{"id":"src_l_VnEKB66CQF5ISycqkRd","slug":"docker-engine-release-notes","name":"Engine Release Notes","type":"scrape","url":"https://docs.docker.com/engine/release-notes/29/","orgId":"org_WksM2ycywd9De6Cqqs9es","org":{"slug":"docker","name":"Docker"},"isPrimary":false,"metadata":"{\"noFeedFound\":true}","releaseCount":9,"releasesLast30Days":3,"avgReleasesPerWeek":0.5,"latestVersion":"29.4.0","latestDate":"2026-04-07T00:00:00.000Z","changelogUrl":null,"hasChangelogFile":false,"lastFetchedAt":"2026-04-16T15:18:12.835Z","trackingSince":"2025-12-12T00:00:00.000Z","releases":[{"id":"rel_vQEH5ut1heGTcsUl5e8GI","version":"29.4.0","title":"29.4.0","summary":"### Bug fixes and enhancements\n\n* docker cp: report both content size and transferred size\n* Fix `docker stats --all` still showing containers that we...","content":"### Bug fixes and enhancements\n\n* docker cp: report both content size and transferred size\n* Fix `docker stats --all` still showing containers that were removed\n* Fix a rare bug that could cause containers to become unremovable\n* Fixed privileged containers losing their explicit AppArmor profile after a container restart\n* Improved duplicate container-exit handling by using live containerd task state\n* Improved image pull and push performance by enabling HTTP keep-alive for registry connections\n* shell completions: add shell completion for `docker rm --link` and exclude legacy links for container names\n* shell completions: don't provide completions that were already used\n* Update runc (in static binaries) to v1.3.5\n* Windows: Fix `DOCKER_TMPDIR` not being respected\n\n### Packaging updates\n\n* Update BuildKit to v0.29.0\n\n### Networking\n\n* Prevent a daemon crash during startup after upgrading if a container config contains a malformed IP-address\n\n### Go SDK\n\n* cli/streams: Out, In: preserve original os.File when available\n* Update minimum go version to go1.25\n\n### Deprecations\n\n* Go SDK: cli-plugins/hooks: deprecate `HookMessage` and rename to `cli-plugins/hooks.Response`\n* Go SDK: cli-plugins/hooks: deprecate `HookType` and rename to `cli-plugins/hooks.ResponseType`\n* Go SDK: cli-plugins/manager: deprecate `HookPluginData` and move to `cli-plugins/hooks.Request`","publishedAt":"2026-04-07T00:00:00.000Z","url":"https://docs.docker.com/engine/release-notes/29/#29-4-0","media":[]},{"id":"rel_lsuNAkd4eEYN3R2_tKaDw","version":"29.3.1","title":"29.3.1","summary":"**Security fixes:**\n- CVE-2026-34040: Fix an authorization bypass in AuthZ plugins [GHSA-x744-4wpc-v9h2](https://github.com/moby/moby/security/advisor...","content":"**Security fixes:**\n- CVE-2026-34040: Fix an authorization bypass in AuthZ plugins [GHSA-x744-4wpc-v9h2](https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2)\n- CVE-2026-33997: Fix a flaw in `docker plugin install` where privilege validation could be partially bypassed [GHSA-pxq6-2prw-chj9](https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9)\n- CVE-2026-33748: Fix insufficient validation of Git URL `#ref:subdir` fragments in BuildKit [GHSA-4vrq-3vrq-g6gg](https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg)\n- CVE-2026-33747: Fix a vulnerability in BuildKit where an untrusted frontend could write files outside the state directory [GHSA-3c29-8rgm-jvjj](https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj)\n\n**Bug fixes:**\n- Fix a daemon crash during docker build if `.dockerignore` contained an invalid pattern\n- Fix a panic when the containerd client uses a closed stream\n\n**Updates:**\n- Update containerd to v2.2.2\n- Update Go runtime to 1.25.8","publishedAt":"2026-03-25T00:00:00.000Z","url":"https://docs.docker.com/engine/release-notes/29/#29-3-1","media":[]},{"id":"rel_qiwiyMwrK-2zbDQALKQC1","version":"29.3.0","title":"29.3.0","summary":"**New features:**\n- Add `bind-create-src` option to `--mount` flag for bind mounts\n- CLI plugin hooks now fire