Engine August patch release notes

Signed-off-by: Adrian Plata <adrian.plata@docker.com>
2019-08-28 07:54:41 -07:00 · 2019-08-28 07:54:41 -07:00 · 160f06d085
parent 6b57b23e9a
commit 160f06d085
2 changed files with 169 additions and 19 deletions
--- a/_data/toc.yaml
+++ b/_data/toc.yaml
@ -1481,7 +1481,7 @@ manuals:
          - title: Offline installation
            path: /ee/ucp/interlock/deploy/offline-install/
          - title: Layer 7 routing upgrade
-            path: /ee/ucp/interlock/deploy/upgrade/   
+            path: /ee/ucp/interlock/deploy/upgrade/
        - sectiontitle: Configuration
          section:
          - title: Configure your deployment
@ -1503,15 +1503,15 @@ manuals:
          - title: Using context or path-based routing
            path: /ee/ucp/interlock/usage/context/
          - title: Specifying a routing mode
-            path: /ee/ucp/interlock/usage/interlock-vip-mode/ 
+            path: /ee/ucp/interlock/usage/interlock-vip-mode/
          - title: Using routing labels
-            path: /ee/ucp/interlock/usage/labels-reference/ 
+            path: /ee/ucp/interlock/usage/labels-reference/
          - title: Publishing a default host service
            path: /ee/ucp/interlock/usage/default-backend/
          - title: Specifying a routing mode
-            path: /ee/ucp/interlock/usage/interlock-vip-mode/ 
+            path: /ee/ucp/interlock/usage/interlock-vip-mode/
          - title: Using routing labels
-            path: /ee/ucp/interlock/usage/labels-reference.md/ 
+            path: /ee/ucp/interlock/usage/labels-reference.md/
          - title: Implementing redirects
            path: /ee/ucp/interlock/usage/redirects/
          - title: Implementing a service cluster
@ -1531,7 +1531,7 @@ manuals:
      - title: Deploy a Compose-based app
        path: /ee/ucp/kubernetes/deploy-with-compose/
      - title: Using Pod Security Policies
-        path: /ee/ucp/kubernetes/pod-security-policies/        
+        path: /ee/ucp/kubernetes/pod-security-policies/
      - title: Create a service account for a Kubernetes app
        path: /ee/ucp/kubernetes/create-service-account/
      - title: Install an unmanaged CNI plugin
@ -1547,7 +1547,7 @@ manuals:
        - title: Use Azure Files Storage
          path: /ee/ucp/kubernetes/storage/use-azure-files/
        - title: Use AWS EBS Storage
-          path: /ee/ucp/kubernetes/storage/configure-aws-storage/ 
+          path: /ee/ucp/kubernetes/storage/configure-aws-storage/
        - title: Configure iSCSI
          path: /ee/ucp/kubernetes/storage/use-iscsi/
        - title: Deploy a CSI plugin
@ -1555,13 +1555,13 @@ manuals:
      - sectiontitle: Cluster Ingress
        section:
        - title: Overview
-          path: /ee/ucp/kubernetes/cluster-ingress/  
+          path: /ee/ucp/kubernetes/cluster-ingress/
        - title: Install Ingress
          path: /ee/ucp/kubernetes/cluster-ingress/install/
        - title: Deploy Simple Application
          path: /ee/ucp/kubernetes/cluster-ingress/ingress/
        - title: Deploy a Canary Deployment
-          path: /ee/ucp/kubernetes/cluster-ingress/canary/     
+          path: /ee/ucp/kubernetes/cluster-ingress/canary/
        - title: Implementing Persistent (sticky) Sessions
          path: /ee/ucp/kubernetes/cluster-ingress/sticky/
    - title: API reference
@ -1758,7 +1758,7 @@ manuals:
              - title: Offline installation
                path: /datacenter/ucp/3.1/guides/interlock/deploy/offline-install/
              - title: Layer 7 routing upgrade
-                path: /datacenter/ucp/3.1/guides/interlock/deploy/upgrade/   
+                path: /datacenter/ucp/3.1/guides/interlock/deploy/upgrade/
            - sectiontitle: Configuration
              section:
              - title: Configure your deployment
@ -1780,9 +1780,9 @@ manuals:
              - title: Using context or path-based routing
                path: /datacenter/ucp/3.1/guides/interlock/usage/context/
              - title: Specifying a routing mode
-                path: /datacenter/ucp/3.1/guides/interlock/usage/interlock-vip-mode/ 
