19.03.8

(2020-05-28)

Builder

• builder-next: Fix deadlock issues in corner cases.

• builder-next: Allow modern sign hashes for ssh forwarding.

• builder-next: Clear onbuild rules after triggering.

• builder-next: Fix issue with directory permissions when usernamespaces is enabled.

• Bump hcsshim to fix docker build failing on Windows 1903.

Networking

• Shorten controller ID in exec-root to not hit UNIX_PATH_MAX.

• Fix panic in drivers/overlay/encryption.go.

• Fix hwaddr set race between us and udev.

Runtime

• Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/ subgid

• Fix rate limiting for logger, increase refill rate

• seccomp: add 64-bit time_t syscalls

• libnetwork: cleanup VFP during overlay network removal

• Improve mitigation for CVE-2019-14271 for some nscd configuration.

• overlay: remove modprobe execs.

• selinux: display better error messages when setting file labels.

• Speed up initial stats collection.

• rootless: use certs.d from XDG_CONFIG_HOME.

• Bump Golang 1.12.17.

• Bump google.golang.org/grpc to v1.23.1.

• Update containerd binary to v1.2.13.

• Prevent showing stopped containers as running in an edge case.

• Prevent potential lock.

• Update to runc v1.0.0-rc10.

• Fix possible runtime panic in Lgetxattr.

• rootless: fix proxying UDP packets.

Client

• Bump Golang 1.12.17.

• Bump google.golang.org/grpc to v1.23.1.