nemunaire/minifaas
Archived
1
0
Fork 0
Code Issues Pull Requests 3 Releases Activity

Update module github.com/docker/docker/v24 to v25 #38

Open
renovate-bot wants to merge 1 commits from renovate/github.com-docker-docker-v24-25.x into master
pull from: renovate/github.com-docker-docker-v24-25.x
merge into: nemunaire:master
Conversation 1 Commits 1 Files Changed 1 +1 -1
renovate-bot commented 2024-01-19 14:23:00 +00:00
Contributor
Copy Link

This PR contains the following updates:

Package Type Update Change
github.com/docker/docker/v24 require major v24.0.7 -> v25.0.3

Release Notes

docker/docker (github.com/docker/docker/v24)

v25.0.3

Compare Source

25.0.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

What's Changed

  • 25.0 backport] pkg/ioutils: Make subsequent Close attempts noop https://github.com/moby/moby/pull/47222

  • 25.0 backport] Fix HasResource inverted boolean error - vendor swarmkit v2.0.0-20240125134710-dcda100a8261 https://github.com/moby/moby/pull/47225

  • 25.0 backport] gha: update actions to account for node 16 deprecation https://github.com/moby/moby/pull/47291

  • 25.0 backport] docs: remove dead links from api verison history https://github.com/moby/moby/pull/47296

  • 25.0 backport] Assert temp output directory is not an empty string https://github.com/moby/moby/pull/47298

  • 25.0 backport] api: Document `version` in `/build` https://github.com/moby/moby/pull/47295

  • 25.0 backport] De-flake TestSwarmClusterRotateUnlockKey https://github.com/moby/moby/pull/47201

  • 25.0 backport] Add internal n/w bridge to firewalld docker zone https://github.com/moby/moby/pull/47303

  • 25.0 backport] Only restore a configured MAC addr on restart. https://github.com/moby/moby/pull/47304

  • 25.0 backport] Revert "daemon: automatically set network EnableIPv6 if needed" https://github.com/moby/moby/pull/47310

  • 25.0 backport] libnet: bridge: ignore EINVAL when configuring bridge MTU https://github.com/moby/moby/pull/47311

  • 25.0 backport] logger/journald: fix tailing logs with systemd 255 https://github.com/moby/moby/pull/47243

  • 25.0 backport] add more //go:build directives to prevent downgrading to go1.16 language https://github.com/moby/moby/pull/47220

  • 25.0 backport] libcontainerd/supervisor: fix data race https://github.com/moby/moby/pull/47313

  • 25.0 backport] plugins: Fix panic when fetching by digest https://github.com/moby/moby/pull/47323

  • 25.0 backport] Dockerfile: update docker-cli to v25.0.2, docker compose v2.24.5 https://github.com/moby/moby/pull/47316

  • 25.0 backport] image/save: Fix untagged images not present in index.json https://github.com/moby/moby/pull/47294

  • 25.0 backport] Dockerfile: update RootlessKit to v2.0.1 https://github.com/moby/moby/pull/47334

  • 25.0 backport] image/cache: Ignore Build and Revision on Windows https://github.com/moby/moby/pull/47337

  • 25.0 backport] profiles/seccomp: add syscalls for kernel v5.17 - v6.6, match containerd's profile https://github.com/moby/moby/pull/47344

  • 25.0 backport]  c8d: Use the same logic to get the present images https://github.com/moby/moby/pull/47348

Full Changelog: https://github.com/moby/moby/compare/v25.0.2...v25.0.3

v25.0.2

Compare Source

25.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains security fixes for the following CVEs
affecting Docker Engine and its components.

CVE Component Fix version Severity
CVE-2024-21626 runc 1.1.12 High, CVSS 8.6
CVE-2024-23651 BuildKit 1.12.5 High, CVSS 8.7
CVE-2024-23652 BuildKit 1.12.5 High, CVSS 8.7
CVE-2024-23653 BuildKit 1.12.5 High, CVSS 7.7
CVE-2024-23650 BuildKit 1.12.5 Medium, CVSS 5.5
CVE-2024-24557 Docker Engine 25.0.2 Medium, CVSS 6.9

The potential impacts of the above vulnerabilities include:

  • Unauthorized access to the host filesystem
  • Compromising the integrity of the build cache
  • In the case of CVE-2024-21626, a scenario that could lead to full container escape

