Docker Engine release notes

Estimated reading time: 98 minutes

This document describes the latest changes, additions, known issues, and fixes for Docker Engine Enterprise Edition (Docker EE) and Community Edition (CE)

Docker EE is a superset of all the features in Docker CE. It incorporates defect fixes that you can use in environments where new features cannot be adopted as quickly for consistency and compatibility reasons.

18.09

2018-11-08

New features for Docker Engine EE

New features for Docker Engine EE and CE

Improvements for Docker Engine EE and CE

Fixes for Docker Engine EE and CE

Known Issues

There are important changes to the upgrade process that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater.

Deprecation Notice

As of EE 2.2, Docker will deprecate support for Device Mapper as a storage driver. It will continue to be supported at this time, but support will be removed in a future release. Docker will continue to support Device Mapper for existing EE 2.0 and 2.1 customers. Please contact Sales for more information.

Docker recommends that existing customers [migrate to using Overlay2 for the storage driver] (https://success.docker.com/article/how-do-i-migrate-an-existing-ucp-cluster-to-the-overlay2-graph-driver). The Overlay2 storage driver is now the default for Docker engine implementations.

For more information on the list of deprecated flags and APIs, have a look at the deprecation information where you can find the target removal dates.

End of Life Notification

In this release, Docker has also removed support for TLS < 1.2 moby/moby#37660, Ubuntu 14.04 “Trusty Tahr” docker-ce-packaging#255 / docker-ce-packaging#254, and Debian 8 “Jessie” docker-ce-packaging#255 / docker-ce-packaging#254.

Older Docker Engine EE Release notes

18.03.1-ee-2

2018-07-10

Important notes about this release

If you’re deploying UCP or DTR, use Docker EE Engine 17.06.

Runtime

18.03.1-ee-1

2018-06-27

Important notes about this release

If you’re deploying UCP or DTR, use Docker EE Engine 17.06.

Client

  • Update to docker-ce 18.03.1 client.
  • Add docker trust command for image signing and enabling the secure supply chain from development to deployment.
  • Add docker compose on Kubernetes.

Runtime

  • Update to docker-ce 18.03.1 engine.
  • Add support for FIPS 140-2 on x86_64.
  • Add support for Microsoft Windows Server 1709 and 1803 with support for swarm ingress routing mesh, VIP service discovery, and named pipe mounting.
  • Add support for Ubuntu 18.04.
  • Windows opt-out telemetry stream.
  • Support for --chown with COPY and ADD in Dockerfile.
  • Add support for multiple logging drivers for docker logs.

17.06.2-ee-16

2018-07-26

Client

Networking

Packaging

  • Update packaging description and license to Docker EUSA.

Runtime

Swarm mode

17.06.2-ee-15

2018-07-10

Runtime

17.06.2-ee-14

2018-06-21

Client

Runtime

Swarm mode

  • Fix docker stack deploy --prune with empty name removes all swarm services. moby/moby#36776

17.06.2-ee-13

2018-06-04

Networking

17.06.2-ee-12

2018-05-29

Networking

17.06.2-ee-11

2018-05-17

Client

  • Fix presentation of published “random” host ports. docker/cli#404

Networking

Runtime

Known issues

  • When all Swarm managers are stopped at the same time, the swarm might end up in a split-brain scenario. Learn more.

17.06.2-ee-10

2018-04-27

Runtime

  • Fix version output to not have -dev.

17.06.2-ee-9

2018-04-26

Runtime

  • Make Swarm manager Raft quorum parameters configurable in daemon config. moby/moby#36726
  • Windows: Ignore missing tombstone files when closing an image.
  • Windows: Fix directory deletes when a container sharing a base image is running.

Swarm mode

17.06.2-ee-8

2018-04-17

Runtime

Networking

Packaging

  • Ensure the graphdriver dir is a shared mount within docker systemd service.

Known issues

  • Under certain conditions, swarm leader re-election may timeout prematurely. During this period, docker commands may fail. Also during this time, creation of globally-scoped networks may be unstable. As a workaround, wait for leader election to complete before issuing commands to the cluster.

17.06.2-ee-7

2018-03-19

Important notes about this release

  • The overlay2 detection has been improved in this release. On Linux distributions where devicemapper was the default storage driver, overlay2 is now used by default, if the kernel supports it.

Logging

Networking

Packaging

Runtime

Swarm mode

17.06.2-ee-6

2017-11-27

Runtime

Swarm mode

17.06.2-ee-5

2017-11-02

Important notes about this release

  • Starting with Docker EE 17.06.2-ee-5, Ubuntu, SLES, RHEL packages are also available for IBM Power using the ppc64le architecture.

  • Docker EE 17.06.2-ee-5 now enables the telemetry plugin by default on all supported Linux distributions. For more details, including how to opt out, see the documentation.

Client

Logging

Networking

Packaging

  • Add telemetry plugin for all linux distributions
  • Fix install of docker-ee on RHEL7 s390x by removing dependency on container-selinux

Runtime

Swarm mode

  • Increase gRPC request timeout to 20 seconds for sending snapshots to prevent context deadline exceeded errors docker/swarmkit#2391
  • When a node is removed, delete all of its attachment tasks so networks used by those tasks can be removed docker/swarmkit#2414

Known issues

  • It’s recommended that users create overlay networks with /24 blocks (the default) of 256 IP addresses when networks are used by services created using VIP-based endpoint-mode (the default). This is because of limitations with Docker Swarm moby/moby#30820. Users should not work around this by increasing the IP block size. To work around this limitation, either use dnsrr endpoint-mode or use multiple smaller overlay networks.
  • Docker may experience IP exhaustion if many tasks are assigned to a single overlay network, for example if many services are attached to that network or because services on the network are scaled to many replicas. The problem may also manifest when tasks are rescheduled because of node failures. In case of node failure, Docker currently waits 24h to release overlay IP addresses. The problem can be diagnosed by looking for failed to allocate network IP for task messages in the Docker logs.
  • SELinux enablement is not supported for containers on IBM Z on RHEL because of missing Red Hat package.

17.06.2-ee-4

2017-10-12

Client

  • Fix idempotence of docker stack deploy when secrets or configs are used docker/cli#509

Logging

Networking

17.06.2-ee-3

2017-09-22

Swarm mode

17.06.1-ee-2

2017-08-24

Client

  • Enable TCP Keep-Alive in Docker client #415

Networking

  • Lock goroutine to OS thread while changing NS #1911

Runtime

  • devmapper: ensure that UdevWait is called after calls to setCookie #33732
  • aufs: ensure diff layers are correctly removed to prevent leftover files from using up storage #34587

Swarm mode

  • Ignore PullOptions for running tasks #2351

17.06.1-ee-1

2017-08-16

Important notes about this release

  • Starting with Docker EE 17.06.1, Ubuntu, SLES, RHEL packages are also available for IBM Z using the s390x architecture.

