Home Explore Blog CI



docker

10th chunk of `content/manuals/engine/release-notes/18.09.md`
30429e831b3de0dfb622867601933b7e0a7321b63fb6ae960000000100000e93
* Handles systemd-resolved case by providing appropriate resolv.conf to networking layer [moby/moby#37485](https://github.com/moby/moby/pull/37485)
* Removes support for TLS < 1.2 [moby/moby#37660](https://github.com/moby/moby/pull/37660)
* Seccomp: Whitelist syscalls linked to `CAP_SYS_NICE` in default seccomp profile [moby/moby#37242](https://github.com/moby/moby/pull/37242)
* Seccomp: move the syslog syscall to be gated by `CAP_SYS_ADMIN` or `CAP_SYSLOG` [docker/engine#64](https://github.com/docker/engine/pull/64) / [moby/moby#37929](https://github.com/moby/moby/pull/37929)
* SELinux: Fix relabeling of local volumes specified via Mounts API on selinux-enabled systems [moby/moby#37739](https://github.com/moby/moby/pull/37739)
* Adds warning if REST API is accessible through an insecure connection [moby/moby#37684](https://github.com/moby/moby/pull/37684)
* Masks proxy credentials from URL when displayed in system info [docker/engine#72](https://github.com/docker/engine/pull/72) / [moby/moby#37934](https://github.com/moby/moby/pull/37934)
* Fixes mount propagation for btrfs [docker/engine#86](https://github.com/docker/engine/pull/86) / [moby/moby#38026](https://github.com/moby/moby/pull/38026)
* Fixes nil pointer dereference in node allocation [docker/engine#94](https://github.com/docker/engine/pull/94) / [docker/swarmkit#2764](https://github.com/docker/swarmkit/pull/2764)

### Known Issues

* There are important changes to the upgrade process that, if not correctly followed, can have impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or greater.
* With https://github.com/boot2docker/boot2docker/releases/download/v18.09.0/boot2docker.iso, connection is being refused from a node on the virtual machine. Any publishing of swarm ports in virtualbox-created docker-machine VM's will not respond. This is occurring on macOS and Windows 10, using docker-machine version 0.15 and 0.16.

   The following `docker run` command works, allowing access from host browser:

   `docker run -d -p 4000:80 nginx`

   However, the following `docker service` command fails, resulting in curl/chrome unable to connect (connection refused):

   `docker service create -p 5000:80 nginx`

   This issue is not apparent when provisioning 18.09.0 cloud VM's using docker-machine.

   Workarounds:
   * Use cloud VM's that don't rely on boot2docker.
   * `docker run` is unaffected.
   * For Swarm, set VIRTUALBOX_BOOT2DOCKER_URL=https://github.com/boot2docker/boot2docker/releases/download/v18.06.1-ce/boot2docker.iso.

   This issue is resolved in 18.09.1.

### Deprecation Notices

- Docker has deprecated support for Device Mapper as a storage driver. It will continue to be
supported at this time, but support will be removed in a future release.

  The [Overlay2 storage driver](/manuals/engine/storage/drivers/overlayfs-driver.md) is now the default for Docker Engine implementations.

For more information on the list of deprecated flags and APIs, have a look at the [deprecation information](/engine/deprecated/) where you can find the target removal dates.

### End of Life Notification

In this release, Docker has also removed support for TLS < 1.2 [moby/moby#37660](https://github.com/moby/moby/pull/37660),
Ubuntu 14.04 "Trusty Tahr" [docker-ce-packaging#255](https://github.com/docker/docker-ce-packaging/pull/255) / [docker-ce-packaging#254](https://github.com/docker/docker-ce-packaging/pull/254), and Debian 8 "Jessie" [docker-ce-packaging#255](https://github.com/docker/docker-ce-packaging/pull/255) / [docker-ce-packaging#254](https://github.com/docker/docker-ce-packaging/pull/254).

Title: Docker Engine 18.09: Further Fixes, Known Issues, Deprecations, and End of Life Notices
Summary
This section details further bug fixes in Docker Engine 18.09, including improvements to systemd-resolved handling, mount propagation for btrfs, and a fix for a nil pointer dereference in node allocation. It also highlights known issues related to Swarm upgrades and connection refusals in virtualbox-created docker-machine VMs, along with workarounds. Furthermore, it announces the deprecation of Device Mapper as a storage driver and lists deprecated flags and APIs. Finally, it notes the end of life for TLS versions less than 1.2, Ubuntu 14.04, and Debian 8.