For more information about the security issues addressed in this release,
refer to the blog post.
For details about each vulnerability, see the relevant security advisory:

Packaging updates

v25.0.1

Compare Source

25.0.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements
  • API: Fix incorrect HTTP status code for containers with an invalid network configuration created before upgrading to Docker Engine v25.0. moby/moby#47159
  • Ensure that a MAC address based on a container's IP address is re-generated when the container is stopped and restarted, in case the generated IP/MAC addresses have been reused. moby/moby#47171
  • Fix host-gateway-ip not working during build when not set through configuration. moby/moby#47192
  • Fix a bug that prevented a container from being renamed twice. moby/moby#47196
  • Fix an issue causing containers to have their short ID added to their network alias when inspecting them. moby/moby#47182
  • Fix an issue in detecting whether a remote build context is a Git repository. moby/moby#47136
  • Fix an issue with layers order in OCI manifests. moby/moby#47150
  • Fix volume mount error when passing an addr or ip mount option. moby/moby#47185
  • Improve error message related to extended attributes that can't be set due to improperly namespaced attribute names. moby/moby#47178
  • Swarm: Fixed start_interval not being passed to the container config. moby/moby#47163
Packaging updates

v25.0.0

Compare Source

25.0.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

New
Bug fixes and enhancements
  • API: Fix error message for invalid policies at ValidateRestartPolicy. moby/moby#46352
  • API: Update /info endpoint to use singleflight. moby/moby#45847
  • Add an error message for when specifying a Dockerfile filename with -f, and also using stdin. docker/cli#4346
  • Add support for mac-address and link-local-ip fields in --network long format. docker/cli#4419
  • Add support for specifying multiple --network flags with docker container create and docker run. moby/moby#45906
  • Automatically enable IPv6 on a network when an IPv6 subnet is specified. moby/moby#46455
  • Add support for overlay networks over IPv6 transport. moby/moby#46790
  • Configuration reloading is now more robust: if there's an error during the configuration reload process, no configuration changes are applied. moby/moby#43980
  • Live restore: Containers with auto remove (docker run --rm) are no longer forcibly removed on engine restart. moby/moby#46857
  • Live restore: containers that are live-restored will now be given another health-check start period when the daemon restarts. moby/moby#47051
  • Container health status is flushed to disk less frequently, reducing wear on flash storage. moby/moby#47044
  • Ensure network names are unique. moby/moby#46251
  • Ensure that overlay2 layer metadata is correct. moby/moby#46471
  • Fix Downloading progress message on image pull. moby/moby#46515
  • Fix NetworkConnect and ContainerCreate with improved data validation, and return all validation errors at once. moby/moby#46183
  • Fix com.docker.network.host_ipv4 option when IPv6 and ip6tables are enabled. moby/moby#46446
  • Fix daemon's cleanupContainer if containerd is stopped. moby/moby#46213
  • Fix returning incorrect HTTP status codes for libnetwork errors. moby/moby#46146
  • Fix various issues with images/json API filters and image list. moby/moby#46034
  • CIFS volumes now resolves FQDN correctly. moby/moby#46863
  • Improve validation of the userland-proxy-path daemon configuration option. Validation now happens during daemon startup, instead of producing an error when starting a container with port-mapping. moby/moby#47000
  • Set the MAC address of container's interface when network mode is a short network ID. moby/moby#46406
  • Sort unconsumed build arguments before display in build output. moby/moby#45917
  • The docker image save tarball output is now OCI compliant. moby/moby#44598
  • The daemon no longer appends ACCEPT rules to the end of the INPUT iptables chain for encrypted overlay networks. Depending on firewall configuration, a rule may be needed to permit incoming encrypted overlay network traffic. moby/moby#45280
  • Unpacking layers with extended attributes onto an incompatible filesystem will now fail instead of silently discarding extended attributes. moby/moby#45464
  • Update daemon MTU option to BridgeConfig and display warning on Windows. moby/moby#45887
  • Validate IPAM config when creating a network. Automatically fix networks created prior to this release where --ip-range is larger than --subnet. moby/moby#45759
  • containerd image store: Add image events for push, pull, and save. moby/moby#46405
  • containerd image store: Add support for pulling legacy schema1 images. moby/moby#46513
  • containerd image store: Add support for pushing all tags. moby/moby#46485
  • containerd image store: Add support for registry token. moby/moby#46475
  • containerd image store: Add support for showing the number of containers that use an image. moby/moby#46511
  • containerd image store: Fix a bug related to the ONBUILD, MAINTAINER, and HEALTHCHECK Dockerfile instructions. moby/moby#46313
  • containerd image store: Fix Pulling from progress message. moby/moby#46494
  • containerd image store: Add support for referencing images via the truncated ID with sha256: prefix. moby/moby#46435
  • containerd image store: Fix docker images showing intermediate layers by default. moby/moby#46423
  • containerd image store: Fix checking if the specified platform exists when getting an image. moby/moby#46495
  • containerd image store: Fix errors when multiple ADD or COPY instructions were used with the classic builder. moby/moby#46383
  • containerd image store: Fix stack overflow errors when importing an image. moby/moby#46418
  • containerd image store: Improve docker pull progress output. moby/moby#46412
  • containerd image store: Print the tag, digest, and size after pushing an image. moby/moby#46384
  • containerd image store: Remove panic from UpdateConfig. moby/moby#46433
  • containerd image store: Return an error when an image tag resembles a digest. moby/moby#46492
  • containerd image store: docker image ls now shows the correct image creation time and date. moby/moby#46719
  • containerd image store: Fix an issue handling user namespace settings. moby/moby#46375
  • containerd image store: Add support for pulling all tags (docker pull -a). moby/moby#46618
  • containerd image store: Use the domain name in the image reference as the default registry authentication domain. moby/moby#46779
Packaging updates
Removed
Deprecated
  • Deprecate API versions older than 1.24. Deprecation notice
  • Deprecate IsAutomated field and is-automated filter for docker search. Deprecation notice
  • API: Deprecate Container and ContainerConfig properties for /images/{id}/json (docker image inspect). moby/moby#46939

