25.0.14

Release date	Name	Upstream release
2025-OCT-30	MCR 25.0.14	Moby 25.0.14 and Docker CLI 25.0.7

Changelog

MCR 25.0.14 comprises the Moby 25.0.14 upstream release.

Hotfix 25.0.14.2

The 25.0.14.2 build adds back features that were present in MCR 25.0.14.0, which were mistakenly dropped in MCR 25.0.14.1.

Customers should use MCR 25.0.14.2 rather than 25.0.14.1, specifically customers who require functionality related to the removal of insecure TLS ciphers and license-related notifications.

Hotfix 25.0.14.1

• Installation of MCR 25.0.13.1+fips or MCR 25.0.14.1+fips on Windows requires get.mirantis.com/install.ps1 v1.0.27.

• Users who have not applied an MCR license will no longer receive CLI alerts of the unlicensed state of their daemon.

• Resolution of the following CVEs:

  • CVE-2025-52881.

  • CVE-2025-52565.

  • CVE-2025-31133.

  • CVE-2024-25621.

• Known Issue: The FIPS variant of the containerd debug tool ctr crashes when pulling from TLS 1.3 repositories.

Changes specific to MCR

• Addition of an option to disable weak TLS ciphers.

  Set the environment variable DOCKER_DISABLE_WEAK_CIPHERS for the dockerd process to true to restrict the daemon to a modern, secure subset of cipher suites. Doing this disables known weak ciphers, such as CBC-mode ciphers, which are already disabled in later upstream releases of the Docker Engine. To ensure compatibility with later upgrades, this option is not available as a config or CLI flag.

• Fipster (Go runtime) go1.24.8m1

  • Fixes CVEs present in older Go versions.

  • Updates FIPS package libcrypto3-mirantis to 3.5.4, to accommodate the version upgrade.

• Fixed an issue wherein swarm manager nodes crashed daily, with “assignment to entry in nil map” panic, linked to the telemetry 24h heartbeat.

Changes from upstream

A considerable number of bugs and network instabilities have been fixed since the previous Moby issue, due to significant refactoring and rewriting of parts of libnetwork. For the complete list of changes and pull requests upstream, refer to the Github milestones that follow.

GitHub milestones

The GitHub milestones offer full detail on the pull requests and changes as they correlate to the upstream Moby 25.0.12 release:

• moby/moby, 25.0.14 milestone

• docker/cli, 25.0.7 milestone

Major component versions

Version detail for the major components that comprise MCR 25.0.14 is presented in the table below:

Component	Upstream Version	Mirantis Version
Moby	25.0.14	25.0.14m1
Docker CLI	25.0.7	25.0.7m9
containerd	1.7.28	1.7.28m2
runc	1.3.0	1.2.5m5
cri-dockerd	0.3.15	–
buildx	0.12.1m	0.12.1m1
Fipster (Go runtime)	go1.24.8	go1.24.8m1
libcrypto3-mirantis (FIPS SSL)	–	3.5.4
buildkit	0.12.5	–
rootlesskit	1.0.2	–
Docker Compose CLI plugin	2.40.2	2.40.0m1
crun	1.24	1.24

Platform test detail

Platform	Kernel tested
Oracle Linux 9.6	5.14.0-570.51.1.0.1.el9_6.x86_64
Oracle Linux 9	5.14.0-570.62.1.0.1.el9_6.x86_64
RHEL 9.6	5.14.0-570.58.1.el9_6.x86_64
RHEL 9.4	5.14.0-427.96.1.el9_4.x86_64
RHEL 8.10	4.18.0-553.81.1.el8_10.x86_64
Rocky 9.6	5.14.0-570.17.1.el9_6.x86_64
Rocky 8.10	4.18.0-553.el8_10.x86_64
SLES15 SP6	6.4.0-150600.23.73-default
Ubuntu 24.04	6.14.0-1016-aws
Ubuntu 22.04	6.8.0-1040-aws
Windows 2022 Core	10.0 20348 (20348.2849.amd64fre.fe_release_svc_prod1.241101-1732)
Windows 2019 Core	10.0 17763 (17763.1.amd64fre.rs5_release.180914-1434)