  • Docker EE 17.06.1 includes a new telemetry plugin which is enabled by default on Ubuntu hosts. For more details, including how to opt out, see [the documentation(/enterprise/telemetry/).

  • Docker 17.06 by default disables communication with legacy (v1) registries. If you require interaction with registries that have not yet migrated to the v2 protocol, set the --disable-legacy-registry=false daemon option.

Builder

  • Add --iidfile option to docker build. It allows specifying a location where to save the resulting image ID
  • Allow specifying any remote ref in git checkout URLs #32502
  • Add multi-stage build support #31257 #32063
  • Allow using build-time args (ARG) in FROM #31352
  • Add an option for specifying build target #32496
  • Accept -f - to read Dockerfile from stdin, but use local context for building #31236
  • The values of default build time arguments (e.g HTTP_PROXY) are no longer displayed in docker image history unless a corresponding ARG instruction is written in the Dockerfile. #31584
  • Fix setting command if a custom shell is used in a parent image #32236
  • Fix docker build --label when the label includes single quotes and a space #31750
  • Disable container logging for build containers #29552
  • Fix use of **/ in .dockerignore #29043
  • Fix a regression, where ADD from remote URL’s extracted archives #89
  • Fix handling of remote “git@” notation #100
  • Fix copy --from conflict with force pull #86

Client

  • Add --format option to docker stack ls #31557
  • Add support for labels in compose initiated builds #32632 #32972
  • Add --format option to docker history #30962
  • Add --format option to docker system df #31482
  • Allow specifying Nameservers and Search Domains in stack files #32059
  • Add support for read_only service to docker stack deploy #docker/cli/73
  • Display Swarm cluster and node TLS information #docker/cli/44
  • Add support for placement preference to docker stack deploy #docker/cli/35
  • Add new ca subcommand to docker swarm to allow managing a swarm CA #docker/cli/48
  • Add credential-spec to compose #docker/cli/71
  • Add support for csv format options to --network and --network-add #docker/cli/62 #33130
  • Fix stack compose bind-mount volumes on Windows #docker/cli/136
  • Correctly handle a Docker daemon without registry info #docker/cli/126
  • Allow --detach and --quiet flags when using --rollback #docker/cli/144
  • Remove deprecated --email flag from docker login #docker/cli/143
  • Adjusted docker stats memory output #docker/cli/80
  • Add --mount flag to docker run and docker create #32251
  • Add --type=secret to docker inspect #32124
  • Add --format option to docker secret ls #31552
  • Add --filter option to docker secret ls #30810
  • Add --filter scope=<swarm|local> to docker network ls #31529
  • Add --cpus support to docker update #31148
  • Add label filter to docker system prune and other prune commands #30740
  • docker stack rm now accepts multiple stacks as input #32110
  • Improve docker version --format option when the client has downgraded the API version #31022
  • Prompt when using an encrypted client certificate to connect to a docker daemon #31364
  • Display created tags on successful docker build #32077
  • Cleanup compose convert error messages #32087
  • Sort docker stack ls by name #31085
  • Flags for specifying bind mount consistency #31047
  • Output of docker CLI --help is now wrapped to the terminal width #28751
  • Suppress image digest in docker ps #30848
  • Hide command options that are related to Windows #30788
  • Fix docker plugin install prompt to accept “enter” for the “N” default #30769
  • Add truncate function for Go templates #30484
  • Support expanded syntax of ports in stack deploy #30476
  • Support expanded syntax of mounts in stack deploy #30597 #31795
  • Add --add-host for docker build #30383
  • Add .CreatedAt placeholder for docker network ls --format #29900
  • Update order of --secret-rm and --secret-add #29802
  • Add --filter enabled=true for docker plugin ls #28627
  • Add --format to docker service ls #28199
  • Add publish and expose filter for docker ps --filter #27557
  • Support multiple service IDs on docker service ps #25234
  • Allow swarm join with --availability=drain #24993
  • Docker inspect now shows “docker-default” when AppArmor is enabled and no other profile was defined #27083
  • Make pruning volumes optional when running docker system prune, and add a --volumes flag #109
  • Show progress of replicated tasks before they are assigned #97
  • Fix docker wait hanging if the container does not exist #106
  • If docker swarm ca is called without the --rotate flag, warn if other flags are passed #110
  • Fix API version negotiation not working if the daemon returns an error #115
  • Print an error if “until” filter is combined with “--volumes” on system prune #154

Contrib

  • Add support for building docker debs for Ubuntu 17.04 Zesty on amd64 #32435

Daemon

  • Fix --api-cors-header being ignored if --api-enable-cors is not set #32174
  • Cleanup docker tmp dir on start #31741
  • Deprecate --graph flag in favor or --data-root #28696

Distribution

  • Select digest over tag when both are provided during a pull #33214

Logging

  • Add monitored resource type metadata for GCP logging driver #32930
  • Add multiline processing to the AWS CloudWatch logs driver #30891
  • Add support for logging driver plugins #28403
  • Add support for showing logs of individual tasks to docker service logs, and add /task/{id}/logs REST endpoint #32015
  • Add --log-opt env-regex option to match environment variables using a regular expression #27565
  • Implement optional ring buffer for container logs #28762
  • Add --log-opt awslogs-create-group=<true|false> for awslogs (CloudWatch) to support creation of log groups as needed #29504
  • Fix segfault when using the gcplogs logging driver with a “static” binary #29478
  • Fix stderr logging for journald and syslog #95
  • Fix log readers can block writes indefinitely #98
  • Fix awslogs driver repeating last event #151

Networking

  • Add Support swarm-mode services with node-local networks such as macvlan, ipvlan, bridge, host #32981
  • Pass driver-options to network drivers on service creation #32981
  • Isolate Swarm Control-plane traffic from Application data traffic using --data-path-addr #32717
  • Several improvements to Service Discovery #docker/libnetwork/1796
  • Allow user to replace, and customize the ingress network #31714
  • Fix UDP traffic in containers not working after the container is restarted #32505
  • Fix files being written to /var/lib/docker if a different data-root is set #32505
  • Check parameter --ip, --ip6 and --link-local-ip in docker network connect #30807
  • Added support for dns-search #30117
  • Added --verbose option for docker network inspect to show task details from all swarm nodes #31710
  • Clear stale datapath encryption states when joining the cluster docker/libnetwork#1354
  • Ensure iptables initialization only happens once docker/libnetwork#1676
  • Fix bad order of iptables filter rules docker/libnetwork#961
  • Add anonymous container alias to service record on attachable network docker/libnetwork#1651
  • Support for com.docker.network.container_interface_prefix driver label docker/libnetwork#1667
  • Improve network list performance by omitting network details that are not used #30673
  • Fix issue with driver options not received by network drivers #127

