Mirantis Container Runtime release notes

Mirantis Container Runtime release notes

Docker Engine - Enterprise is now MCR

The product formerly known as Docker Engine - Enterprise is now Mirantis Container Runtime (MCR).

This document describes the latest changes, additions, known issues, and fixes for Mirantis Container Runtime.

Version 19.03

19.03.14

(2020-12-17)

Components

Component

Version

Mirantis Container Runtime

19.03.14

containerd

1.3.9

runc

1.0.0-rc10

Engine

  • Fixed a memory leak related to the use of gcplogs (ENGINE-317).

  • Bumped libnetwork to address null dereference in error handling (ENGINE-317).

Runtime

  • Resolved an issue wherein containerd 1.7 binaries for RHEL 7.7 and 7.8 were missing (ENGINE-295).

Security

  • Resolved CVE-2020-15257 (ENGINE-322).

19.03.13

(2020-11-12)

Components

Component

Version

Docker Engine - Enterprise

19.03.13

containerd

1.3.7

runc

1.0.0-rc10

Client

  • Bumped golang version to 1.13.15 to address CVE-2020-16845.

  • Fixed errors on close in config file write on Windows.

  • Fixed an issue wherein Docker does not gracefully logout for non-default registry.

Engine

  • Bumped golang version to 1.13.15 to address CVE-2020-16845.

  • Fixed an issue where stopping a container did not remove it’s network namespace after running docker network disconnect cmd.

  • Bumped aws-sdk-go to support IMDSv2.

19.03.12

(2020-09-15)

Components

Component

Version

Mirantis Container Runtime

19.03.12

containerd

1.3.4

runc

1.0.0-rc10

Client

  • Fixed a command-line input regression on Windows

  • Bumped to go1.13.13 to address CVE-2020-14039

  • Bumped golang.org/x/text to address CVE-2020-14040

  • Fix bug preventing logout from registry when using multiple config files (e.g. Windows vs WSL2 when using Docker Desktop)

  • Fix regression preventing context metadata to be read

Engine

  • Bumped to go1.13.13 to address CVE-2020-14039

  • Fixed license warning regression on Windows

  • Fixes to Microsoft/hcsshim to address issues in directory timestamps, log-rotation, and Windows container startup times.

  • Bump vendor x/text to address CVE-2019-19794

19.03.11

(2020-06-24)

Networking

  • Fix for ‘failed to get network during CreateEndpoint’

  • Disable IPv6 Router Advertisements to prevent address spoofing. CVE-2020-13401

  • Fix DNS fallback regression. moby/moby#41009

  • Fix potential panic upon restart. moby/moby#40809

  • Assign the correct network value to the default bridge Subnet field. moby/moby#40565

Client

Runtime

Rootless

Builder

  • buildkit: Fix concurrent map write panic when building multiple images in parallel. moby/moby#40780

  • buildkit: Fix issue preventing chowning of non-root-owned files between stages with userns. moby/moby#40955

  • Avoid creation of irrelevant temporary files on Windows. moby/moby#40877

Logging

  • Avoid situation preventing container logs to rotate due to closing a closed log file. moby/moby#40921

Security

Swarm

  • Fix issue where single swarm manager is stuck in Down state after reboot. moby/moby#40831

  • tasks.db no longer grows indefinitely.

19.03.8

(2020-05-28)

Builder

  • builder-next: Fix deadlock issues in corner cases.

  • builder-next: Allow modern sign hashes for ssh forwarding.

  • builder-next: Clear onbuild rules after triggering.

  • builder-next: Fix issue with directory permissions when usernamespaces is enabled.

  • Bump hcsshim to fix docker build failing on Windows 1903.

Networking

  • Shorten controller ID in exec-root to not hit UNIX_PATH_MAX.

  • Fix panic in drivers/overlay/encryption.go.

  • Fix hwaddr set race between us and udev.

Runtime

  • Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/ subgid

  • Fix rate limiting for logger, increase refill rate

  • seccomp: add 64-bit time_t syscalls

  • libnetwork: cleanup VFP during overlay network removal

  • Improve mitigation for CVE-2019-14271 for some nscd configuration.

  • overlay: remove modprobe execs.

  • selinux: display better error messages when setting file labels.

  • Speed up initial stats collection.

  • rootless: use certs.d from XDG_CONFIG_HOME.

  • Bump Golang 1.12.17.

  • Bump google.golang.org/grpc to v1.23.1.

  • Update containerd binary to v1.2.13.

  • Prevent showing stopped containers as running in an edge case.

  • Prevent potential lock.

  • Update to runc v1.0.0-rc10.

  • Fix possible runtime panic in Lgetxattr.

  • rootless: fix proxying UDP packets.

Client

  • Bump Golang 1.12.17.

  • Bump google.golang.org/grpc to v1.23.1.