Skip to content

Update dependency moby/moby to v24

George Koltsov requested to merge renovate/major-dockerfile into main

This MR contains the following updates:

Package Update Change
moby/moby major v23.0.1 -> v24.0.5

Release Notes

moby/moby (moby/moby)

v24.0.5

Compare Source

24.0.5

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements
  • The Go client now avoids using UNIX socket paths in the HTTP Host: header, in order to be compatible with changes introduced in go1.20.6. moby/moby#45962, moby/moby#45990
  • containerd storage backend: Fix Variant not being included in docker image inspect and GET /images/{name}/json. moby/moby#46025
  • containerd storage backend: Prevent potential garbage collection of content during image export. moby/moby#46021
  • containerd storage backend: Prevent duplicate digest entries in RepoDigests. moby/moby#46014
  • containerd storage backend: Fix operations taking place against the incorrect tag when working with an image referenced by tag and digest. moby/moby#46013
  • containerd storage backend: Fix a panic caused by EXPOSE when building containers with the legacy builder. moby/moby#45921
  • Fix a regression causing unintuitive errors to be returned when attempting to create an overlay network on a non-Swarm node. moby/moby#45974
  • Properly report errors parsing volume specifications from the command line. docker/cli#4423
  • Fix a panic caused when auths: null is found in the CLI config file. docker/cli#4450
Packaging updates

v24.0.4

Compare Source

24.0.4

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements
  • Fix a regression introduced during 24.0.3 that causes a panic during live-restore of containers with bind mounts. moby/moby#45903

v24.0.3

Compare Source

24.0.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements
  • containerd image store: Fix an issue where multi-platform images that did not include a manifest for the default platform could not be interacted with. moby/moby#45849
  • containerd image store: Fix specious attempts to cache FROM scratch in container builds. moby/moby#45822
  • containerd image store: Fix docker cp with snapshotters that cannot mount the same content multiple times. moby/moby#45780, moby/moby#45786
  • containerd image store: Fix builds with type=image not being correctly unpacked/stored. moby/moby#45692
  • containerd image store: Fix incorrectly attempting to unpack pseudo-images (including attestations) in docker load. moby/moby#45688
  • containerd image store: Correctly set the user agent, and include additional information like the snapshotter when interacting with registries. moby/moby#45671, moby/moby#45684
  • containerd image store: Fix a failure to unpack already-pulled content after switching between snapshotters. moby/moby#45678
  • containerd image store: Fix images that have been re-tagged or with all tags removed being pruned while still in use. moby/moby#45857
  • Fix a Swarm CSI issue where the Topology field was not propagated into NodeCSIInfo. moby/moby#45810
  • Fix failures to add new Swarm managers caused by a very large raft log. moby/moby#45703, moby/swarmkit#3122, moby/swarmkit#3128
  • name_to_handle_at(2) is now always allowed in the default seccomp profile. moby/moby#45833
  • Fix an issue that prevented encrypted Swarm overlay networks from working on ports other than the default (4789). moby/moby#45637
  • Fix a failure to restore mount reference-counts during live-restore. moby/moby#45824
  • Fix various networking-related failures during live-restore. moby/moby#45658, moby/moby#45659
  • Fix running containers restoring with a zero (successful) exit status when the daemon is unexpectedly terminated. moby/moby#45801
  • Fix a potential panic while executing healthcheck probes. moby/moby#45798
  • Fix a panic caused by a race condition in container exec start. moby/moby#45794
  • Fix an exception caused by attaching a terminal to an exec with a non-existant command. moby/moby#45643
  • Fix host-gateway with BuildKit by passing the IP as a label (also requires docker/buildx#1894). moby/moby#45790
  • Fix an issue where POST /containers/{id}/stop would forcefully terminate the container when the request was canceled, instead of waiting until the specified timeout for a 'graceful' stop. moby/moby#45774
  • Fix an issue where docker cp -a from the root (/) directory would fail. moby/moby#45748
  • Improve compatibility with non-runc container runtimes by more correctly setting resource constraint parameters in the OCI config. moby/moby#45746
  • Fix an issue caused by overlapping subuid/subgid ranges in certain configurations (e.g. LDAP) in rootless mode. moby/moby#45747, rootless-containers/rootlesskit#369
  • Greatly reduce CPU and memory usage while populating the Debug section of GET /info. moby/moby#45856
  • Fix an issue where debug information was not correctly printed during docker info when only the client is in debug mode. docker/cli#4393
  • Fix issues related to hung connections when connecting to hosts over a SSH connection. docker/cli#4395
Packaging updates

