Skip to content

Latest commit

 

History

History
1662 lines (1290 loc) · 95.6 KB

CHANGELOG.md

File metadata and controls

1662 lines (1290 loc) · 95.6 KB
Raw

Change Log

All notable changes to this project will be documented in this file automatically by Versionist. DO NOT EDIT THIS FILE MANUALLY! This project adheres to Semantic Versioning.

v20.10.44

(2024-05-21)

  • Bugfix: Don't close base images prematurely [Leandro Motta Barros]

v20.10.43

(2024-02-06)

  • Update runc component to v1.1.12 from balena-runc repo [Ken Bannister]

v20.10.42

(2023-12-19)

  • Update actions/upload-artifact to v4 and generate unique artifacts [Kyle Harding]

v20.10.41

(2023-12-01)

  • Simplified development doc 'Build and run' instructions [Ken Bannister]

v20.10.40

(2023-09-11)

  • Re-vendor to get the containerd-shim-runc-v2 sources [Leandro Motta Barros]
  • Default to io.containerd.runc.v2 [Robert Günzler]

v20.10.39

(2023-08-30)

  • Don't enable AppArmor if apparmor_parser is not present [Leandro Motta Barros]

v20.10.38

(2023-07-03)

  • Document a couple of troubleshooting tips [Leandro Motta Barros]

v20.10.37

(2023-06-26)

  • Bugfix: concatReadSeekCloser.Read() with buffers of any size [Leandro Motta Barros]
  • Minor code and comments tweaks [Leandro Motta Barros]

v20.10.36

(2023-05-04)

  • Further improve resilience of image pulls [Leandro Motta Barros]

v20.10.35

(2023-04-24)

  • Update libnetwork to fix port binding issue [Leandro Motta Barros]

v20.10.34

(2023-04-05)

  • Update librsync-go to v0.8.5, circbuf to v0.1.3 [Leandro Motta Barros]

v20.10.33

(2023-03-27)

  • Add integration tests for balena's "delta on load" [Leandro Motta Barros]
  • Simplify and improve delta error handling [Leandro Motta Barros]
  • Refactor the xfer portions of delta [Leandro Motta Barros]
  • Refactor the distribution portions of delta [Leandro Motta Barros]

v20.10.32

(2023-03-21)

  • Installer: Make the script POSIX-compliant [Leandro Motta Barros]
  • Installer: Improve handling of su/sudo [Leandro Motta Barros]
  • Installer: Improve checking for dependencies [Leandro Motta Barros]
  • Installer: remove support for the 386 architecture [Leandro Motta Barros]
  • Remove the installation script from docs/ [Leandro Motta Barros]

v20.10.31

(2023-03-20)

  • Remove references to deprecated build targets [Kyle Harding]
  • Revert "Cross-build the dynbinary target" [Kyle Harding]

v20.10.30

(2023-03-13)

  • Fix typos in the masterclass docs [Leandro Motta Barros]
  • patch: Migrate balenaEngine Debugging docs from masterclass [Vipul Gupta (@vipulgupta2048)]

v20.10.29

(2023-02-20)

  • Rename test functions for better clarity [Leandro Motta Barros]
  • Add test case for the delta image store [Leandro Motta Barros]
  • Add dev-focused docs on some balenaEngine features [Leandro Motta Barros]
  • Simplify test code by using new std lib function [Leandro Motta Barros]
  • Set the delta image store, fix delta-based HUPs [Leandro Motta Barros]

v20.10.28

(2023-02-20)

  • Disable builds for linux/386 [Leandro Motta Barros]

v20.10.27

(2023-02-07) [upstream release]

Merge upstream 20.10.17 [Leandro Motta Barros]

20.10.17

2022-06-06

This release of Docker Engine comes with updated versions of Docker Compose and the containerd, and runc components, as well as some minor bug fixes.

Client

  • Remove asterisk from docker commands in zsh completion script docker/cli#3648.

Networking

  • Fix Windows port conflict with published ports in host mode for overlay moby/moby#43644.
  • Ensure performance tuning is always applied to libnetwork sandboxes moby/moby#43683.

Packaging

20.10.16

2022-05-12

This release of Docker Engine fixes a regression in the Docker CLI builds for macOS, fixes an issue with docker stats when using containerd 1.5 and up, and updates the Go runtime to include a fix for CVE-2022-29526.

Client

Daemon

  • Fixed an issue where docker stats was showing empty stats when running with containerd 1.5.0 or up moby/moby#43567.
  • Updated the golang.org/x/sys build-time dependency which contains a fix for CVE-2022-29526.

Packaging

  • Updated Go runtime to 1.17.10, which contains a fix for CVE-2022-29526.
  • Used “weak” dependencies for the docker scan CLI plugin, to prevent a “conflicting requests” error when users performed an off-line installation from downloaded RPM packages docker/docker-ce-packaging#659.

20.10.15

2022-05-05

This release of Docker Engine comes with updated versions of the compose, buildx, containerd, and runc components, as well as some minor bug fixes.

Known issues

We’ve identified an issue with the macOS CLI binaries in the 20.10.15 release. This issue has been resolved in the 20.10.16 release.

Daemon

  • Use a RWMutex for stateCounter to prevent potential locking congestion moby/moby#43426.
  • Prevent an issue where the daemon was unable to find an available IP-range in some conditions moby/moby#43360

Packaging

  • Update Docker Compose to v2.5.0.
  • Update Docker Buildx to v0.8.2.
  • Update Go runtime to 1.17.9.
  • Update containerd (containerd.io package) to v1.6.4.
  • Update runc version to v1.1.1.
  • Add packages for CentOS 9 stream and Fedora 36.

