Docker Changelog

What's new in Docker 17.05.0

May 5, 2017

Builder:
Add multi-stage build support #31257 #32063
Allow using build-time args (ARG) in FROM #31352
Add an option for specifying build target #32496
Accept -f - to read Dockerfile from stdin, but use local context for building #31236
The values of default build time arguments (e.g HTTP_PROXY) are no longer displayed in docker image history unless a corresponding ARG instruction is written in the Dockerfile. #31584
Fix setting command if a custom shell is used in a parent image #32236
Fix docker build --label when the label includes single quotes and a space #31750
Client:
Add --mount flag to docker run and docker create #32251
Add --type=secret to docker inspect #32124
Add --format option to docker secret ls #31552
Add --filter option to docker secret ls #30810
Add --filter scope= to docker network ls #31529
Add --cpus support to docker update #31148
Add label filter to docker system prune and other prune commands #30740
docker stack rm now accepts multiple stacks as input #32110
Improve docker version --format option when the client has downgraded the API version #31022
Prompt when using an encrypted client certificate to connect to a docker daemon #31364
Display created tags on successful docker build #32077
Cleanup compose convert error messages #32087
Contrib:
Add support for building docker debs for Ubuntu 17.04 Zesty on amd64 #32435
Daemon:
Fix --api-cors-header being ignored if --api-enable-cors is not set #32174
Cleanup docker tmp dir on start #31741
Deprecate --graph flag in favor or --data-root #28696
Logging:
Add support for logging driver plugins #28403
Add support for showing logs of individual tasks to docker service logs, and add /task/{id}/logs REST endpoint #32015
Add --log-opt env-regex option to match environment variables using a regular expression #27565
Networking:
Allow user to replace, and customize the ingress network #31714
Fix UDP traffic in containers not working after the container is restarted #32505
Fix files being written to /var/lib/docker if a different data-root is set #32505
Runtime:
Ensure health probe is stopped when a container exits #32274
Swarm Mode:
Add update/rollback order for services (--update-order / --rollback-order) #30261
Add support for synchronous service create and service update #31144
Add support for "grace periods" on healthchecks through the HEALTHCHECK --start-period and --health-start-period flag to
docker service create, docker service update, docker create, and docker run to support containers with an initial startup
time #28938
docker service create now omits fields that are not specified by the user, when possible. This will allow defaults to be applied inside the manager #32284
docker service inspect now shows default values for fields that are not specified by the user #32284
Move docker service logs out of experimental #32462
Add support for Credential Spec and SELinux to services to the API #32339
Add --entrypoint flag to docker service create and docker service update #29228
Add --network-add and --network-rm to docker service update #32062
Add --credential-spec flag to docker service create and docker service update #32339
Add --filter mode= to docker service ls #31538
Resolve network IDs on the client side, instead of in the daemon when creating services #32062
Add --format option to docker node ls #30424
Add --prune option to docker stack deploy to remove services that are no longer defined in the docker-compose file #31302
Add PORTS column for docker service ls when using ingress mode #30813
Fix unnescessary re-deploying of tasks when environment-variables are used #32364
Fix docker stack deploy not supporting endpoint_mode when deploying from a docker compose file #32333
Proceed with startup if cluster component cannot be created to allow recovering from a broken swarm setup #31631
Security:
Allow setting SELinux type or MCS labels when using --ipc=container: or --ipc=host #30652
Deprecation:
Deprecate --api-enable-cors daemon flag. This flag was marked deprecated in Docker 1.6.0 but not listed in deprecated features #32352
Remove Ubuntu 12.04 (Precise Pangolin) as supported platform. Ubuntu 12.04 is EOL, and no longer receives updates #32520

New in Docker 1.13.1 (Feb 8, 2017)

New in Docker 1.13.0 (Jan 20, 2017)

Builder:
Add capability to specify images used as a cache source on build. These images do not need to have local parent chain and can be pulled from other registries #26839
(experimental) Add option to squash image layers to the FROM image after successful builds #22641
Fix dockerfile parser with empty line after escape #24725
Add step number on docker build #24978
Add support for compressing build context during image build #25837
add --network to docker build #27702
Fix inconsistent behavior between --label flag on docker build and docker run #26027
Fix image layer inconsistencies when using the overlay storage driver #27209
Unused build-args are now allowed. A warning is presented instead of an error and failed build #27412
Fix builder cache issue on Windows #27805
Allow USER in builder on Windows #28415
Handle env case-insensitive on Windows #28725
Contrib:
Add support for building docker debs for Ubuntu 16.04 Xenial on PPC64LE #23438
Add support for building docker debs for Ubuntu 16.04 Xenial on s390x #26104
Add support for building docker debs for Ubuntu 16.10 Yakkety Yak on PPC64LE #28046
Add RPM builder for VMWare Photon OS #24116
Add shell completions to tgz #27735
Update the install script to allow using the mirror in China #27005
Add DEB builder for Ubuntu 16.10 Yakkety Yak #27993
Add RPM builder for Fedora 25 #28222
Add make deb support for aarch64 #27625
Distribution:
Update notary dependency to 0.4.2 (full changelogs here) #27074
Support for compilation on windows docker/notary#970
Improved error messages for client authentication errors docker/notary#972
Support for finding keys that are anywhere in the ~/.docker/trust/private directory, not just under ~/.docker/trust/private/root_keys or ~/.docker/trust/private/tuf_keys docker/notary#981
Previously, on any error updating, the client would fall back on the cache. Now we only do so if there is a network error or if the server is unavailable or missing the TUF data. Invalid TUF data will cause the update to fail - for example if there was an invalid root rotation. docker/notary#982
Improve root validation and yubikey debug logging docker/notary#858 docker/notary#891
Warn if certificates for root or delegations are near expiry docker/notary#802
Warn if role metadata is near expiry docker/notary#786
Fix passphrase retrieval attempt counting and terminal detection docker/notary#906
Avoid unnecessary blob uploads when different users push same layers to authenticated registry #26564
Allow external storage for registry credentials #26354
Logging:
Standardize the default logging tag value in all logging drivers #22911
Improve performance and memory use when logging of long log lines #22982
Enable syslog driver for windows #25736
Add Logentries Driver #27471
Update of AWS log driver to support tags #27707
Unix socket support for fluentd #26088
Enable fluentd logging driver on Windows #28189
Sanitize docker labels when used as journald field names #23725
Fix an issue where docker logs --tail returned less lines than expected #28203
Splunk Logging Driver: performance and reliability improvements #26207
Splunk Logging Driver: configurable formats and skip for verifying connection #25786
Networking:
Add --attachable network support to enable docker run to work in swarm-mode overlay network #25962
Add support for host port PublishMode in services using the --publish option in docker service create #27917 and #28943
Add support for Windows server 2016 overlay network driver (requires upcoming ws2016 update) #28182
Change the default FORWARD policy to DROP #28257
Add support for specifying static IP addresses for predefined network on windows #22208
Fix --publish flag on docker run not working with IPv6 addresses #27860
Fix inspect network show gateway with mask #25564
Fix an issue where multiple addresses in a bridge may cause --fixed-cidr to not have the correct addresses #26659
Add creation timestamp to docker network inspect #26130
Show peer nodes in docker network inspect for swarm overlay networks #28078
Enable ping for service VIP address #28019
Plugins:
Move plugins out of experimental #28226
Add --force on docker plugin remove #25096
Add support for dynamically reloading authorization plugins #22770
Add description in docker plugin ls #25556
Add -f/--format to docker plugin inspect #25990
Add docker plugin create command #28164
Send request's TLS peer certificates to authorization plugins #27383
Support for global-scoped network and ipam plugins in swarm-mode #27287
Split docker plugin install into two API call /privileges and /pull #28963
Remote API (v1.25) & Client:
Support docker stack deploy from a Compose file #27998
(experimental) Implement checkpoint and restore #22049
Add --format flag to docker info #23808
Remove --name from docker volume create #23830
Add docker stack ls #23886
Add a new is-task ps filter #24411
Add --env-file flag to docker service create #24844
Add --format on docker stats #24987
Make docker node ps default to self in swarm node #25214
Add --group in docker service create #25317
Add --no-trunc to service/node/stack ps output #25337
Add Logs to ContainerAttachOptions so go clients can request to retrieve container logs as part of the attach process #26718
Allow client to talk to an older server #27745
Inform user client-side that a container removal is in progress #26074
Add Isolation to the /info endpoint #26255
Add userns to the /info endpoint #27840
Do not allow more than one mode be requested at once in the services endpoint #26643
Add capability to /containers/create API to specify mounts in a more granular and safer way #22373
Add --format flag to network ls and volume ls #23475
Allow the top-level docker inspect command to inspect any kind of resource #23614
Allow unsetting the --entrypoint in docker run or docker create #23718
Restructure CLI commands by adding docker image and docker container commands for more consistency #26025
Remove COMMAND column from service ls output #28029
Add --format to docker events #26268
Allow specifying multiple nodes on docker node ps #26299
Restrict fractional digits to 2 decimals in docker images output #26303
Add --dns-option to docker run #28186
Add Image ID to container commit event #28128
Add external binaries version to docker info #27955
Add information for Manager Addresses in the output of docker info #28042
Add a new reference filter for docker images #27872
Runtime:
Add --experimental daemon flag to enable experimental features, instead of shipping them in a separate build #27223
Add a --shutdown-timeout daemon flag to specify the default timeout (in seconds) to stop containers gracefully before daemon exit #23036
Add --stop-timeout to specify the timeout value (in seconds) for individual containers to stop #22566
Add a new daemon flag --userland-proxy-path to allow configuring the userland proxy instead of using the hardcoded docker-proxy from $PATH #26882
Add boolean flag --init on dockerd and on docker run to use tini a zombie-reaping init process as PID 1 #26061 #28037
Add a new daemon flag --init-path to allow configuring the path to the docker-init binary #26941
Add support for live reloading insecure registry in configuration #22337
Add support for storage-opt size on Windows daemons #23391
Improve reliability of docker run --rm by moving it from the client to the daemon #20848
Add support for --cpu-rt-period and --cpu-rt-runtime flags, allowing containers to run real-time threads when CONFIG_RT_GROUP_SCHED is enabled in the kernel #23430
Allow parallel stop, pause, unpause #24761 / #26778
Implement XFS quota for overlay2 #24771
Fix partial/full filter issue in service tasks --filter #24850
Allow engine to run inside a user namespace #25672
Fix a race condition between device deferred removal and resume device, when using the devicemapper graphdriver #23497
Add docker stats support in Windows #25737
Allow using --pid=host and --net=host when --userns=host #25771
(experimental) Add metrics (Prometheus) output for basic container, image, and daemon operations #25820
Fix issue in docker stats with NetworkDisabled=true #25905
Add docker top support in Windows #25891
Record pid of exec'd process #27470
Add support for looking up user/groups via getent #27599
Add new docker system command with df and prune subcommands for system resource management, as well as docker {container,image,volume,network} prune subcommands #26108 #27525 / #27525
Fix an issue where containers could not be stopped or killed by setting xfs max_retries to 0 upon ENOSPC with devicemapper #26212
Fix docker cp failing to copy to a container's volume dir on CentOS with devicemapper #28047
Promote overlay(2) graphdriver #27932
Add --seccomp-profile daemon flag to specify a path to a seccomp profile that overrides the default #26276
Fix ulimits in docker inspect when --default-ulimit is set on daemon #26405
Add workaround for overlay issues during build in older kernels #28138
Add TERM environment variable on docker exec -t #26461
Honor a container’s --stop-signal setting upon docker kill #26464
Swarm Mode:
Add secret management #27794
Add support for templating service options (hostname, mounts, and environment variables) #28025
Display the endpoint mode in the output of docker service inspect --pretty #26906
Make docker service ps output more bearable by shortening service IDs in task names #28088
Make docker node ps default to the current node #25214
Add --dns, --dns-opt, and --dns-search to service create. #27567
Add --force to docker service update #27596
Add -q to docker service ps #27654
Display number of global services in docker service ls #27710
Remove --name flag from docker service update. This flag is only functional on docker service create, so was removed from the update command #26988
Fix worker nodes failing to recover because of transient networking issues #26646
Add support for health aware load balancing and DNS records #27279
Add --hostname to docker service create #27857
Add --host to docker service create, and --host-add, --host-rm to docker service update #28031
Add --tty flag to docker service create/update #28076
Autodetect, store, and expose node IP address as seen by the manager #27910
Encryption at rest of manager keys and raft data #27967
Add --update-max-failure-ratio, --update-monitor and --rollback flags to docker service update #26421
Fix an issue with address autodiscovery on docker swarm init running inside a container #26457
(experimental) Add docker service logs command to view logs for a service #28089
Pin images by digest for docker service create and update #28173
Add short (-f) flag for docker node rm --force and docker swarm leave --force #28196
Add options to customize Raft snapshots (--max-snapshots, --snapshot-interval) #27997
Don't repull image if pinned by digest #28265
Swarm-mode support for Windows #27838
Allow hostname to be updated on service #28771
Support v2 plugins #29433
Add content trust for services #29469
Volume:
Add support for labels on volumes #21270
Add support for filtering volumes by label #25628
Add a --force flag in docker volume rm to forcefully purge the data of the volume that has already been deleted #23436
Enhance docker volume inspect to show all options used when creating the volume #26671
Add support for local NFS volumes to resolve hostnames #27329
Security:
Fix selinux labeling of volumes shared in a container #23024
Prohibit /sys/firmware/** from being accessed with apparmor #26618
DEPRECATION:
Marked the docker daemon command as deprecated. The daemon is moved to a separate binary (dockerd), and should be used instead #26834
Deprecate unversioned API endpoints #28208
Remove Ubuntu 15.10 (Wily Werewolf) as supported platform. Ubuntu 15.10 is EOL, and no longer receives updates #27042
Remove Fedora 22 as supported platform. Fedora 22 is EOL, and no longer receives updates #27432
Remove Fedora 23 as supported platform. Fedora 23 is EOL, and no longer receives updates #29455
Deprecate the repo:shortid syntax on docker pull #27207
Deprecate backing filesystem without d_type for overlay and overlay2 storage drivers #27433
Deprecate MAINTAINER in Dockerfile #25466
Deprecate filter param for endpoint /images/json #27872
Deprecate setting duplicate engine labels #24533
Deprecate "top-level" network information in NetworkSettings #28437

