Docker Engine version 28 release notes
Table of contents
This page describes the latest changes, additions, known issues, and fixes for Docker Engine version 28.
For more information about:
- Deprecated and removed features, see Deprecated Engine Features.
- Changes to the Engine API, see Engine API version history.
28.0.0
2025-02-19For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 28.0.0 milestone
- moby/moby, 28.0.0 milestone
- Deprecated and removed features, see Deprecated Features.
- Changes to the Engine API, see API version history.
New
- Add ability to mount an image inside a container via
--mount type=image
. moby/moby#48798- You can also specify
--mount type=image,image-subpath=[subpath],...
option to mount a specific path from the image. docker/cli#5755
- You can also specify
docker images --tree
now shows metadata badges docker/cli#5744docker load
,docker save
, anddocker history
now support a--platform
flag allowing you to choose a specific platform for single-platform operations on multi-platform images. docker/cli#5331- Add
OOMScoreAdj
todocker service create
anddocker stack
. docker/cli#5145 docker buildx prune
now supportsreserved-space
,max-used-space
,min-free-space
andkeep-bytes
filters. moby/moby#48720- Windows: Add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. moby/moby#47955
Networking
- The
docker-proxy
binary has been updated, older versions will not work with the updateddockerd
. moby/moby#48132- Close a window in which the userland proxy (
docker-proxy
) could accept TCP connections, that would then fail afteriptables
NAT rules were set up. - The executable
rootlesskit-docker-proxy
is no longer used, it has been removed from the build and distribution.
- Close a window in which the userland proxy (
- DNS nameservers read from the host's
/etc/resolv.conf
are now always accessed from the host's network namespace. moby/moby#48290- When the host's
/etc/resolv.conf
contains no nameservers and there are no--dns
overrides, Google's DNS servers are no longer used, apart from by the default bridge network and in build containers.
- When the host's
- Container interfaces in bridge and macvlan networks now use randomly generated MAC addresses.
moby/moby#48808
- Gratuitous ARP / Neighbour Advertisement messages will be sent when the interfaces are started so that, when IP addresses are reused, they're associated with the newly generated MAC address.
- IPv6 addresses in the default bridge network are now IPAM-assigned, rather than being derived from the MAC address.
- The deprecated OCI
prestart
hook is now only used by build containers. For other containers, network interfaces are added to the network namespace after task creation is complete, before the container task is started. moby/moby#47406 - Add a new
gw-priority
option todocker run
,docker container create
, anddocker network connect
. This option will be used by the Engine to determine which network provides the default gateway for a container. Ondocker run
, this option is only available through the extended--network
syntax. docker/cli#5664 - Add a new netlabel
com.docker.network.endpoint.ifname
to customize the interface name used when connecting a container to a network. It's supported by all built-in network drivers on Linux. moby/moby#49155- When a container is created with multiple networks specified, there's no guarantee on the order networks will be connected to the container. So, if a custom interface name uses the same prefix as the auto-generated names, for example
eth
, the container might fail to start. - The recommended practice is to use a different prefix, for example
en0
, or a numerical suffix high enough to never collide, for exampleeth100
. - This label can be specified on
docker network connect
via the--driver-opt
flag, for exampledocker network connect --driver-opt=com.docker.network.endpoint.ifname=foobar …
. - Or via the long-form
--network
flag ondocker run
, for exampledocker run --network=name=bridge,driver-opt=com.docker.network.endpoint.ifname=foobar …
- When a container is created with multiple networks specified, there's no guarantee on the order networks will be connected to the container. So, if a custom interface name uses the same prefix as the auto-generated names, for example
- If a custom network driver reports capability
GwAllocChecker
then, before a network is created, it will get aGwAllocCheckerRequest
with the network's options. The custom driver may then reply that no gateway IP address should be allocated. moby/moby#49372
Port publishing in bridge networks
dockerd
now requiresipset
support in the Linux kernel. moby/moby#48596- The
iptables
andip6tables
rules used to implement port publishing and network isolation have been extensively modified. This enables some of the following functional changes, and is a first step in refactoring to enable nativenftables
support in a future release. moby/moby#48815 - If it becomes necessary to downgrade to an earlier version of the daemon, some manual cleanup of the new rules will be necessary. The simplest and surest approach is to reboot the host, or use
iptables -F
andip6tables -F
to flush all existingiptables
rules from thefilter
table before starting the older version of the daemon. When that is not possible, run the following commands as root:iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -j DOCKER; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -j DOCKER
- If you were previously running with the iptables filter-FORWARD policy set to
ACCEPT
and need to restore access to unpublished ports, also delete per-bridge-network rules from theDOCKER
chains. For example,iptables -D DOCKER ! -i docker0 -o docker0 -j DROP
.