on command failure and plugins can use ...","content":"**New features:**\n- Add `bind-create-src` option to `--mount` flag for bind mounts\n- CLI plugin hooks now fire on command failure and plugins can use \"error-hooks\" to show hints only when commands fail\n- Lower minimum API version from v1.44 to v1.40 (Docker 19.03)\n\n**Networking:**\n- Fix DNS config corruption on daemon reload\n\n**API changes:**\n- `POST /networks/{id}/connect` now correctly applies the `MacAddress` field in `EndpointSettings`\n- `GET /images/json` now supports an `identity` query parameter for manifest summaries and trusted identity information\n\n**Bug fixes and enhancements:**\n- The `--gpus` option now uses CDI-based injection for AMD GPUs\n- Add `sd_notify` notifications for daemon reload protocol\n- Fix `docker system prune` failing with \"rw layer snapshot not found\"\n- Fix panic when running `docker top` on non-running Windows container\n- Fix regression preventing dockerd service registration on Windows\n- Fix shared mount detection for bind propagation\n- Preserve leading and trailing whitespace in registry passwords\n- Update Go runtime to 1.25.7 and BuildKit to v0.28.0","publishedAt":"2026-03-05T00:00:00.000Z","url":"https://docs.docker.com/engine/release-notes/29/#29-3-0","media":[]},{"id":"rel_-DpZOxLUCHrvYsObB5QjX","version":"29.2.1","title":"29.2.1","summary":"**Bug fixes:**\n- Update BuildKit to v0.27.1\n- Fix `docker system df` failing when run concurrently with `docker system prune`\n- Fix daemon handling of...","content":"**Bug fixes:**\n- Update BuildKit to v0.27.1\n- Fix `docker system df` failing when run concurrently with `docker system prune`\n- Fix daemon handling of duplicate container exit events\n- Fix panic after failed daemon initialization\n- Fix encrypted overlay networks not passing traffic to containers on v28 and older Engines\n- Fix potential panic on `docker network prune`","publishedAt":"2026-02-02T00:00:00.000Z","url":"https://docs.docker.com/engine/release-notes/29/#29-2-1","media":[]},{"id":"rel_4z8ifQw9qpSLa8ihijRSV","version":"29.2.0","title":"29.2.0","summary":"**New features:**\n- `docker info` now includes `NRI` section\n- Add experimental NRI support\n- New `Identity` field in inspect endpoint showing trusted...","content":"**New features:**\n- `docker info` now includes `NRI` section\n- Add experimental NRI support\n- New `Identity` field in inspect endpoint showing trusted origin information about images\n\n**Bug fixes and enhancements:**\n- Improve validation of `--detach-keys` command-line options\n- Remove restriction on anonymous read-only volumes\n- The `--validate` flag on dockerd now verifies system requirements\n- Handle `--gpus` requests for NVIDIA devices using CDI\n\n**Rootless:**\n- Consider `$XDG_CONFIG_HOME/cdi` and `$XDG_RUNTIME_DIR/cdi` for CDI devices\n- Update RootlessKit to v2.3.6\n\n**API:**\n- Natively support gRPC on the listening socket\n\n**Deprecations:**\n- Remove `%PROGRAMDATA%\\Docker\\cli-plugins` from CLI plugin paths on Windows\n\n**Updates:**\n- Update BuildKit to v0.27.0\n- Update containerd to v2.2.1","publishedAt":"2026-01-26T00:00:00.000Z","url":"https://docs.docker.com/engine/release-notes/29/#29-2-0","media":[]},{"id":"rel_xsDgX5lTG6Kq7Gh9e2_Lx","version":"29.1.5","title":"29.1.5","summary":"**Networking:**\n- Fixed a regression where established network connections could be disrupted during a container's shutdown grace period\n\n**Updates:**...","content":"**Networking:**\n- Fixed a regression where established network connections could be disrupted during a container's shutdown grace period\n\n**Updates:**\n- Update Go runtime to 1.25.6","publishedAt":"2026-01-16T00:00:00.000Z","url":"https://docs.docker.com/engine/release-notes/29/#29-1-5","media":[]},{"id":"rel_0Z9JuVTBaEhYk8K39T1hW","version":"29.1.4","title":"29.1.4","summary":"**Bug fixes:**\n- Fix `docker run --network