New in Docker 1.13.0 RC2 (Nov 28, 2016)

Builder:
Add capability to specify images used as a cache source on build. These images do not need to have local parent chain and can be pulled from other registries #26839
(experimental) Add option to squash image layers to the FROM image after successful builds #22641
Fix dockerfile parser with empty line after escape #24725
Add step number on docker build #24978
Add support for compressing build context during image build #25837
add --network to docker build #27702
Fix inconsistent behavior between --label flag on docker build and docker run #26027
Fix image layer inconsistencies when using the overlay storage driver #27209
Unused build-args are now allowed. A warning is presented instead of an error and failed build #27412
Fix builder cache issue on Windows #27805
Contrib:
Add support for building docker debs for Ubuntu 16.04 Xenial on PPC64LE #23438
Add support for building docker debs for Ubuntu 16.04 Xenial on s390x #26104
Add support for building docker debs for Ubuntu 16.10 Yakkety Yak on PPC64LE #28046
Add RPM builder for VMWare Photon OS #24116
Add shell completions to tgz #27735
Update the install script to allow using the mirror in China #27005
Add DEB builder for Ubuntu 16.10 Yakkety Yak #27993
Add RPM builder for Fedora 25 #28222
Distribution:
Update notary dependency to 0.4.2 (full changelogs here) #27074
Support for compilation on windows docker/notary#970
Improved error messages for client authentication errors docker/notary#972
Support for finding keys that are anywhere in the ~/.docker/trust/private directory, not just under ~/.docker/trust/private/root_keys or ~/.docker/trust/private/tuf_keys docker/notary#981
Previously, on any error updating, the client would fall back on the cache. Now we only do so if there is a network error or if the server is unavailable or missing the TUF data. Invalid TUF data will cause the update to fail - for example if there was an invalid root rotation. docker/notary#982
Improve root validation and yubikey debug logging docker/notary#858 docker/notary#891
Warn if certificates for root or delegations are near expiry docker/notary#802
Warn if role metadata is near expiry docker/notary#786
Fix passphrase retrieval attempt counting and terminal detection docker/notary#906
Avoid unnecessary blob uploads when different users push same layers to authenticated registry #26564
Allow external storage for registry credentials #26354
Logging:
Standardize the default logging tag value in all logging drivers #22911
Improve performance and memory use when logging of long log lines #22982
Enable syslog driver for windows #25736
Add Logentries Driver #27471
Update of AWS log driver to support tags #27707
Unix socket support for fluentd #26088
Enable fluentd logging driver on Windows #28189
Sanitize docker labels when used as journald field names #23725
Fix an issue where docker logs --tail returned less lines than expected #28203
Networking:
Add --attachable network support to enable docker run to work in swarm-mode overlay network #25962
Add support for host port PublishMode in services using the --port option in docker service create #27917
Add support for Windows server 2016 overlay network driver (requires upcoming ws2016 update) #28182
Change the default FORWARD policy to DROP #28257
Add support for specifying static IP addresses for predefined network on windows #22208
Fix --publish flag on docker run not working with IPv6 addresses #27860
Fix inspect network show gateway with mask #25564
Fix an issue where multiple addresses in a bridge may cause --fixed-cidr to not have the correct addresses #26659
Add creation timestamp to docker network inspect #26130
Show peer nodes in docker network inspect for swarm overlay networks #28078
Enable ping for service VIP address #28019
Plugins:
Move plugins out of experimental #28226
Add --force on docker plugin remove #25096
Add support for dynamically reloading authorization plugins #22770
Add description in docker plugin ls #25556
Add -f/--format to docker plugin inspect #25990
Add docker plugin create command #28164
Send request's TLS peer certificates to authorization plugins #27383
Support for global-scoped network and ipam plugins in swarm-mode #27287
Remote API (v1.25) & Client:
Support docker stack deploy from a Compose file #27998
(experimental) Implement checkpoint and restore #22049
Add --format flag to docker info #23808
Remove --name from docker volume create #23830
Add docker stack ls #23886
Add a new is-task ps filter #24411
Add --env-file flag to docker create service #24844
Add --format on docker stats #24987
Make docker node ps default to self in swarm node #25214
Add --group in docker service create #25317
Add --no-trunc to service/node/stack ps output [#25337(#25337)
Add Logs to ContainerAttachOptions so go clients can request to retrieve container logs as part of the attach process #26718
Allow client to talk to an older server #27745
Inform user client-side that a container removal is in progress #26074
Add Isolation to the /info endpoint #26255
Add userns to the /info endpoint #27840
Do not allow more than one mode be requested at once in the services endpoint #26643
Add --mount flag to docker create and docker run #26825#28150
Add capability to /containers/create API to specify mounts in a more granular and safer way #22373
Add --format flag to network ls and volume ls #23475
Allow the top-level docker inspect command to inspect any kind of resource #23614
Allow unsetting the --entrypoint in docker run or docker create #23718
Restructure CLI commands by adding docker image and docker container commands for more consistency #26025
Remove COMMAND column from service ls output #28029
Add --format to docker events #26268
Allow specifying multiple nodes on docker node ps #26299
Restrict fractional digits to 2 decimals in docker images output #26303
Add --dns-option to docker run #28186
Add Image ID to container commit event #28128
Add external binaries version to docker info #27955
Add information for Manager Addresses in the output of docker info #28042
Add a new reference filter for docker images #27872
Runtime:
Add --experimental daemon flag to enable experimental features, instead of shipping them in a separate build #27223
Add a --shutdown-timeout daemon flag to specify the default timeout (in seconds) to stop containers gracefully before daemon exit #23036
Add --stop-timeout to specify the timeout value (in seconds) for individual containers to stop #22566
Add a new daemon flag --userland-proxy-path to allow configuring the userland proxy instead of using the hardcoded docker-proxy from $PATH #26882
Add boolean flag --init on dockerd and on docker run to use tini a zombie-reaping init process as PID 1 #26061 #28037
Add a new daemon flag --init-path to allow configuring the path to the docker-init binary #26941
Add support for live reloading insecure registry in configuration #22337
Add support for storage-opt size on Windows daemons #23391
Improve reliability of docker run --rm by moving it from the client to the daemon #20848
Add support for --cpu-rt-period and --cpu-rt-runtime flags, allowing containers to run real-time threads when CONFIG_RT_GROUP_SCHED is enabled in the kernel #23430
Allow parallel stop, pause, unpause #24761 / #26778
Implement XFS quota for overlay2 #24771
Fix partial/full filter issue in service tasks --filter #24850
Allow engine to run inside a user namespace #25672
Fix a race condition between device deferred removal and resume device, when using the devicemapper graphdriver #23497
Add docker stats support in Windows #25737
Allow using --pid=host and --net=host when --userns=host #25771
(experimental) Add metrics (Prometheus) output for basic container, image, and daemon operations #25820
Fix issue in docker stats with NetworkDisabled=true #25905
Add docker top support in Windows #25891
Record pid of exec'd process #27470
Add support for looking up user/groups via getent #27599
Add new docker system command with df and prune subcommands for system resource management, as well as docker {container,image,volume,network} prune subcommands #26108 #27525 / #27525
Fix an issue where containers could not be stopped or killed by setting xfs max_retries to 0 upon ENOSPC with devicemapper #26212
Fix docker cp failing to copy to a container's volume dir on CentOS with devicemapper #28047
Promote overlay(2) graphdriver #27932
Add --seccomp-profile daemon flag to specify a path to a seccomp profile that overrides the default #26276
Fix ulimits in docker inspect when --default-ulimit is set on daemon #26405
Add workaround for overlay issues during build in older kernels #28138
Add TERM environment variable on docker exec -t #26461
Honor a container’s --stop-signal setting upon docker kill #26464
Swarm Mode:
Add secret management #27794
Add support for templating service options (hostname, mounts, and environment variables) #28025
Display the endpoint mode in the output of docker service inspect --pretty #26906
Make docker service ps output more bearable by shortening service IDs in task names #28088
Make docker node ps default to the current node #25214
Add -a/--all flags to docker service ps and docker node ps to show all results #25983
Add --dns, --dns-opt, and --dns-search to service create. #27567
Add --force to docker service update #27596
Add -q to docker service ps #27654
Display number of global services in docker service ls #27710
Remove --name flag from docker service update. This flag is only functional on docker service create, so was removed from the update command #26988
Fix worker nodes failing to recover because of transient networking issues #26646
Add support for health aware load balancing and DNS records #27279
Add --hostname to docker service create #27857
Add --host to docker service create, and --host-add, --host-rm to docker service update #28031
Add --tty flag to docker service create/update #28076
Autodetect, store, and expose node IP address as seen by the manager #27910
Encryption at rest of manager keys and raft data #27967
Add --update-max-failure-ratio, --update-monitor and --rollback flags to docker service update #26421
Fix an issue with address autodiscovery on docker swarm init running inside a container #26457
(experimental) Add docker service logs command to view logs for a service #28089
Pin images by digest for docker service create and update #28173
Add short (-f) flag for docker node rm --force and docker swarm leave --force #28196
Add options to customize Raft snapshots (--max-snapshots, --snapshot-interval) #27997
Don't repull image if pinned by digest #28265
Swarm-mode support for Windows #27838
Volume:
Add support for labels on volumes #25628
Add support for filtering volumes by label #25628
Add a --force flag in docker volume rm to forcefully purge the data of the volume that has already been deleted #23436
Enhance docker volume inspect to show all options used when creating the volume #26671
Add support for local NFS volumes to resolve hostnames #27329
Security:
Fix selinux labeling of volumes shared in a container #23024
Prohibit /sys/firmware/** from being accessed with apparmor #26618
DEPRECATION:
Marked the docker daemon command as deprecated. The daemon is moved to a separate binary (dockerd), and should be used instead #26834
Deprecate unversioned API endpoints #28208
Remove Ubuntu 15.10 (Wily Werewolf) as supported platform. Ubuntu 15.10 is EOL, and no longer receives updates #27042
Remove Fedora 22 as supported platform. Fedora 22 is EOL, and no longer receives updates #27432
Deprecate the repo:shortid syntax on docker pull #27207
Deprecate backing filesystem without d_type for overlay and overlay2 storage drivers #27433
Deprecate MAINTAINER in Dockerfile #25466
Deprecate filter param for endpoint /images/json #27872
Deprecate setting duplicate engine labels #24533

