ELBA-2016-3611

ULN >
Oracle Linux Errata repository >
ELBA-2016-3611

ELBA-2016-3611 - docker-engine bug fix update

Type:	BUG
Severity:	NA
Release Date:	2016-09-06

Description

[1.12.0-1.0.2]
- Merged upstream patch https://github.com/docker/docker/pull/25592

[1.12.0-1.0.1]
- Enable configuration of Docker daemon via sysconfig [orabug 21804877]
- Require UEK4 for docker 1.9 [orabug 22235639 22235645]
- Add selinux policy per distro (Michael Crosby)
- Add Oracle Linux specific selinux file (Thomas Tanaka) [orabug 23733327]

[1.12.0]
- New HEALTHCHECK Dockerfile instruction to support user-defined healthchecks [#23218](https://github.com/docker/docker/pull/23218)
- New SHELL Dockerfile instruction to specify the default shell when using the shell form for commands in a Dockerfile [#22489](https://github.com/docker/docker/pull/22489)
- Add #escape= Dockerfile directive to support platform-specific parsing of file paths in Dockerfile [#22268](https://github.com/docker/docker/pull/22268)
- Add support for comments in .dockerignore [#23111](https://github.com/docker/docker/pull/23111)
- Support for UTF-8 in Dockerfiles [#23372](https://github.com/docker/docker/pull/23372)
- Skip UTF-8 BOM bytes from Dockerfile and .dockerignore if exist [#23234](https://github.com/docker/docker/pull/23234)
- Windows: support for ARG to match Linux [#22508](https://github.com/docker/docker/pull/22508)
- Fix error message when building using a daemon with the bridge network disabled [#22932](https://github.com/docker/docker/pull/22932)
- Enable seccomp for Centos 7 and Oracle Linux 7 [#22344](https://github.com/docker/docker/pull/22344)
- Remove MountFlags in systemd unit to allow shared mount propagation [#22806](https://github.com/docker/docker/pull/22806)
- Add --max-concurrent-downloads and --max-concurrent-uploads daemon flags useful for situations where network connections dont support multiple downloads/uploads [#22445](https://github.com/docker/docker/pull/22445)
- Registry operations now honor the ALL_PROXY environment variable [#22316](https://github.com/docker/docker/pull/22316)
- Provide more information to the user on docker load [#23377](https://github.com/docker/docker/pull/23377)
- Always save registry digest metadata about images pushed and pulled [#23996](https://github.com/docker/docker/pull/23996)
- Syslog logging driver now supports DGRAM sockets [#21613](https://github.com/docker/docker/pull/21613)
- Add --details option to docker logs to also display log tags [#21889](https://github.com/docker/docker/pull/21889)
- Enable syslog logger to have access to env and labels [#21724](https://github.com/docker/docker/pull/21724)
- An additional syslog-format option rfc5424micro to allow microsecond resolution in syslog timestamp [#21844](https://github.com/docker/docker/pull/21844)
- Inherit the daemon log options when creating containers [#21153](https://github.com/docker/docker/pull/21153)
- Remove docker/ prefix from log messages tag and replace it with {{.DaemonName}} so that users have the option of changing the prefix [#22384](https://github.com/docker/docker/pull/22384)
- Built-in Virtual-IP based internal and ingress load-balancing using IPVS [#23361](https://github.com/docker/docker/pull/23361)
- Routing Mesh using ingress overlay network [#23361](https://github.com/docker/docker/pull/23361)
- Secured multi-host overlay networking using encrypted control-plane and Data-plane [#23361](https://github.com/docker/docker/pull/23361)
- MacVlan driver is out of experimental [#23524](https://github.com/docker/docker/pull/23524)
- Add driver filter to network ls [#22319](https://github.com/docker/docker/pull/22319)
- Adding network filter to docker ps --filter [#23300](https://github.com/docker/docker/pull/23300)
- Add --link-local-ip flag to create, run and network connect to specify a containers link-local address [#23415](https://github.com/docker/docker/pull/23415)
- Add network label filter support [#21495](https://github.com/docker/docker/pull/21495)
- Removed dependency on external KV-Store for Overlay networking in Swarm-Mode [#23361](https://github.com/docker/docker/pull/23361)