20.10.14

2022-03-23

This release of Docker Engine updates the default inheritable capabilities for containers to address CVE-2022-24769, a new version of the containerd.io runtime is also included to address the same issue.

Daemon

  • Update the default inheritable capabilities.

Builder

  • Update the default inheritable capabilities for containers used during build.

Packaging

  • Update containerd (containerd.io package) to v1.5.11.
  • Update docker buildx to v0.8.1.

20.10.13

2022-03-10

This release of Docker Engine contains some bug-fixes and packaging changes, updates to the docker scan and docker buildx commands, an updated version of the Go runtime, and new versions of the containerd.io runtime. Together with this release, we now also provide .deb and .rpm packages of Docker Compose V2, which can be installed using the (optional) docker-compose-plugin package.

Builder

  • Updated the bundled version of buildx to v0.8.0.

Daemon

  • Fix a race condition when updating the container’s state moby/moby#43166.
  • Update the etcd dependency to prevent the daemon from incorrectly holding file locks moby/moby#43259
  • Fix detection of user-namespaces when configuring the default net.ipv4.ping_group_range sysctl moby/moby#43084.

Distribution

  • Retry downloading image-manifests if a connection failure happens during image pull moby/moby#43333.

Documentation

  • Various fixes in command-line reference and API documentation.

Logging

  • Prevent an OOM when using the “local” logging driver with containers that produce a large amount of log messages moby/moby#43165.
  • Updates the fluentd log driver to prevent a potential daemon crash, and prevent containers from hanging when using the fluentd-async-connect=true and the remote server is unreachable moby/moby#43147.

Packaging

  • Provide .deb and .rpm packages for Docker Compose V2. Docker Compose v2.3.3 can now be installed on Linux using the docker-compose-plugin packages, which provides the docker compose subcommand on the Docker CLI. The Docker Compose plugin can also be installed and run standalone to be used as a drop-in replacement for docker-compose (Docker Compose V1) docker/docker-ce-packaging#638. The compose-cli-plugin package can also be used on older version of the Docker CLI with support for CLI plugins (Docker CLI 18.09 and up).
  • Provide packages for the upcoming Ubuntu 22.04 “Jammy Jellyfish” LTS release docker/docker-ce-packaging#645, docker/containerd-packaging#271.
  • Update docker buildx to v0.8.0.
  • Update docker scan (docker-scan-plugin) to v0.17.0.
  • Update containerd (containerd.io package) to v1.5.10.
  • Update the bundled runc version to v1.0.3.
  • Update Golang runtime to Go 1.16.15.

20.10.12

2021-12-13

This release of Docker Engine contains changes in packaging only, and provides updates to the docker scan and docker buildx commands. Versions of docker scan before v0.11.0 are not able to detect the Log4j 2 CVE-2021-44228. We are shipping an updated version of docker scan in this release to help you scan your images for this vulnerability.

Note

The docker scan command on Linux is currently only supported on x86 platforms. We do not yet provide a package for other hardware architectures on Linux.

The docker scan feature is provided as a separate package and, depending on your upgrade or installation method, ‘docker scan’ may not be updated automatically to the latest version. Use the instructions below to update docker scan to the latest version. You can also use these instructions to install, or upgrade the docker scan package without upgrading the Docker Engine:

On .deb based distros, such as Ubuntu and Debian:

$ apt-get update && apt-get install docker-scan-plugin

On rpm-based distros, such as CentOS or Fedora:

$ yum install docker-scan-plugin

After upgrading, verify you have the latest version of docker scan installed:

$ docker scan --accept-license --version
Version:    v0.12.0
Git commit: 1074dd0
Provider:   Snyk (1.790.0 (standalone))

Read our blog post on CVE-2021-44228 to learn how to use the docker scan command to check if images are vulnerable.

Packaging

  • Update docker scan to v0.12.0.
  • Update docker buildx to v0.7.1.
  • Update Golang runtime to Go 1.16.12.

v20.10.26

(2023-01-17)

  • Cross-build the dynbinary target [Kyle Harding]

v20.10.25

(2022-12-21)

  • Fix TestBuildUserNamespaceValidateCapabilitiesAreV2 [Leandro Motta Barros]
  • Fix crash with PPP interface with nil dst address [Leandro Motta Barros]

v20.10.24

(2022-12-12)

  • Fix typo [Leandro Motta Barros]

v20.10.23

(2022-12-09)

  • patch: Revert "Fix balena-engine logo image" [Vipul Gupta]

v20.10.22

(2022-12-07)

  • patch: Add balena-engine documentation [Vipul Gupta (@vipulgupta2048)]

v20.10.21

(2022-11-22)

  • Move GH publishing to core [ab77]

v20.10.20

(2022-11-17)

  • Improve docs for balenaEngine devs [Leandro Motta Barros]

v20.10.19

(2022-11-17)

  • Create balena symlinks during cross builds [Leandro Motta Barros]
  • Switch to Flowzone [Leandro Motta Barros]

v20.10.18

(2022-06-03)

  • Improve error reporting for delta base image loading [Leandro Motta Barros]

v20.10.17

(2022-05-17)

  • Fix "slice bounds out of range" while applying deltas [Leandro Motta Barros]

v20.10.16

(2022-04-07)

  • contrib/init/systemd: update balena-engine.service [TIAN Yuanhao]

v20.10.15

(2022-04-05)

  • Log more info upon when raising errRootFSMismatch [Leandro Motta Barros]

v20.10.14

(2022-04-01)

  • Add more integration tests for deltas [Leandro Motta Barros]

v20.10.13

(2022-03-09)