New in Docker 1.13.0 RC1 (Nov 13, 2016)

Builder:
Add capability to specify images used as a cache source on build. These images do not need to have local parent chain and can be pulled from other registries #26839
(experimental) Add option to squash image layers to the FROM image after successful builds #22641
Fix dockerfile parser with empty line after escape #24725
Add step number on docker build #24978
Add support for compressing build context during image build #25837
add --network to docker build #27702
Fix inconsistent behavior between --label flag on docker build and docker run #26027
Fix image layer inconsistencies when using the overlay storage driver #27209
Unused build-args are now allowed. A warning is presented instead of an error and failed build #27412
Fix builder cache issue on Windows #27805
Contrib:
Add support for building docker debs for Ubuntu Xenial on PPC64 #23438
Add support for building docker debs for Ubuntu Xenial on s390x #26104
Add RPM builder for VMWare Photon OS #24116
Add shell completions to tgz #27735
Update the install script to allow using the mirror in China #27005
Add DEB builder for Ubuntu 16.10 Yakkety Yak #27993
Add RPM builder for Fedora 25 #28222
Distribution:
Update notary dependency to 0.4.2 (full changelogs here) #27074
Support for compilation on windows docker/notary#970
Improved error messages for client authentication errors docker/notary#972
Support for finding keys that are anywhere in the ~/.docker/trust/private directory, not just under ~/.docker/trust/private/root_keys or ~/.docker/trust/private/tuf_keys docker/notary#981
Previously, on any error updating, the client would fall back on the cache. Now we only do so if there is a network error or if the server is unavailable or missing the TUF data. Invalid TUF data will cause the update to fail - for example if there was an invalid root rotation. docker/notary#982
Improve root validation and yubikey debug logging docker/notary#858 docker/notary#891
Warn if certificates for root or delegations are near expiry docker/notary#802
Warn if role metadata is near expiry docker/notary#786
Fix passphrase retrieval attempt counting and terminal detection docker/notary#906
Avoid unnecessary blob uploads when different users push same layers to authenticated registry #26564
Allow external storage for registry credentials #26354
Logging:
Standardize the default logging tag value in all logging drivers #22911
Improve performance and memory use when logging of long log lines #22982
Enable syslog driver for windows #25736
Add Logentries Driver #27471
Update of AWS log driver to support tags #27707
Unix socket support for fluentd #26088
Enable fluentd logging driver on Windows #28189
Sanitize docker labels when used as journald field names #23725
Networking:
Add --attachable network support to enable docker run to work in swarm-mode overlay network #25962
Add support for host port PublishMode in services using the --port option in docker service create #27917
Add support for Windows server 2016 overlay network driver (requires upcoming ws2016 update) #28182
Change the default FORWARD policy to DROP #28257
Add support for specifying static IP addresses for predefined network on windows #22208
Fix --publish flag on docker run not working with IPv6 addresses #27860
Fix inspect network show gateway with mask #25564
Fix an issue where multiple addresses in a bridge may cause --fixed-cidr to not have the correct addresses #26659
Add creation timestamp to docker network inspect #26130
Show peer nodes in docker network inspect for swarm overlay networks #28078
Enable ping for service VIP address #28019
Plugins:
Move plugins out of experimental #28226
Add --force on docker plugin remove #25096
Add support for dynamically reloading authorization plugins #22770
Add description in docker plugin ls #25556
Add -f/--format to docker plugin inspect #25990
Add docker plugin create command #28164
Send request's TLS peer certificates to authorization plugins #27383
Support for global-scoped network and ipam plugins in swarm-mode #27287
Remote API (v1.25) & Client:
Support docker stack deploy from a Compose file #27998
(experimental) Implement checkpoint and restore #22049
Add --format flag to docker info #23808
Remove --name from docker volume create #23830
Add docker stack ls #23886
Add a new is-task ps filter #24411
Add --env-file flag to docker create service #24844
Add --format on docker stats #24987
Make docker node ps default to self in swarm node #25214
Add --group in docker service create #25317
Add --no-trunc to service/node/stack ps output [#25337(#25337)
Add Logs to ContainerAttachOptions so go clients can request to retrieve container logs as part of the attach process #26718
Allow client to talk to an older server #27745
Inform user client-side that a container removal is in progress #26074
Add Isolation to the /info endpoint #26255
Add userns to the /info endpoint #27840
Do not allow more than one mode be requested at once in the services endpoint #26643
Add --mount flag to docker create and docker run #26825#28150
Add capability to /containers/create API to specify mounts in a more granular and safer way #22373
Add --format flag to network ls and volume ls #23475
Allow the top-level docker inspect command to inspect any kind of resource #23614
Allow unsetting the --entrypoint in docker run or docker create #23718
Restructure CLI commands by adding docker image and docker container commands for more consistency #26025
Remove COMMAND column from service ls output #28029
Add --format to docker events #26268
Allow specifying multiple nodes on docker node ps #26299
Restrict fractional digits to 2 decimals in docker images output #26303
Add --dns-option to docker run #28186
Add Image ID to container commit event #28128
Add external binaries version to docker info #27955
Add information for Manager Addresses in the output of docker info #28042
Add a new reference filter for docker images #27872
Runtime:
Add --experimental daemon flag to enable experimental features, instead of shipping them in a separate build #27223
Add a --shutdown-timeout daemon flag to specify the default timeout (in seconds) to stop containers gracefully before daemon exit #23036
Add --stop-timeout to specify the timeout value (in seconds) for individual containers to stop #22566
Add a new daemon flag --userland-proxy-path to allow configuring the userland proxy instead of using the hardcoded docker-proxy from $PATH #26882
Add boolean flag --init on dockerd and on docker run to use tini a zombie-reaping init process as PID 1 #26061 #28037
Add a new daemon flag --init-path to allow configuring the path to the docker-init binary #26941
Add support for live reloading insecure registry in configuration #22337
Add support for storage-opt size on Windows daemons #23391
Improve reliability of docker run --rm by moving it from the client to the daemon #20848
Add support for --cpu-rt-period and --cpu-rt-runtime flags, allowing containers to run real-time threads when CONFIG_RT_GROUP_SCHED is enabled in the kernel #23430
Allow parallel stop, pause, unpause #24761 / #26778
Implement XFS quota for overlay2 #24771
Fix partial/full filter issue in service tasks --filter #24850
Allow engine to run inside a user namespace #25672
Fix a race condition between device deferred removal and resume device, when using the devicemapper graphdriver #23497
Add docker stats support in Windows #25737
Allow using --pid=host and --net=host when --userns=host #25771
(experimental) Add metrics output #25820
Fix issue in docker stats with NetworkDisabled=true #25905
Add docker top support in Windows #25891
Record pid of exec'd process #27470
Add support for looking up user/groups via getent #27599
Add new docker system command with df and prune subcommands for system resource management, as well as docker {container,image,volume,network} prune subcommands #26108 #27525 / #27525
Fix an issue where containers could not be stopped or killed by setting xfs max_retries to 0 upon ENOSPC with devicemapper #26212
Fix docker cp failing to copy to a container's volume dir on CentOS with devicemapper #28047
Promote overlay(2) graphdriver #27932
Add --seccomp-profile daemon flag to specify a path to a seccomp profile that overrides the default #26276
Fix ulimits in docker inspect when --default-ulimit is set on daemon #26405
Add workaround for overlay issues during build in older kernels #28138
Add TERM environment variable on docker exec -t #26461
Honor a container’s --stop-signal setting upon docker kill #26464
Swarm Mode:
Add secret management #27794
Display the endpoint mode in the output of docker service inspect --pretty #26906
Make docker service ps output more bearable by shortening service IDs in task names #28088
