Moby v1.11.0 Release Notes
Release Date: 2016-04-13 // about 8 years ago-
IMPORTANT: With Docker 1.11, a Linux docker installation is now made of 4 binaries (
docker
,docker-containerd
,docker-containerd-shim
anddocker-runc
). If you have scripts relying on docker being a single static binaries, please make sure to update them. Interaction with the daemon stay the same otherwise, the usage of the other binaries should be transparent. A Windows docker installation remains a single binary,docker.exe
.๐ Builder
- ๐ Fix a bug where Docker would not use the correct uid/gid when processing the
WORKDIR
command (#21033) - ๐ Fix a bug where copy operations with userns would not use the proper uid/gid (#20782, #21162)
Client
- ๐ Usage of the
:
separator for security option has been deprecated.=
should be used instead (#21232) - ๐ The client user agent is now passed to the registry on
pull
,build
,push
,login
andsearch
operations (#21306, #21373) - ๐ Allow setting the Domainname and Hostname separately through the API (#20200)
- ๐ณ Docker info will now warn users if it can not detect the kernel version or the operating system (#21128)
- ๐ Fix an issue where
docker stats --no-stream
output could be all 0s (#20803) - ๐ Fix a bug where some newly started container would not appear in a running
docker stats
command (#20792) - ๐ง Post processing is no longer enabled for linux-cgo terminals (#20587)
- ๐ณ Values to
--hostname
are now refused if they do not comply with RFC1123 (#20566) - ๐ณ Docker learned how to use a SOCKS proxy (#20366, #18373)
- ๐ณ Docker now supports external credential stores (#20107)
- ๐ณ
docker ps
now supports displaying the list of volumes mounted inside a container (#20017) - ๐ณ
docker info
now also reports Docker's root directory location (#19986) - ๐ณ Docker now prohibits login in with an empty username (spaces are trimmed) (#19806)
- ๐ณ Docker events attributes are now sorted by key (#19761)
- ๐ณ
docker ps
no longer shows exported port for stopped containers (#19483) - ๐ณ Docker now cleans after itself if a save/export command fails (#17849)
- ๐ณ Docker load learned how to display a progress bar (#17329, #120078)
Distribution
- ๐ Fix a panic that occurred when pulling an image with 0 layers (#21222)
- ๐ Fix a panic that could occur on error while pushing to a registry with a misconfigured token service (#21212)
- ๐ณ All first-level delegation roles are now signed when doing a trusted push (#21046)
- ๐ณ OAuth support for registries was added (#20970)
- ๐ณ
docker login
now handles token using the implementation found in docker/distribution (#20832) - ๐ณ
docker login
will no longer prompt for an email (#20565) - ๐ณ Docker will now fallback to registry V1 if no basic auth credentials are available (#20241)
- ๐ณ Docker will now try to resume layer download where it left off after a network error/timeout (#19840)
- ๐ Fix generated manifest mediaType when pushing cross-repository (#19509)
- ๐ Fix docker requesting additional push credentials when pulling an image if Content Trust is enabled (#20382)
๐ฒ Logging
- ๐ Fix a race in the journald log driver (#21311)
- ๐ณ Docker syslog driver now uses the RFC-5424 format when emitting logs (#20121)
- ๐ณ Docker GELF log driver now allows to specify the compression algorithm and level via the
gelf-compression-type
andgelf-compression-level
options (#19831) - ๐ณ Docker daemon learned to output uncolorized logs via the
--raw-logs
options (#19794) - ๐ Docker, on Windows platform, now includes an ETW (Event Tracing in Windows) logging driver named
etwlogs
(#19689) - ๐ณ Journald log driver learned how to handle tags (#19564)
- ๐ณ The fluentd log driver learned the following options:
fluentd-address
,fluentd-buffer-limit
,fluentd-retry-wait
,fluentd-max-retries
andfluentd-async-connect
(#19439) - ๐ณ Docker learned to send log to Google Cloud via the new
