This release of Docker Engine comes with a fix for a low-severity security issue,
some minor bug fixes, and updated versions of Docker Compose, Docker Buildx,
containerd, and runc.
Fix an issue where file-capabilities were not preserved during build moby/moby#43876.
Fix an issue that could result in a panic caused by a concurrent map read and map write moby/moby#44067
Daemon
Fix a security vulnerability relating to supplementary group permissions, which
could allow a container process to bypass primary group restrictions within the
container CVE-2022-36109, GHSA-rc4r-wh2q-q6c4.
seccomp: add support for Landlock syscalls in default policy moby/moby#43991.
seccomp: update default policy to support new syscalls introduced in kernel 5.12 - 5.16 moby/moby#43991.
Fix an issue where cache lookup for image manifests would fail, resulting
in a redundant round-trip to the image registry moby/moby#44109.
Fix an issue where exec processes and healthchecks were not terminated
when they timed out moby/moby#44018.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/docker/docker from 20.10.17+incompatible to 20.10.19+incompatible.
Release notes
Sourced from github.com/docker/docker's releases.
Commits
c964641
Merge pull request #44122 from thaJeztah/20.10_bump_buildkit3bb9973
Merge pull request #44127 from thaJeztah/20.10_backport_image_spec_no_literal435c40c
Merge pull request #44247 from thaJeztah/20.10_bump_go_1.18.711bdbf4
[20.10] Update to go 1.18.7 to address CVE-2022-2879, CVE-2022-2880, CVE-2022...35eaf7e
Merge pull request #44238 from cpuguy83/20.10_fix_restore_volumerefs66ddb7f
Fix live-restore w/ restart policies + volume refsf219cb5
Merge pull request #44218 from thaJeztah/20.10_backport_more_robust_rootlessc003392
contrib: make dockerd-rootless-setuptool.sh more robust53313be
docker-rootless-setuptools.sh: use context after install4163c55
Merge pull request #44202 from crazy-max/20.10_backport_api-fix-logoDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)