ELBA-2016-3611

ELBA-2016-3611 - docker-engine bug fix update

Type:BUG
Severity:NA
Release Date:2016-09-06

Description


[1.12.0-1.0.2]
- Merged upstream patch https://github.com/docker/docker/pull/25592

[1.12.0-1.0.1]
- Enable configuration of Docker daemon via sysconfig [orabug 21804877]
- Require UEK4 for docker 1.9 [orabug 22235639 22235645]
- Add selinux policy per distro (Michael Crosby)
- Add Oracle Linux specific selinux file (Thomas Tanaka) [orabug 23733327]

[1.12.0]
- New HEALTHCHECK Dockerfile instruction to support user-defined healthchecks [#23218](https://github.com/docker/docker/pull/23218)
- New SHELL Dockerfile instruction to specify the default shell when using the shell form for commands in a Dockerfile [#22489](https://github.com/docker/docker/pull/22489)
- Add #escape= Dockerfile directive to support platform-specific parsing of file paths in Dockerfile [#22268](https://github.com/docker/docker/pull/22268)
- Add support for comments in .dockerignore [#23111](https://github.com/docker/docker/pull/23111)
- Support for UTF-8 in Dockerfiles [#23372](https://github.com/docker/docker/pull/23372)
- Skip UTF-8 BOM bytes from Dockerfile and .dockerignore if exist [#23234](https://github.com/docker/docker/pull/23234)
- Windows: support for ARG to match Linux [#22508](https://github.com/docker/docker/pull/22508)
- Fix error message when building using a daemon with the bridge network disabled [#22932](https://github.com/docker/docker/pull/22932)
- Enable seccomp for Centos 7 and Oracle Linux 7 [#22344](https://github.com/docker/docker/pull/22344)
- Remove MountFlags in systemd unit to allow shared mount propagation [#22806](https://github.com/docker/docker/pull/22806)
- Add --max-concurrent-downloads and --max-concurrent-uploads daemon flags useful for situations where network connections dont support multiple downloads/uploads [#22445](https://github.com/docker/docker/pull/22445)
- Registry operations now honor the ALL_PROXY environment variable [#22316](https://github.com/docker/docker/pull/22316)
- Provide more information to the user on docker load [#23377](https://github.com/docker/docker/pull/23377)
- Always save registry digest metadata about images pushed and pulled [#23996](https://github.com/docker/docker/pull/23996)
- Syslog logging driver now supports DGRAM sockets [#21613](https://github.com/docker/docker/pull/21613)
- Add --details option to docker logs to also display log tags [#21889](https://github.com/docker/docker/pull/21889)
- Enable syslog logger to have access to env and labels [#21724](https://github.com/docker/docker/pull/21724)
- An additional syslog-format option rfc5424micro to allow microsecond resolution in syslog timestamp [#21844](https://github.com/docker/docker/pull/21844)
- Inherit the daemon log options when creating containers [#21153](https://github.com/docker/docker/pull/21153)
- Remove docker/ prefix from log messages tag and replace it with {{.DaemonName}} so that users have the option of changing the prefix [#22384](https://github.com/docker/docker/pull/22384)
- Built-in Virtual-IP based internal and ingress load-balancing using IPVS [#23361](https://github.com/docker/docker/pull/23361)
- Routing Mesh using ingress overlay network [#23361](https://github.com/docker/docker/pull/23361)
- Secured multi-host overlay networking using encrypted control-plane and Data-plane [#23361](https://github.com/docker/docker/pull/23361)
- MacVlan driver is out of experimental [#23524](https://github.com/docker/docker/pull/23524)
- Add driver filter to network ls [#22319](https://github.com/docker/docker/pull/22319)
- Adding network filter to docker ps --filter [#23300](https://github.com/docker/docker/pull/23300)
- Add --link-local-ip flag to create, run and network connect to specify a containers link-local address [#23415](https://github.com/docker/docker/pull/23415)
- Add network label filter support [#21495](https://github.com/docker/docker/pull/21495)
- Removed dependency on external KV-Store for Overlay networking in Swarm-Mode [#23361](https://github.com/docker/docker/pull/23361)
- Add containers short-id as default network alias [#21901](https://github.com/docker/docker/pull/21901)
