23.0.0

For more information about:

• Deprecated and removed features, see Deprecated Engine Features.
• Changes to the Engine API, see Engine API version history.

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 23.0.0 milestone
• moby/moby, 23.0.0 milestone

New

• Set Buildx and BuildKit as the default builder on Linux. moby/moby#43992
  • Alias docker build to docker buildx build. docker/cli#3314
  • The legacy builder can still be used by explicitly setting DOCKER_BUILDKIT=0.
  • There are differences in how BuildKit and the legacy builder handle multi-stage builds. For more information, see Multi-stage builds.
• Add support for pulling zstd compressed layers. moby/moby#41759, moby/moby#42862
• Add support for alternate OCI runtimes on Linux, compatible with the containerd runtime v2 API. moby/moby#43887, moby/moby#43993
• Add support for the containerd runhcs shim on Windows (off by default). moby/moby#42089
• Add dockerd --validate to check the daemon JSON config and exit. moby/moby#42393
• Add the ability to configure the daemon's HTTP proxy via flags or JSON config. moby/moby#42835
• Add support for RFC 3021 point-to-point networks (IPv4 /31s) and single hosts (IPv4 /32s). For networks with two or fewer addresses, IPAM won't reserve a network and broadcast address. moby/moby#42626
• Add support for setting ipvlan_flag and using the l3s ipvlan_mode in the ipvlan network driver. moby/moby#42542
• Add support for displaying the value of the metacopy option for the overlay2 storage driver. moby/moby#43557
• Add support for describing Windows devices using the syntax IDType://ID. moby/moby#43368
• Add RootlessKit, slirp4netns, and VPNKit version reporting. moby/moby#42330
• Add experimental support for SwarmKit cluster volumes (CSI). moby/moby#41982
  • CLI: Add cluster volume (CSI) options to docker volume. docker/cli#3606
  • CLI: Add cluster volume (CSI) support to docker stack. docker/cli#3662
• Add support for SwarmKit jobs in docker stack deploy. docker/cli#2907
• Add the docker stack config command to output the merged and interpolated config files as utilized by stack deploy. docker/cli#3544
• Add a new docker context show command that prints the name of the current context. docker/cli#3567
• Add the --format=json shorthand variant of {% raw %}--format="{{ json . }}"{% endraw %} to all commands supporting the --format flag. docker/cli#2936
• Add a --quiet option to docker create and docker run commands to suppress output when pulling an image. docker/cli#3377
• Add a --force option to docker network rm subcommand. Causes CLI to return a 0 exit code even if the network doesn't exist. Has no effect on the server-side procedure for removing a network. docker/cli#3547
• Add a --signal option to docker stop and docker restart. docker/cli#3614
• Add a -v/--version flag to docker-proxy. moby/moby#44703
• Plugins are now discovered in well-known user-level paths when the daemon is running in rootless mode. moby/moby#44778
• The daemon now handles common alternate JSON encodings in the JSON configuration file gracefully, and reports useful errors. moby/moby#44777, moby/moby#44832
  • UTF-8 with a byte order mark is accepted.
  • UTF-16 with a byte order mark is accepted.
  • Invalid UTF-8 is reported early and with a comprehensible error message.
• Allow use of STOPSIGNAL via docker commit. moby/moby#43369
• Add a new option to the awslogs log driver to allow skipping log stream creation in CloudWatch. moby/moby#42132
• Add a new option to the awslogs log driver to specify the log format that's sent to CloudWatch. moby/moby#42838
• Add a new option to the fluentd log driver to set the reconnection interval. moby/moby#43100
• Add new options-setters to the Go API client: WithTLSClientConfigFromEnv(), WithHostFromEnv(), and WithVersionFromEnv(). moby/moby#42224
• Add generation of shell command completion through a docker completion subcommand. docker/cli#3429
• API: Add a Swarm header to GET /_ping and HEAD /_ping, allowing single-request detection of Swarm support. moby/moby#42064
• API: Add a signal parameter to POST /containers/{id}/stop and POST /containers/{id}/restart to set the signal used. moby/moby#43206
• API: Add a CreateMountPoint parameter to POST /containers/create. moby/moby#43484
• API: Add a shared-size parameter to GET /images/json to enable shared-size computation of images. moby/moby#42531
• API: Add a type parameter to GET /system/df, to control what object types to are considered when computing disk usage. moby/moby#42559
• systemd: Start docker.service after time-set.target. moby/moby#43107

