29.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 29.0.2 milestone
• moby/moby, 29.0.2 milestone

Networking

• Fix an issue that could lead to an "endpoint not found" error when creating a container with multiple network connections, when one of the networks is non-internal but does not have its own external IP connectivity. moby/moby#51538
• Fix an issue that prevented rootless Docker from starting on a host with IPv6 disabled. moby/moby#51543

29.1.0-rc.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 29.1.0 milestone
• moby/moby, 29.1.0 milestone

Packaging updates

• Update BuildKit to v0.26.1. moby/moby#51551
• Update containerd binary to v2.2.0 (static binaries and CI only). moby/moby#51271

29.0.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 29.0.1 milestone
• moby/moby, 29.0.1 milestone

Bug fixes and enhancements

• docker image ls no longer truncates the name width when output is redirect (e.g. for grep). docker/cli#6656
• docker image ls now considers the NO_COLOR environment variable for choosing the colored output. docker/cli#6654
• containerd image store: Fix a bug causing docker build to ignore the explicitly set unpack image exporter option. moby/moby#51514
• Fix a bug causing docker image ls --all to not show untagged/dangling images. docker/cli#6657
• Fix build on i386. moby/moby#51528
• Fix explicit graphdriver configuration ("storage-driver") being treated as containerd snapshotter when prior graphdriver state exists. moby/moby#51516
• Fix output format of the ApiVersion and MinApiVersion fields in docker version --format=json to align with previous versions. docker/cli#6648

29.0.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 29.0.0 milestone
• moby/moby, 29.0.0 milestone

• Experimental support for nftables can now be enabled by setting Docker daemon's firewall-backend option to nftables. For more information, see Docker Engine docs.
• containerd image store is now the default for fresh installs. This doesn't apply to daemons configured with userns-remap (see moby#47377).

Breaking Changes

• The Go module github.com/docker/docker is deprecated in favor of github.com/moby/moby/client and github.com/moby/moby/api. The github.com/moby/moby module is considered an internal implementation detail - the only supported public modules are client and api.
  Starting with v29, releases are tagged with the docker- prefix (e.g., docker-v29.0.0). This only affects Go module users and package maintainers.
• Debian armhf (32-bit) packages now target ARMv7 CPUs and will not work on ARMv6 devices.
• Official Raspbian (32-bit) packages are no longer provided. Use Debian arm64 packages for 64-bit devices, or Debian armhf packages for 32-bit ARMv7 devices.
• cgroup v1 is deprecated. Support continues until at least May 2029, but migrate to cgroup v2 as soon as possible. See moby#51111.
• Docker Content Trust was removed from the Docker CLI. Can be built as a separate plugin: https://github.com/docker/cli/blob/v29.0.0/cmd/docker-trust/main.go
• The daemon now requires API version v1.44 or later (Docker v25.0+).

New

• docker image load and docker image save now supports multiple platform selection via --platform flag (e.g., docker image load --platform linux/amd64,linux/arm64 -i image.tar). docker/cli#6126
• docker image ls now uses the new view (like --tree but collapsed) by default. docker/cli#6566
• docker run --runtime <...> is now supported on Windows. moby/moby#50546
• GET /containers/json now includes a Health field describing container healthcheck status. moby/moby#50281
• Add device entitlement to builder configuration. moby/moby#50386
• Add support for memory-swap and memory-swappiness flags to docker service create and docker service update commands. docker/cli#6619
• Allow Docker CLI to set the GODEBUG environment variable when the key-value pair ("GODEBUG":"...") exists inside the Docker context metadata. docker/cli#6371

Bug fixes and enhancements

• docker image ls --tree now sorts images alphabetically by name instead of by creation date. docker/cli#6595
• docker image ls no longer shows untagged images by default if no --all flag is provided. docker/cli#6574
• docker save: Fixed inconsistent tar member timestamps when exporting images with the overlay2 storage driver. moby/moby#51365
• Add a new log option for fluentd log driver (fluentd-read-timeout), which enables specifying read timeouts for reading acks from fluentd connections. moby/moby#50249
• Add image name completion for docker images. docker/cli#6452
• Add shell completion for docker inspect if a --type is set. docker/cli#6444
• Add shell completion for docker plugin subcommands. docker/cli#6445
• api/types/container: make ContainerState, HealthStatus concrete types. moby/moby#51439
• containerd image store is temporarily not available when userns remapping is enabled as a workaround for moby#47377. moby/moby#51042
• contrib: remove contrib/httpserver, which was only used for integration tests. moby/moby#50654
• daemon: improve validation of the --dns option and corresponding "dns" field in daemon.json. moby/moby#50600
• dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt). moby/moby#51149
• Fix --mount type=image failure when mounting the same image multiple times to a different destinations. moby/moby#50268
• Fix docker stats <container> not exiting gracefully. docker/cli#6582
• Fix a bug preventing the API server from shutting down quickly when there's an open connection to the /events endpoint. moby/moby#51448
• Fix a bug where collecting container stats in "one-shot" mode would not include the container's ID and Name. moby/moby#51302
• Fix an issue where all new tasks in the Swarm could get stuck in the PENDING state forever after scaling up a service with placement preferences. moby/moby#50202
• Fix issue where custom meta-headers were not passed through when using the containerd image store. moby/moby#51024
• Fix requests not being logged when running the daemon with --log-level=trace. moby/moby#50986
• Fix Swarm services becoming unreachable from published ports after a firewalld reload. moby/moby#50443
• Improve errors when failing to connect to the API to provide more context to the user. moby/moby#50285
• Improve shell completion for docker secret and docker config subcommands. docker/cli#6446
• Prefer explicit device driver name over GPU capabilities when selecting the device driver with docker run --gpus. moby/moby#50717
• Update runc to v1.3.3. moby/moby#51393
• Update SwarmKit internal TLS configuration to exclude known insecure cipher suites. moby/moby#51139
• Windows: Fix BuildKit creating containers which isolation mode is inconsistent with the daemon's config. moby/moby#50942