v24.0.2

Compare Source

24.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements
  • Fix a panic during build when referencing locally tagged images. moby/buildkit#3899, moby/moby#45582
  • Fix builds potentially failing with exit code: 4294967295 when performing many concurrent build stages. moby/moby#45620
  • Fix DNS resolution on Windows ignoring etc/hosts (%WINDIR%\System32\Drivers\etc\hosts), including resolution of localhost. moby/moby#45562
  • Apply a workaround for a containerd bug that causes concurrent docker exec commands to take significantly longer than expected. moby/moby#45625
  • containerd image store: Fix an issue where the image Created field would contain an incorrect value. moby/moby#45623
  • containerd image store: Adjust the output of image pull progress so that the output has the same format regardless of whether the containerd image store is enabled. moby/moby#45602
  • containerd image store: Switching between the default and containerd image store now requires a daemon restart. moby/moby#45616

v24.0.1

Compare Source

24.0.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Removed
  • Remove CLI completions for storage drivers removed in the 24.0 major release. docker/cli#4302
Bug fixes and enhancements
  • Fix an issue where DNS query NXDOMAIN replies from external servers were forwarded to the client as SERVFAIL. moby/moby#45573
  • Fix an issue where docker pull --platform would report No such image regarding another tag pointing to the same image. moby/moby#45562
  • Fix an issue where insecure registry configuration would be forgotten during config reload. moby/moby#45571
  • containerd image store: Fix an issue where images which have no layers would not be listed in docker images -a moby/moby#45588
  • API: Fix an issue where GET /images/{id}/json would return null instead of empty RepoTags and RepoDigests. moby/moby#45564
  • API: Fix an issue where POST /commit did not accept an empty request body. moby/moby#45568
Packaging updates

v24.0.0

Compare Source

24.0.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

New
  • Introduce experimental support for containerd as the content store (replacing the existing storage drivers). moby/moby#43735, other moby/moby pull requests
  • The --host CLI flag now supports a path component in a ssh:// host address, allowing use of an alternate socket path without configuration on the remote host. docker/cli#4073
  • The docker info CLI command now reports a version and platform field. docker/cli#4180
  • Introduce the daemon flag --default-network-opt to configure options for newly created networks. moby/moby#43197
  • Restrict access to AF_VSOCK in the socket(2) family of syscalls in the default seccomp profile. moby/moby#44562
  • Introduce support for setting OCI runtime annotations on containers. docker/cli#45025, moby/moby#45025
  • Alternative runtimes can now be configured in daemon.json, enabling runtime names to be aliased and options to be passed. moby/moby#45032
  • The docker-init binary will now be discovered in FHS-compliant libexec directories, in addition to the PATH. moby/moby#45198
  • API: Surface the daemon-level --no-new-privileges in GET /info. moby/moby#45320
Removed
  • docker info no longer reports IndexServiceAddress. docker/cli#4204
  • libnetwork: Remove fallback code for obsolete kernel versions. moby/moby#44684, moby/moby#44802
  • libnetwork: Remove unused code related to classic Swarm. moby/moby#44965
  • libnetwork: Remove usage of the xt_u32 kernel module from encrypted Swarm overlay networks. moby/moby#45281
  • Remove support for buildkit's deprecated buildinfo in favor of standard provenance attestations. moby/moby#45097
  • Remove the deprecated AUFS and legacy overlay storage drivers. moby/moby#45342, moby/moby#45359
  • Remove the deprecated overlay2.override_kernel_check storage driver option. moby/moby#45368
  • Remove workarounds for obsolete versions of apparmor_parser from the AppArmor profiles. moby/moby#45500
  • API: GET /images/json no longer represents empty RepoTags and RepoDigests as<none>:<none>/<none>@&#8203;<none>. Empty arrays are be returned instead on API >= 1.43. moby/moby#45068
Deprecated
  • Deprecate the --oom-score-adjust daemon option. moby/moby#45315
  • API: Deprecate the VirtualSize field in GET /images/json and GET /images/{id}/json. moby/moby#45346
Bug fixes and enhancements
  • The docker stack command no longer validates the build section of Compose files. docker/cli#4214
  • Fix lingering healthcheck processes after timeout is reached. moby/moby#43739
  • Reduce the overhead of container startup when using the overlay2 storage driver. moby/moby#44285
  • API: Handle multiple before= and since= filters in GET /images. moby/moby#44503
  • Fix numerous bugs in the embedded DNS resolver implementation used by user-defined networks. moby/moby#44664
  • Add execDuration field to the map of event attributes. moby/moby#45494
  • Swarm-level networks can now be created with the Windows internal, l2bridge, and nat drivers. moby/swarmkit#3121, moby/moby#45291
Packaging updates