Packaging

  • Rely on container-selinux on Centos/Fedora/RHEL when available #32437

Plugins

  • Make plugin removes more resilient to failure #91

Runtime

  • Add build & engine info prometheus metrics #32792
  • Update containerd to d24f39e203aa6be4944f06dd0fe38a618a36c764 #33007
  • Update runc to 992a5be178a62e026f4069f443c6164912adbf09 #33007
  • Add option to auto-configure blkdev for devmapper #31104
  • Add log driver list to docker info #32540
  • Add API endpoint to allow retrieving an image manifest #32061
  • Do not remove container from memory on error with forceremove #31012
  • Add support for metric plugins #32874
  • Return an error when an invalid filter is given to prune commands #33023
  • Add daemon option to allow pushing foreign layers #33151
  • Fix an issue preventing containerd to be restarted after it died #32986
  • Add cluster events to Docker event stream. #32421
  • Add support for DNS search on windows #33311
  • Upgrade to Go 1.8.3 #33387
  • Prevent a containerd crash when journald is restarted #33007
  • Fix healthcheck failures due to invalid environment variables #33249
  • Prevent a directory to be created in lieu of the daemon socket when a container mounting it is to be restarted during a shutdown #30348
  • Prevent a container to be restarted upon stop if its stop signal is set to SIGKILL #33335
  • Ensure log drivers get passed the same filename to both StartLogging and StopLogging endpoints #33583
  • Remove daemon data structure dump on SIGUSR1 to avoid a panic #33598
  • Ensure health probe is stopped when a container exits #32274
  • Handle paused container when restoring without live-restore set #31704
  • Do not allow sub second in healthcheck options in Dockerfile #31177
  • Support name and id prefix in secret update #30856
  • Use binary frame for websocket attach endpoint #30460
  • Fix linux mount calls not applying propagation type changes #30416
  • Fix ExecIds leak on failed exec -i #30340
  • Prune named but untagged images if danglingOnly=true #30330
  • Add daemon flag to set no_new_priv as default for unprivileged containers #29984
  • Add daemon option --default-shm-size #29692
  • Support registry mirror config reload #29650
  • Ignore the daemon log config when building images #29552
  • Move secret name or ID prefix resolving from client to daemon #29218
  • Add the ability to specify extra rules for a container device cgroup devices.allow mechanism #22563
  • Fix cpu.cfs_quota_us being reset when running systemd daemon-reload #31736
  • Prevent a goroutine leak when healthcheck gets stopped #90
  • Do not error on relabel when relabel not supported #92
  • Limit max backoff delay to 2 seconds for GRPC connection #94
  • Fix issue preventing containers to run when memory cgroup was specified due to bug in certain kernels #102
  • Fix container not responding to SIGKILL when paused #102
  • Improve error message if an image for an incompatible OS is loaded #108
  • Fix a handle leak in go-winio #112
  • Fix issue upon upgrade, preventing docker from showing running containers when --live-restore is enabled #117
  • Fix bug where services using secrets would fail to start on daemons using the userns-remap feature #121
  • Fix error handling with not-exist errors on remove #142
  • Fix REST API Swagger representation cannot be loaded with SwaggerUI #156

Security

  • Allow personality with UNAME26 bit set in default seccomp profile #32965
  • Allow setting SELinux type or MCS labels when using --ipc=container: or --ipc=host #30652
  • Redact secret data on secret creation #99

Swarm mode

  • Add an option to allow specifying a different interface for the data traffic (as opposed to control traffic) #32717
  • Allow specifying a secret location within the container #32571
  • Add support for secrets on Windows #32208
  • Add TLS Info to swarm info and node info endpoint #32875
  • Add support for services to carry arbitrary config objects #32336, #docker/cli/45,#33169
  • Add API to rotate swarm CA certificate #32993
  • Service digest pining is now handled client side #32388, #33239
  • Placement now also take platform in account #33144
  • Fix possible hang when joining fails #docker-ce/19
  • Fix an issue preventing external CA to be accepted #33341
  • Fix possible orchestration panic in mixed version clusters #swarmkit/2233
  • Avoid assigning duplicate IPs during initialization #swarmkit/2237
  • Add update/rollback order for services (--update-order / --rollback-order) #30261
  • Add support for synchronous service create and service update #31144
  • Add support for “grace periods” on healthchecks through the HEALTHCHECK --start-period and --health-start-period flag to docker service create, docker service update, docker create, and docker run to support containers with an initial startup time #28938
  • docker service create now omits fields that are not specified by the user, when possible. This allows defaults to be applied inside the manager #32284
  • docker service inspect now shows default values for fields that are not specified by the user #32284
  • Move docker service logs out of experimental #32462
  • Add support for Credential Spec and SELinux to services to the API #32339
  • Add --entrypoint flag to docker service create and docker service update #29228
  • Add --network-add and --network-rm to docker service update #32062
  • Add --credential-spec flag to docker service create and docker service update #32339
  • Add --filter mode=<global|replicated> to docker service ls #31538
  • Resolve network IDs on the client side, instead of in the daemon when creating services #32062
  • Add --format option to docker node ls #30424
  • Add --prune option to docker stack deploy to remove services that are no longer defined in the docker-compose file #31302
  • Add PORTS column for docker service ls when using ingress mode #30813
  • Fix unnescessary re-deploying of tasks when environment-variables are used #32364
  • Fix docker stack deploy not supporting endpoint_mode when deploying from a docker compose file #32333
  • Proceed with startup if cluster component cannot be created to allow recovering from a broken swarm setup #31631
  • Topology-aware scheduling #30725
  • Automatic service rollback on failure #31108
  • Worker and manager on the same node are now connected through a UNIX socket docker/swarmkit#1828, docker/swarmkit#1850, docker/swarmkit#1851
  • Improve raft transport package docker/swarmkit#1748
  • No automatic manager shutdown on demotion/removal docker/swarmkit#1829
  • Use TransferLeadership to make leader demotion safer docker/swarmkit#1939
  • Decrease default monitoring period docker/swarmkit#1967
  • Add Service logs formatting #31672
  • Fix service logs API to be able to specify stream #31313
  • Add --stop-signal for service create and service update #30754
  • Add --read-only for service create and service update #30162
  • Renew the context after communicating with the registry #31586
  • (experimental) Add --tail and --since options to docker service logs #31500
  • (experimental) Add --no-task-ids and --no-trunc options to docker service logs #31672
  • Do not add duplicate platform information to service spec #107
  • Cluster update and memory issue fixes #114
  • Changing get network request to return predefined network in swarm #150

Windows

  • Block pulling Windows images on non-Windows daemons #29001

Deprecation

  • Disable legacy registry (v1) by default #33629
  • Deprecate --api-enable-cors daemon flag. This flag was marked deprecated in Docker 1.6.0 but not listed in deprecated features #32352
  • Remove Ubuntu 12.04 (Precise Pangolin) as supported platform. Ubuntu 12.04 is EOL, and no longer receives updates #32520

Known issues

If a container is spawned on node A, using the same IP of a container destroyed on nodeB within 5 min from the time that it exit, the container on node A is not reachable until one of these 2 conditions happens:

  1. Container on A sends a packet out,
  2. The timer that cleans the arp entry in the overlay namespace is triggered (around 5 minutes).

