This document describes the latest changes, additions, known issues, and fixes for Docker Engine.

Note: The client and container runtime are now in separate packages from the daemon in Docker Engine 18.09. Users should install and update all three packages at the same time to get the latest patch releases. For example, on Ubuntu: sudo apt install docker-ce docker-ce-cli containerd.io. See the install instructions for the corresponding linux distro for details.

1. Version 20.10

1.1. 20.10.6

2021-04-12

1.1.1. Client

  • Apple Silicon (darwin/arm64) support for Docker CLI docker/cli#3042
  • config: print deprecation warning when falling back to pre-v1.7.0 config file ~/.dockercfg. Support for this file will be removed in a future release docker/cli#3000

1.1.2. Builder

  • Fix classic builder silently ignoring unsupported Dockerfile options and prompt to enable BuildKit instead moby/moby#42197

1.1.3. Logging

1.1.4. Networking

  • Fix a regression in docker 20.10, causing IPv6 addresses no longer to be bound by default when mapping ports moby/moby#42205
  • Fix implicit IPv6 port-mappings not included in API response. Before docker 20.10, published ports were accessible through both IPv4 and IPv6 by default, but the API only included information about the IPv4 (0.0.0.0) mapping moby/moby#42205
  • Fix a regression in docker 20.10, causing the docker-proxy to not be terminated in all cases moby/moby#42205
  • Fix iptables forwarding rules not being cleaned up upon container removal moby/moby#42205

1.1.5. Packaging

1.1.6. Plugins

  • Fix docker plugin create making plugins that were incompatible with older versions of Docker moby/moby#42256

1.1.7. Rootless

1.2. 20.10.5

2021-03-02

1.2.1. Client

1.3. 20.10.4

2021-02-26

1.3.1. Builder

  • Fix incorrect cache match for inline cache import with empty layers moby/moby#42061
  • Update BuildKit to v0.8.2 moby/moby#42061

    • resolver: avoid error caching on token fetch
    • fileop: fix checksum to contain indexes of inputs preventing certain cache misses
    • Fix reference count issues on typed errors with mount references (fixing invalid mutable ref errors)
    • git: set token only for main remote access allowing cloning submodules with different credentials
  • Ensure blobs get deleted in /var/lib/docker/buildkit/content/blobs/sha256 after pull. To clean up old state run builder prune moby/moby#42065

  • Fix parallel pull synchronization regression moby/moby#42049
  • Ensure libnetwork state files do not leak moby/moby#41972

1.3.2. Client

  • Fix a panic on docker login if no config file is present docker/cli#2959
  • Fix WARNING: Error loading config file: .dockercfg: $HOME is not defined docker/cli#2958

1.3.3. Runtime

1.3.4. Logger

  • Honor labels-regex config even if labels is not set moby/moby#42046
  • Handle long log messages correctly preventing awslogs in non-blocking mode to split events bigger than 16kB mobymoby#41975

1.3.5. Rootless

1.3.6. Security

1.3.7. Swarm

  • Fix issue with heartbeat not persisting upon restart moby/moby#42060
  • Fix potential stalled tasks moby/moby#42060
  • Fix --update-order and --rollback-order flags when only --update-order or --rollback-order is provided docker/cli#2963
  • Fix docker service rollback returning a non-zero exit code in some situations docker/cli#2964
  • Fix inconsistent progress-bar direction on docker service rollback docker/cli#2964

1.4. 20.10.3

2021-02-01

1.4.1. Security

  • CVE-2021-21285 Prevent an invalid image from crashing docker daemon
  • CVE-2021-21284 Lock down file permissions to prevent remapped root from accessing docker state
  • Ensure AppArmor and SELinux profiles are applied when building with BuildKit

1.4.2. Client

  • Check contexts before importing them to reduce risk of extracted files escaping context store
  • Windows: prevent executing certain binaries from current directory docker/cli#2950

1.5. 20.10.2

2021-01-04

1.5.1. Runtime

  • Fix a daemon start up hang when restoring containers with restart policies but that keep failing to start moby/moby#41729
  • overlay2: fix an off-by-one error preventing to build or run containers when data-root is 24-bytes long moby/moby#41830
  • systemd: send sd_notify STOPPING=1 when shutting down moby/moby#41832

1.5.2. Networking

1.5.3. Swarm

  • Fix filtering for replicated-job and global-job service modes moby/moby#41806

1.5.4. Packaging

1.6. 20.10.1

2020-12-14

1.6.1. Builder

1.6.2. Packaging

1.7. 20.10.0

2020-12-08

1.7.1. Deprecation / Removal

For an overview of all deprecated features, refer to the Deprecated Engine Features page.