- run options --dns and --net=host are no longer mutually exclusive [#22408](https://github.com/docker/docker/pull/22408)
- Fix DNS issue when renaming containers with generated names [#22716](https://github.com/docker/docker/pull/22716)
- Allow both network inspect -f {{.Id}} and network inspect -f {{.ID}} to address inconsistency with inspect output [#23226](https://github.com/docker/docker/pull/23226)
- New plugin command to manager plugins with install, enable, disable, rm, inspect, set subcommands [#23446](https://github.com/docker/docker/pull/23446)
- Split the binary into two: docker (client) and dockerd (daemon) [#20639](https://github.com/docker/docker/pull/20639)
- Add before and since filters to docker images --filter [#22908](https://github.com/docker/docker/pull/22908)
- Add --limit option to docker search [#23107](https://github.com/docker/docker/pull/23107)
- Add --filter option to docker search [#22369](https://github.com/docker/docker/pull/22369)
- Add security options to docker info output [#21172](https://github.com/docker/docker/pull/21172) [#23520](https://github.com/docker/docker/pull/23520)
- Add insecure registries to docker info output [#20410](https://github.com/docker/docker/pull/20410)
- Extend Docker authorization with TLS user information [#21556](https://github.com/docker/docker/pull/21556)
- devicemapper: expose Mininum Thin Pool Free Space through docker info [#21945](https://github.com/docker/docker/pull/21945)
- API now returns a JSON object when an error occurs making it more consistent [#22880](https://github.com/docker/docker/pull/22880)
- Prevent docker run -i --restart from hanging on exit [#22777](https://github.com/docker/docker/pull/22777)
- Fix API/CLI discrepancy on hostname validation [#21641](https://github.com/docker/docker/pull/21641)
- Fix discrepancy in the format of sizes in stats from HumanSize to BytesSize [#21773](https://github.com/docker/docker/pull/21773)
- authz: when request is denied return forbbiden exit code (403) [#22448](https://github.com/docker/docker/pull/22448)
- Windows: fix tty-related displaying issues [#23878](https://github.com/docker/docker/pull/23878)
- Add --live-restore daemon flag to keep containers running when daemon shuts down, and regain control on startup [#23213](https://github.com/docker/docker/pull/23213)
- Ability to add OCI-compatible runtimes (via --add-runtime daemon flag) and select one with --runtime on create and run [#22983](https://github.com/docker/docker/pull/22983)
- New overlay2 graphdriver for Linux 4.0+ with multiple lower directory support [#22126](https://github.com/docker/docker/pull/22126)
- New load/save image events [#22137](https://github.com/docker/docker/pull/22137)
- Add support for reloading daemon configuration through systemd [#22446](https://github.com/docker/docker/pull/22446)
- Add disk quota support for btrfs [#19651](https://github.com/docker/docker/pull/19651)
- Add disk quota support for zfs [#21946](https://github.com/docker/docker/pull/21946)
- Add support for docker run --pid=container: [#22481](https://github.com/docker/docker/pull/22481)
- Align default seccomp profile with selected capabilities [#22554](https://github.com/docker/docker/pull/22554)
- Add a daemon reload event when the daemon reloads its configuration [#22590](https://github.com/docker/docker/pull/22590)
- Add trace capability in the pprof profiler to show execution traces in binary form [#22715](https://github.com/docker/docker/pull/22715)
- Add a detach event [#22898](https://github.com/docker/docker/pull/22898)
- Add support for setting sysctls with --sysctl [#19265](https://github.com/docker/docker/pull/19265)
- Add --storage-opt flag to create and run allowing to set size on devicemapper [#19367](https://github.com/docker/docker/pull/19367)
- Add --oom-score-adjust daemon flag with a default value of -500 making the daemon less likely to be killed before containers [#24516](https://github.com/docker/docker/pull/24516)
- Undeprecate the -c short alias of --cpu-shares on run, build, create, update [#22621](https://github.com/docker/docker/pull/22621)
