25.0.9
Release date |
Name |
Upstream release |
|---|---|---|
2025-MAR-10 |
MCR 25.0.9 |
Moby 25.0.9 and Docker CLI 25.0.9 |
Changelog
MCR 25.0.9 comprises the Moby 25.0.9 upstream release.
Changes specific to MCR
MCR contains the following component additions and updates:
crun support added as an alternative OCI runtime.
Fipster (Go runtime)
go1.22.12-m1
Changes from upstream
The upstream pull requests detailed in the sections that follow are those that pertain to the MCR product. For the complete list of changes and pull requests upstream, refer to the GitHub milestones.
What is new
The MCR 25.0.9 patch release focuses on the delivery of CVE and bug fixes.
Security
go net/http: Fix CVE-2024-45336, The HTTP client drops sensitive headers after following a cross-domain redirect.
go crypto/x509: Fix CVE-2024-45341, A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain.
golang.org/x/net: Fix CVE-2024-45338, Non-linear parsing of case-insensitive content in golang.org/x/net/html
Bug fixes
containerd
containerd/ttrpc#175 Fix race between serve and immediate shutdown on the server
containerd/ttrpc#171 Reject oversized messages from the sender
containerd/containerd#11306 Fix fatal concurrency error in port forwarding
containerd/containerd#11250 Fix console TTY leak in runc shim
containerd/containerd#11326 Fix initial sync race when registering NRI plugins
runc
opencontainers/runc#4612 Set the DeviceAllow property before DevicePolicy
GitHub milestones
The GitHub milestones offer full detail on the pull requests and changes as they correlate to the upstream Moby 25.0.9 release:
Major component versions
Version detail for the major components that comprise MCR 25.0.9 is presented in the table below:
Component |
Upstream Version |
Mirantis Version |
|---|---|---|
25.0.9m1 |
||
25.0.9m1 |
||
1.7.26m1 |
||
1.2.5m1 |
||
– |
||
0.12.1m1 |
||
Fipster (Go runtime) |
go1.22.12m1 |
|
– |
||
– |