+                path: /datacenter/ucp/3.1/guides/interlock/usage/interlock-vip-mode/
              - title: Using routing labels
-                path: /datacenter/ucp/3.1/guides/interlock/usage/labels-reference/ 
+                path: /datacenter/ucp/3.1/guides/interlock/usage/labels-reference/
              - title: Implementing redirects
                path: /datacenter/ucp/3.1/guides/interlock/usage/redirects/
              - title: Implementing a service cluster
@ -1818,7 +1818,7 @@ manuals:
            - title: Use Azure Files Storage
              path: /datacenter/ucp/3.1/guides/kubernetes/storage/use-azure-files/
            - title: Use AWS EBS Storage
-              path: /datacenter/ucp/3.1/guides/kubernetes/storage/configure-aws-storage/  
+              path: /datacenter/ucp/3.1/guides/kubernetes/storage/configure-aws-storage/
        - title: API reference
          path: /datacenter/ucp/3.1/reference/api/
          nosync: true
@ -2086,7 +2086,7 @@ manuals:
            - path: /datacenter/ucp/2.2/guides/admin/configure/run-only-the-images-you-trust/
              title: Run only the images you trust
            - path: /datacenter/ucp/2.2/guides/admin/configure/use-trusted-images-for-ci/
-              title: Use trusted images for continuous integration  
+              title: Use trusted images for continuous integration
            - path: /datacenter/ucp/2.2/guides/admin/configure/scale-your-cluster/
              title: Scale your cluster
            - path: /datacenter/ucp/2.2/guides/admin/configure/set-session-timeout/
@ -3753,7 +3753,7 @@ manuals:
      title: Docker Enterprise Architecture
    - path: /ee/supported-platforms/
      title: Supported platforms
-      nosync: true  
+      nosync: true
    - path: /ee/end-to-end-install/
      title: Deploy Docker Enterprise
    - path: /ee/upgrade/
@ -3779,7 +3779,7 @@ manuals:
      - path: /ee/admin/restore/restore-ucp/
        title: Restore UCP
      - path: /ee/admin/restore/restore-dtr/
-        title: Restore DTR 
+        title: Restore DTR
      - path: /cluster/reference/restore/
        title: Restore clusters with Docker Cluster
    - sectiontitle: Disaster Recovery
@ -4102,6 +4102,8 @@ manuals:
          title: Image manifest v 2, schema 1
        - path: /registry/spec/manifest-v2-2/
          title: Image manifest v 2, schema 2
+        - path: /registry/spec/deprecated-schema-v1/
+          title: Update deprecated schema v1 images
      - sectiontitle: Registry storage drivers
        section:
        - path: /registry/storage-drivers/
@ -4133,7 +4135,7 @@ manuals:
        - path: /registry/spec/auth/token/
          title: Token authentication specification
 - path: /release-notes/
-  title: Release notes          
+  title: Release notes
 - sectiontitle: Superseded products and tools
  section:
  - path: /cs-engine/1.13/release-notes/
@ -4305,7 +4307,7 @@ manuals:
    - path: /swarm/swarm-api/
      title: Docker Swarm API
    - path: /release-notes/docker-swarm/
-      title: Docker Swarm release notes      
+      title: Docker Swarm release notes
  - sectiontitle: Docker Toolbox (legacy)
    section:
    - path: /toolbox/overview/
--- a/engine/release-notes.md
+++ b/engine/release-notes.md
@ -30,6 +30,77 @@ in which new features cannot be adopted as quickly for consistency and compatibi
 > `sudo apt install docker-ce docker-ce-cli containerd.io`. See the install instructions
 > for the corresponding linux distro for details.

+## 19.03.2
+2019-08-29
+
+### Builder
+
+* Fix `COPY --from` to non-existing directory on Windows. [moby/moby#39695](https://github.com/moby/moby/pull/39695)
+
+* Fix builder-next: metadata commands not having created time in history. [moby/moby#39456](https://github.com/moby/moby/issues/39456)
+
+* Fix builder-next: close progress on layer export error. [moby/moby#39782](https://github.com/moby/moby/pull/39782)
+
+* Update buildkit to 588c73e1e4. [moby/moby#39781](https://github.com/moby/moby/pull/39781)
+
+### Client
+
+* Fix Windows absolute path detection on non-Windows [docker/cli#1990](https://github.com/docker/cli/pull/1990)
+
+* Fix to zsh completion script for `docker login --username`.