- Prevent from using aufs and overlay graphdrivers on an eCryptfs mount [#23121](https://github.com/docker/docker/pull/23121)
- Fix issues with tmpfs mount ordering [#22329](https://github.com/docker/docker/pull/22329)
- Created containers are no longer listed on docker ps -a -f exited=0 [#21947](https://github.com/docker/docker/pull/21947)
- Fix an issue where containers are stuck in a 'Removal In Progress' state [#22423](https://github.com/docker/docker/pull/22423)
- Fix bug that was returning an HTTP 500 instead of a 400 when not specifying a command on run/create [#22762](https://github.com/docker/docker/pull/22762)
- Fix bug with --detach-keys whereby input matching a prefix of the detach key was not preserved [#22943](https://github.com/docker/docker/pull/22943)
- SELinux labeling is now disabled when using --privileged mode [#22993](https://github.com/docker/docker/pull/22993)
- If volume-mounted into a container, /etc/hosts, /etc/resolv.conf, /etc/hostname are no longer SELinux-relabeled [#22993](https://github.com/docker/docker/pull/22993)
- Fix inconsistency in --tmpfs behavior regarding mount options [#22438](https://github.com/docker/docker/pull/22438)
- Fix an issue where daemon hangs at startup [#23148](https://github.com/docker/docker/pull/23148)
- Ignore SIGPIPE events to prevent journald restarts to crash docker in some cases [#22460](https://github.com/docker/docker/pull/22460)
- Containers are not removed from stats list on error [#20835](https://github.com/docker/docker/pull/20835)
- Fix on-failure restart policy when daemon restarts [#20853](https://github.com/docker/docker/pull/20853)
- Fix an issue with stats when a container is using another containers network [#21904](https://github.com/docker/docker/pull/21904)
- New swarm command to manage swarms with init, join, join-token, leave, update subcommands [#23361](https://github.com/docker/docker/pull/23361) [#24823](https://github.com/docker/docker/pull/24823)
- New service command to manage swarm-wide services with create, inspect, update, rm, ps subcommands [#23361](https://github.com/docker/docker/pull/23361) [#25140](https://github.com/docker/docker/pull/25140)
- New node command to manage nodes with accept, promote, demote, inspect, update, ps, ls and rm subcommands [#23361](https://github.com/docker/docker/pull/23361) [#25140](https://github.com/docker/docker/pull/25140)
- (experimental) New stack and deploy commands to manage and deploy multi-service applications [#23522](https://github.com/docker/docker/pull/23522) [#25140](https://github.com/docker/docker/pull/25140)
- Add support for local and global volume scopes (analogous to network scopes) [#22077](https://github.com/docker/docker/pull/22077)
- Allow volume drivers to provide a Status field [#21006](https://github.com/docker/docker/pull/21006)
- Add name/driver filter support for volume [#21361](https://github.com/docker/docker/pull/21361)
- Mount/Unmount operations now receives an opaque ID to allow volume drivers to differentiate between two callers [#21015](https://github.com/docker/docker/pull/21015)
- Fix issue preventing to remove a volume in a corner case [#22103](https://github.com/docker/docker/pull/22103)
- Windows: Enable auto-creation of host-path to match Linux [#22094](https://github.com/docker/docker/pull/22094)
- Environment variables DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE and DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE have been renamed
- Remove deprecated syslog-tag, gelf-tag, fluentd-tag log option in favor of the more generic tag one [#22620](https://github.com/docker/docker/pull/22620)
- Remove deprecated feature of passing HostConfig at API container start [#22570](https://github.com/docker/docker/pull/22570)
- Remove deprecated -f/--force flag on docker tag [#23090](https://github.com/docker/docker/pull/23090)
- Remove deprecated /containers//copy endpoint [#22149](https://github.com/docker/docker/pull/22149)
- Remove deprecated docker ps flags --since and --before [#22138](https://github.com/docker/docker/pull/22138)
- Deprecate the old 3-args form of docker import [#23273](https://github.com/docker/docker/pull/23273)

[1.11.2]
