 1 +toc_max: 2 +tags: + - Release notes +aliases: +- /engine/release-notes/ +- /engine/release-notes/latest/ +- /release-notes/docker-ce/ +- /release-notes/docker-engine/ +- /engine/release-notes/28.0/ +--- + +This page describes the latest changes, additions, known issues, and fixes for Docker Engine version 28. + +For more information about: + +- Deprecated and removed features, see [Deprecated Engine Features](../deprecated.md). +- Changes to the Engine API, see [Engine API version history](/reference/api/engine/version-history.md). + +## 28.0.0 + +{{< release-date date="202X-xx-xx" >}} + +For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones: + +- [docker/cli, 28.0.0 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.0.0) +- [moby/moby, 28.0.0 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.0.0) +- Deprecated and removed features, see [Deprecated Features](https://github.com/docker/cli/blob/v28.0.0/docs/deprecated.md). +- Changes to the Engine API, see [API version history](https://github.com/moby/moby/blob/v28.0.0/docs/api/version-history.md). + +### New + +- Windows: add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. [moby/moby#47955](https://github.com/moby/moby/pull/47955) +- Add ability to mount an image inside a container via `--mount type=image`. [moby/moby#48798](https://github.com/moby/moby/pull/48798) +- `docker load`, `docker save`, and `docker history` now support a `--platform` flag allowing to choose a specific platform for single-platform operations on multi-platform images. [docker/cli#5331](https://github.com/docker/cli/pull/5331) +- Add `OOMScoreAdj` to `docker service create` and `docker stack`. [docker/cli#5145](https://github.com/docker/cli/pull/5145) +- `docker buildx prune` now supports `reserved-space`, `max-used-space` and `min-free-space`, `keep-bytes` filters. [moby/moby#48720](https://github.com/moby/moby/pull/48720) +- `docker images --tree` now shows metadata badges [docker/cli#5744](https://github.com/docker/cli/pull/5744) + + +### Bug fixes and enhancements + +- Add IPv6 loopback address as insecure registry by default. [moby/moby#48540](https://github.com/moby/moby/pull/48540) +- Add support for Cobra-generated completion scripts for `dockerd`. [moby/moby#49339](https://github.com/moby/moby/pull/49339) +- Fix DNS queries failing when containers are launched via `systemd` auto-start on boot [moby/moby#48812](https://github.com/moby/moby/pull/48812) +- Fix `docker export` continuing the export after the operation was canceled. [moby/moby#49265](https://github.com/moby/moby/pull/49265) +- Fix `docker export` not releasing the container's writable layer after a failure. [moby/moby#48517](https://github.com/moby/moby/pull/48517) +- Fix `docker images --tree` unnecessary truncating long image names when multiple names are available [docker/cli#5757](https://github.com/docker/cli/pull/5757) +- Fix a bug where a container with a name matching another container's ID would not be restored on daemon startup. [moby/moby#48669](https://github.com/moby/moby/pull/48669) +- Fix an issue preventing some IPv6 addresses shown by `docker ps` to be properly bracketed [docker/cli#5468](https://github.com/docker/cli/pull/5468) +- Fix bug preventing image pulls from being cancelled during `docker run`. [docker/cli#5645](https://github.com/docker/cli/pull/5645) +- Fix error-handling when running the daemon as a Windows service to prevent unclean exits. [moby/moby#48518](https://github.com/moby/moby/pull/48518) +- Fix issue causing output of `docker run` to be inconsistent when using `--attach stdout` or `--attach stderr` versus `stdin`. `docker run --attach stdin` now exits if the container exits. [docker/cli#5662](https://github.com/docker/cli/pull/5662) +- Fix rootless Docker setup with `subid` backed by NSS modules. [moby/moby#49036](https://github.com/moby/moby/pull/49036) +- Generated completion scripts from the CLI will now show descriptions next to each command/flag suggestion. [docker/cli#5756](https://github.com/docker/cli/pull/5756) +- IPv6 addresses shown by `docker ps` in port bindings are now bracketed [docker/cli#5363](https://github.com/docker/cli/pull/5363) +- Implement the ports validation method for compose [docker/cli#5524](https://github.com/docker/cli/pull/5524) +- Improve error-output for invalid flags on the command-line. [docker/cli#5233](https://github.com/docker/cli/pull/5233) +- Improve errors when failing to start a container using anther container's network namespace. [moby/moby#49367](https://github.com/moby/moby/pull/49367) +- Improve handling of invalid API errors that could result in an empty error message being presented to the user. [moby/moby#49373](https://github.com/moby/moby/pull/49373) +- Improve output and consistency for unknown (sub)commands and invalid arguments [docker/cli#5234](https://github.com/docker/cli/pull/5234) +- Improve validation of `exec-opts` in daemon configuration. [moby/moby#48979](https://github.com/moby/moby/pull/48979) +- Update the handling of the `--gpus=0` flag to be consistent with the NVIDIA Container Runtime. [moby/moby#48482](https://github.com/moby/moby/pull/48482) +- `client.ContainerCreate` now normalizes `CapAdd` and `CapDrop` fields in `HostConfig` to their canonical form. [moby/moby#48551](https://github.com/moby/moby/pull/48551) +- `docker image save` now produces stable timestamps. [moby/moby#48611](https://github.com/moby/moby/pull/48611) +- `docker inspect` now also allows inspecting swarm configs [docker/cli#5573](https://github.com/docker/cli/pull/5573) +- containerd image store: Add support for `Extracting` layer status in `docker pull`. [moby/moby#49064](https://github.com/moby/moby/pull/49064) +- containerd image store: Fix `commit`, `import` and `build` not preserving replaced image as a dangling. [moby/moby#48316](https://github.com/moby/moby/pull/48316) +- containerd image store: Make `docker load --platform` return an error when the requested platform wasn't loaded. [moby/moby#48718](https://github.com/moby/moby/pull/48718) + +### Packaging updates + +- Update Go runtime to [1.23.6](https://go.dev/doc/devel/release#go1.23.6). [docker/cli#5795](https://github.com/docker/cli/pull/5795), [moby/moby#49393](https://github.com/moby/moby/pull/49393), [docker/docker-ce-packaging#1161](https://github.com/docker/docker-ce-packaging/pull/1161) +- Update `runc` to [v1.2.4](https://github.com/opencontainers/runc/releases/tag/v1.2.4) [moby/moby#49238](https://github.com/moby/moby/pull/49238) +- Update containerd to [v1.7.25](https://github.com/containerd/containerd/releases/tag/v1.7.25). [moby/moby#49252](https://github.com/moby/moby/pull/49252) +- Update BuildKit to [v0.19.0](https://github.com/moby/buildkit/releases/tag/v0.19.0). [moby/moby#49315](https://github.com/moby/moby/pull/49315) +- Update Compose to [v2.32.4](https://github.com/docker/compose/releases/tag/v2.32.3). [docker/docker-ce-packaging#1143](https://github.com/docker/docker-ce-packaging/pull/1143) +- The canonical source for the `dockerd(8)` man page has been moved back to the `moby/moby` repository itself. [moby/moby#48298](https://github.com/moby/moby/pull/48298) + +### Go SDK + +- Improve validation of empty object IDs; the client now returns an "Invalid Parameter" error when trying to use an empty ID or name. This changes the error returned by some "Inspect" functions from a "Not found" error to an "Invalid Parameter". [moby/moby#49381](https://github.com/moby/moby/pull/49381) +- `Client.ImageBuild()` now omits default values from the API request's query string. [moby/moby#48651](https://github.com/moby/moby/pull/48651) +- `api/types/container`: merge `Stats` and `StatsResponse` [moby/moby#49287](https://github.com/moby/moby/pull/49287) +- `client.WithVersion`: strip v-prefix when setting API version [moby/moby#49352](https://github.com/moby/moby/pull/49352) +- `client`: Add `WithTraceOptions` allowing to specify custom OTEL trace options. [moby/moby#49415](https://github.com/moby/moby/pull/49415) +- `client`: add `HijackDialer` interface. [moby/moby#49388](https://github.com/moby/moby/pull/49388) +- `client`: add `SwarmManagementAPIClient` interface to describe all API client methods related to swarm-specific objects. [moby/moby#49388](https://github.com/moby/moby/pull/49388) +- `pkg/containerfs`: move to internal [moby/moby#48097](https://github.com/moby/moby/pull/48097) +- `pkg/reexec`: can now be used on platforms other than Linux, Windows, macOS and FreeBSD [moby/moby#49118](https://github.com/moby/moby/pull/49118) + +### API + +- Update API version to [v1.48](https://docs.docker.com/engine/api/v1.48/) [moby/moby#48476](https://github.com/moby/moby/pull/48476) +- `GET /images/{name}/json` response now will return the `Manifests` field containing information about the sub-manifests contained in the image index. This includes things like platform-specific manifests and build attestations. [moby/moby#48264](https://github.com/moby/moby/pull/48264) +- `POST /containers/create` now supports `Mount` of type `image` for mounting an image inside a container. [moby/moby#48798](https://github.com/moby/moby/pull/48798) +- `GET /images/{name}/history` now supports a `platform` parameter (JSON encoded OCI Platform type) that allows to specify a platform to show the history of. [moby/moby#48295](https://github.com/moby/moby/pull/48295) +- `POST /images/{name}/load` and `GET /images/{name}/get` now support a `platform` parameter (JSON encoded OCI Platform type) that allows to specify a platform to load/save. Not passing this parameter will result in loading/saving the full multi-platform image. [moby/moby#48295](https://github.com/moby/moby/pull/48295) +- Improve errors for invalid width/height on container resize and exec resize [moby/moby#48679](https://github.com/moby/moby/pull/48679) +- The `POST /containers/create` endpoint now includes a warning in the response when setting the container-wide `VolumeDriver` option in combination with volumes defined through `Mounts` because the `VolumeDriver` option has no effect on those volumes. This warning was previously generated by the CLI. [moby/moby#48789](https://github.com/moby/moby/pull/48789) +- containerd image store: `GET /images/json` and `GET /images/{name}/json` response now includes `Descriptor` field, which contains an OCI descriptor of the image target. The new field will only be populated if the daemon provides a multi-platform image store. [moby/moby#48894](https://github.com/moby/moby/pull/48894) +- containerd image store: `GET /containers/{name}/json` now returns an `ImageManifestDescriptor` field containing the OCI descriptor of the platform-specific image manifest of the image that was used to create the container. [moby/moby#48855](https://github.com/moby/moby/pull/48855) +- Add debug endpoints (`GET /debug/vars`, `GET /debug/pprof/`, `GET /debug/pprof/cmdline`, `GET /debug/pprof/profile`, `GET /debug/pprof/symbol`, `GET /debug/pprof/trace`, `GET /debug/pprof/{name}`) are now also accessible through the versioned-API paths (`/v/`). [moby/moby#49051](https://github.com/moby/moby/pull/49051) +- Fix API returning a `500` status code instead of `400` for validation errors. [moby/moby#49217](https://github.com/moby/moby/pull/49217) +- Fix status-codes for archive endpoints `HEAD /containers/{name:.*}/archive`, `GET /containers/{name:.*}/archive`, `PUT /containers/{name:.*}/archive` returning a `500` status instead of a `400` status. [moby/moby#49219](https://github.com/moby/moby/pull/49219) +- `POST /containers/create` now accepts a `writable-cgroups=true` option in `HostConfig.SecurityOpt` to mount the container's cgroups writable. This provides a more granular approach than `HostConfig.Privileged`. [moby/moby#48828](https://github.com/moby/moby/pull/48828) +- `POST /build/prune` renames `keep-bytes` to `reserved-space` and now supports additional prune parameters `max-used-space` and `min-free-space`. [moby/moby#48720](https://github.com/moby/moby/pull/48720) +- `POST /networks/create` now has an `EnableIPv4` field. Setting it to `false` disables IPv4 IPAM for the network. [moby/moby#48271](https://github.com/moby/moby/pull/48271) + - `GET /networks/{id}` now returns an `EnableIPv4` field showing whether the network has IPv4 IPAM enabled. [moby/moby#48271](https://github.com/moby/moby/pull/48271) + - User-defined bridge networks require either IPv4 or IPv6 address assignment to be enabled. IPv4 cannot be disabled for the default bridge network (`docker0`). [moby/moby#48323](https://github.com/moby/moby/pull/48323) + - `macvlan` and `ipvlan` networks can be created with address assignment disabled for IPv4, IPv6, or both address families. [moby/moby#48299](https://github.com/moby/moby/pull/48299) + - IPv4 cannot be disabled for Windows or Swarm networks. [moby/moby#48278](https://github.com/moby/moby/pull/48278) +- Add a way to specify which network should provide the default gateway for a container. [moby/moby#48936](https://github.com/moby/moby/pull/48936) + - `POST /networks/{id}/connect` and `POST /containers/create` now accept a `GwPriority` field in `EndpointsConfig`. This value is used to determine which network endpoint provides the default gateway for the container. The endpoint with the highest priority is selected. If multiple endpoints have the same priority, endpoints are sorted lexicographically by their network name, and the one that sorts first is picked. [moby/moby#48746](https://github.com/moby/moby/pull/48746) + - `GET /containers/json` now returns a `GwPriority` field in `NetworkSettings` for each network endpoint. The `GwPriority` field is used by the CLI’s new `gw-priority` option for `docker run` and `docker network connect`. [moby/moby#48746](https://github.com/moby/moby/pull/48746) +- Settings for `eth0` in `--sysctl` options are no longer automatically migrated to the network endpoint. [moby/moby#48746](https://github.com/moby/moby/pull/48746) + * For example, on the Docker command line Docker, `docker run --network mynet --sysctl net.ipv4.conf.eth0.log_martians=1 ...` will be rejected. Instead, you must use `docker run --network name=mynet,driver-opt=com.docker.network.endpoint.sysctls=net.ipv4.conf.IFNAME.log_martians=1 ...` + + +### Removed + +- The Fluent logger option `fluentd-async-connect` has been deprecated in v20.10 and is now removed. [moby/moby#46114](https://github.com/moby/moby/pull/46114) +- The `--time` option on `docker stop` and `docker restart` is deprecated and renamed to `--timeout`. [docker/cli#5485](https://github.com/docker/cli/pull/5485) +- Go-SDK: `pkg/ioutils`: remove `NewReaderErrWrapper` as it was never used. [moby/moby#49258](https://github.com/moby/moby/pull/49258) +- Go-SDK: `pkg/ioutils`: remove deprecated `BytesPipe`, `NewBytesPipe`, `ErrClosed`, `WriteCounter`, `NewWriteCounter`, `NewReaderErrWrapper`, `NopFlusher`. [moby/moby#49245](https://github.com/moby/moby/pull/49245) +- Go-SDK: `pkg/ioutils`: remove deprecated `NopWriter` and `NopWriteCloser`. [moby/moby#49256](https://github.com/moby/moby/pull/49256) +- Go-SDK: `pkg/sysinfo`: Remove deprecated NumCPU. [moby/moby#49242](https://github.com/moby/moby/pull/49242) +- Go-SDK: remove `pkg/broadcaster`, as it was only used internally [moby/moby#49172](https://github.com/moby/moby/pull/49172) +- Go-SDK: remove deprecated `cli.Errors` type [docker/cli#5549](https://github.com/docker/cli/pull/5549) +- Remove `pkg/ioutils.ReadCloserWrapper`, as it was only used in tests. [moby/moby#49237](https://github.com/moby/moby/pull/49237) +- Remove deprecated "api-cors-header" config parameter and the `dockerd` "--api-cors-header" option [moby/moby#48209](https://github.com/moby/moby/pull/48209) +- Remove deprecated `APIEndpoint.Version` field, `APIVersion` type, and `APIVersion1` and `APIVersion2` consts. [moby/moby#49004](https://github.com/moby/moby/pull/49004) +- Remove deprecated `api-cors-header` config parameter and the Docker daemon's `--api-cors-header` option. [docker/cli#5437](https://github.com/docker/cli/pull/5437) +- Remove deprecated `pkg/directory` package [moby/moby#48779](https://github.com/moby/moby/pull/48779) +- Remove deprecated `pkg/dmsg.Dmesg()` [moby/moby#48109](https://github.com/moby/moby/pull/48109) +- Remove deprecated image/spec package, which was moved to a separate module (`github.com/moby/docker-image-spec`) [moby/moby#48460](https://github.com/moby/moby/pull/48460) +- Remove migration code and errors for the deprecated `logentries` logging driver. [moby/moby#48891](https://github.com/moby/moby/pull/48891) +- Remove support for deprecated external graph-driver plugins. [moby/moby#48072](https://github.com/moby/moby/pull/48072) +- `api/types`: Remove deprecated `container.ContainerNode` and `ContainerJSONBase.Node` field. [moby/moby#48107](https://github.com/moby/moby/pull/48107) +- `api/types`: Remove deprecated aliases: `ImagesPruneReport`, `VolumesPruneReport`, `NetworkCreateRequest`, `NetworkCreate`, `NetworkListOptions`, `NetworkCreateResponse`, `NetworkInspectOptions`, `NetworkConnect`, `NetworkDisconnect`, `EndpointResource`, `NetworkResource`, `NetworksPruneReport`, `ExecConfig`, `ExecStartCheck`, `ContainerExecInspect`, `ContainersPruneReport`, `ContainerPathStat`, `CopyToContainerOptions`, `ContainerStats`, `ImageSearchOptions`, `ImageImportSource`, `ImageLoadResponse`, `ContainerNode`. [moby/moby#48107](https://github.com/moby/moby/pull/48107) +- `libnetwork/iptables`: remove deprecated `IPV`, `Iptables`, `IP6Tables` and `Passthrough()`. [moby/moby#49121](https://github.com/moby/moby/pull/49121) +- `pkg/archive`: remove deprecated `CanonicalTarNameForPath`, `NewTempArchive`, `TempArchive` [moby/moby#48708](https://github.com/moby/moby/pull/48708) +- `pkg/fileutils`: remove deprecated `GetTotalUsedFds` [moby/moby#49210](https://github.com/moby/moby/pull/49210) +- `pkg/ioutils`: remove `OnEOFReader`, which was only used internally [moby/moby#49170](https://github.com/moby/moby/pull/49170) +- `pkg/longpath`: remove deprecated `Prefix` constant. [moby/moby#48779](https://github.com/moby/moby/pull/48779) +- `pkg/stringid`: remove deprecated `IsShortID` and `ValidateID` functions [moby/moby#48705](https://github.com/moby/moby/pull/48705) +- `runconfig/opts`: remove deprecated `ConvertKVStringsToMap` [moby/moby#48102](https://github.com/moby/moby/pull/48102) +- `runconfig`: remove deprecated `ContainerConfigWrapper`, `SetDefaultNetModeIfBlank`, `DefaultDaemonNetworkMode`, `IsPreDefinedNetwork` [moby/moby#48102](https://github.com/moby/moby/pull/48102) +- `container`: remove deprecated `ErrNameReserved`, `ErrNameNotReserved`. [moby/moby#48728](https://github.com/moby/moby/pull/48728) +- daemon: remove `Daemon.ContainerInspectCurrent()` method and change `Daemon.ContainerInspect()` signature to accept a `backend.ContainerInspectOptions` struct [moby/moby#48672](https://github.com/moby/moby/pull/48672) +- daemon: remove deprecated `Daemon.Exists()` and `Daemon.IsPaused()` methods. [moby/moby#48723](https://github.com/moby/moby/pull/48723) + +### Deprecations + +- API: Deprecated: The `BridgeNfIptables` and `BridgeNfIp6tables` fields in the `GET /info` response are now always be `false` and will be omitted in API v1.49. The netfilter module is now loaded on-demand, and no longer during daemon startup, making these fields obsolete. [moby/moby#49114](https://github.com/moby/moby/pull/49114) +- Deprecate `Daemon.Register()`. This function is unused and will be removed in the next release. [moby/moby#48702](https://github.com/moby/moby/pull/48702) +- Deprecate `client.ImageInspectWithRaw` function in favor of the new `client.ImageInspect`. [moby/moby#48264](https://github.com/moby/moby/pull/48264) +- Deprecate `daemon/config.Config.ValidatePlatformConfig()`. This method was used as helper for `config.Validate`, which should be used instead. [moby/moby#48985](https://github.com/moby/moby/pull/48985) +- Deprecate `pkg/reexec`. This package is deprecated and moved to a separate module. Use `github.com/moby/sys/reexec` instead. [moby/moby#49129](https://github.com/moby/moby/pull/49129) +- Deprecate configuration for pushing non-distributable artifacts [docker/cli#5724](https://github.com/docker/cli/pull/5724) +- Deprecate the `--allow-nondistributable-artifacts` daemon flag and corresponding `allow-nondistributable-artifacts` field in `daemon.json`. Setting either option will no longer take an effect, but a deprecation warning log is added. [moby/moby#49065](https://github.com/moby/moby/pull/49065) +- Deprecate the `RegistryConfig.AllowNondistributableArtifactsCIDRs` and `RegistryConfig.AllowNondistributableArtifactsHostnames` fields in the `GET /info` API response. For API version v1.48 and older, the fields are still included in the response, but always `null`. In API version v1.49 and later, the field will be omitted entirely. [moby/moby#49065](https://github.com/moby/moby/pull/49065) +- Go SDK: deprecate `registry.ServiceOptions.AllowNondistributableArtifacts` field. [moby/moby#49065](https://github.com/moby/moby/pull/49065) +- Go SDK: the `BridgeNfIptables`, `BridgeNfIp6tables` fields in `api/types/system.Info` and `BridgeNFCallIPTablesDisabled`, `BridgeNFCallIP6TablesDisabled` fields in `pkg/sysinfo.SysInfo` are deprecated and will be removed in the next release. [moby/moby#49114](https://github.com/moby/moby/pull/49114) +- Go-SDK: `client`: deprecate `CommonAPIClient` interface in favor of the `APIClient` interface. The `CommonAPIClient` will be changed to an alias for `APIClient` in the next release, and removed in the release after. [moby/moby#49388](https://github.com/moby/moby/pull/49388) +- Go-SDK: `client`: deprecate `ErrorConnectionFailed` helper. This function was only used internally, and will be removed in the next release. [moby/moby#49389](https://github.com/moby/moby/pull/49389) +- Go-SDK: `pkg/ioutils`: deprecate `NewAtomicFileWriter`, `AtomicWriteFile`, `AtomicWriteSet`, `NewAtomicWriteSet` in favor of `pkg/atomicwriter` equivalents. [moby/moby#49171](https://github.com/moby/moby/pull/49171) +- Go-SDK: `pkg/sysinfo`: deprecate `NumCPU`. This utility has the same behavior as `runtime.NumCPU`. [moby/moby#49241](https://github.com/moby/moby/pull/49241) +- Go-SDK: `pkg/system`: deprecate `MkdirAll`. This function provided custom handling for Windows GUID volume paths. Handling for such paths is now supported by Go standard library in go1.22 and newer, and this function is now an alias for `os.MkdirAll`, which should be used instead. This alias will be removed in the next release. [moby/moby#49162](https://github.com/moby/moby/pull/49162) +- Go-SDK: deprecate `pkg/parsers.ParseKeyValueOpt`. [moby/moby#49177](https://github.com/moby/moby/pull/49177) +- Go-SDK: deprecate `pkg/parsers.ParseUintListMaximum`, `pkg/parsers.ParseUintList`. These utilities were only used internally and will be removed in the next release. [moby/moby#49222](https://github.com/moby/moby/pull/49222) +- Move `GraphDriverData` from `api/types` to `api/types/storage`. The old type is deprecated and will be removed in the next release. [moby/moby#48108](https://github.com/moby/moby/pull/48108) +- Move `RequestPrivilegeFunc` from `api/types` to `api/types/registry`. The old type is deprecated and will be removed in the next release. [moby/moby#48119](https://github.com/moby/moby/pull/48119) +- Move from `api/types` to `api/types/container` - `NetworkSettings`, `NetworkSettingsBase`, `DefaultNetworkSettings`, `SummaryNetworkSettings`, `Health`, `HealthcheckResult`, `NoHealthcheck`, `Starting`, `Healthy`, and `Unhealthy` constants, `MountPoint`, `Port`, `ContainerState`, `Container`, `ContainerJSONBase`, `ContainerJSON`, `ContainerNode`. The old types are deprecated and will be removed in the next release. [moby/moby#48108](https://github.com/moby/moby/pull/48108) +- Move from `api/types` to `api/types/image` - `ImageInspect`, `RootFS`. The old types are deprecated and will be removed in the next release. [moby/moby#48108](https://github.com/moby/moby/pull/48108) +- `ContainerdCommit.Expected`, `RuncCommit.Expected`, and `InitCommit.Expected` fields in the `GET /info` endpoint are deprecated and will be omitted in API v1.49. [moby/moby#48478](https://github.com/moby/moby/pull/48478) +- `api/types/registry`: Deprecate `ServiceConfig.AllowNondistributableArtifactsCIDRs` and `ServiceConfig.AllowNondistributableArtifactsHostnames` fields. These fields will be removed in the next release. [moby/moby#49065](https://github.com/moby/moby/pull/49065) +- `api/types/system/Commit.Expected` field is deprecated and should no longer be used. [moby/moby#48478](https://github.com/moby/moby/pull/48478) +- `daemon/graphdriver`: deprecate `GetDriver()` [moby/moby#48079](https://github.com/moby/moby/pull/48079) +- `libnetwork/iptables`: deprecate `Passthrough`. This function was only used internally, and will be removed in the next release. [moby/moby#49115](https://github.com/moby/moby/pull/49115) +- `pkg/directory.Size()` function is deprecated, an will be removed in the next release. [moby/moby#48057](https://github.com/moby/moby/pull/48057) +- `registry`: deprecate `APIEndpoint.TrimHostName`; hostname is now trimmed unconditionally for remote names. This field will be removed in the next release. [moby/moby#49005](https://github.com/moby/moby/pull/49005) +`allow-nondistributable-artifacts` field in `daemon.json`. Setting either option will no longer take an effect, but a deprecation warning log is added to raise awareness about the deprecation. This warning is planned to become an error in the next release. [moby/moby#49065](https://github.com/moby/moby/pull/49065) + + + +### Networking + +- The `docker-proxy` binary has been updated, older versions will not work with the updated `dockerd`. [moby/moby#48132](https://github.com/moby/moby/pull/48132) + - Close a window in which the userland proxy (`docker-proxy`) could accept TCP connections, that would then fail after `iptables` NAT rules were set up. + - The executable `rootlesskit-docker-proxy` is no longer used, it has been removed from the build and distribution. +- DNS nameservers read from the host's `/etc/resolv.conf` are now always accessed from the host's network namespace. [moby/moby#48290](https://github.com/moby/moby/pull/48290) + - When the host's `/etc/resolv.conf` contains no nameservers and there are no `--dns` overrides, Google's DNS servers are no longer used, apart from by the default bridge network and in build containers. +- Container interfaces in bridge and macvlan networks now use randomly generated MAC addresses. [moby/moby#48808](https://github.com/moby/moby/pull/48808) + - Gratuitous ARP / Neighbour Advertisement messages will be sent when the interfaces are started so that, when IP addresses are reused, they're associated with the newly generated MAC address. + - IPv6 addresses in the default bridge network are now IPAM-assigned, rather than being derived from the MAC address. +- The deprecated OCI `prestart` hook is now only used by build containers. For other containers, network interfaces are added to the network namespace after task creation is complete, before the container task is started. [moby/moby#47406](https://github.com/moby/moby/pull/47406) +- Add a new `gw-priority` option to `docker run`, `docker container create`, and `docker network connect`. This option will be used by the Engine to determine which network provides the default gateway for a container. On `docker run`, this option is only available through the extended `--network` syntax. [docker/cli#5664](https://github.com/docker/cli/pull/5664) +- Add a new netlabel `com.docker.network.endpoint.ifname` to customize the interface name used when connecting a container to a network. It's supported by all built-in network drivers on Linux. [moby/moby#49155](https://github.com/moby/moby/pull/49155) + - When a container is created with multiple networks specified, there's no guarantee on the order networks will be connected to the container. So, if a custom interface name uses the same prefix as the auto-generated names (e.g. `eth`), the container might fail to start. + - The recommended practice is to use a different prefix (e.g. `en0`), or a numerical suffix high enough to never collide (e.g. `eth100`). + - This label can be specified on `docker network connect` via the `--driver-opt` flag, e.g. `docker network connect --driver-opt=com.docker.network.endpoint.ifname=foobar …`. + - Or via the long-form `--network` flag on `docker run`, e.g. `docker run --network=name=bridge,driver-opt=com.docker.network.endpoint.ifname=foobar …` +- If a custom network driver reports capability `GwAllocChecker` then, before a network is created, it will get a `GwAllocCheckerRequest` with the network's options. The custom driver may then reply that no gateway IP address should be allocated. [moby/moby#49372](https://github.com/moby/moby/pull/49372) + +#### Port Publishing in Bridge Networks + +- `dockerd` now requires `ipset` support in the Linux kernel. [moby/moby#48596](https://github.com/moby/moby/pull/48596) + - The `iptables` and `ip6tables` rules used to implement port publishing and network isolation have been extensively modified. This enables some of the functional changes described below, and is a first step in refactoring to enable native `nftables` support in a future release. [moby/moby#48815](https://github.com/moby/moby/issues/48815) + - If it becomes necessary to downgrade to an earlier version of the daemon, some manual cleanup of the new rules will be necessary. The simplest and surest approach is to reboot the host, or use `iptables -F` and `ip6tables -F` to flush all existing `iptables` rules from the `filter` table before starting the older version of the daemon. When that is not possible, run the following commands as root: + - `iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT` + - `iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -j DOCKER; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -j DOCKER` + - If you were previously running with the iptables filter-FORWARD policy set to `ACCEPT` and need to restore access to unpublished ports, also delete per-bridge-network rules from the `DOCKER` chains. For example, `iptables -D DOCKER ! -i docker0 -o docker0 -j DROP`. +- Fix a security issue that was allowing remote hosts to connect directly to a container on its published ports. [moby/moby#49325](https://github.com/moby/moby/pull/49325) +- Fix a security issue that was allowing neighbor hosts to connect to ports mapped on a loopback address. [moby/moby#49325](https://github.com/moby/moby/pull/49325) +- Fix an issue that prevented port publishing to link-local addresses. [moby/moby#48570](https://github.com/moby/moby/pull/48570) +- UDP ports published by a container are now reliably accessible by containers on other networks, via the host's public IP address. [moby/moby#48571](https://github.com/moby/moby/pull/48571) +- docker will now only set the `ip6tables` policy for the `FORWARD` chain in the `filter` table to `DROP` if it enables IP forwarding on the host itself (sysctls `net.ipv6.conf.all.forwarding` and `net.ipv6.conf.default.forwarding`). This is now aligned with existing IPv4 behaviour. [moby/moby#48594](https://github.com/moby/moby/pull/48594) + - If IPv6 forwarding is enabled on your host, but you were depending on Docker to set the ip6tables filter-FORWARD policy to `DROP`, you may need to update your host's configuration to make sure it is secure. +- Direct routed access to container ports that are not exposed using `p`/`-publish` is now blocked in the `DOCKER` iptables chain. [moby/moby#48724](https://github.com/moby/moby/pull/48724) + - If the default iptables filter-FORWARD policy was previously left at `ACCEPT` on your host, and direct routed access to a container's unpublished ports from a remote host is still required, options are: + - Publish the ports you need. + - Use the new `gateway_mode_ipv[46]=nat-unprotected`, described below. + - Container ports published to host addresses will continue to be accessible via those host addresses, using NAT or the userland proxy. + - Unpublished container ports continue to be directly accessible from the Docker host via the container's IP address. +- Networks created with `gateway_mode_ipv[46]=routed` are now accessible from other bridge networks running on the same Docker host, as well as from outside the host. [moby/moby#48596](https://github.com/moby/moby/pull/48596) +- Bridge driver options `com.docker.network.bridge.gateway_mode_ipv4` and `com.docker.network.bridge.gateway_mode_ipv6` now accept mode `nat-unprotected`. [moby/moby#48597](https://github.com/moby/moby/pull/48597) + - `nat-unprotected` is similar to the default `nat` mode, but no per port/protocol rules are set up. This means any port on a container can be accessed by direct-routing from a remote host. +- Bridge driver options `com.docker.network.bridge.gateway_mode_ipv4` and `com.docker.network.bridge.gateway_mode_ipv6` now accept mode `isolated`, when the network is also `internal`. [moby/moby#49262](https://github.com/moby/moby/pull/49262) + - An address is normally assigned to the bridge device in an `internal` network. So, processes on the Docker host can access the network, and containers in the network can access host services listening on that bridge address (including services listening on "any" host address, `0.0.0.0` or `::`). + - An `internal` bridge network created with gateway mode `isolated` does not have an address on the Docker host. +- When a port mapping includes a host IP address or port number that cannot be used because NAT from the host is disabled using `--gateway_mode_ipv[46]`, container creation will no longer fail. The unused fields may be needed if the gateway endpoint changes when networks are connected or disconnected. A message about the unused fields will be logged. [moby/moby#48575](https://github.com/moby/moby/pull/48575) +- Do not create iptables nat-POSTROUTING masquerade rules for a container's own published ports, when the userland proxy is enabled. [moby/moby#48854](https://github.com/moby/moby/pull/48854) + +#### IPv6 + +- Add `docker network create` option `--ipv4`. To disable IPv4 address assignment for a network, use `docker network create --ipv4=false [...]`. [docker/cli#5599](https://github.com/docker/cli/pull/5599) +- Daemon option `--ipv6` (`"ipv6": true` in `daemon.json`) can now be used without `fixed-cidr-v6`. [moby/moby#48319](https://github.com/moby/moby/pull/48319) +- IPAM now handles subnets bigger than "/64". [moby/moby#49223](https://github.com/moby/moby/pull/49223) +- Duplicate address detection (DAD) is now disabled for addresses assigned to the bridges belonging to bridge networks. [moby/moby#48609](https://github.com/moby/moby/pull/48609) +- Modifications to `host-gateway`, for compatibility with IPv6-only networks. [moby/moby#48807](https://github.com/moby/moby/pull/48807) + - When special value `host-gateway` is used in an `--add-host` option in place of an address, it's replaced by an address on the Docker host to make it possible to refer to the host by name. The address used belongs to the default bridge (normally `docker0`). Until now it's always been an IPv4 address, because all containers on bridge networks had IPv4 addresses. + - Now, if IPv6 is enabled on the default bridge network, `/etc/hosts` entries will be created for IPv4 and IPv6 addresses. So, a container that's only connected to IPv6-only networks can access the host by name. + - The `--host-gateway-ip` option overrides the address used to replace `host-gateway`. Two of these options are now allowed on the command line, for one IPv4 gateway and one IPv6. + - In the `daemon.json` file, to provide two addresses, use `"host-gateway-ips"`. For example, `"host-gateway-ips": ["192.0.2.1", "2001:db8::1111"]`. + +#### Other changes + +- Fix validation of `--link` option. [docker/cli#5739](https://github.com/docker/cli/pull/5739) +- Add validation of network-diagnostic-port daemon configuration option. [moby/moby#49305](https://github.com/moby/moby/pull/49305) +- Unless explicitly configured, an IP address is no longer reserved for a gateway in cases where it is not required. Namely, “internal” bridge networks with option `com.docker.network.bridge.inhibit_ipv4`, `ipvlan` or `macvlan` networks with no parent interface, and L3 IPvlan modes. [moby/moby#49261](https://github.com/moby/moby/pull/49261) +- If a custom network driver reports capability `GwAllocChecker` then, before a network is created, it will get a `GwAllocCheckerRequest` with the network's options. The custom driver may then reply that no gateway IP address should be allocated. [moby/moby#49372](https://github.com/moby/moby/pull/49372) +- Fixed an issue that meant a container could not be attached to an L3 IPvlan at the same time as other network types. [moby/moby#49130](https://github.com/moby/moby/pull/49130) +- Remove the correct `/etc/hosts` entries when disconnecting a container from a network. [moby/moby#48857](https://github.com/moby/moby/pull/48857) +- Fix duplicate network disconnect events. [moby/moby#48800](https://github.com/moby/moby/pull/48800) +- Resolved issues related to changing `fixed-cidr` for `docker0`, and inferring configuration from a user-managed default bridge (`--bridge`). [moby/moby#48319](https://github.com/moby/moby/pull/48319) +- Removed feature flag `windows-dns-proxy`, introduced in release 26.1.0 to control forwarding to external DNS resolvers from Windows containers, to make `nslookup` work. It was enabled by default in release 27.0.0. [moby/moby#48738](https://github.com/moby/moby/pull/48738) +- Removed an `iptables` mangle rule for checksumming SCTP. The rule can be re-enabled by setting `DOCKER_IPTABLES_SCTP_CHECKSUM=1` in the daemon's environment. This override will be removed in a future release. [moby/moby#48149](https://github.com/moby/moby/pull/48149) +- Faster connection to bridge networks, in most cases. [moby/moby#49302](https://github.com/moby/moby/pull/49302) + + + + + + + + + + + + +### Rejected (backported or no impact label) + +- Add a couple of iptables rules to filter on the input interface for NAT port mappings. This will prevent rogue neighboring hosts from accessing port mappings that aren't published in the same subnet / L2 segment. +- Fix an issue that meant published ports from one container on a bridge network were not accessible from another container on the same network with `userland-proxy` disabled, if the kernel's `br_netfilter` module was not loaded and enabled. The daemon will now attempt to load the module and enable `bridge-nf-call-iptables` or `bridge-nf-call-ip6tables` when creating a network with the userland proxy disabled. [moby/moby#48676](https://github.com/moby/moby/pull/48676) +- Preserve network labels during daemon startup. [moby/moby#49196](https://github.com/moby/moby/pull/49196) +- Fix a bug that was preventing containers exposing a TCP port on the host to be restarted if it was accessed by another container (or from the host) shortly before. [moby/moby#48567](https://github.com/moby/moby/pull/48567) +- !TODO: fix some gofmt issues reported by goreportcard [moby/moby#48080](https://github.com/moby/moby/pull/48080) +- Fix "fail to register layer: failed to Lchown" errors when trying to pull an image with rootless enabled on a system that supports native overlay with user-namespaces. [moby/moby#48083](https://github.com/moby/moby/pull/48083) +- Fix a regression that incorrectly reported a port mapping from a host IPv6 address to an IPv4-only container as an error. [moby/moby#48088](https://github.com/moby/moby/pull/48088) +- !TODO: cleanup: Remove unnecessary return value [moby/moby#48095](https://github.com/moby/moby/pull/48095) +- !TODO: daemon/logger, volume/drivers: remove redundant import-aliases [moby/moby#48098](https://github.com/moby/moby/pull/48098) +- !TODO: errdefs: FromStatusCode(): use early returns [moby/moby#48100](https://github.com/moby/moby/pull/48100) +- !TODO: vendor: github.com/microsoft/hcsshim v0.11.7 [moby/moby#48091](https://github.com/moby/moby/pull/48091) +- !TODO: do another run of gofumpt [moby/moby#48081](https://github.com/moby/moby/pull/48081) +- !TODO: builder/builder-next: applySourcePolicies: remove redundant check and vars [moby/moby#48070](https://github.com/moby/moby/pull/48070) +- !TODO: pkg/rootless/specconv: move to internal [moby/moby#48110](https://github.com/moby/moby/pull/48110) +- api/types/system: remove deprecated