Docker

New

The Logs view is now generally available.
New installations of Docker Desktop for Windows have a choice between per-user (Beta) or all-user installs.

Updates

Docker Agent v1.50.0
Docker DHI (dhictl) v0.0.3
Docker Model Runner v1.1.37
credential helpers v0.9.6

Security

The Extensions settings page now includes a security notice that extensions run with host-level privileges and are not audited by Docker.
Fixed CVE-2026-31431 ("copy.fail") by backporting an upstream Linux kernel patch that prevents an unprivileged container user from gaining root inside the container via a controlled write into the host VM page cache.

Bug fixes and enhancements

For all platforms

Improvements to Docker Offload idle notifications.
Fixed the Open Gordon in TUI button not working due to a missing run subcommand in Docker Agent command arguments.
Fixed an issue where transient network errors or Docker Hub server errors during sign-in would unexpectedly sign users out instead of retrying automatically.
Improved data refresh for the Containers, Images, and Volumes screens by fetching up-to-date data on demand when navigating to those screens, reducing background polling load.
Fixed a kernel crash that could occur when changing filesharing technology after significant container file activity.
Enable the OpenAI Responses API (/responses) endpoint in Docker Model Runner.
Fixed a bug where users were unexpectedly signed out of Docker Desktop mid-flow when signing in via docker login using OAuth.

For Windows

Fixed a bug on Windows where selecting the Docker Desktop taskbar icon multiple times could spawn multiple backend processes. Re-selecting the icon while Docker Desktop is running now brings the dashboard to focus.
Fixed a race condition on Windows that caused a false-positive "processes still running" dialog to appear when Docker Desktop starts or exits normally.

For Linux

Support for RHEL 8 has been dropped.

29.4.3 ↗

Security

CVE-2026-31431: Replace the socketcall(2) seccomp deny that broke 32-bit programs with targeted AppArmor (deny network alg) and SELinux (alg_socket) rules that block AF_ALG at the LSM layer, covering both socket(2) and socketcall(2) paths without disrupting legitimate 32-bit workloads. moby/moby#52537 On SELinux-based systems, the SELinux mitigation requires the daemon to be configured with selinux-enabled: true (via daemon.json or the --selinux-enabled CLI flag). This option is not enabled by default.
Fix the default AppArmor profile not being updated on daemon restart, requiring a system reboot to pick up profile changes from daemon upgrades. moby/moby#52537

May 1, 2026

29.4.2 ↗

Security

This release includes hardening for CVE-2026-31431.

Block AF_ALG sockets and the socketcall(2) multiplexer in the default seccomp profile to prevent in-container privilege escalation via the kernel crypto API ("Copy Fail"). moby/moby#52501

Apr 27, 2026

4.71.0 ↗

Docker Desktop 4.71.0

Updates:

Docker Model Runner v1.1.36
containerd v2.2.3
Runc v1.3.5
Docker Compose v5.1.3
Docker Agent v1.44.0
Docker Engine v29.4.1

For all platforms:

Docker Model Runner is now disabled by default and must be explicitly enabled in Settings. When enabled, TCP host-side support is automatically active.
Fixed an issue where downloading a Docker Desktop update would fail without a clear error if the disk had insufficient free space.
Fixed an issue where Docker Scout tag recommendations failed when the base image digest or repository name was empty.
Added a Switch to local Docker context button on the sign-in screen, allowing users in a cloud context to switch back to their local context without signing in.
Added a dedicated Stopped status screen for the cloud engine so users see a clear stopped state instead of an error screen when transitioning away from Docker Offload.

For Mac:

Fixed an issue where error tracking would temporarily continue sending session data directly after a user disabled analytics. Fixes docker/for-mac#7768.

For Windows:

Fixed a critical issue where Docker Desktop Dashboard failed to open with ERR_FAILED errors caused by process hardening policies conflicting with Chromium.
Fixed a bug where Kubernetes could fail to start on WSL 2 when HTTP_PROXY environment variables are set in WSL 2 itself.
Fixed a bug in Enhanced Container Isolation (ECI) that was causing loss of container rootfs persistence across Docker Desktop restarts when using WSL.

Apr 20, 2026

4.70.0 ↗

Docker Desktop 4.70.0

New

Added a CLI hint that surfaces the Logs view when running logs, compose logs, compose attach, or compose up commands, giving you quick access to logs across all running containers. Available with the Logs (Beta) feature enabled.

