1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
moby--moby/docs/sources/release-notes.md
Fred Lifton 6afe5bf9ed Additions for 1.4.1 release
Docker-DCO-1.1-Signed-off-by: Fred Lifton <fred.lifton@docker.com> (github: fredlf)
2014-12-16 17:40:02 -08:00

3.7 KiB

page_title: Docker 1.x Series Release Notes page_description: Release Notes for Docker 1.x. page_keywords: docker, documentation, about, technology, understanding, release

#Release Notes

You can view release notes for earlier version of Docker by selecting the desired version from the drop-down list at the top right of this page.

##Version 1.4.1 (2014-12-17)

This release fixes an issue related to mounting volumes on create. Details available in the Github milestone.

##Version 1.4.0 (2014-12-11)

This release provides a number of new features, but is mainly focused on bug fixes and improvements to platform stability and security.

For a complete list of patches, fixes, and other improvements, see the merge PR on GitHub.

New Features

  • You can now add labels to the Docker daemon using key=value pairs defined with the new --label flag. The labels are displayed by running docker info. In addition, docker info also now returns an ID and hostname field. For more information, see the command line reference.

  • The ENV instruction in the Dockerfile now supports arguments in the form of ENV name=value name2=value2... For more information, see the command line reference

  • Introducing a new, still experimental, overlayfs storage driver.

  • You can now add filters to docker events to filter events by event name, container, or image. For more information, see the command line reference.

  • The docker cp command now supports copying files from the filesystem of a container's volumes. For more information, see the remote API reference.

  • The docker tag command has been fixed so that it correctly honors --force when overriding a tag for existing image. For more information, see the command line reference.

  • Container volumes are now initialized during docker create. For more information, see the command line reference.

Security Fixes

Patches and changes were made to address the following vulnerabilities:

  • CVE-2014-9356: Path traversal during processing of absolute symlinks. Absolute symlinks were not adequately checked for traversal which created a vulnerability via image extraction and/or volume mounts.
  • CVE-2014-9357: Escalation of privileges during decompression of LZMA (.xz) archives. Docker 1.3.2 added chroot for archive extraction. This created a vulnerability that could allow malicious images or builds to write files to the host system and escape containerization, leading to privilege escalation.
  • CVE-2014-9358: Path traversal and spoofing opportunities via image identifiers. Image IDs passed either via docker load or registry communications were not sufficiently validated. This created a vulnerability to path traversal attacks wherein malicious images or repository spoofing could lead to graph corruption and manipulation.

Note: the above CVEs are also patched in Docker 1.3.3, which was released concurrently with 1.4.0.

Runtime fixes

  • Fixed an issue that caused image archives to be read slowly.

Client fixes

  • Fixed a regression related to STDIN redirection.
  • Fixed a regression involving docker cp when the current directory is the destination.

Note: Development history prior to version 1.0 can be found by searching in the Docker GitHub repo.