docker node ps now defaults to the current node #25214
Add -a/--all flags to docker service ps and docker node ps to show all results #25983
Add --dns, --dns-opt, and --dns-search to service create. #27567
Add --force to docker service update #27596
Add -q to docker service ps #27654
Display number of global services in docker service ls #27710
Remove --name flag from docker service update. This flag is only functional on docker service create, so was removed from the update command #26988
Fix worker nodes failing to recover because of transient networking issues #26646
Add support for health aware load balancing and DNS records #27279
Add --hostname to docker service create #27857
Add --tty flag to docker service create/update #28076
Autodetect, store, and expose node IP address as seen by the manager #27910
Encryption at rest of manager keys and raft data #27967
Add --update-max-failure-ratio, --update-monitor and --rollback flags to docker service update #26421
Fix an issue with address autodiscovery on docker swarm init running inside a container #26457
(experimental) Add docker service logs command to view logs for a service #28089
Pin images by digest for docker service create and update #28173
Add short (-f) flag for docker node rm --force and docker swarm leave --force #28196
Don't repull image if pinned by digest #28265
swarm-mode support for indows #27838
Volume:
Add support for labels on volumes #25628
Add support for filtering volumes by label #25628
Add a --force flag in docker volume rm to forcefully purge the data of the volume that has already been deleted #23436
Enhance docker volume inspect to show all options used when creating the volume #26671
Add support for local NFS volumes to resolve hostnames #27329
Security:
Fix selinux labeling of volumes shared in a container #23024
Prohibit /sys/firmware/** from being accessed with apparmor #26618
DEPRECATION:
Marked the docker daemon command as deprecated. The daemon is moved to a separate binary (dockerd), and should be used instead #26834
Deprecate unversioned API endpoints #28208
Remove Ubuntu 15.10 (Wily Werewolf) as supported platform. Ubuntu 15.10 is EOL, and no longer receives updates #27042
Remove Fedora 22 as supported platform. Fedora 22 is EOL, and no longer receives updates #27432
Deprecate the repo:shortid syntax on docker pull #27207
Deprecate backing filesystem without d_type for overlay/overlay2 storage drivers #27433
Deprecate MAINTAINER in Dockerfile #25466
Deprecated filter param for endpoint /images/json #27872

New in Docker 1.12.3 (Oct 28, 2016)

New in Docker 1.12.2 (Oct 17, 2016)

Runtime:
Fix a panic due to a race condition filtering docker ps #26049
Implement retry logic to prevent "Unable to remove filesystem" errors when using the aufs storage driver #26536
Prevent devicemapper from removing device symlinks if dm.use_deferred_removal is enabled #24740
Fix an issue where the CLI did not return correct exit codes if a command was run with invalid options #26777
Fix a panic due to a bug in stdout / stderr processing in health checks #26507
Fix exec's children handling #26874
Fix exec form of HEALTHCHECK CMD #26208
Networking:
Fix a daemon start panic on armv5 #24315
Vendor libnetwork #26879 #26953
Avoid returning early on agent join failures docker/libnetwork#1473
Fix service published port cleanup issues docker/libetwork#1432 docker/libnetwork#1433
Recover properly from transient gossip failures docker/libnetwork#1446
Disambiguate node names known to gossip cluster to avoid node name collision docker/libnetwork#1451
Honor user provided listen address for gossip docker/libnetwork#1460
Allow reachability via published port across services on the same host docker/libnetwork#1398
Change the ingress sandbox name from random id to just ingress_sbox docker/libnetwork#1449
Swarm Mode:
Fix remote detection of a node's address when it joins the cluster #26211
Vendor SwarmKit #26765
Bounce session after failed status update docker/swarmkit#1539
Fix possible raft deadlocks docker/swarmkit#1537
Fix panic and endpoint leak when a service is updated with no endpoints docker/swarmkit#1481
Produce an error if the same port is published twice on service create or service update docker/swarmkit#1495
Fix an issue where changes to a service were not detected, resulting in the service not being updated docker/swarmkit#1497
Contrib:
Update the debian sysv-init script to use dockerd instead of docker daemon #25869
Improve stability when running the docker client on MacOS Sierra #26875
Windows:
Fix an issue where arrow-navigation did not work when running the docker client in ConEmu #25578

New in Docker 1.12.2 RC2 (Oct 5, 2016)

Runtime:
Fix a panic due to a race condition filtering docker ps #26049
Implement retry logic to prevent "Unable to remove filesystem" errors when using the aufs storage driver #26536
Prevent devicemapper from removing device symlinks if dm.use_deferred_removal is enabled #24740
Fix an issue where the CLI did not return correct exit codes if a command was run with invalid options #26777
Fix a panic due to a bug in stdout / stderr processing in health checks #26507
Fix exec's children handling #26874
Fix exec form of HEALTHCHECK CMD #26208
Networking:
Fix a daemon start panic on armv5 #24315
Vendor libnetwork #26879 #26953
Avoid returning early on agent join failures docker/libnetwork#1473
Fix service published port cleanup issues docker/libetwork#1432 docker/libnetwork#1433
Recover properly from transient gossip failures docker/libnetwork#1446
Disambiguate node names known to gossip cluster to avoid node name collision docker/libnetwork#1451
Honor user provided listen address for gossip docker/libnetwork#1460
Allow reachability via published port across services on the same host docker/libnetwork#1398
Change the ingress sandbox name from random id to just ingress_sbox docker/libnetwork#1449
Swarm Mode:
Fix remote detection of a node's address when it joins the cluster #26211
Vendor SwarmKit #26765
Bounce session after failed status update docker/swarmkit#1539
Fix possible raft deadlocks docker/swarmkit#1537
Fix panic and endpoint leak when a service is updated with no endpoints docker/swarmkit#1481
Produce an error if the same port is published twice on service create or service update docker/swarmkit#1495
Fix an issue where changes to a service were not detected, resulting in the service not being updated docker/swarmkit#1497
Contrib:
Update the debian sysv-init script to use dockerd instead of docker daemon #25869
Improve stability when running the docker client on MacOS Sierra #26875
Windows:
Fix an issue where arrow-navigation did not work when running the docker client in ConEmu #25578

New in Docker 1.12.2 RC1 (Sep 28, 2016)

Runtime:
Fix a panic due to a race condition filtering docker ps #26049
Implement retry logic to prevent "Unable to remove filesystem" errors when using the aufs storage driver #26536
Prevent devicemapper from removing device symlinks if dm.use_deferred_removal is enabled #24740
Fix an issue where the CLI did not return correct exit codes if a command was run with invalid options #26777
Fix a panic due to a bug in stdout / stderr processing in health checks #26507
Fix exec's children handling #26874
Fix exec form of HEALTHCHECK CMD #26208
Networking:
Fix a daemon start panic on armv5 #24315
Vendor libnetwork #26879 #26953
Avoid returning early on agent join failures docker/libnetwork#1473
Fix service published port cleanup issues docker/libetwork#1432 docker/libnetwork#1433
Recover properly from transient gossip failures docker/libnetwork#1446
Disambiguate node names known to gossip cluster to avoid node name collision docker/libnetwork#1451
Honor user provided listen address for gossip docker/libnetwork#1460
Allow reachability via published port across services on the same host docker/libnetwork#1398
Change the ingress sandbox name from random id to just ingress_sbox docker/libnetwork#1449
Swarm Mode:
Fix remote detection of a node's address when it joins the cluster #26211
Vendor SwarmKit #26765
Bounce session after failed status update docker/swarmkit#1539
Fix possible raft deadlocks docker/swarmkit#1537
Fix panic and endpoint leak when a service is updated with no endpoints docker/swarmkit#1481
Produce an error if the same port is published twice on service create or service update docker/swarmkit#1495
Fix an issue where changes to a service were not detected, resulting in the service not being updated docker/swarmkit#1497
Contrib:
Update the debian sysv-init script to use dockerd instead of docker daemon #25869
Improve stability when running the docker client on MacOS Sierra #26875
Windows:
Fix an issue where arrow-navigation did not work when running the docker client in ConEmu #25578