  • Add link to post to test landr [andrew]

v20.10.12

(2022-02-18)

  • storagemigration: keep going if migration fails [Robert Günzler]
  • graphdriver/copy: fix handling of sockets [Robert Günzler]
  • pkg/storagemigration: use graphdriver/copy.DirCopy [Robert Günzler]
  • Prune Jenkinsfile [Robert Günzler]
  • Backport platform-detection fixes from containerd [Robert Günzler]
  • storagemigration: capture failcleanup logs in logfile [Robert Günzler]
  • storagemigration: move logic to package [Robert Günzler]
  • prevent slice oob access in concatReadSeekCloser [Martin Rauscher]
  • Make layer download resuming more resilient [Leandro Motta Barros]
  • Drop CODEOWNERS [Robert Günzler]
  • pkg/storagemigration: poperly handle errors during state creation [Robert Günzler]
  • pkg/storagemigration: allow writing logs to separate file [Robert Günzler]
  • storagemigration: defer commit to next start [Robert Günzler]
  • Lock destination layers while delta is being processed [Robert Günzler]
  • Add aufs to overlay2 migrator [Robert Günzler]
  • Update the README [Robert Günzler]
  • Cleanup repo [Robert Günzler]
  • Add a SECURITY.md [Robert Günzler]
  • top_unix.go: allow busybox ps with no args [Kyle Harding]
  • Bump balena-os/balena-containerd to 1da48a8 [Tian Yuanhao]
  • Add changelog template to allow generating nested changelogs [Robert Günzler]
  • Update github issue and pr templates [Robert Günzler]
  • Update codeowners [Robert Günzler]
  • hack: Fix CLI versioning [Robert Günzler]
  • Fixed typos in getting-started.md docs [Miguel Casqueira]
  • Add integration tests for hostapp handling [Robert Günzler]
  • Fix container data deletion [Roman Mazur]
  • overlay2: Add List support [Roman Mazur]
  • aufs: Add List support [Roman Mazur]
  • layer: Remove unreferenced driver layers on create [Roman Mazur]
  • layer: Prune unused data on layer store creation [Roman Mazur]
  • layer: Persist cacheID early on transaction start [Roman Mazur]
  • pkg/authorization: Fix test failures on macOS [Roman Mazur]
  • Move ci to balenaCI [Robert Günzler]
  • contrib: Add balena-engine version of dind container [Robert Günzler]
  • build.sh: Disable btrfs,zfs,devicemapper graphdrivers [Robert Günzler]
  • Bump CLI dependency to include fix for #178 [Robert Günzler]
  • Bump CLI dependency to include --cidenv flag [Robert Günzler]
  • Allow passing container ID to container via environment variable [Robert Günzler]
  • contrib/install.sh: Add details to the success message [Robert Günzler]
  • contrib/install.sh: Rename balena to balenaEngine in ASCII art output [Robert Günzler]
  • contrib/install.sh: Fail on error [Robert Günzler]
  • Add daemon flags to configure max download/upload attempts during pull/push [Robert Günzler]
  • aufs,overlay2: Add driver opts for disk sync [Robert Günzler]
  • Fix double locking in the event handling code of OOM events [Robert Günzler]
  • integration-tests: Add test for containers with memory,cpu constraints [Robert Günzler]
  • Update Dockerfiles used for build to Go 1.10.8 [Robert Günzler]
  • travis: Use the minimal machine [Robert Günzler]
  • Add cli for tagging delta images [Robert Günzler]
  • Allow tagging of image deltas on creation [Robert Günzler]
  • docs: Fix Docker capitalisation in balenaEngine docs [Paulo Castro]
  • Update balenaEngine logo in README.md [Paulo Castro]
  • Disable incompatible integration tests [Paulo Castro]

v20.10.11

(2021-12-09) [upstream release]

Merge upstream v20.10.11 [Robert Günzler]

20.10.11

2021-11-17

IMPORTANT

Due to net/http changes in Go 1.16, HTTP proxies configured through the $HTTP_PROXY environment variable are no longer used for TLS (https://) connections. Make sure you also set an $HTTPS_PROXY environment variable for handling requests to https:// URLs.

Refer to the HTTP/HTTPS proxy section to learn how to configure the Docker Daemon to use a proxy server. {: .important }

Distribution

Windows

Packaging

20.10.10

2021-10-25

IMPORTANT

Due to net/http changes in Go 1.16, HTTP proxies configured through the $HTTP_PROXY environment variable are no longer used for TLS (https://) connections. Make sure you also set an $HTTPS_PROXY environment variable for handling requests to https:// URLs.

Refer to the HTTP/HTTPS proxy section to learn how to configure the Docker Daemon to use a proxy server. {: .important }

Builder

  • Fix platform-matching logic to fix docker build using not finding images in the local image cache on Arm machines when using BuildKit moby/moby#42954

Runtime

  • Add support for clone3 syscall in the default seccomp policy to support running containers based on recent versions of Fedora and Ubuntu. moby/moby/#42836.
  • Windows: update hcsshim library to fix a bug in sparse file handling in container layers, which was exposed by recent changes in Windows moby/moby#42944.
  • Fix some situations where docker stop could hang forever moby/moby#42956.

Packaging

  • Update Golang runtime to Go 1.16.9.

20.10.9

2021-10-04

This release is a security release with security fixes in the CLI, runtime, as well as updated versions of the containerd.io package.

IMPORTANT

Due to net/http changes in Go 1.16, HTTP proxies configured through the $HTTP_PROXY environment variable are no longer used for TLS (https://) connections. Make sure you also set an $HTTPS_PROXY environment variable for handling requests to https:// URLs.

