Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

engine: 24.0.9 release notes #19280

Merged
merged 1 commit into from
Feb 1, 2024
Merged

engine: 24.0.9 release notes #19280

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
48 changes: 48 additions & 0 deletions content/engine/release-notes/24.0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,54 @@ For more information about:
- Deprecated and removed features, see [Deprecated Engine Features](../deprecated.md).
- Changes to the Engine API, see [Engine API version history](../api/version-history.md).

## 24.0.9

{{< release-date date="2024-01-31" >}}

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

- [docker/cli, 24.0.9 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A24.0.9)
- [moby/moby, 24.0.9 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A24.0.9)

## Security

This release contains security fixes for the following CVEs
affecting Docker Engine and its components.

| CVE | Component | Fix version | Severity |
| ----------------------------------------------------------- | ------------- | ----------- | ---------------- |
| [CVE-2024-21626](https://scout.docker.com/v/CVE-2024-21626) | runc | 1.1.12 | High, CVSS 8.6 |
| [CVE-2024-24557](https://scout.docker.com/v/CVE-2024-24557) | Docker Engine | 24.0.9 | Medium, CVSS 6.9 |

> **Important**
>
> Note that this release of Docker Engine doesn't include fixes for
> the following known vulnerabilities in BuildKit:
>
> - [CVE-2024-23651](https://scout.docker.com/v/CVE-2024-23651)
> - [CVE-2024-23652](https://scout.docker.com/v/CVE-2024-23652)
> - [CVE-2024-23653](https://scout.docker.com/v/CVE-2024-23653)
> - [CVE-2024-23650](https://scout.docker.com/v/CVE-2024-23650)
>
> To address these vulnerabilities,
> upgrade to [Docker Engine v25.0.2](./25.0.md#2502).
{ .important }

For more information about the security issues addressed in this release,
and the unaddressed vulnerabilities in BuildKit,
refer to the
[blog post](https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/).

For details about each vulnerability, see the relevant security advisory:

- [CVE-2024-21626](https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv)
- [CVE-2024-24557](https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc)

### Packaging updates

- Upgrade runc to [v1.1.12](https://github.com/opencontainers/runc/releases/tag/v1.1.12). [moby/moby#47269](https://github.com/moby/moby/pull/47269)
- Upgrade containerd to [v1.7.13](https://github.com/containerd/containerd/releases/tag/v1.7.13) (static binaries only). [moby/moby#47280](https://github.com/moby/moby/pull/47280)

## 24.0.8

{{< release-date date="2024-01-25" >}}
Expand Down