none` panic on Windows\n- Fix image mounts failing with \"file name too long\" for long mount paths\n- Fix pote...","content":"**Bug fixes:**\n- Fix `docker run --network none` panic on Windows\n- Fix image mounts failing with \"file name too long\" for long mount paths\n- Fix potential creation of orphaned overlay2 layers\n\n**Updates:**\n- Update BuildKit to v0.26.3","publishedAt":"2026-01-08T00:00:00.000Z","url":"https://docs.docker.com/engine/release-notes/29/#29-1-4","media":[]},{"id":"rel_DV4ZjQ2PkwxvOtylUxJpG","version":"29.1.3","title":"29.1.3","summary":"**Bug fixes and enhancements:**\n- Add shell completion for `docker stack deploy --compose-file`\n- containerd image store: Fix a bug causing `docker bu...","content":"**Bug fixes and enhancements:**\n- Add shell completion for `docker stack deploy --compose-file`\n- containerd image store: Fix a bug causing `docker build` to ignore the explicitly set `unpack` image exporter option\n- Fix `docker image ls` dangling image handling\n- Fix a bug that could cause the Engine to leave containers with autoremove set in 'dead' state on shutdown\n- Fix build on i386\n- Fix explicit graphdriver configuration being treated as containerd snapshotter when prior graphdriver state exists\n- Fix potential creation of orphaned overlay2 layers\n\n**Networking:**\n- Allow creation of a container with a specific IP address when its networks were not configured with a specific subnet\n- Don't crash when starting a container created via the API before upgrade to v29.1.2","publishedAt":"2025-12-12T00:00:00.000Z","url":"https://docs.docker.com/engine/release-notes/29/#29-1-3","media":[]},{"id":"rel_JmPjg2MBpMJ0Bs3v6qiCy","version":null,"title":"Ask me about Docker","summary":"Navigation and documentation interface for Docker. No release information provided.","content":"Navigation and documentation interface for Docker. No release information provided.","publishedAt":null,"url":"https://docs.docker.com/engine/release-notes/29/","media":[]}],"pagination":{"page":1,"pageSize":20,"totalPages":1,"totalItems":9},"summaries":{"rolling":{"windowDays":90,"summary":"The engine sharpened its focus on reliability and security while laying groundwork for hardware-aware container orchestration. A trio of critical security fixes in 29.3.1 addressed authorization bypass vulnerabilities in AuthZ plugins and BuildKit, followed by refinements to resource management and networking stability across subsequent releases. The team expanded GPU support to AMD devices via CDI-based injection, lowered the minimum API version to v1.40 to broaden compatibility, and shipped the experimental NRI framework for container runtime integration—signaling a longer-term push toward more granular control over container lifecycle events.","releaseCount":5,"generatedAt":"2026-04-16T15:18:15.559Z"},"monthly":[{"year":2026,"month":3,"summary":"Focused on security hardening and API stability. The month shipped two releases anchored by four security fixes across AuthZ plugins, the plugin installer, and BuildKit's Git URL and frontend isolation handling—plus a daemon crash fix for malformed `.dockerignore` patterns in 29.3.1. The earlier 29.3.0 expanded the mount API with `bind-create-src`, added command-failure hooks for CLI plugins, and lowered the minimum API version to v1.40, while fixing DNS corruption on daemon reload and GPU injection for AMD hardware.","releaseCount":2,"generatedAt":"2026-04-16T15:18:19.243Z"},{"year":2026,"month":2,"summary":"Stabilization dominated February, with BuildKit upgraded to v0.27.1 and a series of concurrency and networking fixes shipped. The release addressed race conditions in `docker system df` and `docker system prune`, resolved encrypted overlay network traffic failures affecting older Engine versions, and patched daemon initialization panics.","releaseCount":1,"generatedAt":"2026-03-31T14:12:02.207Z"}]}}