$npx @buildinternet/releases get rel_jzybaS_Eb0RyeCHjUu_7n
Security
CVE-2026-31431: Replace the socketcall(2) seccomp deny that broke 32-bit programs with targeted AppArmor (deny network alg) and SELinux (alg_socket) rules that block AF_ALG at the LSM layer, covering both socket(2) and socketcall(2) paths without disrupting legitimate 32-bit workloads. moby/moby#52537
On SELinux-based systems, the SELinux mitigation requires the daemon to be configured with selinux-enabled: true (via daemon.json or the --selinux-enabled CLI flag). This option is not enabled by default.
Fix the default AppArmor profile not being updated on daemon restart, requiring a system reboot to pick up profile changes from daemon upgrades. moby/moby#52537