docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8977 from usha-mandya/patch-06-2019 

June patch release notes
This commit is contained in:
Usha Mandya 2019-06-27 19:03:47 +01:00 committed by GitHub
parent ebea0bc527 44c5ca316a
commit 6cc323e935
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 337 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
_config.yml
View File

@ -96,7 +96,7 @@ defaults:
- scope:
path: "install"
values:
win_latest_build: "docker-18.09.6"
win_latest_build: "docker-18.09.7"
- scope:
path: "datacenter"
values:
@ -106,14 +106,14 @@ defaults:
values:
dtr_org: "docker"
dtr_repo: "dtr"
dtr_version: "2.6.6"
dtr_version: "2.6.7"
- scope:
path: "datacenter/dtr/2.5"
values:
hide_from_sitemap: true
dtr_org: "docker"
dtr_repo: "dtr"
dtr_version: "2.5.11"
dtr_version: "2.5.12"
- scope:
path: "datacenter/dtr/2.4"
values:
@ -149,29 +149,29 @@ defaults:
values:
ucp_org: "docker"
ucp_repo: "ucp"
ucp_version: "3.1.7"
ucp_version: "3.1.8"
- scope: # This is a bit of a hack for the get-support.md topic.
path: "ee"
values:
ucp_org: "docker"
ucp_repo: "ucp"
dtr_repo: "dtr"
ucp_version: "3.1.7"
dtr_version: "2.6.6"
ucp_version: "3.1.8"
dtr_version: "2.6.7"
- scope:
path: "datacenter/ucp/3.0"
values:
hide_from_sitemap: true
ucp_org: "docker"
ucp_repo: "ucp"
ucp_version: "3.0.11"
ucp_version: "3.0.12"
- scope:
path: "datacenter/ucp/2.2"
values:
hide_from_sitemap: true
ucp_org: "docker"
ucp_repo: "ucp"
ucp_version: "2.2.18"
ucp_version: "2.2.19"
- scope:
path: "datacenter/ucp/2.1"
values:

36
_data/ddc_offline_files_2.yaml
View File

@ -5,7 +5,15 @@
# Used by _includes/components/ddc_url_list_2.html
- product: "ucp"
version: "3.1"
tar-files:
tar-files:
- description: "3.1.8 Linux"
url: https://packages.docker.com/caas/ucp_images_3.1.8.tar.gz
- description: "3.1.8 Windows Server 2016 LTSC"
url: https://packages.docker.com/caas/ucp_images_win_2016_3.1.8.tar.gz
- description: "3.1.8 Windows Server 1803"
url: https://packages.docker.com/caas/ucp_images_win_1803_3.1.8.tar.gz
- description: "3.1.8 Windows Server 2019 LTSC"
url: https://packages.docker.com/caas/ucp_images_win_2019_3.1.8.tar.gz
- description: "3.1.7 Linux"
url: https://packages.docker.com/caas/ucp_images_3.1.7.tar.gz
- description: "3.1.7 Windows Server 2016 LTSC"
@ -83,6 +91,14 @@
- product: "ucp"
version: "3.0"
tar-files:
- description: "3.0.12 Linux"
url: https://packages.docker.com/caas/ucp_images_3.0.12.tar.gz
- description: "3.0.12 IBM Z"
url: https://packages.docker.com/caas/ucp_images_s390x_3.0.12.tar.gz
- description: "3.0.12 Windows Server 2016 LTSC"
url: https://packages.docker.com/caas/ucp_images_win_2016_3.0.12.tar.gz
- description: "3.0.12 Windows Server 1803"
url: https://packages.docker.com/caas/ucp_images_win_1803_3.0.12.tar.gz
- description: "3.0.11 Linux"
url: https://packages.docker.com/caas/ucp_images_3.0.11.tar.gz
- description: "3.0.11 IBM Z"
@ -186,6 +202,12 @@
- product: "ucp"
version: "2.2"
tar-files:
- description: "2.2.19 Linux"
url: https://packages.docker.com/caas/ucp_images_2.2.19.tar.gz
- description: "2.2.19 IBM Z"
url: https://packages.docker.com/caas/ucp_images_s390x_2.2.19.tar.gz
- description: "2.2.19 Windows"
url: https://packages.docker.com/caas/ucp_images_win_2.2.19.tar.gz
- description: "2.2.18 Linux"
url: https://packages.docker.com/caas/ucp_images_2.2.18.tar.gz
- description: "2.2.18 IBM Z"
@ -291,14 +313,16 @@
- product: "dtr"
version: "2.6"
tar-files:
- description: "DTR 2.6.7 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.6.7.tar.gz
- description: "DTR 2.6.6 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.6.6.tar.gz
url: https://packages.docker.com/caas/dtr_images_2.6.6.tar.gz
- description: "DTR 2.6.5 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.6.5.tar.gz
url: https://packages.docker.com/caas/dtr_images_2.6.5.tar.gz
- description: "DTR 2.6.4 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.6.4.tar.gz
url: https://packages.docker.com/caas/dtr_images_2.6.4.tar.gz
- description: "DTR 2.6.3 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.6.3.tar.gz
url: https://packages.docker.com/caas/dtr_images_2.6.3.tar.gz
- description: "DTR 2.6.2 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.6.2.tar.gz
- description: "DTR 2.6.1 Linux x86"
@ -308,6 +332,8 @@
- product: "dtr"
version: "2.5"
tar-files:
- description: "DTR 2.5.12 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.5.12.tar.gz
- description: "DTR 2.5.11 Linux x86"
url: https://packages.docker.com/caas/dtr_images_2.5.11.tar.gz
- description: "DTR 2.5.10 Linux x86"

121
ee/dtr/release-notes.md
View File

@ -21,6 +21,37 @@ to upgrade your installation to the latest release.
