v20.10.8
版本发布时间: 2021-08-04 08:23:18
moby/moby最新发布版本:v27.2.0(2024-08-28 04:19:04)
20.10.8
IMPORTANT
Due to net/http changes in Go 1.16, HTTP proxies configured through the
$HTTP_PROXY
environment variable are no longer used for TLS (https://
) connections. Make sure you also set an$HTTPS_PROXY
environment variable for handling requests tohttps://
URLs. Refer to the HTTP/HTTPS proxy section in the documentation to learn how to configure the Docker Daemon to use a proxy server.
Deprecation
- Deprecate support for encrypted TLS private keys. Legacy PEM encryption as specified in RFC 1423 is insecure by design. Because it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. Support for encrypted TLS private keys is now marked as deprecated, and will be removed in an upcoming release. docker/cli#3219
- Deprecate Kubernetes stack support. Following the deprecation of Compose on Kubernetes,
support for Kubernetes in the
stack
andcontext
commands in the Docker CLI is now marked as deprecated, and will be removed in an upcoming release docker/cli#3174.
Client
- Fix
Invalid standard handle identifier
errors on Windows docker/cli#3132.
Rootless
- Avoid
can't open lock file /run/xtables.lock: Permission denied
error on SELinux hosts moby/moby#42462. - Disable overlay2 when running with SELinux to prevent permission denied errors moby/moby#42462.
- Fix
x509: certificate signed by unknown authority
error on openSUSE Tumbleweed moby/moby#42462.
Runtime
- Print a warning when using the
--platform
option to pull a single-arch image that does not match the specified architecture moby/moby#42633. - Fix incorrect
Your kernel does not support swap memory limit
warning when running with cgroups v2 moby/moby#42479. - Windows: Fix a situation where containers were not stopped if
HcsShutdownComputeSystem
returned anERROR_PROC_NOT_FOUND
error moby/moby#42613
Swarm
- Fix a possibility where overlapping IP addresses could exist as a result of the node failing to clean up its old loadbalancer IPs moby/moby#42538
- Fix a deadlock in log broker ("dispatcher is stopped") moby/moby#42537
Packaging
Known issue
The
ctr
binary shipping with the static packages of this release is not statically linked, and will not run in Docker images using alpine as a base image. Users can install thelibc6-compat
package, or download a previous version of thectr
binary as a workaround. Refer to the containerd ticket related to this issue for more details: containerd/containerd#5824.
- Remove packaging for Ubuntu 16.04 "Xenial" and Fedora 32, as they reached EOL docker/docker-ce-packaging#560
- Update Golang runtime to Go 1.16.6
- Update the bundled buildx version to v0.6.1 for rpm and deb packages docker/docker-ce-packaging#562
- Update static binaries and containerd.io rpm and deb packages to containerd v1.4.9 and runc v1.0.1: docker/containerd-packaging#241, docker/containerd-packaging#245, docker/containerd-packaging#247.