This page describes the latest changes, additions, known issues, and fixes for Docker Engine version 26.0.
For more information about:
- Deprecated and removed features, seeDeprecated Engine Features.
- Changes to the Engine API, seeEngine API version history.
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 26.0.0 milestone
- moby/moby, 26.0.0 milestone
- Deprecated and removed features, seeDeprecated Features.
- Changes to the Engine API, seeAPI version history.
Security
This release contains a security fix forCVE-2024-29018, a potential data exfiltration from 'internal' networks via authoritative DNS servers.
New
- Add
Subpath
field to theVolumeOptions
making it possible to mount a subpath of a volume.moby/moby#45687 - Add
volume-subpath
support to the mount flag (--mount type=volume,...,volume-subpath=<subpath>
).docker/cli#4331 - Accept
=
separators and[ipv6]
in compose files fordocker stack deploy
.docker/cli#4860 - rootless: Add support for enabling host loopback by setting the
DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK
environment variable tofalse
(defaults totrue
). This lets containers connect to the host by using IP address10.0.2.2
.moby/moby#47352 - containerd image store:
docker image ls
no longer creates duplicates entries for multi-platform images.moby/moby#45967 - containerd image store: Send Prometheus metrics.moby/moby#47555
Bug fixes and enhancements
CVE-2024-29018: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53.moby/moby#47589
Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved.moby/moby#47233
Warning
Containers created using Docker Engine 25.0.0 may have duplicate MAC addresses, they must be re-created.Containers created using version 25.0.0 or 25.0.1 with user-defined MAC addresses will get generated MAC addresses when they are started using 25.0.2. They must also be re-created.
Always attempt to enable IPv6 on a container's loopback interface, and only include IPv6 in
/etc/hosts
if successful.moby/moby#47062Note
See AlsoA Docker Tutorial for BeginnersHow to Check for Docker InstallationHow To Install and Use Docker on Ubuntu 18.04 | DigitalOceanInstall Docker Desktop on WindowsBy default, IPv6 will remain enabled on a container's loopback interface when the container is not connected to an IPv6-enabled network.For example, containers that are only connected to an IPv4-only network now have the
::1
address on their loopback interface.To disable IPv6 in a container,use option
--sysctl net.ipv6.conf.all.disable_ipv6=1
in thecreate
orrun
command,or the equivalentsysctls
option in the service configuration section of a Compose file.If IPv6 is not available in a container because it has been explicitly disabled for the container,or the host's networking stack does not have IPv6 enabled (or for any other reason)the container's
/etc/hosts
file will not include IPv6 entries.Fix
ADD
Dockerfile instruction failing withlsetxattr <file>: operation not supported
when unpacking archive with xattrs onto a filesystem that doesn't support them.moby/moby#47175Fix
docker container start
failing when used with--checkpoint
.moby/moby#47456Restore IP connectivity between the host and containers on an internal bridge network.moby/moby#47356
Do not enforce new validation rules for existing swarm networks.moby/moby#47361
Restore DNS names for containers in the default "nat" network on Windows.moby/moby#47375
Print hint when invoking
docker image ls
with ambiguous argument.docker/cli#4849See AlsoContainerize an applicationCleanup
@docker_cli_[UUID]
files on OpenBSD.docker/cli#4862Add explicitdeprecation notice message when using remote TCP connections without TLS.docker/cli#4928,moby/moby#47556
Use IPv6 nameservers from the host's
resolv.conf
as upstream resolvers for Docker Engine's internal DNS, rather than listing them in the container'sresolv.conf
.moby/moby#47512containerd image store: Isolate images with different containerd namespaces when
--userns-remap
option is used.moby/moby#46786containerd image store: Fix image pull not emitting
Pulling fs layer
status.moby/moby#47432
API
- To preserve backwards compatibility, read-only mounts are not recursive by default when using older clients (API version < v1.44).moby/moby#47391
GET /images/{id}/json
omits theCreated
field (previously it was0001-01-01T00:00:00Z
) if theCreated
field is missing from the image config.moby/moby#47451- Populate a missing
Created
field inGET /images/{id}/json
with0001-01-01T00:00:00Z
for API version <= 1.43.moby/moby#47387 - The
is_automated
field in thePOST /images/search
endpoint results is alwaysfalse
now. Consequently, searching foris-automated=true
will yield no results, whileis-automated=false
will be a no-op.moby/moby#47465 - Remove
Container
andContainerConfig
fields from theGET /images/{name}/json
response.moby/moby#47430
Packaging updates
- Update BuildKit tov0.13.1.moby/moby#47582
- Update Buildx tov0.13.1.docker/docker-ce-packaging#1000
- Update Compose tov2.25.0.docker/docker-ce-packaging#1002
- Update Go runtime to1.21.8.moby/moby#47502
- Update RootlessKit tov2.0.2.moby/moby#47508
- Update containerd to v1.7.13 (static binaries only)moby/moby#47278
- Update runc binary to v1.1.12moby/moby#47268
- Update OTel to v0.46.1 / v1.21.0moby/moby#47245
Removed
Remove
Container
andContainerConfig
fields from theGET /images/{name}/json
response.moby/moby#47430Deprecate the ability to accept remote TCP connections without TLS.Deprecation noticedocker/cli#4928moby/moby#47556.
Remove deprecated API versions (API < v1.24)moby/moby#47155
Disable pulling of deprecated image formats by default. These image formats are deprecated, and support will be removed in a future version.moby/moby#47459
image: remove deprecated IDFromDigestmoby/moby#47198
Remove the deprecated
github.com/docker/docker/pkg/loopback
package.moby/moby#47128pkg/system: remove deprecated
ErrNotSupportedOperatingSystem
,IsOSSupported
moby/moby#47129pkg/homedir: remove deprecated Key() and GetShortcutString()moby/moby#47130
pkg/containerfs: remove deprecated ResolveScopedPathmoby/moby#47131
The daemon flag
--oom-score-adjust
was deprecated in v24.0 and is now removed.moby/moby#46113Remove deprecated aliases from the api/types package. These types were deprecated in v25.0.0, which provided temporary aliases.moby/moby#47148These aliases are now removed:
types.Info
,types.Commit
,types.PluginsInfo
,types.NetworkAddressPool
,types.Runtime
,types.SecurityOpt
,types.KeyValue
,types.DecodeSecurityOptions
,types.CheckpointCreateOptions
,types.CheckpointListOptions
,types.CheckpointDeleteOptions
,types.Checkpoint
,types.ImageDeleteResponseItem
,types.ImageSummary
,types.ImageMetadata
,types.ServiceUpdateResponse
,types.ServiceCreateResponse
,types.ResizeOptions
,types.ContainerAttachOptions
,types.ContainerCommitOptions
,types.ContainerRemoveOptions
,types.ContainerStartOptions
,types.ContainerListOptions
,types.ContainerLogsOptions
cli/command/container: remove deprecated
NewStartOptions()
docker/cli#4811cli/command: remove deprecated
DockerCliOption
,InitializeOpt
docker/cli#4810