Info.ExecutionDriver [moby/moby#48111](https://github.com/moby/moby/pull/48111) +- Upgrade containerd to v1.7.19 (static binaries only). [moby/moby#48117](https://github.com/moby/moby/pull/48117) +- !TODO: daemon/logger/journald: add //nolint:unused for readSyncTimeout [moby/moby#48115](https://github.com/moby/moby/pull/48115) +- This release updates the Go runtime to 1.21.11 which contains security fixes for [CVE-2024-24791](https://github.com/advisories/GHSA-hw49-2p59-3mhj) +Update Go runtime to 1.21.12 [moby/moby#48120](https://github.com/moby/moby/pull/48120) +- !TODO: update to go1.21.12 [part 2] [moby/moby#48121](https://github.com/moby/moby/pull/48121) +- !TODO: api/types/container: InspectResponse: keep old name for embedded type [moby/moby#48124](https://github.com/moby/moby/pull/48124) +- !TODO: vendor: update dependencies in preparation of BuildKit v0.15 [moby/moby#48127](https://github.com/moby/moby/pull/48127) +- !TODO: vendor: github.com/containerd/containerd v1.7.19, migrate to github.com/containerd/platforms module [moby/moby#47142](https://github.com/moby/moby/pull/47142) +- rootless: add `Requires=dbus.socket` [moby/moby#48134](https://github.com/moby/moby/pull/48134) +- !TODO: daemon/graphdriver: split, internalize packages to separate snapshotters and graphdrivers [moby/moby#48092](https://github.com/moby/moby/pull/48092) +- !TODO: vendor: update buildkit to v0.15.0-rc1 [moby/moby#48126](https://github.com/moby/moby/pull/48126) +- !TODO: Fix API version in TestSetInterfaceSysctl [moby/moby#48156](https://github.com/moby/moby/pull/48156) +- !TODO: docs/api: Add missing ` [moby/moby#48154](https://github.com/moby/moby/pull/48154) +- Update Buildkit to v0.15.0-rc2 [moby/moby#48150](https://github.com/moby/moby/pull/48150) +- Update Buildkit to v0.15.0 [moby/moby#48159](https://github.com/moby/moby/pull/48159) +- !TODO: all: switch to Go 1.19 atomics [moby/moby#48139](https://github.com/moby/moby/pull/48139) +- !TODO: Dockerfile: update compose to v2.28.1, update cli to v27.0.2 [moby/moby#48073](https://github.com/moby/moby/pull/48073) +- !TODO: update golangci-lint to v1.59.1 [moby/moby#48058](https://github.com/moby/moby/pull/48058) +- api/types: deprecate `ContainerJSONBase.Node` field and `ContainerNode` type. These definitions were used by the standalone ("classic") Swarm API, but never implemented in the Docker Engine itself. [moby/moby#48055](https://github.com/moby/moby/pull/48055) +- !TODO: daemon/graphdriver, layer: rename vars that shadowed imports [moby/moby#48071](https://github.com/moby/moby/pull/48071) +- Fix a regression that caused duplicate subnet allocations when creating networks. [moby/moby#48084](https://github.com/moby/moby/pull/48084) +- containerd integration: `image tag` event is now properly emitted when building images with Buildkit [moby/moby#48078](https://github.com/moby/moby/pull/48078) +- !TODO: daemon/graphdriver: remove Capabilities, CapabilityDriver [moby/moby#48143](https://github.com/moby/moby/pull/48143) +- !TODO: vendor: cloud.google.com/go/logging v1.9.0 [moby/moby#48165](https://github.com/moby/moby/pull/48165) +- !TODO: rm regexp use [moby/moby#48169](https://github.com/moby/moby/pull/48169) +- !TODO: README: replace obsolete Docker EE mention [moby/moby#48176](https://github.com/moby/moby/pull/48176) +- !TODO: Dockerfile: update buildx to v0.16.1, compose to v2.29.0 [moby/moby#48186](https://github.com/moby/moby/pull/48186) +- !TODO: gha: check-pr-branch: verify major version only [moby/moby#48177](https://github.com/moby/moby/pull/48177) +- !TODO: gha: check-pr-branch: fix branch check regression [moby/moby#48194](https://github.com/moby/moby/pull/48194) +- Upgrade containerd to v1.7.20 (static binaries only). [moby/moby#48190](https://github.com/moby/moby/pull/48190) +- !TODO: vendor: update moby/sys modules [moby/moby#48189](https://github.com/moby/moby/pull/48189) +- !TODO: vendor: github.com/containerd/containerd v1.7.20 [moby/moby#48188](https://github.com/moby/moby/pull/48188) +- !TODO: contrib/check-config.sh: remove special case for userns on CentOS/RHEL 7 [moby/moby#48212](https://github.com/moby/moby/pull/48212) +- Update BuildKit to v0.15.1 [moby/moby#48239](https://github.com/moby/moby/pull/48239) +- Fix a regression that could result in a `ResourceExhausted desc = grpc: received message larger than max` error when building from a large Dockerfile [moby/moby#48242](https://github.com/moby/moby/pull/48242) +- !TODO: images: Extract ImageInspect from GetImage [moby/moby#48240](https://github.com/moby/moby/pull/48240) +- !TODO: daemon: remove setMayDetachMounts (set may_detach_mounts=1 on startup) [moby/moby#48210](https://github.com/moby/moby/pull/48210) +- !TODO: daemon: isPermissibleC8dRuntimeName: use local utility to reduce c8d deps [moby/moby#48251](https://github.com/moby/moby/pull/48251) +- !TODO: daemon: remove unused import [moby/moby#48263](https://github.com/moby/moby/pull/48263) +- dockerd-rootless-setuptool.sh: move RootlessKit smoke test [moby/moby#48216](https://github.com/moby/moby/pull/48216) +- !TODO: vendor: github.com/gofrs/flock v0.12.1 [moby/moby#48234](https://github.com/moby/moby/pull/48234) +- !TODO: migrate to github.com/moby/sys/user/userns [moby/moby#48170](https://github.com/moby/moby/pull/48170) +- !TODO: vendor: github.com/moby/sys/sequential v0.6.0 [moby/moby#48198](https://github.com/moby/moby/pull/48198) +- Adjust GitHub actions permissions. [moby/moby#48262](https://github.com/moby/moby/pull/48262) +- !TODO: libnetwork/networkdb: switch to go-immutable-radix v2 [moby/moby#48157](https://github.com/moby/moby/pull/48157) +- !TODO: hack: explicitly control enabling the journald logging driver [moby/moby#47789](https://github.com/moby/moby/pull/47789) +- !TODO: plugin, api/types: fix typos and GoDoc [moby/moby#48279](https://github.com/moby/moby/pull/48279) +- !TODO: Improve documentation around maintenance, building, and packaging [moby/moby#46772](https://github.com/moby/moby/pull/46772) +- !TODO: daemon: assorted cleanups and minor improvements [moby/moby#48244](https://github.com/moby/moby/pull/48244) +- !TODO: libcontainerd/supervisor: remove remnants of adjusting oom-score [moby/moby#48252](https://github.com/moby/moby/pull/48252) +- !TODO: hack/make: suppress "not mounted" message [moby/moby#48272](https://github.com/moby/moby/pull/48272) +- n/a [moby/moby#48281](https://github.com/moby/moby/pull/48281) +- Update Go runtime to 1.21.13 [moby/moby#48300](https://github.com/moby/moby/pull/48300) +- !TODO: Makefile: Add BIND_GIT variable [moby/moby#48303](https://github.com/moby/moby/pull/48303) +- !TODO: touch-up security policy [moby/moby#48280](https://github.com/moby/moby/pull/48280) +- > `GET /images/json` response now includes `Manifests` field, which contains information about the sub-manifests included in the image index. This includes things like platform-specific manifests and build attestations. +> The new field will only be populated if the request also sets the `manifests` query parameter to `true`. +> [!WARNING] +> +> This is experimental and may change at any time without any backward compatibility. [moby/moby#47526](https://github.com/moby/moby/pull/47526) +- !TODO: Clean up networks in 'integration/network' tests [moby/moby#48217](https://github.com/moby/moby/pull/48217) +- !TODO: vendor: golang.org/x/time v0.5.0, google.golang.org/grpc v1.62.0 [moby/moby#48283](https://github.com/moby/moby/pull/48283) +- !TODO: vendor: github.com/containerd/nydus-snapshotter v0.14.0 [moby/moby#48288](https://github.com/moby/moby/pull/48288) +- !TODO: c8d/image: Simplify `presentImages` and better "platform not found" error [moby/moby#48276](https://github.com/moby/moby/pull/48276) +- !TODO: c8d/list: Fix `Total` size calculation [moby/moby#48330](https://github.com/moby/moby/pull/48330) +- Update BuildKit to v0.15.2 [moby/moby#48340](https://github.com/moby/moby/pull/48340) +- !TODO: fix deprecation comments, and update some godoc [moby/moby#48324](https://github.com/moby/moby/pull/48324) +- !TODO: c8d/list: Don't require `opts.ContainerCount` for manifest containers [moby/moby#48345](https://github.com/moby/moby/pull/48345) +- !TODO: feat(stream): log the event when stream copy failed [moby/moby#48334](https://github.com/moby/moby/pull/48334) +- !TODO: vendor.mod: github.com/microsoft/hcsshim v0.12.5 [moby/moby#48174](https://github.com/moby/moby/pull/48174) +- !TODO: integration/container: rename var that collided with import [moby/moby#48351](https://github.com/moby/moby/pull/48351) +- !TODO: libcontainerd/supervisor: consolidate platform-specific defaults [moby/moby#48353](https://github.com/moby/moby/pull/48353) +- !TODO: Dockerfile: update xx to v1.5.0 [moby/moby#48261](https://github.com/moby/moby/pull/48261) +- !TODO: libcontainerd/supervisor: set log-level through the config-file [moby/moby#48355](https://github.com/moby/moby/pull/48355) +- !TODO: vendor: tags.cncf.io/container-device-interface v0.8.0 [moby/moby#48371](https://github.com/moby/moby/pull/48371) +- !TODO: libnetwork: resolvconf: remove dependency on errdefs [moby/moby#48370](https://github.com/moby/moby/pull/48370) +- !TODO: c8d/list: Fix race condition when traversing containers [moby/moby#48367](https://github.com/moby/moby/pull/48367) +- !TODO: vendor: dario.cat/mergo v1.0.1 [moby/moby#48372](https://github.com/moby/moby/pull/48372) +- containerd image store: Fix early error exit from `docker load` in cases where unpacking the image would fail [moby/moby#48293](https://github.com/moby/moby/pull/48293) +- containerd image store: Fix the previous image not being persisted as dangling after `docker pull`. [moby/moby#48374](https://github.com/moby/moby/pull/48374) +- Update containerd (static binaries only) to [v1.7.21](https://github.com/containerd/containerd/releases/tag/v1.7.21) [moby/moby#48382](https://github.com/moby/moby/pull/48382) +- !TODO: vendor: github.com/vishvananda/netlink v1.3.0 [moby/moby#48368](https://github.com/moby/moby/pull/48368) +- !TODO: Fix linting issues in preparation of Go and GolangCI-lint update [moby/moby#48359](https://github.com/moby/moby/pull/48359) +- !TODO: libnetwork/portallocator: assorted cleanups [moby/moby#48373](https://github.com/moby/moby/pull/48373) +- !TODO: vendor.mod: golang.org/x/* latest [moby/moby#48398](https://github.com/moby/moby/pull/48398) +- containerd image store: Fix non-container images being hidden in the `docker images` output [moby/moby#48399](https://github.com/moby/moby/pull/48399) +- !TODO: govulncheck to report known vulnerabilities [moby/moby#48311](https://github.com/moby/moby/pull/48311) +- !TODO: Dockerfile: update registry to v3.0.0-beta.1 [moby/moby#48403](https://github.com/moby/moby/pull/48403) +- !TODO: add Austin Vazquez (austinvazquez) to curators [moby/moby#48310](https://github.com/moby/moby/pull/48310) +- !TODO: remove leftovers for building docker-proxy on Windows [moby/moby#48318](https://github.com/moby/moby/pull/48318) +- !TODO: migrate to github.com/moby/sys/userns [moby/moby#48307](https://github.com/moby/moby/pull/48307) +- !TODO: api/swagger: fix x-nullable for SystemInfo.Containerd (api v1.46) [moby/moby#48275](https://github.com/moby/moby/pull/48275) +- !TODO: man: create parent directories in install recipe [moby/moby#48388](https://github.com/moby/moby/pull/48388) +- !TODO: hack/make/.binary: enable pie mode on windows/arm64 [moby/moby#48421](https://github.com/moby/moby/pull/48421) +- containerd image store: Improve `docker pull` error message when the image platform doesn't match [moby/moby#48414](https://github.com/moby/moby/pull/48414) +- update to go1.22.6 [moby/moby#46982](https://github.com/moby/moby/pull/46982) +- !TODO: add more //go:build directives to prevent downgrading to go1.16 [moby/moby#48434](https://github.com/moby/moby/pull/48434) +- !TODO: gha/bin-image: Also run on branches like `27.x` [moby/moby#48450](https://github.com/moby/moby/pull/48450) +- !TODO: container/stream: Config.CloseStreams(): use errors.Join [moby/moby#48435](https://github.com/moby/moby/pull/48435) +- !TODO: vendor: update buildkit to v0.16.0-rc1 [moby/moby#48309](https://github.com/moby/moby/pull/48309) +- !TODO: vendor: github.com/opencontainers/runc v1.1.14 [moby/moby#48425](https://github.com/moby/moby/pull/48425) +- Update Go to 1.22.7 [moby/moby#48432](https://github.com/moby/moby/pull/48432) +- Add support for RISC-V (riscv64) architecture in Docker's seccomp profile handling. [moby/moby#48455](https://github.com/moby/moby/pull/48455) +- !TODO: vendor: update buildkit to v0.16.0 [moby/moby#48472](https://github.com/moby/moby/pull/48472) +- When reading logs with the `jsonfile` or `local` log drivers, any errors while trying to read or parse underlying log files will cause the rest of the file to be skipped and move to the next log file (if one exists) rather than returning an error to the client and closing the stream. +The errors are viewable in the dockerd logs and exported to traces when tracing is configured. + +When reading log files, compressed log files are now only decompressed when needed rather than decompressing all files before starting the log stream. [moby/moby#47983](https://github.com/moby/moby/pull/47983) +- !TODO: internal/unix_noeintr: fix godoc for package [moby/moby#48453](https://github.com/moby/moby/pull/48453) +- !TODO: api/swagger: update deprecation version for erroneous fields [moby/moby#48446](https://github.com/moby/moby/pull/48446) +- Upgrade `runc` to [v1.1.14](https://github.com/opencontainers/runc/releases/tag/v1.1.14), which contains a fix for [CVE-2024-45310](https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv). [moby/moby#48424](https://github.com/moby/moby/pull/48424) +- !TODO: Fix typos [moby/moby#48393](https://github.com/moby/moby/pull/48393) +- Update containerd (static binaries only) to [v1.7.22](https://github.com/containerd/containerd/releases/tag/v1.7.22) [moby/moby#48458](https://github.com/moby/moby/pull/48458) +- !TODO: docs/api: add documentation for API v1.47 [moby/moby#48422](https://github.com/moby/moby/pull/48422) +- !TODO: integration/system: rename vars to prevent shadowing imports [moby/moby#48473](https://github.com/moby/moby/pull/48473) +- !TODO: api: swagger: fix documentation for image push endpoint [moby/moby#48443](https://github.com/moby/moby/pull/48443) +- Update Buildkit to v0.16.0-rc2 [moby/moby#48456](https://github.com/moby/moby/pull/48456) +- !TODO: project: update 23.0 EOL and add 25.0 LTM branch [moby/moby#48474](https://github.com/moby/moby/pull/48474) +- !TODO: update RootlessKit to v2.3.1 [moby/moby#48172](https://github.com/moby/moby/pull/48172) +- Add a `--feature` flag to the daemon options. [moby/moby#48167](https://github.com/moby/moby/pull/48167) +- !TODO: TestIPRangeAt64BitLimit: remove colon after XFAIL to help grepping [moby/moby#48480](https://github.com/moby/moby/pull/48480) +- containerd integration: Fix `docker image prune -a` untagging images used by containers started from images referenced by a digested reference. [moby/moby#48076](https://github.com/moby/moby/pull/48076) +- !TODO: image/tarexport: fix some minor linting issues [moby/moby#48467](https://github.com/moby/moby/pull/48467) +- !TODO: layer: layerStore.deleteLayer(): remove redundant error-check [moby/moby#48461](https://github.com/moby/moby/pull/48461) +- !TODO: man: update dockerd man-page to include --feature flag [moby/moby#48486](https://github.com/moby/moby/pull/48486) +- !TODO: Dockerfile: Update CLI, buildx and compose [moby/moby#48475](https://github.com/moby/moby/pull/48475) +- n/a [moby/moby#48497](https://github.com/moby/moby/pull/48497) +- !TODO: man: remove docs for deprecated --api-cors-header [moby/moby#48504](https://github.com/moby/moby/pull/48504) +- !TODO: dockerd: fix docs, improve validation and improve coverage of "--feature" flag [moby/moby#48502](https://github.com/moby/moby/pull/48502) +- Fix an issue that prevented communication between containers on an IPv4 bridge network +when running with `--iptables=false`, `--ip6tables=true` (the default), a firewall with a +DROP rule for forwarded packets on hosts where the `br_netfilter` kernel module was not +normally loaded. [moby/moby#48492](https://github.com/moby/moby/pull/48492) +- !TODO: man: dockerd: add description for --log-format option [moby/moby#48505](https://github.com/moby/moby/pull/48505) +- !TODO: cmd/dockerd: runDaemon: extract platform-agnostic code [moby/moby#48519](https://github.com/moby/moby/pull/48519) +- !TODO: gha: govulncheck: make sure read permissions are set [moby/moby#48524](https://github.com/moby/moby/pull/48524) +- !TODO: gha: add CodeQL Analysis workflow [moby/moby#47034](https://github.com/moby/moby/pull/47034) +- !TODO: libnet/ds, libnet/config: various cleanups [moby/moby#47992](https://github.com/moby/moby/pull/47992) +- !TODO: cmd/dockerd: assorted changes to improve context-passing, config loading [moby/moby#47412](https://github.com/moby/moby/pull/47412) +- !TODO: cmd/dockerd: use golang.org/x/sys/windows/service param-change consts [moby/moby#48513](https://github.com/moby/moby/pull/48513) +- n/a [moby/moby#48407](https://github.com/moby/moby/pull/48407) +- !TODO: Dockerfile: update buildx to v0.17.1, compose to v2.29.4 [moby/moby#48509](https://github.com/moby/moby/pull/48509) +- !TODO: daemon/exec: don't overwrite exit code if set [moby/moby#48552](https://github.com/moby/moby/pull/48552) +- Update Go runtime to 1.22.8 [moby/moby#48573](https://github.com/moby/moby/pull/48573) +- !TODO: integration: Add tests for port mappings [moby/moby#48545](https://github.com/moby/moby/pull/48545) +- !TODO: api: postImagesLoad: fix API version for platform [moby/moby#48588](https://github.com/moby/moby/pull/48588) +- !TODO: gha: buildkit: make sure expected Go version is installed [moby/moby#48615](https://github.com/moby/moby/pull/48615) +- !TODO: vendor assorted dependencies in preparation of BuildKit v0.17 [moby/moby#48613](https://github.com/moby/moby/pull/48613) +- !TODO: integration/build: remove TestBuildWithSession, and fsutil direct dependency [moby/moby#48628](https://github.com/moby/moby/pull/48628) +- !TODO: gha: add guardrails timeouts on all jobs [moby/moby#48629](https://github.com/moby/moby/pull/48629) +- !TODO: gha: remove stray double empty line [moby/moby#48636](https://github.com/moby/moby/pull/48636) +- Update BuildKit to [v0.17.0-rc1](https://github.com/moby/buildkit/releases/tag/v0.17.0-rc1) [moby/moby#48634](https://github.com/moby/moby/pull/48634) +- !TODO: gha: restrict cross and bin-image to 20 minutes [moby/moby#48645](https://github.com/moby/moby/pull/48645) +- !TODO: Touch-up some errors for missing platforms [moby/moby#48631](https://github.com/moby/moby/pull/48631) +- !TODO: gha: more limits, update alpine version, and some minor improvements [moby/moby#48654](https://github.com/moby/moby/pull/48654) +- !TODO: builder/builder-next: Builder.Build: use network-mode consts [moby/moby#48652](https://github.com/moby/moby/pull/48652) +- !TODO: docs: api: document w (width) and h (height) query params as required [moby/moby#48663](https://github.com/moby/moby/pull/48663) +- !TODO: update links to API documentation [moby/moby#48653](https://github.com/moby/moby/pull/48653) +- n/a [moby/moby#48598](https://github.com/moby/moby/pull/48598) +- !TODO: container/integration: TestResize: add more test-cases, and add TestExecResize [moby/moby#48665](https://github.com/moby/moby/pull/48665) +- !TODO: daemon: killWithSignal: use more structured logs [moby/moby#48673](https://github.com/moby/moby/pull/48673) +- container: deprecate ErrNameReserved, ErrNameNotReserved [moby/moby#48668](https://github.com/moby/moby/pull/48668) +- !TODO: README: add some badges [moby/moby#48655](https://github.com/moby/moby/pull/48655) +- !TODO: api/server/httputils: DecodePlatform: improve test-coverage [moby/moby#48680](https://github.com/moby/moby/pull/48680) +- !TODO: distribution: remove formatPlatform utility [moby/moby#48682](https://github.com/moby/moby/pull/48682) +- !TODO: build: create distinct history db for each store [moby/moby#48565](https://github.com/moby/moby/pull/48565) +- !TODO: vendor: github.com/moby/swarmkit/v2 v2.0.0-20241017191044-e8ecf83ee08e [moby/moby#48686](https://github.com/moby/moby/pull/48686) +- !TODO: ci: run integration tests with firewalld enabled [moby/moby#48603](https://github.com/moby/moby/pull/48603) +- Fix a possible memory leak caused by OTEL meters [moby/moby#48690](https://github.com/moby/moby/pull/48690) +- dockerd-rootless-setuptool.sh: let --force ignore smoke test errors [moby/moby#48683](https://github.com/moby/moby/pull/48683) +- !TODO: volume/service: change some logs to use structured logs [moby/moby#48675](https://github.com/moby/moby/pull/48675) +- api: `GET /images/json` with the `manifests` option enabled now preserves the original order in which manifests appeared in the manifest-index. [moby/moby#48701](https://github.com/moby/moby/pull/48701) +- After a daemon restart with live-restore, ensure an iptables jump to the DOCKER-USER chain is placed before other rules. [moby/moby#48577](https://github.com/moby/moby/pull/48577) +- !TODO: pkg/stringid: replace TestShortenIdXXX with TestTruncateID table test [moby/moby#48707](https://github.com/moby/moby/pull/48707) +- !TODO: daemon: Daemon.newContainer: inline Daemon.generateHostname [moby/moby#48704](https://github.com/moby/moby/pull/48704) +- !TODO: pkg/stringid: optimize GenerateRandomID [moby/moby#48706](https://github.com/moby/moby/pull/48706) +- daemon: deprecate `Daemon.Exists()` and `Daemon.IsPaused()`. These functions are no longer used and will be removed in the next release. [moby/moby#48670](https://github.com/moby/moby/pull/48670) +- !TODO: Increase flaky test sleep, replace deprecated assert [moby/moby#48417](https://github.com/moby/moby/pull/48417) +- !TODO: vendor: go.etcd.io/etcd v3.5.16, go.etcd.io/etcd/server/v3 v3.5.16 [moby/moby#48650](https://github.com/moby/moby/pull/48650) +- !TODO: daemon: use OwnCgroupPath in withCgroups [moby/moby#48730](https://github.com/moby/moby/pull/48730) +- !TODO: client.ContainerCreate: use container.CreateRequest instead of local type [moby/moby#48553](https://github.com/moby/moby/pull/48553) +- !TODO: client: explicitly return zero-type on failures in prune functions [moby/moby#48713](https://github.com/moby/moby/pull/48713) +- !TODO: Dockerfile: update docker CLI to v27.3.1, compose to v2.29.7 [moby/moby#48537](https://github.com/moby/moby/pull/48537) +- Support WSL2 mirrored-mode networking's use of interface `loopback0` for packets from the Windows host. [moby/moby#48075](https://github.com/moby/moby/pull/48075) +- !TODO: runconfig: validateNetContainerMode: simplify validation [moby/moby#48554](https://github.com/moby/moby/pull/48554) +- !TODO: daemon: remove Daemon.containerRoot, Daemon.newBaseContainer [moby/moby#48725](https://github.com/moby/moby/pull/48725) +- !TODO: Update download-frozen-image-v2.sh added OCI v1 support (carry 48533) [moby/moby#48546](https://github.com/moby/moby/pull/48546) +- !TODO: vendor: github.com/cyphar/filepath-securejoin v0.3.4 [moby/moby#48732](https://github.com/moby/moby/pull/48732) +- !TODO: daemon: remove configsSupported, secretsSupported utilities [moby/moby#48703](https://github.com/moby/moby/pull/48703) +- !TODO: vendor: github.com/cilium/ebpf v0.16.0 [moby/moby#48735](https://github.com/moby/moby/pull/48735) +- !TODO: vendor: github.com/opencontainers/selinux v1.11.1 [moby/moby#48741](https://github.com/moby/moby/pull/48741) +- !TODO: vendor: google.golang.org/protobuf v1.34.2 [moby/moby#48751](https://github.com/moby/moby/pull/48751) +- !TODO: container: update confusing GoDoc for Container and State [moby/moby#48726](https://github.com/moby/moby/pull/48726) +- !TODO: client: prevent idle connections leaking FDs [moby/moby#48736](https://github.com/moby/moby/pull/48736) +- !TODO: vendor: github.com/prometheus/client_golang v1.20.5 [moby/moby#48753](https://github.com/moby/moby/pull/48753) +- !TODO: vendor: github.com/go-logr/logr v1.4.2, github.com/cenkalti/backoff/v4 v4.3.0 [moby/moby#48752](https://github.com/moby/moby/pull/48752) +- Fix anonymous volumes being created through the `--mount` option not being marked as anonymous. [moby/moby#48754](https://github.com/moby/moby/pull/48754) +- !TODO: demon: ImageService.Mount: use structured logs [moby/moby#48770](https://github.com/moby/moby/pull/48770) +- !TODO: vendor: github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 [moby/moby#48750](https://github.com/moby/moby/pull/48750) +- !TODO: inte/t/networking: delete veth ifaces before netns [moby/moby#48749](https://github.com/moby/moby/pull/48749) +- !TODO: api/types/filters: GetBoolOrDefault: remove unreachableCode [moby/moby#48745](https://github.com/moby/moby/pull/48745) +- !TODO: volume: VolumesService.Create: fix log-level for debug logs [moby/moby#48767](https://github.com/moby/moby/pull/48767) +- !TODO: internal/safepath: log some unhandled errors, and remove workaround for ECI / Sysbox [moby/moby#48774](https://github.com/moby/moby/pull/48774) +- !TODO: Update tmLanguage file to cover first escape character [moby/moby#36766](https://github.com/moby/moby/pull/36766) +- !TODO: daemon: cdiHandler.getErrors: remove var that shadowed import [moby/moby#48771](https://github.com/moby/moby/pull/48771) +- !TODO: remove redundant alias for runtime-spec [moby/moby#48769](https://github.com/moby/moby/pull/48769) +- !TODO: volume/mounts: minor linting issues, touch-ups, and improve test-coverage [moby/moby#48776](https://github.com/moby/moby/pull/48776) +- TODO add change-log for buildkit changes [moby/moby#48792](https://github.com/moby/moby/pull/48792) +- !TODO: builder-next: exporter: emptyImageConfig: use platform directly [moby/moby#48794](https://github.com/moby/moby/pull/48794) +- !TODO: hack/unit: Rerun failed flaky libnetwork tests [moby/moby#47553](https://github.com/moby/moby/pull/47553) +- !TODO: vendor: github.com/Microsoft/hcsshim v0.12.7 [moby/moby#48790](https://github.com/moby/moby/pull/48790) +- !TODO: vendor: go.opentelemetry.io/otel v1.28.0, go.opentelemetry.io/contrib v0.53.0 [moby/moby#48757](https://github.com/moby/moby/pull/48757) +- !TODO: volume/service: use local driver as default for anonymous volumes [moby/moby#48775](https://github.com/moby/moby/pull/48775) +- containerd image store: Fix `docker image inspect` outputting duplicate references in `RepoDigests`. [moby/moby#48777](https://github.com/moby/moby/pull/48777) +- !TODO: Revert "ci: run integration tests with firewalld enabled" [moby/moby#48788](https://github.com/moby/moby/pull/48788) +- !TODO: client: Client.ImageHistory: don't decorate error twice, and improve tests [moby/moby#48819](https://github.com/moby/moby/pull/48819) +- !TODO: libnetwork: endpointJoinInfo.UnmarshalJSON: fix shadowed variable (go… [moby/moby#48822](https://github.com/moby/moby/pull/48822) +- !TODO: vendor: github.com/containerd/containerd v1.7.23, hcsshim v0.12.8 [moby/moby#48544](https://github.com/moby/moby/pull/48544) +- !TODO: fix, and update golangci-lint config, and fix some linting issues [moby/moby#48824](https://github.com/moby/moby/pull/48824) +- !TODO: api/swagger: Improve description for platform in images/push [moby/moby#48357](https://github.com/moby/moby/pull/48357) +- !TODO: vendor: github.com/containerd/typeurl v2.2.3 [moby/moby#48827](https://github.com/moby/moby/pull/48827) +- !TODO: golangci: enable all govet linters, run gosec on tests as well [moby/moby#48825](https://github.com/moby/moby/pull/48825) +- !TODO: all: Remove redundant `units` alias for `go-units` [moby/moby#48834](https://github.com/moby/moby/pull/48834) +- Update BuildKit to v0.17.1 [moby/moby#48836](https://github.com/moby/moby/pull/48836) +- !TODO: Registry host configuration cleanup [moby/moby#47380](https://github.com/moby/moby/pull/47380) +- Update BuildKit to v0.17.0 [moby/moby#48801](https://github.com/moby/moby/pull/48801) +- !TODO: client: add utilities to encode platforms [moby/moby#48806](https://github.com/moby/moby/pull/48806) +- !TODO: c8d/save: Add tests [moby/moby#48722](https://github.com/moby/moby/pull/48722) +- deprecate pkg/platform: this package is only used internally, and will be removed in the next release. [moby/moby#48862](https://github.com/moby/moby/pull/48862) +- !TODO: Dockerfile: update registry to v3.0.0-rc.1 [moby/moby#48848](https://github.com/moby/moby/pull/48848) +- !TODO: ci: re-add firewalld jobs [moby/moby#48756](https://github.com/moby/moby/pull/48756) +- !TODO: update go:build tags to use go1.22, and enable copyloopvar linter [moby/moby#48856](https://github.com/moby/moby/pull/48856) +- !TODO: fix missing go:build tags [moby/moby#48884](https://github.com/moby/moby/pull/48884) +- !TODO: EnableIPv4 will be in API 1.48, not 1.47 [moby/moby#48888](https://github.com/moby/moby/pull/48888) +- !TODO: daemon/logger: logDriverError: use WithFields for logs [moby/moby#48887](https://github.com/moby/moby/pull/48887) +- !TODO: client: improve/refactor some unit-tests and add "platform" test-cases to them [moby/moby#48896](https://github.com/moby/moby/pull/48896) +- !TODO: Move Austin Vazquez (austinvazquez) to maintainers [moby/moby#48873](https://github.com/moby/moby/pull/48873) +- !TODO: Makefile: don't automatically inherit graph-driver from host [moby/moby#48895](https://github.com/moby/moby/pull/48895) +- !TODO: vendor: google.golang.org/grpc v1.66.3 [moby/moby#48898](https://github.com/moby/moby/pull/48898) +- !TODO: client: support multiple platforms on save and load [moby/moby#48902](https://github.com/moby/moby/pull/48902) +- !TODO: hack: Add explicit containerd feature to `daemon.json` [moby/moby#48860](https://github.com/moby/moby/pull/48860) +- !TODO: Dockerfile: update buildx to v0.18.0, compose to v2.30.3 [moby/moby#48866](https://github.com/moby/moby/pull/48866) +- Upgrade `runc` to [v1.2.2](https://github.com/opencontainers/runc/releases/tag/v1.2.2) [moby/moby#47666](https://github.com/moby/moby/pull/47666) +- Upgrade `containerd` (static binaries only) to [v1.7.24](https://github.com/containerd/containerd/releases/tag/v1.7.24) [moby/moby#48918](https://github.com/moby/moby/pull/48918) +- !TODO: runc-1.2.0 merge followups [moby/moby#48766](https://github.com/moby/moby/pull/48766) +- !TODO: volume/testutils: simplify fakePluginGetter [moby/moby#48916](https://github.com/moby/moby/pull/48916) +- !TODO: vendor: github.com/tonistiigi/go-actions-cache 394979b8119e [moby/moby#48932](https://github.com/moby/moby/pull/48932) +- !TODO: update golangci-lint to v1.62.0 [moby/moby#48901](https://github.com/moby/moby/pull/48901) +- !TODO: vendor: resenje.org/singleflight v0.4.3 [moby/moby#48930](https://github.com/moby/moby/pull/48930) +- !TODO: Update containerd to v1.7.24 [moby/moby#48917](https://github.com/moby/moby/pull/48917) +- TODO: add description for changelog [moby/moby#48923](https://github.com/moby/moby/pull/48923) +- !TODO: api/types/filters: rewrite / improve some tests [moby/moby#48945](https://github.com/moby/moby/pull/48945) +- !TODO: client: ImageImport: omit empty query-parameters [moby/moby#48897](https://github.com/moby/moby/pull/48897) +- containerd image-store: fix partially pulled images not being garbage-collected [moby#48910](https://github.com/moby/moby/pull/48910) [moby/moby#48910](https://github.com/moby/moby/pull/48910) +- !TODO: Remove buildkit init timeout [moby/moby#48953](https://github.com/moby/moby/pull/48953) +- Vendor github.com/golang-jwt/jwt/v4@v4.5.1 [moby/moby#48911](https://github.com/moby/moby/pull/48911) +- Fix loading of `bridge` and `br_netfilter` kernel modules. [moby/moby#48960](https://github.com/moby/moby/pull/48960) +- !TODO: vendor: update buildkit to v0.18.0-rc2 [moby/moby#48952](https://github.com/moby/moby/pull/48952) +- !TODO: integration: add wait [moby/moby#48940](https://github.com/moby/moby/pull/48940) +- Ignores "dataset does not exist" error when removing dataset on ZFS (#43080) [moby/moby#48520](https://github.com/moby/moby/pull/48520) +- Update BuildKit to v0.18.0 [moby/moby#48961](https://github.com/moby/moby/pull/48961) +- !TODO: ci: use edge releases of buildx [moby/moby#48982](https://github.com/moby/moby/pull/48982) +- !TODO: integration/container: TestCDISpecDirsAreInSystemInfo: use fixtures [moby/moby#48929](https://github.com/moby/moby/pull/48929) +- !TODO: tests: migrate assertions to be more modern [moby/moby#48915](https://github.com/moby/moby/pull/48915) +- !TODO: vendor: github.com/vishvananda/netns v0.0.5 [moby/moby#48937](https://github.com/moby/moby/pull/48937) +- !TODO: daemon: Daemon.RegistryHosts: use internal method to get daemon config [moby/moby#48984](https://github.com/moby/moby/pull/48984) +- !TODO: cmd/dockerd: newRouterOptions: rename arg that shadowed import [moby/moby#48980](https://github.com/moby/moby/pull/48980) +- !TODO: integration: remove default poll delay and timeouts [moby/moby#48956](https://github.com/moby/moby/pull/48956) +- !TODO: gofumpt code [moby/moby#48978](https://github.com/moby/moby/pull/48978) +- !TODO: cmd/dockerd: change routerOptions.Build to a regular func [moby/moby#48986](https://github.com/moby/moby/pull/48986) +- !TODO: daemon: getCD: remove use of parsers.ParseKeyValueOpt [moby/moby#48981](https://github.com/moby/moby/pull/48981) +- !TODO: Jenkinsfile: modprobe br_netfilter [moby/moby#48993](https://github.com/moby/moby/pull/48993) +- registry: deprecate `RepositoryInfo.Class`. This field is no longer used, and will be removed in the next release. [moby/moby#49006](https://github.com/moby/moby/pull/49006) +- Dockerd rootless mode loads /etc/cdi and /var/run/cdi as expected by the Container Device Interface (CDI) integration. [moby/moby#48541](https://github.com/moby/moby/pull/48541) +- !TODO: Add --host-gateway-ip to the dockerd manpage [moby/moby#48988](https://github.com/moby/moby/pull/48988) +- !TODO: distribution: verifySchema1Manifest: pass through context [moby/moby#49021](https://github.com/moby/moby/pull/49021) +- containerd image store: Remove a confusing warning log when tagging a non-dangling image. [moby/moby#49009](https://github.com/moby/moby/pull/49009) +- !TODO: vendor: google.golang.org/protobuf v1.35.2 [moby/moby#49031](https://github.com/moby/moby/pull/49031) +- !TODO: registry: remove assignment of default values in some tests [moby/moby#49015](https://github.com/moby/moby/pull/49015) +- !TODO: registry: isCIDRMatch: avoid performing DNS lookups if not needed [moby/moby#48999](https://github.com/moby/moby/pull/48999) +- !TODO: daemon/daemon_linux.go: Fix a typo in comment [moby/moby#49019](https://github.com/moby/moby/pull/49019) +- Update BuildKit to v0.18.1 [moby/moby#49023](https://github.com/moby/moby/pull/49023) +- !TODO: api/types/network: add godoc for EndpointSettings.GwPriority [moby/moby#49045](https://github.com/moby/moby/pull/49045) +- Attempt to load kernel modules, including `ip6_tables` and `br_netfilter` when required, using a +method that is likely to succeed inside a docker-in-docker container. [moby/moby#49038](https://github.com/moby/moby/pull/49038) +- !TODO: cmd/dockerd: ignore some unhandled errors [moby/moby#49053](https://github.com/moby/moby/pull/49053) +- !TODO: daemon: remove Daemon.NetworkControllerEnabled [moby/moby#49052](https://github.com/moby/moby/pull/49052) +- !TODO: Dockerfile: remove libapparmor-dev dependency [moby/moby#49066](https://github.com/moby/moby/pull/49066) +- !TODO: man: vendor: github.com/cpuguy83/go-md2man v2.0.5 [moby/moby#49059](https://github.com/moby/moby/pull/49059) +- !TODO: vendor: update golang.org/x/ dependencies [moby/moby#49070](https://github.com/moby/moby/pull/49070) +- Upgrade `runc` to [v1.2.3](https://github.com/opencontainers/runc/releases/tag/v1.2.3) [moby/moby#49071](https://github.com/moby/moby/pull/49071) +- !TODO: Dockerfile: remove dpkg-dev, libudev-dev, libsecret-1-dev, libbtrfs-dev dependencies [moby/moby#49067](https://github.com/moby/moby/pull/49067) +- Fix excessive memory allocations when OTEL is not configured. [moby/moby#49078](https://github.com/moby/moby/pull/49078) +- !TODO: daemon/containerd: hostsWrapper: remove unused regService argument [moby/moby#49049](https://github.com/moby/moby/pull/49049) +- !TODO: registry: some optimizations to reduce network connections and DNS lookups if not needed [moby/moby#49050](https://github.com/moby/moby/pull/49050) +- !TODO: update xx to v1.6.1 for compatibility with alpine 3.21 [moby/moby#49058](https://github.com/moby/moby/pull/49058) +- `docker info` and the corresponding `GET /info` API endpoint no longer include +warnings when `bridge-nf-call-iptables` or `bridge-nf-call-ip6tables` are +disabled at the daemon is started. The `br_netfilter` kernel module is now +attempted to be loaded when needed, which made those warnings inaccurate. [moby/moby#49089](https://github.com/moby/moby/pull/49089) +- !TODO: vendor: golang.org/x/net v0.32.0 [moby/moby#49094](https://github.com/moby/moby/pull/49094) +- !TODO: libnet/d/bridge: unconditionally error out if LinkSetMTU fails [moby/moby#49092](https://github.com/moby/moby/pull/49092) +- !TODO: integration-cli: don't skip AppArmor tests on SLES [moby/moby#49061](https://github.com/moby/moby/pull/49061) +- !TODO: libnet/iptables: remove mutex-based serialization [moby/moby#49096](https://github.com/moby/moby/pull/49096) +- Update docs and code to reflect Go’s automatic canonicalisation of Api-Version and Ostype headers. [moby/moby#49054](https://github.com/moby/moby/pull/49054) +- Update BuildKit to v0.18.2 [moby/moby#49116](https://github.com/moby/moby/pull/49116) +- !TODO: docs/api: version-history.md: fix markdown [moby/moby#49113](https://github.com/moby/moby/pull/49113) +- !TODO: libnet/iptables: split ProgramChain and move to bridge driver [moby/moby#49107](https://github.com/moby/moby/pull/49107) +- pkg/system: deprecate `Lstat()`, `Mkdev()`, `Mknod()`, `FromStatT()` and `Stat()` functions, and related `StatT` types. These were only used internally, and will be removed in the next release. [moby/moby#49098](https://github.com/moby/moby/pull/49098) +- !TODO: docs/api: document correct case for Api-Version header [moby/moby#49103](https://github.com/moby/moby/pull/49103) +- !TODO: Decouple pkg/archive from pkg/ioutils [moby/moby#49073](https://github.com/moby/moby/pull/49073) +- !TODO: integration/build: make TestBuildEmitsImageCreateEvent less noisy [moby/moby#49102](https://github.com/moby/moby/pull/49102) +- networking: fixed a bug that could result in a iptables DOCKER FILTER chain not being cleaned up on failure [moby/moby#49109](https://github.com/moby/moby/pull/49109) +- !TODO: libnet/osl: drop netns path GC [moby/moby#49099](https://github.com/moby/moby/pull/49099) +- !TODO: pkg/archive: replace uses of pkg/errors for stdlib errors [moby/moby#49101](https://github.com/moby/moby/pull/49101) +- !TODO: Enable external DNS if a network has an IPv6 gateway [moby/moby#49128](https://github.com/moby/moby/pull/49128) +- Fix an issue that caused excessive memory usage when DNS resolution was made in a tight loop [moby/moby#49123](https://github.com/moby/moby/pull/49123) +- !TODO: libcontainer: ReplaceContainer: fix var shadowing import [moby/moby#49106](https://github.com/moby/moby/pull/49106) +- Updated documentation by adding the DataPathAddr parameter to example usages of the SwarmJoin operation. [moby/moby#49122](https://github.com/moby/moby/pull/49122) +- !TODO: libnet/d/bridge: move iptRule to iptables pkg [moby/moby#49125](https://github.com/moby/moby/pull/49125) +- !TODO: docs/api: allow for an empty string for Isolation (api v1.25-v1.47) [moby/moby#49144](https://github.com/moby/moby/pull/49144) +- !TODO: Decouple pkg/archive from pkg/system [moby/moby#49072](https://github.com/moby/moby/pull/49072) +- !TODO: add Shaun Thompson as curator [moby/moby#49127](https://github.com/moby/moby/pull/49127) +- api: Allow empty string for Isolation field in container inspection [moby/moby#48616](https://github.com/moby/moby/pull/48616) +- !TODO: api: Remove unused imageStore and layerStore [moby/moby#49138](https://github.com/moby/moby/pull/49138) +- !TODO: daemon/c8d: Fix duplicate containerd/images import [moby/moby#49140](https://github.com/moby/moby/pull/49140) +- Builder GC policies without a `keepStorage` value now inherit the `defaultKeepStorage` limit as intended. [moby/moby#49062](https://github.com/moby/moby/pull/49062) +- !TODO: image: Remove `GetImageManifest` [moby/moby#49133](https://github.com/moby/moby/pull/49133) +- !TODO: vendor: golang.org/x/net v0.33.0 [moby/moby#49146](https://github.com/moby/moby/pull/49146) +- !TODO: builder: don't fall back to defaultKeepStorage when set to zero [moby/moby#49147](https://github.com/moby/moby/pull/49147) +- !TODO: pkg/chrootarchive: use stdlib errors, remove "// import" comments [moby/moby#49151](https://github.com/moby/moby/pull/49151) +- !TODO: libnet: pass store as an arg to netdrivers [moby/moby#49158](https://github.com/moby/moby/pull/49158) +- !TODO: pkg/parsers: rename var that collided with builtin [moby/moby#49182](https://github.com/moby/moby/pull/49182) +- !TODO: daemon: add missing "//go:build" directive [moby/moby#49186](https://github.com/moby/moby/pull/49186) +- !TODO: daemon: parseSecurityOpt: rename var that shadowed function [moby/moby#49176](https://github.com/moby/moby/pull/49176) +- !TODO: daemon: adjust tests for changes in go1.24 JSON errors [moby/moby#49188](https://github.com/moby/moby/pull/49188) +- !TODO: daemon: minor cleanups for getting system info [moby/moby#49185](https://github.com/moby/moby/pull/49185) +- !TODO: daemon: don't repeatedly call NumCPU if not needed [moby/moby#49192](https://github.com/moby/moby/pull/49192) +- !TODO: Remove use of `pkg/pools` in archive [moby/moby#49117](https://github.com/moby/moby/pull/49117) +- !TODO: builder/dockerfile: unconvert [moby/moby#49168](https://github.com/moby/moby/pull/49168) +- !TODO: vendor: github.com/Azure/go-ansiterm faa5f7b0171c, remove workaround for OSC string terminator parsing [moby/moby#49195](https://github.com/moby/moby/pull/49195) +- !TODO: daemon: ignore some errors when setting env-vars [moby/moby#49163](https://github.com/moby/moby/pull/49163) +- !TODO: fix non-constant format string (caught by go1.24) [moby/moby#49201](https://github.com/moby/moby/pull/49201) +- !TODO: use lazyregexp to compile regexes on first use [moby/moby#48166](https://github.com/moby/moby/pull/48166) +- !TODO: pkg/sysinfo: cleanup tests [moby/moby#49189](https://github.com/moby/moby/pull/49189) +- !TODO: Down with the sickness (AUTO_GOPATH) [moby/moby#48958](https://github.com/moby/moby/pull/48958) +- !TODO: distribution: Pass `Traceparent` OTEL header [moby/moby#49156](https://github.com/moby/moby/pull/49156) +- !TODO: libnetwork/drivers/windows: fix error-matching for hcsshim "not found" [moby/moby#49202](https://github.com/moby/moby/pull/49202) +- !TODO: Add testutil daemon.WithResolvConf [moby/moby#49132](https://github.com/moby/moby/pull/49132) +- !TODO: integration: minor cleanups and linting fixes [moby/moby#49199](https://github.com/moby/moby/pull/49199) +- containerd image store: Fix passing a build context via tarball to the `/build` endpoint. [moby/moby#49178](https://github.com/moby/moby/pull/49178) +- !TODO: integration-cli: TestRunInvalidCpuset.. create instead of run [moby/moby#49181](https://github.com/moby/moby/pull/49181) +- Go SDK: pkg/fileutils: deprecate GetTotalUsedFds: this function is only used internally and will be removed in the next release. [moby/moby#49208](https://github.com/moby/moby/pull/49208) +- !TODO: Update swarm to latest for server alpn config [moby/moby#49214](https://github.com/moby/moby/pull/49214) +- !TODO: pkg/sysinfo: internalize parsing cpusets [moby/moby#49193](https://github.com/moby/moby/pull/49193) +- !TODO: man: remove --allow-nondistributable-artifacts [moby/moby#49215](https://github.com/moby/moby/pull/49215) +- !TODO: vendor: github.com/moby/term v0.5.2 [moby/moby#49216](https://github.com/moby/moby/pull/49216) +- !TODO: golangci-lint: remove temporary exception for deprecated code [moby/moby#49211](https://github.com/moby/moby/pull/49211) +- !TODO: integration/internal/container: IsInState: touch up error-logs [moby/moby#49220](https://github.com/moby/moby/pull/49220) +- !TODO: pkg/sysinfo: parse cpuset.cpus/mems once and memoize [moby/moby#49221](https://github.com/moby/moby/pull/49221) +- !TODO: Fix live restore for IPv6-only and multiple gateway endpoints [moby/moby#49150](https://github.com/moby/moby/pull/49150) +- !TODO: integration-cli: migrate TestCreateByImageID to integration suite [moby/moby#49198](https://github.com/moby/moby/pull/49198) +- !TODO: libnetwork/osl: Namespace.setSysctls: use stdlib errors [moby/moby#49224](https://github.com/moby/moby/pull/49224) +- !TODO: daemon: isOnlineFSOperationPermitted: cleanup confusing syntax [moby/moby#49218](https://github.com/moby/moby/pull/49218) +- !TODO: ci: update bake-action to v6 [moby/moby#49233](https://github.com/moby/moby/pull/49233) +- !TODO: daemon: remove workaround for go1.21 compiler bug [moby/moby#49187](https://github.com/moby/moby/pull/49187) +- !TODO: Use bridge consts for "DefaultGatewayIPv[46]" aux-addr keys [moby/moby#49229](https://github.com/moby/moby/pull/49229) +- !TODO: daemon: ImageService.LogImageEvent: pass through context [moby/moby#49014](https://github.com/moby/moby/pull/49014) +- Fix a potential race condition error when deleting a container. [moby/moby#49228](https://github.com/moby/moby/pull/49228) +- !TODO: libnetwork/drivers/bridge: processIPAM: remove unused arg [moby/moby#49235](https://github.com/moby/moby/pull/49235) +- !TODO: daemon/links: use gotest.tools, remove unneeded utility and duplicated test [moby/moby#49232](https://github.com/moby/moby/pull/49232) +- !TODO: pkg/idtools: rewrite to use moby/sys/user [moby/moby#49226](https://github.com/moby/moby/pull/49226) +- !TODO: Centralize daemon metrics [moby/moby#49165](https://github.com/moby/moby/pull/49165) +- !TODO: Split idtools to an internal package and package to be moved [moby/moby#49087](https://github.com/moby/moby/pull/49087) +- !TODO: Fix unit tests for an nftables host [moby/moby#49248](https://github.com/moby/moby/pull/49248) +- Go SDK: pkg/ioutils: deprecate `BytesPipe`, `NewBytesPipe`, `ErrClosed`. These types are only used internally and will be removed in the next release +Go SDK: pkg/ioutils: deprecate `WriteCounter`, `NewWriteCounter`. This type and utility were not used and will be removed in the next release +Go SDK: pkg/ioutils: deprecate `NewReaderErrWrapper`. This function was not used and will be removed in the next release. +Go SDK: pkg/ioutils: deprecate `NopFlusher`. This type was only used internally and will be removed in the next release. [moby/moby#49244](https://github.com/moby/moby/pull/49244) +- Upgrade `runc` to [v1.2.4](https://github.com/opencontainers/runc/releases/tag/v1.2.4) [moby/moby#49238](https://github.com/moby/moby/pull/49238) +- !TODO: improve validation of cpu-shares, and migrate TestRunInvalidCPUShares [moby/moby#49180](https://github.com/moby/moby/pull/49180) +- Update containerd (static binaries only) to [v1.7.25](https://github.com/containerd/containerd/releases/tag/v1.7.25) [moby/moby#49252](https://github.com/moby/moby/pull/49252) +- Go SDK: pkg/ioutils: deprecate `NopWriter` in favour of `io.Discard`. It will be removed in the next release. +Go SDK: pkg/ioutils: deprecate `NopWriteCloser`. It was only used internally, and will be removed in the next release. [moby/moby#49254](https://github.com/moby/moby/pull/49254) +- !TODO: pkg/archive: nosysFileInfo: implement tar.FileInfoNames to prevent lookups [moby/moby#49152](https://github.com/moby/moby/pull/49152) +- !TODO: c8d: Implement `RWLayer` [moby/moby#49120](https://github.com/moby/moby/pull/49120) +- !TODO: Update MAINTAINERS file [moby/moby#49259](https://github.com/moby/moby/pull/49259) +- !TODO: imageService: Remove PerformWithBaseFS [moby/moby#49263](https://github.com/moby/moby/pull/49263) +- !TODO: vendor: github.com/creack/pty v1.1.24 [moby/moby#49278](https://github.com/moby/moby/pull/49278) +- !TODO: vendor: otel v0.56.0 / v1.31.0 [moby/moby#49276](https://github.com/moby/moby/pull/49276) +- !TODO: vendor: cloud.google.com/go/compute/metadata v0.5.0 [moby/moby#49273](https://github.com/moby/moby/pull/49273) +- !TODO: testutil: update to semconv v1.26.0 [moby/moby#49280](https://github.com/moby/moby/pull/49280) +- !TODO: vendor: google.golang.org/grpc v1.68.1, google.golang.org/genproto 324edc3d5d38 [moby/moby#49275](https://github.com/moby/moby/pull/49275) +- !TODO: vendor: github.com/aws/aws-sdk-go-v2 v1.30.3 [moby/moby#49277](https://github.com/moby/moby/pull/49277) +- !TODO: libnet/d/bridge: init driver.nlh in newDriver [moby/moby#49267](https://github.com/moby/moby/pull/49267) +- !TODO: pkg/ioutils: remove crypto/sha256, crypto/sha512 imports [moby/moby#49281](https://github.com/moby/moby/pull/49281) +- !TODO: use StatsResponse instead of Stats in tests [moby/moby#49284](https://github.com/moby/moby/pull/49284) +- !TODO: Increase integration test timeout from 5m to 10m [moby/moby#49283](https://github.com/moby/moby/pull/49283) +- !TODO: daemon: remove kernel-version check for kernel < 4.0.0 [moby/moby#49184](https://github.com/moby/moby/pull/49184) +- !TODO: api/server/middleware: log before, not after the request [moby/moby#48740](https://github.com/moby/moby/pull/48740) +- !TODO: ci: switch from jenkins to gha for arm64 build and tests [moby/moby#49290](https://github.com/moby/moby/pull/49290) +- !TODO: ci(bin-image): fix bake build [moby/moby#49289](https://github.com/moby/moby/pull/49289) +- Fixed an issue that could persistently prevent daemon startup after failure to initialize the default bridge. [moby/moby#49292](https://github.com/moby/moby/pull/49292) +- !TODO: awslogs: Prevent close from being blocked on log [moby/moby#47748](https://github.com/moby/moby/pull/47748) +- !TODO: spelling fix in comments (daemon/logger/loggerutils/queue.go) [moby/moby#49296](https://github.com/moby/moby/pull/49296) +- !TODO: api: swagger: document StatsResponse [moby/moby#49286](https://github.com/moby/moby/pull/49286) +- !TODO: Ignore error when adding a bridge already in the ipset [moby/moby#49295](https://github.com/moby/moby/pull/49295) +- On a host that cannot load the `br_netfilter` module when it's needed, set environment variable +`DOCKER_IGNORE_BR_NETFILTER_ERROR=1` to ignore the problem. +- Some things won't work! Including disabling inter-container communication in a bridge network +and, with the userland proxy disabled, it won't be possible to access one container's published +ports from another container on the same network. [moby/moby#49293](https://github.com/moby/moby/pull/49293) +- !TODO: build: log when build is cancelled [moby/moby#48696](https://github.com/moby/moby/pull/48696) +- !TODO: daemon/links: assorted bug fixes and cleanup [moby/moby#49300](https://github.com/moby/moby/pull/49300) +- !TODO: Update RootlessKit to v2.3.2 [moby/moby#49303](https://github.com/moby/moby/pull/49303) +- !TODO: Revert "libnet/d/bridge: port mappings: filter by input iface" [moby/moby#49310](https://github.com/moby/moby/pull/49310) +- !TODO: Dockerfile: dev-container: update CLI v27.5.0, buildx v0.20.0, compose v2.32.4 [moby/moby#49316](https://github.com/moby/moby/pull/49316) +- !TODO: build: don't print warning when connection was terminated [moby/moby#49299](https://github.com/moby/moby/pull/49299) +- !TODO: gha: Adjust release branches [moby/moby#49313](https://github.com/moby/moby/pull/49313) +- !TODO: Fix parsing of user/group during copy operation [moby/moby#34143](https://github.com/moby/moby/pull/34143) +- !TODO: docs: clarify that tag or digest in fromImage is ignored [moby/moby#49266](https://github.com/moby/moby/pull/49266) +- !TODO: libnetwork/types: align error-types with errdefs [moby/moby#49318](https://github.com/moby/moby/pull/49318) +- !TODO: libnetwork: use errdefs and gotest.tools for asserting error-types (step 1) [moby/moby#49326](https://github.com/moby/moby/pull/49326) +- !TODO: daemon: NewDaemon: align grpc options with containerd's defaults [moby/moby#48617](https://github.com/moby/moby/pull/48617) +- !TODO: distribution: fix / improve handling of "closed pipe" and context cancellation / timeouts [moby/moby#49297](https://github.com/moby/moby/pull/49297) +- !TODO: libnetwork/drivers/bridge: driver.configure: move vars close to where used [moby/moby#49328](https://github.com/moby/moby/pull/49328) +- !TODO: layerStore.registerWithDescriptor: improve logs for cleaning up cache [moby/moby#49298](https://github.com/moby/moby/pull/49298) +- !TODO: gha: update DCO check to alpine 3.21 [moby/moby#49323](https://github.com/moby/moby/pull/49323) +- !TODO: libnetwork/driverapi: fix GoDoc for UpdateIpamConfig [moby/moby#49319](https://github.com/moby/moby/pull/49319) +- !TODO: libnetwork: use gotest.tools for errdefs assertions in various tests [moby/moby#49332](https://github.com/moby/moby/pull/49332) +- !TODO: libnetwork: remove some redundant type-conversions [moby/moby#49327](https://github.com/moby/moby/pull/49327) +- !TODO: man: vendor github.com/cpuguy83/go-md2man/v2 v2.0.6 [moby/moby#49340](https://github.com/moby/moby/pull/49340) +- !TODO: libnetwork: rewrite some tests to use gotest.tools [moby/moby#49329](https://github.com/moby/moby/pull/49329) +- !TODO: IPv6 only: not experimental [moby/moby#48809](https://github.com/moby/moby/pull/48809) +- !TODO: libnetwork: remove Network.EndpointByID as it must not be used [moby/moby#49341](https://github.com/moby/moby/pull/49341) +- !TODO: daemon: make daemon.getEntrypointAndArgs a regular function [moby/moby#49335](https://github.com/moby/moby/pull/49335) +- !TODO: daemon: health: getShell: simplify logic (LCOW remnants) [moby/moby#49337](https://github.com/moby/moby/pull/49337) +- !TODO: integration: remove assertAttachedStream, check both STDERR and STDOUT [moby/moby#49338](https://github.com/moby/moby/pull/49338) +- !TODO: daemon/cluster/executor: simplify handling of Network Attachments [moby/moby#49343](https://github.com/moby/moby/pull/49343) +- !TODO: libnetwork: remove ErrNoSuchEndpoint, ErrInvalidID, ErrInvalidName [moby/moby#49344](https://github.com/moby/moby/pull/49344) +- !TODO: remove redundant uses of api/types/strslice.StrSlice [moby/moby#49336](https://github.com/moby/moby/pull/49336) +- !TODO: Debug flaky unsolicited Neighbour Advertisements [moby/moby#49342](https://github.com/moby/moby/pull/49342) +- !TODO: libnetwork/options: rewrite tests with gotest.tools [moby/moby#49347](https://github.com/moby/moby/pull/49347) +- !TODO: libnetwork/drivers/windows: remove ErrUnsupportedAddressType [moby/moby#49350](https://github.com/moby/moby/pull/49350) +- !TODO: libnetwork/drivers/bridge: remove, or internalize errors [moby/moby#49349](https://github.com/moby/moby/pull/49349) +- !TODO: gha/e2e: Update latest version to 27.0 [docker/cli#5191](https://github.com/docker/cli/pull/5191) +- !TODO: Dockerfile: Use CLI generated completions in the dev shell [moby/moby#47649](https://github.com/moby/moby/pull/47649) +- !TODO: vendor: github.com/docker/docker v27.0.3 [docker/cli#5207](https://github.com/docker/cli/pull/5207) +- !TODO: update golangci-lint to v1.59.1 [docker/cli#5189](https://github.com/docker/cli/pull/5189) +- Fix a regression that caused port numbers to be ignored when parsing a Docker registry URL. [docker/cli#5195](https://github.com/docker/cli/pull/5195) +- Fix handling of IPv6 addresses with custom ports on docker login [docker/cli#5196](https://github.com/docker/cli/pull/5196) +- !TODO: vendor: github.com/docker/docker v27.0.2 [docker/cli#5205](https://github.com/docker/cli/pull/5205) +- !TODO: cli/command/stack: fix faulty sort for sorting stacks [docker/cli#5212](https://github.com/docker/cli/pull/5212) +- !TODO: api/types: remove some redundant imports [moby/moby#49355](https://github.com/moby/moby/pull/49355) +- !TODO: client: remove uses of pkg/errors in tests [moby/moby#49356](https://github.com/moby/moby/pull/49356) +- !TODO: fix: ctx cancellation on login prompt [docker/cli#5168](https://github.com/docker/cli/pull/5168) +- !TODO: cli/command/network: some cleanup and pass smaller interfaces [docker/cli#5225](https://github.com/docker/cli/pull/5225) +- !TODO: assorted minor changes in preparation of updating docker/docker dependency [docker/cli#5222](https://github.com/docker/cli/pull/5222) +- Enable shell completion for `docker image rm`, `docker image history`, and `docker image inspect`. [docker/cli#5223](https://github.com/docker/cli/pull/5223) +- !TODO: vendor: github.com/fvbommel/sortorder v1.1.0 [docker/cli#5213](https://github.com/docker/cli/pull/5213) +- !TODO: cli/command/container: TestSplitCpArg: cleaner skip [docker/cli#5230](https://github.com/docker/cli/pull/5230) +- !TODO: feat: force lf line endings by default [docker/cli#5216](https://github.com/docker/cli/pull/5216) +- !TODO: cmd/docker: split handling exit-code to a separate utility [docker/cli#5229](https://github.com/docker/cli/pull/5229) +- Update Go runtime to 1.21.12 [docker/cli#5218](https://github.com/docker/cli/pull/5218) +- !TODO: install bash-completion in dev container [docker/cli#5232](https://github.com/docker/cli/pull/5232) +- !TODO: docs: make buildx build the canonical reference doc [docker/cli#5002](https://github.com/docker/cli/pull/5002) +- !TODO: vendor: github.com/docker/docker aae044039ca4 (master, v-next) [docker/cli#5251](https://github.com/docker/cli/pull/5251) +- !TODO: test spring-cleaning [docker/cli#5224](https://github.com/docker/cli/pull/5224) +- !TODO: vendor: github.com/docker/cli-docs-tool v0.8.0 [docker/cli#5255](https://github.com/docker/cli/pull/5255) +- !TODO: cli: make cli.StatusError slightly prettier [docker/cli#5231](https://github.com/docker/cli/pull/5231) +- !TODO: vendor: github.com/docker/docker 508cc7c61226 (master) [docker/cli#5226](https://github.com/docker/cli/pull/5226) +- !TODO: Dockerfile: update buildx to v0.16.1, compose to v2.29.0 [docker/cli#5264](https://github.com/docker/cli/pull/5264) +- !TODO: cli reference overview base cmd [docker/cli#5010](https://github.com/docker/cli/pull/5010) +- !TODO: gha: update to macOS 13, add macOS 14 arm64 (Apple Silicon M1) [docker/cli#5268](https://github.com/docker/cli/pull/5268) +- Add support for `DOCKER_CUSTOM_HEADERS` environment variable + +This environment variable allows for setting additional headers to be sent by the client. Headers set through this environment variable are added to headers set through the config-file (through the HttpHeaders field). + +This environment variable can be used in situations where headers must be set for a specific invocation of the CLI, but should not be set by default, and therefore cannot be set in the config-file. [docker/cli#5098](https://github.com/docker/cli/pull/5098) +- sending a termination request to the CLI while attached to a container, will wait for the container to exit before closing the stream. [docker/cli#5247](https://github.com/docker/cli/pull/5247) +- !TODO: cli/command/container: remove reportError, and put StatusError to use [docker/cli#5236](https://github.com/docker/cli/pull/5236) +- !TODO: vendor: update various dependencies [docker/cli#5228](https://github.com/docker/cli/pull/5228) +- !TODO: gha: check-pr-branch: verify major version only [docker/cli#5262](https://github.com/docker/cli/pull/5262) +- add and improve shell completions for various flags [docker/cli#5238](https://github.com/docker/cli/pull/5238) +- containerd integration: Fix `docker push` defaulting the `--platform` flag to a value of `DOCKER_DEFAULT_PLATFORM` environment variable on unsupported API versions. [docker/cli#5246](https://github.com/docker/cli/pull/5246) +- !TODO: cli/config/credentials: move warning to fileStore [docker/cli#5259](https://github.com/docker/cli/pull/5259) +- !TODO: login: slightly cleanup warning about unencrypted store [docker/cli#5258](https://github.com/docker/cli/pull/5258) +- !TODO: Fix flaky `TestCloseRunningCommand` test [docker/cli#5290](https://github.com/docker/cli/pull/5290) +- !TODO: tests: fix other flaky `connhelper` tests [docker/cli#5291](https://github.com/docker/cli/pull/5291) +- !TODO: lint: replace deprecated linter names [docker/cli#5298](https://github.com/docker/cli/pull/5298) +- Fix `docker attach` exiting on `SIGINT` instead of forwarding the signal to the container and waiting for it to exit. [docker/cli#5297](https://github.com/docker/cli/pull/5297) +- !TODO: tests/run: fix flaky `RunAttachTermination` test [docker/cli#5303](https://github.com/docker/cli/pull/5303) +- !TODO: vendor: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 [docker/cli#5311](https://github.com/docker/cli/pull/5311) +- Fix `docker attach` printing a spurious `context cancelled` error message. [docker/cli#5295](https://github.com/docker/cli/pull/5295) +- !TODO: docs: refresh image versions in examples [docker/cli#5289](https://github.com/docker/cli/pull/5289) +- Update Go runtime to 1.21.13 [docker/cli#5324](https://github.com/docker/cli/pull/5324) +- !TODO: vendor: github.com/docker/docker master (f3cf9359bdf6) [docker/cli#5330](https://github.com/docker/cli/pull/5330) +- !TODO: vendor: github.com/docker/docker 2269acc7a31d (master, v-next) [docker/cli#5332](https://github.com/docker/cli/pull/5332) +- !TODO: docs: fix link to http proxy document [docker/cli#5338](https://github.com/docker/cli/pull/5338) +- !TODO: docs: update internal links after refactor [docker/cli#5342](https://github.com/docker/cli/pull/5342) +- !TODO: cli/connhelper: getConnectionHelper: move ssh-option funcs out of closure [docker/cli#5345](https://github.com/docker/cli/pull/5345) +- Fix issue with remote contexts over SSH where the CLI would allocate a pseudoterminal when connecting to the remote host, which causes issues in rare situations. [docker/cli#5320](https://github.com/docker/cli/pull/5320) +- Added support for device-code flow login when authenticating to the official registry. [docker/cli#5344](https://github.com/docker/cli/pull/5344) +- containerd image store: `docker image ls` now supports `--tree` flag that shows a multiplatform-aware image list. This is experimental and may change at any time without any backwards compatibility. [docker/cli#4982](https://github.com/docker/cli/pull/4982) +- !TODO: list/tree: Print as dangling image name [docker/cli#5352](https://github.com/docker/cli/pull/5352) +- !TODO: list/tree: No extra spacing for graphdriver [docker/cli#5356](https://github.com/docker/cli/pull/5356) +- !TODO: docs: update link to moved build context doc [docker/cli#5347](https://github.com/docker/cli/pull/5347) +- !TODO: login: add oauth escape hatch [docker/cli#5361](https://github.com/docker/cli/pull/5361) +- !TODO: docs: use gh alert syntax for callouts [docker/cli#5350](https://github.com/docker/cli/pull/5350) +- !TODO: Fix linting issues in preparation of Go and GolangCI-lint update [docker/cli#5370](https://github.com/docker/cli/pull/5370) +- !TODO: chore: update link to docker engine api reference [docker/cli#5360](https://github.com/docker/cli/pull/5360) +- !TODO: docs: update docker login reference [docker/cli#5386](https://github.com/docker/cli/pull/5386) +- Update Go runtime to 1.22.7 [docker/cli#5410](https://github.com/docker/cli/pull/5410) +- !TODO: vendor.mod: put github.com/pkg/browser in the right group [docker/cli#5407](https://github.com/docker/cli/pull/5407) +- !TODO: scripts/build/plugins: don't override CGO_ENABLED set by .variables [docker/cli#5393](https://github.com/docker/cli/pull/5393) +- Fix issue that will sometimes cause the browser-login flow to fail if the CLI process is suspended and then resumed while waiting for the user to authenticate. [docker/cli#5376](https://github.com/docker/cli/pull/5376) +- update to go1.22.6 [docker/cli#5387](https://github.com/docker/cli/pull/5387) +- !TODO: Dockerfile: update xx to v1.5.0 [docker/cli#5389](https://github.com/docker/cli/pull/5389) +- Fixed issue related to login, causing credentials to sometimes not be picked up when explicitly pulling/pushing images from `registry-1.docker.io`. [docker/cli#5379](https://github.com/docker/cli/pull/5379) +- !TODO: chore: remove duplicated `govet` linter config [docker/cli#5425](https://github.com/docker/cli/pull/5425) +- !TODO: fix: gitattributes enforcing line endings [docker/cli#5381](https://github.com/docker/cli/pull/5381) +- !TODO: docs: rename plugins index file and add linkTitle [docker/cli#5403](https://github.com/docker/cli/pull/5403) +- Fix issue where `docker volume update` command would cause the CLI to panic if no argument/volume was passed. [docker/cli#5420](https://github.com/docker/cli/pull/5420) +- Fix issue causing login to not remove repository names from passed in registry addresses, resulting in credentials being stored under the wrong key. [docker/cli#5383](https://github.com/docker/cli/pull/5383) +- !TODO: info: stop printing "Expected" commits [docker/cli#5422](https://github.com/docker/cli/pull/5422) +- Properly report metrics when run in WSL environment on Windows [docker/cli#5424](https://github.com/docker/cli/pull/5424) +- !TODO: vendor: update various dependencies [docker/cli#5427](https://github.com/docker/cli/pull/5427) +- !TODO: docs, man: dockerd: add documentation for "--log-format" option [docker/cli#5438](https://github.com/docker/cli/pull/5438) +- !TODO: docs: add documentation for dockerd --feature flag [docker/cli#5436](https://github.com/docker/cli/pull/5436) +- !TODO: Dockerfile: update buildx to v0.17.1, compose to v2.29.4 [docker/cli#5441](https://github.com/docker/cli/pull/5441) +- docs/cli/container_run: Fix example usage of `--rm=false` flag to `--rm` in container_run.md [docker/cli#5435](https://github.com/docker/cli/pull/5435) +- Print OTEL errors in the CLI on shutdown [docker/cli#5444](https://github.com/docker/cli/pull/5444) +- !TODO: gha: update codeql workflow to go1.22.7 [docker/cli#5446](https://github.com/docker/cli/pull/5446) +- Use lowercase windows drive letter for WSL metrics path [docker/cli#5445](https://github.com/docker/cli/pull/5445) +- Fix issue causing CLI OTel metrics to not be collected. [docker/cli#5456](https://github.com/docker/cli/pull/5456) +- !TODO: Dockerfile: update compose to v2.29.7 [docker/cli#5459](https://github.com/docker/cli/pull/5459) +- containerd image store: do not underline names in `docker image ls --tree`. [docker/cli#5473](https://github.com/docker/cli/pull/5473) +- !TODO: docs: fix a typo in run.md [docker/cli#5481](https://github.com/docker/cli/pull/5481) +- containerd image store: change name of `USED` column in `docker image ls --tree` to `IN USE`. [docker/cli#5474](https://github.com/docker/cli/pull/5474) +- !TODO: gha: codeql: minor touch-ups and fixes [docker/cli#5454](https://github.com/docker/cli/pull/5454) +- !TODO: vendor: github.com/docker/docker 164cae56ed95 (master, v-next) [docker/cli#5428](https://github.com/docker/cli/pull/5428) +- !TODO: cli/container: use github.com/moby/sys/capability for completions [docker/cli#5480](https://github.com/docker/cli/pull/5480) +- !TODO: cli/command/container: add unit tests for completion helpers [docker/cli#5492](https://github.com/docker/cli/pull/5492) +- !TODO: opts: cleanup ParseEnvFile tests [docker/cli#5494](https://github.com/docker/cli/pull/5494) +- opts: remove ErrBadKey as it's not used as a sentinel error [docker/cli#5495](https://github.com/docker/cli/pull/5495) +- !TODO: opts: parseKeyValueFile: cleanup and remove redundant trimming [docker/cli#5496](https://github.com/docker/cli/pull/5496) +- !TODO: docs: use important callout for buildkit vs legacy builder [docker/cli#5469](https://github.com/docker/cli/pull/5469) +- move parsing key-value files to a separate package (pkg/kvfile) [docker/cli#5502](https://github.com/docker/cli/pull/5502) +- !TODO: cli/command/container: add unit tests for container restart and container stop [docker/cli#5482](https://github.com/docker/cli/pull/5482) +- !TODO: Update `VERSION` file to `v27.3.1-dev` [docker/cli#5460](https://github.com/docker/cli/pull/5460) +- !TODO: docs: fix anchor link to web-based login section [docker/cli#5471](https://github.com/docker/cli/pull/5471) +- !TODO: docs/reference: stop, restart: add flag descriptions [docker/cli#5484](https://github.com/docker/cli/pull/5484) +- !TODO: docs: fix inaccurate description of --restart=unless-stopped [docker/cli#5508](https://github.com/docker/cli/pull/5508) +- Update Go runtime to 1.22.8 [docker/cli#5504](https://github.com/docker/cli/pull/5504) +- add shell-completion for --platform flags [docker/cli#5516](https://github.com/docker/cli/pull/5516) +- !TODO: vendor assorted dependencies in preparation of engine update [docker/cli#5529](https://github.com/docker/cli/pull/5529) +- Improve completion of containers for `docker rm` [docker/cli#5527](https://github.com/docker/cli/pull/5527) +- !TODO: cli/command/completion: add more unit-tests [docker/cli#5533](https://github.com/docker/cli/pull/5533) +- !TODO: README: update pkg.go.dev badge, add OpenSSF scorecard [docker/cli#5532](https://github.com/docker/cli/pull/5532) +- !TODO: cli/command/container: set empty args in tests and discard output [docker/cli#5534](https://github.com/docker/cli/pull/5534) +- !TODO: cli/command/image: fix TestNewSaveCommandSuccess to actually test [docker/cli#5520](https://github.com/docker/cli/pull/5520) +- !TODO: cli/command/images: set cmd.Args to prevent test-failures [docker/cli#5521](https://github.com/docker/cli/pull/5521) +- !TODO: templates: add test for HeaderFunctions [docker/cli#5541](https://github.com/docker/cli/pull/5541) +- !TODO: vendor: github.com/moby/swarmkit/v2 v2.0.0-20241017191044-e8ecf83ee08e [docker/cli#5539](https://github.com/docker/cli/pull/5539) +- !TODO: docs: corrected the max events returned [docker/cli#5537](https://github.com/docker/cli/pull/5537) +- !TODO: docs: update prose about image tag/name format [docker/cli#5535](https://github.com/docker/cli/pull/5535) +- go-sdk: fix deprecation of `cli/command.ConfigureAuth()`, which was deprecated since v27.2.1 [docker/cli#5551](https://github.com/docker/cli/pull/5551) +- !TODO: cli/hints: add tests [docker/cli#5546](https://github.com/docker/cli/pull/5546) +- Documentation: Link supported Go duration strings [docker/cli#5507](https://github.com/docker/cli/pull/5507) +- improve formatting of errors during `docker plugin remove` +go-sdk: deprecate cli.Errors type in favour of Go's errors.Join [docker/cli#5547](https://github.com/docker/cli/pull/5547) +- !TODO: cli/command: PromptUserForCredentials: assorted minor improvements and (linting) fixes [docker/cli#5550](https://github.com/docker/cli/pull/5550) +- !TODO: cli/config: improve error when failing to parse config file [docker/cli#5567](https://github.com/docker/cli/pull/5567) +- !TODO: cmd/docker: add tests for flag-completions, and refactor [docker/cli#5542](https://github.com/docker/cli/pull/5542) +- !TODO: Completion for `events --filter` [docker/cli#5538](https://github.com/docker/cli/pull/5538) +- !TODO: cli/config/credentials: add test for save being idempotent [docker/cli#5570](https://github.com/docker/cli/pull/5570) +- !TODO: bump golangci-lint to v1.61.0 and cleanup config [docker/cli#5585](https://github.com/docker/cli/pull/5585) +- Fixed bash completion for `events --filter daemon=` [docker/cli#5554](https://github.com/docker/cli/pull/5554) +- !TODO: vendor: github.com/docker/docker 36a3bd090489 (master, v28.0-dev) [docker/cli#5544](https://github.com/docker/cli/pull/5544) +- The `docker login` and `docker logout` command no longer update the configuration file if the credentials didn't change. [docker/cli#5553](https://github.com/docker/cli/pull/5553) +- !TODO: golangci-lint: set go version to prevent fallback to go1.17, and fix copyloopvar linting issues [docker/cli#5594](https://github.com/docker/cli/pull/5594) +- !TODO: vendor: github.com/docker/docker 6ac445c42bad (master, v28.0-dev) [docker/cli#5590](https://github.com/docker/cli/pull/5590) +- !TODO: deps: update `go-jose/go-jose` to `v4` [docker/cli#5596](https://github.com/docker/cli/pull/5596) +- !TODO: cli/command: fix some minor linting issues [docker/cli#5557](https://github.com/docker/cli/pull/5557) +- !TODO: docs: change link to desktop docs [docker/cli#5600](https://github.com/docker/cli/pull/5600) +- `docker stats` output is now buffered to reduce flickering issues [docker/cli#5586](https://github.com/docker/cli/pull/5586) +- Ported some completions from the bash completion to the new cobra based completion. [docker/cli#5580](https://github.com/docker/cli/pull/5580) +- !TODO: Dockerfile: update buildx to v0.18.0, compose to v2.30.3 [docker/cli#5615](https://github.com/docker/cli/pull/5615) +- !TODO: cli/command/container: fix missing go:build tag [docker/cli#5621](https://github.com/docker/cli/pull/5621) +- !TODO: docs: Correct `run` exit code 126 description [docker/cli#5591](https://github.com/docker/cli/pull/5591) +- !TODO: vendor: github.com/docker/docker e5c2b5e10d68 (master, v28.0.0-dev) [docker/cli#5638](https://github.com/docker/cli/pull/5638) +- !TODO: Dockerfile: bump github.com/josephspurrier/goversioninfo to v1.4.1 [docker/cli#5630](https://github.com/docker/cli/pull/5630) +- !TODO: update golangci-lint to v1.62.0 [docker/cli#5632](https://github.com/docker/cli/pull/5632) +- !TODO: cli/command/container: parse: remove client-side warning [docker/cli#5579](https://github.com/docker/cli/pull/5579) +- !TODO: build(deps): bump codecov/codecov-action from 4 to 5 [docker/cli#5636](https://github.com/docker/cli/pull/5636) +- !TODO: docs: update example redis tags from 3.0.x to 7.4.x [docker/cli#5595](https://github.com/docker/cli/pull/5595) +- !TODO: vendor: github.com/moby/sys/capability v0.4.0 [docker/cli#5633](https://github.com/docker/cli/pull/5633) +- !TODO: tests: cleanup table test names [docker/cli#5650](https://github.com/docker/cli/pull/5650) +- !TODO: vendor: github.com/go-viper/mapstructure/v2 v2.2.1 [docker/cli#5634](https://github.com/docker/cli/pull/5634) +- !TODO: update go:build tags to use go1.22 [docker/cli#5608](https://github.com/docker/cli/pull/5608) +- !TODO: docs: fix janky rendering of toc on docs.docker.com [docker/cli#5653](https://github.com/docker/cli/pull/5653) +- !TODO: Optimise `docker stats` to not require clearing the whole screen [docker/cli#5625](https://github.com/docker/cli/pull/5625) +- !TODO: vendor: github.com/tonistiigi/go-rosetta v0.0.0-20220804170347-3f4430f2d346 [docker/cli#5637](https://github.com/docker/cli/pull/5637) +- !TODO: vendor: update various golang.org/x/ dependencies [docker/cli#5671](https://github.com/docker/cli/pull/5671) +- Fix inaccessible plugins paths preventing plugins from being detected. [docker/cli#5651](https://github.com/docker/cli/pull/5651) +- !TODO: vendor: google.golang.org/protobuf v1.35.2 [docker/cli#5672](https://github.com/docker/cli/pull/5672) +- !TODO: vendor: github.com/docker/docker 5d72419486fe (master, v28.0.0-dev) [docker/cli#5673](https://github.com/docker/cli/pull/5673) +- !TODO: registry/client: remove uses of APIEndpoint.TrimHostName [docker/cli#5674](https://github.com/docker/cli/pull/5674) +- !TODO: update go-md2man to v2.0.5 [docker/cli#5689](https://github.com/docker/cli/pull/5689) +- !TODO: cli/command/system: remove netfilter warnings from tests [docker/cli#5691](https://github.com/docker/cli/pull/5691) +- !TODO: update xx to v1.6.1 for compatibility with alpine 3.21 [docker/cli#5683](https://github.com/docker/cli/pull/5683) +- !TODO: cli/command/system: remove BridgeNfIptables, BridgeNfIp6tables in tests [docker/cli#5696](https://github.com/docker/cli/pull/5696) +- !TODO: Add --bip6 to the dockerd manpage [docker/cli#5655](https://github.com/docker/cli/pull/5655) +- !TODO: chore: update commit guidelines in CONTRIBUTING.md [docker/cli#5648](https://github.com/docker/cli/pull/5648) +- !TODO: vendor: update golang.org/x/ dependencies for docker/docker [docker/cli#5702](https://github.com/docker/cli/pull/5702) +- !TODO: cli/trust: GetNotaryRepository: remove uses of RepositoryInfo.Class [docker/cli#5660](https://github.com/docker/cli/pull/5660) +- !TODO: Makefile: use go1.22 semantics for gofumpt [docker/cli#5684](https://github.com/docker/cli/pull/5684) +- !TODO: cli/command/system: don't use "non-distributable-artifacts" fields in tests [docker/cli#5679](https://github.com/docker/cli/pull/5679) +- !TODO: vendor: golang.org/x/net v0.33.0 [docker/cli#5705](https://github.com/docker/cli/pull/5705) +- !TODO: cli/command/system: TestEventsFormat: set cmd.Args to prevent test-failures [docker/cli#5695](https://github.com/docker/cli/pull/5695) +- !TODO: update golangci-lint to v1.62.2 [docker/cli#5682](https://github.com/docker/cli/pull/5682) +- !TODO: cli/command/registry: assorted refactor and test changes [docker/cli#5667](https://github.com/docker/cli/pull/5667) +- !TODO: cli/command/container: use local copy of pkg/system.IsAbs [docker/cli#5697](https://github.com/docker/cli/pull/5697) +- !TODO: vendor: github.com/docker/docker 6f6c3b921180 (master, v28.0.0-dev) [docker/cli#5716](https://github.com/docker/cli/pull/5716) +- !TODO: Use io.copy for build context compression [docker/cli#5719](https://github.com/docker/cli/pull/5719) +- !TODO: docs, man: remove confusing example for "--isolation" [docker/cli#5718](https://github.com/docker/cli/pull/5718) +- !TODO: remove remnants of --oom-score-adj daemon config (docs, completion) [docker/cli#5722](https://github.com/docker/cli/pull/5722) +- !TODO: TestRunCopyFromContainerToFilesystem: use Tar without options [docker/cli#5710](https://github.com/docker/cli/pull/5710) +- !TODO: contrib/completion: remove deprecated --api-cors-header [docker/cli#5725](https://github.com/docker/cli/pull/5725) +- !TODO: vendor: github.com/docker/docker a72026acbbdf (master, v28.0.0-dev) [docker/cli#5711](https://github.com/docker/cli/pull/5711) +- !TODO: vendor: github.com/moby/term v0.5.2 [docker/cli#5727](https://github.com/docker/cli/pull/5727) +- !TODO: vendor: github.com/docker/docker ad6929339acd (master, v28.0.0-dev) [docker/cli#5703](https://github.com/docker/cli/pull/5703) +- !TODO: Fix container cp test to separate source and destination [docker/cli#5715](https://github.com/docker/cli/pull/5715) +- !TODO: golangci-lint: sync some depguard settings with moby/moby [docker/cli#5709](https://github.com/docker/cli/pull/5709) +- !TODO: Drop support for fluentd-async-connect [docker/cli#5740](https://github.com/docker/cli/pull/5740) +- !TODO: gha/build: Publish bin image for release branches [docker/cli#5734](https://github.com/docker/cli/pull/5734) +- !TODO: vendor: google.golang.org/grpc v1.68.1, google.golang.org/genproto 324edc3d5d38 [docker/cli#5745](https://github.com/docker/cli/pull/5745) +- !TODO: vendor: github.com/docker/docker 50212d215ba7 (master, v28.0-dev) [docker/cli#5728](https://github.com/docker/cli/pull/5728) +- !TODO: vendor: github.com/docker/docker 69687190936d (master, v28.0-dev) [docker/cli#5708](https://github.com/docker/cli/pull/5708) +- !TODO: vendor: otel v0.56.0 / v1.31.0 [docker/cli#5750](https://github.com/docker/cli/pull/5750) +- !TODO: vendor: github.com/creack/pty v1.1.24 [docker/cli#5746](https://github.com/docker/cli/pull/5746) +- !TODO: cli/command/plugin: runCreate: minor cleanup [docker/cli#5729](https://github.com/docker/cli/pull/5729) +- !TODO: ci: update bake-action to v6 [docker/cli#5737](https://github.com/docker/cli/pull/5737) +- !TODO: update cli-docs-tool to v0.9.0, go-md2man v2.0.6 [docker/cli#5741](https://github.com/docker/cli/pull/5741) +- !TODO: vendor: github.com/mattn/go-runewidth v0.0.16 [docker/cli#5748](https://github.com/docker/cli/pull/5748) +- !TODO: cli/command: update semconv to 1.26.0 [docker/cli#5751](https://github.com/docker/cli/pull/5751) +- !TODO: switch to gopkg.in/yaml.v3 [docker/cli#5752](https://github.com/docker/cli/pull/5752) +- !TODO: gha: Adjust release branches [docker/cli#5763](https://github.com/docker/cli/pull/5763) +- !TODO: cli/tree: Use single character triple dot [docker/cli#5758](https://github.com/docker/cli/pull/5758) +- !TODO: Dockerfile: dev-container: update buildx v0.20.0, compose v2.32.4 [docker/cli#5765](https://github.com/docker/cli/pull/5765) +- !TODO: pkg/command: wrap `jsonmessage.DisplayJSONMessagesStream` with go context [docker/cli#5663](https://github.com/docker/cli/pull/5663) +- !TODO: Dockerfile: update to alpine 3.21 [docker/cli#5767](https://github.com/docker/cli/pull/5767) +- !TODO: Makefile: add "shell-completion" target [docker/cli#5770](https://github.com/docker/cli/pull/5770) +- !TODO: remove dockerd man-page (moved back to moby repository) [docker/cli#5773](https://github.com/docker/cli/pull/5773) From 8d081aaf8bf07380b1c42a6e195aaf8669dc4e96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Tue, 11 Feb 2025 14:05:11 +0100 Subject: [PATCH 3/9] remove rejected MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paweł