- Revert seccomp: block socket calls to `AF_VSOCK` in default profile [moby/moby#44712](https://github.com/moby/moby/pull/44712).
This change, while favorable from a security standpoint, caused a change
in behavior for some use-cases. As such, we are reverting it to ensure
stability and compatibility for the affected users.
However, users of `AF_VSOCK` in containers should recognize that this
(special) address family is not currently namespaced in any version of
the Linux kernel, and may result in unexpected behavior, like containers
communicating directly with host hypervisors.
Future releases, will filter `AF_VSOCK`. Users who need to allow containers
to communicate over the unnamespaced `AF_VSOCK` will need to turn off seccomp
confinement or set a custom seccomp profile.
## 20.10.22
{{< release-date date="2022-12-16" >}}
This release of Docker Engine contains updated versions of Docker Compose,
Docker Scan, containerd, and some minor bug fixes and enhancements.
### Updates
- Update Docker Compose to [v2.14.1](https://github.com/docker/compose/releases/tag/v2.14.1).
- Update Docker Scan to [v0.23.0](https://github.com/docker/scan-cli-plugin/releases/tag/v0.23.0).
- Update containerd (`containerd.io` package) to [v1.6.13](https://github.com/containerd/containerd/releases/tag/v1.6.13),
to include a fix for [CVE-2022-23471](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23471).
- Update Go runtime to [1.18.9](https://go.dev/doc/devel/release#go1.18.minor),
to include fixes for
[CVE-2022-41716](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41716),
[CVE-2022-41717](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41717), and
[CVE-2022-41720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41720).
### Bug fixes and enhancements
- Improve error message when attempting to pull an unsupported image format or OCI artifact
[moby/moby#44413](https://github.com/moby/moby/pull/44413),
[moby/moby#44569](https://github.com/moby/moby/pull/44569).
- Fix an issue where the host's ephemeral port-range was ignored when selecting random ports for containers [moby/moby#44476](https://github.com/moby/moby/pull/44476).
- Fix `ssh: parse error in message type 27` errors during `docker build` on hosts using OpenSSH 8.9 or above [moby/moby#3862](https://github.com/moby/moby/pull/3862).
- seccomp: block socket calls to `AF_VSOCK` in default profile [moby/moby#44564](https://github.com/moby/moby/pull/44564).
## 20.10.21
{{< release-date date="2022-10-25" >}}
This release of Docker Engine contains updated versions of Docker Compose,
Docker Scan, containerd, added packages for Ubuntu 22.10, and some minor bug
fixes and enhancements.
### New
- Provide packages for Ubuntu 22.10 (Kinetic Kudu).
- Add support for `allow-nondistributable-artifacts` towards Docker Hub [moby/moby#44313](https://github.com/moby/moby/pull/44313).
### Updates
- Update Docker Compose to [v2.12.2](https://github.com/docker/compose/releases/tag/v2.12.2).
- Update Docker Scan to [v0.21.0](https://github.com/docker/scan-cli-plugin/releases/tag/v0.21.0).
- Update containerd (`containerd.io` package) to [v1.6.9](https://github.com/containerd/containerd/releases/tag/v1.6.9).
- Update bundled BuildKit version to fix `output clipped, log limit 1MiB reached` errors [moby/moby#44339](https://github.com/moby/moby/pull/44339).
### Bug fixes and enhancements
- Remove experimental gate for `--platform` in bash completion [docker/cli#3824](https://github.com/docker/cli/pull/3824).
- Fix an `Invalid standard handle identifier` panic when registering the Docker Engine as a service from a legacy CLI on Windows [moby/moby#44326](https://github.com/moby/moby/pull/44326).
- Fix running Git commands in Cygwin on Windows [moby/moby#44332](https://github.com/moby/moby/pull/44332).
## 20.10.20
{{< release-date date="2022-10-18" >}}
This release of Docker Engine contains partial mitigations for a Git vulnerability
([CVE-2022-39253](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253)),