docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

engine: 24.0.9 release notes 

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson 2024-02-01 13:23:00 +01:00
parent a5fe1766f5
commit a461a743d7
1 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
content/engine/release-notes/24.0.md
View File

@ -14,6 +14,54 @@ For more information about:
- Deprecated and removed features, see [Deprecated Engine Features](../deprecated.md).
- Changes to the Engine API, see [Engine API version history](../api/version-history.md).
## 24.0.9
{{< release-date date="2024-01-31" >}}
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- [docker/cli, 24.0.9 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.9)
- [moby/moby, 24.0.9 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.9)
## Security
This release contains security fixes for the following CVEs
affecting Docker Engine and its components.
| CVE | Component | Fix version | Severity |
| ----------------------------------------------------------- | ------------- | ----------- | ---------------- |
| [CVE-2024-21626](https://scout.docker.com/v/CVE-2024-21626) | runc | 1.1.12 | High, CVSS 8.6 |
| [CVE-2024-24557](https://scout.docker.com/v/CVE-2024-24557) | Docker Engine | 24.0.9 | Medium, CVSS 6.9 |
> **Important**
>
> Note that this release of Docker Engine doesn't include fixes for
> the following known vulnerabilities in BuildKit:
>
> - [CVE-2024-23651](https://scout.docker.com/v/CVE-2024-23651)
> - [CVE-2024-23652](https://scout.docker.com/v/CVE-2024-23652)
> - [CVE-2024-23653](https://scout.docker.com/v/CVE-2024-23653)
> - [CVE-2024-23650](https://scout.docker.com/v/CVE-2024-23650)
>
> To address these vulnerabilities,
> upgrade to [Docker Engine v25.0.2](./25.0.md#2502).
{ .important }
For more information about the security issues addressed in this release,
and the unaddressed vulnerabilities in BuildKit,
refer to the
[blog post](https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/).
For details about each vulnerability, see the relevant security advisory:
- [CVE-2024-21626](https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv)
- [CVE-2024-24557](https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc)
### Packaging updates
- Upgrade runc to [v1.1.12](https://github.com/opencontainers/runc/releases/tag/v1.1.12). [moby/moby#47269](https://github.com/moby/moby/pull/47269)
- Upgrade containerd to [v1.7.13](https://github.com/containerd/containerd/releases/tag/v1.7.13) (static binaries only). [moby/moby#47280](https://github.com/moby/moby/pull/47280)
## 24.0.8
{{< release-date date="2024-01-25" >}}