Docker Engine 18.09 release notes

Note:

With this release, the daemon, client and container runtime are now all shipped in separate packages. When updating, you need to update all packages at the same time to get the latest patch releases for each. For example, on Ubuntu:

$ sudo apt-get install docker-ce docker-ce-cli containerd.io

See the installation instructions for the corresponding Linux distribution for details.

18.09.9

2019-09-03

Client

  • Fix Windows absolute path detection on non-Windows. docker/cli#1990
  • Fix Docker refusing to load key from delegation.key on Windows. docker/cli#1968
  • Completion scripts updates for bash and zsh.

Logging

Networking

Runtime

  • Update to Go 1.11.13.
  • Fix a potential engine panic when using XFS disk quota for containers. moby/moby#39644

Swarm

18.09.8

2019-07-17

Runtime

  • Masked the secrets updated to the log files when running Docker Engine in debug mode. CVE-2019-13509: If a Docker engine is running in debug mode, and docker stack deploy is used to redeploy a stack which includes non-external secrets, the logs will contain the secret.

Client

  • Fixed rollback config type interpolation for parallelism and max_failure_ratio fields.

Known Issue

  • There are important changes to the upgrade process that, if not correctly followed, can have an impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or later.

18.09.7

2019-06-27

Builder

  • Fixed a panic error when building dockerfiles that contain only comments. moby/moby#38487
  • Added a workaround for GCR authentication issue. moby/moby#38246
  • Builder-next: Fixed a bug in the GCR token cache implementation workaround. moby/moby#39183

Networking

  • Fixed an error where --network-rm would fail to remove a network. moby/moby#39174

Runtime

Logging

  • Added a fix that now allows large log lines for logger plugins. moby/moby#39038

Known Issue

  • There are important changes to the upgrade process that, if not correctly followed, can have an impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or later.

18.09.6

2019-05-06

Builder

  • Fixed COPY and ADD with multiple <src> to not invalidate cache if DOCKER_BUILDKIT=1. moby/moby#38964

Networking

Known Issues

  • There are important changes to the upgrade process that, if not correctly followed, can have an impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or later.

18.09.5

2019-04-11

Builder

Client

Networking

Runtime

Swarm Mode

Known Issues

  • There are important changes to the upgrade process that, if not correctly followed, can have an impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or later.

18.09.4

2019-03-28

Builder

Runtime

Swarm Mode

  • Fixed nil pointer exception when joining node to swarm. moby/moby#38618
  • Fixed issue for swarm nodes not being able to join as masters if http proxy is set. [moby/moby#36951]

Known Issues

  • There are important changes to the upgrade process that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or later.

18.09.3

2019-02-28

Networking fixes

  • Windows: now avoids regeneration of network IDs to prevent broken references to networks. docker/engine#149
  • Windows: Fixed an issue to address - restart always flag on standalone containers not working when specifying a network. (docker/escalation#1037)
  • Fixed an issue to address the IPAM state from networkdb if the manager is not attached to the overlay network. (docker/escalation#1049)

Runtime fixes and updates

  • Updated to Go version 1.10.8.
  • Modified names in the container name generator. docker/engine#159
  • When copying an existing folder, xattr set errors when the target filesystem doesn't support xattr are now ignored. docker/engine#135
  • Graphdriver: fixed "device" mode not being detected if "character-device" bit is set. docker/engine#160
  • Fixed nil pointer dereference on failure to connect to containerd. docker/engine#162
  • Deleted stale containerd object on start failure. docker/engine#154

Known Issues

  • There are important changes to the upgrade process that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater.

18.09.2

2019-02-11

Security fixes

  • Update runc to address a critical vulnerability that allows specially-crafted containers to gain administrative privileges on the host. CVE-2019-5736
  • Ubuntu 14.04 customers using a 3.13 kernel will need to upgrade to a supported Ubuntu 4.x kernel

For additional information, refer to the Docker blog post.

Known Issues

  • There are important changes to the upgrade process that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater.

18.09.1

2019-01-09

Important notes about this release

In Docker versions prior to 18.09, containerd was managed by the Docker engine daemon. In Docker Engine 18.09, containerd is managed by systemd. Since containerd is managed by systemd, any custom configuration to the docker.service systemd configuration which changes mount settings (for example, MountFlags=slave) breaks interactions between the Docker Engine daemon and containerd, and you will not be able to start containers.

Run the following command to get the current value of the MountFlags property for the docker.service:

$ sudo systemctl show --property=MountFlags docker.service
MountFlags=

Update your configuration if this command prints a non-empty value for MountFlags, and restart the docker service.

Security fixes

Improvements

Fixes

Packaging

Known Issues

  • When upgrading from 18.09.0 to 18.09.1, containerd is not upgraded to the correct version on Ubuntu.
  • There are important changes to the upgrade process that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater.

18.09.0

2018-11-08

Important notes about this release

In Docker versions prior to 18.09, containerd was managed by the Docker engine daemon. In Docker Engine 18.09, containerd is managed by systemd. Since containerd is managed by systemd, any custom configuration to the docker.service systemd configuration which changes mount settings (for example, MountFlags=slave) breaks interactions between the Docker Engine daemon and containerd, and you will not be able to start containers.

Run the following command to get the current value of the MountFlags property for the docker.service:

$ sudo systemctl show --property=MountFlags docker.service
MountFlags=

Update your configuration if this command prints a non-empty value for MountFlags, and restart the docker service.

New features

Improvements

Fixes

Known Issues

  • There are important changes to the upgrade process that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater.

  • With https://github.com/boot2docker/boot2docker/releases/download/v18.09.0/boot2docker.iso, connection is being refused from a node on the virtual machine. Any publishing of swarm ports in virtualbox-created docker-machine VM's will not respond. This is occurring on macOS and Windows 10, using docker-machine version 0.15 and 0.16.

    The following docker run command works, allowing access from host browser:

    docker run -d -p 4000:80 nginx

    However, the following docker service command fails, resulting in curl/chrome unable to connect (connection refused):

    docker service create -p 5000:80 nginx

    This issue is not apparent when provisioning 18.09.0 cloud VM's using docker-machine.

    Workarounds:

    • Use cloud VM's that don't rely on boot2docker.
    • docker run is unaffected.
    • For Swarm, set VIRTUALBOX_BOOT2DOCKER_URL=https://github.com/boot2docker/boot2docker/releases/download/v18.06.1-ce/boot2docker.iso.

    This issue is resolved in 18.09.1.

Deprecation Notices

  • Docker has deprecated support for Device Mapper as a storage driver. It will continue to be supported at this time, but support will be removed in a future release.

    The Overlay2 storage driver is now the default for Docker Engine implementations.

End of Life Notification

In this release, Docker has also removed support for TLS < 1.2 moby/moby#37660, Ubuntu 14.04 "Trusty Tahr" docker-ce-packaging#255 / docker-ce-packaging#254, and Debian 8 "Jessie" docker-ce-packaging#255 / docker-ce-packaging#254.