- Add containers short-id as default network alias [#21901](https://github.com/docker/docker/pull/21901)
- run options --dns and --net=host are no longer mutually exclusive [#22408](https://github.com/docker/docker/pull/22408)
- Fix DNS issue when renaming containers with generated names [#22716](https://github.com/docker/docker/pull/22716)
- Allow both network inspect -f {{.Id}} and network inspect -f {{.ID}} to address inconsistency with inspect output [#23226](https://github.com/docker/docker/pull/23226)
- New plugin command to manager plugins with install, enable, disable, rm, inspect, set subcommands [#23446](https://github.com/docker/docker/pull/23446)
- Split the binary into two: docker (client) and dockerd (daemon) [#20639](https://github.com/docker/docker/pull/20639)
- Add before and since filters to docker images --filter [#22908](https://github.com/docker/docker/pull/22908)
- Add --limit option to docker search [#23107](https://github.com/docker/docker/pull/23107)
- Add --filter option to docker search [#22369](https://github.com/docker/docker/pull/22369)
- Add security options to docker info output [#21172](https://github.com/docker/docker/pull/21172) [#23520](https://github.com/docker/docker/pull/23520)
- Add insecure registries to docker info output [#20410](https://github.com/docker/docker/pull/20410)
- Extend Docker authorization with TLS user information [#21556](https://github.com/docker/docker/pull/21556)
- devicemapper: expose Mininum Thin Pool Free Space through docker info [#21945](https://github.com/docker/docker/pull/21945)
- API now returns a JSON object when an error occurs making it more consistent [#22880](https://github.com/docker/docker/pull/22880)
- Prevent docker run -i --restart from hanging on exit [#22777](https://github.com/docker/docker/pull/22777)
- Fix API/CLI discrepancy on hostname validation [#21641](https://github.com/docker/docker/pull/21641)
- Fix discrepancy in the format of sizes in stats from HumanSize to BytesSize [#21773](https://github.com/docker/docker/pull/21773)
- authz: when request is denied return forbbiden exit code (403) [#22448](https://github.com/docker/docker/pull/22448)
- Windows: fix tty-related displaying issues [#23878](https://github.com/docker/docker/pull/23878)
- Add --live-restore daemon flag to keep containers running when daemon shuts down, and regain control on startup [#23213](https://github.com/docker/docker/pull/23213)
- Ability to add OCI-compatible runtimes (via --add-runtime daemon flag) and select one with --runtime on create and run [#22983](https://github.com/docker/docker/pull/22983)
- New overlay2 graphdriver for Linux 4.0+ with multiple lower directory support [#22126](https://github.com/docker/docker/pull/22126)
- New load/save image events [#22137](https://github.com/docker/docker/pull/22137)
- Add support for reloading daemon configuration through systemd [#22446](https://github.com/docker/docker/pull/22446)
- Add disk quota support for btrfs [#19651](https://github.com/docker/docker/pull/19651)
- Add disk quota support for zfs [#21946](https://github.com/docker/docker/pull/21946)
- Add support for docker run --pid=container: [#22481](https://github.com/docker/docker/pull/22481)
- Align default seccomp profile with selected capabilities [#22554](https://github.com/docker/docker/pull/22554)
- Add a daemon reload event when the daemon reloads its configuration [#22590](https://github.com/docker/docker/pull/22590)
- Add trace capability in the pprof profiler to show execution traces in binary form [#22715](https://github.com/docker/docker/pull/22715)
- Add a detach event [#22898](https://github.com/docker/docker/pull/22898)
- Add support for setting sysctls with --sysctl [#19265](https://github.com/docker/docker/pull/19265)
- Add --storage-opt flag to create and run allowing to set size on devicemapper [#19367](https://github.com/docker/docker/pull/19367)
- Add --oom-score-adjust daemon flag with a default value of -500 making the daemon less likely to be killed before containers [#24516](https://github.com/docker/docker/pull/24516)
- Undeprecate the -c short alias of --cpu-shares on run, build, create, update [#22621](https://github.com/docker/docker/pull/22621)
