releases.shpreview
Docker/Engine Release Notes/v29.3.1

v29.3.1

March 25, 2026Engine Release NotesView original ↗

Security fixes:

  • CVE-2026-34040: Fix an authorization bypass in AuthZ plugins GHSA-x744-4wpc-v9h2
  • CVE-2026-33997: Fix a flaw in docker plugin install where privilege validation could be partially bypassed GHSA-pxq6-2prw-chj9
  • CVE-2026-33748: Fix insufficient validation of Git URL #ref:subdir fragments in BuildKit GHSA-4vrq-3vrq-g6gg
  • CVE-2026-33747: Fix a vulnerability in BuildKit where an untrusted frontend could write files outside the state directory GHSA-3c29-8rgm-jvjj

Bug fixes:

  • Fix a daemon crash during docker build if .dockerignore contained an invalid pattern
  • Fix a panic when the containerd client uses a closed stream

Updates:

  • Update containerd to v2.2.2
  • Update Go runtime to 1.25.8

Fetched March 31, 2026

v29.3.1 — Engine Release Notes — releases.sh