Refer to the HTTP/HTTPS proxy section to learn how to configure the Docker Daemon to use a proxy server. {: .important }

Client

  • CVE-2021-41092 Ensure default auth config has address field set, to prevent credentials being sent to the default registry.

Runtime

  • CVE-2021-41089 Create parent directories inside a chroot during docker cp to prevent a specially crafted container from changing permissions of existing files in the host’s filesystem.
  • CVE-2021-41091 Lock down file permissions to prevent unprivileged users from discovering and executing programs in /var/lib/docker.

Packaging

Known issue

The ctr binary shipping with the static packages of this release is not statically linked, and will not run in Docker images using alpine as a base image. Users can install the libc6-compat package, or download a previous version of the ctr binary as a workaround. Refer to the containerd ticket related to this issue for more details: containerd/containerd#5824.

20.10.8

2021-08-03

IMPORTANT

Due to net/http changes in Go 1.16, HTTP proxies configured through the $HTTP_PROXY environment variable are no longer used for TLS (https://) connections. Make sure you also set an $HTTPS_PROXY environment variable for handling requests to https:// URLs.

Refer to the HTTP/HTTPS proxy section to learn how to configure the Docker Daemon to use a proxy server. {: .important }

Deprecation

  • Deprecate support for encrypted TLS private keys. Legacy PEM encryption as specified in RFC 1423 is insecure by design. Because it does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. Support for encrypted TLS private keys is now marked as deprecated, and will be removed in an upcoming release. docker/cli#3219
  • Deprecate Kubernetes stack support. Following the deprecation of Compose on Kubernetes, support for Kubernetes in the stack and context commands in the Docker CLI is now marked as deprecated, and will be removed in an upcoming release docker/cli#3174.

Client

  • Fix Invalid standard handle identifier errors on Windows docker/cli#3132.

Rootless

  • Avoid can't open lock file /run/xtables.lock: Permission denied error on SELinux hosts moby/moby#42462.
  • Disable overlay2 when running with SELinux to prevent permission denied errors moby/moby#42462.
  • Fix x509: certificate signed by unknown authority error on openSUSE Tumbleweed moby/moby#42462.

Runtime

  • Print a warning when using the --platform option to pull a single-arch image that does not match the specified architecture moby/moby#42633.
  • Fix incorrect Your kernel does not support swap memory limit warning when running with cgroups v2 moby/moby#42479.
  • Windows: Fix a situation where containers were not stopped if HcsShutdownComputeSystem returned an ERROR_PROC_NOT_FOUND error moby/moby#42613

20.10.7

2021-06-02

Client

  • Suppress warnings for deprecated cgroups docker/cli#3099.
  • Prevent sending SIGURG signals to container on Linux and macOS. The Go runtime (starting with Go 1.14) uses SIGURG signals internally as an interrupt to support preemptable syscalls. In situations where the Docker CLI was attached to a container, these interrupts were forwarded to the container. This fix changes the Docker CLI to ignore SIGURG signals docker/cli#3107, moby/moby#42421.

Builder

  • Update BuildKit to version v0.8.3-3-g244e8cde moby/moby#42448:
    • Transform relative mountpoints for exec mounts in the executor to work around a breaking change in runc v1.0.0-rc94 and up. moby/buildkit#2137.
    • Add retry on image push 5xx errors. moby/buildkit#2043.
    • Fix build-cache not being invalidated when renaming a file that is copied using a COPY command with a wildcard. Note that this change invalidates existing build caches for copy commands that use a wildcard. moby/buildkit#2018.
    • Fix build-cache not being invalidated when using mounts moby/buildkit#2076.
  • Fix build failures when FROM image is not cached when using legacy schema 1 images moby/moby#42382.

Logging

  • Update the hcsshim SDK to make daemon logs on Windows less verbose moby/moby#42292.

Rootless

  • Fix capabilities not being honored when an image was built on a daemon with user-namespaces enabled moby/moby#42352.

Networking

  • Update libnetwork to fix publishing ports on environments with kernel boot parameter ipv6.disable=1, and to fix a deadlock causing internal DNS lookups to fail moby/moby#42413.

Contrib

  • Update rootlesskit to v0.14.2 to fix a timeout when starting the userland proxy with the slirp4netns port driver moby/moby#42294.
  • Fix "Device or resource busy" errors when running docker-in-docker on a rootless daemon moby/moby#42342.

Packaging

20.10.6

2021-04-12

Client

  • Apple Silicon (darwin/arm64) support for Docker CLI docker/cli#3042
  • config: print deprecation warning when falling back to pre-v1.7.0 config file ~/.dockercfg. Support for this file will be removed in a future release docker/cli#3000

Builder

  • Fix classic builder silently ignoring unsupported Dockerfile options and prompt to enable BuildKit instead moby/moby#42197

Logging

Networking

  • Fix a regression in docker 20.10, causing IPv6 addresses no longer to be bound by default when mapping ports moby/moby#42205
  • Fix implicit IPv6 port-mappings not included in API response. Before docker 20.10, published ports were accessible through both IPv4 and IPv6 by default, but the API only included information about the IPv4 (0.0.0.0) mapping moby/moby#42205
  • Fix a regression in docker 20.10, causing the docker-proxy to not be terminated in all cases moby/moby#42205
  • Fix iptables forwarding rules not being cleaned up upon container removal moby/moby#42205

Packaging

Plugins

  • Fix docker plugin create making plugins that were incompatible with older versions of Docker moby/moby#42256