As a workaround, send at least a packet out from each container like (ping, GARP, etc).

Docker EE 17.03.2-ee-8

2017-12-13

  • Handle cleanup DNS for attachable container to prevent leak in name resolution docker/libnetwork#1999
  • When a node is removed, delete all of its attachment tasks so networks used by those tasks can be removed docker/swarmkit#2417
  • Increase gRPC request timeout to 20 seconds for sending snapshots to prevent context deadline exceeded errors docker/swarmkit#2406
  • Avoid using a map for log attributes to prevent panic moby/moby#34174
  • Fix “raw” mode with the Splunk logging driver moby/moby#34520
  • Don’t unmount entire plugin manager tree on remove moby/moby#33422
  • Redact secret data on secret creation moby/moby#33884
  • Sort secrets and configs to ensure idempotence and prevent docker stack deploy from useless restart of services docker/cli#509
  • Automatically set may_detach_mounts=1 on startup to prevent device or resource busy errors moby/moby#34886
  • Don’t abort when setting may_detach_mounts moby/moby#35172
  • Protect health monitor channel to prevent engine panic moby/moby#35482

Docker EE 17.03.2-ee-7

2017-10-04

18.06.1-ce

2018-08-21

Builder

  • Fix no error if build args are missing during docker build. docker/engine#25
  • Set BuildKit’s ExportedProduct variable to show useful errors. docker/engine#21

Client

Runtime

Swarm Mode

18.06.0-ce

2018-07-18

Important notes about this release

  • Docker 18.06 CE will be the last release with a 4-month maintenance lifecycle. The planned Docker 18.09 CE release will be supported for 7 months with Docker 19.03 CE being the next release in line. More details about the release process can be found here.

Builder

Client

  • Bump spf13/cobra to v0.0.3, pflag to v1.0.1. moby/moby#37106
  • Add support for the new Stack API for Kubernetes v1beta2. docker/cli#899
  • K8s: more robust stack error detection on deploy. docker/cli#948
  • Support for rollback config in compose 3.7. docker/cli#409
  • Update Cobra and pflag, and use built-in --version feature. docker/cli#1069
  • Fix docker stack deploy --prune with empty name removing all services. docker/cli#1088
  • [Kubernetes] stack services filters. docker/cli#1023
  • Only show orchestrator flag in root, stack and version commands in help. docker/cli#1106
  • Add an Extras field on the compose config types. docker/cli#1126
  • Add options to the compose loader. docker/cli#1128
  • Fix always listing nodes in docker stack ps command on Kubernetes. docker/cli#1093
  • Fix output being shown twice on stack rm error message. docker/cli#1093
  • Extend client API with custom HTTP requests. moby/moby#37071
  • Changed error message for unreadable files to clarify possibility of a .Dockerignore entry. docker/cli#1053
  • Restrict kubernetes.allNamespaces value to ‘enabled’ or ‘disabled’ in configuration file. docker/cli#1087
  • Check errors when initializing the docker client in the help command. docker/cli#1119
  • Better namespace experience with Kubernetes. Fix using namespace defined in ~/.kube/config for stack commands. Add a NAMESPACE column for docker stack ls command. Add a --all-namespaces flag for docker stack ls command. docker/cli#991
  • Export Push and Save. docker/cli#1123
  • Export pull as a public function. docker/cli#1026
  • Remove Kubernetes commands from experimental. docker/cli#1068
  • Adding configs/secrets to service inspect pretty. docker/cli#1006
  • Fix service filtering by name on Kubernetes. docker/cli#1101
  • Fix component information alignment in docker version. docker/cli#1065
  • Fix cpu/memory limits and reservations being reset on service update. docker/cli#1079
  • Manifest list: request specific permissions. docker/cli#1024
  • Setting --orchestrator=all also sets --all-namespaces unless specific --namespace are set. docker/cli#1059
  • Fix panics when --compress and --stream are used together. docker/cli#1105
  • Switch from x/net/context to context. docker/cli#1038
  • Add --init option to docker service create. docker/cli#479
  • Fixed bug displaying garbage output for build command when --stream and --quiet flags combined. docker/cli#1090
  • Add init support in 3.7 schema. docker/cli#1129
  • Fix docker trust signer removal. docker/cli#1112
  • Fix error message from docker inspect. docker/cli#1071
  • Allow x-* extension on 3rd level objects. docker/cli#1097
  • An invalid orchestrator now generates an error instead of being silently ignored. docker/cli#1055
  • Added ORCHESTRATOR column to docker stack ls command. docker/cli#973
  • Warn when using host-ip for published ports for services. docker/cli#1017
  • Added the option to enable experimental cli features through the DOCKER_CLI_EXPERIMENTAL environment variable. docker/cli#1138
  • Add exec_die to the list of known container events. docker/cli#1028
  • [K8s] Do env-variable expansion on the uninterpreted Config files. docker/cli#974
  • Print warnings on stderr for each unsupported features while parsing a compose file for deployment on Kubernetes. docker/cli#903
  • Added description about pids count. docker/cli#1045
  • Warn user of filter when pruning. docker/cli#1043
  • Fix --rollback-* options overwriting --update-* options. docker/cli#1052
  • Update Attach, Build, Commit, Cp, Create subcommand fish completions. docker/cli#1005
  • Add bash completion for dockerd --default-address-pool. docker/cli#1173
  • Add bash completion for exec_die event. docker/cli#1173
  • Update docker-credential-helper so pass is not called on every docker command. docker/cli#1184
  • Fix for rotating swarm external CA. docker/cli#1199
  • Improve version output alignment. docker/cli#1207
  • Add bash completion for service create|update --init. docker/cli#1210

Deprecation

Logging

Networking

Runtime

Swarm Mode

  • List stacks for both Swarm and Kubernetes with --orchestrator=all in docker stack ls. Allow several occurrences of --namespace for Kubernetes with docker stack ls. docker/cli#1031
  • Bump SwarmKit to remove deprecated grpc metadata wrappers. moby/moby#36905
  • Issue an error for --orchestrator=all when working on mismatched Swarm and Kubernetes hosts. docker/cli#1035
  • Fix broken swarm commands with Kubernetes defined as orchestrator. “--orchestrator” flag is no longer global but local to stack commands and subcommands docker/cli#1137 docker/cli#1139
  • Bump swarmkit to include task reaper fixes and more metrics. docker/engine#13
  • Avoid a leak when a service with unassigned tasks is deleted. docker/engine#27
  • Fix racy batching on the dispatcher. docker/engine#27

