Mirantis Container Runtime
Resolved CVE-2021-21285, thereby preventing invalid images from crashing the Docker daemon (ENGINE-438).
Resolved CVE-2021-21284, thereby preventing a remapped root from accessing the Docker state by locking down file permissions (ENGINE-438).
MCR now confirms that AppArmor and SELinux profiles are applied when building with BuildKit (ENGINE-438).
Resolved CVE-2021-21334, and in the process updated containerd to version 1.4.4 (ENGINE-438).
Updated syscall list to Linux 5.11 in the
Fixed the incorrect cache match for inline cache import with empty layers (moby/moby#42061).
Updated BuildKit to version 0.8.2 (moby/moby#42061).
Avoids error caching on token fetch in resolver.
Fixed checksum to contain indexes of inputs in fileop, thus preventing certain cache misses.
Fixed reference count issues on typed errors with mount references, addressing
invalid mutable referrors.
Set token only for main remote access, thereby allowing submodule cloning with different credentials.
Ensures blobs are deleted after pull in
/var/lib/docker/buildkit/content/blobs/sha256. Run builder prune to clean up old state (moby/moby#42065).
Fixed parallel pull synchronization regression (moby/moby#42049).
libnetworkstate files do not leak (moby/moby#41972).
Customers who use MCR with Kubernetes directly (without using MKE) need to enable the
cri-dockerplugin in MCR beginning with Kubernetes version 1.23 (planned for late 2021), at which point Kubernetes will no longer maintain
Fixed an issue wherein
docker loginresulted in a panic if no config file was present (docker/cli#2959).
Fixed an issue wherein MCR erroneously displayed the warning:
WARNING: Error loading config file: .dockercfg: $HOME is not defined(docker/cli#2958).
Silenced docker info warnings that cannot be addressed (moby/moby#41958).
Avoids creating parent directories for
Uses 0755 permissions when creating missing directories (moby/moby#42017).
Fixed an issue wherein the daemon panicked when an admin specified a custom default runtime (moby/moby#41974).
Fixed an issue wherein an empty daemon configuration caused a panic (moby/moby#41976).
Fixed an issue wherein the daemon panicked when starting a container with an invalid device cgroup rule (moby/moby#42001).
Fixed an issue wherein the userns-remap option did not work when the username and UID matched (moby/moby#42013).
Fixed an issue wherein custom Docker heartbeat periods reverted back to the default setting on restart. Thus, previously stalled tasks will no longer be stuck in a pending state (FIELD-3563, moby/moby#42060).
Fixed an issue wherein MCR ignored --update-order and --rollback-order flags (docker/cli#2963).
Fixed an issue wherein docker service rollback sometimes returned a non-zero exit code (docker/cli#2964).
Fixed an issue wherein the direction of the progress bar rendered inconsistently on docker service rollback (docker/cli#2964).