docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

engine: 28.0.1 release notes (#22108) 

<!--Delete sections as needed -->

## Description

<!-- Tell us what you did and why -->

## Related issues or tickets

<!-- Related issues, pull requests, or Jira tickets -->

## Reviews

<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->

- [ ] Technical review
- [ ] Editorial review
- [ ] Product review

---------

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com>
This commit is contained in:
Paweł Gronowski 2025-02-26 14:08:49 +00:00 committed by GitHub
parent a82dff5542
commit 4264011856
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 89 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
content/manuals/engine/release-notes/28.md
View File

@ -22,6 +22,51 @@ For more information about:
- Deprecated and removed features, see [Deprecated Engine Features](../deprecated.md).
- Changes to the Engine API, see [Engine API version history](/reference/api/engine/version-history.md).
## 28.0.1
{{< release-date date="2025-02-26" >}}
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- [docker/cli, 28.0.1 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.0.1)
- [moby/moby, 28.0.1 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.0.1)
### Networking
- Remove dependency on kernel modules `ip_set`, `ip_set_hash_net` and `netfilter_xt_set`.
* The dependency was introduced in release 28.0.0 but proved too disruptive. The iptables rules using these modules have been replaced. [moby/moby#49530](https://github.com/moby/moby/pull/49530)
- Allow daemon startup on a host with IPv6 disabled without requiring `--ip6tables=false`. [moby/moby#49525](https://github.com/moby/moby/pull/49525)
- Fix a bug that was causing containers with `--restart=always` and a published port already in use to restart in a tight loop. [moby/moby#49507](https://github.com/moby/moby/pull/49507)
- Fix an issue with Swarm ingress, caused by incorrect ordering of iptables rules. [moby/moby#49538](https://github.com/moby/moby/pull/49538)
- Fix creation of a swarm-scoped network from a `--config-only` network. [moby/moby#49521](https://github.com/moby/moby/pull/49521)
- Fix `docker network inspect` reporting an IPv6 gateway with CIDR suffix for a newly created network with no specific IPAM config, until a daemon restart. [moby/moby#49520](https://github.com/moby/moby/pull/49520)
- Improve the error reported when kernel modules `ip_set`, `ip_set_hash_net` and `netilter_xt_set` are not available. [moby/moby#49524](https://github.com/moby/moby/pull/49524)
- Move most of Docker's iptables rules out of the filter-FORWARD chain, so that other applications are free to append rules that must follow Docker's rules. [moby/moby#49518](https://github.com/moby/moby/pull/49518)
- Update `--help` output and man page lo state which options only apply to the default bridge network. [moby/moby#49522](https://github.com/moby/moby/pull/49522)
### Bug fixes and enhancements
- Fix `docker context create` always returning an error when using the `"skip-tls-verify"` option. [docker/cli#5850](https://github.com/docker/cli/pull/5850)
- Fix shell completion suggesting IDs instead of names for services and nodes. [docker/cli#5848](https://github.com/docker/cli/pull/5848)
- Fix unintentionally printing exit status to standard error output when `docker exec/run` returns a non-zero status. [docker/cli#5854](https://github.com/docker/cli/pull/5854)
- Fix regression `protocol "tcp" is not supported by the RootlessKit port driver "slirp4netns"`. [moby/moby#49514](https://github.com/moby/moby/pull/49514)
- containerd image store: Fix `docker inspect` not being able to show multi-platform images with missing layers for all platforms. [moby/moby#49533](https://github.com/moby/moby/pull/49533)
- containerd image store: Fix `docker images --tree` reporting wrong content size. [moby/moby#49535](https://github.com/moby/moby/pull/49535)
- Fix compilation on i386 [moby/moby#49526](https://github.com/moby/moby/pull/49526)
### Packaging updates
- Update `github.com/go-jose/go-jose/v4` to v4.0.5 to address [GHSA-c6gw-w398-hv78](https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78) / [CVE-2025-27144](https://www.cve.org/CVERecord?id=CVE-2025-27144). [docker/cli#5867](https://github.com/docker/cli/pull/5867)
- Update Buildx to [v0.21.1](https://github.com/docker/buildx/releases/tag/v0.21.1). [docker/docker-ce-packaging#1167](https://github.com/docker/docker-ce-packaging/pull/1167)
- Update Compose to [v2.33.1](https://github.com/docker/compose/releases/tag/v2.33.1). [docker/docker-ce-packaging#1168](https://github.com/docker/docker-ce-packaging/pull/1168)
### API
- containerd image store: Fix `GET /images/json?manifests=1` not filling `Manifests` for index-only images [moby/moby#49533](https://github.com/moby/moby/pull/49533)
- containerd image store: Fix `GET /images/json and /images/<name>/json` `Size.Content` field including the size of content that's not available locally [moby/moby#49535](https://github.com/moby/moby/pull/49535)
## 28.0.0
{{< release-date date="2025-02-19" >}}