Packaging updates

• client: remove legacy CBC cipher suites from client config. moby/moby#50126
• contrib: remove editorconfig as it was unmaintained. moby/moby#50607
• contrib: remove Dockerfile syntax highlighting files for nano and TextMate (tmbundle) as they were unmaintained and outdated. moby/moby#50606
• contrib: remove mkimage-xxx scripts as they were unmaintained and not tested. moby/moby#50297
• If Docker is downgraded to a version that does not have this support the network will become unusable, it must be deleted and re-created. moby/moby#50114
• The Windows overlay network driver now supports option --dns. moby/moby#51229
• Update BuildKit to v0.25.2. moby/moby#51397
• Update Go runtime to 1.25.4. moby/moby#51418, docker/cli#6632
• Users can request a specific prefix size for networks allocated from the default pools by using the unspecified address, for example --subnet 0.0.0.0/24 --subnet ::/96. moby/moby#50114

Networking

• Add daemon option --bridge-accept-fwmark. Packets with this firewall mark will accepted by bridge networks, overriding Docker's iptables or nftables "drop" rules. moby/moby#50476
• api/types/system: deprecated top level DiskUsage fields for type specific fields. moby/moby#51235
• Ensure bridge devices are removed when bridge network creation fails. moby/moby#51147
• Ensure that Windows NAT networks are recreated with their original labels when the Engine restarts. moby/moby#50447
• Environment variables set on a container using legacy links are deprecated and aren't added automatically anymore. moby/moby#50719
  • The daemon can be started with DOCKER_KEEP_DEPRECATED_LEGACY_LINKS_ENV_VARS=1 to get th...

The first release candidate of a Go module github.com/moby/moby/client dedicated for the Moby API client making the old github.com/docker/docker/client package obsolete.