- Prevent from using aufs and overlay graphdrivers on an eCryptfs mount [#23121](https://github.com/docker/docker/pull/23121)
- Fix issues with tmpfs mount ordering [#22329](https://github.com/docker/docker/pull/22329)
- Created containers are no longer listed on docker ps -a -f exited=0 [#21947](https://github.com/docker/docker/pull/21947)
- Fix an issue where containers are stuck in a 'Removal In Progress' state [#22423](https://github.com/docker/docker/pull/22423)
- Fix bug that was returning an HTTP 500 instead of a 400 when not specifying a command on run/create [#22762](https://github.com/docker/docker/pull/22762)
- Fix bug with --detach-keys whereby input matching a prefix of the detach key was not preserved [#22943](https://github.com/docker/docker/pull/22943)
- SELinux labeling is now disabled when using --privileged mode [#22993](https://github.com/docker/docker/pull/22993)
- If volume-mounted into a container, /etc/hosts, /etc/resolv.conf, /etc/hostname are no longer SELinux-relabeled [#22993](https://github.com/docker/docker/pull/22993)
- Fix inconsistency in --tmpfs behavior regarding mount options [#22438](https://github.com/docker/docker/pull/22438)
- Fix an issue where daemon hangs at startup [#23148](https://github.com/docker/docker/pull/23148)
- Ignore SIGPIPE events to prevent journald restarts to crash docker in some cases [#22460](https://github.com/docker/docker/pull/22460)
- Containers are not removed from stats list on error [#20835](https://github.com/docker/docker/pull/20835)
- Fix on-failure restart policy when daemon restarts [#20853](https://github.com/docker/docker/pull/20853)
- Fix an issue with stats when a container is using another containers network [#21904](https://github.com/docker/docker/pull/21904)
- New swarm command to manage swarms with init, join, join-token, leave, update subcommands [#23361](https://github.com/docker/docker/pull/23361) [#24823](https://github.com/docker/docker/pull/24823)
- New service command to manage swarm-wide services with create, inspect, update, rm, ps subcommands [#23361](https://github.com/docker/docker/pull/23361) [#25140](https://github.com/docker/docker/pull/25140)
- New node command to manage nodes with accept, promote, demote, inspect, update, ps, ls and rm subcommands [#23361](https://github.com/docker/docker/pull/23361) [#25140](https://github.com/docker/docker/pull/25140)
- (experimental) New stack and deploy commands to manage and deploy multi-service applications [#23522](https://github.com/docker/docker/pull/23522) [#25140](https://github.com/docker/docker/pull/25140)
- Add support for local and global volume scopes (analogous to network scopes) [#22077](https://github.com/docker/docker/pull/22077)
- Allow volume drivers to provide a Status field [#21006](https://github.com/docker/docker/pull/21006)
- Add name/driver filter support for volume [#21361](https://github.com/docker/docker/pull/21361)
- Mount/Unmount operations now receives an opaque ID to allow volume drivers to differentiate between two callers [#21015](https://github.com/docker/docker/pull/21015)
- Fix issue preventing to remove a volume in a corner case [#22103](https://github.com/docker/docker/pull/22103)
- Windows: Enable auto-creation of host-path to match Linux [#22094](https://github.com/docker/docker/pull/22094)
- Environment variables DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE and DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE have been renamed
- Remove deprecated syslog-tag, gelf-tag, fluentd-tag log option in favor of the more generic tag one [#22620](https://github.com/docker/docker/pull/22620)
- Remove deprecated feature of passing HostConfig at API container start [#22570](https://github.com/docker/docker/pull/22570)
- Remove deprecated -f/--force flag on docker tag [#23090](https://github.com/docker/docker/pull/23090)
- Remove deprecated /containers//copy endpoint [#22149](https://github.com/docker/docker/pull/22149)
- Remove deprecated docker ps flags --since and --before [#22138](https://github.com/docker/docker/pull/22138)
- Deprecate the old 3-args form of docker import [#23273](https://github.com/docker/docker/pull/23273)

