Sourced fromgithub.com/moby/moby's releases.

v26.0.1

26.0.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.0.1 milestone
• moby/moby, 26.0.1 milestone
• Deprecated and removed features, seeDeprecated Features.
• Changes to the Engine API, seeAPI version history.

Bug fixes and enhancements

• Fix a regression that meant network interface specific--sysctl options prevented container startup.moby/moby#47646
• Remove erroneousplatform from imageconfig OCI descriptor indocker save output.moby/moby#47694
• containerd image store: OCI archives produced bydocker save will now have a non-emptymediaType field inindex.jsonmoby/moby#47701
• Fix a regression that prevented the internal resolver from forwarding requests from IPvlan L3 networks to external resolvers.moby/moby#47705
• Prevent the use of external resolvers in IPvlan and Macvlan networks created with no parent interface specified.moby/moby#47705

Packaging updates

• Update Go runtime to 1.21.9moby/moby#47671,docker/cli#4987
• Update Compose tov1.26.1,docker/docker-ce-packaging#1009
• Update containerd tov1.7.15 (static binaries only)moby/moby#47692

v26.0.0

26.0.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.0.0 milestone
• moby/moby, 26.0.0 milestone
• Deprecated and removed features, seeDeprecated Features.
• Changes to the Engine API, seeAPI version history.

Security

This release contains a security fix for [CVE-2024-29018], a potential data exfiltration from 'internal' networks via authoritative DNS servers.

New

• AddSubpath field to theVolumeOptions making it possible to mount a subpath of a volume.moby/moby#45687
• Addvolume-subpath support to the mount flag (--mount type=volume,...,volume-subpath=<subpath>).docker/cli#4331
• Accept= separators and[ipv6] in compose files fordocker stack deploy.docker/cli#4860
• rootless: Add support for enabling host loopback by setting theDOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK environment variable tofalse (defaults totrue). This lets containers connect to the host by using IP address10.0.2.2.moby/moby#47352
• containerd image store:docker image ls no longer creates duplicates entries for multi-platform images.moby/moby#45967
• containerd image store: Send Prometheus metrics.moby/moby#47555

Bug fixes and enhancements

• [CVE-2024-29018]: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53.moby/moby#47589
• Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved.moby/moby#47233

... (truncated)

• 60b9add Merge pull request#47705 from robmry/backport-26.0/47662_ipvlan_l3_dns
• 8ad7f86 Run ipvlan tests even if 'modprobe ipvlan' fails
• dc27552 Stop macvlan with no parent from using ext-dns
• 7b570f0 Enable DNS proxying for ipvlan-l3
• 8cdcc4f Move dummy DNS server to integration/internal/network
• ed752f6 Merge pull request#47701 from vvoland/v26.0-47691
• 9db1b6f Merge pull request#47702 from vvoland/v26.0-47647
• 6261281 Merge pull request#47700 from vvoland/v26.0-47673
• 90355e5 Merge pull request#47696 from vvoland/v26.0-47658
• 72615b1 github/ci: Check if backport is opened against the expected branch
• Additional commits viewable incompare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)