23.0.8

Release date	Name	Upstream release
2023-11-20	MCR 23.0.8	Moby 23.0.8 and Docker CLI 23.0.8

Changelog

MCR 23.0.8 comprises the Moby 23.0.8 upstream release.

Changes specific to MCR

• MCR contains the following component updates:

  • containerd 1.6.25-rc.1

  • cri-dockerd 0.3.7

  • buildx 0.12.0-rc1

  • Fipster (Go runtime) go1.20.10m1

Changes from upstream

The upstream pull requests detailed in the sections that follow are those that pertain to the MCR product. For the complete list of changes and pull requests upstream, refer to the GitHub milestones.

What is new

The MCR 23.0.8 patch release focuses on the delivery of CVE and bug fixes.

Security

• Resolved NVD CVE-2023-39325

• Resolved NVD CVE-2023-44487

• Deny containers access to /sys/devices/virtual/powercap by default, a change that hardens against CVE-2020-8694, CVE-2020-8695, CVE-2020-12912, and an attack known as the PLATYPUS attack.

  For more detail, refer to https://github.com/moby/moby/commit/81ebe71275768629689a23bc3bca34b3b374a6a6.

Bug fixes

• moby/moby#46704 Atomically fixed an issue wherein images failed to pull when interrupted by a power cut.

GitHub milestones

The Github milestones offer full detail on the pull requests and changes as they correlate to the upstream Moby 23.0.8 release:

• docker/cli, 23.0.8 milestone

• moby/moby, 23.0.8 milestone

Major component versions

Version detail for the major components that comprise MCR 23.0.8 is presented in the table below:

Component	Version
Moby	23.0.8
Docker CLI	23.0.8
containerd	1.6.25-rc.1
runc	1.1.9
cri-dockerd	0.3.7
buildx	0.12.0-rc1
Fipster (Go runtime)	go1.20.10m1
buildkit	0.10.7-0.20230412161310-d52b2d584242
rootlesskit	1.1.0