gcplogs
logging driver. (#18766)
Misc
- ๐ณ When saving linked images together with
docker save
a subsequentdocker load
will correctly restore their parent/child relationship (#21385) - ๐ Support for building the Docker cli for OpenBSD was added (#21325)
- ๐ณ Labels can now be applied at network, volume and image creation (#21270)
- ๐ณ The
dockremap
is now created as a system user (#21266) - ๐ Fix a few response body leaks (#21258)
- ๐ณ Docker, when run as a service with systemd, will now properly manage its processes cgroups (#20633)
- ๐ณ
docker info
now reports the value of cgroup KernelMemory or emits a warning if it is not supported (#20863) - ๐ณ
docker info
now also reports the cgroup driver in use (#20388) - ๐ณ Docker completion is now available on PowerShell (#19894)
- ๐ณ
dockerinit
is no more (#19490,#19851) - ๐ Support for building Docker on arm64 was added (#19013)
- ๐ Experimental support for building docker.exe in a native Windows Docker installation (#18348)
Networking
- ๐ Fix panic if a node is forcibly removed from the cluster (#21671)
- ๐ Fix "error creating vxlan interface" when starting a container in a Swarm cluster (#21671)
- ๐ณ
docker network inspect
will now report all endpoints whether they have an active container or not (#21160) - ๐ณ Experimental support for the MacVlan and IPVlan network drivers has been added (#21122)
- ๐ณ Output of
docker network ls
is now sorted by network name (#20383) - ๐ Fix a bug where Docker would allow a network to be created with the reserved
default
name (#19431) - ๐ณ
docker network inspect
returns whether a network is internal or not (#19357) - ๐ณ Control IPv6 via explicit option when creating a network (
docker network create --ipv6
). This shows up as a newEnableIPv6
field indocker network inspect
(#17513) - ๐ Support for AAAA Records (aka IPv6 Service Discovery) in embedded DNS Server (#21396)
- ๐ Fix to not forward docker domain IPv6 queries to external servers (#21396)
- ๐ณ Multiple A/AAAA records from embedded DNS Server for DNS Round robin (#21019)
- ๐ Fix endpoint count inconsistency after an ungraceful dameon restart (#21261)
- ๐ณ Move the ownership of exposed ports and port-mapping options from Endpoint to Sandbox (#21019)
- ๐ Fixed a bug which prevents docker reload when host is configured with ipv6.disable=1 (#21019)
- โ Added inbuilt nil IPAM driver (#21019)
- ๐ Fixed bug in iptables.Exists() logic #21019
- ๐ Fixed a Veth interface leak when using overlay network (#21019)
- ๐ Fixed a bug which prevents docker reload after a network delete during shutdown (#20214)
- ๐ณ Make sure iptables chains are recreated on firewalld reload (#20419)
- ๐ Allow to pass global datastore during config reload (#20419)
- ๐ณ For anonymous containers use the alias name for IP to name mapping, ie:DNS PTR record (#21019)
- ๐ Fix a panic when deleting an entry from /etc/hosts file (#21019)
- ๐ณ Source the forwarded DNS queries from the container net namespace (#21019)
- ๐ Fix to retain the network internal mode config for bridge networks on daemon reload (#21780)
- ๐ Fix to retain IPAM driver option configs on daemon reload (#21914)
๐ Plugins
- ๐ Fix a file descriptor leak that would occur every time plugins were enumerated (#20686)
- ๐ Fix an issue where Authz plugin would corrupt the payload body when faced with a large amount of data (#20602)
โ Runtime
- ๐ Fix a panic that could occur when cleanup after a container started with invalid parameters (#21716)
- ๐ Fix a race with event timers stopping early (#21692)
- ๐ Fix race conditions in the layer store, potentially corrupting the map and crashing the process (#21677)
- ๐ณ Un-deprecate auto-creation of host directories for mounts. This feature was marked deprecated in (#21666) Docker 1.9, but was decided to be too much of a backward-incompatible change, so it was decided to keep the feature.