[1.11.2]
- Fix a stale endpoint issue on overlay networks during ungraceful restart ([#23015](https://github.com/docker/docker/pull/23015))
- Fix an issue where the wrong port could be reported by docker inspect/ps/port ([#22997](https://github.com/docker/docker/pull/22997))
- Fix a potential panic when running docker build ([#23032](https://github.com/docker/docker/pull/23032))
- Fix interpretation of --user parameter ([#22998](https://github.com/docker/docker/pull/22998))
- Fix a bug preventing container statistics to be correctly reported ([#22955](https://github.com/docker/docker/pull/22955))
- Fix an issue preventing container to be restarted after daemon restart ([#22947](https://github.com/docker/docker/pull/22947))
- Fix issues when running 32 bit binaries on Ubuntu 16.04 ([#22922](https://github.com/docker/docker/pull/22922))
- Fix a possible deadlock on image deletion and container attach ([#22918](https://github.com/docker/docker/pull/22918))
- Fix an issue where containers fail to start after a daemon restart if they depend on a containerized cluster store ([#22561](https://github.com/docker/docker/pull/22561))
- Fix an issue causing docker ps to hang on CentOS when using devicemapper ([#22168](https://github.com/docker/docker/pull/22168), [#23067](https://github.com/docker/docker/pull/23067))
- Fix a bug preventing to docker exec into a container when using devicemapper ([#22168](https://github.com/docker/docker/pull/22168), [#23067](https://github.com/docker/docker/pull/23067))