18.03.1-ce

2018-04-26

Docker EE 17.03.2-ee-6

2017-08-24

Docker EE 17.03.2-ee-5

20 Jul 2017

  • Add more locking to storage drivers #31136
  • Prevent data race on docker network connect/disconnect #33456
  • Improve service discovery reliability #1796 #18078
  • Fix resource leak in swarm mode #2215
  • Optimize docker system df for volumes on NFS #33620
  • Fix validation bug with host-mode ports in swarm mode #2177
  • Fix potential crash in swarm mode #2268
  • Improve network control-plane reliability #1704
  • Do not error out when selinux relabeling is not supported on volume filesystem #33831
  • Remove debugging code for aufs ebusy errors #31665
  • Prevent resource leak on healthchecks #33781
  • Fix issue where containerd supervisor may exit prematurely #32590
  • Fix potential containerd crash #2
  • Ensure server details are set in client even when an error is returned #33827
  • Fix issue where slow/dead docker logs clients can block the container #33897
  • Fix potential panic on Windows when running as a service #32244

Docker EE 17.03.2-ee-4

2017-06-01

Refer to the detailed list of all changes since the release of Docker EE 17.03.1-ee-3

Note: This release includes a fix for potential data loss under certain circumstances with the local (built-in) volume driver.

Docker EE 17.03.1-ee-3

2017-03-30

  • Fix an issue with the SELinux policy for Oracle Linux #31501

Docker EE 17.03.1-ee-2

2017-03-28

Refer to the detailed list of all changes since the release of Docker EE 17.03.0-ee-1

Docker EE 17.03.0-ee-1 (2 Mar 2017)

Initial Docker EE release, based on Docker CE 17.03.0

  • Optimize size calculation for docker system df container size #31159

Older Docker Engine CE Release notes

18.03.1-ce

2018-04-26

Client

  • Fix error with merge compose file with networks docker/cli#983
  • Fix docker stack deploy re-deploying services after the service was updated with --force docker/cli#963
  • Fix docker version output alignment docker/cli#965

Runtime

Swarm Mode

Networking

18.03.0-ce

2018-03-21

Builder

Client

Logging

Networking

Runtime

Swarm Mode

17.12.1-ce

2018-02-27

Client

Logging

Networking

Packaging

Runtime

  • Bump Golang to 1.9.4
  • Bump containerd to 1.0.1
  • Fix dockerd not being able to reconnect to containerd when it is restarted moby/moby#36173
  • Fix containerd events from being processed twice moby/moby#35891
  • Fix vfs graph driver failure to initialize because of failure to setup fs quota moby/moby#35827
  • Fix regression of health check not using container’s working directory moby/moby#35845
  • Honor DOCKER_RAMDISK with containerd 1.0 moby/moby#35957
  • Update runc to fix hang during start and exec moby/moby#36097
  • Windows: Vendor of Microsoft/hcsshim @v.0.6.8 partial fix for import layer failing moby/moby#35924
  • Do not make graphdriver homes private mounts moby/moby#36047
  • Use rslave propagation for mounts from daemon root moby/moby#36055
  • Set daemon root to use shared mount propagation moby/moby#36096
  • Validate that mounted paths exist when container is started, not just during creation moby/moby#35833
  • Add REMOVE and ORPHANED to TaskState moby/moby#36146
  • Fix issue where network inspect does not show Created time for networks in swarm scope moby/moby#36095
  • Nullify container read write layer upon release moby/moby#36130 and moby/moby#36343

Swarm

17.12.0-ce

2017-12-27

Known Issues

Builder

Client

Documentation

Logging

Networking

Runtime

Swarm Mode

Packaging

17.09.1-ce

2017-12-07

Builder

Client

Networking

Runtime

Swarm mode

17.09.0-ce

2017-09-26

Builder

Client

  • Allow extension fields in the v3.4 version of the compose format docker/cli#452
  • Make compose file allow to specify names for non-external volume docker/cli#306
  • Support --compose-file - as stdin docker/cli#347
  • Support start_period for healthcheck in Docker Compose docker/cli#475
  • Add support for stop-signal in docker stack commands docker/cli#388
  • Add support for update order in compose deployments docker/cli#360
  • Add ulimits to unsupported compose fields docker/cli#482
  • Add --format to docker-search docker/cli#440
  • Show images digests when {{.Digest}} is in format docker/cli#439
  • Print output of docker stack rm on stdout instead of stderr docker/cli#491
  • Fix docker history --format {{json .}} printing human-readable timestamps instead of ISO8601 when --human=true docker/cli#438
  • Fix idempotence of docker stack deploy when secrets or configs are used docker/cli#509
  • Fix presentation of random host ports docker/cli#404
  • Fix redundant service restarts when service created with multiple secrets moby/moby#34746

Logging

  • Fix Splunk logger not transmitting log data when tag is empty and raw-mode is used moby/moby#34520

Networking

Runtime

Swarm mode

  • Include whether the managers in the swarm are autolocked as part of docker info docker/cli#471
  • Add ‘docker service rollback’ subcommand docker/cli#205
  • Fix managers failing to join if the gRPC snapshot is larger than 4MB docker/swarmkit#2375
  • Fix “permission denied” errors for configuration file in SELinux-enabled containers moby/moby#34732
  • Fix services failing to deploy on ARM nodes moby/moby#34021

Packaging

Deprecation

17.06.2-ce

2017-09-05

Client

  • Enable TCP keepalive in the client to prevent loss of connection docker/cli#415

Runtime

  • Devmapper: ensure UdevWait is called after calls to setCookie moby/moby#33732
  • Aufs: ensure diff layers are correctly removed to prevent leftover files from using up storage moby/moby#34587

Swarm mode

17.06.1-ce

2017-08-15

Builder

  • Fix a regression, where ADD from remote URL’s extracted archives #89
  • Fix handling of remote “git@” notation #100
  • Fix copy --from conflict with force pull #86

Client

  • Make pruning volumes optional when running docker system prune, and add a --volumes flag #109
  • Show progress of replicated tasks before they are assigned #97
  • Fix docker wait hanging if the container does not exist #106
  • If docker swarm ca is called without the --rotate flag, warn if other flags are passed #110
  • Fix API version negotiation not working if the daemon returns an error #115
  • Print an error if “until” filter is combined with “--volumes” on system prune #154

Logging

  • Fix stderr logging for journald and syslog #95
  • Fix log readers can block writes indefinitely #98
  • Fix awslogs driver repeating last event #151

Networking

  • Fix issue with driver options not received by network drivers #127

Plugins

  • Make plugin removes more resilient to failure #91

Runtime

  • Prevent a goroutine leak when healthcheck gets stopped #90
  • Do not error on relabel when relabel not supported #92
  • Limit max backoff delay to 2 seconds for GRPC connection #94
  • Fix issue preventing containers to run when memory cgroup was specified due to bug in certain kernels #102
  • Fix container not responding to SIGKILL when paused #102
  • Improve error message if an image for an incompatible OS is loaded #108
  • Fix a handle leak in go-winio #112
  • Fix issue upon upgrade, preventing docker from showing running containers when --live-restore is enabled #117
  • Fix bug where services using secrets would fail to start on daemons using the userns-remap feature #121
  • Fix error handling with not-exist errors on remove #142
  • Fix REST API Swagger representation cannot be loaded with SwaggerUI #156

Security

  • Redact secret data on secret creation #99

Swarm mode

  • Do not add duplicate platform information to service spec #107
  • Cluster update and memory issue fixes #114
  • Changing get network request to return predefined network in swarm #150

17.06.0-ce

2017-06-28

Note: Docker 17.06.0 has an issue in the image builder causing a change in the behavior of the ADD instruction of Dockerfile when referencing a remote .tar.gz file. The issue will be fixed in Docker 17.06.1.

