engine: 24.0.9 release notes

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
docker · Feb 1, 2024 · a461a74 · a461a74
1 parent a5fe176
commit a461a74
Showing 1 changed file with 48 additions and 0 deletions.
diff --git a/content/engine/release-notes/24.0.md b/content/engine/release-notes/24.0.md
@@ -14,6 +14,54 @@ For more information about:
 - Deprecated and removed features, see [Deprecated Engine Features](../deprecated.md).
 - Changes to the Engine API, see [Engine API version history](../api/version-history.md).
 
+## 24.0.9
+
+{{< release-date date="2024-01-31" >}}
+
+For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
+
+- [docker/cli, 24.0.9 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.9)
+- [moby/moby, 24.0.9 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.9)
+
+## Security
+
+This release contains security fixes for the following CVEs
+affecting Docker Engine and its components.
+
+| CVE                                                         | Component     | Fix version | Severity         |
+| ----------------------------------------------------------- | ------------- | ----------- | ---------------- |
+| [CVE-2024-21626](https://scout.docker.com/v/CVE-2024-21626) | runc          | 1.1.12      | High, CVSS 8.6   |
+| [CVE-2024-24557](https://scout.docker.com/v/CVE-2024-24557) | Docker Engine | 24.0.9      | Medium, CVSS 6.9 |
+
+> **Important**
+>
+> Note that this release of Docker Engine doesn't include fixes for
+> the following known vulnerabilities in BuildKit:
+>
+> - [CVE-2024-23651](https://scout.docker.com/v/CVE-2024-23651)
+> - [CVE-2024-23652](https://scout.docker.com/v/CVE-2024-23652)
+> - [CVE-2024-23653](https://scout.docker.com/v/CVE-2024-23653)
+> - [CVE-2024-23650](https://scout.docker.com/v/CVE-2024-23650)
+>
+> To address these vulnerabilities,
+> upgrade to [Docker Engine v25.0.2](./25.0.md#2502).
+{ .important }
+
+For more information about the security issues addressed in this release,
+and the unaddressed vulnerabilities in BuildKit,
+refer to the
+[blog post](https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/).
+
+For details about each vulnerability, see the relevant security advisory:
+
+- [CVE-2024-21626](https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv)
+- [CVE-2024-24557](https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc)
+
+### Packaging updates
+
+- Upgrade runc to [v1.1.12](https://github.com/opencontainers/runc/releases/tag/v1.1.12). [moby/moby#47269](https://github.com/moby/moby/pull/47269)
+- Upgrade containerd to [v1.7.13](https://github.com/containerd/containerd/releases/tag/v1.7.13) (static binaries only). [moby/moby#47280](https://github.com/moby/moby/pull/47280)
+
 ## 24.0.8
 
 {{< release-date date="2024-01-25" >}}