25.0.14

Release date	Name	Upstream release
2025-OCT-30	MCR 25.0.14	Moby 25.0.14 and Docker CLI 25.0.7

Changelog

MCR 25.0.14 comprises the Moby 25.0.13 upstream release.

Changes specific to MCR

• Addition of an option to disable weak TLS ciphers.

  Set the environment variable DOCKER_DISABLE_WEAK_CIPHERS for the dockerd process to true to restrict the daemon to a modern, secure subset of cipher suites. Doing this disables known weak ciphers, such as CBC-mode ciphers, which are already disabled in later upstream releases of the Docker Engine. To ensure compatibility with later upgrades, this option is not available as a config or CLI flag.

• Fipster (Go runtime) go1.24.8m1

  • Fixes CVEs present in older Go versions.

  • Updates FIPS package libcrypto3-mirantis to 3.5.4, to accommodate the version upgrade.

• Fixed an issue wherein swarm manager nodes crashed daily, with “assignment to entry in nil map” panic, linked to the telemetry 24h heartbeat.

Changes from upstream

A considerable number of bugs and network instabilities have been fixed since the previous Moby issue, due to significant refactoring and rewriting of parts of libnetwork. For the complete list of changes and pull requests upstream, refer to the Github milestones that follow.

GitHub milestones

The GitHub milestones offer full detail on the pull requests and changes as they correlate to the upstream Moby 25.0.12 release:

• moby/moby, 25.0.14 milestone

• docker/cli, 25.0.7 milestone

Major component versions

Version detail for the major components that comprise MCR 25.0.14 is presented in the table below:

Component	Upstream Version	Mirantis Version
Moby	25.0.14	25.0.14m1
Docker CLI	25.0.7	25.0.7m9
containerd	1.7.28	1.7.28m2
runc	1.3.0	1.2.5m5
cri-dockerd	0.3.15	–
buildx	0.12.1m	0.12.1m1
Fipster (Go runtime)	go1.24.8	go1.24.8m1
libcrypto3-mirantis (FIPS SSL)	–	3.5.4
buildkit	0.12.5	–
rootlesskit	1.0.2	–
Docker Compose CLI plugin	2.40.2	2.40.2m1
crun	1.24	1.24