# Version 2.6
## 2.6.7
(2019-6-27)
### Enhancements
* Added UI support to retain metadata when switching between storage drivers.(docker/dhe-deploy#10340). For more information, see (docker/dhe-deploy #10199) and (docker/dhe-deploy #10181).
* Added UI support to disable persistent cookies. (docker/dhe-deploy #10353)
### Bug fixes
* Fixed a UI bug where non-admin namespace owners could not create a repository. (docker/dhe-deploy #10371)
* Fixed a bug where duplicate scan jobs were causing scans to never exit. (docker/dhe-deploy #10316)
* Fixed a bug where logged in users were unable to pull from public repositories. (docker/dhe-deploy #10343)
* Fixed a bug where attempts to switch pages to navigate through the list of repositories did not result in an updated list of repositories. (docker/dhe-deploy #10377)
* Fixed a pagination issue where the number of repositories listed when switching pages was not accurate. (docker/dhe-deploy #10376)
### Known issues
* Docker Engine Enterprise Edition (Docker EE) Upgrade
* There are [important changes to the upgrade process](/ee/upgrade) that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before `18.09` to version `18.09` or greater. For DTR-specific changes, see [2.5 to 2.6 upgrade](/ee/dtr/admin/upgrade/#25-to-26-upgrade).
* Web Interface
* Poll mirroring for Docker plugins such as `docker/imagefs` is currently broken. (docker/dhe-deploy #9490)
* When viewing the details of a scanned image tag, the header may display a different vulnerability count from the layer details. (docker/dhe-deploy #9474)
* In order to set a tag limit for pruning purposes, immutability must be turned off for a repository. This limitation is not clear in the **Repository Settings** view. (docker/dhe-deploy #9554)
* Webhooks
* When configured for "Image promoted from repository" events, a webhook notification is triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
* HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
* System
* When upgrading from `2.5` to `2.6`, the system will run a `metadatastoremigration` job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](/ee/dtr/admin/upgrade/#25-to-26-upgrade).
## 2.6.6
(2019-5-6)
@ -35,7 +66,7 @@ to upgrade your installation to the latest release.
- Next, add `keep_metadata: true` as a top-level key in the JSON you just created and modify it to contain your new storage settings.
- Finally, update your Registry settings with your modified JSON file via `curl -X PUT .../api/v0/admin/settings/registry -d @storage.json`.
### Bug Fixes
### Bug fixes
* Fixed an issue where replica version was inferred from DTR volume labels. (docker/dhe-deploy#10266)
@ -60,7 +91,7 @@ to upgrade your installation to the latest release.
## 2.6.5
(2019-4-11)
### Bug Fixes
### Bug fixes
* Fixed a bug where the web interface was not rendering for non-admin users.
* Removed `Users` tab from the side navigation [#10222](https://github.com/docker/dhe-deploy/pull/10222)
@ -86,7 +117,7 @@ to upgrade your installation to the latest release.
* Added `--storage-migrated` option to reconfigure with migrated content when moving content to a new NFS URL. (ENGDTR-794)
* Added a job log status filter which allows users to exclude jobs that are not currently ***running***. (docker/dhe-deploy #10077)
### Bug Fixes
### Bug fixes
* If you have a repository in DTR 2.4 with manifest lists enabled, `docker pull` would fail on images that have been pushed to the repository after you upgrade to 2.5 and opt into garbage collection. This also applied when upgrading from 2.5 to 2.6. The issue has been fixed in DTR 2.6.4. (ENGDTR-330 and docker/dhe-deploy #10105)
@ -113,7 +144,7 @@ to upgrade your installation to the latest release.
* Bump the Golang version that is used to build DTR to version 1.11.5. (docker/dhe-deploy#10060)
### Bug Fixes
### Bug fixes
* Users with read-only permissions can no longer see the README edit button for a repository. (docker/dhe-deploy#10056)
@ -142,7 +173,7 @@ to upgrade your installation to the latest release.
