---
title: Docker Engine 20.10 release notes
linkTitle: Engine v20.10
description: Learn about the new features, bug fixes, and breaking changes for Docker
Engine
keywords: docker, docker engine, ce, whats new, release notes
toc_min: 1
toc_max: 2
---
This document describes the latest changes, additions, known issues, and fixes
for Docker Engine version 20.10.
## 20.10.24
{{< release-date date="2023-04-04" >}}
### Updates
- Update Go runtime to [1.19.7](https://go.dev/doc/devel/release#go1.19.minor).
- Update Docker Buildx to [v0.10.4](https://github.com/docker/buildx/releases/tag/v0.10.4).
- Update containerd to [v1.6.20](https://github.com/containerd/containerd/releases/tag/v1.6.20).
- Update runc to [v1.1.5](https://github.com/opencontainers/runc/releases/tag/v1.1.5).
### Bug fixes and enhancements
- Fixed a number of issues that can cause Swarm encrypted overlay networks
to fail to uphold their guarantees, addressing [CVE-2023-28841](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28841),
[CVE-2023-28840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840), and
[CVE-2023-28842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842).
- A lack of kernel support for encrypted overlay networks now reports
as an error.
- Encrypted overlay networks are eagerly set up, rather than waiting for
multiple nodes to attach.
- Encrypted overlay networks are now usable on Red Hat Enterprise Linux 9
through the use of the `xt_bpf` kernel module.
- Users of Swarm overlay networks should review [GHSA-vwm3-crmr-xfxw](https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw)
to ensure that unintentional exposure has not occurred.
- Upgrade github.com/containerd/fifo to v1.1.0 to fix a potential panic [moby/moby#45216](https://github.com/moby/moby/pull/45242).
- Fix missing Bash completion for installed cli-plugins [docker/cli#4091](https://github.com/docker/cli/pull/4091).
## 20.10.23
{{< release-date date="2023-01-19" >}}
This release of Docker Engine contains updated versions of Docker Compose,
Docker Buildx, containerd, and some minor bug fixes and enhancements.
### Updates
- Update Docker Compose to [v2.15.1](https://github.com/docker/compose/releases/tag/v2.15.1).
- Update Docker Buildx to [v0.10.0](https://github.com/docker/buildx/releases/tag/v0.10.0).
- Update containerd (`containerd.io` package) to [v1.6.15](https://github.com/containerd/containerd/releases/tag/v1.6.15).
- Update the package versioning format for `docker-compose-cli` to allow distribution version updates [docker/docker-ce-packaging#822](https://github.com/docker/docker-ce-packaging/pull/822).
- Update Go runtime to [1.18.10](https://go.dev/doc/devel/release#go1.18.minor),
### Bug fixes and enhancements
- Fix an issue where `docker build` would fail when using `--add-host=host.docker.internal:host-gateway`
with BuildKit enabled [moby/moby#44650](https://github.com/moby/moby/pull/44650).
- Revert seccomp: block socket calls to `AF_VSOCK` in default profile [moby/moby#44712](https://github.com/moby/moby/pull/44712).
This change, while favorable from a security standpoint, caused a change
in behavior for some use-cases. As such, we are reverting it to ensure
stability and compatibility for the affected users.
However, users of `AF_VSOCK` in containers should recognize that this
(special) address family is not currently namespaced in any version of
the Linux kernel, and may result in unexpected behavior, like containers
communicating directly with host hypervisors.
Future releases, will filter `AF_VSOCK`. Users who need to allow containers
to communicate over the unnamespaced `AF_VSOCK` will need to turn off seccomp
confinement or set a custom seccomp profile.
## 20.10.22
{{< release-date date="2022-12-16" >}}
This release of Docker Engine contains updated versions of Docker Compose,
Docker Scan, containerd, and some minor bug fixes and enhancements.
### Updates