Docker Engine 18.03 release notes

18.03.1-ce

2018-04-26

Client

• Fix error with merge compose file with networks docker/cli#983open_in_new

• Fix docker stack deploy re-deploying services after the service was updated with --force docker/cli#963open_in_new
• Fix docker version output alignment docker/cli#965open_in_new

Runtime

• Fix AppArmor profiles not being applied to docker exec processes moby/moby#36466open_in_new
• Don't sort plugin mount slice moby/moby#36711open_in_new
• Daemon/cluster: handle partial attachment entries during configure moby/moby#36769open_in_new

• Bump Golang to 1.9.5 moby/moby#36779open_in_new docker/cli#986open_in_new

• Daemon/stats: more resilient cpu sampling moby/moby#36519open_in_new

• Containerd: update to 1.0.3 release moby/moby#36749open_in_new

• Fix Windows layer leak when write fails moby/moby#36728open_in_new

• Don't make container mount unbindable moby/moby#36768open_in_new

• Fix Daemon panics on container export after a daemon restart moby/moby/36586open_in_new
• Fix digest cache being removed on autherrors moby/moby#36509open_in_new
• Make sure plugin container is removed on failure moby/moby#36715open_in_new
• Copy: avoid using all system memory with authz plugins moby/moby#36595open_in_new
• Relax some libcontainerd client locking moby/moby#36848open_in_new
• Update hcsshim to v0.6.10 to address CVE-2018-8115open_in_new

Swarm Mode

• Increase raft Election tick to 10 times Heartbeat tick moby/moby#36672open_in_new

Networking

• Gracefully remove LB endpoints from services docker/libnetwork#2112open_in_new
• Retry other external DNS servers on ServFail docker/libnetwork#2121open_in_new
• Improve scalabiltiy of bridge network isolation rules docker/libnetwork#2117open_in_new
• Allow for larger preset property values, do not override docker/libnetwork#2124open_in_new
• Prevent panics on concurrent reads/writes when calling changeNodeState docker/libnetwork#2136open_in_new

18.03.0-ce

2018-03-21

Builder

• Switch to -buildmode=pie moby/moby#34369open_in_new
• Allow Dockerfile to be outside of build-context docker/cli#886open_in_new
• Builder: fix wrong cache hits building from tars moby/moby#36329open_in_new

• Fixes files leaking to other images in a multi-stage build moby/moby#36338open_in_new

Client

• Simplify the marshaling of compose types.Config docker/cli#895open_in_new

• Add support for multiple composefile when deploying docker/cli#569open_in_new

• Fix broken Kubernetes stack flags docker/cli#831open_in_new
• Fix stack marshaling for Kubernetes docker/cli#890open_in_new
• Fix and simplify bash completion for service env, mounts and labels docker/cli#682open_in_new
• Fix before and since filter for docker ps moby/moby#35938open_in_new
• Fix --label-file weird behavior docker/cli#838open_in_new
• Fix compilation of defaultCredentialStore() on unsupported platforms docker/cli#872open_in_new

• Improve and fix bash completion for images docker/cli#717open_in_new

• Added check for empty source in bind mount docker/cli#824open_in_new

• Fix TLS from environment variables in client moby/moby#36270open_in_new

• docker build now runs faster when registry-specific credential helper(s) are configured docker/cli#840open_in_new
• Update event filter zsh completion with disable, enable, install and remove docker/cli#372open_in_new
• Produce errors when empty ids are passed into inspect calls moby/moby#36144open_in_new
• Marshall version for the k8s controller docker/cli#891open_in_new
• Set a non-zero timeout for HTTP client communication with plugin backend docker/cli#883open_in_new

• Add DOCKER_TLS environment variable for --tls option docker/cli#863open_in_new
• Add --template-driver option for secrets/configs docker/cli#896open_in_new
• Move docker trust commands out of experimental docker/cli#934open_in_new docker/cli#935open_in_new docker/cli#944open_in_new

Logging

• AWS logs - don't add new lines to maximum sized events moby/moby#36078open_in_new
• Move log validator logic after plugins are loaded moby/moby#36306open_in_new
• Support a proxy in Splunk log driver moby/moby#36220open_in_new

• Fix log tail with empty logs moby/moby#36305open_in_new

Networking

• Libnetwork revendoring moby/moby#36137open_in_new

• Fix for deadlock on exit with Memberlist revendor docker/libnetwork#2040open_in_new

• Fix user specified ndots option docker/libnetwork#2065open_in_new

• Fix to use ContainerID for Windows instead of SandboxID docker/libnetwork#2010open_in_new

• Verify NetworkingConfig to make sure EndpointSettings is not nil moby/moby#36077open_in_new

• Fix DockerNetworkInternalMode issue moby/moby#36298open_in_new
• Fix race in attachable network attachment moby/moby#36191open_in_new
• Fix timeout issue of InspectNetwork on AArch64 moby/moby#36257open_in_new

• Verbose info is missing for partial overlay ID moby/moby#35989open_in_new
• Update FindNetwork to address network name duplications moby/moby#30897open_in_new
• Disallow attaching ingress network docker/swarmkit#2523open_in_new

