- seccomp: add support for Landlock syscalls in default policy [moby/moby#43991](https://github.com/moby/moby/pull/43991).
- seccomp: update default policy to support new syscalls introduced in kernel 5.12 - 5.16 [moby/moby#43991](https://github.com/moby/moby/pull/43991).
- Fix an issue where cache lookup for image manifests would fail, resulting
  in a redundant round-trip to the image registry [moby/moby#44109](https://github.com/moby/moby/pull/44109).
- Fix an issue where `exec` processes and healthchecks were not terminated
  when they timed out [moby/moby#44018](https://github.com/moby/moby/pull/44018).

## 20.10.17
{{< release-date date="2022-06-06" >}}

This release of Docker Engine comes with updated versions of Docker Compose and the
`containerd`, and `runc` components, as well as some minor bug fixes.

### Updates

- Update Docker Compose to [v2.6.0](https://github.com/docker/compose/releases/tag/v2.6.0).
- Update containerd (`containerd.io` package) to [v1.6.6](https://github.com/containerd/containerd/releases/tag/v1.6.6),
  which contains a fix for [CVE-2022-31030](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31030)
- Update runc version to [v1.1.2](https://github.com/opencontainers/runc/releases/tag/v1.1.2), which contains a fix for
  [CVE-2022-29162](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29162).
- Update Go runtime to [1.17.11](https://go.dev/doc/devel/release#go1.17.minor),
  which contains fixes for [CVE-2022-30634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30634),
  [CVE-2022-30629](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629),
  [CVE-2022-30580](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30580) and
  [CVE-2022-29804](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29804)

### Bug fixes and enhancements

- Remove asterisk from docker commands in zsh completion script [docker/cli#3648](https://github.com/docker/cli/pull/3648).
- Fix Windows port conflict with published ports in host mode for overlay [moby/moby#43644](https://github.com/moby/moby/pull/43644).
- Ensure performance tuning is always applied to libnetwork sandboxes [moby/moby#43683](https://github.com/moby/moby/pull/43683).

## 20.10.16
{{< release-date date="2022-05-12" >}}

This release of Docker Engine fixes a regression in the Docker CLI builds for
macOS, fixes an issue with `docker stats` when using containerd 1.5 and up,
and updates the Go runtime to include a fix for [CVE-2022-29526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526).

### Updates
- Update golang.org/x/sys dependency which contains a fix for
  [CVE-2022-29526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526).
- Updated the `golang.org/x/sys` build-time dependency which contains a fix for [CVE-2022-29526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526).
- Updated Go runtime to [1.17.10](https://go.dev/doc/devel/release#go1.17.minor),
  which contains a fix for [CVE-2022-29526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526).

### Bug fixes and enhancements
- Fixed a regression in binaries for macOS introduced in [20.10.15](#201015), which
  resulted in a panic [docker/cli#43426](https://github.com/docker/cli/pull/3592).
- Fixed an issue where `docker stats` was showing empty stats when running with
  containerd 1.5.0 or up [moby/moby#43567](https://github.com/moby/moby/pull/43567).
- Used "weak" dependencies for the `docker scan` CLI plugin, to prevent a
  "conflicting requests" error when users performed an off-line installation from
  downloaded RPM packages [docker/docker-ce-packaging#659](https://github.com/docker/docker-ce-packaging/pull/659).

## 20.10.15
{{< release-date date="2022-05-05" >}}

This release of Docker Engine comes with updated versions of the `compose`,
`buildx`, `containerd`, and `runc` components, as well as some minor bug fixes.

### Updates
- Update Docker Compose to [v2.5.0](https://github.com/docker/compose/releases/tag/v2.5.0).