Removed

• Remove support for reading configuration from ~/.dockercfg. docker/cli#2504
  • This location has been deprecated since 1.7.0.
  • Deprecation notice
• Remove the -g and --graph daemon options in favor of --data-root. docker/cli#3739
  • These options have been hidden and deprecated since 17.05.
  • Deprecation notice
• Remove client-side sorting of results, in favor of the order in which the search API returns. docker/cli#3470
• Remove warnings related to deprecated storage drivers from the CLI. Warnings are now handled by the daemon instead. docker/cli#3542
• Remove Experimental client field from docker version. docker/cli#3543
  • Deprecation notice
• Require explicit opt-in to use deprecated storage drivers, and don't automatically select them when upgrading. moby/moby#43378
• Remove deprecated support for overlay and overlay2 storage drivers on backing filesystems without d_type support. moby/moby#43472
  • Deprecation notice
• Remove the deprecated overrideKernelCheck option from the overlay2 storage driver. moby/moby#44279 Deprecation notice
• Remove support for the deprecated io.containerd.runtime.v1.linux OCI runtime. moby/moby#43695
• Remove LCOW (Linux Containers on Windows). moby/moby#42451, moby/moby#42499, moby/moby#42506, moby/moby#42511, moby/moby#42520, moby/moby#42683, moby/moby#42684, moby/moby#42685, moby/moby#43187
  • LCOW was introduced as a technical preview in 17.09 and deprecated in 20.10.
  • Deprecation notice
• Remove daemon options related to legacy overlay networks used with standalone Swarm.
  • Remove --cluster-xx options from dockerd. moby/moby#40383
  • Remove host-discovery and overlay networks with external k/v stores. moby/moby#42247
  • Deprecation notice
• Remove a deprecated arm platform fallback. --platform linux/arm/vY will now return a error when arm/vY isn't available instead of pulling the wrong image. moby/moby#44414
• Remove the deprecated SetCustomHTTPHeaders(), CustomHTTPHeaders() options-setters from the Go client API. moby/moby#42694
• Remove the deprecated WithDialer() option-setter from the Go client API. moby/moby#44022
  • Use WithDialContext() instead.
• Remove the daemon implementation of opts.QuotedString. The implementation has moved to the CLI. moby/moby#43250
• Remove separate daemon ID from trust-key in the daemon, and disable generating the trust-key. moby/moby#43555
• API: Remove the deprecated KernelMemory option from POST /containers/create on API version >= 1.42. moby/moby#43214
  • Deprecation notice

Deprecated

• Require Windows Server RS5 / LTSC 2019 (build 17763) as the minimum to run the daemon. moby/moby#43254
• Deprecate BuilderSize in API versions >= 1.42 moby/moby#42608
• Deprecate BuildCache.Parent in favor of the newly introduced BuildCache.Parents in API version >= 1.42. moby/moby#43908
• Deprecate pkg/urlutil, moving the implementation to builder/remotecontext/urlutil. moby/moby#43477

Upgrades

• Upgrade Go to 1.19.5. docker/cli#3958, moby/moby#44794
• Upgrade rootlesskit to v0.14.4. moby/moby#42708
• Upgrade buildkit to v0.10.6. moby/moby#43239
• Upgrade buildx to v0.10.2. docker/docker-ce-packaging#840
• Upgrade swarmkit to v2.0.0-20230119195359-904c221ac281. moby/moby#44858
• Upgrade containerd to v1.6.16. moby/moby#44766, moby/moby#44769, moby/moby#44881
• Upgrade runc to v1.1.4. moby/moby#44039
• Upgrade hcsshim v0.9.6. moby/moby#44658
• The btrfs storage driver now depends on Linux kernel headers (>= 4.12) instead of headers from btrfs-progs. moby/moby#44776

