En

Docker官网安全更新(2018-07-18)

来源:Docker官网 发布日期:2018-07-18 阅读次数:323 评论:0

基本信息

发布日期:2018-07-18(官方当地时间)

更新类型:安全更新

更新版本:18.06.0-ce

感知时间:2019-12-05 19:41:37

风险等级:未知

情报贡献:TSRC

更新标题

Docker官网安全更新,18.06.0-ce版本发布

更新详情



Important notes about this release


Docker 18.06 CE will be the last release with a 4-month maintenance lifecycle. The planned Docker 18.09 CE release will be supported for 7 months with Docker 19.03 CE being the next release in line. More details about the release process can be found here.


Builder


Builder: fix layer leak on multi-stage wildcard copy. moby/moby#37178
Fix parsing of invalid environment variable substitution . moby/moby#37134
Builder: use the arch info from base image. moby/moby#36816 moby/moby#37197
New experimental builder backend based on BuildKit. To enable, run daemon in experimental mode and set DOCKER_BUILDKIT=1 environment variable on the docker CLI. moby/moby#37151 docker/cli#1111
Fix handling uppercase targets names in multi-stage builds. moby/moby#36960


Client


Bump spf13/cobra to v0.0.3, pflag to v1.0.1. moby/moby#37106
Add support for the new Stack API for Kubernetes v1beta2. docker/cli#899
K8s: more robust stack error detection on deploy. docker/cli#948
Support for rollback config in compose 3.7. docker/cli#409
Update Cobra and pflag, and use built-in --version feature. docker/cli#1069
Fix docker stack deploy --prune with empty name removing all services. docker/cli#1088
[Kubernetes] stack services filters. docker/cli#1023
Only show orchestrator flag in root, stack and version commands in help. docker/cli#1106
Add an Extras field on the compose config types. docker/cli#1126
Add options to the compose loader. docker/cli#1128
Fix always listing nodes in docker stack ps command on Kubernetes. docker/cli#1093
Fix output being shown twice on stack rm error message. docker/cli#1093
Extend client API with custom HTTP requests. moby/moby#37071
Changed error message for unreadable files to clarify possibility of a .Dockerignore entry. docker/cli#1053
Restrict kubernetes.allNamespaces value to ‘enabled’ or ‘disabled’ in configuration file. docker/cli#1087
Check errors when initializing the docker client in the help command. docker/cli#1119
Better namespace experience with Kubernetes. Fix using namespace defined in ~/.kube/config for stack commands. Add a NAMESPACE column for docker stack ls command. Add a --all-namespaces flag for docker stack ls command. docker/cli#991
Export Push and Save. docker/cli#1123
Export pull as a public function. docker/cli#1026
Remove Kubernetes commands from experimental. docker/cli#1068
Adding configs/secrets to service inspect pretty. docker/cli#1006
Fix service filtering by name on Kubernetes. docker/cli#1101
Fix component information alignment in docker version. docker/cli#1065
Fix cpu/memory limits and reservations being reset on service update. docker/cli#1079
Manifest list: request specific permissions. docker/cli#1024
Setting --orchestrator=all also sets --all-namespaces unless specific --namespace are set. docker/cli#1059
Fix panics when --compress and --stream are used together. docker/cli#1105
Switch from x/net/context to context. docker/cli#1038
Add --init option to docker service create. docker/cli#479
Fixed bug displaying garbage output for build command when --stream and --quiet flags combined. docker/cli#1090
Add init support in 3.7 schema. docker/cli#1129
Fix docker trust signer removal. docker/cli#1112
Fix error message from docker inspect. docker/cli#1071
Allow x-* extension on 3rd level objects. docker/cli#1097
An invalid orchestrator now generates an error instead of being silently ignored. docker/cli#1055
Added ORCHESTRATOR column to docker stack ls command. docker/cli#973
Warn when using host-ip for published ports for services. docker/cli#1017
Added the option to enable experimental cli features through the DOCKER_CLI_EXPERIMENTAL environment variable. docker/cli#1138
Add exec_die to the list of known container events. docker/cli#1028
[K8s] Do env-variable expansion on the uninterpreted Config files. docker/cli#974
Print warnings on stderr for each unsupported features while parsing a compose file for deployment on Kubernetes. docker/cli#903
Added description about pids count. docker/cli#1045
Warn user of filter when pruning. docker/cli#1043
Fix --rollback-* options overwriting --update-* options. docker/cli#1052
Update Attach, Build, Commit, Cp, Create subcommand fish completions. docker/cli#1005
Add bash completion for dockerd --default-address-pool. docker/cli#1173
Add bash completion for exec_die event. docker/cli#1173
Update docker-credential-helper so pass is not called on every docker command. docker/cli#1184
Fix for rotating swarm external CA. docker/cli#1199
Improve version output alignment. docker/cli#1207
Add bash completion for service create|update --init. docker/cli#1210


