Release date


Upstream release


MCR 23.0.1

Moby 23.0.1 and 23.0.0, Docker CLI 23.0.1 and 23.0.0




Storage driver removals

Beginning with the release of MCR 23.0, Mirantis no longer delivers unsupported storage drivers to customers. While this creates an upgrade barrier for customers using MCR 20.10 with an unsupported storage driver, it is certain to prevent the late discovery of an unsupportable MCR deployment.

overlay2 is the only storage driver MCR builds and supports, with the exception of the btrfs storage driver, which Mirantis will continue to build and support exclusively for the SLES platform (for which overlay2 is also viable).

In addition, Mirantis continues to make the vfs storage driver available, but only for the purpose of helping to debug the storage back end. The vfs driver remains unsupported and is entirely unfit for use in production environments.

In removing the unsupported storage drivers, Mirantis aims to align customers with a longer-term migration to new storage backends that are currently under development in the Moby project.

Other points of interest:

  • overlay2 is now preferred to btrfs and zfs, which affects new MCR deployments running on SLES systems.

  • overlay2 can no longer be used on a file system without d_type,which may prevent in-place upgrades.

Semantic Versioning (SemVer) format

Beginning with the MCR 23.0 release, in alignment with Moby, Semantic Versioning (SemVer) replaces Calendar Versioning (CalVer). Upstream Moby is moving to SemVer as part of the migration to a Go module, however Moby 23.0 is not yet Go module compatible.

CSI drivers

MCR 23.0 introduces experimental support for Container Storage Interface (CSI) drivers in Swarm. CSI drivers are the same storage drivers that Kubernetes uses, and as Swarm matures as a CSI-compliant implementation it is expected that an entire ecosystem of persistent storage backends will become available.

For use with Swarm, a CSI driver must not have a direct coupling to the Kubernetes control plane. The driver must also be packaged natively for Swarm as an Engine plugin.

At this time, CSI on Swarm is only fit for development and experimental use. Mirantis is working actively with the Moby development community to evangelize Swarm CSI and further develop its implementation, quickly addressing any bugs and missing features as these become apparent.

BuildKit and buildx by default

MCR 23.0 defaults to the BuildKit builder (DOCKER_BUILDKIT=1) on Linux. In addition, the 23.0 CLI makes docker build an alias for docker buildx build. This reflects the growing maturity of BuildKit, and it will help customers to take advantage of the significant improvements that BuidlKit brings in caching, performance, and flexibility. Though this is a large change in behavior, it is also a mostly transparent one, and users should be aware that they can still request the previous behavior through DOCKER_BUILDKIT=0.

Refer to the upstream documentation, Differences between legacy builder and BuildKit for more information.

Volume prune and API 1.42

The MCR 23.0 release increments the supported Docker Engine API version to 1.42. With this version of the API, the volume prune action only considers anonymous volumes, ignoring those that were given a name at creation. This change in behavior only occurs when both the CLI and daemon support API version 1.42. Only MCR 23.0 supports API 1.42 at this time, and thus an updated API client such as the MCR 23.0 CLI is required to encounter this new behavior. Users should be aware that older versions of the Docker Engine API continue to consider both anonymous and named volumes when performing a volume prune.

A new all=1 filter is available for use with Docker Engine API 1.42, to widen the filtering so that it once again considers named volumes. Specifically, using an MCR 23.0 CLI, docker volume prune --filter all=1 produces the same result as docker volume prune with an older CLI. docker system prune -a is not able to specify this filter, and as such will always reflect the default behavior of the negotiated API version.

Refer to Docker Engine API (1.42) for the full API documentation, and to Engine API version history for the full list of changes.

Windows Server 2019 required

Support for Windows Server 2016 is dropped in MCR 23.0. Windows Server RS5 / LTSC 2019 (build 17763) is the new baseline version.

Health checks

In MCR 23.0, the overhead that is required to perform a health check is no longer counted as part of the time threshold. Health checks now properly resume when the daemon is restarted with running containers. Also, rather than being left to hang indefinitely, timed-out health checks are now more reliably killed.

Rootless and seccomp

MCR 23.0 further develops rootless mode by improving support for privileged features, and by making significant enhancements to the capabilities of the seccomp filtering implementation.

Advanced MCR users should consider the following changes when diagnosing issues with privilege and permissions:

  • Engine plugins are discoverable at well known user-specific paths in rootless mode.

  • --privileged rootless containers can use host devices.

  • --ipc=host now works in rootless mode.

  • seccomp profiles can now pass additional flags to the seccomp userspace binary.

  • ErrnoRet can now be set in seccomp profiles.

  • clone3 is correctly blocked so that glibc will instead use clone.

  • AF_VSOCK is blocked in the default profile as it cannot be containerized.

  • Other enhancements to the built-in seccomp profile for new system calls, such as BPF and clock_settime64.


MCR 23.0.1 represents the first iteration of the MCR 23.0 major release, combining the Moby 23.0.0 and Moby 23.0.1 upstream releases.

Changes specific to MCR

  • MCR no longer builds unsupported storage drivers, also known as graphdrivers.

  • apparmor is now unconditionally installed on Ubuntu systems.

  • MCR contains the following component versions:

    • Fipster (Go runtime) go1.19.5m1

    • containerd v1.6.17

    • buildx v0.10.0

    • cri-dockerd v0.3.0

Changes from upstream

The upstream pull requests detailed in the sections that follow are those that pertain to the MCR product. For the complete list of changes and pull requests upstream, refer to the GitHub milestones.

GitHub milestones

The Github milestones offer full detail on the pull requests and changes as they correlate to the upstream Moby 23.0.0 and Moby 23.0.1 releases:

Major component versions

Version detail for the major components that comprise MCR 23.0.1 is presented in the table below:





Docker CLI










Fipster (Go runtime)