1.7.2. API

  • Update API version to v1.41
  • Do not require "experimental" for metrics API moby/moby#40427
  • GET /events now returns prune events after pruning resources have completed moby/moby#41259

    • Prune events are returned for container, network, volume, image, and builder, and have a reclaimed attribute, indicating the amount of space reclaimed (in bytes)
  • Add one-shot stats option to not prime the stats moby/moby#40478

  • Adding OS version info to the system info's API (/info) moby/moby#38349
  • Add DefaultAddressPools to docker info moby/moby#40714
  • Add API support for PidsLimit on services moby/moby#39882

1.7.3. Builder

1.7.4. Client

  • Add swarm jobs support to CLI docker/cli#2262
  • Add -a/--all-tags to docker push docker/cli#2220
  • Add support for Kubernetes username/password auth docker/cli#2308
  • Add --pull=missing|always|never to run and create commands docker/cli#1498
  • Add --env-file flag to docker exec for parsing environment variables from a file docker/cli#2602
  • Add shorthand -n for --tail option docker/cli#2646
  • Add log-driver and options to service inspect "pretty" format docker/cli#1950
  • docker run: specify cgroup namespace mode with --cgroupns docker/cli#2024
  • docker manifest rm command to remove manifest list draft from local storage docker/cli#2449
  • Add "context" to "docker version" and "docker info" docker/cli#2500
  • Propagate platform flag to container create API docker/cli#2551
  • The docker ps --format flag now has a .State placeholder to print the container's state without additional details about uptime and health check docker/cli#2000
  • Add support for docker-compose schema v3.9 docker/cli#2073
  • Add support for docker push --quiet docker/cli#2197
  • Hide flags that are not supported by BuildKit, if BuildKit is enabled docker/cli#2123
  • Update flag description for docker rm -v to clarify the option only removes anonymous (unnamed) volumes docker/cli#2289
  • Improve tasks printing for docker services docker/cli#2341
  • docker info: list CLI plugins alphabetically docker/cli#2236
  • Fix order of processing of --label-add/--label-rm, --container-label-add/--container-label-rm, and --env-add/--env-rm flags on docker service update to allow replacing existing values docker/cli#2668
  • Fix docker rm --force returning a non-zero exit code if one or more containers did not exist docker/cli#2678
  • Improve memory stats display by using total_inactive_file instead of cache docker/cli#2415
  • Mitigate against YAML files that has excessive aliasing docker/cli#2117
  • Allow using advanced syntax when setting a config or secret with only the source field docker/cli#2243
  • Fix reading config files containing username and password auth even if auth is empty docker/cli#2122
  • docker cp: prevent NPE when failing to stat destination docker/cli#2221
  • config: preserve ownership and permissions on configfile docker/cli#2228

1.7.5. Logging

  • Support reading docker logs with all logging drivers (best effort) moby/moby#40543
  • Add splunk-index-acknowledgment log option to work with Splunk HECs with index acknowledgment enabled moby/moby#39987
  • Add partial metadata to journald logs moby/moby#41407
  • Reduce allocations for logfile reader moby/moby#40796
  • Fluentd: add fluentd-async, fluentd-request-ack, and deprecate fluentd-async-connect moby/moby#39086

1.7.6. Runtime

1.7.7. Networking

1.7.8. Packaging

1.7.9. Rootless

1.7.10. Security

  • Fix CVE-2019-14271 loading of nsswitch based config inside chroot under Glibc moby/moby#39612
  • seccomp: Whitelist clock_adjtime. CAP_SYS_TIME is still required for time adjustment moby/moby#40929
  • seccomp: Add openat2 and faccessat2 to default seccomp profile moby/moby#41353
  • seccomp: allow 'rseq' syscall in default seccomp profile moby/moby#41158
  • seccomp: allow syscall membarrier moby/moby#40731
  • seccomp: whitelist io-uring related system calls moby/moby#39415
  • Add default sysctls to allow ping sockets and privileged ports with no capabilities moby/moby#41030
  • Fix seccomp profile for clone syscall moby/moby#39308

1.7.11. Swarm

Copyright © 温玉 2021 | 浙ICP备2020032454号 all right reserved,powered by Gitbook该文件修订时间: 2023-05-22 14:19:45

results matching ""

    No results matching ""