• Prevent implicit removal of the ingress network moby/moby#36538open_in_new
• Fix stale HNS endpoints on Windows moby/moby#36603open_in_new
• IPAM fixes for duplicate IP addresses docker/libnetwork#2104open_in_new docker/libnetwork#2105open_in_new

Runtime

• Enable HotAdd for Windows moby/moby#35414open_in_new
• LCOW: Graphdriver fix deadlock in hotRemoveVHDs moby/moby#36114open_in_new
• LCOW: Regular mount if only one layer moby/moby#36052open_in_new
• Remove interim env var LCOW_API_PLATFORM_IF_OMITTED moby/moby#36269open_in_new
• Revendor Microsoft/opengcs @ v0.3.6 moby/moby#36108open_in_new

• Fix issue of ExitCode and PID not show up in Task.Status.ContainerStatus moby/moby#36150open_in_new
• Fix issue with plugin scanner going too deep moby/moby#36119open_in_new

• Do not make graphdriver homes private mounts moby/moby#36047open_in_new
• Do not recursive unmount on cleanup of zfs/btrfs moby/moby#36237open_in_new
• Don't restore image if layer does not exist moby/moby#36304open_in_new
• Adjust minimum API version for templated configs/secrets moby/moby#36366open_in_new
• Bump containerd to 1.0.2 (cfd04396dc68220d1cecbe686a6cc3aa5ce3667c) moby/moby#36308open_in_new
• Bump Golang to 1.9.4 moby/moby#36243open_in_new
• Ensure daemon root is unmounted on shutdown moby/moby#36107open_in_new
• Update runc to 6c55f98695e902427906eed2c799e566e3d3dfb5 moby/moby#36222open_in_new

• Fix container cleanup on daemon restart moby/moby#36249open_in_new

• Support SCTP port mapping (bump up API to v1.37) moby/moby#33922open_in_new
• Support SCTP port mapping docker/cli#278open_in_new

• Fix Volumes property definition in ContainerConfig moby/moby#35946open_in_new

• Bump moby and dependencies docker/cli#829open_in_new
• C.RWLayer: check for nil before use moby/moby#36242open_in_new

• Add REMOVE and ORPHANED to TaskState moby/moby#36146open_in_new

• Fixed error detection using IsErrNotFound and IsErrNotImplemented for ContainerStatPath, CopyFromContainer, and CopyToContainer methods moby/moby#35979open_in_new

• Add an integration/internal/container helper package moby/moby#36266open_in_new
• Add canonical import path moby/moby#36194open_in_new
• Add/use container.Exec() to integration moby/moby#36326open_in_new

• Fix "--node-generic-resource" singular/plural moby/moby#36125open_in_new

• Daemon.cleanupContainer: nullify container RWLayer upon release moby/moby#36160open_in_new
• Daemon: passdown the --oom-kill-disable option to containerd moby/moby#36201open_in_new
• Display a warn message when there is binding ports and net mode is host moby/moby#35510open_in_new
• Refresh containerd remotes on containerd restarted moby/moby#36173open_in_new
• Set daemon root to use shared propagation moby/moby#36096open_in_new
• Optimizations for recursive unmount moby/moby#34379open_in_new
• Perform plugin mounts in the runtime moby/moby#35829open_in_new
• Graphdriver: Fix RefCounter memory leak moby/moby#36256open_in_new
• Use continuity fs package for volume copy moby/moby#36290open_in_new
• Use proc/exe for reexec moby/moby#36124open_in_new

• Add API support for templated secrets and configs moby/moby#33702open_in_new and moby/moby#36366open_in_new

• Use rslave propagation for mounts from daemon root moby/moby#36055open_in_new

• Add /proc/keys to masked paths moby/moby#36368open_in_new

• Bump Runc to 1.0.0-rc5 moby/moby#36449open_in_new

• Fixes runc exec on big-endian architectures moby/moby#36449open_in_new

• Use chroot when mount namespaces aren't provided moby/moby#36449open_in_new

• Fix systemd slice expansion so that it could be consumed by cAdvisor moby/moby#36449open_in_new
• Fix devices mounted with wrong uid/gid moby/moby#36449open_in_new
• Fix read-only containers with IPC private mounts /dev/shm read-only moby/moby#36526open_in_new

Swarm Mode

• Replace EC Private Key with PKCS#8 PEMs docker/swarmkit#2246open_in_new
• Fix IP overlap with empty EndpointSpec docker/swarmkit #2505open_in_new
• Add support for Support SCTP port mapping docker/swarmkit#2298open_in_new
• Do not reschedule tasks if only placement constraints change and are satisfied by the assigned node docker/swarmkit#2496open_in_new
• Ensure task reaper stopChan is closed no more than once docker/swarmkit #2491open_in_new
• Synchronization fixes docker/swarmkit#2495open_in_new
• Add log message to indicate message send retry if streaming unimplemented docker/swarmkit#2483open_in_new
• Debug logs for session, node events on dispatcher, heartbeats docker/swarmkit#2486open_in_new

• Add swarm types to bash completion event type filter docker/cli#888open_in_new

• Fix issue where network inspect does not show Created time for networks in swarm scope moby/moby#36095open_in_new