Note: Starting with Docker CE 17.06, Ubuntu packages are also available for IBM Z using the s390x architecture.

Note: Docker 17.06 by default disables communication with legacy (v1) registries. If you require interaction with registries that have not yet migrated to the v2 protocol, set the --disable-legacy-registry=false daemon option. Interaction with v1 registries will be removed in Docker 17.12.

Builder

  • Add --iidfile option to docker build. It allows specifying a location where to save the resulting image ID
  • Allow specifying any remote ref in git checkout URLs #32502

Client

  • Add --format option to docker stack ls #31557
  • Add support for labels in compose initiated builds #32632 #32972
  • Add --format option to docker history #30962
  • Add --format option to docker system df #31482
  • Allow specifying Nameservers and Search Domains in stack files #32059
  • Add support for read_only service to docker stack deploy #docker/cli/73
  • Display Swarm cluster and node TLS information #docker/cli/44
  • Add support for placement preference to docker stack deploy #docker/cli/35
  • Add new ca subcommand to docker swarm to allow managing a swarm CA #docker/cli/48
  • Add credential-spec to compose #docker/cli/71
  • Add support for csv format options to --network and --network-add #docker/cli/62 #33130
  • Fix stack compose bind-mount volumes on Windows #docker/cli/136
  • Correctly handle a Docker daemon without registry info #docker/cli/126
  • Allow --detach and --quiet flags when using --rollback #docker/cli/144
  • Remove deprecated --email flag from docker login #docker/cli/143
  • Adjusted docker stats memory output #docker/cli/80

Distribution

  • Select digest over tag when both are provided during a pull #33214

Logging

  • Add monitored resource type metadata for GCP logging driver #32930
  • Add multiline processing to the AWS CloudWatch logs driver #30891

Networking

  • Add Support swarm-mode services with node-local networks such as macvlan, ipvlan, bridge, host #32981
  • Pass driver-options to network drivers on service creation #32981
  • Isolate Swarm Control-plane traffic from Application data traffic using --data-path-addr #32717
  • Several improvements to Service Discovery #docker/libnetwork/1796

Packaging

  • Rely on container-selinux on Centos/Fedora/RHEL when available #32437

Runtime

  • Add build & engine info prometheus metrics #32792
  • Update containerd to d24f39e203aa6be4944f06dd0fe38a618a36c764 #33007
  • Update runc to 992a5be178a62e026f4069f443c6164912adbf09 #33007
  • Add option to auto-configure blkdev for devmapper #31104
  • Add log driver list to docker info #32540
  • Add API endpoint to allow retrieving an image manifest #32061
  • Do not remove container from memory on error with forceremove #31012
  • Add support for metric plugins #32874
  • Return an error when an invalid filter is given to prune commands #33023
  • Add daemon option to allow pushing foreign layers #33151
  • Fix an issue preventing containerd to be restarted after it died #32986
  • Add cluster events to Docker event stream. #32421
  • Add support for DNS search on windows #33311
  • Upgrade to Go 1.8.3 #33387
  • Prevent a containerd crash when journald is restarted #containerd/930
  • Fix healthcheck failures due to invalid environment variables #33249
  • Prevent a directory to be created in lieu of the daemon socket when a container mounting it is to be restarted during a shutdown #30348
  • Prevent a container to be restarted upon stop if its stop signal is set to SIGKILL #33335
  • Ensure log drivers get passed the same filename to both StartLogging and StopLogging endpoints #33583
  • Remove daemon data structure dump on SIGUSR1 to avoid a panic #33598

Security

  • Allow personality with UNAME26 bit set in default seccomp profile #32965

Swarm Mode

  • Add an option to allow specifying a different interface for the data traffic (as opposed to control traffic) #32717
  • Allow specifying a secret location within the container #32571
  • Add support for secrets on Windows #32208
  • Add TLS Info to swarm info and node info endpoint #32875
  • Add support for services to carry arbitrary config objects #32336, #docker/cli/45,#33169
  • Add API to rotate swarm CA certificate #32993
  • Service digest pining is now handled client side #32388, #33239
  • Placement now also take platform in account #33144
  • Fix possible hang when joining fails #docker-ce/19
  • Fix an issue preventing external CA to be accepted #33341
  • Fix possible orchestration panic in mixed version clusters #swarmkit/2233
  • Avoid assigning duplicate IPs during initialization #swarmkit/2237

Deprecation

  • Disable legacy registry (v1) by default #33629

17.03.2-ce

2017-05-29

17.03.3-ce

2018-08-30

Runtime

  • Update go-connections to d217f8e #28

17.03.2-ce

2017-05-29

Networking

  • Fix a concurrency issue preventing network creation #33273

Runtime

  • Relabel secrets path to avoid a Permission Denied on selinux enabled systems #33236 (ref #32529
  • Fix cases where local volume were not properly relabeled if needed #33236 (ref #29428)
  • Fix an issue while upgrading if a plugin rootfs was still mounted #33236 (ref #32525)
  • Fix an issue where volume wouldn’t default to the rprivate propagation mode #33236 (ref #32851)
  • Fix a panic that could occur when a volume driver could not be retrieved #33236 (ref #32347)
  • Add a warning in docker info when the overlay or overlay2 graphdriver is used on a filesystem without d_type support #33236 (ref #31290)
  • Fix an issue with backporting mount spec to older volumes #33207
  • Fix issue where a failed unmount can lead to data loss on local volume remove #33120

Swarm Mode

  • Fix a case where tasks could get killed unexpectedly #33118
  • Fix an issue preventing to deploy services if the registry cannot be reached despite the needed images being locally present #33117

17.03.1-ce

2017-03-27

Remote API (v1.27) & Client

  • Fix autoremove on older api #31692
  • Fix default network customization for a stack #31258
  • Correct CPU usage calculation in presence of offline CPUs and newer Linux #31802
  • Fix issue where service healthcheck is {} in remote API #30197

Runtime

  • Update runc to 54296cf40ad8143b62dbcaa1d90e520a2136ddfe #31666
  • Ignore cgroup2 mountpoints opencontainers/runc#1266
  • Update containerd to 4ab9917febca54791c5f071a9d1f404867857fcc #31662 #31852
  • Register healtcheck service before calling restore() docker/containerd#609
  • Fix docker exec not working after unattended upgrades that reload apparmor profiles #31773
  • Fix unmounting layer without merge dir with Overlay2 #31069
  • Do not ignore “volume in use” errors when force-delete #31450

Swarm Mode

Windows

  • Cleanup HCS on restore #31503

17.03.0-ce

2017-03-01

IMPORTANT: Starting with this release, Docker is on a monthly release cycle and uses a new YY.MM versioning scheme to reflect this. Two channels are available: monthly and quarterly. Any given monthly release will only receive security and bugfixes until the next monthly release is available. Quarterly releases receive security and bugfixes for 4 months after initial release. This release includes bugfixes for 1.13.1 but there are no major feature additions and the API version stays the same. Upgrading from Docker 1.13.1 to 17.03.0 is expected to be simple and low-risk.

