The eighteenth patch release for containerd 1.7 contains various updates along
with an updated version of Go. Go 1.22.4 and 1.21.11 include a fix for a symlink
time of check to time of use race condition during directory removal.
containerd image store: Add --platform flag to docker image push and improve the default behavior when not all platforms of the multi-platform image are available locally. docker/cli#4984, moby/moby#47679
Add support to docker stack deploy for driver_opts in a service's networks. docker/cli#5125
Consider additional /usr/local/libexec and /usr/libexec paths when looking up the userland proxy binaries by a name with a docker- prefix. moby/moby#47804
Bug fixes and enhancements
*client.Client instances are now always safe for concurrent use by multiple goroutines. Previously, this could lead to data races when the WithAPIVersionNegotiation() option is used. moby/moby#47961
Fix a bug causing the Docker CLI to leak Unix sockets in $TMPDIR in some cases. docker/cli#5146
Don't ignore a custom seccomp profile when used in conjunction with --privileged. moby/moby#47500
rootless: overlay2: support native overlay diff when using rootless-mode with Linux kernel version 5.11 and later. moby/moby#47605
Fix the StartInterval default value of healthcheck to reflect the documented value of 5s. moby/moby#47799
Fix docker save and docker load not ending on the daemon side when the operation was cancelled by the user, for example with Ctrl+C. moby/moby#47629
The StartedAt property of containers is now recorded before container startup, guaranteeing that the StartedAt is always before FinishedAt. moby/moby#47003
The internal DNS resolver used by Windows containers on Windows now forwards requests to external DNS servers by default. This enables nslookup to resolve external hostnames. This behaviour can be disabled via daemon.json, using "features": { "windows-dns-proxy": false }. The configuration option will be removed in a future release. moby/moby#47826
Print a warning when the CLI does not have permissions to read the configuration file. docker/cli#5077
Fix a goroutine and file-descriptor leak on container attach. moby/moby#45052
Clear the networking state of all stopped or dead containers during daemon start-up. moby/moby#47984
Write volume options JSON atomically to avoid "invalid JSON" errors after system crash. moby/moby#48034
Allow multiple macvlan networks with the same parent. moby/moby#47318
Allow BuildKit to be used on Windows daemons that advertise it. docker/cli#5178
Networking
Allow sysctls to be set per-interface during container creation and network connection. moby/moby#47686
In a future release, this will be the only way to set per-interface sysctl options.
For example, on the command line in a docker run command,--network mynet --sysctl net.ipv4.conf.eth0.log_martians=1 will be rejected.
Instead, you must use --network name=mynet,driver-opt=com.docker.network.endpoint.sysctls=net.ipv4.conf.IFNAME.log_martians=1.
IPv6
ip6tables is no longer experimental. You may remove the experimental configuration option and continue to use IPv6, if it is not required by any other features.
ip6tables is now enabled for Linux bridge networks by default. moby/moby#47747
This makes IPv4 and IPv6 behaviors consistent with each other, and reduces the risk that IPv6-enabled containers are inadvertently exposed to the network.
There is no impact if you are running Docker Engine with ip6tables enabled (new default).
If you are using an IPv6-enabled bridge network without ip6tables, this is likely a breaking change. Only published container ports (-p or --publish) are accessible from outside the Docker bridge network, and outgoing connections masquerade as the host.
To restore the behavior of earlier releases, no ip6tables at all, set "ip6tables": false in daemon.json, or use the CLI option --ip6tables=false. Alternatively, leave ip6tables enabled, publish ports, and enable direct routing.
With ip6tables enabled, if ip6tables is not functional on your host, Docker Engine will start but it will not be possible to create an IPv6-enabled network.
