This release of Docker Engine comes with a fix for a low-severity security issue,
some minor bug fixes, and updated versions of Docker Compose, Docker Buildx,
containerd, and runc.
Fix an issue where file-capabilities were not preserved during build moby/moby#43876.
Fix an issue that could result in a panic caused by a concurrent map read and map write moby/moby#44067
Daemon
Fix a security vulnerability relating to supplementary group permissions, which
could allow a container process to bypass primary group restrictions within the
container CVE-2022-36109, GHSA-rc4r-wh2q-q6c4.
seccomp: add support for Landlock syscalls in default policy moby/moby#43991.
seccomp: update default policy to support new syscalls introduced in kernel 5.12 - 5.16 moby/moby#43991.
Fix an issue where cache lookup for image manifests would fail, resulting
in a redundant round-trip to the image registry moby/moby#44109.
Fix an issue where exec processes and healthchecks were not terminated
when they timed out moby/moby#44018.
Items starting with DEPRECATE are important deprecation notices. For more
information on the list of deprecated flags and APIs please have a look at
https://docs.docker.com/engine/deprecated/ where target removal dates can also
be found.
17.03.2-ce (2017-05-29)
Networking
Fix a concurrency issue preventing network creation #33273
Runtime
Relabel secrets path to avoid a Permission Denied on selinux enabled systems #33236 (ref #32529
Fix cases where local volume were not properly relabeled if needed #33236 (ref #29428)
Fix an issue while upgrading if a plugin rootfs was still mounted #33236 (ref #32525)
Fix an issue where volume wouldn't default to the rprivate propagation mode #33236 (ref #32851)
Fix a panic that could occur when a volume driver could not be retrieved #33236 (ref #32347)
Add a warning in docker info when the overlay or overlay2 graphdriver is used on a filesystem without d_type support #33236 (ref #31290)
Fix an issue with backporting mount spec to older volumes #33207
Fix issue where a failed unmount can lead to data loss on local volume remove #33120
Swarm Mode
Fix a case where tasks could get killed unexpectedly #33118
Fix an issue preventing to deploy services if the registry cannot be reached despite the needed images being locally present #33117
Accept -f - to read Dockerfile from stdin, but use local context for building #31236
The values of default build time arguments (e.g HTTP_PROXY) are no longer displayed in docker image history unless a corresponding ARG instruction is written in the Dockerfile. #31584
Fix setting command if a custom shell is used in a parent image #32236
Fix docker build --label when the label includes single quotes and a space #31750
Client
Add --mount flag to docker run and docker create#32251
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
2 years ago
Bumps github.com/docker/docker from 1.13.1 to 20.10.18+incompatible.
Release notes
Sourced from github.com/docker/docker's releases.
... (truncated)
Changelog
Sourced from github.com/docker/docker's changelog.
... (truncated)
Commits
e42327aMerge pull request #44120 from thaJeztah/20.10_backport_update_testsfcd4df9Update some tests for supplementary group permissionsbb0197cMerge pull request from GHSA-rc4r-wh2q-q6c4d348775Merge pull request #44109 from rumpl/20.10-fix-local-context6a0186bWrap local calls to the content and lease serviceb73e9c2Merge pull request #44098 from thaJeztah/20.10_backport_swagger_updates4855c28Merge pull request #44101 from thaJeztah/20.10_backport_bump_golang_1.18.63d4616fUpdate to go 1.18.6 to address CVE-2022-27664, CVE-2022-32190d56101eMerge pull request #44093 from thaJeztah/20.10_backport_remove_tereshkova23c7d84docs: api: adjust ContainerWaitResponse error as optionalDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)