Deprecation


Document reserved namespaces deprecation. docker/cli#1040


Logging


Allow awslogs to use non-blocking mode. moby/moby#36522
Improve logging of long log lines on fluentd log driver.. moby/moby#36159
Re-order CHANGELOG.md to pass make validate test. moby/moby#37047
Update Events, Exec, Export, History, Images, Import, Inspect, Load, and Login subcommand fish completions. docker/cli#1061
Update documentation for RingLogger’s ring buffer. moby/moby#37084
Add metrics for log failures/partials. moby/moby#37034
Fix logging plugin crash unrecoverable. moby/moby#37028
Fix logging test type. moby/moby#37070
Fix race conditions in logs API. moby/moby#37062
Fix some issues in logfile reader and rotation. moby/moby#37063


Networking


Allow user to specify default address pools for docker networks. moby/moby#36396 docker/cli#818
Adding logs for ipam state doccker/libnetwork#2417
Fix race conditions in the overlay network driver doccker/libnetwork#2143
Add wait time into xtables lock warning doccker/libnetwork#2142
filter xtables lock warnings when firewalld is active doccker/libnetwork#2135
Switch from x/net/context to context doccker/libnetwork#2140
Adding a recovery mechanism for a split gossip cluster doccker/libnetwork#2134
Running docker inspect on network attachment tasks now returns a full task object. moby/moby#35246
Some container/network cleanups. moby/moby#37033
Fix network inspect for overlay network. moby/moby#37045
Improve Scalability of the Linux load balancing. docker/engine#16
Change log level from error to warning. docker/engine#19