(2019-1-29)
### Bug Fixes
### Bug fixes
* Fixed a bug where scanning Windows images were stuck in Pending state. (docker/dhe-deploy #9969)
@ -172,7 +203,7 @@ to upgrade your installation to the latest release.
(2019-01-09)
### Bug Fixes
### Bug fixes
* Fixed a bug where notary signing data was not being backed up properly (docker/dhe-deploy #9862)
* Allow a cluster to go from 2 replicas to 1 without forcing removal (docker/dhe-deploy #9840)
@ -207,7 +238,7 @@ to upgrade your installation to the latest release.
(2018-11-08)
### New Features
### New features
* Web Interface
* Online garbage collection is no longer an experimental feature. Users can now write to DTR and push images during garbage collection. [Learn about garbage collection](/ee/dtr/admin/configure/garbage-collection/).
@ -266,7 +297,6 @@ to upgrade your installation to the latest release.
* `DELETE /api/v0/repositories/{namespace}/{reponame}/manifests/{reference}`
* The `enableManifestLists` field on the `POST /api/v0/repositories/{namespace}` endpoint will be removed in DTR 2.7. See [Deprecation Notice](deprecation-notice) for more details.
# Version 2.5
@ -275,6 +305,41 @@ to upgrade your installation to the latest release.
>
> Upgrade path from 2.5.x to 2.6: Upgrade directly to 2.6.4.
## 2.5.12
(2019-06-27)
### Bug fixes
* Fixed a bug where duplicate scan jobs were causing scans to never exit.(docker/dhe-deploy #10322)
* Fixed a pagination issue where the number of repositories listed when switching pages was not accurate. (docker/dhe-deploy #10383)
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
repository and tag.
* When deleting a repository with signed images, the DTR web interface no longer
shows instructions on how to delete trust data.
* There's no web interface support to update mirroring policies when rotating the TLS
certificates used by DTR. Use the API instead.
* The web interface for promotion policies is currently broken if you have a large number
of repositories.
* Clicking "Save & Apply" on a promotion policy doesn't work.
* Webhooks
* There is no webhook event for when an image is pulled.
* HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
* When configured for "Image promoted from repository" events, a webhook notification will be triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
* Online garbage collection
* The events API won't report events when tags and manifests are deleted.
* The events API won't report blobs deleted by the garbage collection job.
* Docker EE Advanced features
* Scanning any new push after metadatastore migration will not yet work.
* Pushes to repos with promotion policies (repo as source) are broken when an
image has a layer over 100MB.
* On upgrade the scanningstore container may restart with this error message:
FATAL: database files are incompatible with server
## 2.5.11
(2019-05-06)
@ -285,12 +350,12 @@ to upgrade your installation to the latest release.
* Bumped the Alpine version of the base image to 3.9. (docker/dhe-deploy #10301)
* Bumped Python dependencies to address vulnerabilities. (docker/dhe-deploy #10308 and #10311)
### Bug Fixes
### Bug fixes
* Fixed an issue where read / write permissions were used when copying files into containers. (docker/dhe-deploy #10207)
* Fixed an issue where non-admin users could not access their repositories from the Repositories page on the web interface. (docker/dhe-deploy #10294)
### Known Issues
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
@ -321,11 +386,11 @@ to upgrade your installation to the latest release.
(2019-3-28)
### Bug Fixes
### Bug fixes
* If you have a repository in DTR 2.4 with manifest lists enabled, `docker pull` used to fail on images that were pushed to the repository after you upgraded to 2.5 and opted into garbage collection. This has been fixed in 2.5.10. (docker/dhe-deploy#10106)
### Known Issues
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
@ -359,7 +424,7 @@ to upgrade your installation to the latest release.
* Bump the Golang version that is used to build DTR to version 1.10.8. (docker/dhe-deploy#10071)
### Known Issues
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
@ -392,11 +457,11 @@ to upgrade your installation to the latest release.
(2019-1-29)
### Bug Fixes
### Bug fixes
* Fixed an issue that prevented vulnerability updates from running if they were previously interrupted. (docker/dhe-deploy #9958)
### Known Issues
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
@ -429,7 +494,7 @@ to upgrade your installation to the latest release.
(2019-01-09)
### Bug Fixes
### Bug fixes
* Fixed a bug where manifest lists were being appended to existing manifests lists when pushed. (docker/dhe-deploy #9811)
* Updated GoRethink library to avoid potential lock contention. (docker/dhe-deploy #9812)
@ -438,7 +503,7 @@ to upgrade your installation to the latest release.
### Changelog
* GoLang version bump to 1.10.7.
### Known Issues
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
@ -471,7 +536,7 @@ to upgrade your installation to the latest release.
(2018-10-25)
### Bug Fixes
### Bug fixes
* Fixed a bug where Windows images could not be promoted. (docker/dhe-deploy#9215)
* Removed Python3 from base image. (docker/dhe-deploy#9219)
* Added CSP (docker/dhe-deploy#9366)
@ -480,7 +545,7 @@ to upgrade your installation to the latest release.