Updates

Bug fixes and enhancements

For all platforms:

Fixed a bug where docker login could fail silently in CI environments due to slow Docker Hub responses causing credential store update timeouts.
Fixed an issue where disabling Beta features also disabled Docker Model Runner.
Fixed docker desktop start causing the Docker AI agent API daemon to fail due to an inherited CLI plugin environment variable.

For Mac:

Fixed a crash loop where Docker Desktop repeatedly failed to start with exit status 42 after an update due to a corrupted DockerAppLaunchPath setting.
Fixed an issue where a failed update could leave Docker Desktop in a broken state. The installer now automatically reverts to the previous version and shows a clear error message.
Fixed a bug where stopping one container could disrupt active Unix socket forwards belonging to other running containers.

For Windows:

Fixed an issue where a failed update could leave Docker Desktop in a broken state. The installer now automatically reverts to the previous version and shows a clear error message.
Fixed a bug where a failed switch to Windows containers could leave Docker Desktop in a broken state, requiring a restart.
Fixed an issue where Docker Desktop failed to launch for users with DEVHOME set in their environment.
Temporarily rolled back process hardening that caused Electron crashes on Windows. Fixes docker/desktop-feedback#245.

29.4.1 ↗

Bug fixes and enhancements

containerd image store: Fix docker image prune --filter label!=key=value incorrectly skipping images that don't have the specified label. moby/moby#52338
Fix --log-opt "tag={{.ImageID}}" not stripping the digest's algorithm. moby/moby#52343
Fix intermittent container start failures (EBUSY on secrets/configs remount) on busy Swarm nodes by retrying the read-only remount. moby/moby#52235

Packaging updates

Update containerd (static binaries only) to v2.2.3. moby/moby#52360
Update Go runtime to 1.26.2. docker/cli#6920, moby/moby#52329

Networking

if a container has an IPv4-only or an IPv6-only endpoint with higher "gateway priority" than a dual stack endpoint, the single stack endpoint will now be used as the default gateway for its address family. moby/moby#52328

Apr 15, 2026

v5.1.3 ↗

What's Changed

🐛 Fixes

fix: provider output handling and watch rebuild re-invocation by @glours in https://github.com/docker/compose/pull/13732

🔧 Internal

Add Docker Desktop Logs view hints and navigation shortcut by @glours in https://github.com/docker/compose/pull/13721
Build and push Docker Desktop module image on release by @glours in https://github.com/docker/compose/pull/13726
Fix typo in SECURITY.md by @glours in https://github.com/docker/compose/pull/13730
Make hook hint deep links clickable using OSC 8 terminal hyperlinks by @glours in https://github.com/docker/compose/pull/13734
Remove 'provenance' attribute' by @glours in https://github.com/docker/compose/pull/13738

⚙️ Dependencies

build(deps): bump github.com/containerd/containerd/v2 from 2.2.2 to 2.2.3 by @dependabot[bot] in https://github.com/docker/compose/pull/13737

Full Changelog: https://github.com/docker/compose/compare/v5.1.2...v5.1.3

Apr 13, 2026

4.69.0 ↗

Docker Desktop 4.69.0

Updates

Bug fixes and enhancements

For all platforms:

Fixed an issue where docker logout from the CLI was ignored by Docker Desktop when OAuth tokens remained in the credential store, leaving the user unexpectedly signed in.
Fixed an issue where Docker Desktop could unexpectedly sign users out when unrelated credential updates, docker login, or transient network errors triggered a sign-out.
Fixed a data loss issue where backup data could be deleted during a failed restore operation, leaving users with no data.
Fixed an issue where sign-in credentials (login-info.json) could be included in diagnostic bundles, improving privacy and security. Note that this file contains an encoded organisation(s) name, plan name, encoded username, and encoded email only. No passwords or credentials are included.
Fixed the footer update label incorrectly showing Downloading during the prepare/unpack phase of an update. It now correctly displays Preparing.
Fixed an issue where Docker Desktop would not start when the internal storage disk was full.

For Mac:

Fixed an issue where the in-app update button was not disabled when Docker.app was installed in a non-user-writable directory, preventing failed update attempts.
Fixed update failure for users who installed Docker Desktop via Homebrew on Mac.

