Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency docker/docker to v26 #39

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency docker/docker to v26 #39

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 22, 2024
edited
Loading

This PR contains the following updates:

Package Update Change
docker/docker major 25.0.2 -> 26.1.5

Release Notes

docker/docker (docker/docker)

v26.1.5

Compare Source

26.1.5

Security

This release contains a fix for CVE-2024-41110 / GHSA-v23v-6jw2-98fq
that impacted setups using authorization plugins (AuthZ)
for access control. No other changes are included in this release, and this
release is otherwise identical for users not using AuthZ plugins.

Full Changelog: moby/moby@v26.1.4...v26.1.5

v26.1.4

Compare Source

26.1.4

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release updates the Go runtime to 1.21.11 which contains security fixes for:

Bug fixes and enhancements
  • Fixed an issue where promoting a node immediately after another node was demoted could cause the promotion to fail. moby/moby#47870
  • Prevent the daemon log from being spammed with superfluous response.WriteHeader call ... messages.. moby/moby#47843
  • Don't show empty hints when plugins return an empty hook message. docker/cli#5083
  • Added ContextType: "moby" to the context list/inspect output to address a compatibility issue with Visual Studio Container Tools. docker/cli#5095
  • Fix a compatibility issue with Visual Studio Container Tools. docker/cli#5095
Packaging updates

v26.1.3

Compare Source

26.1.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements
  • Fix a regression that prevented the use of DNS servers within a --internal network. moby/moby#47832
  • When the internal DNS server's own address is supplied as an external server address, ignore it to avoid unproductive recursion. moby/moby#47833
Packaging updates
  • Allow runc to kill containers when confined to the runc profile in AppArmor version 4.0.0 and later. moby/moby#47829

v26.1.2

Compare Source

26.1.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements
  • Fix issue where the CLI process would sometimes hang when a container failed to start. docker/cli#5062
Packaging updates

v26.1.1

Compare Source

26.1.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements
  • Fix docker run -d printing an context canceled spurious error when OTEL is configured. docker/cli#5044
  • Experimental environment variable DOCKER_BRIDGE_PRESERVE_KERNEL_LL=1 will prevent the daemon from removing the kernel-assigned link local address on a Linux bridge. moby/moby#47775
  • Resolve an issue preventing container creation on hosts with a read-only /proc/sys/net filesystem. If IPv6 cannot be disabled on an interface due to this, either disable IPv6 by default on the host or ensure /proc/sys/net is read-write. Otherwise, start dockerd with DOCKER_ALLOW_IPV6_ON_IPV4_INTERFACE=1 to bypass the error. moby/moby#47769

[!NOTE]
The DOCKER_ALLOW_IPV6_ON_IPV4_INTERFACE is added as a temporary fix and will be phased out in a future major release after simplifying the IPv6 enablement process.

Packaging updates

v26.1.0

Compare Source

26.1.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

New
Bug fixes and enhancements
  • Native Windows containers are configured with an internal DNS server for container name resolution, and external DNS servers for other lookups. Not all resolvers, including nslookup, fall back to the external resolvers when they get a SERVFAIL answer from the internal server. So, the internal DNS server can now be configured to forward requests to the external resolvers, by setting "features": {"windows-dns-proxy": true } in the daemon.json file. moby/moby#47584

[!NOTE]
This will be the new default behavior in Docker Engine 27.0.

[!WARNING]
The windows-dns-proxy feature flag will be removed in a future release.

  • Swarm: Fix Subpath not being passed to the container config. moby/moby#47711
  • Classic builder: Fix cache miss on WORKDIR <directory>/ build step (directory with a trailing slash). moby/moby#47723
  • containerd image store: Fix docker images failing when any image in the store has unexpected target. moby/moby#47738

v26.0.2

Compare Source

26.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains a security fix for CVE-2024-32473, an unexpected configuration of IPv6 on IPv4-only interfaces.

Bug fixes and enhancements

v26.0.1

Compare Source

26.0.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements
  • Fix a regression that meant network interface specific --sysctl options prevented container startup. moby/moby#47646
  • Remove erroneous platform from image config OCI descriptor in docker save output. moby/moby#47694
  • containerd image store: OCI archives produced by docker save will now have a non-empty mediaType field in index.json moby/moby#47701
  • Fix a regression that prevented the internal resolver from forwarding requests from IPvlan L3 networks to external resolvers. moby/moby#47705
  • Prevent the use of external resolvers in IPvlan and Macvlan networks created with no parent interface specified. moby/moby#47705
Packaging updates

v26.0.0

Compare Source

26.0.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains a security fix for CVE-2024-29018, a potential data exfiltration from 'internal' networks via authoritative DNS servers.

