23.0.8¶
Release date |
Name |
Upstream release |
---|---|---|
2023-11-20 |
MCR 23.0.8 |
Moby 23.0.8 and Docker CLI 23.0.8 |
Changelog¶
MCR 23.0.8 comprises the Moby 23.0.8 upstream release.
Changes specific to MCR¶
MCR contains the following component updates:
containerd 1.6.25-rc.1
cri-dockerd 0.3.7
buildx 0.12.0-rc1
Fipster (Go runtime)
go1.20.10m1
Changes from upstream¶
The upstream pull requests detailed in the sections that follow are those that pertain to the MCR product. For the complete list of changes and pull requests upstream, refer to the GitHub milestones.
What is new
The MCR 23.0.8 patch release focuses on the delivery of CVE and bug fixes.
Security
Resolved NVD CVE-2023-39325
Resolved NVD CVE-2023-44487
Deny containers access to
/sys/devices/virtual/powercap
by default, a change that hardens against CVE-2020-8694, CVE-2020-8695, CVE-2020-12912, and an attack known as the PLATYPUS attack.For more detail, refer to https://github.com/moby/moby/commit/81ebe71275768629689a23bc3bca34b3b374a6a6.
Bug fixes
moby/moby#46704 Atomically fixed an issue wherein images failed to pull when interrupted by a power cut.
GitHub milestones¶
The Github milestones offer full detail on the pull requests and changes as they correlate to the upstream Moby 23.0.8 release:
Major component versions¶
Version detail for the major components that comprise MCR 23.0.8 is presented in the table below:
Component |
Version |
---|---|
Fipster (Go runtime) |
|
0.10.7-0.20230412161310-d52b2d584242 |
|