Docker Engine - v24.0.3

24.0.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 24.0.3 milestone
• moby/moby, 24.0.3 milestone

Bug fixes and enhancements

• containerd image store: Fix an issue where multi-platform images that did not include a manifest for the default platform could not be interacted with. moby/moby#45849
• containerd image store: Fix specious attempts to cache FROM scratch in container builds. moby/moby#45822
• containerd image store: Fix docker cp with snapshotters that cannot mount the same content multiple times. moby/moby#45780, moby/moby#45786
• containerd image store: Fix builds with type=image not being correctly unpacked/stored. moby/moby#45692
• containerd image store: Fix incorrectly attempting to unpack pseudo-images (including attestations) in docker load. moby/moby#45688
• containerd image store: Correctly set the user agent, and include additional information like the snapshotter when interacting with registries. moby/moby#45671, moby/moby#45684
• containerd image store: Fix a failure to unpack already-pulled content after switching between snapshotters. moby/moby#45678
• containerd image store: Fix images that have been re-tagged or with all tags removed being pruned while still in use. moby/moby#45857
• Fix a Swarm CSI issue where the Topology field was not propagated into NodeCSIInfo. moby/moby#45810
• Fix failures to add new Swarm managers caused by a very large raft log. moby/moby#45703, moby/swarmkit#3122, moby/swarmkit#3128
• name_to_handle_at(2) is now always allowed in the default seccomp profile. moby/moby#45833
• Fix an issue that prevented encrypted Swarm overlay networks from working on ports other than the default (4789). moby/moby#45637
• Fix a failure to restore mount reference-counts during live-restore. moby/moby#45824
• Fix various networking-related failures during live-restore. moby/moby#45658, moby/moby#45659
• Fix running containers restoring with a zero (successful) exit status when the daemon is unexpectedly terminated. moby/moby#45801
• Fix a potential panic while executing healthcheck probes. moby/moby#45798
• Fix a panic caused by a race condition in container exec start. moby/moby#45794
• Fix an exception caused by attaching a terminal to an exec with a non-existant command. moby/moby#45643
• Fix host-gateway with BuildKit by passing the IP as a label (also requires docker/buildx#1894). moby/moby#45790
• Fix an issue where POST /containers/{id}/stop would forcefully terminate the container when the request was canceled, instead of waiting until the specified timeout for a 'graceful' stop. moby/moby#45774
• Fix an issue where docker cp -a from the root (/) directory would fail. moby/moby#45748
• Improve compatibility with non-runc container runtimes by more correctly setting resource constraint parameters in the OCI config. moby/moby#45746
• Fix an issue caused by overlapping subuid/subgid ranges in certain configurations (e.g. LDAP) in rootless mode. moby/moby#45747, rootless-containers/rootlesskit#369
• Greatly reduce CPU and memory usage while populating the Debug section of GET /info. moby/moby#45856
• Fix an issue where debug information was not correctly printed during docker info when only the client is in debug mode. docker/cli#4393
• Fix issues related to hung connections when connecting to hosts over a SSH connection. docker/cli#4395

Packaging updates

• Upgrade Go to go1.20.5. moby/moby#45745, docker/cli#4351, docker/docker-ce-packaging#904
• Upgrade Compose to v2.19.1. docker/docker-ce-packaging#916
• Upgrade buildx to v0.11.1. docker/docker-ce-packaging#918