Home Explore Blog CI



docker
9th chunk of `content/manuals/engine/release-notes/20.10.md`
d269629e6fdb9bfc4334ce21b7f61d54e82168cf701c21b6000000010000112e
> Due to [net/http changes](https://github.com/golang/go/issues/40909) in [Go 1.16](https://golang.org/doc/go1.16#net/http), HTTP proxies configured through the `$HTTP_PROXY` environment variable are no longer used for TLS (`https://`) connections. Make sure you also set an `$HTTPS_PROXY` environment variable for handling requests to `https://` URLs. Refer to the [HTTP/HTTPS proxy section](/manuals/engine/daemon/proxy.md) to learn how to configure the Docker Daemon to use a proxy server.


### Builder

- Fix platform-matching logic to fix `docker build` using not finding images in
  the local image cache on Arm machines when using BuildKit [moby/moby#42954](https://github.com/moby/moby/pull/42954)

### Runtime

- Add support for `clone3` syscall in the default seccomp policy to support running
  containers based on recent versions of Fedora and Ubuntu. [moby/moby/#42836](https://github.com/moby/moby/pull/42836).
- Windows: update hcsshim library to fix a bug in sparse file handling in container
  layers, which was exposed by recent changes in Windows [moby/moby#42944](https://github.com/moby/moby/pull/42944).
- Fix some situations where `docker stop` could hang forever [moby/moby#42956](https://github.com/moby/moby/pull/42956).

### Swarm

- Fix an issue where updating a service did not roll back on failure [moby/moby#42875](https://github.com/moby/moby/pull/42875).

### Packaging

- Add packages for Ubuntu 21.10 "Impish Indri" and Fedora 35.
- Update `docker scan` to v0.9.0
- Update Golang runtime to Go 1.16.9.

## 20.10.9
2021-10-04

This release is a security release with security fixes in the CLI, runtime, as
well as updated versions of the containerd.io package.

> [!IMPORTANT]
>
> Due to [net/http changes](https://github.com/golang/go/issues/40909) in [Go 1.16](https://golang.org/doc/go1.16#net/http), HTTP proxies configured through the `$HTTP_PROXY` environment variable are no longer used for TLS (`https://`) connections. Make sure you also set an `$HTTPS_PROXY` environment variable for handling requests to `https://` URLs. Refer to the [HTTP/HTTPS proxy section](/manuals/engine/daemon/proxy.md) to learn how to configure the Docker Daemon to use a proxy server.

### Client

- [CVE-2021-41092](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092)
  Ensure default auth config has address field set, to prevent credentials being
  sent to the default registry.

### Runtime

- [CVE-2021-41089](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089)
  Create parent directories inside a chroot during `docker cp` to prevent a specially
  crafted container from changing permissions of existing files in the host’s filesystem.
- [CVE-2021-41091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091)
  Lock down file permissions to prevent unprivileged users from discovering and
  executing programs in `/var/lib/docker`.

### Packaging

> **Known issue**
>
> The `ctr` binary shipping with the static packages of this release is not
> statically linked, and will not run in Docker images using alpine as a base
> image. Users can install the `libc6-compat` package, or download a previous
> version of the `ctr` binary as a workaround. Refer to the containerd ticket
> related to this issue for more details: [containerd/containerd#5824](https://github.com/containerd/containerd/issues/5824).

- Update Golang runtime to Go 1.16.8, which contains fixes for [CVE-2021-36221](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36221)
  and [CVE-2021-39293](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39293)
- Update static binaries and containerd.io rpm and deb packages to containerd
  v1.4.11 and runc v1.0.2 to address [CVE-2021-41103](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103).
- Update the bundled buildx version to v0.6.3 for rpm and deb packages.

## 20.10.8
2021-08-03

> [!IMPORTANT]
>
> Due to [net/http changes](https://github.com/golang/go/issues/40909) in [Go 1.16](https://golang.org/doc/go1.16#net/http), HTTP proxies configured through the `$HTTP_PROXY` environment variable are no longer used for TLS (`https://`) connections. Make sure you also set an `$HTTPS_PROXY` environment variable for handling requests to `https://` URLs. Refer to the [HTTP/HTTPS proxy section](/manuals/engine/daemon/proxy.md) to learn how to configure the Docker Daemon to use a proxy server.
Title: Docker Engine Release Notes: 20.10.9 and 20.10.8
Summary
This document summarizes the release notes for Docker Engine versions 20.10.9 and 20.10.8. 20.10.9 is a security release addressing CVE-2021-41092 (client), CVE-2021-41089 and CVE-2021-41091 (runtime), and CVE-2021-41103 through updated containerd and runc versions. It also updates the Golang runtime to Go 1.16.8. 20.10.8 contains fixes for platform matching in docker build, adds support for the clone3 syscall, fixes issues with Windows sparse file handling and docker stop hanging, and addresses a service update rollback issue in Swarm. It also adds packages for Ubuntu 21.10 and Fedora 35, updates docker scan to v0.9.0, and updates the Golang runtime to Go 1.16.9. A known issue with the ctr binary in static packages is noted. Both releases include a reminder about HTTP/HTTPS proxy configuration changes in Go 1.16.