docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Release notes update (May) (#8763) 

* Latest info including known issues

* Updates for 2.6.6, 2.5.11, 2.4.12

* Added 18.09.6 updates

* Added link

* Fixed link error

* Syntax error

* 2.6.6 info cleanup

* Added Hub info

* Added Hub info for 2.6.6

* Added Hub info for 3.1.7

* Link fix

* Update line items for DTR 2.6.6

* Add line break after Known Issues

- Affects 2.5.11.

* Edit line items

Minor edits and formatting fixes
This commit is contained in:
paigehargrave 2019-05-06 12:32:44 -04:00 committed by Maria Bermudez
parent 98b5300473
commit 8ae891c978
3 changed files with 193 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
ee/dtr/release-notes.md
View File

@ -19,9 +19,44 @@ to upgrade your installation to the latest release.
* [Version 2.5](#version-25)
* [Version 2.4](#version-24)
# Version 2.6
## 2.6.6
(2019-5-2)
### Security
* Refer to [Docker Hub Maintenance](https://success.docker.com/article/dtr-image-vulnerabilities) for details regarding actions to be taken, timeline, and any status updates/issues/recommendations.
### Enhancements
* DTR now supports an option to keep your tag metadata when switching storage backends via the API. This is similar to the `--storage-migrated` option when performing an NFS reconfiguration via `docker run docker/dtr reconfigure --nfs-url ...`. (docker/dhe-deploy#10246)
- To use this option, first write your current storage settings to a JSON file via `curl ... /api/v0/admin/settings/registry > storage.json`.
- Next, add `keep_metadata: true` as a top-level key in the JSON you just created and modify it to contain your new storage settings.
- Finally, update your Registry settings with your modified JSON file via `curl -X PUT .../api/v0/admin/settings/registry -d @storage.json`.
### Bug Fixes
* Fixed an issue where replica version was inferred from DTR volume labels. (docker/dhe-deploy#10266)
### Security
* Bumped the Golang version for DTR to 1.12.4. (docker/dhe-deploy#10290)
* Bumped the Alpine version of the base image to 3.9. (docker/dhe-deploy#10290)
### Known issues
* Docker Engine Enterprise Edition (Docker EE) Upgrade
* There are [important changes to the upgrade process](/ee/upgrade) that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before `18.09` to version `18.09` or greater. For DTR-specific changes, see [2.5 to 2.6 upgrade](/ee/dtr/admin/upgrade/#25-to-26-upgrade).
* Web Interface
* Poll mirroring for Docker plugins such as `docker/imagefs` is currently broken. (docker/dhe-deploy #9490)
* When viewing the details of a scanned image tag, the header may display a different vulnerability count from the layer details. (docker/dhe-deploy #9474)
* In order to set a tag limit for pruning purposes, immutability must be turned off for a repository. This limitation is not clear in the **Repository Settings** view. (docker/dhe-deploy #9554)
* Webhooks
* When configured for "Image promoted from repository" events, a webhook notification is triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
* HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
* System
* When upgrading from `2.5` to `2.6`, the system will run a `metadatastoremigration` job after a successful upgrade. This is necessary for online garbage collection. If the three system attempts fail, you will have to retrigger the `metadatastoremigration` job manually. [Learn about manual metadata store migration](/ee/dtr/admin/upgrade/#25-to-26-upgrade).
## 2.6.5
(2019-4-11)
@ -240,13 +275,55 @@ to upgrade your installation to the latest release.
>