Gronowski --- content/manuals/engine/release-notes/28.md | 682 --------------------- 1 file changed, 682 deletions(-) diff --git a/content/manuals/engine/release-notes/28.md b/content/manuals/engine/release-notes/28.md index 091c66f94b5..33d52987726 100644 --- a/content/manuals/engine/release-notes/28.md +++ b/content/manuals/engine/release-notes/28.md @@ -263,685 +263,3 @@ For a full list of pull requests and changes in this release, refer to the relev - Removed an `iptables` mangle rule for checksumming SCTP. The rule can be re-enabled by setting `DOCKER_IPTABLES_SCTP_CHECKSUM=1` in the daemon's environment. This override will be removed in a future release. [moby/moby#48149](https://github.com/moby/moby/pull/48149) - Faster connection to bridge networks, in most cases. [moby/moby#49302](https://github.com/moby/moby/pull/49302) - - - - - - - - - - - -### Rejected (backported or no impact label) - -- Add a couple of iptables rules to filter on the input interface for NAT port mappings. This will prevent rogue neighboring hosts from accessing port mappings that aren't published in the same subnet / L2 segment. -- Fix an issue that meant published ports from one container on a bridge network were not accessible from another container on the same network with `userland-proxy` disabled, if the kernel's `br_netfilter` module was not loaded and enabled. The daemon will now attempt to load the module and enable `bridge-nf-call-iptables` or `bridge-nf-call-ip6tables` when creating a network with the userland proxy disabled. [moby/moby#48676](https://github.com/moby/moby/pull/48676) -- Preserve network labels during daemon startup. [moby/moby#49196](https://github.com/moby/moby/pull/49196) -- Fix a bug that was preventing containers exposing a TCP port on the host to be restarted if it was accessed by another container (or from the host) shortly before. [moby/moby#48567](https://github.com/moby/moby/pull/48567) -- !TODO: fix some gofmt issues reported by goreportcard [moby/moby#48080](https://github.com/moby/moby/pull/48080) -- Fix "fail to register layer: failed to Lchown" errors when trying to pull an image with rootless enabled on a system that supports native overlay with user-namespaces. [moby/moby#48083](https://github.com/moby/moby/pull/48083) -- Fix a regression that incorrectly reported a port mapping from a host IPv6 address to an IPv4-only container as an error. [moby/moby#48088](https://github.com/moby/moby/pull/48088) -- !TODO: cleanup: Remove unnecessary return value [moby/moby#48095](https://github.com/moby/moby/pull/48095) -- !TODO: daemon/logger, volume/drivers: remove redundant import-aliases [moby/moby#48098](https://github.com/moby/moby/pull/48098) -- !TODO: errdefs: FromStatusCode(): use early returns [moby/moby#48100](https://github.com/moby/moby/pull/48100) -- !TODO: vendor: github.com/microsoft/hcsshim v0.11.7 [moby/moby#48091](https://github.com/moby/moby/pull/48091) -- !TODO: do another run of gofumpt [moby/moby#48081](https://github.com/moby/moby/pull/48081) -- !TODO: builder/builder-next: applySourcePolicies: remove redundant check and vars [moby/moby#48070](https://github.com/moby/moby/pull/48070) -- !TODO: pkg/rootless/specconv: move to internal [moby/moby#48110](https://github.com/moby/moby/pull/48110) -- api/types/system: remove deprecated Info.ExecutionDriver [moby/moby#48111](https://github.com/moby/moby/pull/48111) -- Upgrade containerd to v1.7.19 (static binaries only). [moby/moby#48117](https://github.com/moby/moby/pull/48117) -- !TODO: daemon/logger/journald: add //nolint:unused for readSyncTimeout [moby/moby#48115](https://github.com/moby/moby/pull/48115) -- This release updates the Go runtime to 1.21.11 which contains security fixes for [CVE-2024-24791](https://github.com/advisories/GHSA-hw49-2p59-3mhj) -Update Go runtime to 1.21.12 [moby/moby#48120](https://github.com/moby/moby/pull/48120) -- !TODO: update to go1.21.12 [part 2] [moby/moby#48121](https://github.com/moby/moby/pull/48121) -- !TODO: api/types/container: InspectResponse: keep old name for embedded type [moby/moby#48124](https://github.com/moby/moby/pull/48124) -- !TODO: vendor: update dependencies in preparation of BuildKit v0.15 [moby/moby#48127](https://github.com/moby/moby/pull/48127) -- !TODO: vendor: github.com/containerd/containerd v1.7.19, migrate to github.com/containerd/platforms module [moby/moby#47142](https://github.com/moby/moby/pull/47142) -- rootless: add `Requires=dbus.socket` [moby/moby#48134](https://github.com/moby/moby/pull/48134) -- !TODO: daemon/graphdriver: split, internalize packages to separate snapshotters and graphdrivers [moby/moby#48092](https://github.com/moby/moby/pull/48092) -- !TODO: vendor: update buildkit to v0.15.0-rc1 [moby/moby#48126](https://github.com/moby/moby/pull/48126) -- !TODO: Fix API version in TestSetInterfaceSysctl [moby/moby#48156](https://github.com/moby/moby/pull/48156) -- !TODO: docs/api: Add missing ` [moby/moby#48154](https://github.com/moby/moby/pull/48154) -- Update Buildkit to v0.15.0-rc2 [moby/moby#48150](https://github.com/moby/moby/pull/48150) -- Update Buildkit to v0.15.0 [moby/moby#48159](https://github.com/moby/moby/pull/48159) -- !TODO: all: switch to Go 1.19 atomics [moby/moby#48139](https://github.com/moby/moby/pull/48139) -- !TODO: Dockerfile: update compose to v2.28.1, update cli to v27.0.2 [moby/moby#48073](https://github.com/moby/moby/pull/48073) -- !TODO: update golangci-lint to v1.59.1 [moby/moby#48058](https://github.com/moby/moby/pull/48058) -- api/types: deprecate `ContainerJSONBase.Node` field and `ContainerNode` type. These definitions were used by the standalone ("classic") Swarm API, but never implemented in the Docker Engine itself. [moby/moby#48055](https://github.com/moby/moby/pull/48055) -- !TODO: daemon/graphdriver, layer: rename vars that shadowed imports [moby/moby#48071](https://github.com/moby/moby/pull/48071) -- Fix a regression that caused duplicate subnet allocations when creating networks. [moby/moby#48084](https://github.com/moby/moby/pull/48084) -- containerd integration: `image tag` event is now properly emitted when building images with Buildkit [moby/moby#48078](https://github.com/moby/moby/pull/48078) -- !TODO: daemon/graphdriver: remove Capabilities, CapabilityDriver [moby/moby#48143](https://github.com/moby/moby/pull/48143) -- !TODO: vendor: cloud.google.com/go/logging v1.9.0 [moby/moby#48165](https://github.com/moby/moby/pull/48165) -- !TODO: rm regexp use [moby/moby#48169](https://github.com/moby/moby/pull/48169) -- !TODO: README: replace obsolete Docker EE mention [moby/moby#48176](https://github.com/moby/moby/pull/48176) -- !TODO: Dockerfile: update buildx to v0.16.1, compose to v2.29.0 [moby/moby#48186](https://github.com/moby/moby/pull/48186) -- !TODO: gha: check-pr-branch: verify major version only [moby/moby#48177](https://github.com/moby/moby/pull/48177) -- !TODO: gha: check-pr-branch: fix branch check regression [moby/moby#48194](https://github.com/moby/moby/pull/48194) -- Upgrade containerd to v1.7.20 (static binaries only). [moby/moby#48190](https://github.com/moby/moby/pull/48190) -- !TODO: vendor: update moby/sys modules [moby/moby#48189](https://github.com/moby/moby/pull/48189) -- !TODO: vendor: github.com/containerd/containerd v1.7.20 [moby/moby#48188](https://github.com/moby/moby/pull/48188) -- !TODO: contrib/check-config.sh: remove special case for userns on CentOS/RHEL 7 [moby/moby#48212](https://github.com/moby/moby/pull/48212) -- Update BuildKit to v0.15.1 [moby/moby#48239](https://github.com/moby/moby/pull/48239) -- Fix a regression that could result in a `ResourceExhausted desc = grpc: received message larger than max` error when building from a large Dockerfile [moby/moby#48242](https://github.com/moby/moby/pull/48242) -- !TODO: images: Extract ImageInspect from GetImage [moby/moby#48240](https://github.com/moby/moby/pull/48240) -- !TODO: daemon: remove setMayDetachMounts (set may_detach_mounts=1 on startup) [moby/moby#48210](https://github.com/moby/moby/pull/48210) -- !TODO: daemon: isPermissibleC8dRuntimeName: use local utility to reduce c8d deps [moby/moby#48251](https://github.com/moby/moby/pull/48251) -- !TODO: daemon: remove unused import [moby/moby#48263](https://github.com/moby/moby/pull/48263) -- dockerd-rootless-setuptool.sh: move RootlessKit smoke test [moby/moby#48216](https://github.com/moby/moby/pull/48216) -- !TODO: vendor: github.com/gofrs/flock v0.12.1 [moby/moby#48234](https://github.com/moby/moby/pull/48234) -- !TODO: migrate to github.com/moby/sys/user/userns [moby/moby#48170](https://github.com/moby/moby/pull/48170) -- !TODO: vendor: github.com/moby/sys/sequential v0.6.0 [moby/moby#48198](https://github.com/moby/moby/pull/48198) -- Adjust GitHub actions permissions. [moby/moby#48262](https://github.com/moby/moby/pull/48262) -- !TODO: libnetwork/networkdb: switch to go-immutable-radix v2 [moby/moby#48157](https://github.com/moby/moby/pull/48157) -- !TODO: hack: explicitly control enabling the journald logging driver [moby/moby#47789](https://github.com/moby/moby/pull/47789) -- !TODO: plugin, api/types: fix typos and GoDoc [moby/moby#48279](https://github.com/moby/moby/pull/48279) -- !TODO: Improve documentation around maintenance, building, and packaging [moby/moby#46772](https://github.com/moby/moby/pull/46772) -- !TODO: daemon: assorted cleanups and minor improvements [moby/moby#48244](https://github.com/moby/moby/pull/48244) -- !TODO: libcontainerd/supervisor: remove remnants of adjusting oom-score [moby/moby#48252](https://github.com/moby/moby/pull/48252) -- !TODO: hack/make: suppress "not mounted" message [moby/moby#48272](https://github.com/moby/moby/pull/48272) -- n/a [moby/moby#48281](https://github.com/moby/moby/pull/48281) -- Update Go runtime to 1.21.13 [moby/moby#48300](https://github.com/moby/moby/pull/48300) -- !TODO: Makefile: Add BIND_GIT variable [moby/moby#48303](https://github.com/moby/moby/pull/48303) -- !TODO: touch-up security policy [moby/moby#48280](https://github.com/moby/moby/pull/48280) -- > `GET /images/json` response now includes `Manifests` field, which contains information about the sub-manifests included in the image index. This includes things like platform-specific manifests and build attestations. -> The new field will only be populated if the request also sets the `manifests` query parameter to `true`. -> [!WARNING] -> -> This is experimental and may change at any time without any backward compatibility. [moby/moby#47526](https://github.com/moby/moby/pull/47526) -- !TODO: Clean up networks in 'integration/network' tests [moby/moby#48217](https://github.com/moby/moby/pull/48217) -- !TODO: vendor: golang.org/x/time v0.5.0, google.golang.org/grpc v1.62.0 [moby/moby#48283](https://github.com/moby/moby/pull/48283) -- !TODO: vendor: github.com/containerd/nydus-snapshotter v0.14.0 [moby/moby#48288](https://github.com/moby/moby/pull/48288) -- !TODO: c8d/image: Simplify `presentImages` and better "platform not found" error [moby/moby#48276](https://github.com/moby/moby/pull/48276) -- !TODO: c8d/list: Fix `Total` size calculation [moby/moby#48330](https://github.com/moby/moby/pull/48330) -- Update BuildKit to v0.15.2 [moby/moby#48340](https://github.com/moby/moby/pull/48340) -- !TODO: fix deprecation comments, and update some godoc [moby/moby#48324](https://github.com/moby/moby/pull/48324) -- !TODO: c8d/list: Don't require `opts.ContainerCount` for manifest containers [moby/moby#48345](https://github.com/moby/moby/pull/48345) -- !TODO: feat(stream): log the event when stream copy failed [moby/moby#48334](https://github.com/moby/moby/pull/48334) -- !TODO: vendor.mod: github.com/microsoft/hcsshim v0.12.5 [moby/moby#48174](https://github.com/moby/moby/pull/48174) -- !TODO: integration/container: rename var that collided with import [moby/moby#48351](https://github.com/moby/moby/pull/48351) -- !TODO: libcontainerd/supervisor: consolidate platform-specific defaults [moby/moby#48353](https://github.com/moby/moby/pull/48353) -- !TODO: Dockerfile: update xx to v1.5.0 [moby/moby#48261](https://github.com/moby/moby/pull/48261) -- !TODO: libcontainerd/supervisor: set log-level through the config-file [moby/moby#48355](https://github.com/moby/moby/pull/48355) -- !TODO: vendor: tags.cncf.io/container-device-interface v0.8.0 [moby/moby#48371](https://github.com/moby/moby/pull/48371) -- !TODO: libnetwork: resolvconf: remove dependency on errdefs [moby/moby#48370](https://github.com/moby/moby/pull/48370) -- !TODO: c8d/list: Fix race condition when traversing containers [moby/moby#48367](https://github.com/moby/moby/pull/48367) -- !TODO: vendor: dario.cat/mergo v1.0.1 [moby/moby#48372](https://github.com/moby/moby/pull/48372) -- containerd image store: Fix early error exit from `docker load` in cases where unpacking the image would fail [moby/moby#48293](https://github.com/moby/moby/pull/48293) -- containerd image store: Fix the previous image not being persisted as dangling after `docker pull`. [moby/moby#48374](https://github.com/moby/moby/pull/48374) -- Update containerd (static binaries only) to [v1.7.21](https://github.com/containerd/containerd/releases/tag/v1.7.21) [moby/moby#48382](https://github.com/moby/moby/pull/48382) -- !TODO: vendor: github.com/vishvananda/netlink v1.3.0 [moby/moby#48368](https://github.com/moby/moby/pull/48368) -- !TODO: Fix linting issues in preparation of Go and GolangCI-lint update [moby/moby#48359](https://github.com/moby/moby/pull/48359) -- !TODO: libnetwork/portallocator: assorted cleanups [moby/moby#48373](https://github.com/moby/moby/pull/48373) -- !TODO: vendor.mod: golang.org/x/* latest [moby/moby#48398](https://github.com/moby/moby/pull/48398) -- containerd image store: Fix non-container images being hidden in the `docker images` output [moby/moby#48399](https://github.com/moby/moby/pull/48399) -- !TODO: govulncheck to report known vulnerabilities [moby/moby#48311](https://github.com/moby/moby/pull/48311) -- !TODO: Dockerfile: update registry to v3.0.0-beta.1 [moby/moby#48403](https://github.com/moby/moby/pull/48403) -- !TODO: add Austin Vazquez (austinvazquez) to curators [moby/moby#48310](https://github.com/moby/moby/pull/48310) -- !TODO: remove leftovers for building docker-proxy on Windows [moby/moby#48318](https://github.com/moby/moby/pull/48318) -- !TODO: migrate to github.com/moby/sys/userns [moby/moby#48307](https://github.com/moby/moby/pull/48307) -- !TODO: api/swagger: fix x-nullable for SystemInfo.Containerd (api v1.46) [moby/moby#48275](https://github.com/moby/moby/pull/48275) -- !TODO: man: create parent directories in install recipe [moby/moby#48388](https://github.com/moby/moby/pull/48388) -- !TODO: hack/make/.binary: enable pie mode on windows/arm64 [moby/moby#48421](https://github.com/moby/moby/pull/48421) -- containerd image store: Improve `docker pull` error message when the image platform doesn't match [moby/moby#48414](https://github.com/moby/moby/pull/48414) -- update to go1.22.6 [moby/moby#46982](https://github.com/moby/moby/pull/46982) -- !TODO: add more //go:build directives to prevent downgrading to go1.16 [moby/moby#48434](https://github.com/moby/moby/pull/48434) -- !TODO: gha/bin-image: Also run on branches like `27.x` [moby/moby#48450](https://github.com/moby/moby/pull/48450) -- !TODO: container/stream: Config.CloseStreams(): use errors.Join [moby/moby#48435](https://github.com/moby/moby/pull/48435) -- !TODO: vendor: update buildkit to v0.16.0-rc1 [moby/moby#48309](https://github.com/moby/moby/pull/48309) -- !TODO: vendor: github.com/opencontainers/runc v1.1.14 [moby/moby#48425](https://github.com/moby/moby/pull/48425) -- Update Go to 1.22.7 [moby/moby#48432](https://github.com/moby/moby/pull/48432) -- Add support for RISC-V (riscv64) architecture in Docker's seccomp profile handling. [moby/moby#48455](https://github.com/moby/moby/pull/48455) -- !TODO: vendor: update buildkit to v0.16.0 [moby/moby#48472](https://github.com/moby/moby/pull/48472) -- When reading logs with the `jsonfile` or `local` log drivers, any errors while trying to read or parse underlying log files will cause the rest of the file to be skipped and move to the next log file (if one exists) rather than returning an error to the client and closing the stream. -The errors are viewable in the dockerd logs and exported to traces when tracing is configured. - -When reading log files, compressed log files are now only decompressed when needed rather than decompressing all files before starting the log stream. [moby/moby#47983](https://github.com/moby/moby/pull/47983) -- !TODO: internal/unix_noeintr: fix godoc for package [moby/moby#48453](https://github.com/moby/moby/pull/48453) -- !TODO: api/swagger: update deprecation version for erroneous fields [moby/moby#48446](https://github.com/moby/moby/pull/48446) -- Upgrade `runc` to [v1.1.14](https://github.com/opencontainers/runc/releases/tag/v1.1.14), which contains a fix for [CVE-2024-45310](https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv). [moby/moby#48424](https://github.com/moby/moby/pull/48424) -- !TODO: Fix typos [moby/moby#48393](https://github.com/moby/moby/pull/48393) -- Update containerd (static binaries only) to [v1.7.22](https://github.com/containerd/containerd/releases/tag/v1.7.22) [moby/moby#48458](https://github.com/moby/moby/pull/48458) -- !TODO: docs/api: add documentation for API v1.47 [moby/moby#48422](https://github.com/moby/moby/pull/48422) -- !TODO: integration/system: rename vars to prevent shadowing imports [moby/moby#48473](https://github.com/moby/moby/pull/48473) -- !TODO: api: swagger: fix documentation for image push endpoint [moby/moby#48443](https://github.com/moby/moby/pull/48443) -- Update Buildkit to v0.16.0-rc2 [moby/moby#48456](https://github.com/moby/moby/pull/48456) -- !TODO: project: update 23.0 EOL and add 25.0 LTM branch [moby/moby#48474](https://github.com/moby/moby/pull/48474) -- !TODO: update RootlessKit to v2.3.1 [moby/moby#48172](https://github.com/moby/moby/pull/48172) -- Add a `--feature` flag to the daemon options. [moby/moby#48167](https://github.com/moby/moby/pull/48167) -- !TODO: TestIPRangeAt64BitLimit: remove colon after XFAIL to help grepping [moby/moby#48480](https://github.com/moby/moby/pull/48480) -- containerd integration: Fix `docker image prune -a` untagging images used by containers started from images referenced by a digested reference. [moby/moby#48076](https://github.com/moby/moby/pull/48076) -- !TODO: image/tarexport: fix some minor linting issues [moby/moby#48467](https://github.com/moby/moby/pull/48467) -- !TODO: layer: layerStore.deleteLayer(): remove redundant error-check [moby/moby#48461](https://github.com/moby/moby/pull/48461) -- !TODO: man: update dockerd man-page to include --feature flag [moby/moby#48486](https://github.com/moby/moby/pull/48486) -- !TODO: Dockerfile: Update CLI, buildx and compose [moby/moby#48475](https://github.com/moby/moby/pull/48475) -- n/a [moby/moby#48497](https://github.com/moby/moby/pull/48497) -- !TODO: man: remove docs for deprecated --api-cors-header [moby/moby#48504](https://github.com/moby/moby/pull/48504) -- !TODO: dockerd: fix docs, improve validation and improve coverage of "--feature" flag [moby/moby#48502](https://github.com/moby/moby/pull/48502) -- Fix an issue that prevented communication between containers on an IPv4 bridge network -when running with `--iptables=false`, `--ip6tables=true` (the default), a firewall with a -DROP rule for forwarded packets on hosts where the `br_netfilter` kernel module was not -normally loaded. [moby/moby#48492](https://github.com/moby/moby/pull/48492) -- !TODO: man: dockerd: add description for --log-format option [moby/moby#48505](https://github.com/moby/moby/pull/48505) -- !TODO: cmd/dockerd: runDaemon: extract platform-agnostic code [moby/moby#48519](https://github.com/moby/moby/pull/48519) -- !TODO: gha: govulncheck: make sure read permissions are set [moby/moby#48524](https://github.com/moby/moby/pull/48524) -- !TODO: gha: add CodeQL Analysis workflow [moby/moby#47034](https://github.com/moby/moby/pull/47034) -- !TODO: libnet/ds, libnet/config: various cleanups [moby/moby#47992](https://github.com/moby/moby/pull/47992) -- !TODO: cmd/dockerd: assorted changes to improve context-passing, config loading [moby/moby#47412](https://github.com/moby/moby/pull/47412) -- !TODO: cmd/dockerd: use golang.org/x/sys/windows/service param-change consts [moby/moby#48513](https://github.com/moby/moby/pull/48513) -- n/a [moby/moby#48407](https://github.com/moby/moby/pull/48407) -- !TODO: Dockerfile: update buildx to v0.17.1, compose to v2.29.4 [moby/moby#48509](https://github.com/moby/moby/pull/48509) -- !TODO: daemon/exec: don't overwrite exit code if set [moby/moby#48552](https://github.com/moby/moby/pull/48552) -- Update Go runtime to 1.22.8 [moby/moby#48573](https://github.com/moby/moby/pull/48573) -- !TODO: integration: Add tests for port mappings [moby/moby#48545](https://github.com/moby/moby/pull/48545) -- !TODO: api: postImagesLoad: fix API version for platform [moby/moby#48588](https://github.com/moby/moby/pull/48588) -- !TODO: gha: buildkit: make sure expected Go version is installed [moby/moby#48615](https://github.com/moby/moby/pull/48615) -- !TODO: vendor assorted dependencies in preparation of BuildKit v0.17 [moby/moby#48613](https://github.com/moby/moby/pull/48613) -- !TODO: integration/build: remove TestBuildWithSession, and fsutil direct dependency [moby/moby#48628](https://github.com/moby/moby/pull/48628) -- !TODO: gha: add guardrails timeouts on all jobs [moby/moby#48629](https://github.com/moby/moby/pull/48629) -- !TODO: gha: remove stray double empty line [moby/moby#48636](https://github.com/moby/moby/pull/48636) -- Update BuildKit to [v0.17.0-rc1](https://github.com/moby/buildkit/releases/tag/v0.17.0-rc1) [moby/moby#48634](https://github.com/moby/moby/pull/48634) -- !TODO: gha: restrict cross and bin-image to 20 minutes [moby/moby#48645](https://github.com/moby/moby/pull/48645) -- !TODO: Touch-up some errors for missing platforms [moby/moby#48631](https://github.com/moby/moby/pull/48631) -- !TODO: gha: more limits, update alpine version, and some minor improvements [moby/moby#48654](https://github.com/moby/moby/pull/48654) -- !TODO: builder/builder-next: Builder.Build: use network-mode consts [moby/moby#48652](https://github.com/moby/moby/pull/48652) -- !TODO: docs: api: document w (width) and h (height) query params as required [moby/moby#48663](https://github.com/moby/moby/pull/48663) -- !TODO: update links to API documentation [moby/moby#48653](https://github.com/moby/moby/pull/48653) -- n/a [moby/moby#48598](https://github.com/moby/moby/pull/48598) -- !TODO: container/integration: TestResize: add more test-cases, and add TestExecResize [moby/moby#48665](https://github.com/moby/moby/pull/48665) -- !TODO: daemon: killWithSignal: use more structured logs [moby/moby#48673](https://github.com/moby/moby/pull/48673) -- container: deprecate ErrNameReserved, ErrNameNotReserved [moby/moby#48668](https://github.com/moby/moby/pull/48668) -- !TODO: README: add some badges [moby/moby#48655](https://github.com/moby/moby/pull/48655) -- !TODO: api/server/httputils: DecodePlatform: improve test-coverage [moby/moby#48680](https://github.com/moby/moby/pull/48680) -- !TODO: distribution: remove formatPlatform utility [moby/moby#48682](https://github.com/moby/moby/pull/48682) -- !TODO: build: create distinct history db for each store [moby/moby#48565](https://github.com/moby/moby/pull/48565) -- !TODO: vendor: github.com/moby/swarmkit/v2 v2.0.0-20241017191044-e8ecf83ee08e [moby/moby#48686](https://github.com/moby/moby/pull/48686) -- !TODO: ci: run integration tests with firewalld enabled [moby/moby#48603](https://github.com/moby/moby/pull/48603) -- Fix a possible memory leak caused by OTEL meters [moby/moby#48690](https://github.com/moby/moby/pull/48690) -- dockerd-rootless-setuptool.sh: let --force ignore smoke test errors [moby/moby#48683](https://github.com/moby/moby/pull/48683) -- !TODO: volume/service: change some logs to use structured logs [moby/moby#48675](https://github.com/moby/moby/pull/48675) -- api: `GET /images/json` with the `manifests` option enabled now preserves the original order in which manifests appeared in the manifest-index. [moby/moby#48701](https://github.com/moby/moby/pull/48701) -- After a daemon restart with live-restore, ensure an iptables jump to the DOCKER-USER chain is placed before other rules. [moby/moby#48577](https://github.com/moby/moby/pull/48577) -- !TODO: pkg/stringid: replace TestShortenIdXXX with TestTruncateID table test [moby/moby#48707](https://github.com/moby/moby/pull/48707) -- !TODO: daemon: Daemon.newContainer: inline Daemon.generateHostname [moby/moby#48704](https://github.com/moby/moby/pull/48704) -- !TODO: pkg/stringid: optimize GenerateRandomID [moby/moby#48706](https://github.com/moby/moby/pull/48706) -- daemon: deprecate `Daemon.Exists()` and `Daemon.IsPaused()`. These functions are no longer used and will be removed in the next release. [moby/moby#48670](https://github.com/moby/moby/pull/48670) -- !TODO: Increase flaky test sleep, replace deprecated assert [moby/moby#48417](https://github.com/moby/moby/pull/48417) -- !TODO: vendor: go.etcd.io/etcd v3.5.16, go.etcd.io/etcd/server/v3 v3.5.16 [moby/moby#48650](https://github.com/moby/moby/pull/48650) -- !TODO: daemon: use OwnCgroupPath in withCgroups [moby/moby#48730](https://github.com/moby/moby/pull/48730) -- !TODO: client.ContainerCreate: use container.CreateRequest instead of local type [moby/moby#48553](https://github.com/moby/moby/pull/48553) -- !TODO: client: explicitly return zero-type on failures in prune functions [moby/moby#48713](https://github.com/moby/moby/pull/48713) -- !TODO: Dockerfile: update docker CLI to v27.3.1, compose to v2.29.7 [moby/moby#48537](https://github.com/moby/moby/pull/48537) -- Support WSL2 mirrored-mode networking's use of interface `loopback0` for packets from the Windows host. [moby/moby#48075](https://github.com/moby/moby/pull/48075) -- !TODO: runconfig: validateNetContainerMode: simplify validation [moby/moby#48554](https://github.com/moby/moby/pull/48554) -- !TODO: daemon: remove Daemon.containerRoot, Daemon.newBaseContainer [moby/moby#48725](https://github.com/moby/moby/pull/48725) -- !TODO: Update download-frozen-image-v2.sh added OCI v1 support (carry 48533) [moby/moby#48546](https://github.com/moby/moby/pull/48546) -- !TODO: vendor: github.com/cyphar/filepath-securejoin v0.3.4 [moby/moby#48732](https://github.com/moby/moby/pull/48732) -- !TODO: daemon: remove configsSupported, secretsSupported utilities [moby/moby#48703](https://github.com/moby/moby/pull/48703) -- !TODO: vendor: github.com/cilium/ebpf v0.16.0 [moby/moby#48735](https://github.com/moby/moby/pull/48735) -- !TODO: vendor: github.com/opencontainers/selinux v1.11.1 [moby/moby#48741](https://github.com/moby/moby/pull/48741) -- !TODO: vendor: google.golang.org/protobuf v1.34.2 [moby/moby#48751](https://github.com/moby/moby/pull/48751) -- !TODO: container: update confusing GoDoc for Container and State [moby/moby#48726](https://github.com/moby/moby/pull/48726) -- !TODO: client: prevent idle connections leaking FDs [moby/moby#48736](https://github.com/moby/moby/pull/48736) -- !TODO: vendor: github.com/prometheus/client_golang v1.20.5 [moby/moby#48753](https://github.com/moby/moby/pull/48753) -- !TODO: vendor: github.com/go-logr/logr v1.4.2, github.com/cenkalti/backoff/v4 v4.3.0 [moby/moby#48752](https://github.com/moby/moby/pull/48752) -- Fix anonymous volumes being created through the `--mount` option not being marked as anonymous. [moby/moby#48754](https://github.com/moby/moby/pull/48754) -- !TODO: demon: ImageService.Mount: use structured logs [moby/moby#48770](https://github.com/moby/moby/pull/48770) -- !TODO: vendor: github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 [moby/moby#48750](https://github.com/moby/moby/pull/48750) -- !TODO: inte/t/networking: delete veth ifaces before netns [moby/moby#48749](https://github.com/moby/moby/pull/48749) -- !TODO: api/types/filters: GetBoolOrDefault: remove unreachableCode [moby/moby#48745](https://github.com/moby/moby/pull/48745) -- !TODO: volume: VolumesService.Create: fix log-level for debug logs [moby/moby#48767](https://github.com/moby/moby/pull/48767) -- !TODO: internal/safepath: log some unhandled errors, and remove workaround for ECI / Sysbox [moby/moby#48774](https://github.com/moby/moby/pull/48774) -- !TODO: Update tmLanguage file to cover first escape character [moby/moby#36766](https://github.com/moby/moby/pull/36766) -- !TODO: daemon: cdiHandler.getErrors: remove var that shadowed import [moby/moby#48771](https://github.com/moby/moby/pull/48771) -- !TODO: remove redundant alias for runtime-spec [moby/moby#48769](https://github.com/moby/moby/pull/48769) -- !TODO: volume/mounts: minor linting issues, touch-ups, and improve test-coverage [moby/moby#48776](https://github.com/moby/moby/pull/48776) -- TODO add change-log for buildkit changes [moby/moby#48792](https://github.com/moby/moby/pull/48792) -- !TODO: builder-next: exporter: emptyImageConfig: use platform directly [moby/moby#48794](https://github.com/moby/moby/pull/48794) -- !TODO: hack/unit: Rerun failed flaky libnetwork tests [moby/moby#47553](https://github.com/moby/moby/pull/47553) -- !TODO: vendor: github.com/Microsoft/hcsshim v0.12.7 [moby/moby#48790](https://github.com/moby/moby/pull/48790) -- !TODO: vendor: go.opentelemetry.io/otel v1.28.0, go.opentelemetry.io/contrib v0.53.0 [moby/moby#48757](https://github.com/moby/moby/pull/48757) -- !TODO: volume/service: use local driver as default for anonymous volumes [moby/moby#48775](https://github.com/moby/moby/pull/48775) -- containerd image store: Fix `docker image inspect` outputting duplicate references in `RepoDigests`. [moby/moby#48777](https://github.com/moby/moby/pull/48777) -- !TODO: Revert "ci: run integration tests with firewalld enabled" [moby/moby#48788](https://github.com/moby/moby/pull/48788) -- !TODO: client: Client.ImageHistory: don't decorate error twice, and improve tests [moby/moby#48819](https://github.com/moby/moby/pull/48819) -- !TODO: libnetwork: endpointJoinInfo.UnmarshalJSON: fix shadowed variable (go… [moby/moby#48822](https://github.com/moby/moby/pull/48822) -- !TODO: vendor: github.com/containerd/containerd v1.7.23, hcsshim v0.12.8 [moby/moby#48544](https://github.com/moby/moby/pull/48544) -- !TODO: fix, and update golangci-lint config, and fix some linting issues [moby/moby#48824](https://github.com/moby/moby/pull/48824) -- !TODO: api/swagger: Improve description for platform in images/push [moby/moby#48357](https://github.com/moby/moby/pull/48357) -- !TODO: vendor: github.com/containerd/typeurl v2.2.3 [moby/moby#48827](https://github.com/moby/moby/pull/48827) -- !TODO: golangci: enable all govet linters, run gosec on tests as well [moby/moby#48825](https://github.com/moby/moby/pull/48825) -- !TODO: all: Remove redundant `units` alias for `go-units` [moby/moby#48834](https://github.com/moby/moby/pull/48834) -- Update BuildKit to v0.17.1 [moby/moby#48836](https://github.com/moby/moby/pull/48836) -- !TODO: Registry host configuration cleanup [moby/moby#47380](https://github.com/moby/moby/pull/47380) -- Update BuildKit to v0.17.0 [moby/moby#48801](https://github.com/moby/moby/pull/48801) -- !TODO: client: add utilities to encode platforms [moby/moby#48806](https://github.com/moby/moby/pull/48806) -- !TODO: c8d/save: Add tests [moby/moby#48722](https://github.com/moby/moby/pull/48722) -- deprecate pkg/platform: this package is only used internally, and will be removed in the next release. [moby/moby#48862](https://github.com/moby/moby/pull/48862) -- !TODO: Dockerfile: update registry to v3.0.0-rc.1 [moby/moby#48848](https://github.com/moby/moby/pull/48848) -- !TODO: ci: re-add firewalld jobs [moby/moby#48756](https://github.com/moby/moby/pull/48756) -- !TODO: update go:build tags to use go1.22, and enable copyloopvar linter [moby/moby#48856](https://github.com/moby/moby/pull/48856) -- !TODO: fix missing go:build tags [moby/moby#48884](https://github.com/moby/moby/pull/48884) -- !TODO: EnableIPv4 will be in API 1.48, not 1.47 [moby/moby#48888](https://github.com/moby/moby/pull/48888) -- !TODO: daemon/logger: logDriverError: use WithFields for logs [moby/moby#48887](https://github.com/moby/moby/pull/48887) -- !TODO: client: improve/refactor some unit-tests and add "platform" test-cases to them [moby/moby#48896](https://github.com/moby/moby/pull/48896) -- !TODO: Move Austin Vazquez (austinvazquez) to maintainers [moby/moby#48873](https://github.com/moby/moby/pull/48873) -- !TODO: Makefile: don't automatically inherit graph-driver from host [moby/moby#48895](https://github.com/moby/moby/pull/48895) -- !TODO: vendor: google.golang.org/grpc v1.66.3 [moby/moby#48898](https://github.com/moby/moby/pull/48898) -- !TODO: client: support multiple platforms on save and load [moby/moby#48902](https://github.com/moby/moby/pull/48902) -- !TODO: hack: Add explicit containerd feature to `daemon.json` [moby/moby#48860](https://github.com/moby/moby/pull/48860) -- !TODO: Dockerfile: update buildx to v0.18.0, compose to v2.30.3 [moby/moby#48866](https://github.com/moby/moby/pull/48866) -- Upgrade `runc` to [v1.2.2](https://github.com/opencontainers/runc/releases/tag/v1.2.2) [moby/moby#47666](https://github.com/moby/moby/pull/47666) -- Upgrade `containerd` (static binaries only) to [v1.7.24](https://github.com/containerd/containerd/releases/tag/v1.7.24) [moby/moby#48918](https://github.com/moby/moby/pull/48918) -- !TODO: runc-1.2.0 merge followups [moby/moby#48766](https://github.com/moby/moby/pull/48766) -- !TODO: volume/testutils: simplify fakePluginGetter [moby/moby#48916](https://github.com/moby/moby/pull/48916) -- !TODO: vendor: github.com/tonistiigi/go-actions-cache 394979b8119e [moby/moby#48932](https://github.com/moby/moby/pull/48932) -- !TODO: update golangci-lint to v1.62.0 [moby/moby#48901](https://github.com/moby/moby/pull/48901) -- !TODO: vendor: resenje.org/singleflight v0.4.3 [moby/moby#48930](https://github.com/moby/moby/pull/48930) -- !TODO: Update containerd to v1.7.24 [moby/moby#48917](https://github.com/moby/moby/pull/48917) -- TODO: add description for changelog [moby/moby#48923](https://github.com/moby/moby/pull/48923) -- !TODO: api/types/filters: rewrite / improve some tests [moby/moby#48945](https://github.com/moby/moby/pull/48945) -- !TODO: client: ImageImport: omit empty query-parameters [moby/moby#48897](https://github.com/moby/moby/pull/48897) -- containerd image-store: fix partially pulled images not being garbage-collected [moby#48910](https://github.com/moby/moby/pull/48910) [moby/moby#48910](https://github.com/moby/moby/pull/48910) -- !TODO: Remove buildkit init timeout [moby/moby#48953](https://github.com/moby/moby/pull/48953) -- Vendor github.com/golang-jwt/jwt/v4@v4.5.1 [moby/moby#48911](https://github.com/moby/moby/pull/48911) -- Fix loading of `bridge` and `br_netfilter` kernel modules. [moby/moby#48960](https://github.com/moby/moby/pull/48960) -- !TODO: vendor: update buildkit to v0.18.0-rc2 [moby/moby#48952](https://github.com/moby/moby/pull/48952) -- !TODO: integration: add wait [moby/moby#48940](https://github.com/moby/moby/pull/48940) -- Ignores "dataset does not exist" error when removing dataset on ZFS (#43080) [moby/moby#48520](https://github.com/moby/moby/pull/48520) -- Update BuildKit to v0.18.0 [moby/moby#48961](https://github.com/moby/moby/pull/48961) -- !TODO: ci: use edge releases of buildx [moby/moby#48982](https://github.com/moby/moby/pull/48982) -- !TODO: integration/container: TestCDISpecDirsAreInSystemInfo: use fixtures [moby/moby#48929](https://github.com/moby/moby/pull/48929) -- !TODO: tests: migrate assertions to be more modern [moby/moby#48915](https://github.com/moby/moby/pull/48915) -- !TODO: vendor: github.com/vishvananda/netns v0.0.5 [moby/moby#48937](https://github.com/moby/moby/pull/48937) -- !TODO: daemon: Daemon.RegistryHosts: use internal method to get daemon config [moby/moby#48984](https://github.com/moby/moby/pull/48984) -- !TODO: cmd/dockerd: newRouterOptions: rename arg that shadowed import [moby/moby#48980](https://github.com/moby/moby/pull/48980) -- !TODO: integration: remove default poll delay and timeouts [moby/moby#48956](https://github.com/moby/moby/pull/48956) -- !TODO: gofumpt code [moby/moby#48978](https://github.com/moby/moby/pull/48978) -- !TODO: cmd/dockerd: change routerOptions.Build to a regular func [moby/moby#48986](https://github.com/moby/moby/pull/48986) -- !TODO: daemon: getCD: remove use of parsers.ParseKeyValueOpt [moby/moby#48981](https://github.com/moby/moby/pull/48981) -- !TODO: Jenkinsfile: modprobe br_netfilter [moby/moby#48993](https://github.com/moby/moby/pull/48993) -- registry: deprecate `RepositoryInfo.Class`. This field is no longer used, and will be removed in the next release. [moby/moby#49006](https://github.com/moby/moby/pull/49006) -- Dockerd rootless mode loads /etc/cdi and /var/run/cdi as expected by the Container Device Interface (CDI) integration. [moby/moby#48541](https://github.com/moby/moby/pull/48541) -- !TODO: Add --host-gateway-ip to the dockerd manpage [moby/moby#48988](https://github.com/moby/moby/pull/48988) -- !TODO: distribution: verifySchema1Manifest: pass through context [moby/moby#49021](https://github.com/moby/moby/pull/49021) -- containerd image store: Remove a confusing warning log when tagging a non-dangling image. [moby/moby#49009](https://github.com/moby/moby/pull/49009) -- !TODO: vendor: google.golang.org/protobuf v1.35.2 [moby/moby#49031](https://github.com/moby/moby/pull/49031) -- !TODO: registry: remove assignment of default values in some tests [moby/moby#49015](https://github.com/moby/moby/pull/49015) -- !TODO: registry: isCIDRMatch: avoid performing DNS lookups if not needed [moby/moby#48999](https://github.com/moby/moby/pull/48999) -- !TODO: daemon/daemon_linux.go: Fix a typo in comment [moby/moby#49019](https://github.com/moby/moby/pull/49019) -- Update BuildKit to v0.18.1 [moby/moby#49023](https://github.com/moby/moby/pull/49023) -- !TODO: api/types/network: add godoc for EndpointSettings.GwPriority [moby/moby#49045](https://github.com/moby/moby/pull/49045) -- Attempt to load kernel modules, including `ip6_tables` and `br_netfilter` when required, using a -method that is likely to succeed inside a docker-in-docker container. [moby/moby#49038](https://github.com/moby/moby/pull/49038) -- !TODO: cmd/dockerd: ignore some unhandled errors [moby/moby#49053](https://github.com/moby/moby/pull/49053) -- !TODO: daemon: remove Daemon.NetworkControllerEnabled [moby/moby#49052](https://github.com/moby/moby/pull/49052) -- !TODO: Dockerfile: remove libapparmor-dev dependency [moby/moby#49066](https://github.com/moby/moby/pull/49066) -- !TODO: man: vendor: github.com/cpuguy83/go-md2man v2.0.5 [moby/moby#49059](https://github.com/moby/moby/pull/49059) -- !TODO: vendor: update golang.org/x/ dependencies [moby/moby#49070](https://github.com/moby/moby/pull/49070) -- Upgrade `runc` to [v1.2.3](https://github.com/opencontainers/runc/releases/tag/v1.2.3) [moby/moby#49071](https://github.com/moby/moby/pull/49071) -- !TODO: Dockerfile: remove dpkg-dev, libudev-dev, libsecret-1-dev, libbtrfs-dev dependencies [moby/moby#49067](https://github.com/moby/moby/pull/49067) -- Fix excessive memory allocations when OTEL is not configured. [moby/moby#49078](https://github.com/moby/moby/pull/49078) -- !TODO: daemon/containerd: hostsWrapper: remove unused regService argument [moby/moby#49049](https://github.com/moby/moby/pull/49049) -- !TODO: registry: some optimizations to reduce network connections and DNS lookups if not needed [moby/moby#49050](https://github.com/moby/moby/pull/49050) -- !TODO: update xx to v1.6.1 for compatibility with alpine 3.21 [moby/moby#49058](https://github.com/moby/moby/pull/49058) -- `docker info` and the corresponding `GET /info` API endpoint no longer include -warnings when `bridge-nf-call-iptables` or `bridge-nf-call-ip6tables` are -disabled at the daemon is started. The `br_netfilter` kernel module is now -attempted to be loaded when needed, which made those warnings inaccurate. [moby/moby#49089](https://github.com/moby/moby/pull/49089) -- !TODO: vendor: golang.org/x/net v0.32.0 [moby/moby#49094](https://github.com/moby/moby/pull/49094) -- !TODO: libnet/d/bridge: unconditionally error out if LinkSetMTU fails [moby/moby#49092](https://github.com/moby/moby/pull/49092) -- !TODO: integration-cli: don't skip AppArmor tests