v24.0.9

Compare Source

24.0.9

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains security fixes for the following CVEs affecting Docker Engine and its components.

CVE Component Fix version Severity
CVE-2024-21626 runc 1.1.12 High, CVSS 8.6
CVE-2024-24557 Docker Engine 24.0.9 Medium, CVSS 6.9

Important

⚠️

Note that this release of Docker Engine doesn't include fixes for the following known vulnerabilities in BuildKit:

To address these vulnerabilities, upgrade to Docker Engine v25.0.2.

For more information about the security issues addressed in this release, and the unaddressed vulnerabilities in BuildKit, refer to the
blog post. For details about each vulnerability, see the relevant security advisory:

Packaging updates

v24.0.8

Compare Source

24.0.8

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements
  • Live restore: Containers with auto remove (docker run --rm) are no longer forcibly removed on engine restart. moby/moby#46857
Packaging updates

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/docker/docker/v24](https://github.com/docker/docker) | require | major | `v24.0.7` -> `v25.0.3` | --- ### Release Notes <details> <summary>docker/docker (github.com/docker/docker/v24)</summary> ### [`v25.0.3`](https://github.com/moby/moby/releases/tag/v25.0.3) [Compare Source](https://github.com/docker/docker/compare/v25.0.2...v25.0.3) #### 25.0.3 For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones: - [docker/cli, 25.0.3 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.3) - [moby/moby, 25.0.3 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.3) #### What's Changed - \[25.0 backport] pkg/ioutils: Make subsequent Close attempts noop https://github.com/moby/moby/pull/47222 - \[25.0 backport] Fix HasResource inverted boolean error - vendor swarmkit v2.0.0-20240125134710-dcda100a8261 https://github.com/moby/moby/pull/47225 - \[25.0 backport] gha: update actions to account for node 16 deprecation https://github.com/moby/moby/pull/47291 - \[25.0 backport] docs: remove dead links from api verison history https://github.com/moby/moby/pull/47296 - \[25.0 backport] Assert temp output directory is not an empty string https://github.com/moby/moby/pull/47298 - \[25.0 backport] api: Document `version` in `/build` https://github.com/moby/moby/pull/47295 - \[25.0 backport] De-flake TestSwarmClusterRotateUnlockKey https://github.com/moby/moby/pull/47201 - \[25.0 backport] Add internal n/w bridge to firewalld docker zone https://github.com/moby/moby/pull/47303 - \[25.0 backport] Only restore a configured MAC addr on restart. https://github.com/moby/moby/pull/47304 - \[25.0 backport] Revert "daemon: automatically set network EnableIPv6 if needed" https://github.com/moby/moby/pull/47310 - \[25.0 backport] libnet: bridge: ignore EINVAL when configuring bridge MTU https://github.com/moby/moby/pull/47311 - \[25.0 backport] logger/journald: fix tailing logs with systemd 255 https://github.com/moby/moby/pull/47243 - \[25.0 backport] add more //go:build directives to prevent downgrading to go1.16 language https://github.com/moby/moby/pull/47220 - \[25.0 backport] libcontainerd/supervisor: fix data race https://github.com/moby/moby/pull/47313 - \[25.0 backport] plugins: Fix panic when fetching by digest https://github.com/moby/moby/pull/47323 - \[25.0 backport] Dockerfile: update docker-cli to v25.0.2, docker compose v2.24.5 https://github.com/moby/moby/pull/47316 - \[25.0 backport] image/save: Fix untagged images not present in index.json https://github.com/moby/moby/pull/47294 - \[25.0 backport] Dockerfile: update RootlessKit to v2.0.1 https://github.com/moby/moby/pull/47334 - \[25.0 backport] image/cache: Ignore Build and Revision on Windows https://github.com/moby/moby/pull/47337 - \[25.0 backport] profiles/seccomp: add syscalls for kernel v5.17 - v6.6, match containerd's profile https://github.com/moby/moby/pull/47344 - \[25.0 backport] c8d: Use the same logic to get the present images https://github.com/moby/moby/pull/47348 **Full Changelog**: https://github.com/moby/moby/compare/v25.0.2...v25.0.3 ### [`v25.0.2`](https://github.com/moby/moby/releases/tag/v25.0.2) [Compare Source](https://github.com/docker/docker/compare/v25.0.1...v25.0.2) #### 25.0.2 For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones: - [docker/cli, 25.0.2 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.2) - [moby/moby, 25.0.2 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.2) ##### Security This release contains security fixes for the following CVEs affecting Docker Engine and its components. | CVE | Component | Fix version | Severity | | ----------------------------------------------------------- | ------------- | ----------- | ---------------- | | [CVE-2024-21626](https://scout.docker.com/v/CVE-2024-21626) | runc | 1.1.12 | High, CVSS 8.6 | | [CVE-2024-23651](https://scout.docker.com/v/CVE-2024-23651) | BuildKit | 1.12.5 | High, CVSS 8.7 | | [CVE-2024-23652](https://scout.docker.com/v/CVE-2024-23652) | BuildKit | 1.12.5 | High, CVSS 8.7 | | [CVE-2024-23653](https://scout.docker.com/v/CVE-2024-23653) | BuildKit | 1.12.5 | High, CVSS 7.7 | | [CVE-2024-23650](https://scout.docker.com/v/CVE-2024-23650) | BuildKit | 1.12.5 | Medium, CVSS 5.5 | | [CVE-2024-24557](https://scout.docker.com/v/CVE-2024-24557) | Docker Engine | 25.0.2 | Medium, CVSS 6.9 | The potential impacts of the above vulnerabilities include: - Unauthorized access to the host filesystem - Compromising the integrity of the build cache - In the case of CVE-2024-21626, a scenario that could lead to full container escape For more information about the security issues addressed in this release, refer to the [blog post](https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/). For details about each vulnerability, see the relevant security advisory: - [CVE-2024-21626](https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv) - [CVE-2024-23651](https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv) - [CVE-2024-23652](https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8) - [CVE-2024-23653](https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g) - [CVE-2024-23650](https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx) - [CVE-2024-24557](https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc) ##### Packaging updates - Upgrade containerd to [v1.6.28](https://github.com/containerd/containerd/releases/tag/v1.6.28). - Upgrade containerd to v1.7.13 (static binaries only). [moby/moby#47280](https://github.com/moby/moby/pull/47280) - Upgrade runc to v1.1.12. [moby/moby#47269](https://github.com/moby/moby/pull/47269) - Upgrade Compose to v2.24.5. [docker/docker-ce-packaging#985](https://github.com/docker/docker-ce-packaging/pull/985) - Upgrade BuildKit to v0.12.5. [moby/moby#47273](https://github.com/moby/moby/pull/47273) ### [`v25.0.1`](https://github.com/moby/moby/releases/tag/v25.0.1) [Compare Source](https://github.com/docker/docker/compare/v25.0.0...v25.0.1) #### 25.0.1 For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones: - [docker/cli, 25.0.1 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.1) - [moby/moby, 25.0.1 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.1) ##### Bug fixes and enhancements - API: Fix incorrect HTTP status code for containers with an invalid network configuration created before upgrading to Docker Engine v25.0. [moby/moby#47159](https://github.com/moby/moby/pull/47159) - Ensure that a MAC address based on a container's IP address is re-generated when the container is stopped and restarted, in case the generated IP/MAC addresses have been reused. [moby/moby#47171](https://github.com/moby/moby/pull/47171) - Fix `host-gateway-ip` not working during build when not set through configuration. [moby/moby#47192](https://github.com/moby/moby/pull/47192) - Fix a bug that prevented a container from being renamed twice. [moby/moby#47196](https://github.com/moby/moby/pull/47196) - Fix an issue causing containers to have their short ID added to their network alias when inspecting them. [moby/moby#47182](https://github.com/moby/moby/pull/47182) - Fix an issue in detecting whether a remote build context is a Git repository. [moby/moby#47136](https://github.com/moby/moby/pull/47136) - Fix an issue with layers order in OCI manifests. [moby/moby#47150](https://github.com/moby/moby/issues/47150) - Fix volume mount error when passing an `addr` or `ip` mount option. [moby/moby#47185](https://github.com/moby/moby/pull/47185) - Improve error message related to extended attributes that can't be set due to improperly namespaced attribute names. [moby/moby#47178](https://github.com/moby/moby/pull/47178) - Swarm: Fixed `start_interval` not being passed to the container config. [moby/moby#47163](https://github.com/moby/moby/pull/47163) ##### Packaging updates - Upgrade Compose to `2.24.2`. [docker/docker-ce-packaging#981](https://github.com/docker/docker-ce-packaging/pull/981) ### [`v25.0.0`](https://github.com/moby/moby/releases/tag/v25.0.0) [Compare Source](https://github.com/docker/docker/compare/v24.0.9...v25.0.0) #### 25.0.0 For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones: - [docker/cli, 25.0.0 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.0) - [moby/moby, 25.0.0 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.0) - Deprecated and removed features, see [Deprecated Features](https://github.com/docker/cli/blob/v25.0.0/docs/deprecated.md). - Changes to the Engine API, see [API version history](https://github.com/moby/moby/blob/v25.0.0/docs/api/version-history.md). ##### New - Add OpenTelemetry tracing. [moby/moby#45652](https://github.com/moby/moby/pull/45652), [moby/moby#45579](https://github.com/moby/moby/pull/45579) - Add support for CDI devices under Linux. [moby/moby#45134](https://github.com/moby/moby/pull/45134), [docker/cli#4510](https://github.com/docker/cli/pull/4510), [moby/moby#46004](https://github.com/moby/moby/pull/46004) - Add an additional interval to be used by healthchecks during the container start period. [moby/moby#40894](https://github.com/moby/moby/pull/40894), [docker/cli#4405](https://github.com/docker/cli/pull/4405), [moby/moby#45965](https://github.com/moby/moby/pull/45965) - Add a `--log-format` flag to `dockerd` to control the logging format: text (default) or JSON. [moby/moby#45737](https://github.com/moby/moby/pull/45737) - Add support for recursive read-only mounts. [moby/moby#45278](https://github.com/moby/moby/pull/45278), [moby/moby#46037](https://github.com/moby/moby/pull/46037) - Add support for filtering images based on timestamp with `docker image ls --filter=until=<timestamp>`. [moby/moby#46577](https://github.com/moby/moby/pull/46577) ##### Bug fixes and enhancements - API: Fix error message for invalid policies at `ValidateRestartPolicy`. [moby/moby#46352](https://github.com/moby/moby/pull/46352) - API: Update `/info` endpoint to use singleflight. [moby/moby#45847](https://github.com/moby/moby/pull/45847) - Add an error message for when specifying a Dockerfile filename with `-f`, and also using `stdin`. [docker/cli#4346](https://github.com/docker/cli/pull/4346) - Add support for `mac-address` and `link-local-ip` fields in `--network` long format. [docker/cli#4419](https://github.com/docker/cli/pull/4419) - Add support for specifying multiple `--network` flags with `docker container create` and `docker run`. [moby/moby#45906](https://github.com/moby/moby/pull/45906) - Automatically enable IPv6 on a network when an IPv6 subnet is specified. [moby/moby#46455](https://github.com/moby/moby/pull/46455) - Add support for overlay networks over IPv6 transport. [moby/moby#46790](https://github.com/moby/moby/pull/46790) - Configuration reloading is now more robust: if there's an error during the configuration reload process, no configuration changes are applied. [moby/moby#43980](https://github.com/moby/moby/pull/43980) - Live restore: Containers with auto remove (`docker run --rm`) are no longer forcibly removed on engine restart. [moby/moby#46857](https://github.com/moby/moby/pull/46857) - Live restore: containers that are live-restored will now be given another health-check start period when the daemon restarts. [moby/moby#47051](https://github.com/moby/moby/pull/47051) - Container health status is flushed to disk less frequently, reducing wear on flash storage. [moby/moby#47044](https://github.com/moby/moby/pull/47044) - Ensure network names are unique. [moby/moby#46251](https://github.com/moby/moby/pull/46251) - Ensure that overlay2 layer metadata is correct. [moby/moby#46471](https://github.com/moby/moby/pull/46471) - Fix `Downloading` progress message on image pull. [moby/moby#46515](https://github.com/moby/moby/pull/46515) - Fix `NetworkConnect` and `ContainerCreate` with improved data validation, and return all validation errors at once. [moby/moby#46183](https://github.com/moby/moby/pull/46183) - Fix `com.docker.network.host_ipv4` option when IPv6 and ip6tables are enabled. [moby/moby#46446](https://github.com/moby/moby/pull/46446) - Fix daemon's `cleanupContainer` if containerd is stopped. [moby/moby#46213](https://github.com/moby/moby/pull/46213) - Fix returning incorrect HTTP status codes for libnetwork errors. [moby/moby#46146](https://github.com/moby/moby/pull/46146) - Fix various issues with images/json API filters and image list. [moby/moby#46034](https://github.com/moby/moby/pull/46034) - CIFS volumes now resolves FQDN correctly. [moby/moby#46863](https://github.com/moby/moby/pull/46863) - Improve validation of the `userland-proxy-path` daemon configuration option. Validation now happens during daemon startup, instead of producing an error when starting a container with port-mapping. [moby/moby#47000](https://github.com/moby/moby/pull/47000) - Set the MAC address of container's interface when network mode is a short network ID. [moby/moby#46406](https://github.com/moby/moby/pull/46406) - Sort unconsumed build arguments before display in build output. [moby/moby#45917](https://github.com/moby/moby/pull/45917) - The `docker image save` tarball output is now OCI compliant. [moby/moby#44598](https://github.com/moby/moby/pull/44598) - The daemon no longer appends `ACCEPT` rules to the end of the `INPUT` iptables chain for encrypted overlay networks. Depending on firewall configuration, a rule may be needed to permit incoming encrypted overlay network traffic. [moby/moby#45280](https://github.com/moby/moby/pull/45280) - Unpacking layers with extended attributes onto an incompatible filesystem will now fail instead of silently discarding extended attributes. [moby/moby#45464](https://github.com/moby/moby/pull/45464) - Update daemon MTU option to BridgeConfig and display warning on Windows. [moby/moby#45887](https://github.com/moby/moby/pull/45887) - Validate IPAM config when creating a network. Automatically fix networks created prior to this release where `--ip-range` is larger than `--subnet`. [moby/moby#45759](https://github.com/moby/moby/pull/45759) - containerd image store: Add image events for `push`, `pull`, and `save`. [moby/moby#46405](https://github.com/moby/moby/pull/46405) - containerd image store: Add support for pulling legacy schema1 images. [moby/moby#46513](https://github.com/moby/moby/pull/46513) - containerd image store: Add support for pushing all tags. [moby/moby#46485](https://github.com/moby/moby/pull/46485) - containerd image store: Add support for registry token. [moby/moby#46475](https://github.com/moby/moby/pull/46475) - containerd image store: Add support for showing the number of containers that use an image. [moby/moby#46511](https://github.com/moby/moby/pull/46511) - containerd image store: Fix a bug related to the `ONBUILD`, `MAINTAINER`, and `HEALTHCHECK` Dockerfile instructions. [moby/moby#46313](https://github.com/moby/moby/pull/46313) - containerd image store: Fix `Pulling from` progress message. [moby/moby#46494](https://github.com/moby/moby/pull/46494) - containerd image store: Add support for referencing images via the truncated ID with `sha256:` prefix. [moby/moby#46435](https://github.com/moby/moby/pull/46435) - containerd image store: Fix `docker images` showing intermediate layers by default. [moby/moby#46423](https://github.com/moby/moby/pull/46423) - containerd image store: Fix checking if the specified platform exists when getting an image. [moby/moby#46495](https://github.com/moby/moby/pull/46495) - containerd image store: Fix errors when multiple `ADD` or `COPY` instructions were used with the classic builder. [moby/moby#46383](https://github.com/moby/moby/pull/46383) - containerd image store: Fix stack overflow errors when importing an image. [moby/moby#46418](https://github.com/moby/moby/pull/46418) - containerd image store: Improve `docker pull` progress output. [moby/moby#46412](https://github.com/moby/moby/pull/46412) - containerd image store: Print the tag, digest, and size after pushing an image. [moby/moby#46384](https://github.com/moby/moby/pull/46384) - containerd image store: Remove panic from `UpdateConfig`. [moby/moby#46433](https://github.com/moby/moby/pull/46433) - containerd image store: Return an error when an image tag resembles a digest. [moby/moby#46492](https://github.com/moby/moby/pull/46492) - containerd image store: `docker image ls` now shows the correct image creation time and date. [moby/moby#46719](https://github.com/moby/moby/pull/46719) - containerd image store: Fix an issue handling user namespace settings. [moby/moby#46375](https://github.com/moby/moby/pull/46375) - containerd image store: Add support for pulling all tags (`docker pull -a`). [moby/moby#46618](https://github.com/moby/moby/pull/46618) - containerd image store: Use the domain name in the image reference as the default registry authentication domain. [moby/moby#46779](https://github.com/moby/moby/pull/46779) ##### Packaging updates - Upgrade API to v1.44. [moby/moby#45468](https://github.com/moby/moby/pull/45468) - Upgrade Compose to `2.24.1`. [docker/docker-ce-packaging#980](https://github.com/docker/docker-ce-packaging/pull/980) - Upgrade containerd to v1.7.12 (static binaries only). [moby/moby#47070](https://github.com/moby/moby/pull/47070) - Upgrade Go runtime to [1.21.6](https://go.dev/doc/devel/release#go1.21.minor). [moby/moby#47053](https://github.com/moby/moby/pull/47053) - Upgrade runc to v1.1.11. [moby/moby#47007](https://github.com/moby/moby/pull/47007) - Upgrade BuildKit to v0.12.4. [moby/moby#46882](https://github.com/moby/moby/pull/46882) - Upgrade Buildx to v0.12.1. [docker/docker-ce-packaging#979](https://github.com/docker/docker-ce-packaging/pull/979) ##### Removed - API: Remove VirtualSize field for the `GET /images/json` and `GET /images/{id}/json` endpoints. [moby/moby#45469](https://github.com/moby/moby/pull/45469) - Remove deprecated `devicemapper` storage driver. [moby/moby#43637](https://github.com/moby/moby/pull/43637) - Remove deprecated orchestrator options. [docker/cli#4366](https://github.com/docker/cli/pull/4366) - Remove support for Debian Upstart init system. [moby/moby#45548](https://github.com/moby/moby/pull/45548), [moby/moby#45551](https://github.com/moby/moby/pull/45551) - Remove the `--oom-score-adjust` daemon option. [moby/moby#45484](https://github.com/moby/moby/pull/45484) - Remove warning for deprecated `~/.dockercfg` file. [docker/cli#4281](https://github.com/docker/cli/pull/4281) - Remove `logentries` logging driver. [moby/moby#46925](https://github.com/moby/moby/pull/46925) ##### Deprecated - Deprecate API versions older than 1.24. [Deprecation notice](../deprecated.md#deprecate-legacy-api-versions) - Deprecate `IsAutomated` field and `is-automated` filter for `docker search`. [Deprecation notice](../deprecated.md#isautomated-field-and-is-automated-filter-on-docker-search) - API: Deprecate `Container` and `ContainerConfig` properties for `/images/{id}/json` (`docker image inspect`). [moby/moby#46939](https://github.com/moby/moby/pull/46939) ### [`v24.0.9`](https://github.com/moby/moby/releases/tag/v24.0.9) [Compare Source](https://github.com/docker/docker/compare/v24.0.8...v24.0.9) #### 24.0.9 For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones: - [docker/cli, 24.0.9 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.9) - [moby/moby, 24.0.9 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.9) #### Security This release contains security fixes for the following CVEs affecting Docker Engine and its components. | CVE | Component | Fix version | Severity | | ----------------------------------------------------------- | ------------- | ----------- | ---------------- | | [CVE-2024-21626](https://scout.docker.com/v/CVE-2024-21626) | runc | 1.1.12 | High, CVSS 8.6 | | [CVE-2024-24557](https://scout.docker.com/v/CVE-2024-24557) | Docker Engine | 24.0.9 | Medium, CVSS 6.9 | > **Important** ⚠️ > > Note that this release of Docker Engine doesn't include fixes for the following known vulnerabilities in BuildKit: > > - [CVE-2024-23651](https://scout.docker.com/v/CVE-2024-23651) > - [CVE-2024-23652](https://scout.docker.com/v/CVE-2024-23652) > - [CVE-2024-23653](https://scout.docker.com/v/CVE-2024-23653) > - [CVE-2024-23650](https://scout.docker.com/v/CVE-2024-23650) > > To address these vulnerabilities, upgrade to [Docker Engine v25.0.2](./25.0.md#2502). For more information about the security issues addressed in this release, and the unaddressed vulnerabilities in BuildKit, refer to the [blog post](https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/). For details about each vulnerability, see the relevant security advisory: - [CVE-2024-21626](https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv) - [CVE-2024-24557](https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc) ##### Packaging updates - Upgrade runc to [v1.1.12](https://github.com/opencontainers/runc/releases/tag/v1.1.12). [moby/moby#47269](https://github.com/moby/moby/pull/47269) - Upgrade containerd to [v1.7.13](https://github.com/containerd/containerd/releases/tag/v1.7.13) (static binaries only). [moby/moby#47280](https://github.com/moby/moby/pull/47280) ### [`v24.0.8`](https://github.com/moby/moby/releases/tag/v24.0.8) [Compare Source](https://github.com/docker/docker/compare/v24.0.7...v24.0.8) #### 24.0.8 For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones: - [docker/cli, 24.0.8 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.8) - [moby/moby, 24.0.8 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.8) ##### Bug fixes and enhancements - Live restore: Containers with auto remove (`docker run --rm`) are no longer forcibly removed on engine restart. [moby/moby#46857](https://github.com/moby/moby/pull/46869) ##### Packaging updates - Upgrade Go to `go1.20.13`. [moby/moby#47054](https://github.com/moby/moby/pull/47054), [docker/cli#4826](https://github.com/docker/cli/pull/4826), [docker/docker-ce-packaging#975](https://github.com/docker/docker-ce-packaging/pull/975) - Upgrade containerd (static binaries only) to [v1.7.12](https://github.com/containerd/containerd/releases/tag/v1.7.12) [moby/moby#47096](https://github.com/moby/moby/pull/47096) - Upgrade runc to v1.1.11. [moby/moby#47010](https://github.com/moby/moby/pull/47010) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMzEuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->
renovate-bot commented 2024-01-19 14:23:06 +00:00
Author
Contributor
Copy Link

