For official release notes for Docker Engine CE, visit the release notes page.
- Sterner warnings and deprecation notice for unauthenticated tcp access moby/moby#41285
- Deprecate KernelMemory (
docker run --kernel-memory) moby/moby#41254 docker/cli#2652 - Deprecate
aufsstorage driver docker/cli#1484 - Deprecate host-discovery and overlay networks with external k/v stores moby/moby#40614 moby/moby#40510
- Deprecate Dockerfile legacy 'ENV name value' syntax, use
ENV name=valueinstead docker/cli#2743 - Remove deprecated "filter" parameter for API v1.41 and up moby/moby#40491
- Disable distribution manifest v2 schema 1 on push moby/moby#41295
- Remove hack MalformedHostHeaderOverride breaking old docker clients (<= 1.12) in which case, set
DOCKER_API_VERSIONmoby/moby#39076 - Remove "docker engine" subcommands docker/cli#2207
- Remove experimental "deploy" from "dab" files docker/cli#2216
- Remove deprecated
docker search --automatedand--starsflags docker/cli#2338 - No longer allow reserved namespaces in engine labels docker/cli#2326
- Do not require "experimental" for metrics API moby/moby#40427
GET /eventsnow returnspruneevents after pruning resources have completed moby/moby#41259- Prune events are returned for
container,network,volume,image, andbuilder, and have areclaimedattribute, indicating the amount of space reclaimed (in bytes)
- Prune events are returned for
- Add
one-shotstats option to not prime the stats moby/moby#40478 - Adding OS version info to the system info's API (
/info) moby/moby#38349 - Add DefaultAddressPools to docker info moby/moby#40714
- Add API support for PidsLimit on services moby/moby#39882
- buildkit: git: support for token authentication moby/moby#41234 docker/cli#2656 moby/buildkit#1533
- buildkit: secrets: allow providing secrets with env moby/moby#41234 docker/cli#2656 moby/buildkit#1534
- Support
--secret id=foo,env=MY_ENVas an alternative for storing a secret value to a file. --secret id=GIT_AUTH_TOKENwill load env if it exists and the file does not.
- Support
- buildkit: Support for mirrors fallbacks, insecure TLS and custom TLS config moby/moby#40814
- buildkit: remotecache: Only visit each item once when walking results moby/moby#41234 moby/buildkit#1577
- Improves performance and CPU use on bigger graphs
- buildkit: Check remote when local image platform doesn't match moby/moby#40629
- buildkit: image export: Use correct media type when creating new layer blobs moby/moby#41234 moby/buildkit#1541
- buildkit: progressui: fix logs time formatting moby/moby#41234 docker/cli#2656 moby/buildkit#1549
- buildkit: mitigate containerd issue on parallel push moby/moby#41234 moby/buildkit#1548
- buildkit: inline cache: fix handling of duplicate blobs moby/moby#41234 moby/buildkit#1568
- Fixes moby/buildkit#1388 cache-from working unreliably
- Fixes moby/moby#41219 Image built from cached layers is missing data
- Allow ssh:// for remote context URLs moby/moby#40179
- builder: remove legacy build's session handling (was experimental) moby/moby#39983
- Add swarm jobs support to CLI docker/cli#2262
- Add
-a/--all-tagsto docker push docker/cli#2220 - Add support for Kubernetes username/password auth docker/cli#2308
- Add
--pull=missing|always|nevertorunandcreatecommands docker/cli#1498 - Add
--env-fileflag todocker execfor parsing environment variables from a file docker/cli#2602 - Add shorthand
-nfor--tailoption docker/cli#2646 - Add log-driver and options to service inspect "pretty" format docker/cli#1950
- docker run: specify cgroup namespace mode with
--cgroupnsdocker/cli#2024 docker manifest rmcommand to remove manifest list draft from local storage docker/cli#2449- Add "context" to "docker version" and "docker info" docker/cli#2500
- Propagate platform flag to container create API docker/cli#2551
- The
docker ps --formatflag now has a.Stateplaceholder to print the container's state without additional details about uptime and health check docker/cli#2000 - Add support for docker-compose schema v3.9 docker/cli#2073
- Add support for docker push
--quietdocker/cli#2197 - Hide flags that are not supported by BuildKit, if BuildKit is enabled docker/cli#2123
- Update flag description for
docker rm -vto clarify the option only removes anonymous (unnamed) volumes docker/cli#2289 - Improve tasks printing for docker services docker/cli#2341
- docker info: list CLI plugins alphabetically docker/cli#2236
- Fix order of processing of
--label-add/--label-rm,--container-label-add/--container-label-rm, and--env-add/--env-rmflags ondocker service updateto allow replacing existing values docker/cli#2668 - Fix
docker rm --forcereturning a non-zero exit code if one or more containers did not exist docker/cli#2678 - Improve memory stats display by using
total_inactive_fileinstead ofcachedocker/cli#2415 - Mitigate against YAML files that has excessive aliasing docker/cli#2117
- Allow using advanced syntax when setting a config or secret with only the source field docker/cli#2243
- Fix reading config files containing