on SLES [moby/moby#49061](https://github.com/moby/moby/pull/49061) -- !TODO: libnet/iptables: remove mutex-based serialization [moby/moby#49096](https://github.com/moby/moby/pull/49096) -- Update docs and code to reflect Go’s automatic canonicalisation of Api-Version and Ostype headers. [moby/moby#49054](https://github.com/moby/moby/pull/49054) -- Update BuildKit to v0.18.2 [moby/moby#49116](https://github.com/moby/moby/pull/49116) -- !TODO: docs/api: version-history.md: fix markdown [moby/moby#49113](https://github.com/moby/moby/pull/49113) -- !TODO: libnet/iptables: split ProgramChain and move to bridge driver [moby/moby#49107](https://github.com/moby/moby/pull/49107) -- pkg/system: deprecate `Lstat()`, `Mkdev()`, `Mknod()`, `FromStatT()` and `Stat()` functions, and related `StatT` types. These were only used internally, and will be removed in the next release. [moby/moby#49098](https://github.com/moby/moby/pull/49098) -- !TODO: docs/api: document correct case for Api-Version header [moby/moby#49103](https://github.com/moby/moby/pull/49103) -- !TODO: Decouple pkg/archive from pkg/ioutils [moby/moby#49073](https://github.com/moby/moby/pull/49073) -- !TODO: integration/build: make TestBuildEmitsImageCreateEvent less noisy [moby/moby#49102](https://github.com/moby/moby/pull/49102) -- networking: fixed a bug that could result in a iptables DOCKER FILTER chain not being cleaned up on failure [moby/moby#49109](https://github.com/moby/moby/pull/49109) -- !TODO: libnet/osl: drop netns path GC [moby/moby#49099](https://github.com/moby/moby/pull/49099) -- !TODO: pkg/archive: replace uses of pkg/errors for stdlib errors [moby/moby#49101](https://github.com/moby/moby/pull/49101) -- !TODO: Enable external DNS if a network has an IPv6 gateway [moby/moby#49128](https://github.com/moby/moby/pull/49128) -- Fix an issue that caused excessive memory usage when DNS resolution was made in a tight loop [moby/moby#49123](https://github.com/moby/moby/pull/49123) -- !TODO: libcontainer: ReplaceContainer: fix var shadowing import [moby/moby#49106](https://github.com/moby/moby/pull/49106) -- Updated documentation by adding the DataPathAddr parameter to example usages of the SwarmJoin operation. [moby/moby#49122](https://github.com/moby/moby/pull/49122) -- !TODO: libnet/d/bridge: move iptRule to iptables pkg [moby/moby#49125](https://github.com/moby/moby/pull/49125) -- !TODO: docs/api: allow for an empty string for Isolation (api v1.25-v1.47) [moby/moby#49144](https://github.com/moby/moby/pull/49144) -- !TODO: Decouple pkg/archive from pkg/system [moby/moby#49072](https://github.com/moby/moby/pull/49072) -- !TODO: add Shaun Thompson as curator [moby/moby#49127](https://github.com/moby/moby/pull/49127) -- api: Allow empty string for Isolation field in container inspection [moby/moby#48616](https://github.com/moby/moby/pull/48616) -- !TODO: api: Remove unused imageStore and layerStore [moby/moby#49138](https://github.com/moby/moby/pull/49138) -- !TODO: daemon/c8d: Fix duplicate containerd/images import [moby/moby#49140](https://github.com/moby/moby/pull/49140) -- Builder GC policies without a `keepStorage` value now inherit the `defaultKeepStorage` limit as intended. [moby/moby#49062](https://github.com/moby/moby/pull/49062) -- !TODO: image: Remove `GetImageManifest` [moby/moby#49133](https://github.com/moby/moby/pull/49133) -- !TODO: vendor: golang.org/x/net v0.33.0 [moby/moby#49146](https://github.com/moby/moby/pull/49146) -- !TODO: builder: don't fall back to defaultKeepStorage when set to zero [moby/moby#49147](https://github.com/moby/moby/pull/49147) -- !TODO: pkg/chrootarchive: use stdlib errors, remove "// import" comments [moby/moby#49151](https://github.com/moby/moby/pull/49151) -- !TODO: libnet: pass store as an arg to netdrivers [moby/moby#49158](https://github.com/moby/moby/pull/49158) -- !TODO: pkg/parsers: rename var that collided with builtin [moby/moby#49182](https://github.com/moby/moby/pull/49182) -- !TODO: daemon: add missing "//go:build" directive [moby/moby#49186](https://github.com/moby/moby/pull/49186) -- !TODO: daemon: parseSecurityOpt: rename var that shadowed function [moby/moby#49176](https://github.com/moby/moby/pull/49176) -- !TODO: daemon: adjust tests for changes in go1.24 JSON errors [moby/moby#49188](https://github.com/moby/moby/pull/49188) -- !TODO: daemon: minor cleanups for getting system info [moby/moby#49185](https://github.com/moby/moby/pull/49185) -- !TODO: daemon: don't repeatedly call NumCPU if not needed [moby/moby#49192](https://github.com/moby/moby/pull/49192) -- !TODO: Remove use of `pkg/pools` in archive [moby/moby#49117](https://github.com/moby/moby/pull/49117) -- !TODO: builder/dockerfile: unconvert [moby/moby#49168](https://github.com/moby/moby/pull/49168) -- !TODO: vendor: github.com/Azure/go-ansiterm faa5f7b0171c, remove workaround for OSC string terminator parsing [moby/moby#49195](https://github.com/moby/moby/pull/49195) -- !TODO: daemon: ignore some errors when setting env-vars [moby/moby#49163](https://github.com/moby/moby/pull/49163) -- !TODO: fix non-constant format string (caught by go1.24) [moby/moby#49201](https://github.com/moby/moby/pull/49201) -- !TODO: use lazyregexp to compile regexes on first use [moby/moby#48166](https://github.com/moby/moby/pull/48166) -- !TODO: pkg/sysinfo: cleanup tests [moby/moby#49189](https://github.com/moby/moby/pull/49189) -- !TODO: Down with the sickness (AUTO_GOPATH) [moby/moby#48958](https://github.com/moby/moby/pull/48958) -- !TODO: distribution: Pass `Traceparent` OTEL header [moby/moby#49156](https://github.com/moby/moby/pull/49156) -- !TODO: libnetwork/drivers/windows: fix error-matching for hcsshim "not found" [moby/moby#49202](https://github.com/moby/moby/pull/49202) -- !TODO: Add testutil daemon.WithResolvConf [moby/moby#49132](https://github.com/moby/moby/pull/49132) -- !TODO: integration: minor cleanups and linting fixes [moby/moby#49199](https://github.com/moby/moby/pull/49199) -- containerd image store: Fix passing a build context via tarball to the `/build` endpoint. [moby/moby#49178](https://github.com/moby/moby/pull/49178) -- !TODO: integration-cli: TestRunInvalidCpuset.. create instead of run [moby/moby#49181](https://github.com/moby/moby/pull/49181) -- Go SDK: pkg/fileutils: deprecate GetTotalUsedFds: this function is only used internally and will be removed in the next release. [moby/moby#49208](https://github.com/moby/moby/pull/49208) -- !TODO: Update swarm to latest for server alpn config [moby/moby#49214](https://github.com/moby/moby/pull/49214) -- !TODO: pkg/sysinfo: internalize parsing cpusets [moby/moby#49193](https://github.com/moby/moby/pull/49193) -- !TODO: man: remove --allow-nondistributable-artifacts [moby/moby#49215](https://github.com/moby/moby/pull/49215) -- !TODO: vendor: github.com/moby/term v0.5.2 [moby/moby#49216](https://github.com/moby/moby/pull/49216) -- !TODO: golangci-lint: remove temporary exception for deprecated code [moby/moby#49211](https://github.com/moby/moby/pull/49211) -- !TODO: integration/internal/container: IsInState: touch up error-logs [moby/moby#49220](https://github.com/moby/moby/pull/49220) -- !TODO: pkg/sysinfo: parse cpuset.cpus/mems once and memoize [moby/moby#49221](https://github.com/moby/moby/pull/49221) -- !TODO: Fix live restore for IPv6-only and multiple gateway endpoints [moby/moby#49150](https://github.com/moby/moby/pull/49150) -- !TODO: integration-cli: migrate TestCreateByImageID to integration suite [moby/moby#49198](https://github.com/moby/moby/pull/49198) -- !TODO: libnetwork/osl: Namespace.setSysctls: use stdlib errors [moby/moby#49224](https://github.com/moby/moby/pull/49224) -- !TODO: daemon: isOnlineFSOperationPermitted: cleanup confusing syntax [moby/moby#49218](https://github.com/moby/moby/pull/49218) -- !TODO: ci: update bake-action to v6 [moby/moby#49233](https://github.com/moby/moby/pull/49233) -- !TODO: daemon: remove workaround for go1.21 compiler bug [moby/moby#49187](https://github.com/moby/moby/pull/49187) -- !TODO: Use bridge consts for "DefaultGatewayIPv[46]" aux-addr keys [moby/moby#49229](https://github.com/moby/moby/pull/49229) -- !TODO: daemon: ImageService.LogImageEvent: pass through context [moby/moby#49014](https://github.com/moby/moby/pull/49014) -- Fix a potential race condition error when deleting a container. [moby/moby#49228](https://github.com/moby/moby/pull/49228) -- !TODO: libnetwork/drivers/bridge: processIPAM: remove unused arg [moby/moby#49235](https://github.com/moby/moby/pull/49235) -- !TODO: daemon/links: use gotest.tools, remove unneeded utility and duplicated test [moby/moby#49232](https://github.com/moby/moby/pull/49232) -- !TODO: pkg/idtools: rewrite to use moby/sys/user [moby/moby#49226](https://github.com/moby/moby/pull/49226) -- !TODO: Centralize daemon metrics [moby/moby#49165](https://github.com/moby/moby/pull/49165) -- !TODO: Split idtools to an internal package and package to be moved [moby/moby#49087](https://github.com/moby/moby/pull/49087) -- !TODO: Fix unit tests for an nftables host [moby/moby#49248](https://github.com/moby/moby/pull/49248) -- Go SDK: pkg/ioutils: deprecate `BytesPipe`, `NewBytesPipe`, `ErrClosed`. These types are only used internally and will be removed in the next release -Go SDK: pkg/ioutils: deprecate `WriteCounter`, `NewWriteCounter`. This type and utility were not used and will be removed in the next release -Go SDK: pkg/ioutils: deprecate `NewReaderErrWrapper`. This function was not used and will be removed in the next release. -Go SDK: pkg/ioutils: deprecate `NopFlusher`. This type was only used internally and will be removed in the next release. [moby/moby#49244](https://github.com/moby/moby/pull/49244) -- Upgrade `runc` to [v1.2.4](https://github.com/opencontainers/runc/releases/tag/v1.2.4) [moby/moby#49238](https://github.com/moby/moby/pull/49238) -- !TODO: improve validation of cpu-shares, and migrate TestRunInvalidCPUShares [moby/moby#49180](https://github.com/moby/moby/pull/49180) -- Update containerd (static binaries only) to [v1.7.25](https://github.com/containerd/containerd/releases/tag/v1.7.25) [moby/moby#49252](https://github.com/moby/moby/pull/49252) -- Go SDK: pkg/ioutils: deprecate `NopWriter` in favour of `io.Discard`. It will be removed in the next release. -Go SDK: pkg/ioutils: deprecate `NopWriteCloser`. It was only used internally, and will be removed in the next release. [moby/moby#49254](https://github.com/moby/moby/pull/49254) -- !TODO: pkg/archive: nosysFileInfo: implement tar.FileInfoNames to prevent lookups [moby/moby#49152](https://github.com/moby/moby/pull/49152) -- !TODO: c8d: Implement `RWLayer` [moby/moby#49120](https://github.com/moby/moby/pull/49120) -- !TODO: Update MAINTAINERS file [moby/moby#49259](https://github.com/moby/moby/pull/49259) -- !TODO: imageService: Remove PerformWithBaseFS [moby/moby#49263](https://github.com/moby/moby/pull/49263) -- !TODO: vendor: github.com/creack/pty v1.1.24 [moby/moby#49278](https://github.com/moby/moby/pull/49278) -- !TODO: vendor: otel v0.56.0 / v1.31.0 [moby/moby#49276](https://github.com/moby/moby/pull/49276) -- !TODO: vendor: cloud.google.com/go/compute/metadata v0.5.0 [moby/moby#49273](https://github.com/moby/moby/pull/49273) -- !TODO: testutil: update to semconv v1.26.0 [moby/moby#49280](https://github.com/moby/moby/pull/49280) -- !TODO: vendor: google.golang.org/grpc v1.68.1, google.golang.org/genproto 324edc3d5d38 [moby/moby#49275](https://github.com/moby/moby/pull/49275) -- !TODO: vendor: github.com/aws/aws-sdk-go-v2 v1.30.3 [moby/moby#49277](https://github.com/moby/moby/pull/49277) -- !TODO: libnet/d/bridge: init driver.nlh in newDriver [moby/moby#49267](https://github.com/moby/moby/pull/49267) -- !TODO: pkg/ioutils: remove crypto/sha256, crypto/sha512 imports [moby/moby#49281](https://github.com/moby/moby/pull/49281) -- !TODO: use StatsResponse instead of Stats in tests [moby/moby#49284](https://github.com/moby/moby/pull/49284) -- !TODO: Increase integration test timeout from 5m to 10m [moby/moby#49283](https://github.com/moby/moby/pull/49283) -- !TODO: daemon: remove kernel-version check for kernel < 4.0.0 [moby/moby#49184](https://github.com/moby/moby/pull/49184) -- !TODO: api/server/middleware: log before, not after the request [moby/moby#48740](https://github.com/moby/moby/pull/48740) -- !TODO: ci: switch from jenkins to gha for arm64 build and tests [moby/moby#49290](https://github.com/moby/moby/pull/49290) -- !TODO: ci(bin-image): fix bake build [moby/moby#49289](https://github.com/moby/moby/pull/49289) -- Fixed an issue that could persistently prevent daemon startup after failure to initialize the default bridge. [moby/moby#49292](https://github.com/moby/moby/pull/49292) -- !TODO: awslogs: Prevent close from being blocked on log [moby/moby#47748](https://github.com/moby/moby/pull/47748) -- !TODO: spelling fix in comments (daemon/logger/loggerutils/queue.go) [moby/moby#49296](https://github.com/moby/moby/pull/49296) -- !TODO: api: swagger: document StatsResponse [moby/moby#49286](https://github.com/moby/moby/pull/49286) -- !TODO: Ignore error when adding a bridge already in the ipset [moby/moby#49295](https://github.com/moby/moby/pull/49295) -- On a host that cannot load the `br_netfilter` module when it's needed, set environment variable -`DOCKER_IGNORE_BR_NETFILTER_ERROR=1` to ignore the problem. -- Some things won't work! Including disabling inter-container communication in a bridge network -and, with the userland proxy disabled, it won't be possible to access one container's published -ports from another container on the same network. [moby/moby#49293](https://github.com/moby/moby/pull/49293) -- !TODO: build: log when build is cancelled [moby/moby#48696](https://github.com/moby/moby/pull/48696) -- !TODO: daemon/links: assorted bug fixes and cleanup [moby/moby#49300](https://github.com/moby/moby/pull/49300) -- !TODO: Update RootlessKit to v2.3.2 [moby/moby#49303](https://github.com/moby/moby/pull/49303) -- !TODO: Revert "libnet/d/bridge: port mappings: filter by input iface" [moby/moby#49310](https://github.com/moby/moby/pull/49310) -- !TODO: Dockerfile: dev-container: update CLI v27.5.0, buildx v0.20.0, compose v2.32.4 [moby/moby#49316](https://github.com/moby/moby/pull/49316) -- !TODO: build: don't print warning when connection was terminated [moby/moby#49299](https://github.com/moby/moby/pull/49299) -- !TODO: gha: Adjust release branches [moby/moby#49313](https://github.com/moby/moby/pull/49313) -- !TODO: Fix parsing of user/group during copy operation [moby/moby#34143](https://github.com/moby/moby/pull/34143) -- !TODO: docs: clarify that tag or digest in fromImage is ignored [moby/moby#49266](https://github.com/moby/moby/pull/49266) -- !TODO: libnetwork/types: align error-types with errdefs [moby/moby#49318](https://github.com/moby/moby/pull/49318) -- !TODO: libnetwork: use errdefs and gotest.tools for asserting error-types (step 1) [moby/moby#49326](https://github.com/moby/moby/pull/49326) -- !TODO: daemon: NewDaemon: align grpc options with containerd's defaults [moby/moby#48617](https://github.com/moby/moby/pull/48617) -- !TODO: distribution: fix / improve handling of "closed pipe" and context cancellation / timeouts [moby/moby#49297](https://github.com/moby/moby/pull/49297) -- !TODO: libnetwork/drivers/bridge: driver.configure: move vars close to where used [moby/moby#49328](https://github.com/moby/moby/pull/49328) -- !TODO: layerStore.registerWithDescriptor: improve logs for cleaning up cache [moby/moby#49298](https://github.com/moby/moby/pull/49298) -- !TODO: gha: update DCO check to alpine 3.21 [moby/moby#49323](https://github.com/moby/moby/pull/49323) -- !TODO: libnetwork/driverapi: fix GoDoc for UpdateIpamConfig [moby/moby#49319](https://github.com/moby/moby/pull/49319) -- !TODO: libnetwork: use gotest.tools for errdefs assertions in various tests [moby/moby#49332](https://github.com/moby/moby/pull/49332) -- !TODO: libnetwork: remove some redundant type-conversions [moby/moby#49327](https://github.com/moby/moby/pull/49327) -- !TODO: man: vendor github.com/cpuguy83/go-md2man/v2 v2.0.6 [moby/moby#49340](https://github.com/moby/moby/pull/49340) -- !TODO: libnetwork: rewrite some tests to use gotest.tools [moby/moby#49329](https://github.com/moby/moby/pull/49329) -- !TODO: IPv6 only: not experimental [moby/moby#48809](https://github.com/moby/moby/pull/48809) -- !TODO: libnetwork: remove Network.EndpointByID as it must not be used [moby/moby#49341](https://github.com/moby/moby/pull/49341) -- !TODO: daemon: make daemon.getEntrypointAndArgs a regular function [moby/moby#49335](https://github.com/moby/moby/pull/49335) -- !TODO: daemon: health: getShell: simplify logic (LCOW remnants) [moby/moby#49337](https://github.com/moby/moby/pull/49337) -- !TODO: integration: remove assertAttachedStream, check both STDERR and STDOUT [moby/moby#49338](https://github.com/moby/moby/pull/49338) -- !TODO: daemon/cluster/executor: simplify handling of Network Attachments [moby/moby#49343](https://github.com/moby/moby/pull/49343) -- !TODO: libnetwork: remove ErrNoSuchEndpoint, ErrInvalidID, ErrInvalidName [moby/moby#49344](https://github.com/moby/moby/pull/49344) -- !TODO: remove redundant uses of api/types/strslice.StrSlice [moby/moby#49336](https://github.com/moby/moby/pull/49336) -- !TODO: Debug flaky unsolicited Neighbour Advertisements [moby/moby#49342](https://github.com/moby/moby/pull/49342) -- !TODO: libnetwork/options: rewrite tests with gotest.tools [moby/moby#49347](https://github.com/moby/moby/pull/49347) -- !TODO: libnetwork/drivers/windows: remove ErrUnsupportedAddressType [moby/moby#49350](https://github.com/moby/moby/pull/49350) -- !TODO: libnetwork/drivers/bridge: remove, or internalize errors [moby/moby#49349](https://github.com/moby/moby/pull/49349) -- !TODO: gha/e2e: Update latest version to 27.0 [docker/cli#5191](https://github.com/docker/cli/pull/5191) -- !TODO: Dockerfile: Use CLI generated completions in the dev shell [moby/moby#47649](https://github.com/moby/moby/pull/47649) -- !TODO: vendor: github.com/docker/docker v27.0.3 [docker/cli#5207](https://github.com/docker/cli/pull/5207) -- !TODO: update golangci-lint to v1.59.1 [docker/cli#5189](https://github.com/docker/cli/pull/5189) -- Fix a regression that caused port numbers to be ignored when parsing a Docker registry URL. [docker/cli#5195](https://github.com/docker/cli/pull/5195) -- Fix handling of IPv6 addresses with custom ports on docker login [docker/cli#5196](https://github.com/docker/cli/pull/5196) -- !TODO: vendor: github.com/docker/docker v27.0.2 [docker/cli#5205](https://github.com/docker/cli/pull/5205) -- !TODO: cli/command/stack: fix faulty sort for sorting stacks [docker/cli#5212](https://github.com/docker/cli/pull/5212) -- !TODO: api/types: remove some redundant imports [moby/moby#49355](https://github.com/moby/moby/pull/49355) -- !TODO: client: remove uses of pkg/errors in tests [moby/moby#49356](https://github.com/moby/moby/pull/49356) -- !TODO: fix: ctx cancellation on login prompt [docker/cli#5168](https://github.com/docker/cli/pull/5168) -- !TODO: cli/command/network: some cleanup and pass smaller interfaces [docker/cli#5225](https://github.com/docker/cli/pull/5225) -- !TODO: assorted minor changes in preparation of updating docker/docker dependency [docker/cli#5222](https://github.com/docker/cli/pull/5222) -- Enable shell completion for `docker image rm`, `docker image history`, and `docker image inspect`. [docker/cli#5223](https://github.com/docker/cli/pull/5223) -- !TODO: vendor: github.com/fvbommel/sortorder v1.1.0 [docker/cli#5213](https://github.com/docker/cli/pull/5213) -- !TODO: cli/command/container: TestSplitCpArg: cleaner skip [docker/cli#5230](https://github.com/docker/cli/pull/5230) -- !TODO: feat: force lf line endings by default [docker/cli#5216](https://github.com/docker/cli/pull/5216) -- !TODO: cmd/docker: split handling exit-code to a separate utility [docker/cli#5229](https://github.com/docker/cli/pull/5229) -- Update Go runtime to 1.21.12 [docker/cli#5218](https://github.com/docker/cli/pull/5218) -- !TODO: install bash-completion in dev container [docker/cli#5232](https://github.com/docker/cli/pull/5232) -- !TODO: docs: make buildx build the canonical reference doc [docker/cli#5002](https://github.com/docker/cli/pull/5002) -- !TODO: vendor: github.com/docker/docker aae044039ca4 (master, v-next) [docker/cli#5251](https://github.com/docker/cli/pull/5251) -- !TODO: test spring-cleaning [docker/cli#5224](https://github.com/docker/cli/pull/5224) -- !TODO: vendor: github.com/docker/cli-docs-tool v0.8.0 [docker/cli#5255](https://github.com/docker/cli/pull/5255) -- !TODO: cli: make cli.StatusError slightly prettier [docker/cli#5231](https://github.com/docker/cli/pull/5231) -- !TODO: vendor: github.com/docker/docker 508cc7c61226 (master) [docker/cli#5226](https://github.com/docker/cli/pull/5226) -- !TODO: Dockerfile: update buildx to v0.16.1, compose to v2.29.0 [docker/cli#5264](https://github.com/docker/cli/pull/5264) -- !TODO: cli reference overview base cmd [docker/cli#5010](https://github.com/docker/cli/pull/5010) -- !TODO: gha: update to macOS 13, add macOS 14 arm64 (Apple Silicon M1) [docker/cli#5268](https://github.com/docker/cli/pull/5268) -- Add support for `DOCKER_CUSTOM_HEADERS` environment variable - -This environment variable allows for setting additional headers to be sent by the client. Headers set through this environment variable are added to headers set through the config-file (through the HttpHeaders field). - -This environment variable can be used in situations where headers must be set for a specific invocation of the CLI, but should not be set by default, and therefore cannot be set in the config-file. [docker/cli#5098](https://github.com/docker/cli/pull/5098) -- sending a termination request to the CLI while attached to a container, will wait for the container to exit before closing the stream. [docker/cli#5247](https://github.com/docker/cli/pull/5247) -- !TODO: cli/command/container: remove reportError, and put StatusError to use [docker/cli#5236](https://github.com/docker/cli/pull/5236) -- !TODO: vendor: update various dependencies [docker/cli#5228](https://github.com/docker/cli/pull/5228) -- !TODO: gha: check-pr-branch: verify major version only [docker/cli#5262](https://github.com/docker/cli/pull/5262) -- add and improve shell completions for various flags [docker/cli#5238](https://github.com/docker/cli/pull/5238) -- containerd integration: Fix `docker push` defaulting the `--platform` flag to a value of `DOCKER_DEFAULT_PLATFORM` environment variable on unsupported API versions. [docker/cli#5246](https://github.com/docker/cli/pull/5246) -- !TODO: cli/config/credentials: move warning to fileStore [docker/cli#5259](https://github.com/docker/cli/pull/5259) -- !TODO: login: slightly cleanup warning about unencrypted store [docker/cli#5258](https://github.com/docker/cli/pull/5258) -- !TODO: Fix flaky `TestCloseRunningCommand` test [docker/cli#5290](https://github.com/docker/cli/pull/5290) -- !TODO: tests: fix other flaky `connhelper` tests [docker/cli#5291](https://github.com/docker/cli/pull/5291) -- !TODO: lint: replace deprecated linter names [docker/cli#5298](https://github.com/docker/cli/pull/5298) -- Fix `docker attach` exiting on `SIGINT` instead of forwarding the signal to the container and waiting for it to exit. [docker/cli#5297](https://github.com/docker/cli/pull/5297) -- !TODO: tests/run: fix flaky `RunAttachTermination` test [docker/cli#5303](https://github.com/docker/cli/pull/5303) -- !TODO: vendor: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 [docker/cli#5311](https://github.com/docker/cli/pull/5311) -- Fix `docker attach` printing a spurious `context cancelled` error message. [docker/cli#5295](https://github.com/docker/cli/pull/5295) -- !TODO: docs: refresh image versions in examples [docker/cli#5289](https://github.com/docker/cli/pull/5289) -- Update Go runtime to 1.21.13 [docker/cli#5324](https://github.com/docker/cli/pull/5324) -- !TODO: vendor: github.com/docker/docker master (f3cf9359bdf6) [docker/cli#5330](https://github.com/docker/cli/pull/5330) -- !TODO: vendor: github.com/docker/docker 2269acc7a31d (master, v-next) [docker/cli#5332](https://github.com/docker/cli/pull/5332) -- !TODO: docs: fix link to http proxy document [docker/cli#5338](https://github.com/docker/cli/pull/5338) -- !TODO: docs: update internal links after refactor [docker/cli#5342](https://github.com/docker/cli/pull/5342) -- !TODO: cli/connhelper: getConnectionHelper: move ssh-option funcs out of closure [docker/cli#5345](https://github.com/docker/cli/pull/5345) -- Fix issue with remote contexts over SSH where the CLI would allocate a pseudoterminal when connecting to the remote host, which causes issues in rare situations. [docker/cli#5320](https://github.com/docker/cli/pull/5320) -- Added support for device-code flow login when authenticating to the official registry. [docker/cli#5344](https://github.com/docker/cli/pull/5344) -- containerd image store: `docker image ls` now supports `--tree` flag that shows a multiplatform-aware image list. This is experimental and may change at any time without any backwards compatibility. [docker/cli#4982](https://github.com/docker/cli/pull/4982) -- !TODO: list/tree: Print as dangling image name [docker/cli#5352](https://github.com/docker/cli/pull/5352) -- !TODO: list/tree: No extra spacing for graphdriver [docker/cli#5356](https://github.com/docker/cli/pull/5356) -- !TODO: docs: update link to moved build context doc [docker/cli#5347](https://github.com/docker/cli/pull/5347) -- !TODO: login: add oauth escape hatch [docker/cli#5361](https://github.com/docker/cli/pull/5361) -- !TODO: docs: use gh alert syntax for callouts [docker/cli#5350](https://github.com/docker/cli/pull/5350) -- !TODO: Fix linting issues in preparation of Go and GolangCI-lint update [docker/cli#5370](https://github.com/docker/cli/pull/5370) -- !TODO: chore: update link to docker engine api reference [docker/cli#5360](https://github.com/docker/cli/pull/5360) -- !TODO: docs: update docker login reference [docker/cli#5386](https://github.com/docker/cli/pull/5386) -- Update Go runtime to 1.22.7 [docker/cli#5410](https://github.com/docker/cli/pull/5410) -- !TODO: vendor.mod: put github.com/pkg/browser in the right group [docker/cli#5407](https://github.com/docker/cli/pull/5407) -- !TODO: scripts/build/plugins: don't override CGO_ENABLED set by .variables [docker/cli#5393](https://github.com/docker/cli/pull/5393) -- Fix issue that will sometimes cause the browser-login flow to fail if the CLI process is suspended and then resumed while waiting for the user to authenticate. [docker/cli#5376](https://github.com/docker/cli/pull/5376) -- update to go1.22.6 [docker/cli#5387](https://github.com/docker/cli/pull/5387) -- !TODO: Dockerfile: update xx to v1.5.0 [docker/cli#5389](https://github.com/docker/cli/pull/5389) -- Fixed issue related to login, causing credentials to sometimes not be picked up when explicitly pulling/pushing images from `registry-1.docker.io`. [docker/cli#5379](https://github.com/docker/cli/pull/5379) -- !TODO: chore: remove duplicated `govet` linter config [docker/cli#5425](https://github.com/docker/cli/pull/5425) -- !TODO: fix: gitattributes enforcing line endings [docker/cli#5381](https://github.com/docker/cli/pull/5381) -- !TODO: docs: rename plugins index file and add linkTitle [docker/cli#5403](https://github.com/docker/cli/pull/5403) -- Fix issue where `docker volume update` command would cause the CLI to panic if no argument/volume was passed. [docker/cli#5420](https://github.com/docker/cli/pull/5420) -- Fix issue causing login to not remove repository names from passed in registry addresses, resulting in credentials being stored under the wrong key. [docker/cli#5383](https://github.com/docker/cli/pull/5383) -- !TODO: info: stop printing "Expected" commits [docker/cli#5422](https://github.com/docker/cli/pull/5422) -- Properly report metrics when run in WSL environment on Windows [docker/cli#5424](https://github.com/docker/cli/pull/5424) -- !TODO: vendor: update various dependencies [docker/cli#5427](https://github.com/docker/cli/pull/5427) -- !TODO: docs, man: dockerd: add documentation for "--log-format" option [docker/cli#5438](https://github.com/docker/cli/pull/5438) -- !TODO: docs: add documentation for dockerd --feature flag [docker/cli#5436](https://github.com/docker/cli/pull/5436) -- !TODO: Dockerfile: update buildx to v0.17.1, compose to v2.29.4 [docker/cli#5441](https://github.com/docker/cli/pull/5441) -- docs/cli/container_run: Fix example usage of `--rm=false` flag to `--rm` in container_run.md [docker/cli#5435](https://github.com/docker/cli/pull/5435) -- Print OTEL errors in the CLI on shutdown [docker/cli#5444](https://github.com/docker/cli/pull/5444) -- !TODO: gha: update codeql workflow to go1.22.7 [docker/cli#5446](https://github.com/docker/cli/pull/5446) -- Use lowercase windows drive letter for WSL metrics path [docker/cli#5445](https://github.com/docker/cli/pull/5445) -- Fix issue causing CLI OTel metrics to not be collected. [docker/cli#5456](https://github.com/docker/cli/pull/5456) -- !TODO: Dockerfile: update compose to v2.29.7 [docker/cli#5459](https://github.com/docker/cli/pull/5459) -- containerd image store: do not underline names in `docker image ls --tree`. [docker/cli#5473](https://github.com/docker/cli/pull/5473) -- !TODO: docs: fix a typo in run.md [docker/cli#5481](https://github.com/docker/cli/pull/5481) -- containerd image store: change name of `USED` column in `docker image ls --tree` to `IN USE`. [docker/cli#5474](https://github.com/docker/cli/pull/5474) -- !TODO: gha: codeql: minor touch-ups and fixes [docker/cli#5454](https://github.com/docker/cli/pull/5454) -- !TODO: vendor: github.com/docker/docker 164cae56ed95 (master, v-next) [docker/cli#5428](https://github.com/docker/cli/pull/5428) -- !TODO: cli/container: use github.com/moby/sys/capability for completions [docker/cli#5480](https://github.com/docker/cli/pull/5480) -- !TODO: cli/command/container: add unit tests for completion helpers [docker/cli#5492](https://github.com/docker/cli/pull/5492) -- !TODO: opts: cleanup ParseEnvFile tests [docker/cli#5494](https://github.com/docker/cli/pull/5494) -- opts: remove ErrBadKey as it's not used as a sentinel error [docker/cli#5495](https://github.com/docker/cli/pull/5495) -- !TODO: opts: parseKeyValueFile: cleanup and remove redundant trimming [docker/cli#5496](https://github.com/docker/cli/pull/5496) -- !TODO: docs: use important callout for buildkit vs legacy builder [docker/cli#5469](https://github.com/docker/cli/pull/5469) -- move parsing key-value files to a separate package (pkg/kvfile) [docker/cli#5502](https://github.com/docker/cli/pull/5502) -- !TODO: cli/command/container: add unit tests for container restart and container stop [docker/cli#5482](https://github.com/docker/cli/pull/5482) -- !TODO: Update `VERSION` file to `v27.3.1-dev` [docker/cli#5460](https://github.com/docker/cli/pull/5460) -- !TODO: docs: fix anchor link to web-based login section [docker/cli#5471](https://github.com/docker/cli/pull/5471) -- !TODO: docs/reference: stop, restart: add flag descriptions [docker/cli#5484](https://github.com/docker/cli/pull/5484) -- !TODO: docs: fix inaccurate description of --restart=unless-stopped [docker/cli#5508](https://github.com/docker/cli/pull/5508) -- Update Go runtime to 1.22.8 [docker/cli#5504](https://github.com/docker/cli/pull/5504) -- add shell-completion for --platform flags [docker/cli#5516](https://github.com/docker/cli/pull/5516) -- !TODO: vendor assorted dependencies in preparation of engine update [docker/cli#5529](https://github.com/docker/cli/pull/5529) -- Improve completion of containers for `docker rm` [docker/cli#5527](https://github.com/docker/cli/pull/5527) -- !TODO: cli/command/completion: add more unit-tests [docker/cli#5533](https://github.com/docker/cli/pull/5533) -- !TODO: README: update pkg.go.dev badge, add OpenSSF scorecard [docker/cli#5532](https://github.com/docker/cli/pull/5532) -- !TODO: cli/command/container: set empty args in tests and discard output [docker/cli#5534](https://github.com/docker/cli/pull/5534) -- !TODO: cli/command/image: fix TestNewSaveCommandSuccess to actually test [docker/cli#5520](https://github.com/docker/cli/pull/5520) -- !TODO: cli/command/images: set cmd.Args to prevent test-failures [docker/cli#5521](https://github.com/docker/cli/pull/5521) -- !TODO: templates: add test for HeaderFunctions [docker/cli#5541](https://github.com/docker/cli/pull/5541) -- !TODO: vendor: github.com/moby/swarmkit/v2 v2.0.0-20241017191044-e8ecf83ee08e [docker/cli#5539](https://github.com/docker/cli/pull/5539) -- !TODO: docs: corrected the max events returned [docker/cli#5537](https://github.com/docker/cli/pull/5537) -- !TODO: docs: update prose about image tag/name format [docker/cli#5535](https://github.com/docker/cli/pull/5535) -- go-sdk: fix deprecation of `cli/command.ConfigureAuth()`, which was deprecated since v27.2.1 [docker/cli#5551](https://github.com/docker/cli/pull/5551) -- !TODO: cli/hints: add tests [docker/cli#5546](https://github.com/docker/cli/pull/5546) -- Documentation: Link supported Go duration strings [docker/cli#5507](https://github.com/docker/cli/pull/5507) -- improve formatting of errors during `docker plugin remove` -go-sdk: deprecate cli.Errors type in favour of Go's errors.Join [docker/cli#5547](https://github.com/docker/cli/pull/5547) -- !TODO: cli/command: PromptUserForCredentials: assorted minor improvements and (linting) fixes [docker/cli#5550](https://github.com/docker/cli/pull/5550) -- !TODO: cli/config: improve error when failing to parse config file [docker/cli#5567](https://github.com/docker/cli/pull/5567) -- !TODO: cmd/docker: add tests for flag-completions, and refactor [docker/cli#5542](https://github.com/docker/cli/pull/5542) -- !TODO: Completion for `events --filter` [docker/cli#5538](https://github.com/docker/cli/pull/5538) -- !TODO: cli/config/credentials: add test for save being idempotent [docker/cli#5570](https://github.com/docker/cli/pull/5570) -- !TODO: bump golangci-lint to v1.61.0 and cleanup config [docker/cli#5585](https://github.com/docker/cli/pull/5585) -- Fixed bash completion for `events --filter daemon=` [docker/cli#5554](https://github.com/docker/cli/pull/5554) -- !TODO: vendor: github.com/docker/docker 36a3bd090489 (master, v28.0-dev) [docker/cli#5544](https://github.com/docker/cli/pull/5544) -- The `docker login` and `docker logout` command no longer update the configuration file if the credentials didn't change. [docker/cli#5553](https://github.com/docker/cli/pull/5553) -- !TODO: golangci-lint: set go version to prevent fallback to go1.17, and fix copyloopvar linting issues [docker/cli#5594](https://github.com/docker/cli/pull/5594) -- !TODO: vendor: github.com/docker/docker 6ac445c42bad (master, v28.0-dev) [docker/cli#5590](https://github.com/docker/cli/pull/5590) -- !TODO: deps: update `go-jose/go-jose` to `v4` [docker/cli#5596](https://github.com/docker/cli/pull/5596) -- !TODO: cli/command: fix some minor linting issues [docker/cli#5557](https://github.com/docker/cli/pull/5557) -- !TODO: docs: change link to desktop docs [docker/cli#5600](https://github.com/docker/cli/pull/5600) -- `docker stats` output is now buffered to reduce flickering issues [docker/cli#5586](https://github.com/docker/cli/pull/5586) -- Ported some completions from the bash completion to the new cobra based completion. [docker/cli#5580](https://github.com/docker/cli/pull/5580) -- !TODO: Dockerfile: update buildx to v0.18.0, compose to v2.30.3 [docker/cli#5615](https://github.com/docker/cli/pull/5615) -- !TODO: cli/command/container: fix missing go:build tag [docker/cli#5621](https://github.com/docker/cli/pull/5621) -- !TODO: docs: Correct `run` exit code 126 description [docker/cli#5591](https://github.com/docker/cli/pull/5591) -- !TODO: vendor: github.com/docker/docker e5c2b5e10d68 (master, v28.0.0-dev) [docker/cli#5638](https://github.com/docker/cli/pull/5638) -- !TODO: Dockerfile: bump github.com/josephspurrier/goversioninfo to v1.4.1 [docker/cli#5630](https://github.com/docker/cli/pull/5630) -- !TODO: update golangci-lint to v1.62.0 [docker/cli#5632](https://github.com/docker/cli/pull/5632) -- !TODO: cli/command/container: parse: remove client-side warning [docker/cli#5579](https://github.com/docker/cli/pull/5579) -- !TODO: build(deps): bump codecov/codecov-action from 4 to 5 [docker/cli#5636](https://github.com/docker/cli/pull/5636) -- !TODO: docs: update example redis tags from 3.0.x to 7.4.x [docker/cli#5595](https://github.com/docker/cli/pull/5595) -- !TODO: vendor: github.com/moby/sys/capability v0.4.0 [docker/cli#5633](https://github.com/docker/cli/pull/5633) -- !TODO: tests: cleanup table test names [docker/cli#5650](https://github.com/docker/cli/pull/5650) -- !TODO: vendor: github.com/go-viper/mapstructure/v2 v2.2.1 [docker/cli#5634](https://github.com/docker/cli/pull/5634) -- !TODO: update go:build tags to use go1.22 [docker/cli#5608](https://github.com/docker/cli/pull/5608) -- !TODO: docs: fix janky rendering of toc on docs.docker.com [docker/cli#5653](https://github.com/docker/cli/pull/5653) -- !TODO: Optimise `docker stats` to not require clearing the whole screen [docker/cli#5625](https://github.com/docker/cli/pull/5625) -- !TODO: vendor: github.com/tonistiigi/go-rosetta v0.0.0-20220804170347-3f4430f2d346 [docker/cli#5637](https://github.com/docker/cli/pull/5637) -- !TODO: vendor: update various golang.org/x/ dependencies [docker/cli#5671](https://github.com/docker/cli/pull/5671) -- Fix inaccessible plugins paths preventing plugins from being detected. [docker/cli#5651](https://github.com/docker/cli/pull/5651) -- !TODO: vendor: google.golang.org/protobuf v1.35.2 [docker/cli#5672](https://github.com/docker/cli/pull/5672) -- !TODO: vendor: github.com/docker/docker 5d72419486fe (master, v28.0.0-dev) [docker/cli#5673](https://github.com/docker/cli/pull/5673) -- !TODO: registry/client: remove uses of APIEndpoint.TrimHostName [docker/cli#5674](https://github.com/docker/cli/pull/5674) -- !TODO: update go-md2man to v2.0.5 [docker/cli#5689](https://github.com/docker/cli/pull/5689) -- !TODO: cli/command/system: remove netfilter warnings from tests [docker/cli#5691](https://github.com/docker/cli/pull/5691) -- !TODO: update xx to v1.6.1 for compatibility with alpine 3.21 [docker/cli#5683](https://github.com/docker/cli/pull/5683) -- !TODO: cli/command/system: remove BridgeNfIptables, BridgeNfIp6tables in tests [docker/cli#5696](https://github.com/docker/cli/pull/5696) -- !TODO: Add --bip6 to the dockerd manpage [docker/cli#5655](https://github.com/docker/cli/pull/5655) -- !TODO: chore: update commit guidelines in CONTRIBUTING.md [docker/cli#5648](https://github.com/docker/cli/pull/5648) -- !TODO: vendor: update golang.org/x/ dependencies for docker/docker [docker/cli#5702](https://github.com/docker/cli/pull/5702) -- !TODO: cli/trust: GetNotaryRepository: remove uses of RepositoryInfo.Class [docker/cli#5660](https://github.com/docker/cli/pull/5660) -- !TODO: Makefile: use go1.22 semantics for gofumpt [docker/cli#5684](https://github.com/docker/cli/pull/5684) -- !TODO: cli/command/system: don't use "non-distributable-artifacts" fields in tests [docker/cli#5679](https://github.com/docker/cli/pull/5679) -- !TODO: vendor: golang.org/x/net v0.33.0 [docker/cli#5705](https://github.com/docker/cli/pull/5705) -- !TODO: cli/command/system: TestEventsFormat: set cmd.Args to prevent test-failures [docker/cli#5695](https://github.com/docker/cli/pull/5695) -- !TODO: update golangci-lint to v1.62.2 [docker/cli#5682](https://github.com/docker/cli/pull/5682) -- !TODO: cli/command/registry: assorted refactor and test changes [docker/cli#5667](https://github.com/docker/cli/pull/5667) -- !TODO: cli/command/container: use local copy of pkg/system.IsAbs [docker/cli#5697](https://github.com/docker/cli/pull/5697) -- !TODO: vendor: github.com/docker/docker 6f6c3b921180 (master, v28.0.0-dev) [docker/cli#5716](https://github.com/docker/cli/pull/5716) -- !TODO: Use io.copy for build context compression [docker/cli#5719](https://github.com/docker/cli/pull/5719) -- !TODO: docs, man: remove confusing example for "--isolation" [docker/cli#5718](https://github.com/docker/cli/pull/5718) -- !TODO: remove remnants of --oom-score-adj daemon config (docs, completion) [docker/cli#5722](https://github.com/docker/cli/pull/5722) -- !TODO: TestRunCopyFromContainerToFilesystem: use Tar without options [docker/cli#5710](https://github.com/docker/cli/pull/5710) -- !TODO: contrib/completion: remove deprecated --api-cors-header [docker/cli#5725](https://github.com/docker/cli/pull/5725) -- !TODO: vendor: github.com/docker/docker a72026acbbdf (master, v28.0.0-dev) [docker/cli#5711](https://github.com/docker/cli/pull/5711) -- !TODO: vendor: github.com/moby/term v0.5.2 [docker/cli#5727](https://github.com/docker/cli/pull/5727) -- !TODO: vendor: github.com/docker/docker ad6929339acd (master, v28.0.0-dev) [docker/cli#5703](https://github.com/docker/cli/pull/5703) -- !TODO: Fix container cp test to separate source and destination [docker/cli#5715](https://github.com/docker/cli/pull/5715) -- !TODO: golangci-lint: sync some depguard settings with moby/moby [docker/cli#5709](https://github.com/docker/cli/pull/5709) -- !TODO: Drop support for fluentd-async-connect [docker/cli#5740](https://github.com/docker/cli/pull/5740) -- !TODO: gha/build: Publish bin image for release branches [docker/cli#5734](https://github.com/docker/cli/pull/5734) -- !TODO: vendor: google.golang.org/grpc v1.68.1, google.golang.org/genproto 324edc3d5d38 [docker/cli#5745](https://github.com/docker/cli/pull/5745) -- !TODO: vendor: github.com/docker/docker 50212d215ba7 (master, v28.0-dev) [docker/cli#5728](https://github.com/docker/cli/pull/5728) -- !TODO: vendor: github.com/docker/docker 69687190936d (master, v28.0-dev) [docker/cli#5708](https://github.com/docker/cli/pull/5708) -- !TODO: vendor: otel v0.56.0 / v1.31.0 [docker/cli#5750](https://github.com/docker/cli/pull/5750) -- !TODO: vendor: github.com/creack/pty v1.1.24 [docker/cli#5746](https://github.com/docker/cli/pull/5746) -- !TODO: cli/command/plugin: runCreate: minor cleanup [docker/cli#5729](https://github.com/docker/cli/pull/5729) -- !TODO: ci: update bake-action to v6 [docker/cli#5737](https://github.com/docker/cli/pull/5737) -- !TODO: update cli-docs-tool to v0.9.0, go-md2man v2.0.6 [docker/cli#5741](https://github.com/docker/cli/pull/5741) -- !TODO: vendor: github.com/mattn/go-runewidth v0.0.16 [docker/cli#5748](https://github.com/docker/cli/pull/5748) -- !TODO: cli/command: update semconv to 1.26.0 [docker/cli#5751](https://github.com/docker/cli/pull/5751) -- !TODO: switch to gopkg.in/yaml.v3 [docker/cli#5752](https://github.com/docker/cli/pull/5752) -- !TODO: gha: Adjust release branches [docker/cli#5763](https://github.com/docker/cli/pull/5763) -- !TODO: cli/tree: Use single character triple dot [docker/cli#5758](https://github.com/docker/cli/pull/5758) -- !TODO: Dockerfile: dev-container: update buildx v0.20.0, compose v2.32.4 [docker/cli#5765](https://github.com/docker/cli/pull/5765) -- !TODO: pkg/command: wrap `jsonmessage.DisplayJSONMessagesStream` with go context [docker/cli#5663](https://github.com/docker/cli/pull/5663) -- !TODO: Dockerfile: update to alpine 3.21 [docker/cli#5767](https://github.com/docker/cli/pull/5767) -- !TODO: Makefile: add "shell-completion" target [docker/cli#5770](https://github.com/docker/cli/pull/5770) -- !TODO: remove dockerd man-page (moved back to moby repository) [docker/cli#5773](https://github.com/docker/cli/pull/5773) From 832bdf3beb2f58a12986857c001027af4af3fc45 Mon Sep 17 00:00:00 2001 From: aevesdocker Date: Wed, 12 Feb 2025 09:07:49 +0000 Subject: [PATCH 4/9] editorial review --- content/manuals/engine/release-notes/28.md | 131 ++++++++++----------- 1 file changed, 64 insertions(+), 67 deletions(-) diff --git a/content/manuals/engine/release-notes/28.md b/content/manuals/engine/release-notes/28.md index 33d52987726..99b22d2a83d 100644 --- a/content/manuals/engine/release-notes/28.md +++ b/content/manuals/engine/release-notes/28.md @@ -37,7 +37,7 @@ For a full list of pull requests and changes in this release, refer to the relev - Windows: add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. [moby/moby#47955](https://github.com/moby/moby/pull/47955) - Add ability to mount an image inside a container via `--mount type=image`. [moby/moby#48798](https://github.com/moby/moby/pull/48798) -- `docker load`, `docker save`, and `docker history` now support a `--platform` flag allowing to choose a specific platform for single-platform operations on multi-platform images. [docker/cli#5331](https://github.com/docker/cli/pull/5331) +- `docker load`, `docker save`, and `docker history` now support a `--platform` flag allowing you to choose a specific platform for single-platform operations on multi-platform images. [docker/cli#5331](https://github.com/docker/cli/pull/5331) - Add `OOMScoreAdj` to `docker service create` and `docker stack`. [docker/cli#5145](https://github.com/docker/cli/pull/5145) - `docker buildx prune` now supports `reserved-space`, `max-used-space` and `min-free-space`, `keep-bytes` filters. [moby/moby#48720](https://github.com/moby/moby/pull/48720) - `docker images --tree` now shows metadata badges [docker/cli#5744](https://github.com/docker/cli/pull/5744) @@ -45,33 +45,33 @@ For a full list of pull requests and changes in this release, refer to the relev ### Bug fixes and enhancements -- Add IPv6 loopback address as insecure registry by default. [moby/moby#48540](https://github.com/moby/moby/pull/48540) +- Add IPv6 loopback address as an insecure registry by default. [moby/moby#48540](https://github.com/moby/moby/pull/48540) - Add support for Cobra-generated completion scripts for `dockerd`. [moby/moby#49339](https://github.com/moby/moby/pull/49339) - Fix DNS queries failing when containers are launched via `systemd` auto-start on boot [moby/moby#48812](https://github.com/moby/moby/pull/48812) -- Fix `docker export` continuing the export after the operation was canceled. [moby/moby#49265](https://github.com/moby/moby/pull/49265) +- Fix `docker export` continuing the export after the operation is canceled. [moby/moby#49265](https://github.com/moby/moby/pull/49265) - Fix `docker export` not releasing the container's writable layer after a failure. [moby/moby#48517](https://github.com/moby/moby/pull/48517) - Fix `docker images --tree` unnecessary truncating long image names when multiple names are available [docker/cli#5757](https://github.com/docker/cli/pull/5757) -- Fix a bug where a container with a name matching another container's ID would not be restored on daemon startup. [moby/moby#48669](https://github.com/moby/moby/pull/48669) +- Fix a bug where a container with a name matching another container's ID is not restored on daemon startup. [moby/moby#48669](https://github.com/moby/moby/pull/48669) - Fix an issue preventing some IPv6 addresses shown by `docker ps` to be properly bracketed [docker/cli#5468](https://github.com/docker/cli/pull/5468) - Fix bug preventing image pulls from being cancelled during `docker run`. [docker/cli#5645](https://github.com/docker/cli/pull/5645) - Fix error-handling when running the daemon as a Windows service to prevent unclean exits. [moby/moby#48518](https://github.com/moby/moby/pull/48518) - Fix issue causing output of `docker run` to be inconsistent when using `--attach stdout` or `--attach stderr` versus `stdin`. `docker run --attach stdin` now exits if the container exits. [docker/cli#5662](https://github.com/docker/cli/pull/5662) - Fix rootless Docker setup with `subid` backed by NSS modules. [moby/moby#49036](https://github.com/moby/moby/pull/49036) -- Generated completion scripts from the CLI will now show descriptions next to each command/flag suggestion. [docker/cli#5756](https://github.com/docker/cli/pull/5756) +- Generated completion scripts from the CLI now show descriptions next to each command/flag suggestion. [docker/cli#5756](https://github.com/docker/cli/pull/5756) - IPv6 addresses shown by `docker ps` in port bindings are now bracketed [docker/cli#5363](https://github.com/docker/cli/pull/5363) -- Implement the ports validation method for compose [docker/cli#5524](https://github.com/docker/cli/pull/5524) -- Improve error-output for invalid flags on the command-line. [docker/cli#5233](https://github.com/docker/cli/pull/5233) +- Implement the ports validation method for Compose [docker/cli#5524](https://github.com/docker/cli/pull/5524) +- Improve error-output for invalid flags on the command line. [docker/cli#5233](https://github.com/docker/cli/pull/5233) - Improve errors when failing to start a container using anther container's network namespace. [moby/moby#49367](https://github.com/moby/moby/pull/49367) -- Improve handling of invalid API errors that could result in an empty error message being presented to the user. [moby/moby#49373](https://github.com/moby/moby/pull/49373) +- Improve handling of invalid API errors that could result in an empty error message being shown. [moby/moby#49373](https://github.com/moby/moby/pull/49373) - Improve output and consistency for unknown (sub)commands and invalid arguments [docker/cli#5234](https://github.com/docker/cli/pull/5234) - Improve validation of `exec-opts` in daemon configuration. [moby/moby#48979](https://github.com/moby/moby/pull/48979) - Update the handling of the `--gpus=0` flag to be consistent with the NVIDIA Container Runtime. [moby/moby#48482](https://github.com/moby/moby/pull/48482) - `client.ContainerCreate` now normalizes `CapAdd` and `CapDrop` fields in `HostConfig` to their canonical form. [moby/moby#48551](https://github.com/moby/moby/pull/48551) - `docker image save` now produces stable timestamps. [moby/moby#48611](https://github.com/moby/moby/pull/48611) -- `docker inspect` now also allows inspecting swarm configs [docker/cli#5573](https://github.com/docker/cli/pull/5573) +- `docker inspect` now lets you inspect Swarm configs [docker/cli#5573](https://github.com/docker/cli/pull/5573) - containerd image store: Add support for `Extracting` layer status in `docker pull`. [moby/moby#49064](https://github.com/moby/moby/pull/49064) -- containerd image store: Fix `commit`, `import` and `build` not preserving replaced image as a dangling. [moby/moby#48316](https://github.com/moby/moby/pull/48316) -- containerd image store: Make `docker load --platform` return an error when the requested platform wasn't loaded. [moby/moby#48718](https://github.com/moby/moby/pull/48718) +- containerd image store: Fix `commit`, `import`, and `build` not preserving a replaced image as a dangling image. [moby/moby#48316](https://github.com/moby/moby/pull/48316) +- containerd image store: Make `docker load --platform` return an error when the requested platform isn't loaded. [moby/moby#48718](https://github.com/moby/moby/pull/48718) ### Packaging updates @@ -84,30 +84,30 @@ For a full list of pull requests and changes in this release, refer to the relev ### Go SDK -- Improve validation of empty object IDs; the client now returns an "Invalid Parameter" error when trying to use an empty ID or name. This changes the error returned by some "Inspect" functions from a "Not found" error to an "Invalid Parameter". [moby/moby#49381](https://github.com/moby/moby/pull/49381) +- Improve validation of empty object IDs. The client now returns an "Invalid Parameter" error when trying to use an empty ID or name. This changes the error returned by some "Inspect" functions from a "Not found" error to an "Invalid Parameter". [moby/moby#49381](https://github.com/moby/moby/pull/49381) - `Client.ImageBuild()` now omits default values from the API request's query string. [moby/moby#48651](https://github.com/moby/moby/pull/48651) -- `api/types/container`: merge `Stats` and `StatsResponse` [moby/moby#49287](https://github.com/moby/moby/pull/49287) -- `client.WithVersion`: strip v-prefix when setting API version [moby/moby#49352](https://github.com/moby/moby/pull/49352) +- `api/types/container`: Merge `Stats` and `StatsResponse` [moby/moby#49287](https://github.com/moby/moby/pull/49287) +- `client.WithVersion`: Strip v-prefix when setting API version [moby/moby#49352](https://github.com/moby/moby/pull/49352) - `client`: Add `WithTraceOptions` allowing to specify custom OTEL trace options. [moby/moby#49415](https://github.com/moby/moby/pull/49415) -- `client`: add `HijackDialer` interface. [moby/moby#49388](https://github.com/moby/moby/pull/49388) -- `client`: add `SwarmManagementAPIClient` interface to describe all API client methods related to swarm-specific objects. [moby/moby#49388](https://github.com/moby/moby/pull/49388) -- `pkg/containerfs`: move to internal [moby/moby#48097](https://github.com/moby/moby/pull/48097) -- `pkg/reexec`: can now be used on platforms other than Linux, Windows, macOS and FreeBSD [moby/moby#49118](https://github.com/moby/moby/pull/49118) +- `client`: Add `HijackDialer` interface. [moby/moby#49388](https://github.com/moby/moby/pull/49388) +- `client`: Add `SwarmManagementAPIClient` interface to describe all API client methods related to Swarm-specific objects. [moby/moby#49388](https://github.com/moby/moby/pull/49388) +- `pkg/containerfs`: Move to internal [moby/moby#48097](https://github.com/moby/moby/pull/48097) +- `pkg/reexec`: Can now be used on platforms other than Linux, Windows, macOS and FreeBSD [moby/moby#49118](https://github.com/moby/moby/pull/49118) ### API - Update API version to [v1.48](https://docs.docker.com/engine/api/v1.48/) [moby/moby#48476](https://github.com/moby/moby/pull/48476) -- `GET /images/{name}/json` response now will return the `Manifests` field containing information about the sub-manifests contained in the image index. This includes things like platform-specific manifests and build attestations. [moby/moby#48264](https://github.com/moby/moby/pull/48264) +- `GET /images/{name}/json` response now returns the `Manifests` field containing information about the sub-manifests contained in the image index. This includes things like platform-specific manifests and build attestations. [moby/moby#48264](https://github.com/moby/moby/pull/48264) - `POST /containers/create` now supports `Mount` of type `image` for mounting an image inside a container. [moby/moby#48798](https://github.com/moby/moby/pull/48798) -- `GET /images/{name}/history` now supports a `platform` parameter (JSON encoded OCI Platform type) that allows to specify a platform to show the history of. [moby/moby#48295](https://github.com/moby/moby/pull/48295) -- `POST /images/{name}/load` and `GET /images/{name}/get` now support a `platform` parameter (JSON encoded OCI Platform type) that allows to specify a platform to load/save. Not passing this parameter will result in loading/saving the full multi-platform image. [moby/moby#48295](https://github.com/moby/moby/pull/48295) +- `GET /images/{name}/history` now supports a `platform` parameter (JSON encoded OCI Platform type) that lets you specify a platform to show the history of. [moby/moby#48295](https://github.com/moby/moby/pull/48295) +- `POST /images/{name}/load` and `GET /images/{name}/get` now supports a `platform` parameter (JSON encoded OCI Platform type) that lets you specify a platform to load/save. Not passing this parameter results in loading/saving the full multi-platform image. [moby/moby#48295](https://github.com/moby/moby/pull/48295) - Improve errors for invalid width/height on container resize and exec resize [moby/moby#48679](https://github.com/moby/moby/pull/48679) - The `POST /containers/create` endpoint now includes a warning in the response when setting the container-wide `VolumeDriver` option in combination with volumes defined through `Mounts` because the `VolumeDriver` option has no effect on those volumes. This warning was previously generated by the CLI. [moby/moby#48789](https://github.com/moby/moby/pull/48789) -- containerd image store: `GET /images/json` and `GET /images/{name}/json` response now includes `Descriptor` field, which contains an OCI descriptor of the image target. The new field will only be populated if the daemon provides a multi-platform image store. [moby/moby#48894](https://github.com/moby/moby/pull/48894) +- containerd image store: `GET /images/json` and `GET /images/{name}/json` responses now includes `Descriptor` field, which contains an OCI descriptor of the image target. The new field is only populated if the daemon provides a multi-platform image store. [moby/moby#48894](https://github.com/moby/moby/pull/48894) - containerd image store: `GET /containers/{name}/json` now returns an `ImageManifestDescriptor` field containing the OCI descriptor of the platform-specific image manifest of the image that was used to create the container. [moby/moby#48855](https://github.com/moby/moby/pull/48855) - Add debug endpoints (`GET /debug/vars`, `GET /debug/pprof/`, `GET /debug/pprof/cmdline`, `GET /debug/pprof/profile`, `GET /debug/pprof/symbol`, `GET /debug/pprof/trace`, `GET /debug/pprof/{name}`) are now also accessible through the versioned-API paths (`/v/`). [moby/moby#49051](https://github.com/moby/moby/pull/49051) - Fix API returning a `500` status code instead of `400` for validation errors. [moby/moby#49217](https://github.com/moby/moby/pull/49217) -- Fix status-codes for archive endpoints `HEAD /containers/{name:.*}/archive`, `GET /containers/{name:.*}/archive`, `PUT /containers/{name:.*}/archive` returning a `500` status instead of a `400` status. [moby/moby#49219](https://github.com/moby/moby/pull/49219) +- Fix status codes for archive endpoints `HEAD /containers/{name:.*}/archive`, `GET /containers/{name:.*}/archive`, `PUT /containers/{name:.*}/archive` returning a `500` status instead of a `400` status. [moby/moby#49219](https://github.com/moby/moby/pull/49219) - `POST /containers/create` now accepts a `writable-cgroups=true` option in `HostConfig.SecurityOpt` to mount the container's cgroups writable. This provides a more granular approach than `HostConfig.Privileged`. [moby/moby#48828](https://github.com/moby/moby/pull/48828) - `POST /build/prune` renames `keep-bytes` to `reserved-space` and now supports additional prune parameters `max-used-space` and `min-free-space`. [moby/moby#48720](https://github.com/moby/moby/pull/48720) - `POST /networks/create` now has an `EnableIPv4` field. Setting it to `false` disables IPv4 IPAM for the network. [moby/moby#48271](https://github.com/moby/moby/pull/48271) @@ -119,21 +119,20 @@ For a full list of pull requests and changes in this release, refer to the relev - `POST /networks/{id}/connect` and `POST /containers/create` now accept a `GwPriority` field in `EndpointsConfig`. This value is used to determine which network endpoint provides the default gateway for the container. The endpoint with the highest priority is selected. If multiple endpoints have the same priority, endpoints are sorted lexicographically by their network name, and the one that sorts first is picked. [moby/moby#48746](https://github.com/moby/moby/pull/48746) - `GET /containers/json` now returns a `GwPriority` field in `NetworkSettings` for each network endpoint. The `GwPriority` field is used by the CLI’s new `gw-priority` option for `docker run` and `docker network connect`. [moby/moby#48746](https://github.com/moby/moby/pull/48746) - Settings for `eth0` in `--sysctl` options are no longer automatically migrated to the network endpoint. [moby/moby#48746](https://github.com/moby/moby/pull/48746) - * For example, on the Docker command line Docker, `docker run --network mynet --sysctl net.ipv4.conf.eth0.log_martians=1 ...` will be rejected. Instead, you must use `docker run --network name=mynet,driver-opt=com.docker.network.endpoint.sysctls=net.ipv4.conf.IFNAME.log_martians=1 ...` - + - For example, in the Docker CLI, `docker run --network mynet --sysctl net.ipv4.conf.eth0.log_martians=1 ...` is rejected. Instead, you must use `docker run --network name=mynet,driver-opt=com.docker.network.endpoint.sysctls=net.ipv4.conf.IFNAME.log_martians=1 ...` ### Removed - The Fluent logger option `fluentd-async-connect` has been deprecated in v20.10 and is now removed. [moby/moby#46114](https://github.com/moby/moby/pull/46114) - The `--time` option on `docker stop` and `docker restart` is deprecated and renamed to `--timeout`. [docker/cli#5485](https://github.com/docker/cli/pull/5485) -- Go-SDK: `pkg/ioutils`: remove `NewReaderErrWrapper` as it was never used. [moby/moby#49258](https://github.com/moby/moby/pull/49258) -- Go-SDK: `pkg/ioutils`: remove deprecated `BytesPipe`, `NewBytesPipe`, `ErrClosed`, `WriteCounter`, `NewWriteCounter`, `NewReaderErrWrapper`, `NopFlusher`. [moby/moby#49245](https://github.com/moby/moby/pull/49245) -- Go-SDK: `pkg/ioutils`: remove deprecated `NopWriter` and `NopWriteCloser`. [moby/moby#49256](https://github.com/moby/moby/pull/49256) +- Go-SDK: `pkg/ioutils`: Remove `NewReaderErrWrapper` as it was never used. [moby/moby#49258](https://github.com/moby/moby/pull/49258) +- Go-SDK: `pkg/ioutils`: Remove deprecated `BytesPipe`, `NewBytesPipe`, `ErrClosed`, `WriteCounter`, `NewWriteCounter`, `NewReaderErrWrapper`, `NopFlusher`. [moby/moby#49245](https://github.com/moby/moby/pull/49245) +- Go-SDK: `pkg/ioutils`: Remove deprecated `NopWriter` and `NopWriteCloser`. [moby/moby#49256](https://github.com/moby/moby/pull/49256) - Go-SDK: `pkg/sysinfo`: Remove deprecated NumCPU. [moby/moby#49242](https://github.com/moby/moby/pull/49242) -- Go-SDK: remove `pkg/broadcaster`, as it was only used internally [moby/moby#49172](https://github.com/moby/moby/pull/49172) -- Go-SDK: remove deprecated `cli.Errors` type [docker/cli#5549](https://github.com/docker/cli/pull/5549) +- Go-SDK: Remove `pkg/broadcaster`, as it was only used internally [moby/moby#49172](https://github.com/moby/moby/pull/49172) +- Go-SDK: Remove deprecated `cli.Errors` type [docker/cli#5549](https://github.com/docker/cli/pull/5549) - Remove `pkg/ioutils.ReadCloserWrapper`, as it was only used in tests. [moby/moby#49237](https://github.com/moby/moby/pull/49237) -- Remove deprecated "api-cors-header" config parameter and the `dockerd` "--api-cors-header" option [moby/moby#48209](https://github.com/moby/moby/pull/48209) +- Remove deprecated `api-cors-header` config parameter and the `dockerd` `--api-cors-header` option [moby/moby#48209](https://github.com/moby/moby/pull/48209) - Remove deprecated `APIEndpoint.Version` field, `APIVersion` type, and `APIVersion1` and `APIVersion2` consts. [moby/moby#49004](https://github.com/moby/moby/pull/49004) - Remove deprecated `api-cors-header` config parameter and the Docker daemon's `--api-cors-header` option. [docker/cli#5437](https://github.com/docker/cli/pull/5437) - Remove deprecated `pkg/directory` package [moby/moby#48779](https://github.com/moby/moby/pull/48779) @@ -143,21 +142,21 @@ For a full list of pull requests and changes in this release, refer to the relev - Remove support for deprecated external graph-driver plugins. [moby/moby#48072](https://github.com/moby/moby/pull/48072) - `api/types`: Remove deprecated `container.ContainerNode` and `ContainerJSONBase.Node` field. [moby/moby#48107](https://github.com/moby/moby/pull/48107) - `api/types`: Remove deprecated aliases: `ImagesPruneReport`, `VolumesPruneReport`, `NetworkCreateRequest`, `NetworkCreate`, `NetworkListOptions`, `NetworkCreateResponse`, `NetworkInspectOptions`, `NetworkConnect`, `NetworkDisconnect`, `EndpointResource`, `NetworkResource`, `NetworksPruneReport`, `ExecConfig`, `ExecStartCheck`, `ContainerExecInspect`, `ContainersPruneReport`, `ContainerPathStat`, `CopyToContainerOptions`, `ContainerStats`, `ImageSearchOptions`, `ImageImportSource`, `ImageLoadResponse`, `ContainerNode`. [moby/moby#48107](https://github.com/moby/moby/pull/48107) -- `libnetwork/iptables`: remove deprecated `IPV`, `Iptables`, `IP6Tables` and `Passthrough()`. [moby/moby#49121](https://github.com/moby/moby/pull/49121) -- `pkg/archive`: remove deprecated `CanonicalTarNameForPath`, `NewTempArchive`, `TempArchive` [moby/moby#48708](https://github.com/moby/moby/pull/48708) -- `pkg/fileutils`: remove deprecated `GetTotalUsedFds` [moby/moby#49210](https://github.com/moby/moby/pull/49210) -- `pkg/ioutils`: remove `OnEOFReader`, which was only used internally [moby/moby#49170](https://github.com/moby/moby/pull/49170) -- `pkg/longpath`: remove deprecated `Prefix` constant. [moby/moby#48779](https://github.com/moby/moby/pull/48779) -- `pkg/stringid`: remove deprecated `IsShortID` and `ValidateID` functions [moby/moby#48705](https://github.com/moby/moby/pull/48705) -- `runconfig/opts`: remove deprecated `ConvertKVStringsToMap` [moby/moby#48102](https://github.com/moby/moby/pull/48102) -- `runconfig`: remove deprecated `ContainerConfigWrapper`, `SetDefaultNetModeIfBlank`, `DefaultDaemonNetworkMode`, `IsPreDefinedNetwork` [moby/moby#48102](https://github.com/moby/moby/pull/48102) -- `container`: remove deprecated `ErrNameReserved`, `ErrNameNotReserved`. [moby/moby#48728](https://github.com/moby/moby/pull/48728) -- daemon: remove `Daemon.ContainerInspectCurrent()` method and change `Daemon.ContainerInspect()` signature to accept a `backend.ContainerInspectOptions` struct [moby/moby#48672](https://github.com/moby/moby/pull/48672) -- daemon: remove deprecated `Daemon.Exists()` and `Daemon.IsPaused()` methods. [moby/moby#48723](https://github.com/moby/moby/pull/48723) +- `libnetwork/iptables`: Remove deprecated `IPV`, `Iptables`, `IP6Tables` and `Passthrough()`. [moby/moby#49121](https://github.com/moby/moby/pull/49121) +- `pkg/archive`: Remove deprecated `CanonicalTarNameForPath`, `NewTempArchive`, `TempArchive` [moby/moby#48708](https://github.com/moby/moby/pull/48708) +- `pkg/fileutils`: Remove deprecated `GetTotalUsedFds` [moby/moby#49210](https://github.com/moby/moby/pull/49210) +- `pkg/ioutils`: Remove `OnEOFReader`, which was only used internally [moby/moby#49170](https://github.com/moby/moby/pull/49170) +- `pkg/longpath`: Remove deprecated `Prefix` constant. [moby/moby#48779](https://github.com/moby/moby/pull/48779) +- `pkg/stringid`: Remove deprecated `IsShortID` and `ValidateID` functions [moby/moby#48705](https://github.com/moby/moby/pull/48705) +- `runconfig/opts`: Remove deprecated `ConvertKVStringsToMap` [moby/moby#48102](https://github.com/moby/moby/pull/48102) +- `runconfig`: Remove deprecated `ContainerConfigWrapper`, `SetDefaultNetModeIfBlank`, `DefaultDaemonNetworkMode`, `IsPreDefinedNetwork` [moby/moby#48102](https://github.com/moby/moby/pull/48102) +- `container`: Remove deprecated `ErrNameReserved`, `ErrNameNotReserved`. [moby/moby#48728](https://github.com/moby/moby/pull/48728) +- Remove `Daemon.ContainerInspectCurrent()` method and change `Daemon.ContainerInspect()` signature to accept a `backend.ContainerInspectOptions` struct [moby/moby#48672](https://github.com/moby/moby/pull/48672) +- Remove deprecated `Daemon.Exists()` and `Daemon.IsPaused()` methods. [moby/moby#48723](https://github.com/moby/moby/pull/48723) ### Deprecations -- API: Deprecated: The `BridgeNfIptables` and `BridgeNfIp6tables` fields in the `GET /info` response are now always be `false` and will be omitted in API v1.49. The netfilter module is now loaded on-demand, and no longer during daemon startup, making these fields obsolete. [moby/moby#49114](https://github.com/moby/moby/pull/49114) +- API: The `BridgeNfIptables` and `BridgeNfIp6tables` fields in the `GET /info` response are now always be `false` and will be omitted in API v1.49. The netfilter module is now loaded on-demand, and no longer during daemon startup, making these fields obsolete. [moby/moby#49114](https://github.com/moby/moby/pull/49114) - Deprecate `Daemon.Register()`. This function is unused and will be removed in the next release. [moby/moby#48702](https://github.com/moby/moby/pull/48702) - Deprecate `client.ImageInspectWithRaw` function in favor of the new `client.ImageInspect`. [moby/moby#48264](https://github.com/moby/moby/pull/48264) - Deprecate `daemon/config.Config.ValidatePlatformConfig()`. This method was used as helper for `config.Validate`, which should be used instead. [moby/moby#48985](https://github.com/moby/moby/pull/48985) @@ -165,15 +164,15 @@ For a full list of pull requests and changes in this release, refer to the relev - Deprecate configuration for pushing non-distributable artifacts [docker/cli#5724](https://github.com/docker/cli/pull/5724) - Deprecate the `--allow-nondistributable-artifacts` daemon flag and corresponding `allow-nondistributable-artifacts` field in `daemon.json`. Setting either option will no longer take an effect, but a deprecation warning log is added. [moby/moby#49065](https://github.com/moby/moby/pull/49065) - Deprecate the `RegistryConfig.AllowNondistributableArtifactsCIDRs` and `RegistryConfig.AllowNondistributableArtifactsHostnames` fields in the `GET /info` API response. For API version v1.48 and older, the fields are still included in the response, but always `null`. In API version v1.49 and later, the field will be omitted entirely. [moby/moby#49065](https://github.com/moby/moby/pull/49065) -- Go SDK: deprecate `registry.ServiceOptions.AllowNondistributableArtifacts` field. [moby/moby#49065](https://github.com/moby/moby/pull/49065) -- Go SDK: the `BridgeNfIptables`, `BridgeNfIp6tables` fields in `api/types/system.Info` and `BridgeNFCallIPTablesDisabled`, `BridgeNFCallIP6TablesDisabled` fields in `pkg/sysinfo.SysInfo` are deprecated and will be removed in the next release. [moby/moby#49114](https://github.com/moby/moby/pull/49114) -- Go-SDK: `client`: deprecate `CommonAPIClient` interface in favor of the `APIClient` interface. The `CommonAPIClient` will be changed to an alias for `APIClient` in the next release, and removed in the release after. [moby/moby#49388](https://github.com/moby/moby/pull/49388) -- Go-SDK: `client`: deprecate `ErrorConnectionFailed` helper. This function was only used internally, and will be removed in the next release. [moby/moby#49389](https://github.com/moby/moby/pull/49389) -- Go-SDK: `pkg/ioutils`: deprecate `NewAtomicFileWriter`, `AtomicWriteFile`, `AtomicWriteSet`, `NewAtomicWriteSet` in favor of `pkg/atomicwriter` equivalents. [moby/moby#49171](https://github.com/moby/moby/pull/49171) -- Go-SDK: `pkg/sysinfo`: deprecate `NumCPU`. This utility has the same behavior as `runtime.NumCPU`. [moby/moby#49241](https://github.com/moby/moby/pull/49241) -- Go-SDK: `pkg/system`: deprecate `MkdirAll`. This function provided custom handling for Windows GUID volume paths. Handling for such paths is now supported by Go standard library in go1.22 and newer, and this function is now an alias for `os.MkdirAll`, which should be used instead. This alias will be removed in the next release. [moby/moby#49162](https://github.com/moby/moby/pull/49162) -- Go-SDK: deprecate `pkg/parsers.ParseKeyValueOpt`. [moby/moby#49177](https://github.com/moby/moby/pull/49177) -- Go-SDK: deprecate `pkg/parsers.ParseUintListMaximum`, `pkg/parsers.ParseUintList`. These utilities were only used internally and will be removed in the next release. [moby/moby#49222](https://github.com/moby/moby/pull/49222) +- Go SDK: Deprecate `registry.ServiceOptions.AllowNondistributableArtifacts` field. [moby/moby#49065](https://github.com/moby/moby/pull/49065) +- Go SDK: The `BridgeNfIptables`, `BridgeNfIp6tables` fields in `api/types/system.Info` and `BridgeNFCallIPTablesDisabled`, `BridgeNFCallIP6TablesDisabled` fields in `pkg/sysinfo.SysInfo` are deprecated and will be removed in the next release. [moby/moby#49114](https://github.com/moby/moby/pull/49114) +- Go-SDK: `client`: Deprecate `CommonAPIClient` interface in favor of the `APIClient` interface. The `CommonAPIClient` will be changed to an alias for `APIClient` in the next release, and removed in the release after. [moby/moby#49388](https://github.com/moby/moby/pull/49388) +- Go-SDK: `client`: Deprecate `ErrorConnectionFailed` helper. This function was only used internally, and will be removed in the next release. [moby/moby#49389](https://github.com/moby/moby/pull/49389) +- Go-SDK: `pkg/ioutils`: Deprecate `NewAtomicFileWriter`, `AtomicWriteFile`, `AtomicWriteSet`, `NewAtomicWriteSet` in favor of `pkg/atomicwriter` equivalents. [moby/moby#49171](https://github.com/moby/moby/pull/49171) +- Go-SDK: `pkg/sysinfo`: Deprecate `NumCPU`. This utility has the same behavior as `runtime.NumCPU`. [moby/moby#49241](https://github.com/moby/moby/pull/49241) +- Go-SDK: `pkg/system`: Deprecate `MkdirAll`. This function provided custom handling for Windows GUID volume paths. Handling for such paths is now supported by Go standard library in go1.22 and newer, and this function is now an alias for `os.MkdirAll`, which should be used instead. This alias will be removed in the next release. [moby/moby#49162](https://github.com/moby/moby/pull/49162) +- Go-SDK: Deprecate `pkg/parsers.ParseKeyValueOpt`. [moby/moby#49177](https://github.com/moby/moby/pull/49177) +- Go-SDK: Deprecate `pkg/parsers.ParseUintListMaximum`, `pkg/parsers.ParseUintList`. These utilities were only used internally and will be removed in the next release. [moby/moby#49222](https://github.com/moby/moby/pull/49222) - Move `GraphDriverData` from `api/types` to `api/types/storage`. The old type is deprecated and will be removed in the next release. [moby/moby#48108](https://github.com/moby/moby/pull/48108) - Move `RequestPrivilegeFunc` from `api/types` to `api/types/registry`. The old type is deprecated and will be removed in the next release. [moby/moby#48119](https://github.com/moby/moby/pull/48119) - Move from `api/types` to `api/types/container` - `NetworkSettings`, `NetworkSettingsBase`, `DefaultNetworkSettings`, `SummaryNetworkSettings`, `Health`, `HealthcheckResult`, `NoHealthcheck`, `Starting`, `Healthy`, and `Unhealthy` constants, `MountPoint`, `Port`, `ContainerState`, `Container`, `ContainerJSONBase`, `ContainerJSON`, `ContainerNode`. The old types are deprecated and will be removed in the next release. [moby/moby#48108](https://github.com/moby/moby/pull/48108) @@ -181,13 +180,11 @@ For a full list of pull requests and changes in this release, refer to the relev - `ContainerdCommit.Expected`, `RuncCommit.Expected`, and `InitCommit.Expected` fields in the `GET /info` endpoint are deprecated and will be omitted in API v1.49. [moby/moby#48478](https://github.com/moby/moby/pull/48478) - `api/types/registry`: Deprecate `ServiceConfig.AllowNondistributableArtifactsCIDRs` and `ServiceConfig.AllowNondistributableArtifactsHostnames` fields. These fields will be removed in the next release. [moby/moby#49065](https://github.com/moby/moby/pull/49065) - `api/types/system/Commit.Expected` field is deprecated and should no longer be used. [moby/moby#48478](https://github.com/moby/moby/pull/48478) -- `daemon/graphdriver`: deprecate `GetDriver()` [moby/moby#48079](https://github.com/moby/moby/pull/48079) -- `libnetwork/iptables`: deprecate `Passthrough`. This function was only used internally, and will be removed in the next release. [moby/moby#49115](https://github.com/moby/moby/pull/49115) +- `daemon/graphdriver`: Deprecate `GetDriver()` [moby/moby#48079](https://github.com/moby/moby/pull/48079) +- `libnetwork/iptables`: Deprecate `Passthrough`. This function was only used internally, and will be removed in the next release. [moby/moby#49115](https://github.com/moby/moby/pull/49115) - `pkg/directory.Size()` function is deprecated, an will be removed in the next release. [moby/moby#48057](https://github.com/moby/moby/pull/48057) -- `registry`: deprecate `APIEndpoint.TrimHostName`; hostname is now trimmed unconditionally for remote names. This field will be removed in the next release. [moby/moby#49005](https://github.com/moby/moby/pull/49005) -`allow-nondistributable-artifacts` field in `daemon.json`. Setting either option will no longer take an effect, but a deprecation warning log is added to raise awareness about the deprecation. This warning is planned to become an error in the next release. [moby/moby#49065](https://github.com/moby/moby/pull/49065) - - +- `registry`: Deprecate `APIEndpoint.TrimHostName`; hostname is now trimmed unconditionally for remote names. This field will be removed in the next release. [moby/moby#49005](https://github.com/moby/moby/pull/49005) +`allow-nondistributable-artifacts` field in `daemon.json`. Setting either option will no longer take effect, but a deprecation warning log is added to raise awareness about the deprecation. This warning is planned to become an error in the next release. [moby/moby#49065](https://github.com/moby/moby/pull/49065) ### Networking @@ -202,13 +199,13 @@ For a full list of pull requests and changes in this release, refer to the relev - The deprecated OCI `prestart` hook is now only used by build containers. For other containers, network interfaces are added to the network namespace after task creation is complete, before the container task is started. [moby/moby#47406](https://github.com/moby/moby/pull/47406) - Add a new `gw-priority` option to `docker run`, `docker container create`, and `docker network connect`. This option will be used by the Engine to determine which network provides the default gateway for a container. On `docker run`, this option is only available through the extended `--network` syntax. [docker/cli#5664](https://github.com/docker/cli/pull/5664) - Add a new netlabel `com.docker.network.endpoint.ifname` to customize the interface name used when connecting a container to a network. It's supported by all built-in network drivers on Linux. [moby/moby#49155](https://github.com/moby/moby/pull/49155) - - When a container is created with multiple networks specified, there's no guarantee on the order networks will be connected to the container. So, if a custom interface name uses the same prefix as the auto-generated names (e.g. `eth`), the container might fail to start. - - The recommended practice is to use a different prefix (e.g. `en0`), or a numerical suffix high enough to never collide (e.g. `eth100`). - - This label can be specified on `docker network connect` via the `--driver-opt` flag, e.g. `docker network connect --driver-opt=com.docker.network.endpoint.ifname=foobar …`. - - Or via the long-form `--network` flag on `docker run`, e.g. `docker run --network=name=bridge,driver-opt=com.docker.network.endpoint.ifname=foobar …` + - When a container is created with multiple networks specified, there's no guarantee on the order networks will be connected to the container. So, if a custom interface name uses the same prefix as the auto-generated names, for example `eth`, the container might fail to start. + - The recommended practice is to use a different prefix, for example `en0`, or a numerical suffix high enough to never collide, for example `eth100`. + - This label can be specified on `docker network connect` via the `--driver-opt` flag, for example `docker network connect --driver-opt=com.docker.network.endpoint.ifname=foobar …`. + - Or via the long-form `--network` flag on `docker run`, for example `docker run --network=name=bridge,driver-opt=com.docker.network.endpoint.ifname=foobar …` - If a custom network driver reports capability `GwAllocChecker` then, before a network is created, it will get a `GwAllocCheckerRequest` with the network's options. The custom driver may then reply that no gateway IP address should be allocated. [moby/moby#49372](https://github.com/moby/moby/pull/49372) -#### Port Publishing in Bridge Networks +#### Port publishing in bridge networks - `dockerd` now requires `ipset` support in the Linux kernel. [moby/moby#48596](https://github.com/moby/moby/pull/48596) - The `iptables` and `ip6tables` rules used to implement port publishing and network isolation have been extensively modified. This enables some of the functional changes described below, and is a first step in refactoring to enable native `nftables` support in a future release. [moby/moby#48815](https://github.com/moby/moby/issues/48815) @@ -220,7 +217,7 @@ For a full list of pull requests and changes in this release, refer to the relev - Fix a security issue that was allowing neighbor hosts to connect to ports mapped on a loopback address. [moby/moby#49325](https://github.com/moby/moby/pull/49325) - Fix an issue that prevented port publishing to link-local addresses. [moby/moby#48570](https://github.com/moby/moby/pull/48570) - UDP ports published by a container are now reliably accessible by containers on other networks, via the host's public IP address. [moby/moby#48571](https://github.com/moby/moby/pull/48571) -- docker will now only set the `ip6tables` policy for the `FORWARD` chain in the `filter` table to `DROP` if it enables IP forwarding on the host itself (sysctls `net.ipv6.conf.all.forwarding` and `net.ipv6.conf.default.forwarding`). This is now aligned with existing IPv4 behaviour. [moby/moby#48594](https://github.com/moby/moby/pull/48594) +- Docker will now only set the `ip6tables` policy for the `FORWARD` chain in the `filter` table to `DROP` if it enables IP forwarding on the host itself (sysctls `net.ipv6.conf.all.forwarding` and `net.ipv6.conf.default.forwarding`). This is now aligned with existing IPv4 behaviour. [moby/moby#48594](https://github.com/moby/moby/pull/48594) - If IPv6 forwarding is enabled on your host, but you were depending on Docker to set the ip6tables filter-FORWARD policy to `DROP`, you may need to update your host's configuration to make sure it is secure. - Direct routed access to container ports that are not exposed using `p`/`-publish` is now blocked in the `DOCKER` iptables chain. [moby/moby#48724](https://github.com/moby/moby/pull/48724) - If the default iptables filter-FORWARD policy was previously left at `ACCEPT` on your host, and direct routed access to a container's unpublished ports from a remote host is still required, options are: @@ -258,8 +255,8 @@ For a full list of pull requests and changes in this release, refer to the relev - Fixed an issue that meant a container could not be attached to an L3 IPvlan at the same time as other network types. [moby/moby#49130](https://github.com/moby/moby/pull/49130) - Remove the correct `/etc/hosts` entries when disconnecting a container from a network. [moby/moby#48857](https://github.com/moby/moby/pull/48857) - Fix duplicate network disconnect events. [moby/moby#48800](https://github.com/moby/moby/pull/48800) -- Resolved issues related to changing `fixed-cidr` for `docker0`, and inferring configuration from a user-managed default bridge (`--bridge`). [moby/moby#48319](https://github.com/moby/moby/pull/48319) -- Removed feature flag `windows-dns-proxy`, introduced in release 26.1.0 to control forwarding to external DNS resolvers from Windows containers, to make `nslookup` work. It was enabled by default in release 27.0.0. [moby/moby#48738](https://github.com/moby/moby/pull/48738) -- Removed an `iptables` mangle rule for checksumming SCTP. The rule can be re-enabled by setting `DOCKER_IPTABLES_SCTP_CHECKSUM=1` in the daemon's environment. This override will be removed in a future release. [moby/moby#48149](https://github.com/moby/moby/pull/48149) +- Resolve issues related to changing `fixed-cidr` for `docker0`, and inferring configuration from a user-managed default bridge (`--bridge`). [moby/moby#48319](https://github.com/moby/moby/pull/48319) +- Remove feature flag `windows-dns-proxy`, introduced in release 26.1.0 to control forwarding to external DNS resolvers from Windows containers, to make `nslookup` work. It was enabled by default in release 27.0.0. [moby/moby#48738](https://github.com/moby/moby/pull/48738) +- Remove an `iptables` mangle rule for checksumming SCTP. The rule can be re-enabled by setting `DOCKER_IPTABLES_SCTP_CHECKSUM=1` in the daemon's environment. This override will be removed in a future release. [moby/moby#48149](https://github.com/moby/moby/pull/48149) - Faster connection to bridge networks, in most cases. [moby/moby#49302](https://github.com/moby/moby/pull/49302) From cd5d814f437c166699cbeebd857278cf46e7e8b2 Mon Sep 17 00:00:00 2001 From: aevesdocker Date: Thu, 13 Feb 2025 10:40:54 +0000 Subject: [PATCH 5/9] vale fix --- _vale/config/vocabularies/Docker/accept.txt | 1 - content/manuals/engine/release-notes/28.md | 8 ++++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/_vale/config/vocabularies/Docker/accept.txt b/_vale/config/vocabularies/Docker/accept.txt index c96cbe70539..647222a9764 100644 --- a/_vale/config/vocabularies/Docker/accept.txt +++ b/_vale/config/vocabularies/Docker/accept.txt @@ -64,7 +64,6 @@ Laradock Linux LinuxKit Logstash -MAC Mac Mail(chimp|gun) Microsoft diff --git a/content/manuals/engine/release-notes/28.md b/content/manuals/engine/release-notes/28.md index 99b22d2a83d..5c4c83f63e9 100644 --- a/content/manuals/engine/release-notes/28.md +++ b/content/manuals/engine/release-notes/28.md @@ -35,7 +35,7 @@ For a full list of pull requests and changes in this release, refer to the relev ### New -- Windows: add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. [moby/moby#47955](https://github.com/moby/moby/pull/47955) +- Windows: Add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. [moby/moby#47955](https://github.com/moby/moby/pull/47955) - Add ability to mount an image inside a container via `--mount type=image`. [moby/moby#48798](https://github.com/moby/moby/pull/48798) - `docker load`, `docker save`, and `docker history` now support a `--platform` flag allowing you to choose a specific platform for single-platform operations on multi-platform images. [docker/cli#5331](https://github.com/docker/cli/pull/5331) - Add `OOMScoreAdj` to `docker service create` and `docker stack`. [docker/cli#5145](https://github.com/docker/cli/pull/5145) @@ -88,7 +88,7 @@ For a full list of pull requests and changes in this release, refer to the relev - `Client.ImageBuild()` now omits default values from the API request's query string. [moby/moby#48651](https://github.com/moby/moby/pull/48651) - `api/types/container`: Merge `Stats` and `StatsResponse` [moby/moby#49287](https://github.com/moby/moby/pull/49287) - `client.WithVersion`: Strip v-prefix when setting API version [moby/moby#49352](https://github.com/moby/moby/pull/49352) -- `client`: Add `WithTraceOptions` allowing to specify custom OTEL trace options. [moby/moby#49415](https://github.com/moby/moby/pull/49415) +- `client`: Add `WithTraceOptions` allowing to specify custom OTe1 trace options. [moby/moby#49415](https://github.com/moby/moby/pull/49415) - `client`: Add `HijackDialer` interface. [moby/moby#49388](https://github.com/moby/moby/pull/49388) - `client`: Add `SwarmManagementAPIClient` interface to describe all API client methods related to Swarm-specific objects. [moby/moby#49388](https://github.com/moby/moby/pull/49388) - `pkg/containerfs`: Move to internal [moby/moby#48097](https://github.com/moby/moby/pull/48097) @@ -184,7 +184,7 @@ For a full list of pull requests and changes in this release, refer to the relev - `libnetwork/iptables`: Deprecate `Passthrough`. This function was only used internally, and will be removed in the next release. [moby/moby#49115](https://github.com/moby/moby/pull/49115) - `pkg/directory.Size()` function is deprecated, an will be removed in the next release. [moby/moby#48057](https://github.com/moby/moby/pull/48057) - `registry`: Deprecate `APIEndpoint.TrimHostName`; hostname is now trimmed unconditionally for remote names. This field will be removed in the next release. [moby/moby#49005](https://github.com/moby/moby/pull/49005) -`allow-nondistributable-artifacts` field in `daemon.json`. Setting either option will no longer take effect, but a deprecation warning log is added to raise awareness about the deprecation. This warning is planned to become an error in the next release. [moby/moby#49065](https://github.com/moby/moby/pull/49065) +- `allow-nondistributable-artifacts` field in `daemon.json`. Setting either option will no longer take effect, but a deprecation warning log is added to raise awareness about the deprecation. This warning is planned to become an error in the next release. [moby/moby#49065](https://github.com/moby/moby/pull/49065) ### Networking @@ -208,7 +208,7 @@ For a full list of pull requests and changes in this release, refer to the relev #### Port publishing in bridge networks - `dockerd` now requires `ipset` support in the Linux kernel. [moby/moby#48596](https://github.com/moby/moby/pull/48596) - - The `iptables` and `ip6tables` rules used to implement port publishing and network isolation have been extensively modified. This enables some of the functional changes described below, and is a first step in refactoring to enable native `nftables` support in a future release. [moby/moby#48815](https://github.com/moby/moby/issues/48815) + - The `iptables` and `ip6tables` rules used to implement port publishing and network isolation have been extensively modified. This enables some of the following functional changes, and is a first step in refactoring to enable native `nftables` support in a future release. [moby/moby#48815](https://github.com/moby/moby/issues/48815) - If it becomes necessary to downgrade to an earlier version of the daemon, some manual cleanup of the new rules will be necessary. The simplest and surest approach is to reboot the host, or use `iptables -F` and `ip6tables -F` to flush all existing `iptables` rules from the `filter` table before starting the older version of the daemon. When that is not possible, run the following commands as root: - `iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT` - `iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -j DOCKER; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -j DOCKER` From 77281bf08ee05f21a5f0fff42c5f82caf65815b0 Mon Sep 17 00:00:00 2001 From: aevesdocker Date: Thu, 13 Feb 2025 11:39:56 +0000 Subject: [PATCH 6/9] Move networking section --- content/manuals/engine/release-notes/28.md | 130 ++++++++++----------- 1 file changed, 64 insertions(+), 66 deletions(-) diff --git a/content/manuals/engine/release-notes/28.md b/content/manuals/engine/release-notes/28.md index 5c4c83f63e9..498f42214a4 100644 --- a/content/manuals/engine/release-notes/28.md +++ b/content/manuals/engine/release-notes/28.md @@ -42,7 +42,6 @@ For a full list of pull requests and changes in this release, refer to the relev - `docker buildx prune` now supports `reserved-space`, `max-used-space` and `min-free-space`, `keep-bytes` filters. [moby/moby#48720](https://github.com/moby/moby/pull/48720) - `docker images --tree` now shows metadata badges [docker/cli#5744](https://github.com/docker/cli/pull/5744) - ### Bug fixes and enhancements - Add IPv6 loopback address as an insecure registry by default. [moby/moby#48540](https://github.com/moby/moby/pull/48540) @@ -121,71 +120,6 @@ For a full list of pull requests and changes in this release, refer to the relev - Settings for `eth0` in `--sysctl` options are no longer automatically migrated to the network endpoint. [moby/moby#48746](https://github.com/moby/moby/pull/48746) - For example, in the Docker CLI, `docker run --network mynet --sysctl net.ipv4.conf.eth0.log_martians=1 ...` is rejected. Instead, you must use `docker run --network name=mynet,driver-opt=com.docker.network.endpoint.sysctls=net.ipv4.conf.IFNAME.log_martians=1 ...` -### Removed - -- The Fluent logger option `fluentd-async-connect` has been deprecated in v20.10 and is now removed. [moby/moby#46114](https://github.com/moby/moby/pull/46114) -- The `--time` option on `docker stop` and `docker restart` is deprecated and renamed to `--timeout`. [docker/cli#5485](https://github.com/docker/cli/pull/5485) -- Go-SDK: `pkg/ioutils`: Remove `NewReaderErrWrapper` as it was never used. [moby/moby#49258](https://github.com/moby/moby/pull/49258) -- Go-SDK: `pkg/ioutils`: Remove deprecated `BytesPipe`, `NewBytesPipe`, `ErrClosed`, `WriteCounter`, `NewWriteCounter`, `NewReaderErrWrapper`, `NopFlusher`. [moby/moby#49245](https://github.com/moby/moby/pull/49245) -- Go-SDK: `pkg/ioutils`: Remove deprecated `NopWriter` and `NopWriteCloser`. [moby/moby#49256](https://github.com/moby/moby/pull/49256) -- Go-SDK: `pkg/sysinfo`: Remove deprecated NumCPU. [moby/moby#49242](https://github.com/moby/moby/pull/49242) -- Go-SDK: Remove `pkg/broadcaster`, as it was only used internally [moby/moby#49172](https://github.com/moby/moby/pull/49172) -- Go-SDK: Remove deprecated `cli.Errors` type [docker/cli#5549](https://github.com/docker/cli/pull/5549) -- Remove `pkg/ioutils.ReadCloserWrapper`, as it was only used in tests. [moby/moby#49237](https://github.com/moby/moby/pull/49237) -- Remove deprecated `api-cors-header` config parameter and the `dockerd` `--api-cors-header` option [moby/moby#48209](https://github.com/moby/moby/pull/48209) -- Remove deprecated `APIEndpoint.Version` field, `APIVersion` type, and `APIVersion1` and `APIVersion2` consts. [moby/moby#49004](https://github.com/moby/moby/pull/49004) -- Remove deprecated `api-cors-header` config parameter and the Docker daemon's `--api-cors-header` option. [docker/cli#5437](https://github.com/docker/cli/pull/5437) -- Remove deprecated `pkg/directory` package [moby/moby#48779](https://github.com/moby/moby/pull/48779) -- Remove deprecated `pkg/dmsg.Dmesg()` [moby/moby#48109](https://github.com/moby/moby/pull/48109) -- Remove deprecated image/spec package, which was moved to a separate module (`github.com/moby/docker-image-spec`) [moby/moby#48460](https://github.com/moby/moby/pull/48460) -- Remove migration code and errors for the deprecated `logentries` logging driver. [moby/moby#48891](https://github.com/moby/moby/pull/48891) -- Remove support for deprecated external graph-driver plugins. [moby/moby#48072](https://github.com/moby/moby/pull/48072) -- `api/types`: Remove deprecated `container.ContainerNode` and `ContainerJSONBase.Node` field. [moby/moby#48107](https://github.com/moby/moby/pull/48107) -- `api/types`: Remove deprecated aliases: `ImagesPruneReport`, `VolumesPruneReport`, `NetworkCreateRequest`, `NetworkCreate`, `NetworkListOptions`, `NetworkCreateResponse`, `NetworkInspectOptions`, `NetworkConnect`, `NetworkDisconnect`, `EndpointResource`, `NetworkResource`, `NetworksPruneReport`, `ExecConfig`, `ExecStartCheck`, `ContainerExecInspect`, `ContainersPruneReport`, `ContainerPathStat`, `CopyToContainerOptions`, `ContainerStats`, `ImageSearchOptions`, `ImageImportSource`, `ImageLoadResponse`, `ContainerNode`. [moby/moby#48107](https://github.com/moby/moby/pull/48107) -- `libnetwork/iptables`: Remove deprecated `IPV`, `Iptables`, `IP6Tables` and `Passthrough()`. [moby/moby#49121](https://github.com/moby/moby/pull/49121) -- `pkg/archive`: Remove deprecated `CanonicalTarNameForPath`, `NewTempArchive`, `TempArchive` [moby/moby#48708](https://github.com/moby/moby/pull/48708) -- `pkg/fileutils`: Remove deprecated `GetTotalUsedFds` [moby/moby#49210](https://github.com/moby/moby/pull/49210) -- `pkg/ioutils`: Remove `OnEOFReader`, which was only used internally [moby/moby#49170](https://github.com/moby/moby/pull/49170) -- `pkg/longpath`: Remove deprecated `Prefix` constant. [moby/moby#48779](https://github.com/moby/moby/pull/48779) -- `pkg/stringid`: Remove deprecated `IsShortID` and `ValidateID` functions [moby/moby#48705](https://github.com/moby/moby/pull/48705) -- `runconfig/opts`: Remove deprecated `ConvertKVStringsToMap` [moby/moby#48102](https://github.com/moby/moby/pull/48102) -- `runconfig`: Remove deprecated `ContainerConfigWrapper`, `SetDefaultNetModeIfBlank`, `DefaultDaemonNetworkMode`, `IsPreDefinedNetwork` [moby/moby#48102](https://github.com/moby/moby/pull/48102) -- `container`: Remove deprecated `ErrNameReserved`, `ErrNameNotReserved`. [moby/moby#48728](https://github.com/moby/moby/pull/48728) -- Remove `Daemon.ContainerInspectCurrent()` method and change `Daemon.ContainerInspect()` signature to accept a `backend.ContainerInspectOptions` struct [moby/moby#48672](https://github.com/moby/moby/pull/48672) -- Remove deprecated `Daemon.Exists()` and `Daemon.IsPaused()` methods. [moby/moby#48723](https://github.com/moby/moby/pull/48723) - -### Deprecations - -- API: The `BridgeNfIptables` and `BridgeNfIp6tables` fields in the `GET /info` response are now always be `false` and will be omitted in API v1.49. The netfilter module is now loaded on-demand, and no longer during daemon startup, making these fields obsolete. [moby/moby#49114](https://github.com/moby/moby/pull/49114) -- Deprecate `Daemon.Register()`. This function is unused and will be removed in the next release. [moby/moby#48702](https://github.com/moby/moby/pull/48702) -- Deprecate `client.ImageInspectWithRaw` function in favor of the new `client.ImageInspect`. [moby/moby#48264](https://github.com/moby/moby/pull/48264) -- Deprecate `daemon/config.Config.ValidatePlatformConfig()`. This method was used as helper for `config.Validate`, which should be used instead. [moby/moby#48985](https://github.com/moby/moby/pull/48985) -- Deprecate `pkg/reexec`. This package is deprecated and moved to a separate module. Use `github.com/moby/sys/reexec` instead. [moby/moby#49129](https://github.com/moby/moby/pull/49129) -- Deprecate configuration for pushing non-distributable artifacts [docker/cli#5724](https://github.com/docker/cli/pull/5724) -- Deprecate the `--allow-nondistributable-artifacts` daemon flag and corresponding `allow-nondistributable-artifacts` field in `daemon.json`. Setting either option will no longer take an effect, but a deprecation warning log is added. [moby/moby#49065](https://github.com/moby/moby/pull/49065) -- Deprecate the `RegistryConfig.AllowNondistributableArtifactsCIDRs` and `RegistryConfig.AllowNondistributableArtifactsHostnames` fields in the `GET /info` API response. For API version v1.48 and older, the fields are still included in the response, but always `null`. In API version v1.49 and later, the field will be omitted entirely. [moby/moby#49065](https://github.com/moby/moby/pull/49065) -- Go SDK: Deprecate `registry.ServiceOptions.AllowNondistributableArtifacts` field. [moby/moby#49065](https://github.com/moby/moby/pull/49065) -- Go SDK: The `BridgeNfIptables`, `BridgeNfIp6tables` fields in `api/types/system.Info` and `BridgeNFCallIPTablesDisabled`, `BridgeNFCallIP6TablesDisabled` fields in `pkg/sysinfo.SysInfo` are deprecated and will be removed in the next release. [moby/moby#49114](https://github.com/moby/moby/pull/49114) -- Go-SDK: `client`: Deprecate `CommonAPIClient` interface in favor of the `APIClient` interface. The `CommonAPIClient` will be changed to an alias for `APIClient` in the next release, and removed in the release after. [moby/moby#49388](https://github.com/moby/moby/pull/49388) -- Go-SDK: `client`: Deprecate `ErrorConnectionFailed` helper. This function was only used internally, and will be removed in the next release. [moby/moby#49389](https://github.com/moby/moby/pull/49389) -- Go-SDK: `pkg/ioutils`: Deprecate `NewAtomicFileWriter`, `AtomicWriteFile`, `AtomicWriteSet`, `NewAtomicWriteSet` in favor of `pkg/atomicwriter` equivalents. [moby/moby#49171](https://github.com/moby/moby/pull/49171) -- Go-SDK: `pkg/sysinfo`: Deprecate `NumCPU`. This utility has the same behavior as `runtime.NumCPU`. [moby/moby#49241](https://github.com/moby/moby/pull/49241) -- Go-SDK: `pkg/system`: Deprecate `MkdirAll`. This function provided custom handling for Windows GUID volume paths. Handling for such paths is now supported by Go standard library in go1.22 and newer, and this function is now an alias for `os.MkdirAll`, which should be used instead. This alias will be removed in the next release. [moby/moby#49162](https://github.com/moby/moby/pull/49162) -- Go-SDK: Deprecate `pkg/parsers.ParseKeyValueOpt`. [moby/moby#49177](https://github.com/moby/moby/pull/49177) -- Go-SDK: Deprecate `pkg/parsers.ParseUintListMaximum`, `pkg/parsers.ParseUintList`. These utilities were only used internally and will be removed in the next release. [moby/moby#49222](https://github.com/moby/moby/pull/49222) -- Move `GraphDriverData` from `api/types` to `api/types/storage`. The old type is deprecated and will be removed in the next release. [moby/moby#48108](https://github.com/moby/moby/pull/48108) -- Move `RequestPrivilegeFunc` from `api/types` to `api/types/registry`. The old type is deprecated and will be removed in the next release. [moby/moby#48119](https://github.com/moby/moby/pull/48119) -- Move from `api/types` to `api/types/container` - `NetworkSettings`, `NetworkSettingsBase`, `DefaultNetworkSettings`, `SummaryNetworkSettings`, `Health`, `HealthcheckResult`, `NoHealthcheck`, `Starting`, `Healthy`, and `Unhealthy` constants, `MountPoint`, `Port`, `ContainerState`, `Container`, `ContainerJSONBase`, `ContainerJSON`, `ContainerNode`. The old types are deprecated and will be removed in the next release. [moby/moby#48108](https://github.com/moby/moby/pull/48108) -- Move from `api/types` to `api/types/image` - `ImageInspect`, `RootFS`. The old types are deprecated and will be removed in the next release. [moby/moby#48108](https://github.com/moby/moby/pull/48108) -- `ContainerdCommit.Expected`, `RuncCommit.Expected`, and `InitCommit.Expected` fields in the `GET /info` endpoint are deprecated and will be omitted in API v1.49. [moby/moby#48478](https://github.com/moby/moby/pull/48478) -- `api/types/registry`: Deprecate `ServiceConfig.AllowNondistributableArtifactsCIDRs` and `ServiceConfig.AllowNondistributableArtifactsHostnames` fields. These fields will be removed in the next release. [moby/moby#49065](https://github.com/moby/moby/pull/49065) -- `api/types/system/Commit.Expected` field is deprecated and should no longer be used. [moby/moby#48478](https://github.com/moby/moby/pull/48478) -- `daemon/graphdriver`: Deprecate `GetDriver()` [moby/moby#48079](https://github.com/moby/moby/pull/48079) -- `libnetwork/iptables`: Deprecate `Passthrough`. This function was only used internally, and will be removed in the next release. [moby/moby#49115](https://github.com/moby/moby/pull/49115) -- `pkg/directory.Size()` function is deprecated, an will be removed in the next release. [moby/moby#48057](https://github.com/moby/moby/pull/48057) -- `registry`: Deprecate `APIEndpoint.TrimHostName`; hostname is now trimmed unconditionally for remote names. This field will be removed in the next release. [moby/moby#49005](https://github.com/moby/moby/pull/49005) -- `allow-nondistributable-artifacts` field in `daemon.json`. Setting either option will no longer take effect, but a deprecation warning log is added to raise awareness about the deprecation. This warning is planned to become an error in the next release. [moby/moby#49065](https://github.com/moby/moby/pull/49065) - ### Networking - The `docker-proxy` binary has been updated, older versions will not work with the updated `dockerd`. [moby/moby#48132](https://github.com/moby/moby/pull/48132) @@ -260,3 +194,67 @@ For a full list of pull requests and changes in this release, refer to the relev - Remove an `iptables` mangle rule for checksumming SCTP. The rule can be re-enabled by setting `DOCKER_IPTABLES_SCTP_CHECKSUM=1` in the daemon's environment. This override will be removed in a future release. [moby/moby#48149](https://github.com/moby/moby/pull/48149) - Faster connection to bridge networks, in most cases. [moby/moby#49302](https://github.com/moby/moby/pull/49302) +### Removed + +- The Fluent logger option `fluentd-async-connect` has been deprecated in v20.10 and is now removed. [moby/moby#46114](https://github.com/moby/moby/pull/46114) +- The `--time` option on `docker stop` and `docker restart` is deprecated and renamed to `--timeout`. [docker/cli#5485](https://github.com/docker/cli/pull/5485) +- Go-SDK: `pkg/ioutils`: Remove `NewReaderErrWrapper` as it was never used. [moby/moby#49258](https://github.com/moby/moby/pull/49258) +- Go-SDK: `pkg/ioutils`: Remove deprecated `BytesPipe`, `NewBytesPipe`, `ErrClosed`, `WriteCounter`, `NewWriteCounter`, `NewReaderErrWrapper`, `NopFlusher`. [moby/moby#49245](https://github.com/moby/moby/pull/49245) +- Go-SDK: `pkg/ioutils`: Remove deprecated `NopWriter` and `NopWriteCloser`. [moby/moby#49256](https://github.com/moby/moby/pull/49256) +- Go-SDK: `pkg/sysinfo`: Remove deprecated NumCPU. [moby/moby#49242](https://github.com/moby/moby/pull/49242) +- Go-SDK: Remove `pkg/broadcaster`, as it was only used internally [moby/moby#49172](https://github.com/moby/moby/pull/49172) +- Go-SDK: Remove deprecated `cli.Errors` type [docker/cli#5549](https://github.com/docker/cli/pull/5549) +- Remove `pkg/ioutils.ReadCloserWrapper`, as it was only used in tests. [moby/moby#49237](https://github.com/moby/moby/pull/49237) +- Remove deprecated `api-cors-header` config parameter and the `dockerd` `--api-cors-header` option [moby/moby#48209](https://github.com/moby/moby/pull/48209) +- Remove deprecated `APIEndpoint.Version` field, `APIVersion` type, and `APIVersion1` and `APIVersion2` consts. [moby/moby#49004](https://github.com/moby/moby/pull/49004) +- Remove deprecated `api-cors-header` config parameter and the Docker daemon's `--api-cors-header` option. [docker/cli#5437](https://github.com/docker/cli/pull/5437) +- Remove deprecated `pkg/directory` package [moby/moby#48779](https://github.com/moby/moby/pull/48779) +- Remove deprecated `pkg/dmsg.Dmesg()` [moby/moby#48109](https://github.com/moby/moby/pull/48109) +- Remove deprecated image/spec package, which was moved to a separate module (`github.com/moby/docker-image-spec`) [moby/moby#48460](https://github.com/moby/moby/pull/48460) +- Remove migration code and errors for the deprecated `logentries` logging driver. [moby/moby#48891](https://github.com/moby/moby/pull/48891) +- Remove support for deprecated external graph-driver plugins. [moby/moby#48072](https://github.com/moby/moby/pull/48072) +- `api/types`: Remove deprecated `container.ContainerNode` and `ContainerJSONBase.Node` field. [moby/moby#48107](https://github.com/moby/moby/pull/48107) +- `api/types`: Remove deprecated aliases: `ImagesPruneReport`, `VolumesPruneReport`, `NetworkCreateRequest`, `NetworkCreate`, `NetworkListOptions`, `NetworkCreateResponse`, `NetworkInspectOptions`, `NetworkConnect`, `NetworkDisconnect`, `EndpointResource`, `NetworkResource`, `NetworksPruneReport`, `ExecConfig`, `ExecStartCheck`, `ContainerExecInspect`, `ContainersPruneReport`, `ContainerPathStat`, `CopyToContainerOptions`, `ContainerStats`, `ImageSearchOptions`, `ImageImportSource`, `ImageLoadResponse`, `ContainerNode`. [moby/moby#48107](https://github.com/moby/moby/pull/48107) +- `libnetwork/iptables`: Remove deprecated `IPV`, `Iptables`, `IP6Tables` and `Passthrough()`. [moby/moby#49121](https://github.com/moby/moby/pull/49121) +- `pkg/archive`: Remove deprecated `CanonicalTarNameForPath`, `NewTempArchive`, `TempArchive` [moby/moby#48708](https://github.com/moby/moby/pull/48708) +- `pkg/fileutils`: Remove deprecated `GetTotalUsedFds` [moby/moby#49210](https://github.com/moby/moby/pull/49210) +- `pkg/ioutils`: Remove `OnEOFReader`, which was only used internally [moby/moby#49170](https://github.com/moby/moby/pull/49170) +- `pkg/longpath`: Remove deprecated `Prefix` constant. [moby/moby#48779](https://github.com/moby/moby/pull/48779) +- `pkg/stringid`: Remove deprecated `IsShortID` and `ValidateID` functions [moby/moby#48705](https://github.com/moby/moby/pull/48705) +- `runconfig/opts`: Remove deprecated `ConvertKVStringsToMap` [moby/moby#48102](https://github.com/moby/moby/pull/48102) +- `runconfig`: Remove deprecated `ContainerConfigWrapper`, `SetDefaultNetModeIfBlank`, `DefaultDaemonNetworkMode`, `IsPreDefinedNetwork` [moby/moby#48102](https://github.com/moby/moby/pull/48102) +- `container`: Remove deprecated `ErrNameReserved`, `ErrNameNotReserved`. [moby/moby#48728](https://github.com/moby/moby/pull/48728) +- Remove `Daemon.ContainerInspectCurrent()` method and change `Daemon.ContainerInspect()` signature to accept a `backend.ContainerInspectOptions` struct [moby/moby#48672](https://github.com/moby/moby/pull/48672) +- Remove deprecated `Daemon.Exists()` and `Daemon.IsPaused()` methods. [moby/moby#48723](https://github.com/moby/moby/pull/48723) + +### Deprecations + +- API: The `BridgeNfIptables` and `BridgeNfIp6tables` fields in the `GET /info` response are now always be `false` and will be omitted in API v1.49. The netfilter module is now loaded on-demand, and no longer during daemon startup, making these fields obsolete. [moby/moby#49114](https://github.com/moby/moby/pull/49114) +- Deprecate `Daemon.Register()`. This function is unused and will be removed in the next release. [moby/moby#48702](https://github.com/moby/moby/pull/48702) +- Deprecate `client.ImageInspectWithRaw` function in favor of the new `client.ImageInspect`. [moby/moby#48264](https://github.com/moby/moby/pull/48264) +- Deprecate `daemon/config.Config.ValidatePlatformConfig()`. This method was used as helper for `config.Validate`, which should be used instead. [moby/moby#48985](https://github.com/moby/moby/pull/48985) +- Deprecate `pkg/reexec`. This package is deprecated and moved to a separate module. Use `github.com/moby/sys/reexec` instead. [moby/moby#49129](https://github.com/moby/moby/pull/49129) +- Deprecate configuration for pushing non-distributable artifacts [docker/cli#5724](https://github.com/docker/cli/pull/5724) +- Deprecate the `--allow-nondistributable-artifacts` daemon flag and corresponding `allow-nondistributable-artifacts` field in `daemon.json`. Setting either option will no longer take an effect, but a deprecation warning log is added. [moby/moby#49065](https://github.com/moby/moby/pull/49065) +- Deprecate the `RegistryConfig.AllowNondistributableArtifactsCIDRs` and `RegistryConfig.AllowNondistributableArtifactsHostnames` fields in the `GET /info` API response. For API version v1.48 and older, the fields are still included in the response, but always `null`. In API version v1.49 and later, the field will be omitted entirely. [moby/moby#49065](https://github.com/moby/moby/pull/49065) +- Go SDK: Deprecate `registry.ServiceOptions.AllowNondistributableArtifacts` field. [moby/moby#49065](https://github.com/moby/moby/pull/49065) +- Go SDK: The `BridgeNfIptables`, `BridgeNfIp6tables` fields in `api/types/system.Info` and `BridgeNFCallIPTablesDisabled`, `BridgeNFCallIP6TablesDisabled` fields in `pkg/sysinfo.SysInfo` are deprecated and will be removed in the next release. [moby/moby#49114](https://github.com/moby/moby/pull/49114) +- Go-SDK: `client`: Deprecate `CommonAPIClient` interface in favor of the `APIClient` interface. The `CommonAPIClient` will be changed to an alias for `APIClient` in the next release, and removed in the release after. [moby/moby#49388](https://github.com/moby/moby/pull/49388) +- Go-SDK: `client`: Deprecate `ErrorConnectionFailed` helper. This function was only used internally, and will be removed in the next release. [moby/moby#49389](https://github.com/moby/moby/pull/49389) +- Go-SDK: `pkg/ioutils`: Deprecate `NewAtomicFileWriter`, `AtomicWriteFile`, `AtomicWriteSet`, `NewAtomicWriteSet` in favor of `pkg/atomicwriter` equivalents. [moby/moby#49171](https://github.com/moby/moby/pull/49171) +- Go-SDK: `pkg/sysinfo`: Deprecate `NumCPU`. This utility has the same behavior as `runtime.NumCPU`. [moby/moby#49241](https://github.com/moby/moby/pull/49241) +- Go-SDK: `pkg/system`: Deprecate `MkdirAll`. This function provided custom handling for Windows GUID volume paths. Handling for such paths is now supported by Go standard library in go1.22 and newer, and this function is now an alias for `os.MkdirAll`, which should be used instead. This alias will be removed in the next release. [moby/moby#49162](https://github.com/moby/moby/pull/49162) +- Go-SDK: Deprecate `pkg/parsers.ParseKeyValueOpt`. [moby/moby#49177](https://github.com/moby/moby/pull/49177) +- Go-SDK: Deprecate `pkg/parsers.ParseUintListMaximum`, `pkg/parsers.ParseUintList`. These utilities were only used internally and will be removed in the next release. [moby/moby#49222](https://github.com/moby/moby/pull/49222) +- Move `GraphDriverData` from `api/types` to `api/types/storage`. The old type is deprecated and will be removed in the next release. [moby/moby#48108](https://github.com/moby/moby/pull/48108) +- Move `RequestPrivilegeFunc` from `api/types` to `api/types/registry`. The old type is deprecated and will be removed in the next release. [moby/moby#48119](https://github.com/moby/moby/pull/48119) +- Move from `api/types` to `api/types/container` - `NetworkSettings`, `NetworkSettingsBase`, `DefaultNetworkSettings`, `SummaryNetworkSettings`, `Health`, `HealthcheckResult`, `NoHealthcheck`, `Starting`, `Healthy`, and `Unhealthy` constants, `MountPoint`, `Port`, `ContainerState`, `Container`, `ContainerJSONBase`, `ContainerJSON`, `ContainerNode`. The old types are deprecated and will be removed in the next release. [moby/moby#48108](https://github.com/moby/moby/pull/48108) +- Move from `api/types` to `api/types/image` - `ImageInspect`, `RootFS`. The old types are deprecated and will be removed in the next release. [moby/moby#48108](https://github.com/moby/moby/pull/48108) +- `ContainerdCommit.Expected`, `RuncCommit.Expected`, and `InitCommit.Expected` fields in the `GET /info` endpoint are deprecated and will be omitted in API v1.49. [moby/moby#48478](https://github.com/moby/moby/pull/48478) +- `api/types/registry`: Deprecate `ServiceConfig.AllowNondistributableArtifactsCIDRs` and `ServiceConfig.AllowNondistributableArtifactsHostnames` fields. These fields will be removed in the next release. [moby/moby#49065](https://github.com/moby/moby/pull/49065) +- `api/types/system/Commit.Expected` field is deprecated and should no longer be used. [moby/moby#48478](https://github.com/moby/moby/pull/48478) +- `daemon/graphdriver`: Deprecate `GetDriver()` [moby/moby#48079](https://github.com/moby/moby/pull/48079) +- `libnetwork/iptables`: Deprecate `Passthrough`. This function was only used internally, and will be removed in the next release. [moby/moby#49115](https://github.com/moby/moby/pull/49115) +- `pkg/directory.Size()` function is deprecated, an will be removed in the next release. [moby/moby#48057](https://github.com/moby/moby/pull/48057) +- `registry`: Deprecate `APIEndpoint.TrimHostName`; hostname is now trimmed unconditionally for remote names. This field will be removed in the next release. [moby/moby#49005](https://github.com/moby/moby/pull/49005) +- `allow-nondistributable-artifacts` field in `daemon.json`. Setting either option will no longer take effect, but a deprecation warning log is added to raise awareness about the deprecation. This warning is planned to become an error in the next release. [moby/moby#49065](https://github.com/moby/moby/pull/49065) From c8cc2fffad02a678fefe98f83290669760aba53a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Thu, 13 Feb 2025 12:23:04 +0100 Subject: [PATCH 7/9] image-subpath MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paweł Gronowski --- content/manuals/engine/release-notes/28.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/manuals/engine/release-notes/28.md b/content/manuals/engine/release-notes/28.md index 498f42214a4..3bfd64bf8e5 100644 --- a/content/manuals/engine/release-notes/28.md +++ b/content/manuals/engine/release-notes/28.md @@ -37,6 +37,7 @@ For a full list of pull requests and changes in this release, refer to the relev - Windows: Add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. [moby/moby#47955](https://github.com/moby/moby/pull/47955) - Add ability to mount an image inside a container via `--mount type=image`. [moby/moby#48798](https://github.com/moby/moby/pull/48798) + * You can also specify `--mount type=image,image-subpath=[subpath],...` option to mount a specific path from the image. [docker/cli#5755](https://github.com/docker/cli/pull/5755) - `docker load`, `docker save`, and `docker history` now support a `--platform` flag allowing you to choose a specific platform for single-platform operations on multi-platform images. [docker/cli#5331](https://github.com/docker/cli/pull/5331) - Add `OOMScoreAdj` to `docker service create` and `docker stack`. [docker/cli#5145](https://github.com/docker/cli/pull/5145) - `docker buildx prune` now supports `reserved-space`, `max-used-space` and `min-free-space`, `keep-bytes` filters. [moby/moby#48720](https://github.com/moby/moby/pull/48720) From 8e43ed6e4c5cac7cc6da7bb2e30a325c3c3b2a79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Tue, 18 Feb 2025 12:34:08 +0100 Subject: [PATCH 8/9] update to rc2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit cli: 88a019a9bb16d0b5a4b6e8fc77fb2f67a30c8e4a moby: 89291c57f27eb475f1de367cffc3bd636fbacb7a Signed-off-by: Paweł Gronowski --- content/manuals/engine/release-notes/28.md | 39 +++++++++++++++------- 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/content/manuals/engine/release-notes/28.md b/content/manuals/engine/release-notes/28.md index 3bfd64bf8e5..92ff1304621 100644 --- a/content/manuals/engine/release-notes/28.md +++ b/content/manuals/engine/release-notes/28.md @@ -24,7 +24,7 @@ For more information about: ## 28.0.0 -{{< release-date date="202X-xx-xx" >}} +{{< release-date date="2025-02-19" >}} For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones: @@ -35,19 +35,20 @@ For a full list of pull requests and changes in this release, refer to the relev ### New -- Windows: Add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. [moby/moby#47955](https://github.com/moby/moby/pull/47955) - Add ability to mount an image inside a container via `--mount type=image`. [moby/moby#48798](https://github.com/moby/moby/pull/48798) * You can also specify `--mount type=image,image-subpath=[subpath],...` option to mount a specific path from the image. [docker/cli#5755](https://github.com/docker/cli/pull/5755) +- `docker images --tree` now shows metadata badges [docker/cli#5744](https://github.com/docker/cli/pull/5744) - `docker load`, `docker save`, and `docker history` now support a `--platform` flag allowing you to choose a specific platform for single-platform operations on multi-platform images. [docker/cli#5331](https://github.com/docker/cli/pull/5331) - Add `OOMScoreAdj` to `docker service create` and `docker stack`. [docker/cli#5145](https://github.com/docker/cli/pull/5145) -- `docker buildx prune` now supports `reserved-space`, `max-used-space` and `min-free-space`, `keep-bytes` filters. [moby/moby#48720](https://github.com/moby/moby/pull/48720) -- `docker images --tree` now shows metadata badges [docker/cli#5744](https://github.com/docker/cli/pull/5744) +- `docker buildx prune` now supports `reserved-space`, `max-used-space`, `min-free-space` and `keep-bytes` filters. [moby/moby#48720](https://github.com/moby/moby/pull/48720) +- Windows: Add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. [moby/moby#47955](https://github.com/moby/moby/pull/47955) ### Bug fixes and enhancements - Add IPv6 loopback address as an insecure registry by default. [moby/moby#48540](https://github.com/moby/moby/pull/48540) - Add support for Cobra-generated completion scripts for `dockerd`. [moby/moby#49339](https://github.com/moby/moby/pull/49339) - Fix DNS queries failing when containers are launched via `systemd` auto-start on boot [moby/moby#48812](https://github.com/moby/moby/pull/48812) +- Fix Docker Swarm mode ignoring `volume.subpath` [docker/cli#5833](https://github.com/docker/cli/pull/5833) - Fix `docker export` continuing the export after the operation is canceled. [moby/moby#49265](https://github.com/moby/moby/pull/49265) - Fix `docker export` not releasing the container's writable layer after a failure. [moby/moby#48517](https://github.com/moby/moby/pull/48517) - Fix `docker images --tree` unnecessary truncating long image names when multiple names are available [docker/cli#5757](https://github.com/docker/cli/pull/5757) @@ -76,7 +77,7 @@ For a full list of pull requests and changes in this release, refer to the relev ### Packaging updates - Update Go runtime to [1.23.6](https://go.dev/doc/devel/release#go1.23.6). [docker/cli#5795](https://github.com/docker/cli/pull/5795), [moby/moby#49393](https://github.com/moby/moby/pull/49393), [docker/docker-ce-packaging#1161](https://github.com/docker/docker-ce-packaging/pull/1161) -- Update `runc` to [v1.2.4](https://github.com/opencontainers/runc/releases/tag/v1.2.4) [moby/moby#49238](https://github.com/moby/moby/pull/49238) +- Update `runc` to [v1.2.5](https://github.com/opencontainers/runc/releases/tag/v1.2.5) (static binaries only). [moby/moby#49464](https://github.com/moby/moby/pull/49464) - Update containerd to [v1.7.25](https://github.com/containerd/containerd/releases/tag/v1.7.25). [moby/moby#49252](https://github.com/moby/moby/pull/49252) - Update BuildKit to [v0.19.0](https://github.com/moby/buildkit/releases/tag/v0.19.0). [moby/moby#49315](https://github.com/moby/moby/pull/49315) - Update Compose to [v2.32.4](https://github.com/docker/compose/releases/tag/v2.32.3). [docker/docker-ce-packaging#1143](https://github.com/docker/docker-ce-packaging/pull/1143) @@ -91,8 +92,12 @@ For a full list of pull requests and changes in this release, refer to the relev - `client`: Add `WithTraceOptions` allowing to specify custom OTe1 trace options. [moby/moby#49415](https://github.com/moby/moby/pull/49415) - `client`: Add `HijackDialer` interface. [moby/moby#49388](https://github.com/moby/moby/pull/49388) - `client`: Add `SwarmManagementAPIClient` interface to describe all API client methods related to Swarm-specific objects. [moby/moby#49388](https://github.com/moby/moby/pull/49388) +- `client`: Add `WithTraceOptions` allowing to specify custom OTel trace options. [moby/moby#49415](https://github.com/moby/moby/pull/49415) +- `client`: `ImageHistory`, `ImageLoad` and `ImageSave` now use variadic functional options [moby/moby#49466](https://github.com/moby/moby/pull/49466) - `pkg/containerfs`: Move to internal [moby/moby#48097](https://github.com/moby/moby/pull/48097) - `pkg/reexec`: Can now be used on platforms other than Linux, Windows, macOS and FreeBSD [moby/moby#49118](https://github.com/moby/moby/pull/49118) +- `api/types/container`: introduce `CommitResponse` type. This is currently an alias for `IDResponse`, but may become a distinct type in a future release. [moby/moby#49444](https://github.com/moby/moby/pull/49444) +- `api/types/container`: introduce `ExecCreateResponse` type. This is currently an alias for `IDResponse`, but may become a distinct type in a future release. [moby/moby#49444](https://github.com/moby/moby/pull/49444) ### API @@ -120,6 +125,8 @@ For a full list of pull requests and changes in this release, refer to the relev - `GET /containers/json` now returns a `GwPriority` field in `NetworkSettings` for each network endpoint. The `GwPriority` field is used by the CLI’s new `gw-priority` option for `docker run` and `docker network connect`. [moby/moby#48746](https://github.com/moby/moby/pull/48746) - Settings for `eth0` in `--sysctl` options are no longer automatically migrated to the network endpoint. [moby/moby#48746](https://github.com/moby/moby/pull/48746) - For example, in the Docker CLI, `docker run --network mynet --sysctl net.ipv4.conf.eth0.log_martians=1 ...