* Backported ManifestList fixes. (docker/dhe-deploy#9547)
* Removed support sidebar link and associated content. (docker/dhe-deploy#9411)
### Known Issues
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
@ -513,13 +578,13 @@ to upgrade your installation to the latest release.
(2018-8-30)
### Bug Fixes
### Bug fixes
* Fixed bug where repository tag list UI was not loading after a tag migration.
* Fixed bug to enable poll mirroring with Windows images.
* The RethinkDB image has been patched to remove unused components with known vulnerabilities including the RethinkCLI. To get an equivalent interface, run RethinkCLI from a separate image using `docker run -it --rm --net dtr-ol -v dtr-ca-$REPLICA_ID:/ca dockerhubenterprise/rethinkcli:v2.3.0 $REPLICA_ID`.
### Known Issues
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
@ -552,17 +617,17 @@ to upgrade your installation to the latest release.
(2018-6-21)
### New Features
### New features
* Allow users to adjust DTR log levels for alternative logging solutions.
### Bug Fixes
### Bug fixes
* Fixed URL redirect to release notes.
* Prevent OOM during garbage collection by reading less data into memory at a time.
* Fixed issue where worker capacities wouldn't update on minor version upgrades.
### Known Issues
### Known issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
@ -837,7 +902,7 @@ of testing the server to find which version works.
(2018-10-25)
### Bug Fixes
### Bug fixes
* Added CSP (Content Security Policy). (docker/dhe-deploy#9367 and docker/dhe-deploy#9584)
* Fixed critical vulnerability in RethinkDB. (docker/dhe-deploy#9574)
@ -855,7 +920,7 @@ of testing the server to find which version works.
(2018-07-26)
### Bug Fixes
### Bug fixes
* Fixed bug where repository tag list UI was not loading after a tag migration.
* The RethinkDB image has been patched to remove unused components with known vulnerabilities including the rethinkcli. To get an equivalent interface please run the rethinkcli from a separate image using `docker run -it --rm --net dtr-ol -v dtr-ca-$REPLICA_ID:/ca dockerhubenterprise/rethinkcli $REPLICA_ID`.
@ -869,11 +934,11 @@ of testing the server to find which version works.
(2018-06-21)
**New Features**
**New features**
* Allow users to adjust DTR log levels for alternative logging solutions.
**Bug Fixes**
**Bug fixes**
* Prevent OOM during garbage collection by reading less data into memory at a time.

151
ee/ucp/release-notes.md
View File

@ -21,19 +21,82 @@ upgrade your installation to the latest release.
# Version 3.1
## 3.1.8
(2019-06-27)
> Upgrading UCP 3.1.8
>
> UCP 3.1.8 introduces new features such as setting the `kubeletMaxPods` option for all nodes in the cluster, and an updated UCP configuration file that allows admins to set default values for Swarm services. These features not available in UCP 3.2.0. Customers using either of those features in UCP 3.1.8 or future versions of 3.1.x must upgrade to UCP 3.2.1 or later to avoid any upgrade issues. For information, see [Upgrading your UCP environment](/ee/ucp/admin/install/upgrade/).
{: .important}
### Kubernetes
* Kubernetes has been updated to version 1.11.10.
### Enhancements
* A `user_workload_defaults` section has been added to the UCP configuration
file that allows admins to set default field values that will be applied to
Swarm services if those fields are not explicitly set when the service is
created. Only a subset of Swarm service fields may be set; see [UCP
Configuration file](/ee/ucp/admin/configure/ucp-configuration-file/) for more
details. (ENGORC-2437)
* Users can now set the `kubeletMaxPods` option for all nodes in the cluster,
see the [UCP Configuration
file](/ee/ucp/admin/configure/ucp-configuration-file/) for more details.
(ENGORC-2334)
* Users can now adjust the internal Kubernetes Service IP Range from the default
`10.96.0.0/16` at install time. See [Plan
Installation](ee/ucp/admin/install/plan-installation.md#avoid-ip-range-conflicts)
for more details. (ENGCORE-683)
### Bug fixes
* Added a migration logic to remove all actions on `pods/exec` and `pods/attach` Kubernetes subresource from the migrated UCP View-Only role. (ENGORC-2434)
* Fixed an issue that allows unauthenticated user to list directories. (ENGORC-2175)
### Deprecated platforms
* Removed support for Windows Server 1709 as it is now [end of
life](https://docs.microsoft.com/en-us/windows-server/get-started/windows-server-release-info).
### Known issues
* Upgrading from UCP `3.1.4` to `3.1.5` causes missing Swarm placement constraints banner for some Swarm services (ENGORC-2191). This can cause Swarm services to run unexpectedly on Kubernetes nodes. See https://www.docker.com/ddc-41 for more information.
