Docker
Build image supply-chain verification and a resolved privilege-escalation path led recent work across Engine, Desktop, Buildx, and Compose.
Build pipeline images are now cryptographically verified — Buildx v0.34.0 introduced a default source policy that verifies Docker-provided build pipeline images (the Dockerfile frontend and the SBOM scanner) against Docker's GitHub builder signatures before they are used in builds.1 The feature is opt-in via BUILDX_DEFAULT_POLICY and is expected to become the default in a future release. Buildx v0.34.1 fixed a regression in Bake when building from Compose files with empty array values.2 Buildx v0.33.0 graduated the DAP debugger to GA, added formattimestamp and unixtimestampparse builtins to Bake, and extended policy evaluation with PGP verification for HTTP sources.3
A privilege-escalation path is closed — Engine 29.4.2 blocked AF_ALG sockets through the seccomp profile to prevent in-container privilege escalation via the kernel crypto API (CVE-2026-31431).4 Engine 29.4.3 replaced the seccomp deny with targeted AppArmor and SELinux rules that block AF_ALG at the LSM layer without disrupting 32-bit workloads.5 Engine 29.3.1 also resolved an authorization bypass (CVE-2026-34040) and a plugin privilege-validation flaw (CVE-2026-33997).
Docker Desktop gains persistent AI memory and an expanded Model Runner — Desktop 4.68 gave Gordon, the AI assistant, persistent local memory so preferences and context survive across sessions.6 Desktop 4.72 enabled the OpenAI Responses API (/responses) endpoint in Model Runner and made the Logs view generally available.7 Desktop 4.71 made Model Runner disabled by default and opt-in. Desktop 4.67 added MCP Toolkit profile template cards and an onboarding tour.8
Compose reliability — v5.1.4 added a stop lifecycle hook for external providers and fixed OCI artifact pulls through the Desktop HTTP proxy.9 Earlier v5.1.x releases fixed SSH URL scheme preservation in Dockerfile paths, attach filtering, and a deadlock in ttyWriter.