[1.11.1]
- Fix schema2 manifest media type to be of type application/vnd.docker.container.image.v1+json ([#21949](https://github.com/docker/docker/pull/21949))
- Add missing API documentation for changes introduced with 1.11.0 ([#22048](https://github.com/docker/docker/pull/22048))
- Append label passed to docker build as arguments as an implicit LABEL command at the end of the processed Dockerfile ([#22184](https://github.com/docker/docker/pull/22184))
- Fix a panic that would occur when forwarding DNS query ([#22261](https://github.com/docker/docker/pull/22261))
- Fix an issue where OS threads could end up within an incorrect network namespace when using user defined networks ([#22261](https://github.com/docker/docker/pull/22261))
- Fix a bug preventing labels configuration to be reloaded via the config file ([#22299](https://github.com/docker/docker/pull/22299))
- Fix a regression where container mounting /var/run would prevent other containers from being removed ([#22256](https://github.com/docker/docker/pull/22256))
- Fix an issue where it would be impossible to update both memory-swap and memory value together ([#22255](https://github.com/docker/docker/pull/22255))
- Fix a regression from 1.11.0 where the /auth endpoint would not initialize serveraddress if it is not provided ([#22254](https://github.com/docker/docker/pull/22254))
- Add missing cleanup of container temporary files when cancelling a schedule restart ([#22237](https://github.com/docker/docker/pull/22237))
- Remove scary error message when no restart policy is specified ([#21993](https://github.com/docker/docker/pull/21993))
- Fix a panic that would occur when the plugins were activated via the json spec ([#22191](https://github.com/docker/docker/pull/22191))
- Fix restart backoff logic to correctly reset delay if container ran for at least 10secs ([#22125](https://github.com/docker/docker/pull/22125))
- Remove error message when a container restart get cancelled ([#22123](https://github.com/docker/docker/pull/22123))
- Fix an issue where docker would not correctly clean up after docker exec ([#22121](https://github.com/docker/docker/pull/22121))
- Fix a panic that could occur when serving concurrent docker stats commands ([#22120](https://github.com/docker/docker/pull/22120))
- Revert deprecation of non-existent host directories auto-creation ([#22065](https://github.com/docker/docker/pull/22065))
- Hide misleading rpc error on daemon shutdown ([#22058](https://github.com/docker/docker/pull/22058))