Client

  • Fix panic in docker stats --format #30776

Contrib

  • Update various bash and zsh completion scripts #30823, #30945 and more...
  • Block obsolete socket families in default seccomp profile - mitigates unpatched kernels’ CVE-2017-6074 #29076

Networking

  • Fix bug on overlay encryption keys rotation in cross-datacenter swarm #30727
  • Fix side effect panic in overlay encryption and network control plane communication failure (“No installed keys could decrypt the message”) on frequent swarm leader re-election #25608
  • Several fixes around system responsiveness and datapath programming when using overlay network with external kv-store docker/libnetwork#1639, docker/libnetwork#1632 and more...
  • Discard incoming plain vxlan packets for encrypted overlay network #31170
  • Release the network attachment on allocation failure #31073
  • Fix port allocation when multiple published ports map to the same target port docker/swarmkit#1835

Runtime

  • Fix a deadlock in docker logs #30223
  • Fix CPU spin waiting for log write events #31070
  • Fix a possible crash when using journald #31231 #31263
  • Fix a panic on close of nil channel #31274
  • Fix duplicate mount point for --volumes-from in docker run #29563
  • Fix --cache-from does not cache last step #31189

Swarm Mode

  • Shutdown leaks an error when the container was never started #31279
  • Fix possibility of tasks getting stuck in the “NEW” state during a leader failover docker/swarmkit#1938
  • Fix extraneous task creations for global services that led to confusing replica counts in docker service ls docker/swarmkit#1957
  • Fix problem that made rolling updates slow when task-history-limit was set to 1 docker/swarmkit#1948
  • Restart tasks elsewhere, if appropriate, when they are shut down as a result of nodes no longer satisfying constraints docker/swarmkit#1958
  • (experimental)

Edge releases

18.05.0-ce

2018-05-09

Builder

  • Adding netbsd compatibility to the package pkg/term. moby/moby#36887
  • Standardizes output path for artifacts of intermediate builds to /build/. moby/moby#36858

Client

  • Fix docker stack deploy reference flag. docker/cli#981
  • Fix docker stack deploy re-deploying services after the service was updated with --force. docker/cli#963
  • Add bash completion for secret|config create --template-driver. docker/cli#1004
  • Add fish completions for docker trust subcommand. docker/cli#984
  • Fix --format example for docker history. docker/cli#980
  • Fix error with merge composefile with networks. docker/cli#983

Logging

Networking

Runtime

Swarm Mode

18.04.0-ce

2018-04-10

Builder

Client

Logging

Networking

Runtime

Swarm Mode

18.02.0-ce

2018-02-07

Builder

Client

Experimental

Logging

  • Improve daemon config reload; log active configuration moby/moby#36019
  • Fixed error detection using IsErrNotFound and IsErrNotImplemented for the ContainerLogs method moby/moby#36000
  • Add journald tag as SYSLOG_IDENTIFIER moby/moby#35570
  • Splunk: limit the reader size on error responses moby/moby#35509

Networking

Packaging

Runtime

18.01.0-ce

2018-01-10

Builder

  • Fix files not being deleted if user-namespaces are enabled moby/moby#35822
  • Add support for expanding environment-variables in docker commit --change ... moby/moby#35582

Client

Documentation

Experimental

Logging

  • Fix daemon crash when using the GELF log driver over TCP when the GELF server goes down moby/moby#35765
  • Fix awslogs batch size calculation for large logs moby/moby#35726

Networking

Runtime

Swarm mode

  • Fix published ports not being updated if a service has the same number of host-mode published ports with Published Port 0 docker/swarmkit#2376
  • Make the task termination order deterministic docker/swarmkit#2265

17.11.0-ce

2017-11-20

Important: Docker CE 17.11 is the first Docker release based on containerd 1.0 beta. Docker CE 17.11 and later don’t recognize containers started with previous Docker versions. If using Live Restore, you must stop all containers before upgrading to Docker CE 17.11. If you don’t, any containers started by Docker versions that predate 17.11 aren’t recognized by Docker after the upgrade and keep running, un-managed, on the system.

Builder

Client

Deprecation

  • Update bash completion and deprecation for synchronous service updates docker/cli#610

Logging

Networking

Runtime

Swarm Mode

  • Modifying integration test due to new ipam options in swarmkit moby/moby#35103
  • Fix deadlock on getting swarm info moby/moby#35388
  • Expand the scope of the Err field in TaskStatus to also cover non-terminal errors that block the task from progressing docker/swarmkit#2287

Packaging

17.10.0-ce

2017-10-17

Important: Starting with this release, docker service create, docker service update, docker service scale and docker service rollback use non-detached mode as default, use --detach to keep the old behaviour.

Builder

  • Reset uid/gid to 0 in uploaded build context to share build cache with other clients docker/cli#513
  • Add support for ADD urls without any sub path moby/moby#34217

Client

Networking

Runtime

Swarm mode

17.07.0-ce

2017-08-29

API & Client

  • Add support for proxy configuration in config.json docker/cli#93
  • Enable pprof/debug endpoints by default moby/moby#32453
  • Passwords can now be passed using STDIN using the new --password-stdin flag on docker login docker/cli#271
  • Add --detach to docker scale docker/cli#243
  • Prevent docker logs --no-stream from hanging due to non-existing containers moby/moby#34004
  • Fix docker stack ps printing error to stdout instead of stderr docker/cli#298
  • Fix progress bar being stuck on docker service create if an error occurs during deploy docker/cli#259
  • Improve presentation of progress bars in interactive mode docker/cli#260 docker/cli#237
  • Print a warning if docker login --password is used, and recommend --password-stdin docker/cli#270
  • Make API version negotiation more robust moby/moby#33827
  • Hide --detach when connected to daemons older than Docker 17.05 docker/cli#219
  • Add scope filter in GET /networks/(id or name) moby/moby#33630