Rootless

20.10.5

2021-03-02

Client

20.10.4

2021-02-26

Builder

  • Fix incorrect cache match for inline cache import with empty layers moby/moby#42061
  • Update BuildKit to v0.8.2 moby/moby#42061
    • resolver: avoid error caching on token fetch
    • fileop: fix checksum to contain indexes of inputs preventing certain cache misses
    • Fix reference count issues on typed errors with mount references (fixing invalid mutable ref errors)
    • git: set token only for main remote access allowing cloning submodules with different credentials
  • Ensure blobs get deleted in /var/lib/docker/buildkit/content/blobs/sha256 after pull. To clean up old state run builder prune moby/moby#42065
  • Fix parallel pull synchronization regression moby/moby#42049
  • Ensure libnetwork state files do not leak moby/moby#41972

Client

  • Fix a panic on docker login if no config file is present docker/cli#2959
  • Fix WARNING: Error loading config file: .dockercfg: $HOME is not defined docker/cli#2958

Runtime

Logger

  • Honor labels-regex config even if labels is not set moby/moby#42046
  • Handle long log messages correctly preventing awslogs in non-blocking mode to split events bigger than 16kB mobymoby#41975

Rootless

Security

20.10.3

2021-02-01

Security

  • CVE-2021-21285 Prevent an invalid image from crashing docker daemon
  • CVE-2021-21284 Lock down file permissions to prevent remapped root from accessing docker state
  • Ensure AppArmor and SELinux profiles are applied when building with BuildKit

Client

  • Check contexts before importing them to reduce risk of extracted files escaping context store
  • Windows: prevent executing certain binaries from current directory docker/cli#2950

20.10.2

2021-01-04

Runtime

  • Fix a daemon start up hang when restoring containers with restart policies but that keep failing to start moby/moby#41729
  • overlay2: fix an off-by-one error preventing to build or run containers when data-root is 24-bytes long moby/moby#41830
  • systemd: send sd_notify STOPPING=1 when shutting down moby/moby#41832

Networking

20.10.1

2020-12-14

Builder

Packaging

20.10.0

2020-12-08

Deprecation / Removal

For an overview of all deprecated features, refer to the Deprecated Engine Features page.

API

  • Update API version to v1.41
  • Do not require "experimental" for metrics API moby/moby#40427
  • GET /events now returns prune events after pruning resources have completed moby/moby#41259
    • Prune events are returned for container, network, volume, image, and builder, and have a reclaimed attribute, indicating the amount of space reclaimed (in bytes)
  • Add one-shot stats option to not prime the stats moby/moby#40478
  • Adding OS version info to the system info's API (/info) moby/moby#38349
  • Add DefaultAddressPools to docker info moby/moby#40714
  • Add API support for PidsLimit on services moby/moby#39882

Builder

Client

  • Add swarm jobs support to CLI docker/cli#2262
  • Add -a/--all-tags to docker push docker/cli#2220
  • Add support for Kubernetes username/password auth docker/cli#2308
  • Add --pull=missing|always|never to run and create commands docker/cli#1498
  • Add --env-file flag to docker exec for parsing environment variables from a file docker/cli#2602
  • Add shorthand -n for --tail option docker/cli#2646
  • Add log-driver and options to service inspect "pretty" format docker/cli#1950
  • docker run: specify cgroup namespace mode with --cgroupns docker/cli#2024
  • docker manifest rm command to remove manifest list draft from local storage docker/cli#2449
  • Add "context" to "docker version" and "docker info" docker/cli#2500
  • Propagate platform flag to container create API docker/cli#2551
  • The docker ps --format flag now has a .State placeholder to print the container's state without additional details about uptime and health check docker/cli#2000
  • Add support for docker-compose schema v3.9 docker/cli#2073
  • Add support for docker push --quiet docker/cli#2197
  • Hide flags that are not supported by BuildKit, if BuildKit is enabled docker/cli#2123
  • Update flag description for docker rm -v to clarify the option only removes anonymous (unnamed) volumes docker/cli#2289
  • Improve tasks printing for docker services docker/cli#2341
  • docker info: list CLI plugins alphabetically docker/cli#2236
  • Fix order of processing of --label-add/--label-rm, --container-label-add/--container-label-rm, and --env-add/--env-rm flags on docker service update to allow replacing existing values docker/cli#2668
  • Fix docker rm --force returning a non-zero exit code if one or more containers did not exist docker/cli#2678
  • Improve memory stats display by using total_inactive_file instead of cache docker/cli#2415
  • Mitigate against YAML files that has excessive aliasing docker/cli#2117
  • Allow using advanced syntax when setting a config or secret with only the source field docker/cli#2243
  • Fix reading config files containing username and password auth even if auth is empty docker/cli#2122
  • docker cp: prevent NPE when failing to stat destination docker/cli#2221
  • config: preserve ownership and permissions on configfile docker/cli#2228

Logging

  • Support reading docker logs with all logging drivers (best effort) moby/moby#40543
  • Add splunk-index-acknowledgment log option to work with Splunk HECs with index acknowledgment enabled moby/moby#39987
  • Add partial metadata to journald logs moby/moby#41407
  • Reduce allocations for logfile reader moby/moby#40796
  • Fluentd: add fluentd-async, fluentd-request-ack, and deprecate fluentd-async-connect moby/moby#39086

Runtime

Networking

Packaging

Rootless

Security

  • Fix CVE-2019-14271 loading of nsswitch based config inside chroot under Glibc moby/moby#39612
  • seccomp: Whitelist clock_adjtime. CAP_SYS_TIME is still required for time adjustment moby/moby#40929
  • seccomp: Add openat2 and faccessat2 to default seccomp profile moby/moby#41353
  • seccomp: allow 'rseq' syscall in default seccomp profile moby/moby#41158
  • seccomp: allow syscall membarrier moby/moby#40731
  • seccomp: whitelist io-uring related system calls moby/moby#39415
  • Add default sysctls to allow ping sockets and privileged ports with no capabilities moby/moby#41030
  • Fix seccomp profile for clone syscall moby/moby#39308

v19.03.30

(2021-10-26)