2
data/engine-cli/docker_container_restart.yaml
View File

@ -75,7 +75,7 @@ examples: |-
### Stop container with timeout (-t, --timeout) {#timeout}
The `--timeout` flag sets the number of seconds to wait for the container
to stop after sending the pre-defined (see [`--signal`]{#signal)) system call signal.
to stop after sending the pre-defined (see [`--signal`](#signal)) system call signal.
If the container does not exit after the timeout elapses, it's forcibly killed
with a `SIGKILL` signal.

20
data/engine-cli/docker_container_run.yaml
View File

@ -2318,6 +2318,26 @@ examples: |-
> $ docker run -it --ulimit as=1024 fedora /bin/bash
> ```
#### Supported options for `--ulimit`:
| Option | Description |
|:-------------|:----------------------------------------------------------|
| `core` | Maximum size of core files created (`RLIMIT_CORE`) |
| `cpu` | CPU time limit in seconds (`RLIMIT_CPU`) |
| `data` | Maximum data segment size (`RLIMIT_DATA`) |
| `fsize` | Maximum file size (`RLIMIT_FSIZE`) |
| `locks` | Maximum number of file locks (`RLIMIT_LOCKS`) |
| `memlock` | Maximum locked-in-memory address space (`RLIMIT_MEMLOCK`) |
| `msgqueue` | Maximum bytes in POSIX message queues (`RLIMIT_MSGQUEUE`) |
| `nice` | Maximum nice priority adjustment (`RLIMIT_NICE`) |
| `nofile` | Maximum number of open file descriptors (`RLIMIT_NOFILE`) |
| `nproc` | Maximum number of processes available (`RLIMIT_NPROC`) |
| `rss` | Maximum resident set size (`RLIMIT_RSS`) |
| `rtprio` | Maximum real-time scheduling priority (`RLIMIT_RTPRIO`) |
| `rttime` | Maximum real-time execution time (`RLIMIT_RTTIME`) |
| `sigpending` | Maximum number of pending signals (`RLIMIT_SIGPENDING`) |
| `stack` | Maximum stack size (`RLIMIT_STACK`) |
Docker sends the values to the appropriate OS `syscall` and doesn't perform any byte conversion.
Take this into account when setting the values.

3
data/engine-cli/docker_network_ls.yaml
View File

@ -39,6 +39,7 @@ options:
value_type: bool
default_value: "false"
description: Do not truncate the output
details_url: '#no-trunc'
deprecated: false
hidden: false
experimental: false
@ -79,6 +80,8 @@ examples: |-
78b03ee04fc4 multi-host overlay swarm
```
### List networks without truncating the ID column (--no-trun) {#no-trunc}
Use the `--no-trunc` option to display the full network id:
```console