- The
- Fix a security issue that was allowing remote hosts to connect directly to a container on its published ports. moby/moby#49325
- Fix a security issue that was allowing neighbor hosts to connect to ports mapped on a loopback address. moby/moby#49325
- Fix an issue that prevented port publishing to link-local addresses. moby/moby#48570
- UDP ports published by a container are now reliably accessible by containers on other networks, via the host's public IP address. moby/moby#48571
- Docker will now only set the
ip6tables
policy for theFORWARD
chain in thefilter
table toDROP
if it enables IP forwarding on the host itself (sysctlsnet.ipv6.conf.all.forwarding
andnet.ipv6.conf.default.forwarding
). This is now aligned with existing IPv4 behaviour. moby/moby#48594- If IPv6 forwarding is enabled on your host, but you were depending on Docker to set the ip6tables filter-FORWARD policy to
DROP
, you may need to update your host's configuration to make sure it is secure.
- If IPv6 forwarding is enabled on your host, but you were depending on Docker to set the ip6tables filter-FORWARD policy to
- Direct routed access to container ports that are not exposed using
p
/-publish
is now blocked in theDOCKER
iptables chain. moby/moby#48724- If the default iptables filter-FORWARD policy was previously left at
ACCEPT
on your host, and direct routed access to a container's unpublished ports from a remote host is still required, options are:- Publish the ports you need.
- Use the new
gateway_mode_ipv[46]=nat-unprotected
, described below.
- Container ports published to host addresses will continue to be accessible via those host addresses, using NAT or the userland proxy.
- Unpublished container ports continue to be directly accessible from the Docker host via the container's IP address.
- If the default iptables filter-FORWARD policy was previously left at
- Networks created with
gateway_mode_ipv[46]=routed
are now accessible from other bridge networks running on the same Docker host, as well as from outside the host. moby/moby#48596 - Bridge driver options
com.docker.network.bridge.gateway_mode_ipv4
andcom.docker.network.bridge.gateway_mode_ipv6
now accept modenat-unprotected
. moby/moby#48597nat-unprotected
is similar to the defaultnat
mode, but no per port/protocol rules are set up. This means any port on a container can be accessed by direct-routing from a remote host.
- Bridge driver options
com.docker.network.bridge.gateway_mode_ipv4
andcom.docker.network.bridge.gateway_mode_ipv6
now accept modeisolated
, when the network is alsointernal
. moby/moby#49262- An address is normally assigned to the bridge device in an
internal
network. So, processes on the Docker host can access the network, and containers in the network can access host services listening on that bridge address (including services listening on "any" host address,0.0.0.0
or::
). - An
internal
bridge network created with gateway modeisolated
does not have an address on the Docker host.
- An address is normally assigned to the bridge device in an
- When a port mapping includes a host IP address or port number that cannot be used because NAT from the host is disabled using
--gateway_mode_ipv[46]
, container creation will no longer fail. The unused fields may be needed if the gateway endpoint changes when networks are connected or disconnected. A message about the unused fields will be logged. moby/moby#48575 - Do not create iptables nat-POSTROUTING masquerade rules for a container's own published ports, when the userland proxy is enabled. moby/moby#48854
IPv6
- Add
docker network create
option--ipv4
. To disable IPv4 address assignment for a network, usedocker network create --ipv4=false [...]
. docker/cli#5599 - Daemon option
--ipv6
("ipv6": true
indaemon.json
) can now be used withoutfixed-cidr-v6
. moby/moby#48319 - IPAM now handles subnets bigger than "/64". moby/moby#49223
- Duplicate address detection (DAD) is now disabled for addresses assigned to the bridges belonging to bridge networks. moby/moby#48609
- Modifications to
host-gateway
, for compatibility with IPv6-only networks. moby/moby#48807- When special value
host-gateway
is used in an--add-host
option in place of an address, it's replaced by an address on the Docker host to make it possible to refer to the host by name. The address used belongs to the default bridge (normallydocker0
). Until now it's always been an IPv4 address, because all containers on bridge networks had IPv4 addresses. - Now, if IPv6 is enabled on the default bridge network,
/etc/hosts
entries will be created for IPv4 and IPv6 addresses. So, a container that's only connected to IPv6-only networks can access the host by name. - The
--host-gateway-ip
option overrides the address used to replacehost-gateway
. Two of these options are now allowed on the command line, for one IPv4 gateway and one IPv6. - In the
daemon.json
file, to provide two addresses, use"host-gateway-ips"
. For example,"host-gateway-ips": ["192.0.2.1", "2001:db8::1111"]
.