New in Docker 1.12.1 (Sep 9, 2016)

IMPORTANT: Docker 1.12 ships with an updated systemd unit file for rpm
based installs (which includes RHEL, Fedora, CentOS, and Oracle Linux 7). When
upgrading from an older version of docker, the upgrade process may not
automatically install the updated version of the unit file, or fail to start
the docker service if;
the systemd unit file (/usr/lib/systemd/system/docker.service) contains local changes, or
a systemd drop-in file is present, and contains -H fd:// in the ExecStart directive
Starting the docker service will produce an error:
Failed to start docker.service: Unit docker.socket failed to load: No such file or directory.
no sockets found via socket activation: make sure the service was started by systemd.
To resolve this:
Backup the current version of the unit file, and replace the file with the version that ships with docker 1.12
Remove the Requires=docker.socket directive from the /usr/lib/systemd/system/docker.service file if present
Remove -H fd:// from the ExecStart directive (both in the main unit file, and in any drop-in files present).
After making those changes, run sudo systemctl daemon-reload, and sudo systemctl restart docker to reload changes and (re)start the docker daemon.
Client:
Add Joined at information in node inspect --pretty #25512
Fix a crash on service inspect #25454
Fix issue preventing service update --env-add to work as intended #25427
Fix issue preventing service update --publish-add to work as intended #25428
Remove service update --network-add and service update --network-rm flags because this feature is not yet implemented in 1.12, but was inadvertently added to the client in 1.12.0 #25646
Contrib:
Official ARM installation for Raspbian Jessie #24815 #25591
Add selinux policy per distro/version, fixing issue preventing successful installation on Fedora 24, and Oracle Linux #25334 #25593
Networking:
Fix issue that prevented containers to be accessed by hostname with Docker overlay driver in Swarm Mode #25603 #25648
Fix random network issues on service with published port #25603
Fix unreliable inter-service communication after scaling down and up #25603
Fix issue where removing all tasks on a node and adding them back breaks connectivity with other services #25603
Fix issue where a task that fails to start results in a race, causing a network xxx not found error that masks the actual error #25550
Relax validation of SRV records for external services that use SRV records not formatted according to RFC 2782 #25739
Plugins (experimental):
Make daemon events listen for plugin lifecycle events #24760
Check for plugin state before enabling plugin #25033
Remove plugin root from filesystem on plugin rm #25187
Prevent deadlock when more than one plugin is installed #25384
Runtime:
Mask join tokens in daemon logs #25346
Fix docker ps --filter causing the results to no longer be sorted by creation time #25387
Fix various crashes #25053
Security:
Add /proc/timer_list to the masked paths list to prevent information leak from the host #25630
Allow systemd to run with only --cap-add SYS_ADMIN rather than having to also add --cap-add DAC_READ_SEARCH or disabling seccomp filtering #25567
Swarm:
Fix an issue where the swarm can get stuck electing a new leader after quorum is lost #25055
Fix unwanted rescheduling of containers after a leader failover #25017
Change swarm root CA key to P256 curve swarmkit#1376
Allow forced removal of a node from a swarm #25159
Fix connection leak when a node leaves a swarm swarmkit/#1277
Backdate swarm certificates by one hour to tolerate more clock skew swarmkit/#1243
Avoid high CPU use with many unschedulable tasks swarmkit/#1287
Fix issue with global tasks not starting up swarmkit/#1295
Garbage collect raft logs swarmkit/#1327
Volume:
Persist local volume options after a daemon restart #25316
Fix an issue where the mount ID was not returned on volume unmount #25333
Fix an issue where a volume mount could inadvertently create a bind mount #25309
docker service create --mount type=bind,... now correctly validates if the source path exists, instead of creating it #25494

New in Docker 1.12.0 (Jul 30, 2016)

New in Docker 1.11.1 (May 17, 2016)

New in Docker 1.11.0 (Apr 13, 2016)

Builder:
Fix a bug where Docker would not used the correct uid/gid when processing the WORKDIR command (#21033)
Fix a bug where copy operations with userns would not use the proper uid/gid (#20782, #21162)
Client:
Usage of the : separator for security option has been deprecated. = should be used instead (#21232)
The client user agent is now passed to the registry on pull, build, push, login and search operations (#21306, #21373)
Allow setting the Domainname and Hostname separately through the API (#20200)
Docker info will now warn users if it can not detect the kernel version or the operating system (#21128)
Fix an issue where docker stats --no-stream output could be all 0s (#20803)
Fix a bug where some newly started container would not appear in a running docker stats command (#20792)
Post processing is no longer enabled for linux-cgo terminals (#20587)
Values to --hostname are now refused if they do not comply with RFC1123 (#20566)
Docker learned how to use a SOCKS proxy (#20366, #18373)
Docker now supports external credential stores (#20107)
docker ps now supports displaying the list of volumes mounted inside a container (#20017)
docker info now also report Docker's root directory location (#19986)
Docker now prohibits login in with an empty username (spaces are trimmed) (#19806)
Docker events attributes are now sorted by key (#19761)
docker ps no longer show exported port for stopped containers (#19483)
Docker now cleans after itself if a save/export command fails (#17849)
Docker load learned how to display a progress bar (#17329, #120078)
Distribution:
Fix a panic that occurred when pulling an images with 0 layers (#21222)
Fix a panic that could occur on error while pushing to a registry with a misconfigured token service (#21212)
All first-level delegation roles are now signed when doing a trusted push (#21046)
OAuth support for registries was added (#20970)
docker login now handles token using the implementation found in docker/distribution (#20832)
docker login will no longer prompt for an email (#20565)
Docker will now fallback to registry V1 if no basic auth credentials are available (#20241)
Docker will now try to resume layer download where it left off after a network error/timeout (#19840)
Fix generated manifest mediaType when pushing cross-repository (#19509)
Logging:
Fix a race in the journald log driver (#21311)
Docker syslog driver now uses the RFC-5424 format when emitting logs (#20121)
Docker GELF log driver now allows to specify the compression algorithm and level via the gelf-compression-type and gelf-compression-level options (#19831)
Docker daemon learned to output uncolorized logs via the --raw-logs options (#19794)
Docker, on Windows platform, now includes an ETW (Event Tracing in Windows) logging driver named etwlogs (#19689)
Journald log driver learned how to handle tags (#19564)
The fluentd log driver learned the following options: fluentd-address, fluentd-buffer-limit, fluentd-retry-wait, fluentd-max-retries and fluentd-async-connect (#19439)
Docker learned to send log to Google Cloud via the new gcplogs logging driver. (#18766)
Misc:
When saving linked images together with docker save a subsequent docker load will correctly restore their parent/child relationship (#21385)
Support for building the Docker cli for OpenBSD was added (#21325)
Labels can now be applied at network, volume and image creation (#21270)
The dockremap is now created as a system user (#21266)
Fix a few response body leaks (#21258)
Docker, when run as a service with systemd, will now properly manage its processes cgroups (#20633)
Docker info now reports the value of cgroup KernelMemory or emits a warning if it is not supported (#20863)
Docker info now also reports the cgroup driver in use (#20388)
Docker completion is now available on PowerShell (#19894)
dockerinit is no more (#19490,#19851)
Support for building Docker on arm64 was added (#19013)
Experimental support for building docker.exe in a native Windows Docker installation (#18348)
Networking:
Fix a bug where IPv6 addresses were not properly handled (#20842)
docker network inspect will now report all endpoints whether they have an active container or not (#21160)
Experimental support for the MacVlan and IPVlan network drivers have been added (#21122)
Output of docker network ls is now sorted by network name (#20383)
Fix a bug where Docker would allow a network to be created with the reserved default name (#19431)
docker network inspect now returns whether a network is internal or not (#19357)
Control IPv6 via explicit option when creating a network (docker network create --ipv6). This shows up as a new EnableIPv6 field in docker network inspect (#17513)
Support for AAAA Records (aka IPv6 Service Discovery) in embedded DNS Server #21396
Multiple A/AAAA records from embedded DNS Server for DNS Round robin #21019
Plugins:
Fix a file descriptor leak that would occur every time plugins were enumerated (#20686)
Fix an issue where Authz plugin would corrupt the payload body when faced with a large amount of data (#20602)
Runtime:
It is now possible for containers to share the NET and IPC namespaces when userns is enabled (#21383)
docker inspect will now expose the rootfs layers (#21370)
Docker Windows gained a minimal top implementation (#21354)
Docker learned to report the faulty exe when a container cannot be started due to its condition (#21345)
Docker with device mapper will now refuse to run if udev sync is not available (#21097)
Fix a bug where Docker would not validate the config file upon configuration reload (#21089)
Fix a hang that would happen on attach if initial start was to fail (#21048)
Fix an issue where registry service options in the daemon configuration file were not properly taken into account (#21045)
Fix a race between the exec and resize operations (#21022)
Fix an issue where nanoseconds were not correctly taken in account when filtering Docker events (#21013)
Fix the handling of Docker command when passed a 64 bytes id (#21002)
Docker will now return a 204 (i.e http.StatusNoContent) code when it successfully deleted a network (#20977)
Fix a bug where the daemon would wait indefinitely in case the process it was about to killed had already exited on its own (#20967
The devmapper driver learned the dm.min_free_space option. If the mapped device free space reaches the passed value, new device creation will be prohibited. (#20786)
Docker can now prevent processes in container to gain new privileges via the --security-opt=no-new-privileges flag (#20727)
Starting a container with the --device option will now correctly resolves symlinks (#20684)
Docker now relies on containerd and runc to spawn containers. (#20662)
Fix docker configuration reloading to only alter value present in the given config file (#20604)
Docker now allows setting a container hostname via the --hostname flag when --net=host (#20177)
Docker now allows executing privileged container while running with --userns-remap if both --privileged and the new --userns=host flag are specified (#20111)
Fix Docker not cleaning up correctly old containers upon restarting after a crash (#19679)
Docker will now error out if it doesn't recognize a configuration key within the config file (#19517)
Fix container loading, on daemon startup, when they depends on a plugin running within a container (#19500)
docker update learned how to change a container restart policy (#19116)
docker inspect now also returns a new State field containing the container state in a human readable way (i.e. one of created, restarting, running, paused, exited or dead)(#18966)
Docker learned to limit the number of active pids (i.e. processes) within the container via the pids-limit flags. NOTE: This requires CGROUP_PIDS=y to be in the kernel configuration. (#18697)
docker load now has a --quiet option to suppress the load output (#20078)
Security:
Object with the pcp_pmcd_t selinux type were given management access to /var/lib/docker(/.*)? (#21370)
restart_syscall, copy_file_range, mlock2 joined the list of allowed calls in the default seccomp profile (#21117, #21262)
send, recv and x32 were added to the list of allowed syscalls and arch in the default seccomp profile (#19432)
Volumes:
Output of docker volume ls is now sorted by volume name (#20389)
Local volumes can now accepts options similar to the unix mount tool (#20262)
Fix an issue where one letter directory name could not be used as source for volumes (#21106)
docker run -v now accepts a new flag nocopy. This tell the runtime not to copy the container path content into the volume (which is the default behavior) (#21223)

