Docker Engine 18.06 release notes
Table of contents
18.06.3-ce
2019-02-19
Security fixes for Docker Engine
- Change how the
runc
critical vulnerability patch is applied to include the fix in RPM packages. docker/engine#156
18.06.2
2019-02-11
Security fixes for Docker Engine
- Update
runc
to address a critical vulnerability that allows specially-crafted containers to gain administrative privileges on the host. CVE-2019-5736 - Ubuntu 14.04 customers using a 3.13 kernel will need to upgrade to a supported Ubuntu 4.x kernel
18.06.1-ce
2018-08-21
Builder
- Fix no error if build args are missing during docker build. docker/engine#25
- Set BuildKit's ExportedProduct variable to show useful errors. docker/engine#21
Client
- Various shell completion script updates: docker/cli#1229, docker/cli#1268, and docker/cli#1272
- Fix
DOCKER_CONFIG
warning message and fallback search. docker/cli#1241 - Fix help message flags on
docker stack
commands and sub-commands. docker/cli#1267
Runtime
- Disable CRI plugin listening on port 10010 by default. docker/engine#29
- Update containerd to v1.1.2. docker/engine#33
- Windows: Do not invoke HCS shutdown if terminate called. docker/engine#31
- Windows: Select polling-based watcher for Windows log watcher. docker/engine#34
Swarm Mode
- Fix the condition used for skipping over running tasks. docker/swarmkit#2677
- Fix task sorting. docker/swarmkit#2712
18.06.0-ce
2018-07-18
Important notes about this release
- Docker 18.06 CE will be the last release with a 4-month maintenance lifecycle. The planned Docker 18.09 CE release will be supported for 7 months with Docker 19.03 CE being the next release in line. More details about the release process can be found here.
Builder
- Builder: fix layer leak on multi-stage wildcard copy. moby/moby#37178
- Fix parsing of invalid environment variable substitution . moby/moby#37134
- Builder: use the arch info from base image. moby/moby#36816 moby/moby#37197
- New experimental builder backend based on
BuildKit. To enable, run daemon in experimental mode and set
DOCKER_BUILDKIT=1
environment variable on the docker CLI. moby/moby#37151 docker/cli#1111
- Fix handling uppercase targets names in multi-stage builds. moby/moby#36960
Client
- Bump spf13/cobra to v0.0.3, pflag to v1.0.1. moby/moby#37106
- Add support for the new Stack API for Kubernetes v1beta2. docker/cli#899
- K8s: more robust stack error detection on deploy. docker/cli#948
- Support for rollback config in compose 3.7. docker/cli#409
- Update Cobra and pflag, and use built-in --version feature. docker/cli#1069
- Fix
docker stack deploy --prune
with empty name removing all services. docker/cli#1088 - [Kubernetes] stack services filters. docker/cli#1023
- Only show orchestrator flag in root, stack and version commands in help. docker/cli#1106
- Add an
Extras
field on the compose config types. docker/cli#1126 - Add options to the compose loader. docker/cli#1128
- Fix always listing nodes in docker stack ps command on Kubernetes. docker/cli#1093
- Fix output being shown twice on stack rm error message. docker/cli#1093
- Extend client API with custom HTTP requests. moby/moby#37071
- Changed error message for unreadable files to clarify possibility of a .Dockerignore entry. docker/cli#1053
- Restrict kubernetes.allNamespaces value to 'enabled' or 'disabled' in configuration file. docker/cli#1087
- Check errors when initializing the docker client in the help command. docker/cli#1119
- Better namespace experience with Kubernetes. Fix using namespace defined in ~/.kube/config for stack commands. Add a NAMESPACE column for docker stack ls command. Add a --all-namespaces flag for docker stack ls command. docker/cli#991
- Export Push and Save. docker/cli#1123
- Export pull as a public function. docker/cli#1026
- Remove Kubernetes commands from experimental. docker/cli#1068
- Adding configs/secrets to service inspect pretty. docker/cli#1006
- Fix service filtering by name on Kubernetes. docker/cli#1101
- Fix component information alignment in
docker version
. docker/cli#1065 - Fix cpu/memory limits and reservations being reset on service update. docker/cli#1079
- Manifest list: request specific permissions. docker/cli#1024
- Setting --orchestrator=all also sets --all-namespaces unless specific --namespace are set. docker/cli#1059