> Upgrade path from 2.5.x to 2.6: Upgrade directly to 2.6.4.
## 2.5.11
(2019-05-02)
### Security
* Bumped the Golang version for DTR to 1.12.4. (docker/dhe-deploy #10301)
* Bumped the Alpine version of the base image to 3.9. (docker/dhe-deploy #10301)
* Bumped Python dependencies to address vulnerabilities. (docker/dhe-deploy #10308 and #10311)
### Bug Fixes
* Fixed an issue where read / write permissions were used when copying files into containers. (docker/dhe-deploy #10207)
* Fixed an issue where non-admin users could not access their repositories from the Repositories page on the web interface. (docker/dhe-deploy #10294)
### Known Issues
* Web Interface
* The web interface shows "This repository has no tags" in repositories where tags
have long names. As a workaround, reduce the length of the name for the
repository and tag.
* When deleting a repository with signed images, the DTR web interface no longer
shows instructions on how to delete trust data.
* There's no web interface support to update mirroring policies when rotating the TLS
certificates used by DTR. Use the API instead.
* The web interface for promotion policies is currently broken if you have a large number
of repositories.
* Clicking "Save & Apply" on a promotion policy doesn't work.
* Webhooks
* There is no webhook event for when an image is pulled.
* HTTPS webhooks do not go through HTTPS proxy when configured. (docker/dhe-deploy #9492)
* When configured for "Image promoted from repository" events, a webhook notification will be triggered twice during an image promotion when scanning is enabled on a repository. (docker/dhe-deploy #9685)
* Online garbage collection
* The events API won't report events when tags and manifests are deleted.
* The events API won't report blobs deleted by the garbage collection job.
* Docker EE Advanced features
* Scanning any new push after metadatastore migration will not yet work.
* Pushes to repos with promotion policies (repo as source) are broken when an
image has a layer over 100MB.
* On upgrade the scanningstore container may restart with this error message:
FATAL: database files are incompatible with server
## 2.5.10
(2019-3-28)
### Bug Fixes
* If you have a repository in DTR 2.4 with manifest lists enabled, `docker pull` would fail on images that have been pushed to the repository after you upgrade to 2.5 and opt into garbage collection. This has been fixed in 2.5.10. (docker/dhe-deploy#10106)
* If you have a repository in DTR 2.4 with manifest lists enabled, `docker pull` used to fail on images that were pushed to the repository after you upgraded to 2.5 and opted into garbage collection. This has been fixed in 2.5.10. (docker/dhe-deploy#10106)
### Known Issues
* Web Interface
@ -710,13 +787,22 @@ specify `--log-protocol`.
> Upgrade path from 2.4.x to 2.5: Do not opt into garbage collection, or directly upgrade to 2.5.10 if you need to opt into > garbage collection.
> Upgrade path from 2.5.x to 2.6: Upgrade directly to 2.6.4.
## 2.4.12
(2019-05-02)
### Security
* Bumped the Golang version for DTR to 1.12.4. [docker/dhe-deploy #10303](https://github.com/docker/dhe-deploy/pull/10303)
* Bumped Python dependencies to address vulnerabilities. [docker/dhe-deploy#10309](https://github.com/docker/dhe-deploy/pull/10309)
## 2.4.11
(2019-4-11)
### Changelog
* Bump the Golang version that is used to build DTR to version 1.11.5. [docker/dhe-deploy#10155](https://github.com/docker/dhe-deploy/pull/10155)
* Bumped the Golang version that is used to build DTR to version 1.11.5. [docker/dhe-deploy#10155](https://github.com/docker/dhe-deploy/pull/10155)
## 2.4.10