Changelog

• api/pkg/progress and api/pkg/streamformatter have been removed. moby/moby#51153
• api/types/versions has moved to the client and daemon. moby/moby#51284
• client.ConfigCreate, client.ConfigList, client.ConfigInspectWithRaw, client.ConfigUpdate, and client.ConfigRemove methods now accept option structs instead of positional arguments, and return dedicated result structs. moby/moby#51078
• client.ImageBuild, client.BuildCancel, client.ImageList, client.ImageRemove, client.ImageTag, and client.ImageSearch methods now accept option structs instead of positional arguments, and return dedicated result structs. moby/moby#51227
• client/pkg/jsonmessage: remove deprecated ProgressMessage, ErrorMessage, DisplayJSONMessagesToStream and Stream interface. moby/moby#49264
• client: ContainerExec... methods were renamed to Exec.... moby/moby#51262
• client: Wrap return values of ImageInspect, ImageHistory, ImageLoad and ImageSave in a struct. moby/moby#51236
• events API now reports content-type as application/x-ndjson for newline-delimited JSON event stream. moby/moby#50953
• ImagePull now returns an object with JSONMessages method returning iterator over the message objects. moby/moby#50935
• ImagePush now returns an object with JSONMessages method returning iterator over the message objects. moby/moby#51148
• api/types/build: move CachePruneOptions type to client.BuildCachePruneOptions. moby/moby#50772
• api/types/build: move build options to client and backend. moby/moby#50907
• api/types/checkpoint: move checkpoint options to client module. moby/moby#50905
• api/types/container: merge InspectResponse and ContainerJSONBase. moby/moby#50809
• api/types/container: move ResizeOptions type to ContainerResizeOptions in the client. moby/moby#50773
• api/types/container: move StatsResponseReader to client package. moby/moby#50521
• api/types/container: move container options to client. moby/moby#50897
• api/types/container: move ExecInspect type to client. moby/moby#50991
• api/types/container: remove deprecated Config.MacAddress. moby/moby#51194
• api/types/container: StatsResponse: add OSType field. moby/moby#51305
• api/types/events: move ListOptions type to the client EventsListOptions. moby/moby#50774
• api/types/filters: remove deprecated ToParamWithVersion. moby/moby#50561
• api/types/image: move image options out to the client. moby/moby#50776
• api/types/image: move LoadResponse to client. moby/moby#50909
• api/types/network: CreateRequest: remove deprecated CheckDuplicate field. moby/moby#50998
• api/types/network: define ConnectRequest and DisconnectRequest. moby/moby#51324
• api/types/network: move CreateOptions, ConnectOptions and DisconnectOptions to the client module. moby/moby#50817
• api/types/network: move the ListOptions and InspectOptions types to the client. moby/moby#50786
• api/types/plugin: change ListResponse to a non-pointer slice. moby/moby#51440
• api/types/registry: move SearchOptions to ImageSearchOptions in the client. moby/moby#50787
• api/types/registry: rename AuthenticateOKBody to AuthResponse. moby/moby#51334
• api/types/strslice: deprecate StrSlice in favor of using a regular []string. moby/moby#50292
• api/types/swarm: create types for enum-consts. moby/moby#51399
• api/types/swarm: move option types to the client module. moby/moby#50794
• api/types/swarm: move the SecretListOptions type to the client module. moby/moby#50816
• api/types/system: deprecated top level DiskUsage fields for type specific fields. moby/moby#51235
• api/types/system: move DiskUsageOptions to the client. moby/moby#50788
• api/types/system: move SecurityOpt and DecodeSecurityOptions to client module. moby/moby#50825
• api/types/volume: change ListResponse.Volumes to a non-pointer slice. moby/moby#51454
• api/types/volume: move CreateOptions to client.VolumeCreateOptions. moby/moby#51211
• api/types/volume: move the ListOptions type to the client module. moby/moby#50789
• api/types/volume: moved UpdateOptions into client module. moby/moby#51205
• api/types: move client.go contents into moby/moby/client. moby/moby#50510
• api/types: move disk usage structs to per type packages. moby/moby#51406
• api/types: move ErrorResponse to common/ErrorResponse. moby/moby#50632
• api/types: move Ping and swarm.Status to client. moby/moby#51258
• api/types: move plugin types to api/types/plugin. moby/moby#48114
• api/types: move Version to api/types/system. moby/moby#51359
• api/types: use regular slices for disk usage types. moby/moby#51412
• api: move "DiskUsage" related types to the right location. moby/moby#50518
• api: remove / internalize LegacyDiskUsage. moby/moby#51437
• api: remove unused DefaultVersion, MinSupportedAPIVersion consts. moby/moby#50587
• Bump api version in client and main module to v1.52.0-alpha.1. moby/moby#50641
• chore: enable use-any rule from revive. moby/moby#50672
• client, integration-cli: adjust for go1.25, TLS1.3 handshake. moby/moby#51055
• client, api: update go.mod to go1.24. moby/moby#51460
• client/build_*: Add options struct, wrap result. moby/moby#51076
• client/checkpoint_list: Wrap result in a struct. moby/moby#51050
• client/container_copy: Wrap options and result struct. moby/moby#51328
• client/container_exec: Separate structs for Start and Attach. moby/moby#51289
• client/container_update: Wrap options and result. moby/moby#51326
• client/distribution_inspect: Wrap options and result. moby/moby#51264
• client/node: Wrap options and output. moby/moby#51260
• client/pkg/jsonmessage: refactor in terms of api/types/jsonstream. moby/moby#51156
• client/pkg/jsonmessage: remove unused fields. moby/moby#50759
• client/pkg/security: simplify. moby/moby#51381
• client/secrets: Wrap results and options. moby/moby#51251
• client/volume: refactor volume options and responses. moby/moby#51210
• client: ContainerCommitOptions: remove Pause field in favor of NoPause. moby/moby#51019
• client: add DefaultAPIVersion const, which defines the default (and maximum) API version supported by the client. moby/moby#50433
• client: add ExecAPIClient interface for exec methods provided by the client. moby/moby#50997
• client: add option and output structs for various container methods. moby/moby#51308
• client: assorted fixes and refactor. moby/moby#51285
• client: change Raw fields to be json.RawMessage. moby/moby#51288
• client: check for Digested reference instead of Canonical. [moby...

The first release of a Go module github.com/moby/moby/api dedicated for the Moby API making the old github.com/docker/docker/api package obsolete.

This release continues the 1.x line of API compatibility with the 52nd minor release of the 1.x API.

