Engine Release Notes

Bug fixes and enhancements

• Fix a regression introduced in 29.5.1 where docker cp failed with "mkdirat: file exists" when a container had a bind mount whose target traversed an in-container symlink (e.g. /var/run -> /run). moby/moby#52655

Security

This release includes fixes for multiple security vulnerabilities affecting Docker Engine.

• CVE-2026-41567 Fix a vulnerability in docker cp where archive decompression binaries (e.g. xz, unpigz) were resolved via PATH inside the container filesystem while running as host root, allowing a malicious container to execute arbitrary binaries with host root privileges. GHSA-x86f-5xw2-fm2r
• CVE-2026-41568 Fix a TOCTOU vulnerability in docker cp that allowed a container process to create files or directories at arbitrary locations on the host filesystem. GHSA-vp62-88p7-qqf5
• CVE-2026-42306 Fix a TOCTOU vulnerability in docker cp that allowed a container process to redirect a bind mount to an arbitrary location on the host filesystem. GHSA-rg2x-37c3-w2rh

Networking

• Fix UDP conntrack entries not being deleted when not bound to a specific IP address. moby/moby#52640

New

• Rootless: Add new default gvisor-tap-vsock network driver. moby/moby#52319
• Enable private time namespace for containers by default on supported kernels. moby/moby#52326
• The local logging driver now has support for custom attributes, adding support for the label, label-regex, env, env-regex, and tag log options. moby/moby#52348
• Windows: The daemon now supports listening on a Unix socket (-H unix://...), with optional group-based access control via --group. moby/moby#52365

Security

• CVE-2026-32288: Fix a denial of service where pulling a maliciously crafted image could cause the daemon to allocate unbounded memory when processing sparse tar archives. GHSA-x4jj-h2v8-hqqv. moby/moby#52478

Bug fixes and enhancements

• docker ps --format now supports a .HealthStatus placeholder to print container health state (starting, healthy, unhealthy) as a dedicated field. docker/cli#6913
• Add "time-namespaces" feature flag to disable time-namespaces. moby/moby#52577
• containerd integration: Fix auth token requests ignoring per-host TLS settings (custom CAs, insecure-registries). moby/moby#52600
• Daemon reload events now signify that the daemon reload has fully completed. moby/moby#52589
• Expose diagnostic data about userland proxy in docker info. moby/moby#52321
• Fix docker image ls --filter reference=... (GET /images/json) to also match fully qualified canonical image names (e.g. docker.io/library/alpine), not only the familiar short form. moby/moby#52333
• Fix a bug where leaving an autolock-enabled swarm could leave orphaned state, causing subsequent swarm init to fail with "Swarm is encrypted and needs to be unlocked". moby/moby#52479
• Fix an issue where logging errors appeared as empty strings in the daemon log instead of the message that failed to write. moby/moby#52442
• Fix incorrect SHARED SIZE and UNIQUE SIZE reporting in docker system df -v by including shared content blobs in size calculation. moby/moby#52482
• Fix support for CDI specifications that request additional group IDs. moby/moby#52579
• Fix volume subpath file mounts over an existing file in the image failing container creation with "not a directory". moby/moby#52584
• Sort labels in volume, network, config, and secret formatters for deterministic output. docker/cli#6954
• Swarm: Prevent corruption of Raft snapshots when swarm state is large. moby/moby#52441

Packaging updates

• Update BuildKit to v0.30.0. moby/moby#52618
• Update Go runtime to 1.26.3. moby/moby#52572, docker/cli#6967

Networking

• Fix conntrack entries being incorrectly deleted for UDP containers sharing the same port on different IPs when one container is restarted. moby/moby#52423
• Fix stale VIP DNS records for swarm service network aliases not being removed during rolling updates. moby/moby#52236
• Fix the userland proxy silently dropping UDP datagrams when a previous write to an unavailable backend left a stale ECONNREFUSED error on the socket. moby/moby#52483
• Rootless: Properly support --net=host and localhost registries. moby/moby#47103

