Release Notes

Considerations

  • In developing MCR 20.10.x, Mirantis has been transitioning from legacy Docker Hub-issued licenses to JWT licenses, as detailed below:

    • Versions 20.10.0 to 20.10.6: Docker Hub licenses and JWT licenses

    • Versions 20.10.7 and later: JWT licenses only

    Using a JWT license with an MKE instance that manages MCR causes the engine to log error messages in the daemon log file, though MCR does not fail. This applies to MKE 3.4.x versions prior to 3.4.6 and MKE 3.3.x versions prior to 3.3.13.

  • CentOS 8 entered EOL status as of 31-December-2021. For this reason, Mirantis no longer supports CentOS 8 for all versions of MCR. We encourage customers who are using CentOS 8 to migrate onto any one of the supported operating systems, as further bug fixes will not be forthcoming. Refer to the MCR 20.10 Compatibility Matrix for more information.

MCR 20.10.14

Patch release for MCR 20.10 introducing the following key features:

  • Updated Golang to version 1.18.7

MCR 20.10.13

Patch release for MCR 20.10 introducing the following key features:

  • Updated Golang to version 1.17.13

  • Added support for Windows Server 2022

MCR 20.10.12

Patch release for MCR 20.10 introducing the following key features:

  • Updated contained to 1.6.6.

  • Added rootless mode for many Linux distributions.

  • Updated docker buildx to version 0.8.2.

MCR 20.10.11

Patch release for MCR 20.10 introducing the following key features:

  • Updated the etcd dependency to prevent the daemon from incorrectly holding file locks.

  • Support added for Rocky Linux 8.

  • Updated the Golang runtime to Go version 1.16.15.

MCR 20.10.10

Patch release for MCR 20.10 introducing the following key features:

  • Updated docker buildx to version 0.7.1.

  • Updated the Golang runtime to Go version 1.16.13.

MCR 20.10.9

Patch release for MCR 20.10 introducing the following key features:

  • Created parent directories inside a chroot during docker cp to prevent a specially-crafted container from changing permissions of existing files in the host filesystem.

  • Locked down file permissions to prevent unprivileged users from discovering and executing programs in /var/lib/docker.

  • Added support for clone3 syscall in the default seccomp policy, to support running containers based on recent versions of Ubuntu.

MCR 20.10.8

Patch release for MCR 20.10 introducing the following key feature:

  • MCR now prints a warning when using the --platform option to pull a single-arch image that does not match the specified architecture

MCR 20.10.7

Patch release for MCR 20.10 introducing the following key feature:

  • MCR now accepts only JWT licenses. To upgrade MCR, customers using a Docker Hub-issued license must first replace it with the new license version.

MCR 20.10.6

Patch release for MCR 20.10 introducing the following key features:

  • Suppressed warnings for deprecated cgroups.

  • The docker CLI now ignores SIGURG signals, and thus no longer sends them to containers on Linux.

  • Updated BuildKit to version 0.8.3-3-g244e8cde.

MCR 20.10.5

Patch release for MCR 20.10 introducing the following key feature:

  • Added a technical preview for cri-docker (previously known as dockershim).

MCR 20.10.4

Patch release for MCR 20.10 introducing the following key feature:

  • MCR confirms that AppArmor and SELinux profiles are applied when building with BuildKit.

MCR 20.10.0

Patch release for MCR 20.10 introducing the following key features:

  • Support for cgroups v2 which limits process resource usage (such as CPU, memory, and disk). MCR uses cgroups in conjunction with Linux namespaces to isolate processes inside containers.

  • Support for using docker logs to read container logs, regardless of the configured logging driver or plugin.

  • Support for Ubuntu 20.04.

  • CLI improvements.

Deprecation notes

  • Deprecated support for the registry-cli plugin.

  • Deprecated support for the docker app plugin.

  • Deprecated support for encrypted TLS private keys.

  • Kubernetes stack support is deprecated.

  • In correlation with the End of Life date for MKE 3.2.x and MSR 2.7.x, Mirantis stopped maintaining the associated documentation set on 2021-07-21.

  • Initiating docker pull requests against non-compliant registries that do not support pull-by-digest is deprecated.

  • KernelMemory (docker run --kernel-memory) is deprecated.

  • The aufs storage driver is deprecated.

  • The --cluster-advertisea, --cluster-store, and --cluster-store-opt flags are deprecated from the dockerd CLI.

  • The legacy Dockerfile ENV name value syntax is deprecated. Use ENV name=value instead.

  • The distribution manifest v2 schema 1 is now disabled on push.

  • The MalformedHostHeaderOverride hack has been removed, causing CLI v1.12 and earlier to break.

  • The docker engine subcommands have been removed.

  • The top-level docker deploy command and .dab (“Docker Application Bundle”) file format have both been removed in favor of using docker stack deploy with compose files.

  • The docker search --automated and docker search --stars flags have been removed in favor of using their docker search --filter equivalents.

  • Use of reserved namespaces in engine labels is deprecated.