New in Docker 1.10.2 (Feb 23, 2016)

New in Docker 1.10.0 (Feb 4, 2016)

Runtime:
New docker update command that allows updating resource constraints on running containers #15078
Add --tmpfs flag to docker run to create a tmpfs mount in a container #13587
Add --format flag to docker images command #17692
Allow to set daemon configuration in a file and hot-reload it with the SIGHUP signal #18587
Updated docker events to include more meta-data and event types #18888 This change is backward compatible in the API, but not on the CLI.
Add --blkio-weight-device flag to docker run #13959
Add --device-read-bps and --device-write-bps flags to docker run #14466
Add --device-read-iops and --device-write-iops flags to docker run #15879
Add --oom-score-adj flag to docker run #16277
Add --detach-keys flag to attach, run, start and exec commands to override the default key sequence that detaches from a container #15666
Add --shm-size flag to run, create and build to set the size of /dev/shm #16168
Show the number of running, stopped, and paused containers in docker info #19249
Show the OSType and Architecture in docker info #17478
Add --cgroup-parent flag on daemon to set cgroup parent for all containers #19062
Add -L flag to docker cp to follow symlinks #16613
New status=dead filter for docker ps #17908
Change docker run exit codes to distinguish between runtime and application errors #14012
Enhance docker events --since and --until to support nanoseconds and timezones #17495
Add --all/-a flag to stats to include both running and stopped containers #16742
Change the default cgroup-driver to cgroupfs #17704
Emit a "tag" event when tagging an image with build -t #17115
Best effort for linked containers' start order when starting the daemon #18208
Add ability to add multiple tags on build #15780
Permit OPTIONS request against any url, thus fixing issue with CORS #19569
Fix the --quiet flag on docker build to actually be quiet #17428
Fix docker images --filter dangling=false to now show all non-dangling images #19326
Fix race condition causing autorestart turning off on restart #17629
Recognize GPFS filesystems #19216
Fix obscure bug preventing to start containers #19751
Forbid exec during container restart #19722
devicemapper: Increasing --storage-opt dm.basesize will now increase the base device size on daemon restart #19123
Security:
Add --userns-remap flag to daemon to support user namespaces (previously in experimental) #19187
Add support for custom seccomp profiles in --security-opt #17989
Add default seccomp profile #18780
Add --authorization-plugin flag to daemon to customize ACLs #15365
Docker Content Trust now supports the ability to read and write user delegations #18887 This is an optional, opt-in feature that requires the explicit use of the Notary command-line utility in order to be enabled. Enabling delegation support in a specific repository will break the ability of Docker 1.9 and 1.8 to pull from that repository, if content trust is enabled.
Allow SELinux to run in a container when using the BTRFS storage driver #16452
Distribution:
Use content-addressable storage for images and layers #17924 Note that a migration is performed the first time docker is run; it can take a significant amount of time depending on the number of images and containers present. Images no longer depend on the parent chain but contain a list of layer references. docker load/docker save tarballs now also contain content-addressable image configurations. For more information: https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration
Add support for the new manifest format ("schema2") #18785
Lots of improvements for push and pull: performance++, retries on failed downloads, cancelling on client disconnect #18353, #18418, #19109, #18353
Limit v1 protocol fallbacks #18590
Fix issue where docker could hang indefinitely waiting for a nonexistent process to pull an image #19743
Networking:
Use DNS-based discovery instead of /etc/hosts #19198
Support for network-scoped alias using --net-alias on run and --alias on network connect #19242
Add --ip and --ip6 on run and network connect to support custom IP addresses for a container in a network #19001
Add --ipam-opt to network create for passing custom IPAM options #17316
Add --internal flag to network create to restrict external access to and from the network #19276
Add kv.path option to --cluster-store-opt #19167
Add discovery.heartbeat and discovery.ttl options to --cluster-store-opt to configure discovery TTL and heartbeat timer #18204
Add --format flag to network inspect #17481
Add --link to network connect to provide a container-local alias #19229
Support for Capability exchange with remote IPAM plugins #18775
Add --force to network disconnect to force container to be disconnected from network #19317
Support for multi-host networking using built-in overlay driver for all engine supported kernels: 3.10+ #18775
--link is now supported on docker run for containers in user-defined network #19229
Enhance docker network rm to allow removing multiple networks #17489
Include container names in network inspect #17615
Include auto-generated subnets for user-defined networks in network inspect #17316
Add --filter flag to network ls to hide predefined networks #17782
Add support for network connect/disconnect to stopped containers #18906
Add network ID to container inspect #19323
Fix MTU issue where Docker would not start with two or more default routes #18108
Fix duplicate IP address for containers #18106
Fix issue preventing sometimes docker from creating the bridge network #19338
Do not substitute 127.0.0.1 name server when using --net=host #19573
Logging:
New logging driver for Splunk #16488
Add support for syslog over TCP+TLS #18998
Enhance docker logs --since and --until to support nanoseconds and time #17495
Enhance AWS logs to auto-detect region #16640
Volumes:
Add support to set the mount propagation mode for a volume #17034
Add ls and inspect endpoints to volume plugin API #16534 Existing plugins need to make use of these new APIs to satisfy users' expectation For that, please use the new MIME type application/vnd.docker.plugins.v1.2+json #19549
Fix data not being copied to named volumes #19175
Fix issues preventing volume drivers from being containerized #19500
Fix docker volumes ls --dangling=false to now show all non-dangling volumes #19671
Do not remove named volumes on container removal #19568
Allow external volume drivers to host anonymous volumes #19190
Builder:
Add support for ** in .dockerignore to wildcard multiple levels of directories #17090
Fix handling of UTF-8 characters in Dockerfiles #17055
Fix permissions problem when reading from STDIN #19283
Client:
Add support for overriding the API version to use via an DOCKER_API_VERSION environment-variable #15964
Fix a bug preventing Windows clients to log in to Docker Hub #19891
Misc:
systemd: Set TasksMax in addition to LimitNPROC in systemd service file #19391
Deprecations:
Remove LXC support. The LXC driver was deprecated in Docker 1.8, and has now been removed #17700
Remove --exec-driver daemon flag, because it is no longer in use #17700
Remove old deprecated single-dashed long CLI flags (such as -rm; use --rm instead) #17724
Deprecate HostConfig at API container start #17799
Deprecate docker packages for newly EOL'd Linux distributions: Fedora 21 and Ubuntu 15.04 (Vivid) #18794, #18809
Deprecate -f flag for docker tag #18350

New in Docker 1.10.0 RC1 (Jan 16, 2016)