- Fix a stale endpoint issue on overlay networks during ungraceful restart ([#23015](https://github.com/docker/docker/pull/23015))
- Fix an issue where the wrong port could be reported by docker inspect/ps/port ([#22997](https://github.com/docker/docker/pull/22997))
- Fix a potential panic when running docker build ([#23032](https://github.com/docker/docker/pull/23032))
- Fix interpretation of --user parameter ([#22998](https://github.com/docker/docker/pull/22998))
- Fix a bug preventing container statistics to be correctly reported ([#22955](https://github.com/docker/docker/pull/22955))
- Fix an issue preventing container to be restarted after daemon restart ([#22947](https://github.com/docker/docker/pull/22947))
- Fix issues when running 32 bit binaries on Ubuntu 16.04 ([#22922](https://github.com/docker/docker/pull/22922))
- Fix a possible deadlock on image deletion and container attach ([#22918](https://github.com/docker/docker/pull/22918))
- Fix an issue where containers fail to start after a daemon restart if they depend on a containerized cluster store ([#22561](https://github.com/docker/docker/pull/22561))
- Fix an issue causing docker ps to hang on CentOS when using devicemapper ([#22168](https://github.com/docker/docker/pull/22168), [#23067](https://github.com/docker/docker/pull/23067))
- Fix a bug preventing to docker exec into a container when using devicemapper ([#22168](https://github.com/docker/docker/pull/22168), [#23067](https://github.com/docker/docker/pull/23067))

[1.11.1]
- Fix schema2 manifest media type to be of type application/vnd.docker.container.image.v1+json ([#21949](https://github.com/docker/docker/pull/21949))
- Add missing API documentation for changes introduced with 1.11.0 ([#22048](https://github.com/docker/docker/pull/22048))
- Append label passed to docker build as arguments as an implicit LABEL command at the end of the processed Dockerfile ([#22184](https://github.com/docker/docker/pull/22184))
- Fix a panic that would occur when forwarding DNS query ([#22261](https://github.com/docker/docker/pull/22261))
- Fix an issue where OS threads could end up within an incorrect network namespace when using user defined networks ([#22261](https://github.com/docker/docker/pull/22261))
- Fix a bug preventing labels configuration to be reloaded via the config file ([#22299](https://github.com/docker/docker/pull/22299))
- Fix a regression where container mounting /var/run would prevent other containers from being removed ([#22256](https://github.com/docker/docker/pull/22256))
- Fix an issue where it would be impossible to update both memory-swap and memory value together ([#22255](https://github.com/docker/docker/pull/22255))
- Fix a regression from 1.11.0 where the /auth endpoint would not initialize serveraddress if it is not provided ([#22254](https://github.com/docker/docker/pull/22254))
- Add missing cleanup of container temporary files when cancelling a schedule restart ([#22237](https://github.com/docker/docker/pull/22237))
- Remove scary error message when no restart policy is specified ([#21993](https://github.com/docker/docker/pull/21993))
- Fix a panic that would occur when the plugins were activated via the json spec ([#22191](https://github.com/docker/docker/pull/22191))
- Fix restart backoff logic to correctly reset delay if container ran for at least 10secs ([#22125](https://github.com/docker/docker/pull/22125))
- Remove error message when a container restart get cancelled ([#22123](https://github.com/docker/docker/pull/22123))
- Fix an issue where docker would not correctly clean up after docker exec ([#22121](https://github.com/docker/docker/pull/22121))
- Fix a panic that could occur when serving concurrent docker stats commands ([#22120](https://github.com/docker/docker/pull/22120))
- Revert deprecation of non-existent host directories auto-creation ([#22065](https://github.com/docker/docker/pull/22065))
- Hide misleading rpc error on daemon shutdown ([#22058](https://github.com/docker/docker/pull/22058))

[1.11.0]
- Fix a bug where Docker would not use the correct uid/gid when processing the WORKDIR command ([#21033](https://github.com/docker/docker/pull/21033))