Changelog

• api/pkg/progress and api/pkg/streamformatter have been removed. moby/moby#51153
• api/types/registry: EncodeAuthConfig: use empty string for zero value. moby/moby#50426
• api/types/versions has moved to the client and daemon. moby/moby#51284
• client/pkg/jsonmessage: remove deprecated ProgressMessage, ErrorMessage, DisplayJSONMessagesToStream and Stream interface. moby/moby#49264
• events API now reports content-type as application/x-ndjson for newline-delimited JSON event stream. moby/moby#50953
• GET /containers/json now includes a Health field describing container healthcheck status. moby/moby#50281
• GET /events no longer includes the deprecated status, id, and from fields. These fields were removed in API v1.22, but still included in the response. These fields are now omitted when using API v1.52 or higher. moby/moby#50832
• GET /images/{name}/get and POST /images/load now accept multiple platform query parameters, allowing export and load of images for multiple platforms. moby/moby#50166
• GET /images/{name}/json now omits the following fields if their value is empty: Parent, Comment, DockerVersion, Author. moby/moby#51072
• GET /images/{name}/json: omit empty Config fields when not set. moby/moby#50915
• POST /images/{name:}/push: remove compatibility with API v1.4 auth-config in body. moby/moby#50371
• Add progress aux emitter to build backend. moby/moby#50278
• Add support for memory swappiness in Swarm services. moby/moby#51114
  • GET /services now returns SwapBytes and MemorySwappiness fields as part of the Resource requirements
  • GET /services/{id} now returns SwapBytes and MemorySwappiness fields as part of the Resource requirements
  • POST /services/create now accepts SwapBytes and MemorySwappiness fields as part of the Resource requirements
  • POST /services/{id}/update now accepts SwapBytes and MemorySwappiness fields as part of the Resource requirements
  • GET /tasks now returns SwapBytes and MemorySwappiness fields as part of the Resource requirements
  • GET /tasks/{id} now returns SwapBytes and MemorySwappiness fields as part of the Resource requirements
• api/docs: add v1.52 swagger. moby/moby#50626
• api/docs: fix events example response. moby/moby#50949
• api/docs: remove links to docs.docker.com from changelog. moby/moby#51457
• api/docs: sync swagger and update changelog. moby/moby#50980
• api/docs: sync v1.52 docs with latest. moby/moby#50911
• api/docs: sync v1.52 swagger with current version. moby/moby#50643
• api/docs: update v1.52 docs with current swagger. moby/moby#50899
• api/pkg/stdcopy: move stdWriter to daemon/internal. moby/moby#51157
• api/templates: align with go-swagger v1.32.3. moby/moby#51168
• api/types/build: move CachePruneOptions type to client.BuildCachePruneOptions. moby/moby#50772
• api/types/build: move build options to client and backend. moby/moby#50907
• api/types/build: remove deprecated BuildCache.Parent field. moby/moby#51185
• api/types/checkpoint: move checkpoint options to client module. moby/moby#50905
• api/types/container: OnBuild will now be omitted if its value is empty or zero. moby/moby#51154
• api/types/container: add aliases for go-connections/nat types. moby/moby#50573
• api/types/container: add missing type for exec-inspect response. moby/moby#50482
• api/types/container: make ContainerState, HealthStatus concrete types. moby/moby#51439
• api/types/container: make the container config MacAddress obsolete for v1.52 and onwards. Use network endpoint settings instead. moby/moby#51189
• api/types/container: merge InspectResponse and ContainerJSONBase. moby/moby#50809
• api/types/container: move ResizeOptions type to ContainerResizeOptions in the client. moby/moby#50773
• api/types/container: move StatsResponseReader to client package. moby/moby#50521
• api/types/container: move container options to client. moby/moby#50897
• api/types/container: move ExecInspect type to client. moby/moby#50991
• api/types/container: move StateStatus, NewStateStatus internal again. moby/moby#50495
• api/types/container: remove deprecated ContainerTopOKBody alias. moby/moby#50400
• api/types/container: remove deprecated ContainerUpdateOKBody alias. moby/moby#50400
• api/types/container: remove deprecated Stats type. moby/moby#50492
• api/types/container: remove deprecated Config.MacAddress. moby/moby#51194
• api/types/container: remove deprecated ExecOptions.Detach. moby/moby#50959
• api/types/container: rename Port to PortSummary. moby/moby#50711
• api/types/container: StatsResponse: add OSType field. moby/moby#51305
• api/types/container: StatsResponse: cleanup fields and GoDoc. moby/moby#51299
• api/types/events: move ListOptions type to the client EventsListOptions. moby/moby#50774
• api/types/filters: remove deprecated ToParamWithVersion. moby/moby#50561
• api/types/image: InspectResponse: remove deprecated VirtualSize, Container, ContainerConfig, Parent, and DockerVersion fields. moby/moby#51103
• api/types/image: move image options out to the client. moby/moby#50776
• api/types/image: move LoadResponse to client. moby/moby#50909
• api/types/image: remove deprecated Summary.VirtualSize field. moby/moby#51190
• api/types/network: CreateRequest: remove deprecated CheckDuplicate field. moby/moby#50998
• api/types/network: define ConnectRequest and DisconnectRequest. moby/moby#51324
• api/types/network: EndpointSettings: make MacAddress "operational data". moby/moby#51203
• api/types/network: modernize EndpointIPAMConfig.Copy, EndpointSettings.Copy. moby/moby#50690
• api/types/network: move CreateOptions, ConnectOptions and DisconnectOptions to the client module. moby/moby#50817
• api/types/network: move the ListOptions and InspectOptions types to the client. moby/moby#50786
• api/types/plugin: change ListResponse to a non-pointer slice. moby/moby#51440
• api/types/plugin: deprecate Config.DockerVersion field. moby/moby#51109
• api/types/plugin: remove deprecated Config.DockerVersion. moby/moby#51458
• api/types/registry: add some tests for encoding/decoding authconfig. moby/moby#50392
• api/types/registry: DecodeAuthConfig: add early returns and improve errors. moby/moby#50425
• api/types/registry: move SearchOptions to ImageSearchOptions in the client. moby/moby#50787
• api/types/registry: moved ServiceConfig legacy field marshaling support into daemon backend. moby/moby#50826
• api/types/registry: moved encode/decode auth config functions into reference utility package. moby/moby#50785
• api/types/registry: remove deprecated ServiceConfig.AllowNondistributableArtifactsCIDRs and ServiceConfig.AllowNondistributableArtifactsHostnames fields. moby/moby#50375...