+
+* Fix context: produce consistent output on `context create`. [docker/cli#1985](https://github.com/docker/cli/pull/1874)
+
+* Fix support for HTTP proxy env variable. [docker/cli#2059](https://github.com/docker/cli/pull/2059)
+
+### Logging
+
+* Fix for reading journald logs. [moby/moby#37819](https://github.com/moby/moby/pull/37819) [moby/moby#38859](http://github.com/moby/moby/pull/38859)
+
+### Networking
+
+* Prevent panic on network attached to a container with disabled networking. [moby/moby#39589](https://github.com/moby/moby/pull/39589)
+
+### Runtime
+
+* Bump Golang to 1.12.8.
+
+* Fix a potential engine panic when using XFS disk quota for containers. [moby/moby#39644](https://github.com/moby/moby/pull/39644)
+
+### Swarm
+
+* Fix an issue where nodes with several tasks could not be removed. [docker/swarmkit#2867](https://github.com/docker/swarmkit/pull/2867)
+
+### Known issues
+
+* In some circumstances, in large clusters, docker information might, as part of the Swarm section,
+  include the error `code = ResourceExhausted desc = grpc: received message larger than
+  max (5351376 vs. 4194304)`. This does not indicate any failure or misconfiguration by the user,
+  and requires no response.
+* Orchestrator port conflict can occur when redeploying all services as new. Due to many swarm manager
+  requests in a short amount of time, some services are not able to receive traffic and are causing a `404`
+  error after being deployed.
+     - Workaround: restart all tasks via `docker service update --force`.
+
+* Traffic cannot egress the HOST because of missing Iptables rules in the FORWARD chain
+  The missing rules are :
+     ```
+     sbin/iptables --wait -C FORWARD -o docker_gwbridge -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+     /sbin/iptables --wait -C FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+     ```
+     - Workaround: Add these rules back using a script and cron definitions. The script
+     must contain '-C' commands to check for the presence of a rule and '-A' commands to add
+     rules back. Run the script on a cron in regular intervals, for example, every <x> minutes.
+     - Affected versions: 17.06.2-ee-16, 18.09.1, 19.03.0
+* [CVE-2018-15664](https://nvd.nist.gov/vuln/detail/CVE-2018-15664) symlink-exchange attack with directory traversal. Workaround until proper fix is available in upcoming patch release: `docker pause` container before doing file operations. [moby/moby#39252](https://github.com/moby/moby/pull/39252)
+* `docker cp` regression due to CVE mitigation. An error is produced when the source of `docker cp` is set to `/`.
+* Install Docker Engine - Enterprise fails to install on RHEL on Azure. This affects any RHEL version that uses an Extended Update Support (EUS) image. At the time of this writing, known versions affected are RHEL 7.4, 7.5, and 7.6.
+
+     - Workaround options:
+         - Use an older image and don't get updates. Examples of EUS images are here: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/rhel-images#rhel-images-with-eus.
+         - Import your own RHEL images into Azure and do not rely on the Extended Update Support (EUS) RHEL images.
+         - Use a RHEL image that does not contain a minor version in the SKU. These are not attached to EUS repositories. Some examples of those are the first three images (SKUs: 7-RAW, 7-LVM, 7-RAW-CI) listed here : https://docs.microsoft.com/en-us/azure/virtual-machines/linux/rhel-images#list-of-rhel-images-available.
+
 ## 19.03.1
 2019-07-25

@ -263,6 +334,35 @@ The missing rules are :
        - Import your own RHEL images into Azure and do not rely on the Extended Update Support (EUS) RHEL images.
        - Use a RHEL image that does not contain a minor version in the SKU. These are not attached to EUS repositories. Some examples of those are the first three images (SKUs: 7-RAW, 7-LVM, 7-RAW-CI) listed here : https://docs.microsoft.com/en-us/azure/virtual-machines/linux/rhel-images#list-of-rhel-images-available.