- Fix a bug where copy operations with userns would not use the proper uid/gid ([#20782](https://github.com/docker/docker/pull/20782), [#21162](https://github.com/docker/docker/pull/21162))
- Usage of the : separator for security option has been deprecated. = should be used instead ([#21232](https://github.com/docker/docker/pull/21232))
- The client user agent is now passed to the registry on pull, build, push, login and search operations ([#21306](https://github.com/docker/docker/pull/21306), [#21373](https://github.com/docker/docker/pull/21373))
- Allow setting the Domainname and Hostname separately through the API ([#20200](https://github.com/docker/docker/pull/20200))
- Docker info will now warn users if it can not detect the kernel version or the operating system ([#21128](https://github.com/docker/docker/pull/21128))
- Fix an issue where docker stats --no-stream output could be all 0s ([#20803](https://github.com/docker/docker/pull/20803))
- Fix a bug where some newly started container would not appear in a running docker stats command ([#20792](https://github.com/docker/docker/pull/20792))
- Post processing is no longer enabled for linux-cgo terminals ([#20587](https://github.com/docker/docker/pull/20587))
- Values to --hostname are now refused if they do not comply with [RFC1123](https://tools.ietf.org/html/rfc1123) ([#20566](https://github.com/docker/docker/pull/20566))
- Docker learned how to use a SOCKS proxy ([#20366](https://github.com/docker/docker/pull/20366), [#18373](https://github.com/docker/docker/pull/18373))
- Docker now supports external credential stores ([#20107](https://github.com/docker/docker/pull/20107))
- docker ps now supports displaying the list of volumes mounted inside a container ([#20017](https://github.com/docker/docker/pull/20017))
- docker info now also reports Dockers root directory location ([#19986](https://github.com/docker/docker/pull/19986))
- Docker now prohibits login in with an empty username (spaces are trimmed) ([#19806](https://github.com/docker/docker/pull/19806))
- Docker events attributes are now sorted by key ([#19761](https://github.com/docker/docker/pull/19761))
- docker ps no longer shows exported port for stopped containers ([#19483](https://github.com/docker/docker/pull/19483))
- Docker now cleans after itself if a save/export command fails ([#17849](https://github.com/docker/docker/pull/17849))
- Docker load learned how to display a progress bar ([#17329](https://github.com/docker/docker/pull/17329), [#120078](https://github.com/docker/docker/pull/20078))
- Fix a panic that occurred when pulling an image with 0 layers ([#21222](https://github.com/docker/docker/pull/21222))
- Fix a panic that could occur on error while pushing to a registry with a misconfigured token service ([#21212](https://github.com/docker/docker/pull/21212))
- All first-level delegation roles are now signed when doing a trusted push ([#21046](https://github.com/docker/docker/pull/21046))
- OAuth support for registries was added ([#20970](https://github.com/docker/docker/pull/20970))
- docker login now handles token using the implementation found in [docker/distribution](https://github.com/docker/distribution) ([#20832](https://github.com/docker/docker/pull/20832))
- docker login will no longer prompt for an email ([#20565](https://github.com/docker/docker/pull/20565))
- Docker will now fallback to registry V1 if no basic auth credentials are available ([#20241](https://github.com/docker/docker/pull/20241))
- Docker will now try to resume layer download where it left off after a network error/timeout ([#19840](https://github.com/docker/docker/pull/19840))
- Fix generated manifest mediaType when pushing cross-repository ([#19509](https://github.com/docker/docker/pull/19509))
- Fix docker requesting additional push credentials when pulling an image if Content Trust is enabled ([#20382](https://github.com/docker/docker/pull/20382))
- Fix a race in the journald log driver ([#21311](https://github.com/docker/docker/pull/21311))
- Docker syslog driver now uses the RFC-5424 format when emitting logs ([#20121](https://github.com/docker/docker/pull/20121))