- When special value
Bug fixes and enhancements
- Add IPv6 loopback address as an insecure registry by default. moby/moby#48540
- Add support for Cobra-generated completion scripts for
dockerd
. moby/moby#49339 - Fix DNS queries failing when containers are launched via
systemd
auto-start on boot moby/moby#48812 - Fix Docker Swarm mode ignoring
volume.subpath
docker/cli#5833 - Fix
docker export
continuing the export after the operation is canceled. moby/moby#49265 - Fix
docker export
not releasing the container's writable layer after a failure. moby/moby#48517 - Fix
docker images --tree
unnecessary truncating long image names when multiple names are available docker/cli#5757 - Fix a bug where a container with a name matching another container's ID is not restored on daemon startup. moby/moby#48669
- Fix an issue preventing some IPv6 addresses shown by
docker ps
to be properly bracketed docker/cli#5468 - Fix bug preventing image pulls from being cancelled during
docker run
. docker/cli#5645 - Fix error-handling when running the daemon as a Windows service to prevent unclean exits. moby/moby#48518
- Fix issue causing output of
docker run
to be inconsistent when using--attach stdout
or--attach stderr
versusstdin
.docker run --attach stdin
now exits if the container exits. docker/cli#5662 - Fix rootless Docker setup with
subid
backed by NSS modules. moby/moby#49036 - Generated completion scripts from the CLI now show descriptions next to each command/flag suggestion. docker/cli#5756
- IPv6 addresses shown by
docker ps
in port bindings are now bracketed docker/cli#5363 - Implement the ports validation method for Compose docker/cli#5524
- Improve error-output for invalid flags on the command line. docker/cli#5233
- Improve errors when failing to start a container using anther container's network namespace. moby/moby#49367
- Improve handling of invalid API errors that could result in an empty error message being shown. moby/moby#49373
- Improve output and consistency for unknown (sub)commands and invalid arguments docker/cli#5234
- Improve validation of
exec-opts
in daemon configuration. moby/moby#48979 - Update the handling of the
--gpus=0
flag to be consistent with the NVIDIA Container Runtime. moby/moby#48482 client.ContainerCreate
now normalizesCapAdd
andCapDrop
fields inHostConfig
to their canonical form. moby/moby#48551docker image save
now produces stable timestamps. moby/moby#48611docker inspect
now lets you inspect Swarm configs docker/cli#5573- containerd image store: Add support for
Extracting
layer status indocker pull
. moby/moby#49064 - containerd image store: Fix
commit
,import
, andbuild
not preserving a replaced image as a dangling image. moby/moby#48316 - containerd image store: Make
docker load --platform
return an error when the requested platform isn't loaded. moby/moby#48718 - Fix validation of
--link
option. docker/cli#5739 - Add validation of network-diagnostic-port daemon configuration option. moby/moby#49305
- Unless explicitly configured, an IP address is no longer reserved for a gateway in cases where it is not required. Namely, “internal” bridge networks with option
com.docker.network.bridge.inhibit_ipv4
,ipvlan
ormacvlan
networks with no parent interface, and L3 IPvlan modes. moby/moby#49261 - If a custom network driver reports capability
GwAllocChecker
then, before a network is created, it will get aGwAllocCheckerRequest
with the network's options. The custom driver may then reply that no gateway IP address should be allocated. moby/moby#49372 - Fixed an issue that meant a container could not be attached to an L3 IPvlan at the same time as other network types. moby/moby#49130
- Remove the correct
/etc/hosts
entries when disconnecting a container from a network. moby/moby#48857 - Fix duplicate network disconnect events. moby/moby#48800
- Resolve issues related to changing
fixed-cidr
fordocker0
, and inferring configuration from a user-managed default bridge (--bridge
). moby/moby#48319 - Remove feature flag
windows-dns-proxy
, introduced in release 26.1.0 to control forwarding to external DNS resolvers from Windows containers, to makenslookup
work. It was enabled by default in release 27.0.0. moby/moby#48738 - Remove an
iptables
mangle rule for checksumming SCTP. The rule can be re-enabled by settingDOCKER_IPTABLES_SCTP_CHECKSUM=1
in the daemon's environment. This override will be removed in a future release. moby/moby#48149 - Faster connection to bridge networks, in most cases. moby/moby#49302
Packaging updates
- Update Go runtime to 1.23.6. docker/cli#5795, moby/moby#49393, docker/docker-ce-packaging#1161
- Update
runc
to v1.2.5 (static binaries only). moby/moby#49464 - Update containerd to v1.7.25. moby/moby#49252
- Update BuildKit to v0.20.0. moby/moby#49495
- Update Buildx to v0.21.0. docker/docker-ce-packaging#1166
- Update Compose to v2.32.4. docker/docker-ce-packaging#1143
- The canonical source for the