6
data/engine-cli/docker_swarm_join-token.yaml
View File

@ -21,6 +21,7 @@ options:
value_type: bool
default_value: "false"
description: Only display token
details_url: '#quiet'
deprecated: false
hidden: false
experimental: false
@ -31,6 +32,7 @@ options:
value_type: bool
default_value: "false"
description: Rotate join token
details_url: '#rotate'
deprecated: false
hidden: false
experimental: false
@ -97,7 +99,7 @@ examples: |-
SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-b30ljddcqhef9b9v4rs7mel7t
```
### `--rotate`
### `--rotate` {#rotate}
Because tokens allow new nodes to join the swarm, you should keep them secret.
Be particularly careful with manager tokens since they allow new manager nodes
@ -116,7 +118,7 @@ examples: |-
using the old token. Rotation does not affect existing nodes in the swarm
because the join token is only used for authorizing new nodes joining the swarm.
### `--quiet`
### `--quiet` {#quiet}
Only print the token. Do not print a complete command for joining.
deprecated: false

15
data/engine-cli/docker_swarm_join.yaml
View File

@ -11,6 +11,7 @@ options:
- option: advertise-addr
value_type: string
description: 'Advertised address (format: `<ip|interface>[:port]`)'
details_url: '#advertise-addr'
deprecated: false
hidden: false
experimental: false
@ -21,6 +22,7 @@ options:
value_type: string
default_value: active
description: Availability of the node (`active`, `pause`, `drain`)
details_url: '#availability'
deprecated: false
hidden: false
experimental: false
@ -31,6 +33,7 @@ options:
value_type: string
description: |
Address or interface to use for data path traffic (format: `<ip|interface>`)
details_url: '#data-path-addr'
deprecated: false
hidden: false
min_api_version: "1.31"
@ -42,6 +45,7 @@ options:
value_type: node-addr
default_value: 0.0.0.0:2377
description: 'Listen address (format: `<ip|interface>[:port]`)'
details_url: '#listen-addr'
deprecated: false
hidden: false
experimental: false
@ -51,6 +55,7 @@ options:
- option: token
value_type: string
description: Token for entry into the swarm
details_url: '#token'
deprecated: false
hidden: false
experimental: false
@ -102,7 +107,7 @@ examples: |-
dvfxp4zseq4s0rih1selh0d20 * manager1 Ready Active Leader
```
### `--listen-addr value`
### `--listen-addr value` {#listen-addr}
If the node is a manager, it will listen for inbound swarm manager traffic on this
address. The default is to listen on 0.0.0.0:2377. It is also possible to specify a
@ -113,7 +118,7 @@ examples: |-
This flag is generally not necessary when joining an existing swarm.
### `--advertise-addr value`
### `--advertise-addr value` {#advertise-addr}
This flag specifies the address that will be advertised to other members of the
swarm for API access. If unspecified, Docker will check if the system has a
@ -133,7 +138,7 @@ examples: |-
ensure the node advertises its IP address and not the IP address of the load
balancer.
### `--data-path-addr`
### `--data-path-addr` {#data-path-addr}
This flag specifies the address that global scope network drivers will publish towards
other nodes in order to reach the containers running on this node.
@ -142,11 +147,11 @@ examples: |-
If unspecified, Docker will use the same IP address or interface that is used for the
advertise address.
### `--token string`
### `--token string` {#token}
Secret value required for nodes to join the swarm
### `--availability`
### `--availability` {#availability}
This flag specifies the availability of the node at the time the node joins a master.
Possible availability values are `active`, `pause`, or `drain`.

6
data/engine-cli/docker_swarm_unlock-key.yaml
View File

@ -22,6 +22,7 @@ options:
value_type: bool
default_value: "false"
description: Only display token
details_url: '#quiet'
deprecated: false
hidden: false
experimental: false
@ -32,6 +33,7 @@ options:
value_type: bool
default_value: "false"
description: Rotate unlock key
details_url: '#rotate'
deprecated: false
hidden: false
experimental: false
@ -87,12 +89,12 @@ examples: |-
SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8
```
### `--rotate`
### `--rotate` {#rotate}
This flag rotates the unlock key, replacing it with a new randomly-generated
key. The old unlock key will no longer be accepted.
### `--quiet`
### `--quiet` {#quiet}
Only print the unlock key, without instructions.
deprecated: false

4
hugo.yaml
View File

@ -113,10 +113,10 @@ params:
# Latest version of the Docker Engine API
latest_engine_api_version: "1.48"
# Latest version of Docker Engine
docker_ce_version: "28.0.0"
docker_ce_version: "28.0.1"
# Previous version of the Docker Engine
# (Used to show e.g., "latest" and "latest"-1 in engine install examples
docker_ce_version_prev: "27.5.1"
docker_ce_version_prev: "28.0.0"
# Latest Docker Compose version
compose_version: "v2.33.1"
# Latest BuildKit version