Builder

Logging

Runtime

Swarm mode

17.05.0-ce

2017-05-04

Builder

  • Add multi-stage build support #31257 #32063
  • Allow using build-time args (ARG) in FROM #31352
  • Add an option for specifying build target #32496
  • Accept -f - to read Dockerfile from stdin, but use local context for building #31236
  • The values of default build time arguments (e.g HTTP_PROXY) are no longer displayed in docker image history unless a corresponding ARG instruction is written in the Dockerfile. #31584
  • Fix setting command if a custom shell is used in a parent image #32236
  • Fix docker build --label when the label includes single quotes and a space #31750

Client

  • Add --mount flag to docker run and docker create #32251
  • Add --type=secret to docker inspect #32124
  • Add --format option to docker secret ls #31552
  • Add --filter option to docker secret ls #30810
  • Add --filter scope=<swarm|local> to docker network ls #31529
  • Add --cpus support to docker update #31148
  • Add label filter to docker system prune and other prune commands #30740
  • docker stack rm now accepts multiple stacks as input #32110
  • Improve docker version --format option when the client has downgraded the API version #31022
  • Prompt when using an encrypted client certificate to connect to a docker daemon #31364
  • Display created tags on successful docker build #32077
  • Cleanup compose convert error messages #32087

Contrib

  • Add support for building docker debs for Ubuntu 17.04 Zesty on amd64 #32435

Daemon

  • Fix --api-cors-header being ignored if --api-enable-cors is not set #32174
  • Cleanup docker tmp dir on start #31741
  • Deprecate --graph flag in favor or --data-root #28696

Logging

  • Add support for logging driver plugins #28403
  • Add support for showing logs of individual tasks to docker service logs, and add /task/{id}/logs REST endpoint #32015
  • Add --log-opt env-regex option to match environment variables using a regular expression #27565

Networking

  • Allow user to replace, and customize the ingress network #31714
  • Fix UDP traffic in containers not working after the container is restarted #32505
  • Fix files being written to /var/lib/docker if a different data-root is set #32505

Runtime

  • Ensure health probe is stopped when a container exits #32274

Swarm Mode

  • Add update/rollback order for services (--update-order / --rollback-order) #30261
  • Add support for synchronous service create and service update #31144
  • Add support for “grace periods” on healthchecks through the HEALTHCHECK --start-period and --health-start-period flag to docker service create, docker service update, docker create, and docker run to support containers with an initial startup time #28938
  • docker service create now omits fields that are not specified by the user, when possible. This will allow defaults to be applied inside the manager #32284
  • docker service inspect now shows default values for fields that are not specified by the user #32284
  • Move docker service logs out of experimental #32462
  • Add support for Credential Spec and SELinux to services to the API #32339
  • Add --entrypoint flag to docker service create and docker service update #29228
  • Add --network-add and --network-rm to docker service update #32062
  • Add --credential-spec flag to docker service create and docker service update #32339
  • Add --filter mode=<global|replicated> to docker service ls #31538
  • Resolve network IDs on the client side, instead of in the daemon when creating services #32062
  • Add --format option to docker node ls #30424
  • Add --prune option to docker stack deploy to remove services that are no longer defined in the docker-compose file #31302
  • Add PORTS column for docker service ls when using ingress mode #30813
  • Fix unnescessary re-deploying of tasks when environment-variables are used #32364
  • Fix docker stack deploy not supporting endpoint_mode when deploying from a docker compose file #32333
  • Proceed with startup if cluster component cannot be created to allow recovering from a broken swarm setup #31631

Security

  • Allow setting SELinux type or MCS labels when using --ipc=container: or --ipc=host #30652

Deprecation

  • Deprecate --api-enable-cors daemon flag. This flag was marked deprecated in Docker 1.6.0 but not listed in deprecated features #32352
  • Remove Ubuntu 12.04 (Precise Pangolin) as supported platform. Ubuntu 12.04 is EOL, and no longer receives updates #32520

17.04.0-ce

2017-04-05

Builder

  • Disable container logging for build containers #29552
  • Fix use of **/ in .dockerignore #29043

Client

  • Sort docker stack ls by name #31085
  • Flags for specifying bind mount consistency #31047
  • Output of docker CLI --help is now wrapped to the terminal width #28751
  • Suppress image digest in docker ps #30848
  • Hide command options that are related to Windows #30788
  • Fix docker plugin install prompt to accept “enter” for the “N” default #30769
  • Add truncate function for Go templates #30484
  • Support expanded syntax of ports in stack deploy #30476
  • Support expanded syntax of mounts in stack deploy #30597 #31795
  • Add --add-host for docker build #30383
  • Add .CreatedAt placeholder for docker network ls --format #29900
  • Update order of --secret-rm and --secret-add #29802
  • Add --filter enabled=true for docker plugin ls #28627
  • Add --format to docker service ls #28199
  • Add publish and expose filter for docker ps --filter #27557
  • Support multiple service IDs on docker service ps #25234
  • Allow swarm join with --availability=drain #24993
  • Docker inspect now shows “docker-default” when AppArmor is enabled and no other profile was defined #27083

Logging

  • Implement optional ring buffer for container logs #28762
  • Add --log-opt awslogs-create-group=<true|false> for awslogs (CloudWatch) to support creation of log groups as needed #29504
  • Fix segfault when using the gcplogs logging driver with a “static” binary #29478

Networking

  • Check parameter --ip, --ip6 and --link-local-ip in docker network connect #30807
  • Added support for dns-search #30117
  • Added --verbose option for docker network inspect to show task details from all swarm nodes #31710
  • Clear stale datapath encryption states when joining the cluster docker/libnetwork#1354
  • Ensure iptables initialization only happens once docker/libnetwork#1676
  • Fix bad order of iptables filter rules docker/libnetwork#961
  • Add anonymous container alias to service record on attachable network docker/libnetwork#1651
  • Support for com.docker.network.container_interface_prefix driver label docker/libnetwork#1667
  • Improve network list performance by omitting network details that are not used #30673

Runtime

  • Handle paused container when restoring without live-restore set #31704
  • Do not allow sub second in healthcheck options in Dockerfile #31177
  • Support name and id prefix in secret update #30856
  • Use binary frame for websocket attach endpoint #30460
  • Fix linux mount calls not applying propagation type changes #30416
  • Fix ExecIds leak on failed exec -i #30340
  • Prune named but untagged images if danglingOnly=true #30330
  • Add daemon flag to set no_new_priv as default for unprivileged containers #29984
  • Add daemon option --default-shm-size #29692
  • Support registry mirror config reload #29650
  • Ignore the daemon log config when building images #29552
  • Move secret name or ID prefix resolving from client to daemon #29218
  • Allow adding rules to cgroup devices.allow on container create/run #22563
  • Fix cpu.cfs_quota_us being reset when running systemd daemon-reload #31736

Swarm Mode

Windows

  • Block pulling Windows images on non-Windows daemons #29001
docker, docker engine, ee, ce, whats new, release notes