Security

• Change permissions on container hostconfig.json files to 0600 (was 0644). moby/moby#41620
• Fix --seccomp-profile not accepting unconfined and renamed the default seccomp profile to builtin. moby/moby#42481
• Always build with seccomp support, and remove the seccomp build tag. moby/moby#42501
• Add seccomp support on riscv64. moby/moby#43553
• Add support for setting flags passed to seccomp(2) in seccomp profiles. moby/moby#42648
• Refactor seccomp types to reuse runtime-spec, and add support for ErrnoRet. moby/moby#42005
• Add support for DefaultErrnoRet in seccomp profiles. moby/moby#42604
• Add an explicit DefaultErrnoRet field to the default seccomp profile, with no behavior change. moby/moby#42649
• Block socket with AF_VSOCK in the default seccomp profile. moby/moby#44563
• Re-enable process_vm_readv and process_vm_writev in the default seccomp profile. moby/moby#42083
• Add syscalls related to PKU to the default seccomp profile. moby/moby#43812
• Allow clock_settime64 with CAP_SYS_TIME. moby/moby#43775
• Allow bpf with CAP_BPF and perf_event_open with CAP_PERFMON. moby/moby#43988
• Explicitly set the clone3 syscall to return ENOSYS in the default seccomp profile, in order to ensure glibc will correctly fallback to using clone. moby/moby#42681