dockerd(8)
man page has been moved back to themoby/moby
repository itself. moby/moby#48298
Go SDK
- Improve validation of empty object IDs. The client now returns an "Invalid Parameter" error when trying to use an empty ID or name. This changes the error returned by some "Inspect" functions from a "Not found" error to an "Invalid Parameter". moby/moby#49381
Client.ImageBuild()
now omits default values from the API request's query string. moby/moby#48651api/types/container
: MergeStats
andStatsResponse
moby/moby#49287client.WithVersion
: Strip v-prefix when setting API version moby/moby#49352client
: AddWithTraceOptions
allowing to specify custom OTe1 trace options. moby/moby#49415client
: AddHijackDialer
interface. moby/moby#49388client
: AddSwarmManagementAPIClient
interface to describe all API client methods related to Swarm-specific objects. moby/moby#49388client
: AddWithTraceOptions
allowing to specify custom OTel trace options. moby/moby#49415client
:ImageHistory
,ImageLoad
andImageSave
now use variadic functional options moby/moby#49466pkg/containerfs
: Move to internal moby/moby#48097pkg/reexec
: Can now be used on platforms other than Linux, Windows, macOS and FreeBSD moby/moby#49118api/types/container
: introduceCommitResponse
type. This is currently an alias forIDResponse
, but may become a distinct type in a future release. moby/moby#49444api/types/container
: introduceExecCreateResponse
type. This is currently an alias forIDResponse
, but may become a distinct type in a future release. moby/moby#49444
API
- Update API version to v1.48 moby/moby#48476
GET /images/{name}/json
response now returns theManifests
field containing information about the sub-manifests contained in the image index. This includes things like platform-specific manifests and build attestations. moby/moby#48264POST /containers/create
now supportsMount
of typeimage
for mounting an image inside a container. moby/moby#48798GET /images/{name}/history
now supports aplatform
parameter (JSON encoded OCI Platform type) that lets you specify a platform to show the history of. moby/moby#48295POST /images/{name}/load
andGET /images/{name}/get
now supports aplatform
parameter (JSON encoded OCI Platform type) that lets you specify a platform to load/save. Not passing this parameter results in loading/saving the full multi-platform image. moby/moby#48295- Improve errors for invalid width/height on container resize and exec resize moby/moby#48679
- The
POST /containers/create
endpoint now includes a warning in the response when setting the container-wideVolumeDriver
option in combination with volumes defined throughMounts
because theVolumeDriver
option has no effect on those volumes. This warning was previously generated by the CLI. moby/moby#48789 - containerd image store:
GET /images/json
andGET /images/{name}/json
responses now includesDescriptor
field, which contains an OCI descriptor of the image target. The new field is only populated if the daemon provides a multi-platform image store. moby/moby#48894 - containerd image store:
GET /containers/{name}/json
now returns anImageManifestDescriptor
field containing the OCI descriptor of the platform-specific image manifest of the image that was used to create the container. moby/moby#48855 - Add debug endpoints (
GET /debug/vars
,GET /debug/pprof/
,GET /debug/pprof/cmdline
,GET /debug/pprof/profile
,GET /debug/pprof/symbol
,GET /debug/pprof/trace
,GET /debug/pprof/{name}
) are now also accessible through the versioned-API paths (/v<API-version>/<endpoint>
). moby/moby#49051 - Fix API returning a
500
status code instead of400
for validation errors. moby/moby#49217 - Fix status codes for archive endpoints
HEAD /containers/{name:.*}/archive
,GET /containers/{name:.*}/archive
,PUT /containers/{name:.*}/archive
returning a500
status instead of a400
status. moby/moby#49219 POST /containers/create
now accepts awritable-cgroups=true
option inHostConfig.SecurityOpt
to mount the container's cgroups writable. This provides a more granular approach thanHostConfig.Privileged
. moby/moby#48828POST /build/prune
renameskeep-bytes
toreserved-space
and now supports additional prune parametersmax-used-space
andmin-free-space
. moby/moby#48720POST /networks/create
now has anEnableIPv4
field. Setting it tofalse
disables IPv4 IPAM for the network. moby/moby#48271GET /networks/{id}
now returns anEnableIPv4
field showing whether the network has IPv4 IPAM enabled. moby/moby#48271- User-defined bridge networks require either IPv4 or IPv6 address assignment to be enabled. IPv4 cannot be disabled for the default bridge network (
docker0
). moby/moby#48323 macvlan
andipvlan
networks can be created with address assignment disabled for IPv4, IPv6, or both address families. moby/moby#48299- IPv4 cannot be disabled for Windows or Swarm networks. moby/moby#48278
- Add a way to specify which network should provide the default gateway for a container.