- Workaround: Delete any `ucp-*-s390x` Swarm services. For example, `ucp-auth-api-s390x`.
* There are important changes to the upgrade process that, if not correctly followed, can impact the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any Docker Engine version before 18.09 to version 18.09 or greater. For more information about upgrading Docker Enterprise to version 2.1, see [Upgrade Docker](../upgrade).
* To deploy Pods with containers using Restricted Parameters, the user must be an admin and a service account must explicitly have a **ClusterRoleBinding** with `cluster-admin` as the **ClusterRole**. Restricted Parameters on Containers include:
* Host Bind Mounts
* Privileged Mode
* Extra Capabilities
* Host Networking
* Host IPC
* Host PID
* If you delete the built-in **ClusterRole** or **ClusterRoleBinding** for `cluster-admin`, restart the `ucp-kube-apiserver` container on any manager node to recreate them. (#14483)
* Pod Security Policies are not supported in this release. (#15105)
* The default Kubelet configuration for UCP Manager nodes is expecting 4GB of free disk space in the `/var` partition. See [System Requirements](/ee/ucp/admin/install/system-requirements) for details.
### Components
| Component | Version |
| ----------- | ----------- |
| UCP | 3.1.8 |
| Kubernetes | 1.11.10 |
| Calico | 3.5.3 |
| Interlock (nginx) | 1.14.0 |
## 3.1.7
(2019-05-06)
### Security
* Refer to [UCP image vulnerabilities](https://success.docker.com/article/ucp-image-vulnerabilities) for details regarding actions to be taken, timeline, and any status updates/issues/recommendations.
### Bug Fixes
### Bug fixes
* Updated the UCP base image layers to fix a number of old libraries and components that had security vulnerabilities.
### Known Issues
### Known issues
* Upgrading from UCP `3.1.4` to `3.1.5` causes missing Swarm placement constraints banner for some Swarm services (ENGORC-2191). This can cause Swarm services to run unexpectedly on Kubernetes nodes. See https://www.docker.com/ddc-41 for more information.
- Workaround: Delete any `ucp-*-s390x` Swarm services. For example, `ucp-auth-api-s390x`.
* There are important changes to the upgrade process that, if not correctly followed, can impact the availability of applications running on the Swarm during uprades. These constraints impact any upgrades coming from any Docker Engine version before 18.09 to version 18.09 or greater. For more information about about upgrading Docker Enterprise to version 2.1, see [Upgrade Docker](../upgrade).
* There are important changes to the upgrade process that, if not correctly followed, can impact the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any Docker Engine version before 18.09 to version 18.09 or greater. For more information about upgrading Docker Enterprise to version 2.1, see [Upgrade Docker](../upgrade).
* To deploy Pods with containers using Restricted Parameters, the user must be an admin and a service account must explicitly have a **ClusterRoleBinding** with `cluster-admin` as the **ClusterRole**. Restricted Parameters on Containers include:
* Host Bind Mounts
* Privileged Mode
@ -66,7 +129,7 @@ upgrade your installation to the latest release.
### Authentication and Authorization
* Accessing the `ListAccount` API endpoint now requires an admin user. Accessing the `GetAccount` API endpoint now requires an admin user, the actual user, or a member of the organization being inspected. [ENGORC-100](https://docker.atlassian.net/browse/ENGORC-100)
### Known Issues
### Known issues
* Upgrading from UCP `3.1.4` to `3.1.5` causes missing Swarm placement constraints banner for some Swarm services (ENGORC-2191). This can cause Swarm services to run unexpectedly on Kubernetes nodes. See https://www.docker.com/ddc-41 for more information.
- Workaround: Delete any `ucp-*-s390x` Swarm services. For example, `ucp-auth-api-s390x`.
* There are important changes to the upgrade process that, if not correctly followed, can impact the availability of applications running on the Swarm during uprades. These constraints impact any upgrades coming from any Docker Engine version before 18.09 to version 18.09 or greater. For more information about about upgrading Docker Enterprise to version 2.1, see [Upgrade Docker](../upgrade).
@ -105,12 +168,12 @@ upgrade your installation to the latest release.
* Hid most of the UCP banners for non-admin users. (docker/orca#14631)
* When LDAP or SAML is enabled, provided admin users an option to disable managed password authentication, which includes login and creation of new users. (ENGORC-1999)
### Bug Fixes
### Bug fixes
* Changed Interlock proxy service default `update-action-failure` to rollback. (ENGCORE-117)
* Added validation for service configuration label values. (ENGCORE-114)
* Fixed an issue with continuous interlock reconciliation if `ucp-interlock` service image does not match expected version. (ENGORC-2081)
### Known Issues
### Known issues
* Upgrading from UCP 3.1.4 to 3.1.5 causes missing Swarm placement constraints banner for some Swarm services (ENGORC-2191). This can cause Swarm services to run unexpectedly on Kubernetes nodes. See https://www.docker.com/ddc-41 for more information.