Runtime:
New docker update command that allows updating resource constraints on running containers #15078
Add --tmpfs flag to docker run to create a tmpfs mount in a container #13587
Add --format flag to docker images command #17692
Allow to set daemon configuration in a file and hot-reload it with the SIGHUP signal #18587
Updated docker events to include more meta-data and event types #18888
This change is backward compatible in the API, but not on the CLI.
Add --blkio-weight-device flag to docker run #13959
Add --device-read-bps and --device-write-bps flags to docker run #14466
Add --device-read-iops and --device-write-iops flags to docker run #15879
Add --oom-score-adj flag to docker run #16277
Change docker run exit codes to distinguish between runtime and application errors #14012
Add --detach-keys flag to attach and exec commands to override the default key sequence that detaches from a container #15666
Add --shm-size flag to run, create and build to set the size of /dev/shm #16168
Show the number of running, stopped, and paused containers in docker info #19249
Show the OSType and Architecture in docker info #17478
Add --cgroup-parent flag on daemon to set cgroup parent for all containers #19062
Add -L flag to docker cp to follow symlinks #16613
New status=dead filter for docker ps #17908
Enhance docker events --since and --until to support nanoseconds and timezones #17495
Add --all/-a flag to stats to include both running and stopped containers #16742
Change the default cgroup-driver to cgroupfs #17704
Emit a "tag" event when tagging an image with build -t #17115
Best effort for linked containers' start order when starting the daemon #18208
Fix the --quiet flag on docker build to actually be quiet #17428
Fix docker images --filter dangling=false to now show all non-dangling images #19326
Fix race condition causing autorestart turning off on restart #17629
devicemapper: Increasing --storage-opt dm.basesize will now increase the base device size on daemon restart #19123
Security:
Add --userns-remap flag to daemon to support user namespaces (previously in experimental) #19187
Add support for custom seccomp profiles in --security-opt #17989
Add default seccomp profile #18780
Add --authorization-plugin flag to daemon to customize ACLs #15365
Allow SELinux to run in a container when using the BTRFS storage driver #16452
Distribution:
New registrytoken pass-thru token type for AuthConfig #17481
It allows API clients to retrieve an authentication token from a registry, and then pass that token directly to the remote API
Use content-addressable storage for images and layers #17924
Note that a migration is performed the first time docker is run; it can take a significant amount of time depending on the number of images and containers present.
Images no longer depend on the parent chain but contain a list of layer references.
docker load/docker save tarballs now also contain content-addressable image configurations.
Add support for the new manifest format ("schema2") #18785
Lots of improvements for push and pull: performance++, retries on failed downloads, cancelling on client disconnect #18353, #18418, #19109, #18353
Limit v1 protocol fallbacks #18590
New version of notary with client-side pkcs11 support #17937
Networking:
Use DNS-based discovery instead of /etc/hosts #19198
Support for network-scoped alias using --net-alias on run and --alias on network connect #19242
Add --ip and --ip6 on run and network connect to support custom IP addresses for a container in a network #19001
Add --ipam-opt to network create for passing custom IPAM options #17316
Add --internal flag to network create to restrict external access to and from the network #19276
Add kv.path option to --cluster-store-opt #19167
Add discovery.heartbeat and discovery.ttl options to --cluster-store-opt to configure discovery TTL and heartbeat timer #18204
Add --format flag to network inspect #17481
Add --link to network connect to provide a container-local alias #19229
Support for Capability exchange with remote IPAM plugins #18775
Support for multi-host networking using built-in overlay driver for all engine supported kernels: 3.10+ #18775
--link is now supported on docker run for containers in user-defined network #19229
Enhance docker network rm to allow removing multiple networks #17489
Include container names in network inspect #17615
Include auto-generated subnets for user-defined networks in network inspect #17316
Add --filter flag to network ls to hide predefined networks #17782
Add support for network connect/disconnect to stopped containers #18906
Add network ID to container inspect #19323
Fix MTU issue where Docker would not start with two or more default routes #18108
Fix duplicate IP address for containers #18106
Fix issue preventing sometimes docker from creating the bridge network #19338
Logging:
New logging driver for Splunk #16488
Add support for syslog over TCP+TLS #18998
Enhance docker logs --since and --until to support nanoseconds and time #17495
Enhance AWS logs to auto-detect region #16640
Volumes:
Add support to set the mount propagation mode for a volume #17034
Add ls and inspect endpoints to volume plugin API #16534
Existing plugins need to make use of these new APIs to satisfy users' expectation
Fix data not being copied to named volumes #19175
Builder:
Add support for ** in .dockerignore to wildcard multiple levels of directories #17090
Fix handling of UTF-8 characters in Dockerfiles #17055
Fix permissions problem when reading from STDIN #19283
Client:
Add support for overriding the API version to use via an DOCKER_API_VERSION environment-variable #15964
Deprecations:
Remove LXC support. The LXC driver was deprecated in Docker 1.8, and has now been removed #17700
Remove --exec-driver daemon flag, because it is no longer in use #17700
Remove old deprecated single-dashed long CLI flags (such as -rm; use --rm instead) #17724
Deprecate HostConfig at API container start #17799
Deprecate docker packages for newly EOL'd Linux distributions: Fedora 21 and Ubuntu 15.04 (Vivid) #18794, #18809
Deprecate -f flag for docker tag #18350

New in Docker 1.9.1 (Nov 23, 2015)

New in Docker 1.9.0 (Nov 8, 2015)

Runtime:
docker stats now returns block IO metrics (#15005)
docker stats now details network stats per interface (#15786)
Add ancestor= filter to docker ps --filter flag to filter containers based on their ancestor images (#14570)
Add label= filter to docker ps --filter to filter containers based on label (#16530)
Add --kernel-memory flag to docker run (#14006)
Add --message flag to docker import allowing to specify an optional message (#15711)
Add --privileged flag to docker exec (#14113)
Add --stop-signal flag to docker run allowing to replace the container process stopping signal (#15307)
Add a new unless-stopped restart policy (#15348)
Inspecting an image now returns tags (#13185)
Add container size information to docker inspect (#15796)
Add RepoTags and RepoDigests field to /images/{name:.*}/json (#17275)
Remove the deprecated /container/ps endpoint from the API (#15972)
Send and document correct HTTP codes for /exec//start (#16250)
Share shm and mqueue between containers sharing IPC namespace (#15862)
Event stream now shows OOM status when --oom-kill-disable is set (#16235)
Ensure special network files (/etc/hosts etc.) are read-only if bind-mounted with ro option (#14965)
Improve rmi performance (#16890)
Do not update /etc/hosts for the default bridge network, except for links (#17325)
Fix conflict with duplicate container names (#17389)
Fix an issue with incorrect template execution in docker inspect (#17284)
DEPRECATE -c short flag variant for --cpu-shares in docker run (#16271)
Client:
Allow docker import to import from local files (#11907)
Builder:
Add a STOPSIGNAL Dockerfile instruction allowing to set a different stop-signal for the container process (#15307)
Add an ARG Dockerfile instruction and a --build-arg flag to docker build that allows to add build-time environment variables (#15182)
Improve cache miss performance (#16890)
Storage:
devicemapper: Implement deferred deletion capability (#16381)
Networking:
docker network exits experimental and is part of standard release (#16645)
New network top-level concept, with associated subcommands and API (#16645) WARNING: the API is different from the experimental API
Support for multiple isolated/micro-segmented networks (#16645)
Built-in multihost networking using VXLAN based overlay driver (#14071)
Support for third-party network plugins (#13424)
Ability to dynamically connect containers to multiple networks (#16645)
Support for user-defined IP address management via pluggable IPAM drivers (#16910)
Add daemon flags --cluster-store and --cluster-advertise for built-in nodes discovery (#16229)
Add --cluster-store-opt for setting up TLS settings (#16644)
Add --dns-opt to the daemon (#16031)
DEPRECATE following container NetworkSettings fields in API v1.21: EndpointID, Gateway, GlobalIPv6Address, GlobalIPv6PrefixLen, IPAddress, IPPrefixLen, IPv6Gateway and MacAddress. Those are now specific to the bridge network. Use NetworkSettings.Networks to inspect the networking settings of a container per network.
Volumes:
New top-level volume subcommand and API (#14242)
Move API volume driver settings to host-specific config (#15798)
Print an error message if volume name is not unique (#16009)
Ensure volumes created from Dockerfiles always use the local volume driver (#15507)
DEPRECATE auto-creating missing host paths for bind mounts (#16349)
Logging:
Add awslogs logging driver for Amazon CloudWatch (#15495)
Add generic tag log option to allow customizing container/image information passed to driver (e.g. show container names) (#15384)
Implement the docker logs endpoint for the journald driver (#13707)
DEPRECATE driver-specific log tags (e.g. syslog-tag, etc.) (#15384)
Distribution:
docker search now works with partial names (#16509)
Push optimization: avoid buffering to file (#15493)
The daemon will display progress for images that were already being pulled by another client (#15489)
Only permissions required for the current action being performed are requested (#)
Renaming trust keys (and respective environment variables) from offline to root and tagging to repository (#16894)
DEPRECATE trust key environment variables DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE and DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE (#16894)
Security:
Add SELinux profiles to the rpm package (#15832)
Fix various issues with AppArmor profiles provided in the deb package (#14609)
Add AppArmor policy that prevents writing to /proc (#15571)

New in Docker 1.9.0 RC1 (Oct 15, 2015)

Runtime:
docker stats now returns block IO metrics (#15005)
docker stats now details network stats per interface (#15786)
Add ancestor= filter to docker ps --filter flag to filter containers based on their ancestor images (#14570)
Add label= filter to docker ps --filter to filter containers based on label (#16530)
Add --kernel-memory flag to docker run (#14006)
Add --message flag to docker import allowing to specify an optional message (#15711)
Add --privileged flag to docker exec (#14113)
Add --stop-signal flag to docker run allowing to replace the container process stopping signal (#15307)
Add a new unless-stopped restart policy (#15348)
Inspecting an image now returns tags (#13185)
Add -m/--message flags to docker import to set a commit message (#15711)
Add container size information to docker inspect (#15796)
Remove the deprecated /container/ps endpoint from the API (#15972)
Send and document correct HTTP codes for /exec//start (#16250)
Share shm and mqueue between containers sharing IPC namespace (#15862)
Event stream now shows OOM status when --oom-kill-disable is set (#16235)
Ensure special network files (/etc/hosts etc.) are read-only if bind-mounted with ro option (#14965)
DEPRECATE -c short flag variant for --cpu-shares in docker run (#16271)
Client:
Allow docker import to import from local files (#11907)
Builder:
Add a STOPSIGNAL Dockerfile instruction allowing to set a different stop-signal for the container process (#15307)
Add an ARG Dockerfile instruction and a --build-arg flag to docker build that allows to add build-time environment variables (#15182)
Storage:
devicemapper: Implement deferred deletion capability (#16381)
Networking:
docker network exits experimental and is part of standard release (#16645)
New network top-level concept, with associated subcommands and API (#16645)
Support for multiple isolated/micro-segmented networks (#16645)
Built-in multihost networking using VXLAN based overlay driver (#14071)
Support for third-party network plugins (#13424)
Ability to dynamically connect containers to multiple networks (#16645)
Support for user-defined IP address management via pluggable IPAM drivers (#16910)
Add daemon flags --cluster-store and --cluster-advertise for built-in nodes discovery (#16229)
Add --cluster-store-opt for setting up TLS settings (#16644)
Add --dns-opt to the daemon (#16031)
Volumes:
New top-level volume subcommand and API (#14242)
Move API volume driver settings to host-specific config (#15798)
Print an error message if volume name is not unique (#16009)
Ensure volumes created from Dockerfiles always use the local volume driver (#15507)
DEPRECATE auto-creating missing host paths for bind mounts (#16349)
Logging:
Add awslogs logging driver for Amazon CloudWatch (#15495)
Add generic tag log option to allow customizing container/image information passed to driver (e.g. show container names) (#15384)
Implement the docker logs endpoint for the journald driver (#13707)
DEPRECATE driver-specific log tags (e.g. syslog-tag, etc.) (#15384)
Distribution:
docker search now works with partial names (#16509)
Push optimization: avoid buffering to file (#15493)
The daemon will display progress for images that were already being pulled by another client (#15489)
Only permissions required for the current action being performed are requested (#)
Renaming trust keys (and respective environment variables) from offline to root and tagging to repository (#16894)
DEPRECATE trust key environment variables DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE and DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE (#16894)
Security:
Add SELinux profiles to the rpm package (#15832)
Fix various issues with AppArmor profiles provided in the deb package (#14609)
Add AppArmor policy that prevents writing to /proc (#15571)