moby/moby#48936
POST /networks/{id}/connect
andPOST /containers/create
now accept aGwPriority
field inEndpointsConfig
. This value is used to determine which network endpoint provides the default gateway for the container. The endpoint with the highest priority is selected. If multiple endpoints have the same priority, endpoints are sorted lexicographically by their network name, and the one that sorts first is picked. moby/moby#48746GET /containers/json
now returns aGwPriority
field inNetworkSettings
for each network endpoint. TheGwPriority
field is used by the CLI’s newgw-priority
option fordocker run
anddocker network connect
. moby/moby#48746
- Settings for
eth0
in--sysctl
options are no longer automatically migrated to the network endpoint. moby/moby#48746- For example, in the Docker CLI,
docker run --network mynet --sysctl net.ipv4.conf.eth0.log_martians=1 ...
is rejected. Instead, you must usedocker run --network name=mynet,driver-opt=com.docker.network.endpoint.sysctls=net.ipv4.conf.IFNAME.log_martians=1 ...
- For example, in the Docker CLI,
GET /containers/json
now returns anImageManifestDescriptor
field matching the same field in/containers/{name}/json
. This field is only populated if the daemon provides a multi-platform image store. moby/moby#49407
Removed
- The Fluent logger option
fluentd-async-connect
has been deprecated in v20.10 and is now removed. moby/moby#46114 - The
--time
option ondocker stop
anddocker restart
is deprecated and renamed to--timeout
. docker/cli#5485 - Go-SDK:
pkg/ioutils
: RemoveNewReaderErrWrapper
as it was never used. moby/moby#49258 - Go-SDK:
pkg/ioutils
: Remove deprecatedBytesPipe
,NewBytesPipe
,ErrClosed
,WriteCounter
,NewWriteCounter
,NewReaderErrWrapper
,NopFlusher
. moby/moby#49245 - Go-SDK:
pkg/ioutils
: Remove deprecatedNopWriter
andNopWriteCloser
. moby/moby#49256 - Go-SDK:
pkg/sysinfo
: Remove deprecated NumCPU. moby/moby#49242 - Go-SDK: Remove
pkg/broadcaster
, as it was only used internally moby/moby#49172 - Go-SDK: Remove deprecated
cli.Errors
type docker/cli#5549 - Remove
pkg/ioutils.ReadCloserWrapper
, as it was only used in tests. moby/moby#49237 - Remove deprecated
api-cors-header
config parameter and thedockerd
--api-cors-header
option moby/moby#48209 - Remove deprecated
APIEndpoint.Version
field,APIVersion
type, andAPIVersion1
andAPIVersion2
consts. moby/moby#49004 - Remove deprecated
api-cors-header
config parameter and the Docker daemon's--api-cors-header
option. docker/cli#5437 - Remove deprecated
pkg/directory
package moby/moby#48779 - Remove deprecated
pkg/dmsg.Dmesg()
moby/moby#48109 - Remove deprecated image/spec package, which was moved to a separate module (
github.com/moby/docker-image-spec
) moby/moby#48460 - Remove migration code and errors for the deprecated
logentries
logging driver. moby/moby#48891 - Remove support for deprecated external graph-driver plugins. moby/moby#48072
api/types
: Remove deprecatedcontainer.ContainerNode
andContainerJSONBase.Node
field. moby/moby#48107api/types
: Remove deprecated aliases:ImagesPruneReport
,VolumesPruneReport
,NetworkCreateRequest
,NetworkCreate
,NetworkListOptions
,NetworkCreateResponse
,NetworkInspectOptions
,NetworkConnect
,NetworkDisconnect
,EndpointResource
,NetworkResource
,NetworksPruneReport
,ExecConfig
,ExecStartCheck
,ContainerExecInspect
,ContainersPruneReport
,ContainerPathStat
,CopyToContainerOptions
,ContainerStats
,ImageSearchOptions
,ImageImportSource
,ImageLoadResponse
,ContainerNode
. moby/moby#48107libnetwork/iptables
: Remove deprecatedIPV
,Iptables
,IP6Tables
andPassthrough()
. moby/moby#49121pkg/archive