99
ee/ucp/release-notes.md
View File

@ -21,6 +21,39 @@ upgrade your installation to the latest release.
# Version 3.1
## 3.1.7
(2019-05-02)
### Security
* Refer to [Docker Hub Maintenance](https://success.docker.com/article/ucp-image-vulnerabilities) for details regarding actions to be taken, timeline, and any status updates/issues/recommendations.
### Bug Fixes
* Updated the UCP base image layers to fix a number of old libraries and components that had security vulnerabilities.
### Known Issues
* Upgrading from UCP `3.1.4` to `3.1.5` causes missing Swarm placement constraints banner for some Swarm services (ENGORC-2191). This can cause Swarm services to run unexpectedly on Kubernetes nodes. See https://www.docker.com/ddc-41 for more information.
- Workaround: Delete any `ucp-*-s390x` Swarm services. For example, `ucp-auth-api-s390x`.
* There are important changes to the upgrade process that, if not correctly followed, can impact the availability of applications running on the Swarm during uprades. These constraints impact any upgrades coming from any Docker Engine version before 18.09 to version 18.09 or greater. For more information about about upgrading Docker Enterprise to version 2.1, see [Upgrade Docker](../upgrade).
* To deploy Pods with containers using Restricted Parameters, the user must be an admin and a service account must explicitly have a **ClusterRoleBinding** with `cluster-admin` as the **ClusterRole**. Restricted Parameters on Containers include:
* Host Bind Mounts
* Privileged Mode
* Extra Capabilities
* Host Networking
* Host IPC
* Host PID
* If you delete the built-in **ClusterRole** or **ClusterRoleBinding** for `cluster-admin`, restart the `ucp-kube-apiserver` container on any manager node to recreate them. (#14483)
* Pod Security Policies are not supported in this release. (#15105)
* The default Kubelet configuration for UCP Manager nodes is expecting 4GB of free disk space in the `/var` partition. See [System Requirements](/ee/ucp/admin/install/system-requirements) for details.
### Components
| Component | Version |
| ----------- | ----------- |
| UCP | 3.1.7 |
| Kubernetes | 1.11.9 |
| Calico | 3.5.3 |
| Interlock (nginx) | 1.14.0 |
## 3.1.6
(2019-04-11)
@ -34,7 +67,7 @@ upgrade your installation to the latest release.
* Accessing the `ListAccount` API endpoint now requires an admin user. Accessing the `GetAccount` API endpoint now requires an admin user, the actual user, or a member of the organization being inspected. [ENGORC-100](https://docker.atlassian.net/browse/ENGORC-100)
### Known Issues
* Upgrading from UCP 3.1.4 to 3.1.5 causes missing Swarm placement constraints banner for some Swarm services (ENGORC-2191). This can cause Swarm services to run unexpectedly on Kubernetes nodes. See https://www.docker.com/ddc-41 for more information.
* Upgrading from UCP `3.1.4` to `3.1.5` causes missing Swarm placement constraints banner for some Swarm services (ENGORC-2191). This can cause Swarm services to run unexpectedly on Kubernetes nodes. See https://www.docker.com/ddc-41 for more information.
- Workaround: Delete any `ucp-*-s390x` Swarm services. For example, `ucp-auth-api-s390x`.
* There are important changes to the upgrade process that, if not correctly followed, can impact the availability of applications running on the Swarm during uprades. These constraints impact any upgrades coming from any Docker Engine version before 18.09 to version 18.09 or greater. For more information about about upgrading Docker Enterprise to version 2.1, see [Upgrade Docker](../upgrade).
* To deploy Pods with containers using Restricted Parameters, the user must be an admin and a service account must explicitly have a **ClusterRoleBinding** with `cluster-admin` as the **ClusterRole**. Restricted Parameters on Containers include:
@ -189,8 +222,7 @@ upgrade your installation to the latest release.
### Authentication and Authorization
* SAML Single Logout is now supported in UCP.
* Identity Provider initiated SAML Single Sign-on is now supported in UCP. The admin can
enable this feature in Admin Settings -> SAML Settings.
* Identity Provider initiated SAML Single Sign-on is now supported in UCP. The admin can enable this feature in Admin Settings -> SAML Settings.
### Audit Logging
* UCP Audit logging is now controlled through the UCP Configuration file; it is also
@ -198,10 +230,9 @@ now configurable within the UCP web interface. (#15466)
### Bug Fixes
* Core
* Significantly reduced database load in environments with a lot of concurrent
and repeated API requests by the same user. (docker/escalation#911)
* Significantly reduced database load in environments with a lot of concurrent and repeated API requests by the same user. (docker/escalation#911)
* UCP backend will now complain when a service is created/updated if the
`com.docker.lb.network` label is not correctly specified. (docker/orca#15015)
`com.docker.lb.network` label is not correctly specified. (docker/orca#15015)
* LDAP group member attribute is now case insensitive. (docker/escalation#917)
* Interlock
* Interlock headers can now be hidden. (escalation#833)
@ -334,16 +365,41 @@ The following features are deprecated in UCP 3.1.