29.0.0-rc.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 29.0.0 milestone
• moby/moby, 29.0.0 milestone

• Experimental support for nftables can now be enabled by setting Docker daemon's firewall-backend option to nftables. For more information, see Docker Engine docs.
• containerd image store is now the default for fresh installs. This doesn't apply to daemons configured with userns-remap (see moby#47377).

Breaking Changes

• The Go module github.com/docker/docker is deprecated in favor of github.com/moby/moby/client and github.com/moby/moby/api. The github.com/moby/moby module is considered an internal implementation detail - the only supported public modules are client and api.
  Starting with v29, releases are tagged with the docker- prefix (e.g., docker-v29.0.0). This only affects Go module users and package maintainers.
• The daemon now requires API version v1.44 or later (Docker v25.0+).
• Debian armhf (32-bit) packages now target ARMv7 CPUs and will not work on ARMv6 devices.
• Official Raspbian (32-bit) packages are no longer provided. Use Debian arm64 packages for 64-bit devices, or Debian armhf packages for 32-bit ARMv7 devices.
• cgroup v1 is deprecated. Support continues until at least May 2029, but migrate to cgroup v2 as soon as possible. See moby#51111.
• Docker Content Trust removed from the Docker CLI. Can be built as a separate plugin: https://github.com/docker/cli/blob/v29.0.0/cmd/docker-trust/main.go

New

• docker image load and docker image save now supports multiple platform selection via --platform flag (e.g., docker image load --platform linux/amd64,linux/arm64 -i image.tar). docker/cli#6126
• docker image ls now uses the new view (like --tree but collapsed) by default. docker/cli#6566
• docker run --runtime <...> is now supported on Windows. moby/moby#50546
• GET /containers/json now includes a Health field describing container healthcheck status. moby/moby#50281
• Add device entitlement to builder configuration. moby/moby#50386
• Add support for memory-swap and memory-swappiness flags to docker service create and docker service update commands. docker/cli#6619
• Add support for memswap_limit and mem_swappiness to docker stack compose files. docker/cli#6619
• Allow Docker CLI to set the GODEBUG environment variable when the key-value pair ("GODEBUG":"...") exists inside the docker context metadata. docker/cli#6371

Bug fixes and enhancements

• docker image ls --tree now sorts images alphabetically by name instead of by creation date. docker/cli#6595
• docker image ls no longer shows untagged images by default if no --all flag is provided. docker/cli#6574
• docker save: Fixed inconsistent tar member timestamps when exporting images with the overlay2 storage driver. moby/moby#51365
• Add a new log option for fluentd log driver (fluentd-read-timeout), which enables specifying read timeouts for reading acks from fluentd connections. moby/moby#50249
• Add image name completion for docker images. docker/cli#6452
• Add shell completion for docker inspect if a --type is set. docker/cli#6444
• Add shell completion for docker plugin subcommands. docker/cli#6445
• containerd image store is temporarily not available when userns remapping is enabled as a workaround for moby#47377. moby/moby#51042
• contrib: remove contrib/httpserver, which was only used for integration tests. moby/moby#50654
• daemon: improve validation of the --dns option and corresponding "dns" field in daemon.json. moby/moby#50600
• dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt). moby/moby#51149
• Fix --mount type=image failure when mounting the same image multiple times to a different destinations. moby/moby#50268
• Fix docker stats <container> not exiting gracefully. docker/cli#6582
• Fix a bug where collecting container stats in "one-shot" mode would not include the container's ID and Name. moby/moby#51302
• Fix an issue where all new tasks in the Swarm could get stuck in the PENDING state forever after scaling up a service with placement preferences. moby/moby#50202
• Fix issue where custom meta-headers were not passed through when using the containerd image store. moby/moby#51024
• Fix requests not being logged when running the daemon with --log-level=trace. moby/moby#50986
• Fix Swarm services becoming unreachable from published ports after a firewalld reload. moby/moby#50443
• Improve errors when failing to connect to the API to provide more context to the user. moby/moby#50285
• Improve shell completion for docker secret and docker config subcommands. docker/cli#6446
• Prefer explicit device driver name over GPU capabilities when selecting the device driver with docker run --gpus. moby/moby#50717
• Update runc to v1.3.3. moby/moby#51393
• Updated Swarmkit internal TLS configuration to exclude known insecure cipher suites. moby/moby#51139