  • storagemigration: keep going if migration fails [Robert Günzler]
  • graphdriver/copy: fix handling of sockets [Robert Günzler]

v19.03.29

(2021-09-14)

  • pkg/storagemigration: use graphdriver/copy.DirCopy [Robert Günzler]

v19.03.28

(2021-09-14)

  • Prune Jenkinsfile [Robert Günzler]

v19.03.27

(2021-09-01)

  • Backport platform-detection fixes from containerd [Robert Günzler]

v19.03.26

(2021-08-31)

  • storagemigration: capture failcleanup logs in logfile [Robert Günzler]

v19.03.25

(2021-08-20)

  • storagemigration: move logic to package [Robert Günzler]

v19.03.24

(2021-08-12)

  • prevent slice oob access in concatReadSeekCloser [Martin Rauscher]

v19.03.23

(2021-07-12)

  • Make layer download resuming more resilient [Leandro Motta Barros]

v19.03.22

(2021-06-30)

  • Drop CODEOWNERS [Robert Günzler]

v19.03.21

(2021-06-25)

  • Lock destination layers while delta is being processed [Robert Günzler]

v19.03.20

(2021-06-17)

  • pkg/storagemigration: poperly handle errors during state creation [Robert Günzler]

v19.03.19

(2021-06-10)

  • pkg/storagemigration: allow writing logs to separate file [Robert Günzler]
  • storagemigration: defer commit to next start [Robert Günzler]

v19.03.18

(2021-04-15)

  • Add aufs to overlay2 migrator [Robert Günzler]

v19.03.17

(2021-01-19)

  • Update the README [Robert Günzler]
  • Cleanup repo [Robert Günzler]

v19.03.16

(2021-01-19)

  • Add a SECURITY.md [Robert Günzler]

v19.03.15

(2021-01-12)

  • top_unix.go: allow busybox ps with no args [Kyle Harding]

v19.03.14

(2020-10-19)

  • Bump balena-os/balena-containerd to 1da48a8 [Tian Yuanhao]

v19.03.13

(2020-05-28)

  • Add changelog template to allow generating nested changelogs [Robert Günzler]
  • Update github issue and pr templates [Robert Günzler]
  • Update codeowners [Robert Günzler]

v19.03.12

(2020-05-28)

  • hack: Fix CLI versioning [Robert Günzler]

v19.03.11

(2020-05-04)

  • Fixed typos in getting-started.md docs [Miguel Casqueira]
  • Add integration tests for hostapp handling [Robert Günzler]
  • Clean up leaked engine data [Roman Mazur]
  • pkg/authorization: Fix test failures on macOS [Roman Mazur]

v19.03.10

(2020-04-06)

  • graphdriver/quota: Disable disk_quota tests if build tag is set [Robert Günzler]
  • (cherry-pick #172) Move to balenaCI [Robert Günzler]
  • Add buildtag to disable buildkit backend [Robert Günzler]
  • Add buildtag to drop devicemapper support [Robert Günzler]
  • Simplify hack/make targets [Robert Günzler]

v19.03.9

(2020-04-06)

  • Fix integration tests [Robert Günzler]
  • Revendor ebpf and zfs dependencies [Robert Günzler]
  • Downgrade containerd [Robert Günzler]

v19.03.8

(2020-04-06) [upstream release]

Merge upstream v19.03.8 [Robert Günzler]

19.03.8 (2020-03-10)

Runtime

19.03.7 (2020-03-03)

Builder

Runtime

Client

19.03.6 (2020-02-12)

Builder

Networking

Runtime

19.03.5 (2019-11-13)

Builder

  • Fix builder-next: permission errors on using build secrets or ssh forwarding with userns-remap. docker/engine#420
  • Fix builder-next: copying a symlink inside an already copied directory. docker/engine#420
  • Fix builder-next: fatal error: concurrent map writes. docker/engine#422

Runtime

19.03.4 (2019-10-17)

Networking

  • Rollback libnetwork changes so DOCKER-USER iptables chain is back. docker/engine#404

19.03.3 (2019-10-07)

Known Issues

  • DOCKER-USER iptables chain is missing docker/for-linux#810. Users cannot perform additional container network traffic filtering on top of this iptables chain. You are not affected by this issue if you are not customizing iptables chains on top of DOCKER-USER.

    Workaround is to insert the iptables chain after docker daemon starts.

    iptables -N DOCKER-USER
iptables -I FORWARD -j DOCKER-USER
iptables -A DOCKER-USER -j RETURN

Builder

  • Fix builder-next: resolve digest for third party registries. docker/engine#339
  • Fix builder-next: user namespace builds when daemon started with socket activation. docker/engine#373
  • Fix builder-next: session: release forwarded ssh socket connection per connection. docker/engine#373
  • Fix builder-next: llbsolver: error on multiple cache importers. docker/engine#373

Networking

  • Fix various libnetwork issues for iptables, DNS queries, and more. docker/engine#330