For Windows:

Fixed an unexpected WSL terminal popup appearing for Windows users using the Hyper-V backend during Docker Desktop installation or uninstallation.
Fixed an issue on Windows where factory reset deleted CLI plugins from ~/.docker/cli-plugins, causing docker build to fall back to the legacy builder.
Fixed a bug where Kubernetes failed to start when WSL integration was enabled alongside another distro using cgroup v1 controllers.
Fixed a race condition that caused Kubernetes to fail to start when a Registry Access Management policy change occurred during startup.
Prevent Docker Desktop from fatally failing due to transient 'Access is denied' errors during file operations on Windows.

Apr 9, 2026

v5.1.2 ↗

What's Changed

🐛 Fixes

Fix TTY timer rendering when duration length changes by @MaybeSam05 in https://github.com/docker/compose/pull/13634
Fix up attach filtering by @false200 in https://github.com/docker/compose/pull/13664
Preserve ssh:// URL scheme when resolving Dockerfile path by @ssam18 in https://github.com/docker/compose/pull/13669
Initialize and pass envFiles map in processExtends by @Mohamed-Moumni in https://github.com/docker/compose/pull/13678
Fix TestRunHook_ConsoleSize on macOS by @thaJeztah in https://github.com/docker/compose/pull/13686
Restore post-connect fallback for multi-network stacks on API < 1.44 by @jotka in https://github.com/docker/compose/pull/13629
Publish: return api.ErrCanceled when user declines interactive prompts by @ishwar170695 in https://github.com/docker/compose/pull/13674
Return error on non-ErrNotExist stat failures in Tar.Sync() by @Lidang-Jiang in https://github.com/docker/compose/pull/13684

🔧 Internal

Refactor: thread context through publish sensitive data check by @ishwar170695 in https://github.com/docker/compose/pull/13653
Add AI-powered PR review workflow via docker/cagent-action by @glours in https://github.com/docker/compose/pull/13659
Update cagent-action to latest (with better permissions) by @derekmisler in https://github.com/docker/compose/pull/13665
Pin GitHub Actions to commit SHA, remove pr-review workflow by @glours in https://github.com/docker/compose/pull/13662
Exclude hook_test.go from Windows builds and propagate ExecStart error in runWaitExec by @pawannn in https://github.com/docker/compose/pull/13683
Skip PR review workflow for Dependabot PRs by @glours in https://github.com/docker/compose/pull/13679
Use negotiated API version for network setup by @glours in https://github.com/docker/compose/pull/13690
Fix mixed assertion libraries in tests by @thaJeztah in https://github.com/docker/compose/pull/13689
Test: use random host port for dind TLS build test by @ricardobranco777 in https://github.com/docker/compose/pull/13630
Remove direct dependency on docker/docker by @glours in https://github.com/docker/compose/pull/13706

⚙️ Dependencies

Bump github.com/containerd/platforms from 1.0.0-rc.2 to 1.0.0-rc.3 by @dependabot[bot] in https://github.com/docker/compose/pull/13657
Bump golangci-lint to v2.11.3 and configure CLAUDE to use it on change by @ndeloof in https://github.com/docker/compose/pull/13656
Bump google.golang.org/grpc from 1.78.0 to 1.79.3 by @dependabot[bot] in https://github.com/docker/compose/pull/13642
Bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 by @dependabot[bot] in https://github.com/docker/compose/pull/13667
Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.42.0 by @glours in https://github.com/docker/compose/pull/13663
Bump github.com/docker/cli from 29.2.1+incompatible to 29.3.1+incompatible by @dependabot[bot] in https://github.com/docker/compose/pull/13670
Bump github.com/hashicorp/go-version from 1.8.0 to 1.9.0 by @dependabot[bot] in https://github.com/docker/compose/pull/13692
Bump github.com/docker/buildx v0.33.0, buildkit v0.29.0 by @thaJeztah in https://github.com/docker/compose/pull/13693
Bump google.golang.org/grpc from 1.79.3 to 1.80.0 by @dependabot[bot] in https://github.com/docker/compose/pull/13697
Bump github.com/containerd/platforms from 1.0.0-rc.3 to 1.0.0-rc.4 by @dependabot[bot] in https://github.com/docker/compose/pull/13696
Bump github.com/moby/moby/client v0.4.0, moby/api v1.54.1 by @thaJeztah in https://github.com/docker/compose/pull/13708
Bump github.com/docker/cli v29.4.0 by @thaJeztah in https://github.com/docker/compose/pull/13707
Bump compose-go to version v2.10.2 by @glours in https://github.com/docker/compose/pull/13705
Bump to Go 1.25.9 by @thaJeztah in https://github.com/docker/compose/pull/13720

