Sourced from github.com/docker/docker's\r\nreleases.
\r\n\r\n\r\n25.0.5
\r\nFor a full list of pull requests and changes in this release, refer\r\nto the relevant GitHub milestones:
\r\n\r\n
\r\n- docker/cli,\r\n25.0.5 milestone
\r\n- moby/moby,\r\n25.0.5 milestone
\r\n- Deprecated and removed features, see Deprecated\r\nFeatures.
\r\n- Changes to the Engine API, see API\r\nversion history.
\r\nSecurity
\r\nThis release contains a security fix for CVE-2024-29018,\r\na potential data exfiltration from 'internal' networks via authoritative\r\nDNS servers.
\r\nBug fixes and enhancements
\r\n\r\n
\r\n- CVE-2024-29018:\r\nDo not forward requests to external DNS servers for a container that is\r\nonly connected to an 'internal' network. Previously, requests were\r\nforwarded if the host's DNS server was running on a loopback address,\r\nlike systemd's 127.0.0.53. moby/moby#47589
\r\n- plugin: fix mounting /etc/hosts when running in UserNS. moby/moby#47588
\r\n- rootless: fix
\r\nopen /etc/docker/plugins: permission\r\ndenied
. moby/moby#47587- Fix multiple parallel
\r\ndocker build
runs leaking disk\r\nspace. moby/moby#47527v25.0.4
\r\nFor a full list of pull requests and changes in this release, refer\r\nto the relevant GitHub milestones:
\r\n\r\n
\r\n- docker/cli,\r\n25.0.4 milestone
\r\n- moby/moby,\r\n25.0.4 milestone
\r\n- Deprecated and removed features, see Deprecated\r\nFeatures.
\r\n- Changes to the Engine API, see API\r\nversion history.
\r\nBug fixes and enhancements
\r\n\r\n
\r\n- Restore DNS names for containers in the default "nat"\r\nnetwork on Windows. moby/moby#47490
\r\n- Fix
\r\ndocker start
failing when used with\r\n--checkpoint
moby/moby#47466- Don't enforce new validation rules for existing swarm networks moby/moby#47482
\r\n- Restore IP connectivity between the host and containers on an\r\ninternal bridge network. moby/moby#47481
\r\n- Fix a regression introduced in v25.0 that prevented the classic\r\nbuilder from ADDing a tar archive with xattrs created on a non-Linux OS\r\nmoby/moby#47483
\r\n- containerd image store: Fix image pull not emitting
\r\nPulling fs\r\nlayer
status moby/moby#47484API
\r\n\r\n
\r\n- To preserve backwards compatibility, make read-only mounts not\r\nrecursive by default when using older clients (API version < v1.44).\r\nmoby/moby#47393
\r\n- \r\n
GET /images/{id}/json
omits theCreated
\r\nfield (previously it was0001-01-01T00:00:00Z
) if the\r\nCreated
field is missing from the image config. moby/moby#47451- Populate a missing
\r\nCreated
field inGET\r\n/images/{id}/json
with0001-01-01T00:00:00Z
for API\r\nversion <= 1.43. moby/moby#47387- Fix a regression that caused API socket connection failures to\r\nreport an API version negotiation failure instead. moby/moby#47470
\r\n- Preserve supplied endpoint configuration in a container-create API\r\nrequest, when a container-wide MAC address is specified, but\r\n
\r\nNetworkMode
name-or-id is not the same as the name-or-id\r\nused inNetworkSettings.Networks
. moby/moby#47510Packaging updates
\r\n\r\n
\r\n\r\n- Upgrade Go runtime to 1.21.8. moby/moby#47503
\r\n- Upgrade RootlessKit to v2.0.2.\r\nmoby/moby#47508
\r\n- Upgrade Compose to v2.24.7.\r\ndocker/docker-ce-packaging#998
\r\n- Upgrade Buildx to v0.13.0.\r\ndocker/docker-ce-packaging#997
\r\n
... (truncated)
\r\ne63daec
\r\nMerge pull request #47589\r\nfrom vvoland/v25.0-47538817bccb
\r\nMerge pull request #47588\r\nfrom vvoland/v25.0-475582a0601e
\r\nMerge pull request #47587\r\nfrom vvoland/v25.0-475599df9ccc
\r\nMerge pull request #47586\r\nfrom vvoland/v25.0-47569a987bc5
\r\nlibnet: Don't forward to upstream resolvers on internal nw20c205f
\r\nEnvironment variable to override resolv.conf path.4be9723
\r\ndaemon: move getUnprivilegedMountFlags to internal package7ed7e6c
\r\nplugin: fix mounting /etc/hosts when running in UserNS81ad706
\r\nrootless: fix open /etc/docker/plugins: permission\r\ndenied
02d4ee3
\r\nMakefile: generate-files: fix check for empty TMP_OUTb225e7c
\r\nhttp2: limit maximum handler goroutines to MaxConcurrentStreams88194ad
\r\ngo.mod: update golang.org/x dependencies2b60a61
\r\nquic: fix several bugs in flow control accounting73d82ef
\r\nquic: handle DATA_BLOCKED frames5d5a036
\r\nquic: handle streams moving from the data queue to the meta queue350aad2
\r\nquic: correctly extend peer's flow control window after MAX_DATA21814e7
\r\nquic: validate connection id transport parametersa600b35
\r\nquic: avoid redundant MAX_DATA updatesea63359
\r\nhttp2: check stream body is present on read timeoutddd8598
\r\nquic: version negotiation