- Docker GELF log driver now allows to specify the compression algorithm and level via the gelf-compression-type and gelf-compression-level options ([#19831](https://github.com/docker/docker/pull/19831))
- Docker daemon learned to output uncolorized logs via the --raw-logs options ([#19794](https://github.com/docker/docker/pull/19794))
- Docker, on Windows platform, now includes an ETW (Event Tracing in Windows) logging driver named etwlogs ([#19689](https://github.com/docker/docker/pull/19689))
- Journald log driver learned how to handle tags ([#19564](https://github.com/docker/docker/pull/19564))
- The fluentd log driver learned the following options: fluentd-address, fluentd-buffer-limit, fluentd-retry-wait, fluentd-max-retries and fluentd-async-connect ([#19439](https://github.com/docker/docker/pull/19439))
- Docker learned to send log to Google Cloud via the new gcplogs logging driver. ([#18766](https://github.com/docker/docker/pull/18766))
- When saving linked images together with docker save a subsequent docker load will correctly restore their parent/child relationship ([#21385](https://github.com/docker/docker/pull/21385))
- Support for building the Docker cli for OpenBSD was added ([#21325](https://github.com/docker/docker/pull/21325))
- Labels can now be applied at network, volume and image creation ([#21270](https://github.com/docker/docker/pull/21270))
- The dockremap is now created as a system user ([#21266](https://github.com/docker/docker/pull/21266))
- Fix a few response body leaks ([#21258](https://github.com/docker/docker/pull/21258))
- Docker, when run as a service with systemd, will now properly manage its processes cgroups ([#20633](https://github.com/docker/docker/pull/20633))
- docker info now reports the value of cgroup KernelMemory or emits a warning if it is not supported ([#20863](https://github.com/docker/docker/pull/20863))
- docker info now also reports the cgroup driver in use ([#20388](https://github.com/docker/docker/pull/20388))
- Docker completion is now available on PowerShell ([#19894](https://github.com/docker/docker/pull/19894))
- dockerinit is no more ([#19490](https://github.com/docker/docker/pull/19490),[#19851](https://github.com/docker/docker/pull/19851))
- Support for building Docker on arm64 was added ([#19013](https://github.com/docker/docker/pull/19013))
- Experimental support for building docker.exe in a native Windows Docker installation ([#18348](https://github.com/docker/docker/pull/18348))
- Fix panic if a node is forcibly removed from the cluster ([#21671](https://github.com/docker/docker/pull/21671))
- Fix 'error creating vxlan interface' when starting a container in a Swarm cluster ([#21671](https://github.com/docker/docker/pull/21671))
- docker network inspect will now report all endpoints whether they have an active container or not ([#21160](https://github.com/docker/docker/pull/21160))
- Experimental support for the MacVlan and IPVlan network drivers has been added ([#21122](https://github.com/docker/docker/pull/21122))
- Output of docker network ls is now sorted by network name ([#20383](https://github.com/docker/docker/pull/20383))
- Fix a bug where Docker would allow a network to be created with the reserved default name ([#19431](https://github.com/docker/docker/pull/19431))
- docker network inspect returns whether a network is internal or not ([#19357](https://github.com/docker/docker/pull/19357))
- Control IPv6 via explicit option when creating a network (docker network create --ipv6). This shows up as a new EnableIPv6 field in docker network inspect ([#17513](https://github.com/docker/docker/pull/17513))
- Support for AAAA Records (aka IPv6 Service Discovery) in embedded DNS Server ([#21396](https://github.com/docker/docker/pull/21396))
- Fix to not forward docker domain IPv6 queries to external servers ([#21396](https://github.com/docker/docker/pull/21396))
- Multiple A/AAAA records from embedded DNS Server for DNS Round robin ([#21019](https://github.com/docker/docker/pull/21019))
- Fix endpoint count inconsistency after an ungraceful dameon restart ([#21261](https://github.com/docker/docker/pull/21261))
- Move the ownership of exposed ports and port-mapping options from Endpoint to Sandbox ([#21019](https://github.com/docker/docker/pull/21019))
