From b95443a2e5e0f7cedf08ade5377f5e8c56c4798e Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Fri, 20 Jan 2023 00:20:35 +0100
Subject: [PATCH] engine: add release notes for 20.10.23

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 engine/release-notes/index.md | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/engine/release-notes/index.md b/engine/release-notes/index.md
index d4cab786d7..62fb2045d5 100644
--- a/engine/release-notes/index.md
+++ b/engine/release-notes/index.md
@@ -15,6 +15,39 @@ for Docker Engine.
 
 # Version 20.10
 
+## 20.10.23
+{% include release-date.html date="2023-01-19" %}
+
+This release of Docker Engine contains updated versions of Docker Compose,
+Docker Buildx, Containerd, and some minor bug fixes and enhancements.
+
+### Updates
+
+- Update Docker Compose to [v2.15.1](https://github.com/docker/compose/releases/tag/v2.15.1){:target="_blank" rel="noopener"}.
+- Update Docker Buildx to [v0.10.0](https://github.com/docker/buildx/releases/tag/v0.10.0){:target="_blank" rel="noopener"}.
+- Update containerd (`containerd.io` package) to [v1.6.15](https://github.com/containerd/containerd/releases/tag/v1.6.15){:target="_blank" rel="noopener"}.
+- Update the package versioning format for `docker-compose-cli` to allow distro version updates [docker/docker-ce-packaging#822](https://github.com/docker/docker-ce-packaging/pull/822){:target="_blank" rel="noopener"}.
+- Update Go runtime to [1.18.10](https://go.dev/doc/devel/release#go1.18.minor){:target="_blank" rel="noopener"},
+
+### Bug fixes and enhancements
+
+- Fix an issue where `docker build` would fail when using `--add-host=host.docker.internal:host-gateway`
+  with BuildKit enabled [moby/moby#44650](https://github.com/moby/moby/pull/44650){:target="_blank" rel="noopener"}.
+- Revert seccomp: block socket calls to `AF_VSOCK` in default profile [moby/moby#44712](https://github.com/moby/moby/pull/44712){:target="_blank" rel="noopener"}.
+
+  This change, while favorable from a security standpoint, caused a change
+  in behavior for some use-cases. As such, we are reverting it to ensure
+  stability and compatibility for the affected users.
+
+  However, users of `AF_VSOCK` in containers should recognize that this
+  (special) address family is not currently namespaced in any version of
+  the Linux kernel, and may result in unexpected behavior, like containers
+  communicating directly with host hypervisors.
+
+  Future releases, will filter `AF_VSOCK`. Users who need to allow containers
+  to communicate over the unnamespaced `AF_VSOCK` will need to turn off seccomp
+  confinement or set a custom seccomp profile.
+
 ## 20.10.22
 {% include release-date.html date="2022-12-16" %}