Rootless

• Update RootlessKit to v3.0.0. moby/moby#52319

Go SDK

• cli/config/configfile: GetAuthConfig, GetCredentialsStore: normalize hostname when resolving auth. docker/cli#6846

Deprecations

• cli/command/image/build: remove deprecated DefaultDockerfileName const. docker/cli#6737
• cli/command/image/build: remove deprecated DetectArchiveReader util. docker/cli#6737
• cli/command/image/build: remove deprecated IsArchive utility. docker/cli#6737
• cli/command/image/build: remove deprecated ResolveAndValidateContextPath util. docker/cli#6737
• cli/command/image/build: remove deprecated WriteTempDockerfile util. docker/cli#6737

Security

• CVE-2026-31431: Replace the socketcall(2) seccomp deny that broke 32-bit programs with targeted AppArmor (deny network alg) and SELinux (alg_socket) rules that block AF_ALG at the LSM layer, covering both socket(2) and socketcall(2) paths without disrupting legitimate 32-bit workloads. moby/moby#52537 On SELinux-based systems, the SELinux mitigation requires the daemon to be configured with selinux-enabled: true (via daemon.json or the --selinux-enabled CLI flag). This option is not enabled by default.
• Fix the default AppArmor profile not being updated on daemon restart, requiring a system reboot to pick up profile changes from daemon upgrades. moby/moby#52537

Security

This release includes hardening for CVE-2026-31431.

• Block AF_ALG sockets and the socketcall(2) multiplexer in the default seccomp profile to prevent in-container privilege escalation via the kernel crypto API ("Copy Fail"). moby/moby#52501

Bug fixes and enhancements

• containerd image store: Fix docker image prune --filter label!=key=value incorrectly skipping images that don't have the specified label. moby/moby#52338
• Fix --log-opt "tag={{.ImageID}}" not stripping the digest's algorithm. moby/moby#52343
• Fix intermittent container start failures (EBUSY on secrets/configs remount) on busy Swarm nodes by retrying the read-only remount. moby/moby#52235

Packaging updates

• Update containerd (static binaries only) to v2.2.3. moby/moby#52360
• Update Go runtime to 1.26.2. docker/cli#6920, moby/moby#52329

Networking

• if a container has an IPv4-only or an IPv6-only endpoint with higher "gateway priority" than a dual stack endpoint, the single stack endpoint will now be used as the default gateway for its address family. moby/moby#52328

Bug fixes and enhancements

• docker cp: report both content size and transferred size
• Fix docker stats --all still showing containers that were removed
• Fix a rare bug that could cause containers to become unremovable
• Fixed privileged containers losing their explicit AppArmor profile after a container restart
• Improved duplicate container-exit handling by using live containerd task state
• Improved image pull and push performance by enabling HTTP keep-alive for registry connections
• shell completions: add shell completion for docker rm --link and exclude legacy links for container names
• shell completions: don't provide completions that were already used
• Update runc (in static binaries) to v1.3.5
• Windows: Fix DOCKER_TMPDIR not being respected

Packaging updates

• Update BuildKit to v0.29.0

Networking

• Prevent a daemon crash during startup after upgrading if a container config contains a malformed IP-address

Go SDK

• cli/streams: Out, In: preserve original os.File when available
• Update minimum go version to go1.25

Deprecations

• Go SDK: cli-plugins/hooks: deprecate HookMessage and rename to cli-plugins/hooks.Response
• Go SDK: cli-plugins/hooks: deprecate HookType and rename to cli-plugins/hooks.ResponseType
• Go SDK: cli-plugins/manager: deprecate HookPluginData and move to cli-plugins/hooks.Request

Security fixes:

• CVE-2026-34040: Fix an authorization bypass in AuthZ plugins GHSA-x744-4wpc-v9h2
• CVE-2026-33997: Fix a flaw in docker plugin install where privilege validation could be partially bypassed GHSA-pxq6-2prw-chj9
• CVE-2026-33748: Fix insufficient validation of Git URL #ref:subdir fragments in BuildKit GHSA-4vrq-3vrq-g6gg
• CVE-2026-33747: Fix a vulnerability in BuildKit where an untrusted frontend could write files outside the state directory GHSA-3c29-8rgm-jvjj

Bug fixes:

• Fix a daemon crash during docker build if .dockerignore contained an invalid pattern
• Fix a panic when the containerd client uses a closed stream

Updates:

• Update containerd to v2.2.2
• Update Go runtime to 1.25.8

New features:

• Add bind-create-src option to --mount flag for bind mounts
• CLI plugin hooks now fire on command failure and plugins can use "error-hooks" to show hints only when commands fail
• Lower minimum API version from v1.44 to v1.40 (Docker 19.03)

Networking:

• Fix DNS config corruption on daemon reload

API changes:

• POST /networks/{id}/connect now correctly applies the MacAddress field in EndpointSettings
• GET /images/json now supports an identity query parameter for manifest summaries and trusted identity information

Bug fixes and enhancements:

• The --gpus option now uses CDI-based injection for AMD GPUs
• Add sd_notify notifications for daemon reload protocol
• Fix docker system prune failing with "rw layer snapshot not found"
• Fix panic when running docker top on non-running Windows container
• Fix regression preventing dockerd service registration on Windows
• Fix shared mount detection for bind propagation
• Preserve leading and trailing whitespace in registry passwords
• Update Go runtime to 1.25.7 and BuildKit to v0.28.0

Bug fixes:

• Update BuildKit to v0.27.1
• Fix docker system df failing when run concurrently with docker system prune
• Fix daemon handling of duplicate container exit events
• Fix panic after failed daemon initialization
• Fix encrypted overlay networks not passing traffic to containers on v28 and older Engines
• Fix potential panic on docker network prune

New features:

• docker info now includes NRI section
• Add experimental NRI support
• New Identity field in inspect endpoint showing trusted origin information about images

Bug fixes and enhancements:

• Improve validation of --detach-keys command-line options
• Remove restriction on anonymous read-only volumes
• The --validate flag on dockerd now verifies system requirements
• Handle --gpus requests for NVIDIA devices using CDI

Rootless:

• Consider $XDG_CONFIG_HOME/cdi and $XDG_RUNTIME_DIR/cdi for CDI devices
• Update RootlessKit to v2.3.6

API:

• Natively support gRPC on the listening socket

Deprecations:

• Remove %PROGRAMDATA%\Docker\cli-plugins from CLI plugin paths on Windows

Updates:

• Update BuildKit to v0.27.0
• Update containerd to v2.2.1

Networking:

• Fixed a regression where established network connections could be disrupted during a container's shutdown grace period

Updates:

• Update Go runtime to 1.25.6

Bug fixes:

• Fix docker run --network none panic on Windows
• Fix image mounts failing with "file name too long" for long mount paths
• Fix potential creation of orphaned overlay2 layers

Updates:

• Update BuildKit to v0.26.3

Bug fixes and enhancements:

• Add shell completion for docker stack deploy --compose-file
• containerd image store: Fix a bug causing docker build to ignore the explicitly set unpack image exporter option
• Fix docker image ls dangling image handling
• Fix a bug that could cause the Engine to leave containers with autoremove set in 'dead' state on shutdown
• Fix build on i386
• Fix explicit graphdriver configuration being treated as containerd snapshotter when prior graphdriver state exists
• Fix potential creation of orphaned overlay2 layers

Networking:

• Allow creation of a container with a specific IP address when its networks were not configured with a specific subnet
• Don't crash when starting a container created via the API before upgrade to v29.1.2

Navigation and documentation interface for Docker. No release information provided.