Runtime

  • Fix POST /images/create returning a 500 status code when providing an incorrect platform option. docker/engine#365
  • Fix POST /build returning a 500 status code when providing an incorrect platform option. docker/engine#365
  • Fix panic on 32-bit ARMv7 caused by misaligned struct member. docker/engine#363
  • Fix to return "invalid parameter" when linking to non-existing container. docker/engine#352
  • Fix overlay2: busy error on mount when using kernel >= 5.2. docker/engine#332
  • Fix docker rmi stuck in certain misconfigured systems, e.g. dead NFS share. docker/engine#335
  • Fix handling of blocked I/O of exec'd processes. docker/engine#296
  • Fix jsonfile logger: follow logs stuck when max-size is set and max-file=1. docker/engine#378

Client

  • Mitigate against YAML files that have excessive aliasing. docker/cli#2119

19.03.2 (2019-08-29)

Builder

  • Fix "COPY --from" to non-existing directory on Windows. moby/moby#39695
  • Fix builder-next: metadata commands not having created time in history. moby/moby#39456
  • Fix builder-next: close progress on layer export error. moby/moby#39782

Client

  • Fix Windows absolute path detection on non-Windows. docker/cli#1990
  • Fix to zsh completion script for docker login --username.
  • Fix context: produce consistent output on context create. docker/cli#1985
  • Fix support for HTTP proxy env variable. docker/cli#2059

Logging

Networking

  • Prevent panic on network attach to a container with disabled networking. moby/moby#39589

Runtime

  • Bump Golang to 1.12.8.
  • Fix a potential engine panic when using XFS disk quota for containers. moby/moby#39644

Swarm

19.03.1 (2019-07-25)

Runtime

  • Fix CVE-2019-14271 loading of nsswitch based config inside chroot under Glibc.

19.03.0 (2019-07-22)

Deprecation

  • Deprecate image manifest v2 schema1 in favor of v2 schema2. Future version of Docker will remove support for v2 schema1 altogether. moby/moby#39365
  • Remove v1.10 migrator. moby/moby#38265
  • Skip deprecated storage-drivers in auto-selection. moby/moby#38019
  • Deprecate aufs storage driver and add warning. moby/moby#38090

Client

  • Bump google.golang.org/grpc to v1.20.1. docker/cli#1884
  • Cli change to pass driver specific options to docker run. docker/cli#1767
  • Bump Golang 1.12.5. docker/cli#1875
  • The docker system info output now segregates information relevant to the client and daemon. docker/cli#1638
  • (Experimental) When targetting Kubernetes, add support for x-pull-secret: some-pull-secret in compose-files service configs. docker/cli#1617
  • (Experimental) When targetting Kubernetes, add support for x-pull-policy: <Never|Always|IfNotPresent> in compose-files service configs. docker/cli#1617
  • cp, save, export: Prevent overwriting irregular files. docker/cli#1515
  • Allow npipe volume type on stack file. docker/cli#1195

API

  • Add undocumented /grpc endpoint and register BuildKit's controller. moby/moby#38990

Builder

  • builder-next: allow setting buildkit outputs. docker/cli#1766
  • builder-next: look for a Dockerfile specific dockerignore file (eg. Dockerfile.dockerignore) for ignored paths. docker/engine#215
  • builder-next: automatically detect if process execution is possible for x86, arm and arm64 binaries. docker/engine#215
  • builder-next: added inline cache support --cache-from. docker/engine#215
  • builder-next: allow outputs configuration. moby/moby#38898

Experimental

Security

Runtime

Networking

  • Fix to make sure load balancer sandbox is deleted when a service is updated with --network-rm. docker/engine#213

Swarm

Logging

v18.9.17

(2020-04-27)

  • Add integration tests for hostapp handling [Robert Günzler]
  • Fix container data deletion [Roman Mazur]

v18.9.16

(2020-04-20)

  • overlay2: Add List support [Roman Mazur]
  • aufs: Add List support [Roman Mazur]
  • layer: Remove unreferenced driver layers on create [Roman Mazur]
  • layer: Prune unused data on layer store creation [Roman Mazur]
  • layer: Persist cacheID early on transaction start [Roman Mazur]

v18.9.15

(2020-04-11)

  • Fixed typos in getting-started.md docs [Miguel Casqueira]

v18.9.14

(2020-03-25)

  • Move ci to balenaCI [Robert Günzler]

v18.9.13

(2019-11-01)

  • contrib: Add balena-engine version of dind container [Robert Günzler]

v18.9.12

(2019-10-31)

  • build.sh: Disable btrfs,zfs,devicemapper graphdrivers [Robert Günzler]

v18.9.11

(2019-10-31)

  • integration-tests: Don't fail TestImagePullComparePullDuration [Robert Günzler]

v18.9.10

(2019-08-23)

  • Bump CLI dependency to include fix for #178 [Robert Günzler]

v18.9.9

(2019-08-22)

  • Bump CLI dependency to include --cidenv flag [Robert Günzler]
  • Allow passing container ID to container via environment variable [Robert Günzler]

v18.9.8

(2019-08-22)

  • Backport journald performance improvements/fixes [Robert Günzler]

v18.9.7

(2019-06-26)

  • contrib/install.sh: Add details to the success message [Robert Günzler]
  • contrib/install.sh: Rename balena to balenaEngine in ASCII art output [Robert Günzler]
  • contrib/install.sh: Fail on error [Robert Günzler]

v18.9.6

(2019-06-03)

  • Bump containerd/cgroups to dbea6f2bd41658b84b00417ceefa416b97 [Robert Günzler]

v18.9.5

(2019-04-26)

  • Add daemon flags to configure max download/upload attempts during pull/push [Robert Günzler]

v18.9.4

(2019-04-25)

  • aufs,overlay2: Add driver opts for disk sync [Robert Günzler]

v18.9.3

(2019-02-28) [upstream release]