- ๐ณ It is now possible for containers to share the NET and IPC namespaces when
userns
is enabled (#21383) - ๐ณ
docker inspect <image-id>
will now expose the rootfs layers (#21370) - ๐ Docker Windows gained a minimal
top
implementation (#21354) - ๐ณ Docker learned to report the faulty exe when a container cannot be started due to its condition (#21345)
- ๐ณ Docker with device mapper will now refuse to run if
udev sync
is not available (#21097) - ๐ Fix a bug where Docker would not validate the config file upon configuration reload (#21089)
- ๐ Fix a hang that would happen on attach if initial start was to fail (#21048)
- ๐ Fix an issue where registry service options in the daemon configuration file were not properly taken into account (#21045)
- ๐ Fix a race between the exec and resize operations (#21022)
- ๐ Fix an issue where nanoseconds were not correctly taken in account when filtering Docker events (#21013)
- ๐ Fix the handling of Docker command when passed a 64 bytes id (#21002)
- ๐ณ Docker will now return a
204
(i.e http.StatusNoContent) code when it successfully deleted a network (#20977) - ๐ Fix a bug where the daemon would wait indefinitely in case the process it was about to killed had already exited on its own (#20967
- ๐ The devmapper driver learned the
dm.min_free_space
option. If the mapped device free space reaches the passed value, new device creation will be prohibited. (#20786) - ๐ Docker can now prevent processes in container to gain new privileges via the
--security-opt=no-new-privileges
flag (#20727) - ๐ณ Starting a container with the
--device
option will now correctly resolves symlinks (#20684) - ๐ณ Docker now relies on
containerd
andrunc
to spawn containers. (#20662) - ๐ Fix docker configuration reloading to only alter value present in the given config file (#20604)
- ๐ณ Docker now allows setting a container hostname via the
--hostname
flag when--net=host
(#20177) - ๐ณ Docker now allows executing privileged container while running with
--userns-remap
if both--privileged
and the new--userns=host
flag are specified (#20111) - ๐ Fix Docker not cleaning up correctly old containers upon restarting after a crash (#19679)
- ๐ณ Docker will now error out if it doesn't recognize a configuration key within the config file (#19517)
- ๐ Fix container loading, on daemon startup, when they depends on a plugin running within a container (#19500)
- โก๏ธ
docker update
learned how to change a container restart policy (#19116) - ๐ณ
docker inspect
now also returns a newState
field containing the container state in a human readable way (i.e. one ofcreated
,restarting
,running
,paused
,exited
ordead
)(#18966) - ๐ณ Docker learned to limit the number of active pids (i.e. processes) within the container via the
pids-limit
flags. NOTE: This requiresCGROUP_PIDS=y
to be in the kernel configuration. (#18697) - ๐ณ
docker load
now has a--quiet
option to suppress the load output (#20078) - ๐ Fix a bug in neighbor discovery for IPv6 peers (#20842)
- ๐ Fix a panic during cleanup if a container was started with invalid options (#21802)
- ๐ Fix a situation where a container cannot be stopped if the terminal is closed (#21840)
๐ Security
- Object with the
pcp_pmcd_t
selinux type were given management access to/var/lib/docker(/.*)?
(#21370) restart_syscall
,copy_file_range
,mlock2
joined the list of allowed calls in the default seccomp profile (#21117, #21262)- ๐ณ
send
,recv
andx32
were added to the list of allowed syscalls and arch in the default seccomp profile (#19432) - ๐ณ Docker Content Trust now requests the server to perform snapshot signing (#21046)
- ๐ Support for using YubiKeys for Content Trust signing has been moved out of experimental (#21591)
Volumes
- ๐ณ Output of
docker volume ls
is now sorted by volume name (#20389) - ๐ณ Local volumes can now accept options similar to the unix
mount
tool (#20262) - ๐ Fix an issue where one letter directory name could not be used as source for volumes (#21106)
- ๐ณ
docker run -v
now accepts a new flagnocopy
. This tells the runtime not to copy the container path content into the volume (which is the default behavior) (#21223)
- ๐ Fix a bug where Docker would not use the correct uid/gid when processing the