CVE-2025-10657 fixed; MCP server discovery added
v4.47.0
3 features3 enhancements6 fixesThis release3 featuresNew capabilities3 enhancementsImprovements to existing features6 fixesBug fixesAI-tallied from the release notes
From the original release noteView original ↗
Security
- Fixed CVE-2025-10657 where Enhanced Container Isolation Docker Socket command restrictions were not working properly in Docker Desktop 4.46.0 only.
New
- Added dynamic MCP server discovery and support to Docker's MCP catalog.
- With Enhanced Container Isolation, administrators can now block
docker pluginanddocker logincommands in containers with Docker socket mounts. - Added a new Docker Model Runner command:
docker model requests.
Upgrades
- Docker Compose v2.39.4
- Kubernetes v1.34.1, CNI plugins v1.7.1, cri-tools v1.33.0, cri-dockerd v0.3.20
- Docker Debug v0.0.44
Bug fixes and enhancements
For all platforms
- You can now search for MCP servers more easily with filters, sorting, and improved search functionality.
- Docker Debug no longer hangs when debugging containers with empty environment variables.
- Enhanced Docker Model Runner with rich response rendering in the CLI, conversational context in the Dashboard, and resumable downloads.
For Mac
- Removed the
com.apple.security.cs.allow-dyld-environment-variablesentitlement. - Fixed a regression where config profile sign-in enforcement broke for some customer environments.
- Fixed a bug that sometimes caused
docker model packageto hang when writing to the local content store. - Fixed a bug where containers with restart policy
unless-stoppedwere never restarted. Fixes docker/for-mac#7744.
For Windows
- Fixed the Goose MCP client connection on Windows for Docker MCP Toolkit.
- Addressed an issue with WSL distro integration skipping after a failed attempt.
- Fixed a bug that sometimes caused
docker model packageto hang.
Fetched July 3, 2026