Packaging updates

• client: remove legacy CBC cipher suites from client config. moby/moby#50126
• contrib: remove editorconfig as it was unmaintained. moby/moby#50607
• contrib: remove Dockerfile syntax highlighting files for nano and TextMate (tmbundle) as they were unmaintained and outdated. moby/moby#50606
• contrib: remove mkimage-xxx scripts as they were unmaintained and not tested. moby/moby#50297
• If Docker is downgraded to a version that does not have this support the network will become unusable, it must be deleted and re-created. moby/moby#50114
• The Windows overlay network driver now supports option --dns. moby/moby#51229
• Update BuildKit to v0.25.2. moby/moby#51397
• Update containerd to v2.1.5. moby/moby#51409
• Update Go runtime to 1.25.4. moby/moby#51418, docker/cli#6632
• Users can request a specific prefix size for networks allocated from the default pools by using the unspecified address, for example --subnet 0.0.0.0/24 --subnet ::/96. moby/moby#50114

Networking

• Add daemon option --bridge-accept-fwmark. Packets with this firewall mark will accepted by bridge networks, overriding Docker's iptables or nftables "drop" rules. moby/moby#50476
• api/types/system: deprecated top level DiskUsage fields for type specific fields. moby/moby#51235
• Ensure bridge devices are removed when bridge network creation fails. moby/moby#51147
• Ensure that Windows NAT networks are recreated with their original labels when the Engine restarts. moby/moby#50447
• Environment variables set on a container using legacy links are deprecated and aren't added automatically anymore. moby/moby#50719
  • The daemon can be started with DOCKER_KEEP_DEPRECATED_LEGACY_LINKS_ENV_VARS=1 to get them back
  • Users are encouraged to stop relying on these as they're deprecated, and the escape hatch will be removed in a later version
• Fix a bug in NetworkDB which would sometimes cause entries to get stuck deleted on some of the nodes, leading to connectivity issues between containers on overlay networks. moby/moby#50342
• Fix a bug that could...

The first release candidate of a Go module github.com/moby/moby/client dedicated for the Moby API client making the old github.com/docker/docker/client package obsolete.

Changelog

• api/pkg/progress and api/pkg/streamformatter have been removed. moby/moby#51153
• client.ImageBuild, client.BuildCancel, client.ImageList, client.ImageRemove, client.ImageTag, and client.ImageSearch methods now accept option structs instead of positional arguments, and return dedicated result structs. moby/moby#51227
• client: ContainerExec... methods were renamed to Exec.... moby/moby#51262
• client: Wrap return values of ImageInspect, ImageHistory, ImageLoad and ImageSave in a struct. moby/moby#51236
• ImagePull now returns an object with JSONMessages method returning iterator over the message objects. moby/moby#50935
• ImagePush now returns an object with JSONMessages method returning iterator over the message objects. moby/moby#51148
• api/types/build: move CachePruneOptions type to client.BuildCachePruneOptions. moby/moby#50772
• api/types/build: move build options to client and backend. moby/moby#50907
• api/types/checkpoint: move checkpoint options to client module. moby/moby#50905
• api/types/container: merge InspectResponse and ContainerJSONBase. moby/moby#50809
• api/types/container: move ResizeOptions type to ContainerResizeOptions in the client. moby/moby#50773
• api/types/container: move container options to client. moby/moby#50897
• api/types/container: move ExecInspect type to client. moby/moby#50991
• api/types/events: move ListOptions type to the client EventsListOptions. moby/moby#50774
• api/types/filters: remove deprecated ToParamWithVersion. moby/moby#50561
• api/types/image: move image options out to the client. moby/moby#50776
• api/types/network: CreateRequest: remove deprecated CheckDuplicate field. moby/moby#50998
• api/types/network: define ConnectRequest and DisconnectRequest. moby/moby#51324
• api/types/registry: move SearchOptions to ImageSearchOptions in the client. moby/moby#50787
• api/types/registry: rename AuthenticateOKBody to AuthResponse. moby/moby#51334
• api/types/strslice: deprecate StrSlice in favor of using a regular []string. moby/moby#50292
• api/types/swarm: create types for enum-consts. moby/moby#51399