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: go get -d -t ./...
go: github.com/docker/docker/v25@v25.0.3: missing github.com/docker/docker/go.mod and .../v25/go.mod at revision v25.0.3
### ⚠ Artifact update problem Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens: - any of the package files in this branch needs updating, or - the branch becomes conflicted, or - you click the rebase/retry checkbox if found above, or - you rename this PR's title to start with "rebase!" to trigger it manually The artifact failure details are included below: ##### File name: go.sum ``` Command failed: go get -d -t ./... go: github.com/docker/docker/v25@v25.0.3: missing github.com/docker/docker/go.mod and .../v25/go.mod at revision v25.0.3 ```
renovate-bot force-pushed renovate/github.com-docker-docker-v24-25.x from 7b17654ac3 to e32f863e32 2024-01-24 10:18:21 +00:00 Compare
renovate-bot force-pushed renovate/github.com-docker-docker-v24-25.x from e32f863e32 to 5c5fd3ae0b 2024-02-01 03:20:41 +00:00 Compare
renovate-bot force-pushed renovate/github.com-docker-docker-v24-25.x from 5c5fd3ae0b to 7bd43cbfe1 2024-02-07 01:18:59 +00:00 Compare
This repo is archived. You cannot comment on pull requests.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: nemunaire/minifaas#38
No description provided.
Delete Branch "renovate/github.com-docker-docker-v24-25.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?