Runtime


Aufs: log why aufs is not supported. moby/moby#36995
Hide experimental checkpoint features on Windows. docker/cli#1094
Lcow: Allow the client to customize capabilities and device cgroup rules for LCOW containers. moby/moby#37294
Changed path given for executable output in windows to actual location of executable output. moby/moby#37295
Add windows recycle bin test and update hcsshim to v0.6.11. moby/moby#36994
Allow to add any args when doing a make run. moby/moby#37190
Optimize ContainerTop() aka docker top. moby/moby#37131
Fix compilation on 32bit machines. moby/moby#37292
Update API version to v1 38. moby/moby#37141
Fix docker service update --host-add does not update existing host entry. docker/cli#1054
Fix swagger file type for ExecIds. moby/moby#36962
Fix swagger volume type generation. moby/moby#37060
Fix wrong assertion in volume/service package. moby/moby#37211
Fix daemon panic on restart when a plugin is running. moby/moby#37234
Construct and add ‘LABEL’ command from ‘label’ option to last stage. moby/moby#37011
Fix race condition between exec start and resize.. moby/moby#37172
Alternative failure mitigation of TestExecInteractiveStdinClose. moby/moby#37143
RawAccess allows a set of paths to be not set as masked or readonly. moby/moby#36644
Be explicit about github.com prefix being a legacy feature. moby/moby#37174
Bump Golang to 1.10.3. docker/cli#1122
Close ReadClosers to prevent xz zombies. moby/moby#34218
Daemon.ContainerStop(): fix for a negative timeout. moby/moby#36874
Daemon.setMounts(): copy slice in place. moby/moby#36991
Describe IP field of swagger Port definition. moby/moby#36971
Extract volume interaction to a volumes service. moby/moby#36688
Fixed markdown formatting in docker image v1, v1.1, and v1.2 spec. moby/moby#37051
Improve GetTimestamp parsing. moby/moby#35402
Jsonmessage: pass message to aux callback. moby/moby#37064
Overlay2: remove unused cdMountFrom() helper function. moby/moby#37041
Overlay: Fix overlay storage-driver silently ignoring unknown storage-driver options. moby/moby#37040
Remove some unused contrib items. moby/moby#36977
Restartmanager: do not apply restart policy on created containers. moby/moby#36924
Set item-type for ExecIDs. moby/moby#37121
Use go-systemd const instead of magic string in Linux version of dockerd. moby/moby#37136
Use stdlib TLS dialer. moby/moby#36687
Warn when an engine label using a reserved namespace (com.docker.*, io.docker.*, or org.dockerproject.*) is configured, as per https://docs.docker.com/config/labels-custom-metadata/. moby/moby#36921
Fix missing plugin name in message. moby/moby#37052
Fix link anchors in CONTRIBUTING.md. moby/moby#37276
Fix link to Docker Toolbox. moby/moby#37240
Fix mis-used skip condition. moby/moby#37179
Fix bind mounts not working in some cases. moby/moby#37031
Fix fd leak on attach. moby/moby#37184
Fix fluentd partial detection. moby/moby#37029
Fix incorrect link in version-history.md. moby/moby#37049
Allow vim to be case insensitive for D in dockerfile. moby/moby#37235
Add t.Name() to tests so that service names are unique. moby/moby#37166
Add additional message when backendfs is extfs without d_type support. moby/moby#37022
Add api version checking for tests from new feature. moby/moby#37169
Add image metrics for push and pull. moby/moby#37233
Add support for init on services. moby/moby#37183
Add verification of escapeKeys array length in pkg/term/proxy.go. moby/moby#36918
When link id is empty for overlay2, do not remove this link.. moby/moby#36161
Fix build on OpenBSD by defining Self(). moby/moby#37301
Windows: Fix named pipe support for hyper-v isolated containers. docker/engine#2 docker/cli#1165
Fix manifest lists to always use correct size. docker/cli#1183
Register OCI media types. docker/engine#4
Update containerd to v1.1.1 docker/engine#17
LCOW: Prefer Windows over Linux in a manifest list. docker/engine#3
Add updated MaskPaths that are used in code paths directly using containerd to address CVE-2018-10892. docker/engine#15
Add /proc/acpi to masked paths to address CVE-2018-10892. docker/engine#14
Fix bindmount autocreate race. docker/engine#11


Swarm Mode


List stacks for both Swarm and Kubernetes with --orchestrator=all in docker stack ls. Allow several occurrences of --namespace for Kubernetes with docker stack ls. docker/cli#1031
Bump SwarmKit to remove deprecated grpc metadata wrappers. moby/moby#36905
Issue an error for --orchestrator=all when working on mismatched Swarm and Kubernetes hosts. docker/cli#1035
Fix broken swarm commands with Kubernetes defined as orchestrator. “--orchestrator” flag is no longer global but local to stack commands and subcommands docker/cli#1137 docker/cli#1139
Bump swarmkit to include task reaper fixes and more metrics. docker/engine#13
Avoid a leak when a service with unassigned tasks is deleted. docker/engine#27
Fix racy batching on the dispatcher. docker/engine#27


软件描述

Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的镜像中,然后发布到任何流行的 Linux或Windows 机器上,也可以实现虚拟化。容器是完全使用沙箱机制,相互之间不会有任何接口。 [1]

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入