New
  • Add Subpath field to the VolumeOptions making it possible to mount a subpath of a volume. moby/moby#45687
  • Add volume-subpath support to the mount flag (--mount type=volume,...,volume-subpath=<subpath>). docker/cli#4331
  • Accept = separators and [ipv6] in compose files for docker stack deploy. docker/cli#4860
  • rootless: Add support for enabling host loopback by setting the DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK environment variable to false (defaults to true). This lets containers connect to the host by using IP address 10.0.2.2. moby/moby#47352
  • containerd image store: docker image ls no longer creates duplicates entries for multi-platform images. moby/moby#45967
  • containerd image store: Send Prometheus metrics. moby/moby#47555
Bug fixes and enhancements
  • CVE-2024-29018: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589
  • Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved. moby/moby#47233

[!WARNING]

Containers created using Docker Engine 25.0.0 may have duplicate MAC addresses, they must be re-created.
Containers created using version 25.0.0 or 25.0.1 with user-defined MAC addresses will get generated MAC addresses when they are started using 25.0.2. They must also be re-created.

  • Always attempt to enable IPv6 on a container's loopback interface, and only include IPv6 in /etc/hosts if successful. moby/moby#47062

[!NOTE]

By default, IPv6 will remain enabled on a container's loopback interface when the container is not connected to an IPv6-enabled network.
For example, containers that are only connected to an IPv4-only network now have the ::1 address on their loopback interface.

To disable IPv6 in a container,
use option --sysctl net.ipv6.conf.all.disable_ipv6=1 in the create or run command,
or the equivalent sysctls option in the service configuration section of a Compose file.

If IPv6 is not available in a container because it has been explicitly disabled for the container,
or the host's networking stack does not have IPv6 enabled (or for any other reason)
the container's /etc/hosts file will not include IPv6 entries.

  • Fix ADD Dockerfile instruction failing with lsetxattr <file>: operation not supported when unpacking archive with xattrs onto a filesystem that doesn't support them. moby/moby#47175
  • Fix docker container start failing when used with --checkpoint. moby/moby#47456
  • Restore IP connectivity between the host and containers on an internal bridge network. moby/moby#47356
  • Do not enforce new validation rules for existing swarm networks. moby/moby#47361
  • Restore DNS names for containers in the default "nat" network on Windows. moby/moby#47375
  • Print hint when invoking docker image ls with ambiguous argument. docker/cli#4849
  • Cleanup @docker_cli_[UUID] files on OpenBSD. docker/cli#4862
  • Add explicit deprecation notice message when using remote TCP connections without TLS. docker/cli#4928, moby/moby#47556
  • Use IPv6 nameservers from the host's resolv.conf as upstream resolvers for Docker Engine's internal DNS, rather than listing them in the container's resolv.conf. moby/moby#47512
  • containerd image store: Isolate images with different containerd namespaces when --userns-remap option is used. moby/moby#46786
  • containerd image store: Fix image pull not emitting Pulling fs layer status. moby/moby#47432
API
  • To preserve backwards compatibility, read-only mounts are not recursive by default when using older clients (API version < v1.44). moby/moby#47391
  • GET /images/{id}/json omits the Created field (previously it was 0001-01-01T00:00:00Z) if the Created field is missing from the image config. moby/moby#47451
  • Populate a missing Created field in GET /images/{id}/json with 0001-01-01T00:00:00Z for API version <= 1.43. moby/moby#47387
  • The is_automated field in the POST /images/search endpoint results is always false now. Consequently, searching for is-automated=true will yield no results, while is-automated=false will be a no-op. moby/moby#47465
  • Remove Container and ContainerConfig fields from the GET /images/{name}/json response. moby/moby#47430
Packaging updates
Removed
  • Remove Container and ContainerConfig fields from the GET /images/{name}/json response. moby/moby#47430
  • Deprecate the ability to accept remote TCP connections without TLS. Deprecation notice docker/cli#4928 moby/moby#47556.
  • Remove deprecated API versions (API < v1.24) moby/moby#47155
  • Disable pulling of deprecated image formats by default. These image formats are deprecated, and support will be removed in a future version. moby/moby#47459
  • image: remove deprecated IDFromDigest moby/moby#47198
  • Remove the deprecated github.com/docker/docker/pkg/loopback package. moby/moby#47128
  • pkg/system: remove deprecated ErrNotSupportedOperatingSystem, IsOSSupported moby/moby#47129
  • pkg/homedir: remove deprecated Key() and GetShortcutString() moby/moby#47130
  • pkg/containerfs: remove deprecated ResolveScopedPath moby/moby#47131
  • The daemon flag --oom-score-adjust was deprecated in v24.0 and is now removed. moby/moby#46113
  • Remove deprecated aliases from the api/types package. These types were deprecated in v25.0.0, which provided temporary aliases. moby/moby#47148
    These aliases are now removed: types.Info, types.Commit, types.PluginsInfo, types.NetworkAddressPool, types.Runtime, types.SecurityOpt, types.KeyValue, types.DecodeSecurityOptions, types.CheckpointCreateOptions, types.CheckpointListOptions, types.CheckpointDeleteOptions, types.Checkpoint, types.ImageDeleteResponseItem, types.ImageSummary, types.ImageMetadata, types.ServiceUpdateResponse, types.ServiceCreateResponse, types.ResizeOptions, types.ContainerAttachOptions, types.ContainerCommitOptions, types.ContainerRemoveOptions, types.ContainerStartOptions, types.ContainerListOptions, types.ContainerLogsOptions
  • cli/command/container: remove deprecated NewStartOptions() docker/cli#4811
  • cli/command: remove deprecated DockerCliOption, InitializeOpt docker/cli#4810