New Contributors

@MaybeSam05 made their first contribution in https://github.com/docker/compose/pull/13634
@ishwar170695 made their first contribution in https://github.com/docker/compose/pull/13653
@derekmisler made their first contribution in https://github.com/docker/compose/pull/13665
@false200 made their first contribution in https://github.com/docker/compose/pull/13664
@ssam18 made their first contribution in https://github.com/docker/compose/pull/13669
@Mohamed-Moumni made their first contribution in https://github.com/docker/compose/pull/13678
@pawannn made their first contribution in https://github.com/docker/compose/pull/13683
@jotka made their first contribution in https://github.com/docker/compose/pull/13629
@Lidang-Jiang made their first contribution in https://github.com/docker/compose/pull/13684

Full Changelog: https://github.com/docker/compose/compare/v5.1.1...v5.1.2

Apr 7, 2026

4.68.0 ↗

Docker Desktop 4.68.0

New

Gordon now has persistent local memory, allowing it to remember your preferences and context across sessions.

Updates

Bug fixes and enhancements

For all platforms:

Fixed a deadlock in Enhanced Container Isolation that caused containers to hang indefinitely during creation when ECI was enabled.
Added a warning banner to alert when an MCP server is community-provided and has not been verified by Docker.
Added a persistent Show timestamps toggle to the Logs view, allowing timestamps to be hidden in both table and visualiser views across sessions.
Fixed an issue where Docker Desktop frontend processes were not properly terminated on quit.
Fixed a deadlock when settings controlled by admins reload that could cause Docker Desktop to become unresponsive during sign in or sign out operations.
Fixed a bug where Docker Desktop could fail to start due to uncorrectable filesystem errors on the disk image not being repaired.
Fixed a bug that caused Enhanced Container Isolation (ECI) to inadvertently block startup of Kubernetes clusters.
Fixed an issue where a failed volume size fetch could make the Volumes view inaccessible; container counts on volumes now correctly exclude bind mounts.
Fixed race conditions in volume backup that could cause containers to be incorrectly restarted, export logs to be corrupted, or runtime panics when scheduling tasks.
Fixed a crash in the API cache that occurred when containers with no names caused a panic disrupting container listing.
Fixed a bug where starting a container could fail with ENOENT if a bind-mount parent directory was deleted while no container was using it.

For Mac:

Fixed a security vulnerability where tampered user-deployed config profiles could bypass organization sign-in enforcement.
Fixed a bug where a failed vmnetd handshake could dispatch a bogus command on a broken connection, causing unexpected networking errors.
Fixed a bug where the Docker Desktop Dashboard could be prematurely displayed when restoring to a fullscreen state on launch.
Fixed nested bind mounts showing empty child mount content on VirtioFS when using Docker Compose with multiple services sharing a volume. Fixes docker/desktop-feedback#264.

For Windows:

Fixed an issue where the installer extraction did not update the progress bar and could take around 5 minutes, depending on the machine. Extraction is now ~60% faster and includes proper progress updates.
Fixed a race condition where container ports would sometimes not be published correctly after container start, affecting ephemeral ports, --publish-all, and gateway IP bindings.
Fixed an issue where a failed WSL distro move could leave the distro unregistered.

29.4.0 ↗

Bug fixes and enhancements

docker cp: report both content size and transferred size
Fix docker stats --all still showing containers that were removed
Fix a rare bug that could cause containers to become unremovable
Fixed privileged containers losing their explicit AppArmor profile after a container restart
Improved duplicate container-exit handling by using live containerd task state
Improved image pull and push performance by enabling HTTP keep-alive for registry connections
shell completions: add shell completion for docker rm --link and exclude legacy links for container names
shell completions: don't provide completions that were already used
Update runc (in static binaries) to v1.3.5
Windows: Fix DOCKER_TMPDIR not being respected

Packaging updates

Update BuildKit to v0.29.0

Networking

Prevent a daemon crash during startup after upgrading if a container config contains a malformed IP-address

Go SDK

cli/streams: Out, In: preserve original os.File when available
Update minimum go version to go1.25

Deprecations

Go SDK: cli-plugins/hooks: deprecate HookMessage and rename to cli-plugins/hooks.Response
Go SDK: cli-plugins/hooks: deprecate HookType and rename to cli-plugins/hooks.ResponseType
Go SDK: cli-plugins/manager: deprecate HookPluginData and move to cli-plugins/hooks.Request

Mar 31, 2026

v0.33.0 ↗

viaDocker Buildx

Welcome to the v0.33.0 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues.