# Version 3.0
## 3.0.11
2019-05-02
### Bug Fixes
* Updated the UCP base image layers to fix a number of old libraries and components that had security vulnerabilities.
### Components
| Component | Version |
| ----------- | ----------- |
| UCP | 3.0.11 |
| Kubernetes | 1.8.15 |
| Calico | 3.0.8 |
| Interlock (nginx) | 1.13.12 |
## 3.0.10
2019-02-28
**Bug Fixes**
### Bug Fixes
* Bump the Golang version that is used to build UCP to version 1.10.8.
* Prevent UCP users from updating services with a port that conflicts with the UCP controller port. (escalation#855)
* Fixed an issue that causes UCP fail to upgrade with Interlock deployment. (docker/orca/#16009)
* Validate Calico certs expiration date and update accordingly. (escalation#981)
### Components
| Component | Version |
| ----------- | ----------- |
| UCP | 3.0.10 |
| Kubernetes | 1.8.15 |
| Calico | 3.0.8 |
| Interlock (nginx) | 1.13.12 |
## 3.0.9
2018-01-29
@ -481,8 +537,7 @@ The following features are deprecated in UCP 3.1.
### Bug fixes
* Security
* Fixed a critical security issue where the LDAP bind username and password
were stored in cleartext on UCP hosts. Please refer to [this KB article](https://success.docker.com/article/upgrading-to-ucp-2-2-12-ucp-3-0-4/) for proper implementation of this fix.
* Fixed a critical security issue where the LDAP bind username and password were stored in cleartext on UCP hosts. Please refer to [this KB article](https://success.docker.com/article/upgrading-to-ucp-2-2-12-ucp-3-0-4/) for proper implementation of this fix.
### Known Issue
@ -784,11 +839,35 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads.
# Version 2.2
## Version 2.2.18
2019-05-02
### Bug Fixes
* Updated the UCP base image layers to fix a number of old libraries and components that had security vulnerabilities.
### Known issues
* Docker currently has limitations related to overlay networking and services using VIP-based endpoints. These limitations apply to use of the HTTP Routing Mesh (HRM). HRM users should familiarize themselves with these limitations. In particular, HRM may encounter virtual IP exhaustion (as evidenced by `failed to allocate network IP for task` Docker log messages). If this happens, and if the HRM service is restarted or rescheduled for any reason, HRM may fail to resume operation automatically. See the Docker EE 17.06-ee5 release notes for details.
* The Swarm admin web interface for UCP versions 2.2.0 and later contain a bug. If used with Docker Engine version 17.06.2-ee5 or earlier, attempting to update "Task History Limit", "Heartbeat Period" and "Node Certificate Expiry" settings using the UI will cause the cluster to crash on next restart. Using UCP 2.2.X and Docker Engine 17.06-ee6 and later, updating these settings will fail (but not cause the cluster to crash). Users are encouraged to update to Docker Engine version 17.06.2-ee6 and later, and to use the Docker CLI (instead of the UCP UI) to update these settings. Rotating join tokens works with any combination of Docker Engine and UCP versions. Docker Engine versions 17.03 and earlier (which use UCP version 2.1 and earlier) are not affected by this problem.
* Upgrading heterogeneous swarms from CLI may fail because x86 images are used
instead of the correct image for the worker architecture.
* Agent container log is empty even though it's running correctly.
* Rapid UI settings updates may cause unintended settings changes for logging
settings and other admin settings.
* Attempting to load an (unsupported) `tar.gz` image results in a poor error
message.
* Searching for images in the UCP images UI doesn't work.
* Removing a stack may leave orphaned volumes.
* Storage metrics are not available for Windows.
* You can't create a bridge network from the web interface. As a workaround use
`<node-name>/<network-name>`.
## Version 2.2.17
2019-02-28
**Bug Fixes**
### Bug Fixes
* Bump the Golang version that is used to build UCP to version 1.10.8.
* Prevent UCP users from updating services with a port that conflicts with the UCP controller port. (escalation#855)

15
engine/release-notes.md
View File

@ -29,6 +29,21 @@ consistency and compatibility reasons.
> `sudo apt install docker-ce docker-ce-cli containerd.io`. See the install instructions
> for the corresponding linux distro for details.
## 18.09.6
2019-05-02
### Builder
* Fixed `COPY` and `ADD` with multiple `<src>` to not invalidate cache if `DOCKER_BUILDKIT=1`.[moby/moby#38964](https://github.com/moby/moby/issues/38964)
### Networking
* Cleaned up the cluster provider when the agent is closed. [docker/libnetwork#2354](https://github.com/docker/libnetwork/pull/2354)
* Windows: Now selects a random host port if the user does not specify a host port. [docker/libnetwork#2369](https://github.com/docker/libnetwork/pull/2369)
* `--service-cluster-ip-range` is now configurable for UCP install. [docker/orca#10263](https://github.com/docker/orca/issues/10263)
### Known Issues
* There are [important changes](/ee/upgrade) to the upgrade process that, if not correctly followed, can have an impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or later.
## 18.09.5
2019-04-11