: Remove deprecatedCanonicalTarNameForPath
,NewTempArchive
,TempArchive
moby/moby#48708pkg/fileutils
: Remove deprecatedGetTotalUsedFds
moby/moby#49210pkg/ioutils
: RemoveOnEOFReader
, which was only used internally moby/moby#49170pkg/longpath
: Remove deprecatedPrefix
constant. moby/moby#48779pkg/stringid
: Remove deprecatedIsShortID
andValidateID
functions moby/moby#48705runconfig/opts
: Remove deprecatedConvertKVStringsToMap
moby/moby#48102runconfig
: Remove deprecatedContainerConfigWrapper
,SetDefaultNetModeIfBlank
,DefaultDaemonNetworkMode
,IsPreDefinedNetwork
moby/moby#48102container
: Remove deprecatedErrNameReserved
,ErrNameNotReserved
. moby/moby#48728- Remove
Daemon.ContainerInspectCurrent()
method and changeDaemon.ContainerInspect()
signature to accept abackend.ContainerInspectOptions
struct moby/moby#48672 - Remove deprecated
Daemon.Exists()
andDaemon.IsPaused()
methods. moby/moby#48723
Deprecations
- API: The
BridgeNfIptables
andBridgeNfIp6tables
fields in theGET /info
response are now always befalse
and will be omitted in API v1.49. The netfilter module is now loaded on-demand, and no longer during daemon startup, making these fields obsolete. moby/moby#49114 - API: The
error
andprogress
fields in streaming responses for endpoints that return a JSON progress response, such asPOST /images/create
,POST /images/{name}/push
, andPOST /build
are deprecated. moby/moby#49447- Users should use the information in the
errorDetail
andprogressDetail
fields instead. - These fields were marked deprecated in API v1.4 (docker v0.6.0) and API v1.8 (docker v0.7.1) respectively, but still returned.
- These fields will be left empty or will be omitted in a future API version.
- Users should use the information in the
- Deprecate
Daemon.Register()
. This function is unused and will be removed in the next release. moby/moby#48702 - Deprecate
client.ImageInspectWithRaw
function in favor of the newclient.ImageInspect
. moby/moby#48264 - Deprecate
daemon/config.Config.ValidatePlatformConfig()
. This method was used as helper forconfig.Validate
, which should be used instead. moby/moby#48985 - Deprecate
pkg/reexec
. This package is deprecated and moved to a separate module. Usegithub.com/moby/sys/reexec
instead. moby/moby#49129 - Deprecate configuration for pushing non-distributable artifacts docker/cli#5724
- Deprecate the
--allow-nondistributable-artifacts
daemon flag and correspondingallow-nondistributable-artifacts
field indaemon.json
. Setting either option will no longer take an effect, but a deprecation warning log is added. moby/moby#49065 - Deprecate the
RegistryConfig.AllowNondistributableArtifactsCIDRs
andRegistryConfig.AllowNondistributableArtifactsHostnames
fields in theGET /info
API response. For API version v1.48 and older, the fields are still included in the response, but alwaysnull
. In API version v1.49 and later, the field will be omitted entirely. moby/moby#49065 - Go-SDK: Deprecate
registry.ServiceOptions.AllowNondistributableArtifacts
field. moby/moby#49065 - Go-SDK: The
BridgeNfIptables
,BridgeNfIp6tables
fields inapi/types/system.Info
andBridgeNFCallIPTablesDisabled
,BridgeNFCallIP6TablesDisabled
fields inpkg/sysinfo.SysInfo
are deprecated and will be removed in the next release. moby/moby#49114 - Go-SDK:
client
: DeprecateCommonAPIClient
interface in favor of theAPIClient
interface. TheCommonAPIClient
will be changed to an alias forAPIClient
in the next release, and removed in the release after. moby/moby#49388 - Go-SDK:
client
: DeprecateErrorConnectionFailed
helper. This function was only used internally, and will be removed in the next release. moby/moby#49389 - Go-SDK:
pkg/ioutils
: DeprecateNewAtomicFileWriter
,AtomicWriteFile
,AtomicWriteSet
,NewAtomicWriteSet
in favor ofpkg/atomicwriter
equivalents. moby/moby#49171 - Go-SDK:
pkg/sysinfo
: DeprecateNumCPU
. This utility has the same behavior asruntime.NumCPU
. moby/moby#49241 - Go-SDK:
pkg/system
: DeprecateMkdirAll
. This function provided custom handling for Windows GUID volume paths. Handling for such paths is now supported by Go standard library in go1.22 and newer, and this function is now an alias foros.MkdirAll
, which should be used instead. This alias will be removed in the next release. moby/moby#49162 - Go-SDK: Deprecate
pkg/parsers.ParseKeyValueOpt
. moby/moby#49177 - Go-SDK: Deprecate
pkg/parsers.ParseUintListMaximum
,pkg/parsers.ParseUintList
. These utilities were only used internally and will be removed in the next release. moby/moby#49222 - Go-SDK: Deprecate
api/type.IDResponse
in favor ofcontainer.CommitResponse
andcontainer.ExecCreateResponse
, which are currently an alias, but may become distinct types in a future release. This type will be removed in the next release. moby/moby#49446 - Go-SDK: Deprecate
api/types/container.ContainerUpdateOKBody
in favor ofUpdateResponse
. This type will be removed in the next release. moby/moby#49442 - Go-SDK: Deprecate
api/types/container.ContainerTopOKBody
in favor ofTopResponse
. This type will be removed in the next release. moby/moby#49442 - Go-SDK:
pkg/jsonmessage
: Fix deprecation ofProgressMessage
,ErrorMessage
, which were deprecated in Docker v0.6.0 and v0.7.1 respectively. moby/moby#49447 - Move
GraphDriverData
fromapi/types
toapi/types/storage
. The old type is deprecated and will be removed in the next release. moby/moby#48108 - Move
RequestPrivilegeFunc
fromapi/types
toapi/types/registry
. The old type is deprecated and will be removed in the next release. moby/moby#48119 - Move from
api/types
toapi/types/container
-NetworkSettings
,NetworkSettingsBase
,DefaultNetworkSettings
,SummaryNetworkSettings
,Health
,HealthcheckResult
,NoHealthcheck
,Starting
,Healthy
, andUnhealthy
constants,MountPoint
,Port
,ContainerState
,Container
,ContainerJSONBase
,ContainerJSON
,ContainerNode
. The old types are deprecated and will be removed in the next release. moby/moby#48108 - Move from
api/types
toapi/types/image
-ImageInspect
,RootFS
. The old types are deprecated and will be removed in the next release. moby/moby#48108 ContainerdCommit.Expected
,RuncCommit.Expected
, andInitCommit.Expected
fields in theGET /info
endpoint are deprecated and will be omitted in API v1.49. moby/moby#48478api/types/registry
: DeprecateServiceConfig.AllowNondistributableArtifactsCIDRs
andServiceConfig.AllowNondistributableArtifactsHostnames
fields. These fields will be removed in the next release. moby/moby#49065api/types/system/Commit.Expected
field is deprecated and should no longer be used. moby/moby#48478daemon/graphdriver
: DeprecateGetDriver()
moby/moby#48079libnetwork/iptables
: DeprecatePassthrough
. This function was only used internally, and will be removed in the next release. moby/moby#49115pkg/directory.Size()
function is deprecated, an will be removed in the next release. moby/moby#48057registry
: DeprecateAPIEndpoint.TrimHostName
; hostname is now trimmed unconditionally for remote names. This field will be removed in the next release. moby/moby#49005allow-nondistributable-artifacts
field indaemon.json
. Setting either option will no longer take effect, but a deprecation warning log is added to raise awareness about the deprecation. This warning is planned to become an error in the next release. moby/moby#49065