Contributors

Tõnis Tiigi
CrazyMax
Jonathan A. Sternberg
Sebastiaan van Stijn
rishabh
Akihiro Suda

Notable Changes

Imagetools create and inspect commands now support OCI layout paths as source and destination that can be used together with registry references #3721
Bake command supports new builtin functions formattimestamp and unixtimestampparse for better handling of time values #3286
DAP debugger support is now generally available without the need for the experimental features flag #3736
Policy evaluation now supports verifying HTTP sources with PGP signatures through the verify_http_pgp_signature builtin #3677
policy eval command now supports --platform flag to specify the platform for evaluated image sources #3738
policy eval can now read policy from stdin when -f - is used #3738
policy eval flag --filename has been renamed to --file for consistency with other commands. The previous flag is deprecated. #3738
Fix issue where imagetools create could in some cases upload the same (attestation) manifest multiple times, possibly causing 400 error in some registries #3731
Fix rejecting empty string values for BUILDKIT_SYNTAX build argument override #3734
Fix possible inconsistent build context contents when using remote bake builds with a subdirectory in context path #3678
Fix possible formatting issue in imagetools inspect based on whitespace in input #3732
Fix possible error when finalizing build history traces in multi-node builders #3716 #3717
Fix possible build errors when linking Bake multi-platform targets with session attributes like build secrets #3696
Fix remote Bake git contexts to preserve subdirectory paths #3682
Fix proxy build-arg override detection when argument casing differs #3697
Fix DAP breakpoints on the entrypoint line being skipped in some cases #3691
Fix DAP breakpoint detection on case-insensitive filesystems such as Windows #3704
Fix DAP source path mapping for Dockerfiles outside the context root or in subdirectories #3709
Fix DAP stepping by skipping internal build context load steps without source locations #3712
Fix over-eager DAP input evaluation while stepping through builds #3687
Fix DAP checks for whether an exec command can run successfully #3701
Fix DAP debugger exit status reporting and output delivery on session shutdown #3735

Dependency Changes

github.com/aws/aws-sdk-go-v2 v1.41.1 -> v1.41.4
github.com/aws/aws-sdk-go-v2/config v1.32.7 -> v1.32.12
github.com/aws/aws-sdk-go-v2/credentials v1.19.7 -> v1.19.12
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 -> v1.18.20
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 -> v1.4.20
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 -> v2.7.20
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 -> v1.8.6
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 -> v1.13.7
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17 -> v1.13.20
github.com/aws/aws-sdk-go-v2/service/signin v1.0.5 -> v1.0.8
github.com/aws/aws-sdk-go-v2/service/sso v1.30.9 -> v1.30.13
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13 -> v1.35.17
github.com/aws/aws-sdk-go-v2/service/sts v1.41.6 -> v1.41.9
github.com/aws/smithy-go v1.24.0 -> v1.24.2
github.com/containerd/containerd/v2 v2.2.1 -> v2.2.2
github.com/containerd/ttrpc v1.2.7 -> v1.2.8
github.com/docker/cli v29.2.1 -> v29.3.1
github.com/go-openapi/analysis v0.24.1 -> v0.24.3
github.com/go-openapi/errors v0.22.6 -> v0.22.7
github.com/go-openapi/jsonpointer v0.22.4 -> v0.22.5
github.com/go-openapi/jsonreference v0.21.4 -> v0.21.5
github.com/go-openapi/loads v0.23.2 -> v0.23.3
github.com/go-openapi/spec v0.22.3 -> v0.22.4
github.com/go-openapi/strfmt v0.25.0 -> v0.26.1
github.com/go-openapi/swag/conv v0.25.4 -> v0.25.5
github.com/go-openapi/swag/fileutils v0.25.4 -> v0.25.5
github.com/go-openapi/swag/jsonname v0.25.4 -> v0.25.5
github.com/go-openapi/swag/jsonutils v0.25.4 -> v0.25.5
github.com/go-openapi/swag/loading v0.25.4 -> v0.25.5
github.com/go-openapi/swag/mangling v0.25.4 -> v0.25.5
github.com/go-openapi/swag/stringutils v0.25.4 -> v0.25.5
github.com/go-openapi/swag/typeutils v0.25.4 -> v0.25.5
github.com/go-openapi/swag/yamlutils v0.25.4 -> v0.25.5
github.com/go-openapi/validate v0.25.1 -> v0.25.2
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 -> v2.27.7
github.com/klauspost/compress v1.18.4 -> v1.18.5
github.com/moby/buildkit v0.28.0 -> v0.29.0
github.com/moby/moby/api v1.53.0 -> v1.54.0
github.com/moby/moby/client v0.2.2 -> v0.3.0
github.com/moby/patternmatcher v0.6.0 -> v0.6.1
github.com/moby/policy-helpers 824747bfdd3c -> b7c0b994300b
github.com/oklog/ulid/v2 v2.1.1 new
go.opentelemetry.io/otel v1.38.0 -> v1.40.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.38.0 -> v1.40.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.38.0 -> v1.40.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 -> v1.40.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 -> v1.40.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 -> v1.40.0
go.opentelemetry.io/otel/metric v1.38.0 -> v1.40.0
go.opentelemetry.io/otel/sdk v1.38.0 -> v1.40.0
go.opentelemetry.io/otel/sdk/metric v1.38.0 -> v1.40.0
go.opentelemetry.io/otel/trace v1.38.0 -> v1.40.0
go.opentelemetry.io/proto/otlp v1.7.1 -> v1.9.0
golang.org/x/sys v0.41.0 -> v0.42.0
golang.org/x/term v0.40.0 -> v0.41.0
google.golang.org/genproto/googleapis/api ff82c1b0f217 -> 8636f8732409
google.golang.org/genproto/googleapis/rpc 0a764e51fe1b -> 8636f8732409
google.golang.org/grpc v1.78.0 -> v1.79.3
k8s.io/api v0.34.1 -> v0.35.2
k8s.io/apimachinery v0.34.1 -> v0.35.2
k8s.io/client-go v0.34.1 -> v0.35.2
k8s.io/kube-openapi f3f2b991d03b -> 589584f1c912
k8s.io/utils 4c0f3b243397 -> bc988d571ff4
sigs.k8s.io/json cfa47c3a1cc8 -> 2d320260d730