• api/types/swarm: move option types to the client module. moby/moby#50794
• api/types/volume: move the ListOptions type to the client module. moby/moby#50789
• api/types: move disk usage structs to per type packages. moby/moby#51406
• api/types: move Ping and swarm.Status to client. moby/moby#51258
• api/types: move plugin types to api/types/plugin. moby/moby#48114
• client/container_copy: Wrap options and result struct. moby/moby#51328
• client/container_update: Wrap options and result. moby/moby#51326
• client/distribution_inspect: Wrap options and result. moby/moby#51264
• client/node: Wrap options and output. moby/moby#51260
• client/pkg/jsonmessage: refactor in terms of api/types/jsonstream. moby/moby#51156
• client/secrets: Wrap results and options. moby/moby#51251
• client: ContainerCommitOptions: remove Pause field in favor of NoPause. moby/moby#51019
• client: add ExecAPIClient interface for exec methods provided by the client. moby/moby#50997
• client: add option and output structs for various container methods. moby/moby#51308
• client: Client.ContainerCreate: fix panic when passing a nil config. moby/moby#51001
• client: Client.PluginList: add options-struct. moby/moby#51207
• client: ContainerWait: touch-up GoDoc, and remove legacy code, and use singular for channels (ContainerWaitResult). moby/moby#51323
• client: ExecCreate: rename Tty to TTY, change ConsoleSize to a ConsoleSize type. moby/moby#51400
• client: fix example, and add runnable example. moby/moby#51330
• client: fix example, and update refs to old modules. moby/moby#50484
• client: fix some version-related handling. moby/moby#51005
• client: ImagePullResponse: use sync.OnceValue. moby/moby#51160
• client: move ExecStartOptions, ExecAttachOptions, ExecOptions to client. moby/moby#50978
• client: NetworkInspect, NetworkList: wrap output structs, and remove NetworkInspectWithRaw. moby/moby#51245
• client: omit empty auth headers and use registry.RequestAuthConfig. moby/moby#50256
• client: please the linters. moby/moby#51266
• client: PluginInspectWithRaw: refactor and rename to PluginInspect. moby/moby#51254
• client: prepare option-structs for multiple platforms. moby/moby#51342
• client: reduce uses of obsolete API versions in tests. moby/moby#51071
• client: refactor ContainerExport to wrap options/result structs. moby/moby#51316
• client: refactor ContainerList to wrap result. moby/moby#51314
• client: refactor ContainerLogs to wrap result. moby/moby#51317
• client: refactor ContainerRename to wrap options/result structs. moby/moby#51315
• client: refactor ContainerWait to use client defined options/results structs. moby/moby#51312
• client: refactor Events, Info, RegistryLogin. moby/moby#51320
• client: refactor NetworkConnect, NetworkDisconnect, NetworkRemove. moby/moby#51325
• client: refactor plugin api client functions to define options/result…. moby/moby#51256
• client: refactor swarm api functions to wrap params/responses. moby/moby#51244
• client: refactor task responses. moby/moby#51234
• client: Remove ImageCreate method - useImagePull or ImageImport instead. moby/moby#51366
• client: remove API-version compatibility for API < v1.44. moby/moby#51120
• client: remove NegotiateAPIVersion, NegotiateAPIVersionPing. moby/moby#51307
• client: remove unused hasEndpointSpecificMacAddress utility. moby/moby#51275
• client: remove VolumeInspectWithRaw, merge with VolumeInspect. moby/moby#51247
• client: rename ServiceListResult.Services to ServiceListResult.Items. moby/moby#51273
• client: rename ConfigListResult.Configs to ConfigListResult.Items. moby/moby#51249
• client: Rename ContainerUnPause* to ContainerUnpause*. moby/moby#51322
• client: rename VolumeListResult.List to VolumeListResult.Items. moby/moby#51246
• client: singularize prune methods. moby/moby#51403
• client: un-export NewVersionError, rename to requiresVersion. moby/moby#51327
• client: use interface for return types. moby/moby#51383
• client: VolumePruneOptions: add "All" option. moby/moby#51208
• client: VolumeRemove, VolumeUpdate: add output struct. moby/moby#51310
• client: WithMockClient: match version behavior of actual client. moby/moby#51002
• client_(attach,commit,create,diff): Wrap result and options. [#51278](https://github.com/mo...