[1.11.0]
- Fix a bug where Docker would not use the correct uid/gid when processing the WORKDIR command ([#21033](https://github.com/docker/docker/pull/21033))
- Fix a bug where copy operations with userns would not use the proper uid/gid ([#20782](https://github.com/docker/docker/pull/20782), [#21162](https://github.com/docker/docker/pull/21162))
- Usage of the : separator for security option has been deprecated. = should be used instead ([#21232](https://github.com/docker/docker/pull/21232))
- The client user agent is now passed to the registry on pull, build, push, login and search operations ([#21306](https://github.com/docker/docker/pull/21306), [#21373](https://github.com/docker/docker/pull/21373))
- Allow setting the Domainname and Hostname separately through the API ([#20200](https://github.com/docker/docker/pull/20200))
- Docker info will now warn users if it can not detect the kernel version or the operating system ([#21128](https://github.com/docker/docker/pull/21128))
- Fix an issue where docker stats --no-stream output could be all 0s ([#20803](https://github.com/docker/docker/pull/20803))
- Fix a bug where some newly started container would not appear in a running docker stats command ([#20792](https://github.com/docker/docker/pull/20792))
- Post processing is no longer enabled for linux-cgo terminals ([#20587](https://github.com/docker/docker/pull/20587))
- Values to --hostname are now refused if they do not comply with [RFC1123](https://tools.ietf.org/html/rfc1123) ([#20566](https://github.com/docker/docker/pull/20566))
- Docker learned how to use a SOCKS proxy ([#20366](https://github.com/docker/docker/pull/20366), [#18373](https://github.com/docker/docker/pull/18373))
- Docker now supports external credential stores ([#20107](https://github.com/docker/docker/pull/20107))
- docker ps now supports displaying the list of volumes mounted inside a container ([#20017](https://github.com/docker/docker/pull/20017))
- docker info now also reports Dockers root directory location ([#19986](https://github.com/docker/docker/pull/19986))
- Docker now prohibits login in with an empty username (spaces are trimmed) ([#19806](https://github.com/docker/docker/pull/19806))
- Docker events attributes are now sorted by key ([#19761](https://github.com/docker/docker/pull/19761))
- docker ps no longer shows exported port for stopped containers ([#19483](https://github.com/docker/docker/pull/19483))
- Docker now cleans after itself if a save/export command fails ([#17849](https://github.com/docker/docker/pull/17849))
- Docker load learned how to display a progress bar ([#17329](https://github.com/docker/docker/pull/17329), [#120078](https://github.com/docker/docker/pull/20078))
- Fix a panic that occurred when pulling an image with 0 layers ([#21222](https://github.com/docker/docker/pull/21222))
- Fix a panic that could occur on error while pushing to a registry with a misconfigured token service ([#21212](https://github.com/docker/docker/pull/21212))
- All first-level delegation roles are now signed when doing a trusted push ([#21046](https://github.com/docker/docker/pull/21046))
- OAuth support for registries was added ([#20970](https://github.com/docker/docker/pull/20970))
- docker login now handles token using the implementation found in [docker/distribution](https://github.com/docker/distribution) ([#20832](https://github.com/docker/docker/pull/20832))
- docker login will no longer prompt for an email ([#20565](https://github.com/docker/docker/pull/20565))
- Docker will now fallback to registry V1 if no basic auth credentials are available ([#20241](https://github.com/docker/docker/pull/20241))
- Docker will now try to resume layer download where it left off after a network error/timeout ([#19840](https://github.com/docker/docker/pull/19840))
- Fix generated manifest mediaType when pushing cross-repository ([#19509](https://github.com/docker/docker/pull/19509))
- Fix docker requesting additional push credentials when pulling an image if Content Trust is enabled ([#20382](https://github.com/docker/docker/pull/20382))
- Fix a race in the journald log driver ([#21311](https://github.com/docker/docker/pull/21311))
- Docker syslog driver now uses the RFC-5424 format when emitting logs ([#20121](https://github.com/docker/docker/pull/20121))
- Docker GELF log driver now allows to specify the compression algorithm and level via the gelf-compression-type and gelf-compression-level options ([#19831](https://github.com/docker/docker/pull/19831))
- Docker daemon learned to output uncolorized logs via the --raw-logs options ([#19794](https://github.com/docker/docker/pull/19794))
- Docker, on Windows platform, now includes an ETW (Event Tracing in Windows) logging driver named etwlogs ([#19689](https://github.com/docker/docker/pull/19689))
- Journald log driver learned how to handle tags ([#19564](https://github.com/docker/docker/pull/19564))
- The fluentd log driver learned the following options: fluentd-address, fluentd-buffer-limit, fluentd-retry-wait, fluentd-max-retries and fluentd-async-connect ([#19439](https://github.com/docker/docker/pull/19439))
- Docker learned to send log to Google Cloud via the new gcplogs logging driver. ([#18766](https://github.com/docker/docker/pull/18766))
- When saving linked images together with docker save a subsequent docker load will correctly restore their parent/child relationship ([#21385](https://github.com/docker/docker/pull/21385))
- Support for building the Docker cli for OpenBSD was added ([#21325](https://github.com/docker/docker/pull/21325))
- Labels can now be applied at network, volume and image creation ([#21270](https://github.com/docker/docker/pull/21270))