Bug fixes and enhancements

• Promote overlay2 to be the default storage driver (btrfs and zfs are now opt-in). moby/moby#42661
• Add a loading spinner to the docker cp command. docker/cli#2708
• Deprecate the ElectAuthServer function, and made it return the default registry without calling the GET /info API endpoint. docker/cli#2819
• Progress bars are no longer reversed when rolling back Swarm services docker/cli#2940
• Use net.JoinHostPort() to fix formatting with IPv6 addresses docker/cli#2972
• CLI error messages are now printed to stderr. docker/cli#3044
• Improve performance of docker info if a custom --format is used that only uses local information. With this change, the CLI only uses the daemon API if it detects that information from the daemon is needed. docker/cli#3179
• Remove the default value from the --stop-signal flag, as it may not reflect the actual default used by the daemon. docker/cli#3245
• Add Compose schema 3.10 to docker stack; allow omitting the version field (resulting in latest). docker/cli#3257
• Compose version 3 is now equivalent to 3.x (latest) in docker stack. docker/cli#3445
• Fix <Ctrl-c> hanging on Windows to exit after running a container in non-interactive mode. docker/cli#3302
• Add relative source paths to the run command in the -v/--volume and -m/--mount flags. docker/cli#3469
• docker exec -t now sets the console size for the executed process immediately when it's created. docker/cli#3627
• Update the pretty-print format of docker info to provide more details on installed plugins. docker/cli#3645
• Print warning messages for the docker context list and docker context use commands when the context is overridden by the environment. docker/cli#3668
• Add a custom aliases annotation that can be used to print all available aliases for a command. docker/cli#3694
• The CLI no longer creates or updates the CLI configuration file when running docker context use and selecting the current context. docker/cli#3721
• Non-existing contexts are now ignored when running docker context rm --force. docker/cli#3791
• Add the ability to override integers to 0 in Compose files docker/cli#3812
• SIGINT (<Ctrl-c>) now passes through to running containers instead of causing the CLI to exit. docker/cli#3849
• Improve docker port CONTAINER UX by sorting ports before printing. docker/cli#3892
• API: GET /containers/{id}/logs and POST /containers/{id}/attach now report which raw-stream format is in use using the Content-type response header on API version >= 1.42. moby/moby#39812
• Set default sandbox size for Windows layers to 127GB, and ensure that the --storage-opts flag applies to all storage on Windows. moby/moby#41636
• Remove the plugin section from the containerd configuration file (/var/run/docker/containerd/containerd.toml). moby/moby#41675
• Reject null manifests during tar import. moby/moby#41842
• Add shim config for custom runtimes for plugins. moby/moby#41854
• Container health checks now resume when the daemon is restarted. moby/moby#41935
• Quota is no longer disabled on cleanup of the btrfs driver. moby/moby#42273
• Host devices that are accessible can now be mounted in --privileged rootless containers. moby/moby#42638
• Fix incorrect handling of **/foo recursive wildcard directory patterns in .dockerignore. moby/moby#42676
• Extend docker import --platform to allow marking an imported image as a foreign architecture. moby/moby#43103
• Validation of CPU real-time options is now performed when the daemon starts instead of performing validations for each individual container, allowing startup to fail early. moby/moby#43131
• Freeze the namesgenerator package against new additions. Users will have to be satisfied with the existing 25359 adjective-name combinations. moby/moby#43210
• API: containers/{id}/attach/ws only to streams according by stdin, stdout and stderr parameters on API version >= 1.42. moby/moby#43322
• Fix UDP traffic in containers not working after the container is restarted under sustained traffic. moby/moby#43409
• Add support for pulling images with custom amd64 micro-architecture feature levels as supported by the latest versions of Go, GCC, LLVM, and other compiler tools. moby/moby#43434
• Improve validation of invalid JSON requests in the API. moby/moby#43463
• Mitigate the impact of slow exec starts on health checks. Check timeout now only applies to the duration that the health check command is running. The time it takes to start the command no longer counts against the timeout. moby/moby#43480
• Console tty size is set immediately on creation. moby/moby#43593, moby/moby#43622
• Fix overlay2 mounts not being cleaned up after failed container starts, or daemon shutdown. moby/moby#43659
• Match manifest list resolution with containerd. moby/moby#43675
• Skip use of firewalld for networking when the daemon is running in rootless mode. moby/moby#43813
• Custom NAT networks are now re-created after daemon restart if missing on Windows. moby/moby#43858
• Fix terminating the container health-check process when it times out. moby/moby#43994
• Fix live-restore with restart policies and volume refs. moby/moby#44237
• API: Only anonymous volumes now pruned by default on API version >= v1.42. Pass the filter all=true to prune named volumes in addition to anonymous. moby/moby#44259
• API: Support concurrent calls on the GET /system/df endpoint. moby/moby#42715
• Improve the reliability of the daemon dumping the stack and exits with code 2 when sent a SIGQUIT. moby/moby#44831
• Fix a rare deadlock in the daemon caused by buffering of container logs. moby/moby#44856
• Improve error handling in misc filesystem operations so that the daemon can start on a overlayfs backing filesystem. moby/moby#44834
• Fix an issue where --ipc=host wasn't handled correctly when the daemon is running in rootless mode. moby/moby#44863
• Fix a long-standing set of issues where stale conntrack entries caused incorrect routing of UDP traffic for containers. moby/moby#44752
• Fix half-registered containers being listed in the API, as well as a nil pointer de-reference and panic caused by using a partially registered container in API calls. moby/moby#44633
• Fix a failure to create the DOCKER-USER ip6tables chain. moby/moby#44845
• Fix a failure to clean up iptables rules when the ip6tables command isn't available. moby/moby#44727
• Fix an issue where some iptables NAT rules weren't cleaned up after enabling the userland proxy. moby/moby#44811
• Fix a potentially leaked process in rare situations where cleaning up a failed attempt to start a container was mishandled. moby/moby#44400
• Fix the CreatedAt time of a volume reflecting initialization and not creation. moby/moby#44725
• Fix an issue where the CLI incorrectly reported an incompatible server instead of an unreachable server in some commands. docker/cli#3901, docker/cli#3904
• Fix broken completion of volumes in Zsh. docker/cli#2998
• Improve output of docker context when an invalid context is present. docker/cli#3847
• Remove ANSI decoration of CLI help annotations when the output isn't a TTY, and added a newline for readability. docker/cli#3973
• Add docker container remove as an alias for docker container rm. docker/cli#3986