v23.0.6

Compare Source

23.0.6

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements
Packaging Updates

v23.0.5

Compare Source

23.0.5

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements
  • Add the --all / -a option when pruning volumes. docker/cli#4229
  • Add --format=json for docker info. docker/cli#4320
  • Fix log loss with the AWSLogs log driver. moby/moby#45350
  • Fix a regression introduced in v23.0.4 where dockerd would refuse to start if the fixed-cidr config parameter is provided but not bip. moby/moby#45403
  • Fix a panic in libnetwork during daemon start moby/moby#45376
  • Fix "tag" event not being sent when an image is built with buildx. moby/moby#45410
Packaging Updates

v23.0.4

Compare Source

23.0.4

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements
  • Fix a performance regression in Docker CLI 23.0.0 docker/cli#4141.
  • Fix progress indicator on docker cp not functioning as intended docker/cli#4157.
  • Fix shell completion for docker compose --file docker/cli#4177.
  • Fix an error caused by incorrect handling of "default-address-pools" in daemon.json moby/moby#45246.
Packaging Updates

v23.0.3

Compare Source

23.0.3

Note

Due to an issue with CentOS 9 Stream's package repositories, packages for CentOS 9 are currently unavailable. Packages for CentOS 9 may be added later, or as part of the next (23.0.4) patch release.

Bug fixes and enhancements
  • Fixed a number of issues that can cause Swarm encrypted overlay networks to fail to uphold their guarantees, addressing CVE-2023-28841, CVE-2023-28840, and CVE-2023-28842.
    • A lack of kernel support for encrypted overlay networks now reports as an error.
    • Encrypted overlay networks are eagerly set up, rather than waiting for multiple nodes to attach.
    • Encrypted overlay networks are now usable on Red Hat Enterprise Linux 9 through the use of the xt_bpf kernel module.
    • Users of Swarm overlay networks should review GHSA-vwm3-crmr-xfxw to ensure that unintentional exposure has not occurred.
Packaging Updates

v23.0.2

Compare Source

23.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements
  • Fully resolve missing checks for apparmor_parser when an AppArmor enabled kernel is detected. containerd/containerd#8087, moby/moby#45043
  • Ensure that credentials are redacted from Git URLs when generating BuildKit buildinfo. Fixes CVE-2023-26054. moby/moby#45110
  • Fix anonymous volumes created by a VOLUME line in a Dockerfile being excluded from volume prune. moby/moby#45159
  • Fix a failure to properly propagate errors during removal of volumes on a Swarm node. moby/moby#45155
  • Temporarily work around a bug in BuildKit COPY --link by disabling mergeop/diffop optimization. moby/moby#45112
  • Properly clean up child tasks when a parent Swarm job is removed. moby/swarmkit#3112, moby/moby#45107
  • Fix Swarm service creation logic so that both a GenericResource and a non-default network can be used together. moby/swarmkit#3082, moby/moby#45107
  • Fix Swarm CSI support requiring the CSI plugin to offer staging endpoints in order to publish a volume. moby/swarmkit#3116, moby/moby#45107
  • Fix a panic caused by log buffering in some configurations. containerd/fifo#47, moby/moby#45051
  • Log errors in the REST to Swarm gRPC API translation layer at the debug level to reduce redundancy and noise. moby/moby#45016
  • Fix a DNS resolution issue affecting containers created with --dns-opt or --dns-search when systemd-resolved is used outside the container. moby/moby#45000
  • Fix a panic when logging errors in handling DNS queries originating from inside a container. moby/moby#44980
  • Improve the speed of docker ps by allowing users to opt out of size calculations with --size=false. docker/cli#4107
  • Extend support for Bash completion to all plugins. docker/cli#4092
  • Fix docker stack deploy failing on Windows when special environment variables set by cmd.exe are present. docker/cli#4083
  • Add forward compatibility for future API versions by considering empty image tags to be the same as <none>. docker/cli#4065
  • Atomically write context files to greatly reduce the probability of corruption, and improve the error message for a corrupt context. docker/cli#4063
Packaging

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Merge request reports