- Workaround: Delete any `ucp-*-s390x` Swarm services. For example, `ucp-auth-api-s390x`.
@ -146,7 +209,7 @@ upgrade your installation to the latest release.
### Kubernetes
* Kubernetes has been updated to version 1.11.7. (docker/orca#16157)
### Bug Fixes
### Bug fixes
* Bump the Golang version that is used to build UCP to version 1.10.8. (docker/orca#16068)
* Fixed an issue that caused UCP upgrade failure to upgrade with Interlock deployment. (docker/orca#16009)
* Fixed an issue that caused ucp-agent(s) on worker nodes to constantly reboot when audit logging is enabled. (docker/orca#16122)
@ -158,7 +221,7 @@ upgrade your installation to the latest release.
### Enhancements
* Changed packaging and builds for UCP to build bootstrapper last. This avoids the "upgrade available" banner on all UCPs until the entirety of UCP is available.
### Known Issues
### Known issues
* Newly added Windows node reports "Awaiting healthy status in classic node inventory". [Learn more](https://success.docker.com/article/newly-added-windows-node-reports-awaiting-healthy-status-in-classic-node-inventory).
* There are important changes to the upgrade process that, if not correctly followed, can impact the availability of applications running on the Swarm during uprades. These constraints impact any upgrades coming from any Docker Engine version before 18.09 to version 18.09 or greater. For more information about about upgrading Docker Enterprise to version 2.1, see [Upgrade Docker](../upgrade)
@ -195,7 +258,7 @@ upgrade your installation to the latest release.
### Networking
* Upgraded Calico to version 3.5. (#15884)
### Bug Fixes
### Bug fixes
* Fixed system hang following UCP backup and docker daemon shutdown. (docker/escalation#841)
* Non-admin users can no longer create `PersistentVolumes` using the `Local`
Storage Class, as this allowed non-admins to by pass security controls and
@ -230,7 +293,7 @@ upgrade your installation to the latest release.
* UCP Audit logging is now controlled through the UCP Configuration file; it is also
now configurable within the UCP web interface. (#15466)
### Bug Fixes
### Bug fixes
* Core
* Significantly reduced database load in environments with a lot of concurrent and repeated API requests by the same user. (docker/escalation#911)
* UCP backend will now complain when a service is created/updated if the
@ -241,7 +304,7 @@ now configurable within the UCP web interface. (#15466)
* Now upgrading Interlock will also upgrade interlock proxy and interlock extension as well (escalation/871)
* Added support for 'VIP' backend mode, in which the Interlock proxy connects to the backend service's Virtual IP instead of load-balancing directly to each task IP. (docker/interlock#206) (escalation/920)
### Known Issues
### Known issues
* In the UCP web interface, LDAP settings disappear after submitting them. However, the settings are properly saved. (docker/orca#15503)
* By default, Kubelet begins deleting images, starting with the oldest unused images, after exceeding 85% disk space utilization. This causes an issue in an air-gapped environment. (docker/orca#16082)
@ -273,7 +336,7 @@ now configurable within the UCP web interface. (#15466)
2018-11-08
### Bug Fixes
### Bug fixes
* Swarm placement constraint warning banner no longer shows up for `ucp-auth` services (#14539)
* "update out of sequence" error messages no longer appear when changing admin settings (#7093)
@ -282,7 +345,7 @@ now configurable within the UCP web interface. (#15466)
* `docker network ls --filter id=<id>` now works with a UCP client bundle (#14840)
* Collection deletes are correctly blocked if there is a node in the collection (#13704)
### New Features
### New features
### Kubernetes
@ -367,11 +430,33 @@ The following features are deprecated in UCP 3.1.
# Version 3.0
## 3.0.12
2019-06-27
### Bug fixes
* Added migration logic to remove all actions on `pods/exec` and `pods/attach` Kubernetes subresource from the migrated UCP View-Only role. (ENGORC-2434)
* Fixed an issue that allows unauthenticated user to list directories. (ENGORC-2175)
### Deprecated platforms
* Removed support for Windows Server 1709 as it is now [end of
life](https://docs.microsoft.com/en-us/windows-server/get-started/windows-server-release-info).
### Components
| Component | Version |
| ----------- | ----------- |
| UCP | 3.0.12 |
| Kubernetes | 1.8.15 |
| Calico | 3.0.8 |
| Interlock (nginx) | 1.13.12 |
## 3.0.11
2019-05-06
### Bug Fixes
### Bug fixes
* Updated the UCP base image layers to fix a number of old libraries and components that had security vulnerabilities.
### Components
@ -387,7 +472,7 @@ The following features are deprecated in UCP 3.1.
2019-02-28
### Bug Fixes
### Bug fixes
* Bump the Golang version that is used to build UCP to version 1.10.8.