- Fix panics when --compress and --stream are used together. docker/cli#1105
- Switch from x/net/context to context. docker/cli#1038
- Add --init option to
docker service create
. docker/cli#479 - Fixed bug displaying garbage output for build command when --stream and --quiet flags combined. docker/cli#1090
- Add
init
support in 3.7 schema. docker/cli#1129
- Fix docker trust signer removal. docker/cli#1112
- Fix error message from docker inspect. docker/cli#1071
- Allow
x-*
extension on 3rd level objects. docker/cli#1097 - An invalid orchestrator now generates an error instead of being silently ignored. docker/cli#1055
- Added ORCHESTRATOR column to docker stack ls command. docker/cli#973
- Warn when using host-ip for published ports for services. docker/cli#1017
- Added the option to enable experimental cli features through the
DOCKER_CLI_EXPERIMENTAL
environment variable. docker/cli#1138 - Add exec_die to the list of known container events. docker/cli#1028
- [K8s] Do env-variable expansion on the uninterpreted Config files. docker/cli#974
- Print warnings on stderr for each unsupported features while parsing a compose file for deployment on Kubernetes. docker/cli#903
- Added description about pids count. docker/cli#1045
- Warn user of filter when pruning. docker/cli#1043
- Fix
--rollback-*
options overwriting--update-*
options. docker/cli#1052
- Update Attach, Build, Commit, Cp, Create subcommand fish completions. docker/cli#1005
- Add bash completion for
dockerd --default-address-pool
. docker/cli#1173 - Add bash completion for
exec_die
event. docker/cli#1173
- Update docker-credential-helper so
pass
is not called on every docker command. docker/cli#1184 - Fix for rotating swarm external CA. docker/cli#1199
- Improve version output alignment. docker/cli#1207
- Add bash completion for
service create|update --init
. docker/cli#1210
Deprecation
- Document reserved namespaces deprecation. docker/cli#1040
Logging
- Allow awslogs to use non-blocking mode. moby/moby#36522
- Improve logging of long log lines on fluentd log driver.. moby/moby#36159
- Re-order CHANGELOG.md to pass
make validate
test. moby/moby#37047 - Update Events, Exec, Export, History, Images, Import, Inspect, Load, and Login subcommand fish completions. docker/cli#1061
- Update documentation for RingLogger's ring buffer. moby/moby#37084
- Add metrics for log failures/partials. moby/moby#37034
- Fix logging plugin crash unrecoverable. moby/moby#37028
- Fix logging test type. moby/moby#37070
- Fix race conditions in logs API. moby/moby#37062
- Fix some issues in logfile reader and rotation. moby/moby#37063
Networking
- Allow user to specify default address pools for docker networks. moby/moby#36396 docker/cli#818
- Adding logs for ipam state docker/libnetwork#2417
- Fix race conditions in the overlay network driver docker/libnetwork#2143
- Add wait time into xtables lock warning docker/libnetwork#2142
- filter xtables lock warnings when firewalld is active docker/libnetwork#2135
- Switch from x/net/context to context docker/libnetwork#2140
- Adding a recovery mechanism for a split gossip cluster docker/libnetwork#2134
- Running docker inspect on network attachment tasks now returns a full task object. moby/moby#35246
- Some container/network cleanups. moby/moby#37033
- Fix network inspect for overlay network. moby/moby#37045
- Improve Scalability of the Linux load balancing. docker/engine#16
- Change log level from error to warning. docker/engine#19
Runtime
- Aufs: log why aufs is not supported. moby/moby#36995
- Hide experimental checkpoint features on Windows. docker/cli#1094
- Lcow: Allow the client to customize capabilities and device cgroup rules for LCOW containers. moby/moby#37294
- Changed path given for executable output in windows to actual location of executable output. moby/moby#37295
- Add windows recycle bin test and update hcsshim to v0.6.11. moby/moby#36994
- Allow to add any args when doing a make run. moby/moby#37190
- Optimize ContainerTop() aka docker top. moby/moby#37131
- Fix compilation on 32bit machines. moby/moby#37292
- Update API version to v1 38. moby/moby#37141
- Fix
docker service update --host-add
does not update existing host entry. docker/cli#1054 - Fix swagger file type for ExecIds. moby/moby#36962
