kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity
moby--moby/docs/sources/release-notes.md

4.3 KiB
Raw Blame History

page_title: Docker 1.x Series Release Notes page_description: Release Notes for Docker 1.x. page_keywords: docker, documentation, about, technology, understanding, release

#Release Notes

You can view release notes for earlier version of Docker by selecting the desired version from the drop-down list at the top right of this page.

##Version 1.4.1 (2014-12-17)

This release fixes an issue related to mounting volumes on create. Details available in the Github milestone.

##Version 1.4.0 (2014-12-11)

This release provides a number of new features, but is mainly focused on bug fixes and improvements to platform stability and security.

For a complete list of patches, fixes, and other improvements, see the merge PR on GitHub.

New Features

  • You can now add labels to the Docker daemon using key=value pairs defined with the new --label flag. The labels are displayed by running docker info. In addition, docker info also now returns an ID and hostname field. For more information, see the command line reference.

  • The ENV instruction in the Dockerfile now supports arguments in the form of ENV name=value name2=value2... For more information, see the command line reference

  • Introducing a new, still experimental, overlayfs storage driver.

  • You can now add filters to docker events to filter events by event name, container, or image. For more information, see the command line reference.

  • The docker cp command now supports copying files from the filesystem of a container's volumes. For more information, see the remote API reference.

  • The docker tag command has been fixed so that it correctly honors --force when overriding a tag for existing image. For more information, see the command line reference.

  • Container volumes are now initialized during docker create. For more information, see the command line reference.

Security Fixes

Patches and changes were made to address the following vulnerabilities:

  • CVE-2014-9356: Path traversal during processing of absolute symlinks. Absolute symlinks were not adequately checked for traversal which created a vulnerability via image extraction and/or volume mounts.
  • CVE-2014-9357: Escalation of privileges during decompression of LZMA (.xz) archives. Docker 1.3.2 added chroot for archive extraction. This created a vulnerability that could allow malicious images or builds to write files to the host system and escape containerization, leading to privilege escalation.
  • CVE-2014-9358: Path traversal and spoofing opportunities via image identifiers. Image IDs passed either via docker load or registry communications were not sufficiently validated. This created a vulnerability to path traversal attacks wherein malicious images or repository spoofing could lead to graph corruption and manipulation.

Note: the above CVEs are also patched in Docker 1.3.3, which was released concurrently with 1.4.0.

Runtime fixes

  • Fixed an issue that caused image archives to be read slowly.

Client fixes

  • Fixed a regression related to STDIN redirection.
  • Fixed a regression involving docker cp when the current directory is the destination.

Note: Development history prior to version 1.0 can be found by searching in the Docker GitHub repo.

Known Issues

This section lists significant known issues present in Docker as of release date. It is not exhaustive; it lists only issues with potentially significant impact on users. This list will be updated as issues are resolved.

  • Unexpected File Permissions in Containers An idiosyncrasy in AUFS prevents permissions from propagating predictably between upper and lower layers. This can cause issues with accessing private keys, database instances, etc. For complete information and workarounds see Github Issue 783.