* Prevent UCP users from updating services with a port that conflicts with the UCP controller port. (escalation#855)
* Fixed an issue that causes UCP fail to upgrade with Interlock deployment. (docker/orca/#16009)
@ -567,7 +652,7 @@ The following features are deprecated in UCP 3.1.
* Offline bundles `ucp_images_win_1803_3.0.3.tar.gz` have been added.
* UCP 3.0.3 now supports IBM Z (s390x) as worker nodes on 3.0.x for SLES 12 SP 3. Interlock is currently not supported for 3.0.x on Z.
### Bug Fixes
### Bug fixes
* Core
* Optimize swarm service read api calls through UCP
@ -592,7 +677,7 @@ The following features are deprecated in UCP 3.1.
2018-06-21
### New Features
### New features
* UCP now supports running Windows Server 1709 workers
* Server 1709 provides smaller Windows base image sizes, as detailed [here](https://docs.microsoft.com/en-us/windows-server/get-started/whats-new-in-windows-server-1709)
@ -603,7 +688,7 @@ The following features are deprecated in UCP 3.1.
* Added support for dynamic volume provisioning in Kubernetes for AWS EBS and
Azure Disk when installing UCP with the `--cloud-provider` option.
### Bug Fixes
### Bug fixes
* Core
* Fixed an issue for anonymous volumes in Compose for Kubernetes.
* Fixed an issue where a fresh install would have an initial per-user session
@ -636,7 +721,7 @@ Azure Disk when installing UCP with the `--cloud-provider` option.
2018-05-17
### Bug Fixes
### Bug fixes
* Core
* Bumped Kubernetes version to 1.8.11.
* Compose for Kubernetes now respects the specified port services are exposed on.
@ -843,11 +928,35 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads.
# Version 2.2
## Version 2.2.19
2019-06-27
### Bug fixes
* Fixed an issue that allows unauthenticated user to list directories. (ENGORC-2175)
### Known issues
* Docker currently has limitations related to overlay networking and services using VIP-based endpoints. These limitations apply to use of the HTTP Routing Mesh (HRM). HRM users should familiarize themselves with these limitations. In particular, HRM may encounter virtual IP exhaustion (as evidenced by `failed to allocate network IP for task` Docker log messages). If this happens, and if the HRM service is restarted or rescheduled for any reason, HRM may fail to resume operation automatically. See the Docker EE 17.06-ee5 release notes for details.
* The Swarm admin web interface for UCP versions 2.2.0 and later contain a bug. If used with Docker Engine version 17.06.2-ee5 or earlier, attempting to update "Task History Limit", "Heartbeat Period" and "Node Certificate Expiry" settings using the UI will cause the cluster to crash on next restart. Using UCP 2.2.X and Docker Engine 17.06-ee6 and later, updating these settings will fail (but not cause the cluster to crash). Users are encouraged to update to Docker Engine version 17.06.2-ee6 and later, and to use the Docker CLI (instead of the UCP UI) to update these settings. Rotating join tokens works with any combination of Docker Engine and UCP versions. Docker Engine versions 17.03 and earlier (which use UCP version 2.1 and earlier) are not affected by this problem.
* Upgrading heterogeneous swarms from CLI may fail because x86 images are used
instead of the correct image for the worker architecture.
* Agent container log is empty even though it's running correctly.
* Rapid UI settings updates may cause unintended settings changes for logging
settings and other admin settings.
* Attempting to load an (unsupported) `tar.gz` image results in a poor error
message.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
`<node-name>/<network-name>`.
## Version 2.2.18
2019-05-06
### Bug Fixes
### Bug fixes
* Updated the UCP base image layers to fix a number of old libraries and components that had security vulnerabilities.
### Known issues
@ -871,7 +980,7 @@ instead of the correct image for the worker architecture.
2019-02-28
### Bug Fixes
### Bug fixes
* Bump the Golang version that is used to build UCP to version 1.10.8.
* Prevent UCP users from updating services with a port that conflicts with the UCP controller port. (escalation#855)

75
engine/release-notes.md
View File

@ -29,6 +29,31 @@ consistency and compatibility reasons.
> `sudo apt install docker-ce docker-ce-cli containerd.io`. See the install instructions
> for the corresponding linux distro for details.