usernameandpasswordauth even ifauthis empty docker/cli#2122 - docker cp: prevent NPE when failing to stat destination docker/cli#2221
- config: preserve ownership and permissions on configfile docker/cli#2228
- Support reading
docker logswith all logging drivers (best effort) moby/moby#40543 - Add
splunk-index-acknowledgmentlog option to work with Splunk HECs with index acknowledgment enabled moby/moby#39987 - Add partial metadata to journald logs moby/moby#41407
- Reduce allocations for logfile reader moby/moby#40796
- Fluentd: add fluentd-async, fluentd-request-ack, and deprecate fluentd-async-connect moby/moby#39086
- Support cgroup2 moby/moby#40174 moby/moby#40657 moby/moby#40662
- cgroup2: use "systemd" cgroup driver by default when available moby/moby#40846
- new storage driver: fuse-overlayfs moby/moby#40483
- Update containerd binary to v1.4.0 moby/moby#40982
docker pushnow defaults tolatesttag instead of all tags moby/moby#40302- Added ability to change the number of reconnect attempts during connection loss while pulling an image by adding max-download-attempts to the config file moby/moby#39949
- Add support for containerd v2 shim by using the now default
io.containerd.runc.v2runtime moby/moby#41182 - cgroup v1: change the default runtime to io.containerd.runc.v2. Requires containerd v1.3.0 or later. v1.3.5 or later is recommended moby/moby#41210
- Start containers in their own cgroup namespaces moby/moby#38377
- Enable DNS Lookups for CIFS Volumes moby/moby#39250
- Use MemAvailable instead of MemFree to estimate actual available memory moby/moby#39481
- The
--deviceflag indocker runwill now be honored when the container is started in privileged mode moby/moby#40291 - Enforce reserved internal labels moby/moby#40394
- Raise minimum memory limit to 6M, to account for higher memory use by runtimes during container startup moby/moby#41168
- Add support for
CAP_PERFMON,CAP_BPF, andCAP_CHECKPOINT_RESTOREon supported kernels moby/moby#41460 - vendor runc v1.0.0-rc92 moby/moby#41344 moby/moby#41317
- info: add warnings about missing blkio cgroup support moby/moby#41083
- Accept platform spec on container create moby/moby#40725
- Fix handling of looking up user- and group-names with spaces moby/moby#41377
- Support host.docker.internal in dockerd on Linux moby/moby#40007
- Include IPv6 address of linked containers in /etc/hosts moby/moby#39837
- Add alias for hostname if hostname != container name moby/moby#39204
- Better selection of DNS server (with systemd) moby/moby#41022
- Add docker interfaces to firewalld docker zone moby/moby#41189 moby/libnetwork#2548
- Fixes DNS issue on CentOS8 docker/for-linux#957
- Fixes Port Forwarding on RHEL 8 with Firewalld running with FirewallBackend=nftables moby/libnetwork#2496
- Fix an issue reporting 'failed to get network during CreateEndpoint' moby/moby#41189 moby/libnetwork#2554
- Log error instead of disabling IPv6 router advertisement failed moby/moby#41189 moby/libnetwork#2563
- No longer ignore
--default-address-pooloption in certain cases moby/moby#40711 - Produce an error with invalid address pool moby/moby#40808 moby/libnetwork#2538
- Fix
DOCKER-USERchain not created when IPTableEnable=false moby/moby#40808 moby/libnetwork#2471 - Fix panic on startup in systemd environments moby/moby#40808 moby/libnetwork#2544
- Fix issue preventing containers to communicate over macvlan internal network moby/moby#40596 moby/libnetwork#2407
- Fix InhibitIPv4 nil panic moby/moby#40596
- Fix VFP leak in Windows overlay network deletion moby/moby#40596 moby/libnetwork#2524
- docker.service: Add multi-user.target to After= in unit file moby/moby#41297
- docker.service: Allow socket activation moby/moby#37470
- seccomp: Remove dependency in dockerd on libseccomp moby/moby#41395
- rootless: graduate from experimental moby/moby#40759
- Add dockerd-rootless-setuptool.sh moby/moby#40950
- Support
--exec-opt native.cgroupdriver=systemdmoby/moby#40486
- Fix CVE-2019-14271 loading of nsswitch based config inside chroot under Glibc moby/moby#39612
- seccomp: Whitelist
clock_adjtime.CAP_SYS_TIMEis still required for time adjustment moby/moby#40929 - seccomp: Add openat2 and faccessat2 to default seccomp profile moby/moby#41353
- seccomp: allow 'rseq' syscall in default seccomp profile moby/moby#41158
- seccomp: allow syscall membarrier moby/moby#40731
- seccomp: whitelist io-uring related system calls moby/moby#39415
- Add default sysctls to allow ping sockets and privileged ports with no capabilities moby/moby#41030
- Fix seccomp profile for clone syscall moby/moby#39308
- Add support for swarm jobs moby/moby#40307
- Add capabilities support to stack/service commands docker/cli#2687 docker/cli#2709 moby/moby#39173 moby/moby#41249
- Add support for sending down service Running and Desired task counts moby/moby#39231
- service: support
--mount type=bind,bind-nonrecursivemoby/moby#38788 - Support ulimits on Swarm services. moby/moby#41284 docker/cli#2712
- Fixed an issue where service logs could leak goroutines on the worker moby/moby#40426