- Fix swagger volume type generation. moby/moby#37060
- Fix wrong assertion in volume/service package. moby/moby#37211
- Fix daemon panic on restart when a plugin is running. moby/moby#37234
- Construct and add 'LABEL' command from 'label' option to last stage. moby/moby#37011
- Fix race condition between exec start and resize.. moby/moby#37172
- Alternative failure mitigation of
TestExecInteractiveStdinClose
. moby/moby#37143 - RawAccess allows a set of paths to be not set as masked or readonly. moby/moby#36644
- Be explicit about github.com prefix being a legacy feature. moby/moby#37174
- Bump Golang to 1.10.3. docker/cli#1122
- Close ReadClosers to prevent xz zombies. moby/moby#34218
- Daemon.ContainerStop(): fix for a negative timeout. moby/moby#36874
- Daemon.setMounts(): copy slice in place. moby/moby#36991
- Describe IP field of swagger Port definition. moby/moby#36971
- Extract volume interaction to a volumes service. moby/moby#36688
- Fixed markdown formatting in docker image v1, v1.1, and v1.2 spec. moby/moby#37051
- Improve GetTimestamp parsing. moby/moby#35402
- Jsonmessage: pass message to aux callback. moby/moby#37064
- Overlay2: remove unused cdMountFrom() helper function. moby/moby#37041
- Overlay: Fix overlay storage-driver silently ignoring unknown storage-driver options. moby/moby#37040
- Remove some unused contrib items. moby/moby#36977
- Restartmanager: do not apply restart policy on created containers. moby/moby#36924
- Set item-type for ExecIDs. moby/moby#37121
- Use go-systemd const instead of magic string in Linux version of dockerd. moby/moby#37136
- Use stdlib TLS dialer. moby/moby#36687
- Warn when an engine label using a reserved namespace (com.docker.*, io.docker.*, or org.dockerproject.*) is configured, as per Docker object labels. moby/moby#36921
- Fix missing plugin name in message. moby/moby#37052
- Fix link anchors in CONTRIBUTING.md. moby/moby#37276
- Fix link to Docker Toolbox. moby/moby#37240
- Fix mis-used skip condition. moby/moby#37179
- Fix bind mounts not working in some cases. moby/moby#37031
- Fix fd leak on attach. moby/moby#37184
- Fix fluentd partial detection. moby/moby#37029
- Fix incorrect link in version-history.md. moby/moby#37049
- Allow vim to be case insensitive for D in dockerfile. moby/moby#37235
- Add
t.Name()
to tests so that service names are unique. moby/moby#37166 - Add additional message when backendfs is extfs without d_type support. moby/moby#37022
- Add api version checking for tests from new feature. moby/moby#37169
- Add image metrics for push and pull. moby/moby#37233
- Add support for
init
on services. moby/moby#37183 - Add verification of escapeKeys array length in pkg/term/proxy.go. moby/moby#36918
- When link id is empty for overlay2, do not remove this link.. moby/moby#36161
- Fix build on OpenBSD by defining Self(). moby/moby#37301
- Windows: Fix named pipe support for hyper-v isolated containers. docker/engine#2 docker/cli#1165
- Fix manifest lists to always use correct size. docker/cli#1183
- Register OCI media types. docker/engine#4
- Update containerd to v1.1.1 docker/engine#17
- LCOW: Prefer Windows over Linux in a manifest list. docker/engine#3
- Add updated
MaskPaths
that are used in code paths directly using containerd to address CVE-2018-10892. docker/engine#15 - Add
/proc/acpi
to masked paths to address CVE-2018-10892. docker/engine#14
- Fix bindmount autocreate race. docker/engine#11
Swarm Mode
- List stacks for both Swarm and Kubernetes with --orchestrator=all in docker stack ls. Allow several occurrences of --namespace for Kubernetes with docker stack ls. docker/cli#1031
- Bump SwarmKit to remove deprecated grpc metadata wrappers. moby/moby#36905
- Issue an error for --orchestrator=all when working on mismatched Swarm and Kubernetes hosts. docker/cli#1035
- Fix broken swarm commands with Kubernetes defined as orchestrator. "--orchestrator" flag is no longer global but local to stack commands and subcommands docker/cli#1137 docker/cli#1139
- Bump swarmkit to include task reaper fixes and more metrics. docker/engine#13
- Avoid a leak when a service with unassigned tasks is deleted. docker/engine#27
- Fix racy batching on the dispatcher. docker/engine#27