Docker Engine 26.0 release notes (2024)

This page describes the latest changes, additions, known issues, and fixes for Docker Engine version 26.0.

For more information about:

• Deprecated and removed features, seeDeprecated Engine Features.
• Changes to the Engine API, seeEngine API version history.

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.0.0 milestone
• moby/moby, 26.0.0 milestone
• Deprecated and removed features, seeDeprecated Features.
• Changes to the Engine API, seeAPI version history.

Security

This release contains a security fix forCVE-2024-29018, a potential data exfiltration from 'internal' networks via authoritative DNS servers.

New

• Add Subpath field to the VolumeOptions making it possible to mount a subpath of a volume.moby/moby#45687
• Add volume-subpath support to the mount flag (--mount type=volume,...,volume-subpath=<subpath>).docker/cli#4331
• Accept = separators and [ipv6] in compose files for docker stack deploy.docker/cli#4860
• rootless: Add support for enabling host loopback by setting the DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK environment variable to false (defaults to true). This lets containers connect to the host by using IP address 10.0.2.2.moby/moby#47352
• containerd image store: docker image ls no longer creates duplicates entries for multi-platform images.moby/moby#45967
• containerd image store: Send Prometheus metrics.moby/moby#47555

Bug fixes and enhancements

• CVE-2024-29018: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53.moby/moby#47589

• Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved.moby/moby#47233

  Warning

  Containers created using Docker Engine 25.0.0 may have duplicate MAC addresses, they must be re-created.Containers created using version 25.0.0 or 25.0.1 with user-defined MAC addresses will get generated MAC addresses when they are started using 25.0.2. They must also be re-created.

• Always attempt to enable IPv6 on a container's loopback interface, and only include IPv6 in /etc/hosts if successful.moby/moby#47062

  Note

  See Also

  A Docker Tutorial for BeginnersHow to Check for Docker InstallationHow To Install and Use Docker on Ubuntu 18.04 | DigitalOceanInstall Docker Desktop on Windows

  By default, IPv6 will remain enabled on a container's loopback interface when the container is not connected to an IPv6-enabled network.For example, containers that are only connected to an IPv4-only network now have the ::1 address on their loopback interface.

  To disable IPv6 in a container,use option --sysctl net.ipv6.conf.all.disable_ipv6=1 in the create or run command,or the equivalent sysctls option in the service configuration section of a Compose file.

  If IPv6 is not available in a container because it has been explicitly disabled for the container,or the host's networking stack does not have IPv6 enabled (or for any other reason)the container's /etc/hosts file will not include IPv6 entries.

• Fix ADD Dockerfile instruction failing with lsetxattr <file>: operation not supported when unpacking archive with xattrs onto a filesystem that doesn't support them.moby/moby#47175

• Fix docker container start failing when used with --checkpoint.moby/moby#47456

• Restore IP connectivity between the host and containers on an internal bridge network.moby/moby#47356

• Do not enforce new validation rules for existing swarm networks.moby/moby#47361

• Restore DNS names for containers in the default "nat" network on Windows.moby/moby#47375

• Print hint when invoking docker image ls with ambiguous argument.docker/cli#4849

  See Also

  Containerize an application

• Cleanup @docker_cli_[UUID] files on OpenBSD.docker/cli#4862

• Add explicitdeprecation notice message when using remote TCP connections without TLS.docker/cli#4928,moby/moby#47556

• Use IPv6 nameservers from the host's resolv.conf as upstream resolvers for Docker Engine's internal DNS, rather than listing them in the container's resolv.conf.moby/moby#47512

• containerd image store: Isolate images with different containerd namespaces when --userns-remap option is used.moby/moby#46786

• containerd image store: Fix image pull not emitting Pulling fs layer status.moby/moby#47432

API

• To preserve backwards compatibility, read-only mounts are not recursive by default when using older clients (API version < v1.44).moby/moby#47391
• GET /images/{id}/json omits the Created field (previously it was 0001-01-01T00:00:00Z) if the Created field is missing from the image config.moby/moby#47451
• Populate a missing Created field in GET /images/{id}/json with 0001-01-01T00:00:00Z for API version <= 1.43.moby/moby#47387
• The is_automated field in the POST /images/search endpoint results is always false now. Consequently, searching for is-automated=true will yield no results, while is-automated=false will be a no-op.moby/moby#47465
• Remove Container and ContainerConfig fields from the GET /images/{name}/json response.moby/moby#47430

Packaging updates

• Update BuildKit tov0.13.1.moby/moby#47582
• Update Buildx tov0.13.1.docker/docker-ce-packaging#1000
• Update Compose tov2.25.0.docker/docker-ce-packaging#1002
• Update Go runtime to1.21.8.moby/moby#47502
• Update RootlessKit tov2.0.2.moby/moby#47508
• Update containerd to v1.7.13 (static binaries only)moby/moby#47278
• Update runc binary to v1.1.12moby/moby#47268
• Update OTel to v0.46.1 / v1.21.0moby/moby#47245

Removed

• Remove Container and ContainerConfig fields from the GET /images/{name}/json response.moby/moby#47430

• Deprecate the ability to accept remote TCP connections without TLS.Deprecation noticedocker/cli#4928moby/moby#47556.

• Remove deprecated API versions (API < v1.24)moby/moby#47155

• Disable pulling of deprecated image formats by default. These image formats are deprecated, and support will be removed in a future version.moby/moby#47459

• image: remove deprecated IDFromDigestmoby/moby#47198

• Remove the deprecated github.com/docker/docker/pkg/loopback package.moby/moby#47128

• pkg/system: remove deprecated ErrNotSupportedOperatingSystem, IsOSSupportedmoby/moby#47129

• pkg/homedir: remove deprecated Key() and GetShortcutString()moby/moby#47130

• pkg/containerfs: remove deprecated ResolveScopedPathmoby/moby#47131

• The daemon flag --oom-score-adjust was deprecated in v24.0 and is now removed.moby/moby#46113

• Remove deprecated aliases from the api/types package. These types were deprecated in v25.0.0, which provided temporary aliases.moby/moby#47148These aliases are now removed: types.Info, types.Commit, types.PluginsInfo, types.NetworkAddressPool, types.Runtime, types.SecurityOpt, types.KeyValue, types.DecodeSecurityOptions, types.CheckpointCreateOptions, types.CheckpointListOptions, types.CheckpointDeleteOptions, types.Checkpoint, types.ImageDeleteResponseItem, types.ImageSummary, types.ImageMetadata, types.ServiceUpdateResponse, types.ServiceCreateResponse, types.ResizeOptions, types.ContainerAttachOptions, types.ContainerCommitOptions, types.ContainerRemoveOptions, types.ContainerStartOptions, types.ContainerListOptions, types.ContainerLogsOptions

• cli/command/container: remove deprecated NewStartOptions()docker/cli#4811

• cli/command: remove deprecated DockerCliOption, InitializeOptdocker/cli#4810