` is rejected. Instead, you must use `docker run --network name=mynet,driver-opt=com.docker.network.endpoint.sysctls=net.ipv4.conf.IFNAME.log_martians=1 ...` +- `GET /containers/json` now returns an `ImageManifestDescriptor` field matching the same field in `/containers/{name}/json`. This field is only populated if the daemon provides a multi-platform image store. [moby/moby#49407](https://github.com/moby/moby/pull/49407) + ### Networking @@ -143,11 +150,11 @@ For a full list of pull requests and changes in this release, refer to the relev #### Port publishing in bridge networks - `dockerd` now requires `ipset` support in the Linux kernel. [moby/moby#48596](https://github.com/moby/moby/pull/48596) - - The `iptables` and `ip6tables` rules used to implement port publishing and network isolation have been extensively modified. This enables some of the following functional changes, and is a first step in refactoring to enable native `nftables` support in a future release. [moby/moby#48815](https://github.com/moby/moby/issues/48815) - - If it becomes necessary to downgrade to an earlier version of the daemon, some manual cleanup of the new rules will be necessary. The simplest and surest approach is to reboot the host, or use `iptables -F` and `ip6tables -F` to flush all existing `iptables` rules from the `filter` table before starting the older version of the daemon. When that is not possible, run the following commands as root: - - `iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT` - - `iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -j DOCKER; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -j DOCKER` - - If you were previously running with the iptables filter-FORWARD policy set to `ACCEPT` and need to restore access to unpublished ports, also delete per-bridge-network rules from the `DOCKER` chains. For example, `iptables -D DOCKER ! -i docker0 -o docker0 -j DROP`. + - The `iptables` and `ip6tables` rules used to implement port publishing and network isolation have been extensively modified. This enables some of the following functional changes, and is a first step in refactoring to enable native `nftables` support in a future release. [moby/moby#48815](https://github.com/moby/moby/issues/48815) + - If it becomes necessary to downgrade to an earlier version of the daemon, some manual cleanup of the new rules will be necessary. The simplest and surest approach is to reboot the host, or use `iptables -F` and `ip6tables -F` to flush all existing `iptables` rules from the `filter` table before starting the older version of the daemon. When that is not possible, run the following commands as root: + - `iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT` + - `iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -j DOCKER; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -j DOCKER` + - If you were previously running with the iptables filter-FORWARD policy set to `ACCEPT` and need to restore access to unpublished ports, also delete per-bridge-network rules from the `DOCKER` chains. For example, `iptables -D DOCKER ! -i docker0 -o docker0 -j DROP`. - Fix a security issue that was allowing remote hosts to connect directly to a container on its published ports. [moby/moby#49325](https://github.com/moby/moby/pull/49325) - Fix a security issue that was allowing neighbor hosts to connect to ports mapped on a loopback address. [moby/moby#49325](https://github.com/moby/moby/pull/49325) - Fix an issue that prevented port publishing to link-local addresses. [moby/moby#48570](https://github.com/moby/moby/pull/48570) @@ -231,6 +238,10 @@ For a full list of pull requests and changes in this release, refer to the relev ### Deprecations - API: The `BridgeNfIptables` and `BridgeNfIp6tables` fields in the `GET /info` response are now always be `false` and will be omitted in API v1.49. The netfilter module is now loaded on-demand, and no longer during daemon startup, making these fields obsolete. [moby/moby#49114](https://github.com/moby/moby/pull/49114) +- API: The `error` and `progress` fields in streaming responses for endpoints that return a JSON progress response, such as `POST /images/create`, `POST /images/{name}/push`, and `POST /build` are deprecated. [moby/moby#49447](https://github.com/moby/moby/pull/49447) + - Users should use the information in the `errorDetail` and `progressDetail` fields instead. + - These fields were marked deprecated in API v1.4 (docker v0.6.0) and API v1.8 (docker v0.7.1) respectively, but still returned. + - These fields will be left empty or will be omitted in a future API version. - Deprecate `Daemon.Register()`. This function is unused and will be removed in the next release. [moby/moby#48702](https://github.com/moby/moby/pull/48702) - Deprecate `client.ImageInspectWithRaw` function in favor of the new `client.ImageInspect`. [moby/moby#48264](https://github.com/moby/moby/pull/48264) - Deprecate `daemon/config.Config.ValidatePlatformConfig()`. This method was used as helper for `config.Validate`, which should be used instead. [moby/moby#48985](https://github.com/moby/moby/pull/48985) @@ -238,8 +249,8 @@ For a full list of pull requests and changes in this release, refer to the relev - Deprecate configuration for pushing non-distributable artifacts [docker/cli#5724](https://github.com/docker/cli/pull/5724) - Deprecate the `--allow-nondistributable-artifacts` daemon flag and corresponding `allow-nondistributable-artifacts` field in `daemon.json`. Setting either option will no longer take an effect, but a deprecation warning log is added. [moby/moby#49065](https://github.com/moby/moby/pull/49065) - Deprecate the `RegistryConfig.AllowNondistributableArtifactsCIDRs` and `RegistryConfig.AllowNondistributableArtifactsHostnames` fields in the `GET /info` API response. For API version v1.48 and older, the fields are still included in the response, but always `null`. In API version v1.49 and later, the field will be omitted entirely. [moby/moby#49065](https://github.com/moby/moby/pull/49065) -- Go SDK: Deprecate `registry.ServiceOptions.AllowNondistributableArtifacts` field. [moby/moby#49065](https://github.com/moby/moby/pull/49065) -- Go SDK: The `BridgeNfIptables`, `BridgeNfIp6tables` fields in `api/types/system.Info` and `BridgeNFCallIPTablesDisabled`, `BridgeNFCallIP6TablesDisabled` fields in `pkg/sysinfo.SysInfo` are deprecated and will be removed in the next release. [moby/moby#49114](https://github.com/moby/moby/pull/49114) +- Go-SDK: Deprecate `registry.ServiceOptions.AllowNondistributableArtifacts` field. [moby/moby#49065](https://github.com/moby/moby/pull/49065) +- Go-SDK: The `BridgeNfIptables`, `BridgeNfIp6tables` fields in `api/types/system.Info` and `BridgeNFCallIPTablesDisabled`, `BridgeNFCallIP6TablesDisabled` fields in `pkg/sysinfo.SysInfo` are deprecated and will be removed in the next release. [moby/moby#49114](https://github.com/moby/moby/pull/49114) - Go-SDK: `client`: Deprecate `CommonAPIClient` interface in favor of the `APIClient` interface. The `CommonAPIClient` will be changed to an alias for `APIClient` in the next release, and removed in the release after. [moby/moby#49388](https://github.com/moby/moby/pull/49388) - Go-SDK: `client`: Deprecate `ErrorConnectionFailed` helper. This function was only used internally, and will be removed in the next release. [moby/moby#49389](https://github.com/moby/moby/pull/49389) - Go-SDK: `pkg/ioutils`: Deprecate `NewAtomicFileWriter`, `AtomicWriteFile`, `AtomicWriteSet`, `NewAtomicWriteSet` in favor of `pkg/atomicwriter` equivalents. [moby/moby#49171](https://github.com/moby/moby/pull/49171) @@ -247,6 +258,10 @@ For a full list of pull requests and changes in this release, refer to the relev - Go-SDK: `pkg/system`: Deprecate `MkdirAll`. This function provided custom handling for Windows GUID volume paths. Handling for such paths is now supported by Go standard library in go1.22 and newer, and this function is now an alias for `os.MkdirAll`, which should be used instead. This alias will be removed in the next release. [moby/moby#49162](https://github.com/moby/moby/pull/49162) - Go-SDK: Deprecate `pkg/parsers.ParseKeyValueOpt`. [moby/moby#49177](https://github.com/moby/moby/pull/49177) - Go-SDK: Deprecate `pkg/parsers.ParseUintListMaximum`, `pkg/parsers.ParseUintList`. These utilities were only used internally and will be removed in the next release. [moby/moby#49222](https://github.com/moby/moby/pull/49222) +- Go-SDK: Deprecate `api/type.IDResponse` in favor of `container.CommitResponse` and `container.ExecCreateResponse`, which are currently an alias, but may become distinct types in a future release. This type will be removed in the next release. [moby/moby#49446](https://github.com/moby/moby/pull/49446) +- Go-SDK: Deprecate `api/types/container.ContainerUpdateOKBody` in favor of `UpdateResponse`. This type will be removed in the next release. [moby/moby#49442](https://github.com/moby/moby/pull/49442) +- Go-SDK: Deprecate `api/types/container.ContainerTopOKBody` in favor of `TopResponse`. This type will be removed in the next release. [moby/moby#49442](https://github.com/moby/moby/pull/49442) +- Go-SDK: `pkg/jsonmessage`: Fix deprecation of `ProgressMessage`, `ErrorMessage`, which were deprecated in Docker v0.6.0 and v0.7.1 respectively. [moby/moby#49447](https://github.com/moby/moby/pull/49447) - Move `GraphDriverData` from `api/types` to `api/types/storage`. The old type is deprecated and will be removed in the next release. [moby/moby#48108](https://github.com/moby/moby/pull/48108) - Move `RequestPrivilegeFunc` from `api/types` to `api/types/registry`. The old type is deprecated and will be removed in the next release. [moby/moby#48119](https://github.com/moby/moby/pull/48119) - Move from `api/types` to `api/types/container` - `NetworkSettings`, `NetworkSettingsBase`, `DefaultNetworkSettings`, `SummaryNetworkSettings`, `Health`, `HealthcheckResult`, `NoHealthcheck`, `Starting`, `Healthy`, and `Unhealthy` constants, `MountPoint`, `Port`, `ContainerState`, `Container`, `ContainerJSONBase`, `ContainerJSON`, `ContainerNode`. The old types are deprecated and will be removed in the next release. [moby/moby#48108](https://github.com/moby/moby/pull/48108) From 5d012ec765c4aeccb944bd9477b19fde701fe15a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Wed, 19 Feb 2025 21:21:41 +0100 Subject: [PATCH 9/9] last fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paweł Gronowski --- content/manuals/engine/release-notes/28.md | 151 +++++++++++---------- 1 file changed, 76 insertions(+), 75 deletions(-) diff --git a/content/manuals/engine/release-notes/28.md b/content/manuals/engine/release-notes/28.md index 92ff1304621..57f44ba1563 100644 --- a/content/manuals/engine/release-notes/28.md +++ b/content/manuals/engine/release-notes/28.md @@ -43,6 +43,68 @@ For a full list of pull requests and changes in this release, refer to the relev - `docker buildx prune` now supports `reserved-space`, `max-used-space`, `min-free-space` and `keep-bytes` filters. [moby/moby#48720](https://github.com/moby/moby/pull/48720) - Windows: Add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. [moby/moby#47955](https://github.com/moby/moby/pull/47955) + +### Networking + +- The `docker-proxy` binary has been updated, older versions will not work with the updated `dockerd`. [moby/moby#48132](https://github.com/moby/moby/pull/48132) + - Close a window in which the userland proxy (`docker-proxy`) could accept TCP connections, that would then fail after `iptables` NAT rules were set up. + - The executable `rootlesskit-docker-proxy` is no longer used, it has been removed from the build and distribution. +- DNS nameservers read from the host's `/etc/resolv.conf` are now always accessed from the host's network namespace. [moby/moby#48290](https://github.com/moby/moby/pull/48290) + - When the host's `/etc/resolv.conf` contains no nameservers and there are no `--dns` overrides, Google's DNS servers are no longer used, apart from by the default bridge network and in build containers. +- Container interfaces in bridge and macvlan networks now use randomly generated MAC addresses. [moby/moby#48808](https://github.com/moby/moby/pull/48808) + - Gratuitous ARP / Neighbour Advertisement messages will be sent when the interfaces are started so that, when IP addresses are reused, they're associated with the newly generated MAC address. + - IPv6 addresses in the default bridge network are now IPAM-assigned, rather than being derived from the MAC address. +- The deprecated OCI `prestart` hook is now only used by build containers. For other containers, network interfaces are added to the network namespace after task creation is complete, before the container task is started. [moby/moby#47406](https://github.com/moby/moby/pull/47406) +- Add a new `gw-priority` option to `docker run`, `docker container create`, and `docker network connect`. This option will be used by the Engine to determine which network provides the default gateway for a container. On `docker run`, this option is only available through the extended `--network` syntax. [docker/cli#5664](https://github.com/docker/cli/pull/5664) +- Add a new netlabel `com.docker.network.endpoint.ifname` to customize the interface name used when connecting a container to a network. It's supported by all built-in network drivers on Linux. [moby/moby#49155](https://github.com/moby/moby/pull/49155) + - When a container is created with multiple networks specified, there's no guarantee on the order networks will be connected to the container. So, if a custom interface name uses the same prefix as the auto-generated names, for example `eth`, the container might fail to start. + - The recommended practice is to use a different prefix, for example `en0`, or a numerical suffix high enough to never collide, for example `eth100`. + - This label can be specified on `docker network connect` via the `--driver-opt` flag, for example `docker network connect --driver-opt=com.docker.network.endpoint.ifname=foobar …`. + - Or via the long-form `--network` flag on `docker run`, for example `docker run --network=name=bridge,driver-opt=com.docker.network.endpoint.ifname=foobar …` +- If a custom network driver reports capability `GwAllocChecker` then, before a network is created, it will get a `GwAllocCheckerRequest` with the network's options. The custom driver may then reply that no gateway IP address should be allocated. [moby/moby#49372](https://github.com/moby/moby/pull/49372) + +#### Port publishing in bridge networks + +- `dockerd` now requires `ipset` support in the Linux kernel. [moby/moby#48596](https://github.com/moby/moby/pull/48596) + - The `iptables` and `ip6tables` rules used to implement port publishing and network isolation have been extensively modified. This enables some of the following functional changes, and is a first step in refactoring to enable native `nftables` support in a future release. [moby/moby#48815](https://github.com/moby/moby/issues/48815) + - If it becomes necessary to downgrade to an earlier version of the daemon, some manual cleanup of the new rules will be necessary. The simplest and surest approach is to reboot the host, or use `iptables -F` and `ip6tables -F` to flush all existing `iptables` rules from the `filter` table before starting the older version of the daemon. When that is not possible, run the following commands as root: + - `iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT` + - `iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -j DOCKER; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -j DOCKER` + - If you were previously running with the iptables filter-FORWARD policy set to `ACCEPT` and need to restore access to unpublished ports, also delete per-bridge-network rules from the `DOCKER` chains. For example, `iptables -D DOCKER ! -i docker0 -o docker0 -j DROP`. +- Fix a security issue that was allowing remote hosts to connect directly to a container on its published ports. [moby/moby#49325](https://github.com/moby/moby/pull/49325) +- Fix a security issue that was allowing neighbor hosts to connect to ports mapped on a loopback address. [moby/moby#49325](https://github.com/moby/moby/pull/49325) +- Fix an issue that prevented port publishing to link-local addresses. [moby/moby#48570](https://github.com/moby/moby/pull/48570) +- UDP ports published by a container are now reliably accessible by containers on other networks, via the host's public IP address. [moby/moby#48571](https://github.com/moby/moby/pull/48571) +- Docker will now only set the `ip6tables` policy for the `FORWARD` chain in the `filter` table to `DROP` if it enables IP forwarding on the host itself (sysctls `net.ipv6.conf.all.forwarding` and `net.ipv6.conf.default.forwarding`). This is now aligned with existing IPv4 behaviour. [moby/moby#48594](https://github.com/moby/moby/pull/48594) + - If IPv6 forwarding is enabled on your host, but you were depending on Docker to set the ip6tables filter-FORWARD policy to `DROP`, you may need to update your host's configuration to make sure it is secure. +- Direct routed access to container ports that are not exposed using `p`/`-publish` is now blocked in the `DOCKER` iptables chain. [moby/moby#48724](https://github.com/moby/moby/pull/48724) + - If the default iptables filter-FORWARD policy was previously left at `ACCEPT` on your host, and direct routed access to a container's unpublished ports from a remote host is still required, options are: + - Publish the ports you need. + - Use the new `gateway_mode_ipv[46]=nat-unprotected`, described below. + - Container ports published to host addresses will continue to be accessible via those host addresses, using NAT or the userland proxy. + - Unpublished container ports continue to be directly accessible from the Docker host via the container's IP address. +- Networks created with `gateway_mode_ipv[46]=routed` are now accessible from other bridge networks running on the same Docker host, as well as from outside the host. [moby/moby#48596](https://github.com/moby/moby/pull/48596) +- Bridge driver options `com.docker.network.bridge.gateway_mode_ipv4` and `com.docker.network.bridge.gateway_mode_ipv6` now accept mode `nat-unprotected`. [moby/moby#48597](https://github.com/moby/moby/pull/48597) + - `nat-unprotected` is similar to the default `nat` mode, but no per port/protocol rules are set up. This means any port on a container can be accessed by direct-routing from a remote host. +- Bridge driver options `com.docker.network.bridge.gateway_mode_ipv4` and `com.docker.network.bridge.gateway_mode_ipv6` now accept mode `isolated`, when the network is also `internal`. [moby/moby#49262](https://github.com/moby/moby/pull/49262) + - An address is normally assigned to the bridge device in an `internal` network. So, processes on the Docker host can access the network, and containers in the network can access host services listening on that bridge address (including services listening on "any" host address, `0.0.0.0` or `::`). + - An `internal` bridge network created with gateway mode `isolated` does not have an address on the Docker host. +- When a port mapping includes a host IP address or port number that cannot be used because NAT from the host is disabled using `--gateway_mode_ipv[46]`, container creation will no longer fail. The unused fields may be needed if the gateway endpoint changes when networks are connected or disconnected. A message about the unused fields will be logged. [moby/moby#48575](https://github.com/moby/moby/pull/48575) +- Do not create iptables nat-POSTROUTING masquerade rules for a container's own published ports, when the userland proxy is enabled. [moby/moby#48854](https://github.com/moby/moby/pull/48854) + +#### IPv6 + +- Add `docker network create` option `--ipv4`. To disable IPv4 address assignment for a network, use `docker network create --ipv4=false [...]`. [docker/cli#5599](https://github.com/docker/cli/pull/5599) +- Daemon option `--ipv6` (`"ipv6": true` in `daemon.json`) can now be used without `fixed-cidr-v6`. [moby/moby#48319](https://github.com/moby/moby/pull/48319) +- IPAM now handles subnets bigger than "/64". [moby/moby#49223](https://github.com/moby/moby/pull/49223) +- Duplicate address detection (DAD) is now disabled for addresses assigned to the bridges belonging to bridge networks. [moby/moby#48609](https://github.com/moby/moby/pull/48609) +- Modifications to `host-gateway`, for compatibility with IPv6-only networks. [moby/moby#48807](https://github.com/moby/moby/pull/48807) + - When special value `host-gateway` is used in an `--add-host` option in place of an address, it's replaced by an address on the Docker host to make it possible to refer to the host by name. The address used belongs to the default bridge (normally `docker0`). Until now it's always been an IPv4 address, because all containers on bridge networks had IPv4 addresses. + - Now, if IPv6 is enabled on the default bridge network, `/etc/hosts` entries will be created for IPv4 and IPv6 addresses. So, a container that's only connected to IPv6-only networks can access the host by name. + - The `--host-gateway-ip` option overrides the address used to replace `host-gateway`. Two of these options are now allowed on the command line, for one IPv4 gateway and one IPv6. + - In the `daemon.json` file, to provide two addresses, use `"host-gateway-ips"`. For example, `"host-gateway-ips": ["192.0.2.1", "2001:db8::1111"]`. + + ### Bug fixes and enhancements - Add IPv6 loopback address as an insecure registry by default. [moby/moby#48540](https://github.com/moby/moby/pull/48540) @@ -73,13 +135,26 @@ For a full list of pull requests and changes in this release, refer to the relev - containerd image store: Add support for `Extracting` layer status in `docker pull`. [moby/moby#49064](https://github.com/moby/moby/pull/49064) - containerd image store: Fix `commit`, `import`, and `build` not preserving a replaced image as a dangling image. [moby/moby#48316](https://github.com/moby/moby/pull/48316) - containerd image store: Make `docker load --platform` return an error when the requested platform isn't loaded. [moby/moby#48718](https://github.com/moby/moby/pull/48718) +- Fix validation of `--link` option. [docker/cli#5739](https://github.com/docker/cli/pull/5739) +- Add validation of network-diagnostic-port daemon configuration option. [moby/moby#49305](https://github.com/moby/moby/pull/49305) +- Unless explicitly configured, an IP address is no longer reserved for a gateway in cases where it is not required. Namely, “internal” bridge networks with option `com.docker.network.bridge.inhibit_ipv4`, `ipvlan` or `macvlan` networks with no parent interface, and L3 IPvlan modes. [moby/moby#49261](https://github.com/moby/moby/pull/49261) +- If a custom network driver reports capability `GwAllocChecker` then, before a network is created, it will get a `GwAllocCheckerRequest` with the network's options. The custom driver may then reply that no gateway IP address should be allocated. [moby/moby#49372](https://github.com/moby/moby/pull/49372) +- Fixed an issue that meant a container could not be attached to an L3 IPvlan at the same time as other network types. [moby/moby#49130](https://github.com/moby/moby/pull/49130) +- Remove the correct `/etc/hosts` entries when disconnecting a container from a network. [moby/moby#48857](https://github.com/moby/moby/pull/48857) +- Fix duplicate network disconnect events. [moby/moby#48800](https://github.com/moby/moby/pull/48800) +- Resolve issues related to changing `fixed-cidr` for `docker0`, and inferring configuration from a user-managed default bridge (`--bridge`). [moby/moby#48319](https://github.com/moby/moby/pull/48319) +- Remove feature flag `windows-dns-proxy`, introduced in release 26.1.0 to control forwarding to external DNS resolvers from Windows containers, to make `nslookup` work. It was enabled by default in release 27.0.0. [moby/moby#48738](https://github.com/moby/moby/pull/48738) +- Remove an `iptables` mangle rule for checksumming SCTP. The rule can be re-enabled by setting `DOCKER_IPTABLES_SCTP_CHECKSUM=1` in the daemon's environment. This override will be removed in a future release. [moby/moby#48149](https://github.com/moby/moby/pull/48149) +- Faster connection to bridge networks, in most cases. [moby/moby#49302](https://github.com/moby/moby/pull/49302) + ### Packaging updates - Update Go runtime to [1.23.6](https://go.dev/doc/devel/release#go1.23.6). [docker/cli#5795](https://github.com/docker/cli/pull/5795), [moby/moby#49393](https://github.com/moby/moby/pull/49393), [docker/docker-ce-packaging#1161](https://github.com/docker/docker-ce-packaging/pull/1161) - Update `runc` to [v1.2.5](https://github.com/opencontainers/runc/releases/tag/v1.2.5) (static binaries only). [moby/moby#49464](https://github.com/moby/moby/pull/49464) - Update containerd to [v1.7.25](https://github.com/containerd/containerd/releases/tag/v1.7.25). [moby/moby#49252](https://github.com/moby/moby/pull/49252) -- Update BuildKit to [v0.19.0](https://github.com/moby/buildkit/releases/tag/v0.19.0). [moby/moby#49315](https://github.com/moby/moby/pull/49315) +- Update BuildKit to [v0.20.0](https://github.com/moby/buildkit/releases/tag/v0.20.0). [moby/moby#49495](https://github.com/moby/moby/pull/49495) +- Update Buildx to [v0.21.0](https://github.com/docker/buildx/releases/tag/v0.21.0). [docker/docker-ce-packaging#1166](https://github.com/docker/docker-ce-packaging/pull/1166) - Update Compose to [v2.32.4](https://github.com/docker/compose/releases/tag/v2.32.3). [docker/docker-ce-packaging#1143](https://github.com/docker/docker-ce-packaging/pull/1143) - The canonical source for the `dockerd(8)` man page has been moved back to the `moby/moby` repository itself. [moby/moby#48298](https://github.com/moby/moby/pull/48298) @@ -128,80 +203,6 @@ For a full list of pull requests and changes in this release, refer to the relev - `GET /containers/json` now returns an `ImageManifestDescriptor` field matching the same field in `/containers/{name}/json`. This field is only populated if the daemon provides a multi-platform image store. [moby/moby#49407](https://github.com/moby/moby/pull/49407) -### Networking - -- The `docker-proxy` binary has been updated, older versions will not work with the updated `dockerd`. [moby/moby#48132](https://github.com/moby/moby/pull/48132) - - Close a window in which the userland proxy (`docker-proxy`) could accept TCP connections, that would then fail after `iptables` NAT rules were set up. - - The executable `rootlesskit-docker-proxy` is no longer used, it has been removed from the build and distribution. -- DNS nameservers read from the host's `/etc/resolv.conf` are now always accessed from the host's network namespace. [moby/moby#48290](https://github.com/moby/moby/pull/48290) - - When the host's `/etc/resolv.conf` contains no nameservers and there are no `--dns` overrides, Google's DNS servers are no longer used, apart from by the default bridge network and in build containers. -- Container interfaces in bridge and macvlan networks now use randomly generated MAC addresses. [moby/moby#48808](https://github.com/moby/moby/pull/48808) - - Gratuitous ARP / Neighbour Advertisement messages will be sent when the interfaces are started so that, when IP addresses are reused, they're associated with the newly generated MAC address. - - IPv6 addresses in the default bridge network are now IPAM-assigned, rather than being derived from the MAC address. -- The deprecated OCI `prestart` hook is now only used by build containers. For other containers, network interfaces are added to the network namespace after task creation is complete, before the container task is started. [moby/moby#47406](https://github.com/moby/moby/pull/47406) -- Add a new `gw-priority` option to `docker run`, `docker container create`, and `docker network connect`. This option will be used by the Engine to determine which network provides the default gateway for a container. On `docker run`, this option is only available through the extended `--network` syntax. [docker/cli#5664](https://github.com/docker/cli/pull/5664) -- Add a new netlabel `com.docker.network.endpoint.ifname` to customize the interface name used when connecting a container to a network. It's supported by all built-in network drivers on Linux. [moby/moby#49155](https://github.com/moby/moby/pull/49155) - - When a container is created with multiple networks specified, there's no guarantee on the order networks will be connected to the container. So, if a custom interface name uses the same prefix as the auto-generated names, for example `eth`, the container might fail to start. - - The recommended practice is to use a different prefix, for example `en0`, or a numerical suffix high enough to never collide, for example `eth100`. - - This label can be specified on `docker network connect` via the `--driver-opt` flag, for example `docker network connect --driver-opt=com.docker.network.endpoint.ifname=foobar …`. - - Or via the long-form `--network` flag on `docker run`, for example `docker run --network=name=bridge,driver-opt=com.docker.network.endpoint.ifname=foobar …` -- If a custom network driver reports capability `GwAllocChecker` then, before a network is created, it will get a `GwAllocCheckerRequest` with the network's options. The custom driver may then reply that no gateway IP address should be allocated. [moby/moby#49372](https://github.com/moby/moby/pull/49372) - -#### Port publishing in bridge networks - -- `dockerd` now requires `ipset` support in the Linux kernel. [moby/moby#48596](https://github.com/moby/moby/pull/48596) - - The `iptables` and `ip6tables` rules used to implement port publishing and network isolation have been extensively modified. This enables some of the following functional changes, and is a first step in refactoring to enable native `nftables` support in a future release. [moby/moby#48815](https://github.com/moby/moby/issues/48815) - - If it becomes necessary to downgrade to an earlier version of the daemon, some manual cleanup of the new rules will be necessary. The simplest and surest approach is to reboot the host, or use `iptables -F` and `ip6tables -F` to flush all existing `iptables` rules from the `filter` table before starting the older version of the daemon. When that is not possible, run the following commands as root: - - `iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT` - - `iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -j DOCKER; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -j DOCKER` - - If you were previously running with the iptables filter-FORWARD policy set to `ACCEPT` and need to restore access to unpublished ports, also delete per-bridge-network rules from the `DOCKER` chains. For example, `iptables -D DOCKER ! -i docker0 -o docker0 -j DROP`. -- Fix a security issue that was allowing remote hosts to connect directly to a container on its published ports. [moby/moby#49325](https://github.com/moby/moby/pull/49325) -- Fix a security issue that was allowing neighbor hosts to connect to ports mapped on a loopback address. [moby/moby#49325](https://github.com/moby/moby/pull/49325) -- Fix an issue that prevented port publishing to link-local addresses. [moby/moby#48570](https://github.com/moby/moby/pull/48570) -- UDP ports published by a container are now reliably accessible by containers on other networks, via the host's public IP address. [moby/moby#48571](https://github.com/moby/moby/pull/48571) -- Docker will now only set the `ip6tables` policy for the `FORWARD` chain in the `filter` table to `DROP` if it enables IP forwarding on the host itself (sysctls `net.ipv6.conf.all.forwarding` and `net.ipv6.conf.default.forwarding`). This is now aligned with existing IPv4 behaviour. [moby/moby#48594](https://github.com/moby/moby/pull/48594) - - If IPv6 forwarding is enabled on your host, but you were depending on Docker to set the ip6tables filter-FORWARD policy to `DROP`, you may need to update your host's configuration to make sure it is secure. -- Direct routed access to container ports that are not exposed using `p`/`-publish` is now blocked in the `DOCKER` iptables chain. [moby/moby#48724](https://github.com/moby/moby/pull/48724) - - If the default iptables filter-FORWARD policy was previously left at `ACCEPT` on your host, and direct routed access to a container's unpublished ports from a remote host is still required, options are: - - Publish the ports you need. - - Use the new `gateway_mode_ipv[46]=nat-unprotected`, described below. - - Container ports published to host addresses will continue to be accessible via those host addresses, using NAT or the userland proxy. - - Unpublished container ports continue to be directly accessible from the Docker host via the container's IP address. -- Networks created with `gateway_mode_ipv[46]=routed` are now accessible from other bridge networks running on the same Docker host, as well as from outside the host. [moby/moby#48596](https://github.com/moby/moby/pull/48596) -- Bridge driver options `com.docker.network.bridge.gateway_mode_ipv4` and `com.docker.network.bridge.gateway_mode_ipv6` now accept mode `nat-unprotected`. [moby/moby#48597](https://github.com/moby/moby/pull/48597) - - `nat-unprotected` is similar to the default `nat` mode, but no per port/protocol rules are set up. This means any port on a container can be accessed by direct-routing from a remote host. -- Bridge driver options `com.docker.network.bridge.gateway_mode_ipv4` and `com.docker.network.bridge.gateway_mode_ipv6` now accept mode `isolated`, when the network is also `internal`. [moby/moby#49262](https://github.com/moby/moby/pull/49262) - - An address is normally assigned to the bridge device in an `internal` network. So, processes on the Docker host can access the network, and containers in the network can access host services listening on that bridge address (including services listening on "any" host address, `0.0.0.0` or `::`). - - An `internal` bridge network created with gateway mode `isolated` does not have an address on the Docker host. -- When a port mapping includes a host IP address or port number that cannot be used because NAT from the host is disabled using `--gateway_mode_ipv[46]`, container creation will no longer fail. The unused fields may be needed if the gateway endpoint changes when networks are connected or disconnected. A message about the unused fields will be logged. [moby/moby#48575](https://github.com/moby/moby/pull/48575) -- Do not create iptables nat-POSTROUTING masquerade rules for a container's own published ports, when the userland proxy is enabled. [moby/moby#48854](https://github.com/moby/moby/pull/48854) - -#### IPv6 - -- Add `docker network create` option `--ipv4`. To disable IPv4 address assignment for a network, use `docker network create --ipv4=false [...]`. [docker/cli#5599](https://github.com/docker/cli/pull/5599) -- Daemon option `--ipv6` (`"ipv6": true` in `daemon.json`) can now be used without `fixed-cidr-v6`. [moby/moby#48319](https://github.com/moby/moby/pull/48319) -- IPAM now handles subnets bigger than "/64". [moby/moby#49223](https://github.com/moby/moby/pull/49223) -- Duplicate address detection (DAD) is now disabled for addresses assigned to the bridges belonging to bridge networks. [moby/moby#48609](https://github.com/moby/moby/pull/48609) -- Modifications to `host-gateway`, for compatibility with IPv6-only networks. [moby/moby#48807](https://github.com/moby/moby/pull/48807) - - When special value `host-gateway` is used in an `--add-host` option in place of an address, it's replaced by an address on the Docker host to make it possible to refer to the host by name. The address used belongs to the default bridge (normally `docker0`). Until now it's always been an IPv4 address, because all containers on bridge networks had IPv4 addresses. - - Now, if IPv6 is enabled on the default bridge network, `/etc/hosts` entries will be created for IPv4 and IPv6 addresses. So, a container that's only connected to IPv6-only networks can access the host by name. - - The `--host-gateway-ip` option overrides the address used to replace `host-gateway`. Two of these options are now allowed on the command line, for one IPv4 gateway and one IPv6. - - In the `daemon.json` file, to provide two addresses, use `"host-gateway-ips"`. For example, `"host-gateway-ips": ["192.0.2.1", "2001:db8::1111"]`. - -#### Other changes - -- Fix validation of `--link` option. [docker/cli#5739](https://github.com/docker/cli/pull/5739) -- Add validation of network-diagnostic-port daemon configuration option. [moby/moby#49305](https://github.com/moby/moby/pull/49305) -- Unless explicitly configured, an IP address is no longer reserved for a gateway in cases where it is not required. Namely, “internal” bridge networks with option `com.docker.network.bridge.inhibit_ipv4`, `ipvlan` or `macvlan` networks with no parent interface, and L3 IPvlan modes. [moby/moby#49261](https://github.com/moby/moby/pull/49261) -- If a custom network driver reports capability `GwAllocChecker` then, before a network is created, it will get a `GwAllocCheckerRequest` with the network's options. The custom driver may then reply that no gateway IP address should be allocated. [moby/moby#49372](https://github.com/moby/moby/pull/49372) -- Fixed an issue that meant a container could not be attached to an L3 IPvlan at the same time as other network types. [moby/moby#49130](https://github.com/moby/moby/pull/49130) -- Remove the correct `/etc/hosts` entries when disconnecting a container from a network. [moby/moby#48857](https://github.com/moby/moby/pull/48857) -- Fix duplicate network disconnect events. [moby/moby#48800](https://github.com/moby/moby/pull/48800) -- Resolve issues related to changing `fixed-cidr` for `docker0`, and inferring configuration from a user-managed default bridge (`--bridge`). [moby/moby#48319](https://github.com/moby/moby/pull/48319) -- Remove feature flag `windows-dns-proxy`, introduced in release 26.1.0 to control forwarding to external DNS resolvers from Windows containers, to make `nslookup` work. It was enabled by default in release 27.0.0. [moby/moby#48738](https://github.com/moby/moby/pull/48738) -- Remove an `iptables` mangle rule for checksumming SCTP. The rule can be re-enabled by setting `DOCKER_IPTABLES_SCTP_CHECKSUM=1` in the daemon's environment. This override will be removed in a future release. [moby/moby#48149](https://github.com/moby/moby/pull/48149) -- Faster connection to bridge networks, in most cases. [moby/moby#49302](https://github.com/moby/moby/pull/49302) - ### Removed - The Fluent logger option `fluentd-async-connect` has been deprecated in v20.10 and is now removed. [moby/moby#46114](https://github.com/moby/moby/pull/46114)