  • Fix double locking in the event handling code of OOM events [Robert Günzler]
  • integration-tests: Add test for containers with memory,cpu constraints [Robert Günzler]
  • Update Dockerfiles used for build to Go 1.10.8 [Robert Günzler]
Merge upstream v18.09.3 [Robert Günzler]

This pulls in upstream changes since balenaEngine v17.13.3. The following is an edited version of the upstream CHANGELOG:

Deprecation

API

Builder

  • Additional warnings for use of deprecated legacy overlay and devicemapper storage dirvers. docker/engine#85

Client

Daemon

Logging

Networking

Runtime

Security

v17.13.3

(2019-02-25)

v17.13.2

(2019-02-21)

  • travis: Use the minimal machine [Robert Günzler]

v17.13.1

(2019-02-20)

  • vendor: Update runc to include fix for CVE-2019-5736 [Robert Günzler]

v17.13.0

(2019-01-31)

  • Add cli for tagging delta images [Robert Günzler]

  • Allow tagging of image deltas on creation [Robert Günzler]

  • Update balenaEngine logo in README.md [Paulo Castro]

v17.12.1

(2019-01-14)

  • docs: Fix Docker capitalisation in balenaEngine docs [Paulo Castro]

  • Project rebranding: balena is now known as balenaEngine and all the executables now have the balena-engine prefix in the file name. This was a result of resin.io open sourcing its platform backend and renaming itself balena.io. The old balena.io landing page will shortly relocate to balena.io/engine.

  • This release branches off the Docker CE 17.12.0-ce release and brings along all its new features and bug fixes.

  • Build environment: Go compiler updated from version 1.9 to 1.10.

  • Several additional bug fixes and reliability improvements listed below - the first column is the commit hash prefix.

v17.12.0 (2018-10-17)

Release highlights:

25755b0 Use Balena's fork of golang.org/x/sys/unix (ARM SyncFileRange syscall)
40c33e3 Fix daemon/cluster/executor/container/ unit tests
b40c26d Rename balena to balena-engine (executables) or balenaEngine (project)
3e2973d mobynit: Add support to mount rootfs from a custom location
9f4cd6a update containerd/console to fix race: lock Cond before Signal
deba4bb delta: use chain ids to decide whether to skip a layer
c87589c version: Fix balena CLI version string
9d1d910 version: Fix balena server version string
3685c83 pkg/chrootarchive: disable memory cgroups until pending issues are fixed
85b036b vendor: update libnetwork to include stale default bridge fix
b706f5d pkg/ioutils: implement eager writer
08b01ef Revert "vendor: update golang/x/sys to support fadvise for arm64"
60f2a21 pull: rely on memory cgroups to avoid page cache thrashing
38b223b pkg/stringid: don't bother seeding math/random with crypto grade seed
f08057b vendor: update btrfs dependency
ca0ecfc Upgrade balena to 17.12 (upstream docker)
519ed00 container: remove extraneous lock leading to deadlocks
2e2f9df tests: more integration test fixes
276ee9d cmd/mobynit: adapt to new internal API
8e47b09 build: switch the default build to be the dynamically linked binary
137b066 tests: remove plugin support in tests
64f52ee tests: skip swarm tests
e0e5db3 fix regression of DockerSuite.TestAPINetworkCreateCheckDuplicate
5955d38 build: do not install embedded binaries separately
a466c05 cmd/balena: exit with non-zero code if called with unknown command
3a1be7a a lot of balena rename fixes for integration tests
f3b6b8a vendor: update containerd
b64eefe build: switch to statically linked builds
9ed4298 build: let the go compiler do the stripping
bd23724 build: limit max go procs to avoid qemu hangs
5ead292 vendor: update golang/x/sys to support fadvise for arm64
0386158 build: add libudev dependency
fd78fe4 vendor: update containerd to non-plugin version
a1191cb daemon/config: remove swarm support
ddaa8c1 daemon: add appropriate container locks to avoid races
c24bda9 healthcheck: fix docker segfaulting
1cf563e vendor: revendor everything
97505a4 vendor: update vendor.conf with all required dependencies
8c12415 restartmanager: fixed the unit test
8af842e tests: renamed runc to balena-runc
55f4379 fixed balena version error
24b643b daemon: experimental: restart container when they become unhealthy
b430038 daemon: only attempt to prune local networks since swarm is disabled
eac6aa0 Updated init scripts for Balena
062cf0e Updated github hooks for balena
07e8c0a Update website copy
5d81d5a Issue template should refer to balena throughout
a8846e2 updated the mock of xfer to pass unit test
8f898bb fixed integration with balena
60cb5cb Renaming target to support balena
bce9bc7 Fixed the runc version test
add016d skip tests of unsopported components
5d30454 fix addidental mention of balaena name instead of balena
5c46120 landr: add correct feature descriptions
189482e build: temporary switch to other base images
fcf3865 pkg/archive: sync files before issuing the fadvise syscall

17.06+rev1 (2017-10-13)

Builder

  • Allow bind-mounting a volume in the build context #27

CLI

  • Add command for generating image deltas #35

Daemon

  • Add utility that can boot a system into a container #10
  • Add the ability to create binary delta between two images #11
  • Include engine name in version information #32
  • Minimize page cache usage during pull de0993b

Plugins

  • Disable plugin support #14

Logging

  • Disable awslogs, fluentd, gcplogs, gelf, logentries, splunk, and syslog logging drivers fe4d45c

Runtime

  • Disable consul, etcd, and zookeeper discovery backends 380ba69

Swarm Mode

  • Disable swarm mode #14

Distribution

  • On-the-fly layer extraction during docker pull #8
  • Improve layer reuse when pushing to v1 registries #28
  • Include a combined progress bar of all the layers in the output #31