Previous release can be found at v0.32.1

Mar 30, 2026

4.67.0 ↗

Docker Desktop 4.67.0

New

Docker MCP Toolkit now has MCP profile template cards and an onboarding tour accessible via the Profiles tab.

Updates

Bug fixes and minor changes

For all platforms:

Docker Model Runner now supports Qwen3.5.
With the new Logs (Beta) view, you can now filter container logs by Compose stack.
Improved interaction with Settings while the Docker engine or Kubernetes is starting or stopping.
Fixed a bug where random UDP port bindings reported port 0 instead of the actual assigned port.
Fixed an issue with the Docker Desktop shortcut not reopening the Dashboard when Docker Desktop was already running.
Fixed an issue where the Add to existing profile dialog showed profiles that already contained all selected MCP servers in the dropdown.

For Mac:

Fixed intermittent exec format error when starting amd64 containers on Apple Silicon Macs due to a race condition between Rosetta binfmt registration and virtiofs device availability.

For Windows:

Fixed Hyper-V being silently re-enabled on every EXE upgrade for WSL 2 users.
Fixed an MSI installer bug where Docker Desktop processes could be left running after uninstall.
Fixed an issue on Windows where installations or updates using --installation-dir would fail due to the installer archive being extracted into the custom installation directory.
Improved Docker Desktop startup time on Windows by several seconds when using WSL 2.
Fixed a bug on the Models > Logs screen which caused docker-model processes to accumulate on Windows each time the screen was visited.

Security

Addressed CVE-2026-33990, SSRF in Docker Model Runner OCI Registry Client

Mar 26, 2026

4.66.1 ↗

Docker Desktop 4.66.1

Docker Desktop 4.66.1 patch release.

Mar 25, 2026

29.3.1 ↗

Security fixes:

CVE-2026-34040: Fix an authorization bypass in AuthZ plugins GHSA-x744-4wpc-v9h2
CVE-2026-33997: Fix a flaw in docker plugin install where privilege validation could be partially bypassed GHSA-pxq6-2prw-chj9
CVE-2026-33748: Fix insufficient validation of Git URL #ref:subdir fragments in BuildKit GHSA-4vrq-3vrq-g6gg
CVE-2026-33747: Fix a vulnerability in BuildKit where an untrusted frontend could write files outside the state directory GHSA-3c29-8rgm-jvjj

Bug fixes:

Fix a daemon crash during docker build if .dockerignore contained an invalid pattern
Fix a panic when the containerd client uses a closed stream

Updates:

Update containerd to v2.2.2
Update Go runtime to 1.25.8

Mar 20, 2026

v5.1.1 ↗

What's Changed

🐛 Fixes

Only pass ConsoleSize to ExecAttach when TTY is enabled by @mikesir87 in https://github.com/docker/compose/pull/13616
Fix deadlock in ttyWriter.Done() by @maks2134 in https://github.com/docker/compose/pull/13640

⚙️ Dependencies

update to go1.25.8 by @thaJeztah in https://github.com/docker/compose/pull/13622
bump github.com/moby/moby/api from 1.53.0 to 1.54.0 by @dependabot[bot] in https://github.com/docker/compose/pull/13619
bump golang.org/x/sys from 0.41.0 to 0.42.0 by @dependabot[bot] in https://github.com/docker/compose/pull/13626
bump github.com/containerd/containerd/v2 from 2.2.1 to 2.2.2 by @dependabot[bot] in https://github.com/docker/compose/pull/13631
bump golang.org/x/sync from 0.19.0 to 0.20.0 by @dependabot[bot] in https://github.com/docker/compose/pull/13627
bump github.com/moby/moby/client from 0.2.2 to 0.3.0 by @dependabot[bot] in https://github.com/docker/compose/pull/13621

New Contributors

@maks2134 made their first contribution in https://github.com/docker/compose/pull/13640

Full Changelog: https://github.com/docker/compose/compare/v5.1.0...v5.1.1

Mar 5, 2026

29.3.0 ↗

New features:

Add bind-create-src option to --mount flag for bind mounts
CLI plugin hooks now fire on command failure and plugins can use "error-hooks" to show hints only when commands fail
Lower minimum API version from v1.44 to v1.40 (Docker 19.03)

Networking:

Fix DNS config corruption on daemon reload

API changes:

POST /networks/{id}/connect now correctly applies the MacAddress field in EndpointSettings
GET /images/json now supports an identity query parameter for manifest summaries and trusted identity information

Bug fixes and enhancements:

The --gpus option now uses CDI-based injection for AMD GPUs
Add sd_notify notifications for daemon reload protocol
Fix docker system prune failing with "rw layer snapshot not found"
Fix panic when running docker top on non-running Windows container
Fix regression preventing dockerd service registration on Windows
Fix shared mount detection for bind propagation
Preserve leading and trailing whitespace in registry passwords
Update Go runtime to 1.25.7 and BuildKit to v0.28.0

Mar 4, 2026

v0.32.1 ↗

viaDocker Buildx

buildx 0.32.1

Welcome to the v0.32.1 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues.

Contributors

CrazyMax
Tõnis Tiigi

Notable Changes

Fix possible error when building private Git repositories with secret credentials directly from remote source #3694

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.32.0

v0.32.0 ↗

viaDocker Buildx

buildx 0.32.0

Welcome to the v0.32.0 release of buildx!

Please try out the release binaries and report any issues at https://github.com/docker/buildx/issues.

Contributors

Tõnis Tiigi
CrazyMax
Sebastiaan van Stijn
Jonathan A. Sternberg
Akhil Manoj
David Karlsson
yzewei

Notable Changes

Imagetools now supports --metadata-file flag to capture properties like descriptor/digest values for the new image. #3638
Imagetools auth libraries have now been combined with the ones used in build commands, enabling previously missing support for scoped credentials and automatic fallbacks for Docker Hardened Image registries. #3627
Many commands now support --timeout flag to configure the timeout for waiting for responses from remote builders. #3665
Rego Policy now supports validating builds from remote sources (Git, HTTP) #3661
Rego Policies now include new builtins for validating signed Sigstore bundle attestations of HTTP source artifacts. Attestations can also be automatically fetched from Github API #3657
Rego policies can now use input.image.provenance to write rules validating specific provenance attestation fields. Materials of provenance can be accessed as policy secondary inputs. Requires BuildKit v0.28+ #3652 #3662
Builds failing due to policy violations now have better error messages with the failing step clearly marked and the last policy logs shown with the error. #3656
Fix possible passing of incorrect Git auth token for Bake builds when multiple remotes with different hosts exist. #3648
Fixed policy filesystem reference lifecycle handling to avoid stale policy filesystem state during builds. #3674
Normalized default policy filename resolution from environment configuration for more consistent behavior. #3675
Named contexts used in different projects now get unique "shared keys" (previously based on context name) to avoid overwriting destinations of other projects, with reduced performance. This feature requires Dockerfile 1.22+ #3618
Fix local subdir named context copied with wrong parent directory for remote Bake builds #3678
Bake builds now capture the original URL information of named contexts sent as inputs in request metadata #3682 #3462
Additional metrics associated with DAP debugger have been added #3633
DAP file explorer now gets a more accurate state of the file system via updated BuildKit API #3450
DAP file explorer source names have been improved #3631
Improve the output of -q used with --call #3655