... (truncated)
Commits
ff1e2c0 Merge pull request #48050 from thaJeztah/deprecate_graphdriver_plugins
6da604a deprecate experimental Graphdriver plugins, and disable by default
81b2027 Merge pull request #48049 from thaJeztah/fix_swagger_tmpfsopts
97f6a9d Merge pull request #48045 from thaJeztah/bump_ttrpc_1.2.5
3aace75 Merge pull request #48046 from thaJeztah/daemon_no_logrus
ce5571f api: swagger: fix definition of TmpFsOptions (API v1.46)
a9ab046 cmd/dockerd: initMiddlewares: use containerd/logs
418eed6 Merge pull request #47804 from cpuguy83/more_paths_docker_proxy
Introduce ParseTraversalPartial, which allows traversals that include the splat ([*]) index operator. (#673)
ext/dynblock: Now accepts marked values in for_each, and will transfer those marks (as much as technically possible) to values in the generated blocks. (#679)
Bugs Fixed
Expression evaluation will no longer panic if the splat operator is applied to an unknown value that has cty marks. (#678)
Introduce ParseTraversalPartial, which allows traversals that include the splat ([*]) index operator. (#673)
ext/dynblock: Now accepts marked values in for_each, and will transfer those marks (as much as technically possible) to values in the generated blocks. (#679)
Bugs Fixed
Expression evaluation will no longer panic if the splat operator is applied to an unknown value that has cty marks. (#678)
Time to celebrate the new wazero release! This time has not only the important bugs fixes just like before, but more importantly comes with the drastic "compilation time" performance improvements!
@mathetake worked so hard to improve the compilation performance which some users had raised issue about since the release of the optimizing compiler in 1.7.0. The idea is that even though this is partly because it is "optimizing", there are still rooms for improvements in its codebase to use less CPU/memory.
The below is the compilation time benchmark on the various standard library tests for Zig, Go and TinyGo compared to the previous v1.7.2. You can see the huge results up to like 50% faster and ~50% less memory usage. Note that this doesn't affect any runtime performance -- that means your code runs just exactly like before while having faster compilation!😎
goos: darwin
goarch: arm64
pkg: github.com/tetratelabs/wazero/internal/integration_test/stdlibs
│ old.txt │ new.txt │
...
_Description has been truncated_
Bumps the common group with 21 updates in the / directory:
1.11.1
1.12.0
1.6.0
1.7.0
1.3.1
1.3.2
1.27.2
1.30.0
1.27.18
1.27.21
1.163.1
1.166.0
1.28.5
1.29.1
1.55.1
1.56.1
1.7.17
1.7.18
26.1.3+incompatible
27.0.1+incompatible
0.19.1
0.19.2
2.20.1
2.21.0
0.13.2
0.14.1
0.5.4
0.5.5
1.8.0
1.8.1
1.7.2
1.7.3
0.17.0
0.18.0
1.34.1
1.34.2
3.15.1
3.15.2
0.30.1
0.30.2
1.30.0
1.30.1
Updates
github.com/Azure/azure-sdk-for-go/sdk/azcore
from 1.11.1 to 1.12.0Release notes
Sourced from github.com/Azure/azure-sdk-for-go/sdk/azcore's releases.
Commits
e58902b
Prep azcore v1.12.0 for release (#23005)9ad32c5
Increment package version after release of internal (#23004)897e903
Update ignore-links.txt (#23003)ac7cc04
[keyvault] fix test recording sanitizers (#22911)276cf8c
update readme (#22971)5eb479f
[azopenai] Updating hash to merged PR. (#22998)9c4f5c5
Prepare sdk/internal v1.9.0 for release (#22991)b407f56
Increment version for messaging/azwebpubsub releases (#22466)3af4c7e
update mgmt live test (#22996)b7d018e
fix sdk/resourcemanager/internal module (#22994)Updates
github.com/Azure/azure-sdk-for-go/sdk/azidentity
from 1.6.0 to 1.7.0Release notes
Sourced from github.com/Azure/azure-sdk-for-go/sdk/azidentity's releases.
Commits
624baba
bump azcore version numberce7217c
Prep for azcore v1.7.0 release (#21149)62a8079
Add support for shallow cloning azcore.Client instances (#21065) (#21098)47286b0
Add flag to enable skipping of dependency checks (#21146)ee762d4
Fix populating module name in telemetry policy (#20967) (#20971)0243175
Prep azcore v1.6.1 for release (#20961)9c9d62a
Increment package version after release of azcore (#20740)Updates
github.com/antchfx/htmlquery
from 1.3.1 to 1.3.2Release notes
Sourced from github.com/antchfx/htmlquery's releases.
Commits
c5fcecb
update packagegithub.com/antchfx/xpath
from v1.3.0 to v1.3.1Updates
github.com/aws/aws-sdk-go-v2
from 1.27.2 to 1.30.0Commits
2d43b81
Release 2024-06-19812bc72
Regenerated Clients12e2648
Update endpoints model5df426a
Update API model78777b6
add implicit global region to internal partition metadata (#2688)077df5d
Release 2024-06-183320b13
Regenerated Clients1315201
Update API model8dddc9c
add SDK-specific feature tracking (#2682)54f11c0
Release 2024-06-17Updates
github.com/aws/aws-sdk-go-v2/config
from 1.27.18 to 1.27.21Commits
2d43b81
Release 2024-06-19812bc72
Regenerated Clients12e2648
Update endpoints model5df426a
Update API model78777b6
add implicit global region to internal partition metadata (#2688)077df5d
Release 2024-06-183320b13
Regenerated Clients1315201
Update API model8dddc9c
add SDK-specific feature tracking (#2682)54f11c0
Release 2024-06-17Updates
github.com/aws/aws-sdk-go-v2/credentials
from 1.17.18 to 1.17.21Commits
2d43b81
Release 2024-06-19812bc72
Regenerated Clients12e2648
Update endpoints model5df426a
Update API model78777b6
add implicit global region to internal partition metadata (#2688)077df5d
Release 2024-06-183320b13
Regenerated Clients1315201
Update API model8dddc9c
add SDK-specific feature tracking (#2682)54f11c0
Release 2024-06-17Updates
github.com/aws/aws-sdk-go-v2/service/ec2
from 1.163.1 to 1.166.0Commits
2b4498c
Release 2024-06-25332d372
Regenerated Clients9397b8d
Update API model674e1e4
Release 2024-06-24406eeb4
Regenerated Clients17bd894
Update endpoints model688d06a
Update API model6c2b819
nuke opsworks test (#2696)28fb34d
Release 2024-06-20458c8b7
Regenerated ClientsUpdates
github.com/aws/aws-sdk-go-v2/service/ecr
from 1.28.5 to 1.29.1Commits
08f1f0b
Release 2022-10-240e1e20e
Regenerated Clients281c268
Update SDK's smithy-go dependency to v1.13.4db7c0a3
Update endpoints model1eae80d
Update API model17628c4
EC2 IMDS client logging fixes (#1891)7655449
Release 2022-10-21dcae829
Regenerated Clientsb82766b
Update API model1c05fb6
Implements IsCredentialsProvider for checking if a provider matches a target ...Updates
github.com/aws/aws-sdk-go-v2/service/s3
from 1.55.1 to 1.56.1Commits
2d43b81
Release 2024-06-19812bc72
Regenerated Clients12e2648
Update endpoints model5df426a
Update API model78777b6
add implicit global region to internal partition metadata (#2688)077df5d
Release 2024-06-183320b13
Regenerated Clients1315201
Update API model8dddc9c
add SDK-specific feature tracking (#2682)54f11c0
Release 2024-06-17Updates
github.com/containerd/containerd
from 1.7.17 to 1.7.18Release notes
Sourced from github.com/containerd/containerd's releases.
... (truncated)
Commits
ae71819
Merge pull request #10301 from dmcgowan/prepare-v1.7.189426aab
Prepare release notes for v1.7.181d324db
Merge pull request #10298 from dmcgowan/1.7-update-gocdd3ea9
Update Go version to 1.21.110a137f0
Merge pull request #10277 from thaJeztah/1.7_backport_remove_use_of_platform_...1e3c662
[release/1.7] remove uses of platforms.Platform alias300a6de
Merge pull request #10269 from thaJeztah/1.7_migrate_containerd_log0af6825
migrate logs imports to github.com/containerd/log modulebe820ac
Merge pull request #10266 from thaJeztah/1.7_migrate_to_errdefs_module566c535
Merge pull request #10261 from k8s-infra-cherrypick-robot/cherry-pick-10257-t...Updates
github.com/docker/docker
from 26.1.3+incompatible to 27.0.1+incompatibleRelease notes
Sourced from github.com/docker/docker's releases.
... (truncated)
Commits
ff1e2c0
Merge pull request #48050 from thaJeztah/deprecate_graphdriver_plugins6da604a
deprecate experimental Graphdriver plugins, and disable by default81b2027
Merge pull request #48049 from thaJeztah/fix_swagger_tmpfsopts97f6a9d
Merge pull request #48045 from thaJeztah/bump_ttrpc_1.2.53aace75
Merge pull request #48046 from thaJeztah/daemon_no_logrusce5571f
api: swagger: fix definition of TmpFsOptions (API v1.46)a9ab046
cmd/dockerd: initMiddlewares: use containerd/logs418eed6
Merge pull request #47804 from cpuguy83/more_paths_docker_proxye355e10
vendor: github.com/containerd/ttrpc v1.2.5f8c088b
Lookup docker-proxy in libexec pathsUpdates
github.com/google/go-containerregistry
from 0.19.1 to 0.19.2Release notes
Sourced from github.com/google/go-containerregistry's releases.
Commits
1b4e407
Add -O shorthand for --omit-digest-tags to crane. (#1958)3764db2
Fix windows race condition when writing image with duplicate layers (#1921)39d1148
Add Context support to auth methods (#1949)ff385a9
feat: mutate platform (#1919)98dd3e9
Support podman auth file REGISTRY_AUTH_FILE. (#1914)051d642
registry: Implement Range requests for blobs (#1917)0309184
Add JSON marshalling funcs for Digest. (#1915)Updates
github.com/hashicorp/hcl/v2
from 2.20.1 to 2.21.0Release notes
Sourced from github.com/hashicorp/hcl/v2's releases.
Changelog
Sourced from github.com/hashicorp/hcl/v2's changelog.
Commits
360ae57
prepare for v2.21.0 releasef7e093a
github: Pin action refs to latest trusted by TSCCR (#683)212a40e
Update CHANGELOG.md318bbfe
hcldec: Allow body-derived values to be marked9a64c17
dynblock: Preserve marks from for_each expression into resultbc75765
hclsyntax: Don't panic if splat operand is unknown and markedbf54697
github: Set up Dependabot to manage HashiCorp-owned Actions versioning4521ae9
github: Pin action refs to latest trusted by TSCCR (#677)1c5ae8f
Update CHANGELOG.mdf7cd61a
Add additional function for parsing traversals with [*] keys (#673)Updates
github.com/moby/buildkit
from 0.13.2 to 0.14.1Release notes
Sourced from github.com/moby/buildkit's releases.
... (truncated)
Commits
eb864a8
Merge pull request #5053 from tonistiigi/v0.14.1-cherry-picksdedaef0
shell: handle empty string for var replacementsb45ab30
Initialize build args from stage basee34c21a
Consolidate instruction casing lint rules050e3b6
Updates lint output to print detail instead of description2bf5cbf
util/resolver: Make httpFallback concurrent safe49dd5f4
Adds 'WARNING' prefix to the rule check output and update lint05bd56b
Merge pull request #5040 from AkihiroSuda/cherrypick-5008-0.145a7352c
Fix content not found withpush=true,rewrite-timestamp=true
4d9a4e5
Merge pull request #5017 from crazy-max/fix-history-exportersUpdates
github.com/spdx/tools-golang
from 0.5.4 to 0.5.5Release notes
Sourced from github.com/spdx/tools-golang's releases.
Commits
9db247b
fix: provide a clearer error when using an invalid originator (#246)57d4b8e
fix: panic if JSON relationship array contains null (#239)606f188
chore: update makefile to include bootstrap and go mod tidy (#243)282609e
fix: properly normalize Windows paths (#242)Updates
github.com/spf13/cobra
from 1.8.0 to 1.8.1Release notes
Sourced from github.com/spf13/cobra's releases.
... (truncated)
Commits
e94f6d0
Address golangci-lint deprecation warnings, enable some more linters (#2152)8003b74
Remove fully inactivated linters (#2148)5c2c1d6
Consistent annotation names (#2140)5a1acea
build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.3 to 2.0.4 (#2127)0fc86c2
docs: update user guide (#2128)6b5f577
More linting (#2099)bd914e5
fix: remove deprecated io/ioutils package (#2120)1f80fa2
chore: remove repetitive words (#2122)c69ae4c
ci: test golang 1.22 (#2113)a30cee5
build(deps): bump actions/cache from 3 to 4 (#2102)Updates
github.com/tetratelabs/wazero
from 1.7.2 to 1.7.3Release notes
Sourced from github.com/tetratelabs/wazero's releases.