+## 18.09.9
+2019-08-29
+
+### Client
+
+* Fix Windows absolute path detection on non-Windows. [docker/cli#1990](https://github.com/docker/cli/pull/1990)
+* Fix Docker refusing to load key from delegation.key on Windows. [docker/cli#1968](https://github.com/docker/cli/pull/1968)
+* Completion scripts updates for bash and zsh.
+
+### Logging
+
+* Fix for reading journald logs. [moby/moby#37819](https://github.com/moby/moby/pull/37819) [moby/moby#38859](https://github.com/moby/moby/pull/38859)
+
+### Networking
+
+* Prevent panic on network attached to a container with disabled networking. [moby/moby#39589](https://github.com/moby/moby/pull/39589)
+* Fix service port for an application becomes unavailable randomly. [docker/libnetwork#2069](https://github.com/docker/libnetwork/pull/2069)
+* Fix cleaning up `--config-only` networks `--config-from` networkshave ungracefully exited. [docker/libnetwork#2373](https://github.com/docker/libnetwork/pull/2373)
+
+### Runtime
+
+* Update to Go 1.11.13.
+* Fix a potential engine panic when using XFS disk quota for containers. [moby/moby#39644](https://github.com/moby/moby/pull/39644)
+
+### Swarm
+
+* Fix "grpc: received message larger than max" errors. [moby/moby#39306](https://github.com/moby/moby/pull/39306)
+* Fix an issue where nodes several tasks could not be removed. [docker/swarmkit#2867](https://github.com/docker/swarmkit/pull/2867)
+
 ## 18.09.8
 2019-07-17

@ -609,7 +709,37 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d

 ## Older Docker Engine EE Release notes

-## 18.03.1-ee-10
+## 18.03.1-ee-11
+
+2019-08-29
+
+### Runtime
+
+* Fix [CVE-2019-14271](https://nvd.nist.gov/vuln/detail/CVE-2019-14271) loading of nsswitch based config inside chroot under Glibc.
+
+* Fix a potential engine panic when using XFS disk quota for containers. [moby/moby#39644](https://github.com/mony/moby/pull/39644)
+
+* Fix overlay2 storage driver getting "device or resource busy" on mount. [moby/moby#37993](https://github.com/moby/moby/pull/37993)
+
+* Update to Go 1.11.13.
+
+### Logging
+
+* Fix for reading journald logs. [moby/moby#37819](https://github.com/moby/moby/pull/37819) [moby/moby#38859](https://github.com/moby/moby/pull/38859)
+
+### Networking
+
+* Fix cluster connectivity issue caused by high qLen in networkdb. [docker/libnetwork#2216](https://github.com/docker/libnetwork/pull/2216)
+
+* Fix possible nil pointer exception. [docker/libnetwork#2325](https://github.com/docker/libnetwork/pull/2325)
+
+* Fix service port for an application becomes unavailable randomly. [docker/libnetwork#2069](https://github.com/docker/libnetwork/pull/2069)
+
+### Swarm
+
+* Fix swarm overlay networking not working after `--force-new-cluster`. [docker/libnetwork#2307](https://github.com/docker/libnetwork/pull/2307)
+
+## .1-ee-10

 2019-07-17

@ -770,6 +900,24 @@ with directory traversal. [moby/moby#39357](https://github.com/moby/moby/pull/39
 + Support for `--chown` with `COPY` and `ADD` in `Dockerfile`.
 + Added functionality for the `docker logs` command to include the output of multiple logging drivers.

+## 17.06.2-ee-24
+2019-08-29
+
+### Runtime
+
+* Fix [CVE-2019-14271](https://nvd.nist.gov/vuln/detail/CVE-2019-14271) loading of nsswitch based config inside chroot under Glibc.
+* Fix Fix a potential engine panic when using XFS disk quota for containers. [moby/moby#39644](https://github.com/moby/moby/pull/39644)
+* Update to Go 1.11.13.
+
+### Logging
+
+* Fix for reading journald logs. [moby/moby#37819](https://github.com/moby/moby/pull/37819) [moby/moby#38859](https://github.com/moby/moby/pull/38859)
+
+### Networking
+
+* Fix cluster connectivity issue caused by high qLen in networkdb. [docker/libnetwork#2216](https://github.com/docker/libnetwork/pull/2216)
+* Fix service port for an application becomes unavailable randomly. [docker/libnetwork#2069](docker/libnetwork#2069)
+
 ## 17.06.2-ee-23
 2019-07-17