- Fixed a bug which prevents docker reload when host is configured with ipv6.disable=1 ([#21019](https://github.com/docker/docker/pull/21019))
- Added inbuilt nil IPAM driver ([#21019](https://github.com/docker/docker/pull/21019))
- Fixed bug in iptables.Exists() logic [#21019](https://github.com/docker/docker/pull/21019)
- Fixed a Veth interface leak when using overlay network ([#21019](https://github.com/docker/docker/pull/21019))
- Fixed a bug which prevents docker reload after a network delete during shutdown ([#20214](https://github.com/docker/docker/pull/20214))
- Make sure iptables chains are recreated on firewalld reload ([#20419](https://github.com/docker/docker/pull/20419))
- Allow to pass global datastore during config reload ([#20419](https://github.com/docker/docker/pull/20419))
- For anonymous containers use the alias name for IP to name mapping, ie:DNS PTR record ([#21019](https://github.com/docker/docker/pull/21019))
- Fix a panic when deleting an entry from /etc/hosts file ([#21019](https://github.com/docker/docker/pull/21019))
- Source the forwarded DNS queries from the container net namespace ([#21019](https://github.com/docker/docker/pull/21019))
- Fix to retain the network internal mode config for bridge networks on daemon reload ([#21780] (https://github.com/docker/docker/pull/21780))
- Fix to retain IPAM driver option configs on daemon reload ([#21914] (https://github.com/docker/docker/pull/21914))
- Fix a file descriptor leak that would occur every time plugins were enumerated ([#20686](https://github.com/docker/docker/pull/20686))
- Fix an issue where Authz plugin would corrupt the payload body when faced with a large amount of data ([#20602](https://github.com/docker/docker/pull/20602))
- Fix a panic that could occur when cleanup after a container started with invalid parameters ([#21716](https://github.com/docker/docker/pull/21716))
- Fix a race with event timers stopping early ([#21692](https://github.com/docker/docker/pull/21692))
- Fix race conditions in the layer store, potentially corrupting the map and crashing the process ([#21677](https://github.com/docker/docker/pull/21677))
- Un-deprecate auto-creation of host directories for mounts. This feature was marked deprecated in ([#21666](https://github.com/docker/docker/pull/21666))
- It is now possible for containers to share the NET and IPC namespaces when userns is enabled ([#21383](https://github.com/docker/docker/pull/21383))
- docker inspect will now expose the rootfs layers ([#21370](https://github.com/docker/docker/pull/21370))
- Docker Windows gained a minimal top implementation ([#21354](https://github.com/docker/docker/pull/21354))
- Docker learned to report the faulty exe when a container cannot be started due to its condition ([#21345](https://github.com/docker/docker/pull/21345))
- Docker with device mapper will now refuse to run if udev sync is not available ([#21097](https://github.com/docker/docker/pull/21097))
- Fix a bug where Docker would not validate the config file upon configuration reload ([#21089](https://github.com/docker/docker/pull/21089))
- Fix a hang that would happen on attach if initial start was to fail ([#21048](https://github.com/docker/docker/pull/21048))
- Fix an issue where registry service options in the daemon configuration file were not properly taken into account ([#21045](https://github.com/docker/docker/pull/21045))
- Fix a race between the exec and resize operations ([#21022](https://github.com/docker/docker/pull/21022))
- Fix an issue where nanoseconds were not correctly taken in account when filtering Docker events ([#21013](https://github.com/docker/docker/pull/21013))
- Fix the handling of Docker command when passed a 64 bytes id ([#21002](https://github.com/docker/docker/pull/21002))
- Docker will now return a 204 (i.e http.StatusNoContent) code when it successfully deleted a network ([#20977](https://github.com/docker/docker/pull/20977))
- Fix a bug where the daemon would wait indefinitely in case the process it was about to killed had already exited on its own ([#20967](https://github.com/docker/docker/pull/20967)