v25.0.6

Compare Source

25.0.6

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains a fix for CVE-2024-41110 / GHSA-v23v-6jw2-98fq that impacted setups using authorization plugins (AuthZ) for access control.

Bug fixes and enhancements
  • [25.0] remove erroneous platform from image config OCI descriptor in docker save output. moby/moby#47695
  • [25.0 backport] Fix a nil dereference when getting image history for images having layers without the Created value set. moby/moby#47759
  • [25.0 backport] apparmor: Allow confined runc to kill containers. moby/moby#47830
  • [25.0 backport] Fix an issue where rapidly promoting a Swarm node after another node was demoted could cause the promoted node to fail its promotion. moby/moby#47869
  • [25.0 backport] don't depend on containerd platform.Parse to return a typed error. moby/moby#47890
  • [25.0 backport] builder/mobyexporter: Add missing nil check moby/moby#47987
Packaging updates

Full Changelog: moby/moby@v25.0.5...v25.0.6

v25.0.5

Compare Source

25.0.5

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains a security fix for CVE-2024-29018, a potential data exfiltration from 'internal' networks via authoritative DNS servers.

Bug fixes and enhancements
  • CVE-2024-29018: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589
  • plugin: fix mounting /etc/hosts when running in UserNS. moby/moby#47588
  • rootless: fix open /etc/docker/plugins: permission denied. moby/moby#47587
  • Fix multiple parallel docker build runs leaking disk space. moby/moby#47527

v25.0.4

Compare Source

25.0.4

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements
  • Restore DNS names for containers in the default "nat" network on Windows. moby/moby#47490
  • Fix docker start failing when used with --checkpoint moby/moby#47466
  • Don't enforce new validation rules for existing swarm networks moby/moby#47482
  • Restore IP connectivity between the host and containers on an internal bridge network. moby/moby#47481
  • Fix a regression introduced in v25.0 that prevented the classic builder from ADDing a tar archive with xattrs created on a non-Linux OS moby/moby#47483
  • containerd image store: Fix image pull not emitting Pulling fs layer status moby/moby#47484
API
  • To preserve backwards compatibility, make read-only mounts not recursive by default when using older clients (API version < v1.44). moby/moby#47393
  • GET /images/{id}/json omits the Created field (previously it was 0001-01-01T00:00:00Z) if the Created field is missing from the image config. moby/moby#47451
  • Populate a missing Created field in GET /images/{id}/json with 0001-01-01T00:00:00Z for API version <= 1.43. moby/moby#47387
  • Fix a regression that caused API socket connection failures to report an API version negotiation failure instead. moby/moby#47470
  • Preserve supplied endpoint configuration in a container-create API request, when a container-wide MAC address is specified, but NetworkMode name-or-id is not the same as the name-or-id used in NetworkSettings.Networks. moby/moby#47510
Packaging updates

Full Changelog: moby/moby@v25.0.3...v25.0.4

v25.0.3

Compare Source

25.0.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • containerd image store: Fix a bug where docker image history would fail if a manifest wasn't found in the content store. moby/moby#47348

  • Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved. moby/moby#47304

    Note

    • Containers created with Docker Engine version 25.0.0 may have duplicate MAC addresses.
      They must be re-created.
    • Containers with user-defined MAC addresses created with Docker Engine versions 25.0.0 or 25.0.1
      receive new MAC addresses when started using Docker Engine version 25.0.2.
      They must also be re-created.
  • Fix docker save <image>@&#8203;<digest> producing an OCI archive with index without manifests. moby/moby#47294
  • Fix a bug preventing bridge networks from being created with an MTU higher than 1500 on RHEL and CentOS 7. moby/moby#47308, moby/moby#47311
  • Fix a bug where containers are unable to communicate over an internal network. moby/moby#47303
  • Fix a bug where the value of the ipv6 daemon option was ignored. moby/moby#47310
  • Fix a bug where trying to install a pulling using a digest revision would cause a panic. moby/moby#47323
  • Fix a potential race condition in the managed containerd supervisor. moby/moby#47313
  • Fix an issue with the journald log driver preventing container logs from being followed correctly with systemd version 255. moby/moby47243
  • seccomp: Update the builtin seccomp profile to include syscalls added in kernel v5.17 - v6.7 to align the profile with the profile used by containerd. moby/moby#47341
  • Windows: Fix cache not being used when building images based on Windows versions older than the host's version. moby/moby#47307, moby/moby#47337
Packaging updates

Configuration

📅 Schedule: Branch creation - "after 6am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner April 22, 2024 16:12
@renovate renovate bot added the renovate label Apr 22, 2024
@renovate renovate bot enabled auto-merge (squash) April 22, 2024 16:12
@renovate renovate bot force-pushed the renovate/major-26-ubuntu-23.04-dind-image branch from c12d01d to 82b867c Compare April 22, 2024 21:30
@renovate renovate bot force-pushed the renovate/major-26-ubuntu-23.04-dind-image branch 5 times, most recently from 9074e95 to 0757f3d Compare April 29, 2024 22:04
@renovate renovate bot force-pushed the renovate/major-26-ubuntu-23.04-dind-image branch 8 times, most recently from 3ebed2a to 098a352 Compare May 6, 2024 10:23
@renovate renovate bot force-pushed the renovate/major-26-ubuntu-23.04-dind-image branch 6 times, most recently from bf94a0c to 0646021 Compare May 13, 2024 21:09
@renovate renovate bot force-pushed the renovate/major-26-ubuntu-23.04-dind-image branch 2 times, most recently from 38a5467 to bb0b297 Compare May 21, 2024 01:18
@renovate renovate bot force-pushed the renovate/major-26-ubuntu-23.04-dind-image branch 3 times, most recently from 64c0872 to 137dc50 Compare May 27, 2024 17:01
@renovate renovate bot force-pushed the renovate/major-26-ubuntu-23.04-dind-image branch 3 times, most recently from 0606a79 to 5f0d066 Compare July 2, 2024 00:05
@renovate renovate bot force-pushed the renovate/major-26-ubuntu-23.04-dind-image branch 3 times, most recently from 06d5473 to 8d90e89 Compare July 15, 2024 15:57
@renovate renovate bot force-pushed the renovate/major-26-ubuntu-23.04-dind-image branch 6 times, most recently from b1136c9 to 69b7602 Compare July 29, 2024 14:31
@renovate renovate bot force-pushed the renovate/major-26-ubuntu-23.04-dind-image branch 3 times, most recently from 7f8bc5a to 3547176 Compare July 30, 2024 01:50
@renovate renovate bot force-pushed the renovate/major-26-ubuntu-23.04-dind-image branch 4 times, most recently from 8bdbd6c to eec8728 Compare August 19, 2024 20:09
@renovate renovate bot force-pushed the renovate/major-26-ubuntu-23.04-dind-image branch 4 times, most recently from 6a8ef3e to feb6e51 Compare September 2, 2024 21:09
@renovate renovate bot force-pushed the renovate/major-26-ubuntu-23.04-dind-image branch 4 times, most recently from 65f0469 to f23f0ef Compare September 9, 2024 23:02
@renovate renovate bot force-pushed the renovate/major-26-ubuntu-23.04-dind-image branch from f23f0ef to 4950cbb Compare September 23, 2024 13:40
@renovate renovate bot force-pushed the renovate/major-26-ubuntu-23.04-dind-image branch from 4950cbb to 75f55f8 Compare September 23, 2024 19:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

@alexcb alexcb alexcb approved these changes

Assignees
No one assigned
Labels
renovate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@alexcb