The first release candidate of a Go module github.com/moby/moby/api dedicated for the Moby API making the old github.com/docker/docker/api package obsolete.

This release continues the 1.x line of API compatibility with the 52nd minor release of the 1.x API.

Changelog

• api/pkg/progress and api/pkg/streamformatter have been removed. moby/moby#51153
• api/types/registry: EncodeAuthConfig: use empty string for zero value. moby/moby#50426
• client/pkg/jsonmessage: remove deprecated ProgressMessage, ErrorMessage, DisplayJSONMessagesToStream and Stream interface. moby/moby#49264
• events API now reports content-type as application/x-ndjson for newline-delimited JSON event stream. moby/moby#50953
• GET /events no longer includes the deprecated status, id, and from fields. These fields were removed in API v1.22, but still included in the response. These fields are now omitted when using API v1.52 or higher. moby/moby#50832
• GET /images/{name}/json now omits the following fields if their value is empty: Parent, Comment, DockerVersion, Author. moby/moby#51072
• GET /images/{name}/json: omit empty Config fields when not set. moby/moby#50915
• Add progress aux emitter to build backend. moby/moby#50278
• Add support for memory swappiness in Swarm services. moby/moby#51114
  • GET /services now returns SwapBytes and MemorySwappiness fields as part of the Resource requirements
  • GET /services/{id} now returns SwapBytes and MemorySwappiness fields as part of the Resource requirements
  • POST /services/create now accepts SwapBytes and MemorySwappiness fields as part of the Resource requirements
  • POST /services/{id}/update now accepts SwapBytes and MemorySwappiness fields as part of the Resource requirements
  • GET /tasks now returns SwapBytes and MemorySwappiness fields as part of the Resource requirements
  • GET /tasks/{id} now returns SwapBytes and MemorySwappiness fields as part of the Resource requirements
• api/docs: add v1.52 swagger. moby/moby#50626
• api/docs: fix events example response. moby/moby#50949
• api/docs: sync v1.52 docs with latest. moby/moby#50911
• api/docs: sync v1.52 swagger with current version. moby/moby#50643
• api/pkg/stdcopy: move stdWriter to daemon/internal. moby/moby#51157
• api/types/build: move CachePruneOptions type to client.BuildCachePruneOptions. moby/moby#50772
• api/types/build: move build options to client and backend. moby/moby#50907
• api/types/checkpoint: move checkpoint options to client module. moby/moby#50905
• api/types/container: OnBuild will now be omitted if its value is empty or zero. moby/moby#51154
• api/types/container: add missing type for exec-inspect response. moby/moby#50482
• api/types/container: make the container config MacAddress obsolete for v1.52 and onwards. Use network endpoint settings instead. moby/moby#51189
• api/types/container: merge InspectResponse and ContainerJSONBase. moby/moby#50809
• api/types/container: move ResizeOptions type to ContainerResizeOptions in the client. moby/moby#50773
• api/types/container: move StatsResponseReader to client package. moby/moby#50521
• api/types/container: move container options to client. moby/moby#50897
• api/types/container: move ExecInspect type to client. moby/moby#50991
• api/types/events: move ListOptions type to the client EventsListOptions. moby/moby#50774
• api/types/filters: remove deprecated ToParamWithVersion. moby/moby#50561
• api/types/image: InspectResponse: remove deprecated VirtualSize, Container, ContainerConfig, Parent, and DockerVersion fields. moby/moby#51103
• api/types/image: move image options out to the client. moby/moby#50776
• api/types/image: remove deprecated Summary.VirtualSize field. moby/moby#51190
• api/types/network: EndpointSettings: make MacAddress "operational data". moby/moby#51203
• api/types/registry: add some tests for encoding/decoding authconfig. moby/moby#50392
• api/types/registry: move SearchOptions to ImageSearchOptions in the client. moby/moby#50787
• api/types/registry: moved ServiceConfig legacy field marshaling support into daemon backend. moby/moby#50826
• api/types/registry: remove deprecated ServiceConfig.AllowNondistributableArtifactsCIDRs and ServiceConfig.AllowNondistributableArtifactsHostnames fields. moby/moby#50375
• api/types/storage: add Storage type and integrate in container inspect. moby/moby#50857
• api/types/strslice: deprecate StrSlice in favor of using a regular []string. moby/moby#50292
• api/types/strslice: use slices.Equal. moby/moby#50608
• api/types/swarm: create types for enum-consts. moby/moby#51399
• api/types/swarm: deprecated and dropped support for PortConfigProtocol; use network.IPProtocol instead. moby/moby#51094
• api/types/swarm: move option types to the client module. moby/moby#50794
• api/types/volume: move the ListOptions type to the client module. moby/moby#50789
• api/types: fix godoc. moby/moby#51261
• api/types: move plugin types to api/types/plugin. moby/moby#48114
• api: bump github.com/google/go-cmp v0.7.0. moby/moby#50723
• api: docs: update v1.52 swagger with latest changes. moby/moby#50796
• api: move docs to api module. moby/moby#50491
• api: redefine container network port types. moby/moby#50710
• api: remove image inspect Parent, DockerVersion from swagger docs. moby/moby#51196
• apk/pkg/stdcopy: remove use of iota, improve docs, and add example. moby/moby#50612
• cli/ is not in moby repo (anymore). moby/moby#50537
• client: move ExecStartOptions, ExecAttachOptions, ExecOptions to client. moby/moby#50978
• daemon: filter networks before converting to API types. moby/moby#50860
• Move jsonmessage, streamformatter, and progress. moby/moby#50565
• Prefer explicit device driver name over GPU capabilities when selecting the device driver with docker run --gpus. moby/moby#50717
• Prepare release notes for api/v1.52.0-beta.0. moby/moby#50904
• Prepare release notes for v1.52.0-alpha.0. moby/moby#50625
• README: update, add badges. moby/moby#50665
• Remove structs NetworkSettingsBase and DefaultNetworkSettings. Fields in NetworkSettingsBase that were not deprecated are now directly in NetworkSettings. moby/moby#50846
• remove support for deprecated kernel memory limit. moby/moby#50989
• Swagger definitions for NetworkSummary and NetworkInspect have been added to the Swagger spec describing the Engine API. moby/moby#50855
• Types "github.com/moby/moby/api/types/network".Summary and "github.com/moby/moby/api/types/network".Inspect are no longer aliases, and most of their fields have been moved into an embedded struct. Engine API clients may require some source-level changes when migrating to the new github.com/moby/moby/api module. moby/moby#50878

28.5.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.5.2 milestone
• moby/moby, 28.5.2 milestone

Packaging updates

• Update runc to v1.3.3. moby/moby#51394

Bug fixes and enhancements

• dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt). moby/moby#51162
• Update Go runtime to 1.24.9. moby/moby#51387, docker/cli#6613

Deprecations

• Go-SDK: cli/command/image/build: deprecate DefaultDockerfileName, DetectArchiveReader, WriteTempDockerfile, ResolveAndValidateContextPath. These utilities were only used internally and will be removed in the next release. docker/cli#6610
• Go-SDK: cli/command/image/build: deprecate IsArchive utility. docker/cli#6560
• Go-SDK: opts: deprecate ValidateMACAddress. docker/cli#6560
• Go-SDK: opts: deprecate ListOpts.Delete(). docker/cli#6560