## 18.09.07
2019-06-27
### Builder
* Fixed a panic error when building dockerfiles that contain only comments. [moby/moby#38487](https://github.com/moby/moby/pull/38487)
* Added a workaround for GCR authentication issue. [moby/moby#38246](https://github.com/moby/moby/pull/38246)
* Builder-next: Fixed a bug in the GCR token cache implementation workaround. [moby/moby#39183](https://github.com/moby/moby/pull/39183)
### Runtime
* Added performance optimizations in aufs and layer store that helps in massively parallel container creation and removal. [moby/moby#39107](https://github.com/moby/moby/pull/39107), [moby/moby#39135](https://github.com/moby/moby/pull/39135)
* Updated containerd to version 1.2.6. [moby/moby#39016](https://github.com/moby/moby/pull/39016)
* Fixed [CVE-2018-15664](https://nvd.nist.gov/vuln/detail/CVE-2018-15664) symlink-exchange attack with directory traversal. [moby/moby#39357](https://github.com/moby/moby/pull/39357)
* Windows: fixed support for `docker service create --limit-cpu`. [moby/moby#39190](https://github.com/moby/moby/pull/39190)
* daemon: fixed a mirrors validation issue. [moby/moby#38991](https://github.com/moby/moby/pull/38991)
* Docker no longer supports sorting UID and GID ranges in ID maps. [moby/moby#39288](https://github.com/moby/moby/pull/39288)
### Logging
* Added a fix that now allows large log lines for logger plugins. [moby/moby#39038](https://github.com/moby/moby/pull/39038)
### Known Issue
* There are [important changes](/ee/upgrade) to the upgrade process that, if not correctly followed, can have an impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or later.
## 18.09.6
2019-05-06
@ -333,6 +358,21 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d
## Older Docker Engine EE Release notes
## 18.03.1-ee-9
2019-06-27
### Client
* Fixed annotation issues in `docker config create` and `docker secret create` commands that displayed the `--template-driver` option when connecting to an older daemon that didn't support the option. [docker/cli#1769](https://github.com/docker/cli/pull/1769) [docker/cli#1785](https://github.com/docker/cli/pull/1785)
### Runtime
* Added performance optimizations in aufs and layer store that helps in the creation and removal of massively parallel containers. [moby/moby#39107](https://github.com/moby/moby/pull/39107)
* Windows: Fixed support for `docker service create --limit-cpu`. [moby/moby#39190](https://github.com/moby/moby/pull/39190)
* Fixed a bug where the original process spec was not used for exec processes.[moby/moby#38871](https://github.com/moby/moby/pull/38871)
* Fixed [CVE-2018-15664](https://nvd.nist.gov/vuln/detail/CVE-2018-15664) symlink-exchange attack with directory traversal. [moby/moby#39357](https://github.com/moby/moby/pull/39357)
## 18.03.1-ee-8
2019-03-28
@ -478,6 +518,41 @@ Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/d
+ Support for `--chown` with `COPY` and `ADD` in `Dockerfile`.
+ Added functionality for the `docker logs` command to include the output of multiple logging drivers.
## 17.06.2-ee-22
2019-06-27
### Networking
* Fixed a bug where if a service has the same number of host-mode published ports with PublishedPort 0, changes to the spec is not reflected in the service object. [docker/swarmkit#2376](https://github.com/docker/swarmkit/pull/2376)
### Runtime
* Added performance optimizations in aufs and layer store that helps in the creation and removal of massively parallel containers. [moby/moby#39107](https://github.com/moby/moby/pull/39107)
* Fixed [CVE-2018-15664](https://nvd.nist.gov/vuln/detail/CVE-2018-15664) symlink-exchange attack with directory traversal. [moby/moby#39357](https://github.com/moby/moby/pull/39357)
* Windows: fixed support for docker service `create --limit-cpu`. [moby/moby#39190](https://github.com/moby/moby/pull/39190)
### Known issues
* When all Swarm managers are stopped at the same time, the swarm might end up in a
split-brain scenario. [Learn more](https://success.docker.com/article/KB000759).
* Under certain conditions, swarm leader re-election may timeout
prematurely. During this period, docker commands may fail. Also during
this time, creation of globally-scoped networks may be unstable. As a
workaround, wait for leader election to complete before issuing commands
to the cluster.
* It's recommended that users create overlay networks with `/24` blocks (the default) of 256 IP addresses when networks are used by services created using VIP-based endpoint-mode (the default). This is because of limitations with Docker Swarm [moby/moby#30820](moby/moby/issues/30820). Users should _not_ work around this by increasing the IP block size. To work around this limitation, either use `dnsrr` endpoint-mode or use multiple smaller overlay networks.
* Docker may experience IP exhaustion if many tasks are assigned to a single overlay network, for example if many services are attached to that network or because services on the network are scaled to many replicas. The problem may also manifest when tasks are rescheduled because of node failures. In case of node failure, Docker currently waits 24h to release overlay IP addresses. The problem can be diagnosed by looking for `failed to allocate network IP for task` messages in the Docker logs.
* SELinux enablement is not supported for containers on IBM Z on RHEL because of missing Red Hat package.
* If a container is spawned on node A, using the same IP of a container destroyed
on nodeB within 5 min from the time that it exit, the container on node A is
not reachable until one of these 2 conditions happens:
1. Container on A sends a packet out,
2. The timer that cleans the arp entry in the overlay namespace is triggered (around 5 minutes).
As a workaround, send at least a packet out from each container like
(ping, GARP, etc).
## 17.06.2-ee-21
2019-04-11