- The dockremap is now created as a system user ([#21266](https://github.com/docker/docker/pull/21266))
- Fix a few response body leaks ([#21258](https://github.com/docker/docker/pull/21258))
- Docker, when run as a service with systemd, will now properly manage its processes cgroups ([#20633](https://github.com/docker/docker/pull/20633))
- docker info now reports the value of cgroup KernelMemory or emits a warning if it is not supported ([#20863](https://github.com/docker/docker/pull/20863))
- docker info now also reports the cgroup driver in use ([#20388](https://github.com/docker/docker/pull/20388))
- Docker completion is now available on PowerShell ([#19894](https://github.com/docker/docker/pull/19894))
- dockerinit is no more ([#19490](https://github.com/docker/docker/pull/19490),[#19851](https://github.com/docker/docker/pull/19851))
- Support for building Docker on arm64 was added ([#19013](https://github.com/docker/docker/pull/19013))
- Experimental support for building docker.exe in a native Windows Docker installation ([#18348](https://github.com/docker/docker/pull/18348))
- Fix panic if a node is forcibly removed from the cluster ([#21671](https://github.com/docker/docker/pull/21671))
- Fix 'error creating vxlan interface' when starting a container in a Swarm cluster ([#21671](https://github.com/docker/docker/pull/21671))
- docker network inspect will now report all endpoints whether they have an active container or not ([#21160](https://github.com/docker/docker/pull/21160))
- Experimental support for the MacVlan and IPVlan network drivers has been added ([#21122](https://github.com/docker/docker/pull/21122))
- Output of docker network ls is now sorted by network name ([#20383](https://github.com/docker/docker/pull/20383))
- Fix a bug where Docker would allow a network to be created with the reserved default name ([#19431](https://github.com/docker/docker/pull/19431))
- docker network inspect returns whether a network is internal or not ([#19357](https://github.com/docker/docker/pull/19357))
- Control IPv6 via explicit option when creating a network (docker network create --ipv6). This shows up as a new EnableIPv6 field in docker network inspect ([#17513](https://github.com/docker/docker/pull/17513))
- Support for AAAA Records (aka IPv6 Service Discovery) in embedded DNS Server ([#21396](https://github.com/docker/docker/pull/21396))
- Fix to not forward docker domain IPv6 queries to external servers ([#21396](https://github.com/docker/docker/pull/21396))
- Multiple A/AAAA records from embedded DNS Server for DNS Round robin ([#21019](https://github.com/docker/docker/pull/21019))
- Fix endpoint count inconsistency after an ungraceful dameon restart ([#21261](https://github.com/docker/docker/pull/21261))
- Move the ownership of exposed ports and port-mapping options from Endpoint to Sandbox ([#21019](https://github.com/docker/docker/pull/21019))
- Fixed a bug which prevents docker reload when host is configured with ipv6.disable=1 ([#21019](https://github.com/docker/docker/pull/21019))
- Added inbuilt nil IPAM driver ([#21019](https://github.com/docker/docker/pull/21019))
- Fixed bug in iptables.Exists() logic [#21019](https://github.com/docker/docker/pull/21019)
- Fixed a Veth interface leak when using overlay network ([#21019](https://github.com/docker/docker/pull/21019))
- Fixed a bug which prevents docker reload after a network delete during shutdown ([#20214](https://github.com/docker/docker/pull/20214))
- Make sure iptables chains are recreated on firewalld reload ([#20419](https://github.com/docker/docker/pull/20419))
- Allow to pass global datastore during config reload ([#20419](https://github.com/docker/docker/pull/20419))
- For anonymous containers use the alias name for IP to name mapping, ie:DNS PTR record ([#21019](https://github.com/docker/docker/pull/21019))
- Fix a panic when deleting an entry from /etc/hosts file ([#21019](https://github.com/docker/docker/pull/21019))
- Source the forwarded DNS queries from the container net namespace ([#21019](https://github.com/docker/docker/pull/21019))
- Fix to retain the network internal mode config for bridge networks on daemon reload ([#21780] (https://github.com/docker/docker/pull/21780))
- Fix to retain IPAM driver option configs on daemon reload ([#21914] (https://github.com/docker/docker/pull/21914))
- Fix a file descriptor leak that would occur every time plugins were enumerated ([#20686](https://github.com/docker/docker/pull/20686))
- Fix an issue where Authz plugin would corrupt the payload body when faced with a large amount of data ([#20602](https://github.com/docker/docker/pull/20602))
- Fix a panic that could occur when cleanup after a container started with invalid parameters ([#21716](https://github.com/docker/docker/pull/21716))
- Fix a race with event timers stopping early ([#21692](https://github.com/docker/docker/pull/21692))
- Fix race conditions in the layer store, potentially corrupting the map and crashing the process ([#21677](https://github.com/docker/docker/pull/21677))
- Un-deprecate auto-creation of host directories for mounts. This feature was marked deprecated in ([#21666](https://github.com/docker/docker/pull/21666))
- It is now possible for containers to share the NET and IPC namespaces when userns is enabled ([#21383](https://github.com/docker/docker/pull/21383))
- docker inspect will now expose the rootfs layers ([#21370](https://github.com/docker/docker/pull/21370))
- Docker Windows gained a minimal top implementation ([#21354](https://github.com/docker/docker/pull/21354))
- Docker learned to report the faulty exe when a container cannot be started due to its condition ([#21345](https://github.com/docker/docker/pull/21345))
- Docker with device mapper will now refuse to run if udev sync is not available ([#21097](https://github.com/docker/docker/pull/21097))
- Fix a bug where Docker would not validate the config file upon configuration reload ([#21089](https://github.com/docker/docker/pull/21089))
- Fix a hang that would happen on attach if initial start was to fail ([#21048](https://github.com/docker/docker/pull/21048))
- Fix an issue where registry service options in the daemon configuration file were not properly taken into account ([#21045](https://github.com/docker/docker/pull/21045))
- Fix a race between the exec and resize operations ([#21022](https://github.com/docker/docker/pull/21022))
- Fix an issue where nanoseconds were not correctly taken in account when filtering Docker events ([#21013](https://github.com/docker/docker/pull/21013))
- Fix the handling of Docker command when passed a 64 bytes id ([#21002](https://github.com/docker/docker/pull/21002))
- Docker will now return a 204 (i.e http.StatusNoContent) code when it successfully deleted a network ([#20977](https://github.com/docker/docker/pull/20977))
- Fix a bug where the daemon would wait indefinitely in case the process it was about to killed had already exited on its own ([#20967](https://github.com/docker/docker/pull/20967)
- The devmapper driver learned the dm.min_free_space option. If the mapped device free space reaches the passed value, new device creation will be prohibited. ([#20786](https://github.com/docker/docker/pull/20786))
- Docker can now prevent processes in container to gain new privileges via the --security-opt=no-new-privileges flag ([#20727](https://github.com/docker/docker/pull/20727))
- Starting a container with the --device option will now correctly resolves symlinks ([#20684](https://github.com/docker/docker/pull/20684))
- Docker now relies on [containerd](https://github.com/docker/containerd) and [runc](https://github.com/opencontainers/runc) to spawn containers. ([#20662](https://github.com/docker/docker/pull/20662))
- Fix docker configuration reloading to only alter value present in the given config file ([#20604](https://github.com/docker/docker/pull/20604))
- Docker now allows setting a container hostname via the --hostname flag when --net=host ([#20177](https://github.com/docker/docker/pull/20177))
- Docker now allows executing privileged container while running with --userns-remap if both --privileged and the new --userns=host flag are specified ([#20111](https://github.com/docker/docker/pull/20111))
- Fix Docker not cleaning up correctly old containers upon restarting after a crash ([#19679](https://github.com/docker/docker/pull/19679))
- Docker will now error out if it doesnt recognize a configuration key within the config file ([#19517](https://github.com/docker/docker/pull/19517))
- Fix container loading, on daemon startup, when they depends on a plugin running within a container ([#19500](https://github.com/docker/docker/pull/19500))
- docker update learned how to change a container restart policy ([#19116](https://github.com/docker/docker/pull/19116))
- docker inspect now also returns a new State field containing the container state in a human readable way (i.e. one of created, restarting, running, paused, exited or dead)([#18966](https://github.com/docker/docker/pull/18966))
- Docker learned to limit the number of active pids (i.e. processes) within the container via the pids-limit flags. NOTE: This requires CGROUP_PIDS=y to be in the kernel configuration. ([#18697](https://github.com/docker/docker/pull/18697))
- docker load now has a --quiet option to suppress the load output ([#20078](https://github.com/docker/docker/pull/20078))
- Fix a bug in neighbor discovery for IPv6 peers ([#20842](https://github.com/docker/docker/pull/20842))
- Fix a panic during cleanup if a container was started with invalid options ([#21802](https://github.com/docker/docker/pull/21802))
- Fix a situation where a container cannot be stopped if the terminal is closed ([#21840](https://github.com/docker/docker/pull/21840))
- Object with the pcp_pmcd_t selinux type were given management access to /var/lib/docker(/.*)? ([#21370](https://github.com/docker/docker/pull/21370))
- restart_syscall, copy_file_range, mlock2 joined the list of allowed calls in the default seccomp profile ([#21117](https://github.com/docker/docker/pull/21117), [#21262](https://github.com/docker/docker/pull/21262))
- send, recv and x32 were added to the list of allowed syscalls and arch in the default seccomp profile ([#19432](https://github.com/docker/docker/pull/19432))
- Docker Content Trust now requests the server to perform snapshot signing ([#21046](https://github.com/docker/docker/pull/21046))
- Support for using YubiKeys for Content Trust signing has been moved out of experimental ([#21591](https://github.com/docker/docker/pull/21591))
- Output of docker volume ls is now sorted by volume name ([#20389](https://github.com/docker/docker/pull/20389))
- Local volumes can now accept options similar to the unix mount tool ([#20262](https://github.com/docker/docker/pull/20262))
- Fix an issue where one letter directory name could not be used as source for volumes ([#21106](https://github.com/docker/docker/pull/21106))
- docker run -v now accepts a new flag nocopy. This tells the runtime not to copy the container path content into the volume (which is the default behavior) ([#21223](https://github.com/docker/docker/pull/21223))

Updated Packages

Release/Architecture

Filename

MD5sum

Superseded By Advisory

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691