Dependency Changes

github.com/aws/aws-sdk-go-v2 v1.39.6 -> v1.41.1
github.com/aws/aws-sdk-go-v2/config v1.31.20 -> v1.32.7
github.com/aws/aws-sdk-go-v2/credentials v1.18.24 -> v1.19.7
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 -> v1.18.17
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13 -> v1.4.17
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13 -> v2.7.17
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 -> v1.13.4
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13 -> v1.13.17
github.com/aws/aws-sdk-go-v2/service/signin v1.0.5 new
github.com/aws/aws-sdk-go-v2/service/sso v1.30.3 -> v1.30.9
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.7 -> v1.35.13
github.com/aws/aws-sdk-go-v2/service/sts v1.40.2 -> v1.41.6
github.com/aws/smithy-go v1.23.2 -> v1.24.0
github.com/cloudflare/circl v1.6.1 -> v1.6.3
github.com/docker/cli v29.1.5 -> v29.2.1
github.com/go-openapi/errors v0.22.4 -> v0.22.6
github.com/go-openapi/jsonpointer v0.22.1 -> v0.22.4
github.com/go-openapi/jsonreference v0.21.3 -> v0.21.4
github.com/go-openapi/spec v0.22.1 -> v0.22.3
github.com/go-openapi/swag v0.25.3 -> v0.25.4
github.com/go-openapi/swag/cmdutils v0.25.3 -> v0.25.4
github.com/go-openapi/swag/conv v0.25.3 -> v0.25.4
github.com/go-openapi/swag/fileutils v0.25.3 -> v0.25.4
github.com/go-openapi/swag/jsonname v0.25.3 -> v0.25.4
github.com/go-openapi/swag/jsonutils v0.25.3 -> v0.25.4
github.com/go-openapi/swag/loading v0.25.3 -> v0.25.4
github.com/go-openapi/swag/mangling v0.25.3 -> v0.25.4
github.com/go-openapi/swag/netutils v0.25.3 -> v0.25.4
github.com/go-openapi/swag/stringutils v0.25.3 -> v0.25.4
github.com/go-openapi/swag/typeutils v0.25.3 -> v0.25.4
github.com/go-openapi/swag/yamlutils v0.25.3 -> v0.25.4
github.com/go-viper/mapstructure/v2 v2.4.0 -> v2.5.0
github.com/golang/snappy v1.0.0 new
github.com/google/go-containerregistry v0.20.6 -> v0.20.7
github.com/in-toto/in-toto-golang v0.9.0 -> v0.10.0
github.com/klauspost/compress v1.18.2 -> v1.18.4
github.com/moby/buildkit v0.27.0 -> v0.28.0
github.com/moby/moby/api v1.52.0 -> v1.53.0
github.com/moby/moby/client v0.2.1 -> v0.2.2
github.com/moby/policy-helpers 9fcc1a9ec5c9 -> 824747bfdd3c
github.com/package-url/packageurl-go v0.1.1 new
github.com/pelletier/go-toml/v2 v2.2.4 new
github.com/secure-systems-lab/go-securesystemslib v0.9.1 -> v0.10.0
github.com/sigstore/rekor v1.4.3 -> v1.5.0
github.com/sigstore/sigstore v1.10.0 -> v1.10.4
github.com/sigstore/sigstore-go b5fe07a5a7d7 -> v1.1.4
github.com/sigstore/timestamp-authority/v2 v2.0.2 -> v2.0.3
github.com/theupdateframework/go-tuf/v2 v2.3.0 -> v2.4.1
google.golang.org/genproto/googleapis/api f26f9409b101 -> ff82c1b0f217
google.golang.org/genproto/googleapis/rpc f26f9409b101 -> 0a764e51fe1b
google.golang.org/grpc v1.76.0 -> v1.78.0

Previous release can be found at v0.31.1

Feb 24, 2026

v5.1.0 ↗