- The devmapper driver learned the dm.min_free_space option. If the mapped device free space reaches the passed value, new device creation will be prohibited. ([#20786](https://github.com/docker/docker/pull/20786))
- Docker can now prevent processes in container to gain new privileges via the --security-opt=no-new-privileges flag ([#20727](https://github.com/docker/docker/pull/20727))
- Starting a container with the --device option will now correctly resolves symlinks ([#20684](https://github.com/docker/docker/pull/20684))
- Docker now relies on [containerd](https://github.com/docker/containerd) and [runc](https://github.com/opencontainers/runc) to spawn containers. ([#20662](https://github.com/docker/docker/pull/20662))
- Fix docker configuration reloading to only alter value present in the given config file ([#20604](https://github.com/docker/docker/pull/20604))
- Docker now allows setting a container hostname via the --hostname flag when --net=host ([#20177](https://github.com/docker/docker/pull/20177))
- Docker now allows executing privileged container while running with --userns-remap if both --privileged and the new --userns=host flag are specified ([#20111](https://github.com/docker/docker/pull/20111))
- Fix Docker not cleaning up correctly old containers upon restarting after a crash ([#19679](https://github.com/docker/docker/pull/19679))
- Docker will now error out if it doesnt recognize a configuration key within the config file ([#19517](https://github.com/docker/docker/pull/19517))
- Fix container loading, on daemon startup, when they depends on a plugin running within a container ([#19500](https://github.com/docker/docker/pull/19500))
- docker update learned how to change a container restart policy ([#19116](https://github.com/docker/docker/pull/19116))
- docker inspect now also returns a new State field containing the container state in a human readable way (i.e. one of created, restarting, running, paused, exited or dead)([#18966](https://github.com/docker/docker/pull/18966))
- Docker learned to limit the number of active pids (i.e. processes) within the container via the pids-limit flags. NOTE: This requires CGROUP_PIDS=y to be in the kernel configuration. ([#18697](https://github.com/docker/docker/pull/18697))
- docker load now has a --quiet option to suppress the load output ([#20078](https://github.com/docker/docker/pull/20078))
- Fix a bug in neighbor discovery for IPv6 peers ([#20842](https://github.com/docker/docker/pull/20842))
- Fix a panic during cleanup if a container was started with invalid options ([#21802](https://github.com/docker/docker/pull/21802))
- Fix a situation where a container cannot be stopped if the terminal is closed ([#21840](https://github.com/docker/docker/pull/21840))
- Object with the pcp_pmcd_t selinux type were given management access to /var/lib/docker(/.*)? ([#21370](https://github.com/docker/docker/pull/21370))
- restart_syscall, copy_file_range, mlock2 joined the list of allowed calls in the default seccomp profile ([#21117](https://github.com/docker/docker/pull/21117), [#21262](https://github.com/docker/docker/pull/21262))
- send, recv and x32 were added to the list of allowed syscalls and arch in the default seccomp profile ([#19432](https://github.com/docker/docker/pull/19432))
- Docker Content Trust now requests the server to perform snapshot signing ([#21046](https://github.com/docker/docker/pull/21046))
- Support for using YubiKeys for Content Trust signing has been moved out of experimental ([#21591](https://github.com/docker/docker/pull/21591))
- Output of docker volume ls is now sorted by volume name ([#20389](https://github.com/docker/docker/pull/20389))
- Local volumes can now accept options similar to the unix mount tool ([#20262](https://github.com/docker/docker/pull/20262))
- Fix an issue where one letter directory name could not be used as source for volumes ([#21106](https://github.com/docker/docker/pull/21106))
- docker run -v now accepts a new flag nocopy. This tells the runtime not to copy the container path content into the volume (which is the default behavior) ([#21223](https://github.com/docker/docker/pull/21223))




Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete