This release contains a security fix for [CVE-2024-29018], a potential data exfiltration from 'internal' networks via authoritative DNS servers.
New
Add Subpath field to the VolumeOptions making it possible to mount a subpath of a volume. moby/moby#45687
Add volume-subpath support to the mount flag (--mount type=volume,...,volume-subpath=<subpath>). docker/cli#4331
Accept = separators and [ipv6] in compose files for docker stack deploy. docker/cli#4860
rootless: Add support for enabling host loopback by setting the DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK environment variable to false (defaults to true). This lets containers connect to the host by using IP address 10.0.2.2. moby/moby#47352
containerd image store: docker image ls no longer creates duplicates entries for multi-platform images. moby/moby#45967
[CVE-2024-29018]: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589
Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved. moby/moby#47233
... (truncated)
Commits
60b9add Merge pull request #47705 from robmry/backport-26.0/47662_ipvlan_l3_dns
8ad7f86 Run ipvlan tests even if 'modprobe ipvlan' fails
dc27552 Stop macvlan with no parent from using ext-dns
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/docker/docker from 25.0.5+incompatible to 26.0.1+incompatible.
Release notes
Sourced from github.com/docker/docker's releases.
... (truncated)
Commits
60b9add
Merge pull request #47705 from robmry/backport-26.0/47662_ipvlan_l3_dns8ad7f86
Run ipvlan tests even if 'modprobe ipvlan' failsdc27552
Stop macvlan with no parent from using ext-dns7b570f0
Enable DNS proxying for ipvlan-l38cdcc4f
Move dummy DNS server to integration/internal/networked752f6
Merge pull request #47701 from vvoland/v26.0-476919db1b6f
Merge pull request #47702 from vvoland/v26.0-476476261281
Merge pull request #47700 from vvoland/v26.0-4767390355e5
Merge pull request #47696 from vvoland/v26.0-4765872615b1
github/ci: Check if backport is opened against the expected branchDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show