New in Docker 1.8.3 (Oct 15, 2015)

New in Docker 1.8.2 (Sep 12, 2015)

New in Docker 1.8.0 RC1 (Jul 27, 2015)

Distribution:
Trusted pull, push and build, disabled by default
Make tar layers deterministic between registries
Don't allow deleting the image of running containers
Check if a tag name to load is a valid digest
Allow one character repository names
Add a more accurate error description for invalid tag name
Make build cache ignore mtime
Cli:
Add support for DOCKER_CONFIG/--config to specify config file dir
Add --type flag for docker inspect command
Add formatting options to `docker ps` with `--format`
Replace `docker -d` with new subcommand `docker daemon`
Zsh completion updates and improvements
Add some missing events to bash completion
Support daemon urls with base paths in `docker -H`
Validate status= filter to docker ps
Display when a container is in --net=host in docker ps
Extend docker inspect to export image metadata related to graph driver
Restore --default-gateway{,-v6} daemon options
Add missing unpublished ports in docker ps
Allow duration strings in `docker events` as --since/--until
Expose more mounts information in `docker inspect`
Runtime:
Add new Fluentd logging driver
Allow `docker import` to load from local files
Add logging driver for GELF via UDP
Allow to copy files from host to containers with `docker cp`
Promote volume drivers from experimental to master
Add rollover log driver, and --log-driver-opts flag
Add memory swappiness tuning options
Remove cgroup read-only flag when privileged
Make /proc, /sys, & /dev readonly for readonly containers
Add cgroup bind mount by default
Overlay: Export metadata for container and image in `docker inspect`
Devicemapper: external device activation
Devicemapper: Compare uuid of base device on startup
Remove RC4 from the list of registry cipher suites
Add syslog-facility option
LXC execdriver compatibility with recent LXC versions
Plugins:
Separate plugin sockets and specs locations
Allow TLS connections to plugins
Bug fixes:
Add missing 'Names' field to /containers/json API output
Make `docker rmi --dangling` safe when pulling
Devicemapper: Change default basesize to 100G
Go Scheduler issue with sync.Mutex and gcc
Fix issue where Search API endpoint would panic due to empty AuthConfig
Set image canonical names correctly
Check dockerinit only if lxc driver is used
Fix ulimit usage of nproc
Always attach STDIN if -i,--interactive is specified
Show error messages when saving container state fails
Fixed incorrect assumption on --bridge=none treated as disable network
Check for invalid port specifications in host configuration
Fix endpoint leave failure for --net=host mode
Fix goroutine leak in the stats API if the container is not running
Check for apparmor file before reading it
Fix DOCKER_TLS_VERIFY being ignored
Set umask to the default on startup
Correct the message of pause and unpause a non-running container
Adjust disallowed CpuShares in container creation
ZFS: correctly apply selinux context
Display empty string instead of when IP opt is nil
`docker kill` returns error when container is not running
Fix COPY/ADD quoted/json form
Fix goroutine leak on logs -f with no output
Remove panic in nat package on invalid hostport
Fix container linking in Fedora 22
Fix error caused using default gateways outside of the allocated range

New in Docker 1.7.1 (Jul 15, 2015)

New in Docker 1.7.0 (Jun 21, 2015)

New in Docker 1.6.2 (May 14, 2015)

New in Docker 1.6.1 (May 9, 2015)

New in Docker 1.6.0 (Apr 19, 2015)

New in Docker 1.5.0 (Feb 10, 2015)

Builder:
Dockerfile to use for a given docker build can be specified with the -f flag
Dockerfile and .dockerignore files can be themselves excluded as part of the .dockerignore file, thus preventing modifications to these files invalidating ADD or COPY instructions cache
ADD and COPY instructions accept relative paths
Dockerfile FROM scratch instruction is now interpreted as a no-base specifier
Improve performance when exposing a large number of ports
Hack:
Allow client-side only integration tests for Windows
Include docker-py integration tests against Docker daemon as part of our test suites
Packaging:
Support for the new version of the registry HTTP API
Speed up docker push for images with a majority of already existing layers
Fixed contacting a private registry through a proxy
Remote API:
A new endpoint will stream live container resource metrics and can be accessed with the docker stats command
Containers can be renamed using the new rename endpoint and the associated docker rename command
Container inspect endpoint show the ID of exec commands running in this container
Container inspect endpoint show the number of times Docker auto-restarted the container
New types of event can be streamed by the events endpoint: ‘OOM’ (container died with out of memory), ‘exec_create’, and ‘exec_start'
Fixed returned string fields which hold numeric characters incorrectly omitting surrounding double quotes
Runtime:
Docker daemon has full IPv6 support
The docker run command can take the --pid=host flag to use the host PID namespace, which makes it possible for example to debug host processes using containerized debugging tools
The docker run command can take the --read-only flag to make the container’s root filesystem mounted as readonly, which can be used in combination with volumes to force a container’s processes to only write to locations that will be persisted
Container total memory usage can be limited for docker run using the —memory-swap flag
Major stability improvements for devicemapper storage driver
Better integration with host system: containers will reflect changes to the host's /etc/resolv.conf file when restarted
Better integration with host system: per-container iptable rules are moved to the DOCKER chain
Fixed container exiting on out of memory to return an invalid exit code
Other:
The HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables are properly taken into account by the client when connecting to the Docker daemon

New in Docker 1.4.1 (Dec 19, 2014)

New in Docker 1.4.0 (Dec 13, 2014)

New in Docker 1.3.3 (Dec 11, 2014)

New in Docker 1.3.2 (Nov 25, 2014)

New in Docker 1.3.0 (Oct 16, 2014)

New in Docker 1.2.0 (Oct 13, 2014)

New in Docker 0.8.0 (Feb 6, 2014)

Images and containers can be removed much faster
Building an image from source with docker build is now much faster
The Docker daemon starts and stops much faster
The memory footprint of many common operations has been reduced, by streaming files instead of buffering them in memory, fixing memory leaks, and fixing various suboptimal memory allocations
Several race conditions were fixed, making Docker more stable under very high concurrency load. This makes Docker more stable and less likely to crash and reduces the memory footprint of many common operations
All packaging operations are now built on the Go language’s standard tar implementation, which is bundled with Docker itself. This makes packaging more portable across host distributions, and solves several issues caused by quirks and incompatibilities between different distributions of tar
Docker can now create, remove and modify larger numbers of containers and images graciously thanks to more aggressive releasing of system resources. For example the storage driver API now allows Docker to do reference counting on mounts created by the drivers With the ongoing changes to the networking and execution subsystems of docker testing these areas have been a focus of the refactoring. By moving these subsystems into separate packages we can test, analyze, and monitor coverage and quality of these packages
Many components have been separated into smaller sub-packages, each with a dedicated test suite. As a result the code is better-tested, more readable and easier to change
The ADD instruction now supports caching, which avoids unnecessarily re-uploading the same source content again and again when it hasn’t changed
The new ONBUILD instruction adds to your image a “trigger” instruction to be executed at a later time, when the image is used as the base for another build
Docker now ships with an experimental storage driver which uses the BTRFS filesystem for copy-on-write
Docker is officially supported on Mac OSX
The Docker daemon supports systemd socket activation

New in Docker 0.7.6 (Jan 16, 2014)

New in Docker 0.7.5 (Jan 13, 2014)

New in Docker 0.7.4 (Jan 9, 2014)

New in Docker 0.7.3 (Jan 4, 2014)

Builder:
Update ADD to use the image cache, based on a hash of the added content
Add error message for empty Dockerfile
Documentation:
Fix outdated link to the "Introduction" on www.docker.io
Update the docs to get wider when the screen does
Add information about needing to install LXC when using raw binaries
Update Fedora documentation to disentangle the docker and docker.io conflict
Add a note about using the new -mtu flag in several GCE zones
Add FrugalWare installation instructions
Add a more complete example of docker run
Fix API documentation for creating and starting Privileged containers
Add missing "name" parameter documentation on "/containers/create"
Add a mention of lxc-checkconfig as a way to check for some of the necessary kernel configuration
Update the 1.8 API documentation with some additions that were added to the docs for 1.7
Hack:
Add missing libdevmapper dependency to the packagers documentation
Update minimum Go requirement to a hard line at Go 1.2+
Many minor improvements to the Vagrantfile
Add ability to customize dockerinit search locations when compiling (to be used very sparingly only by packagers of platforms who require a nonstandard location)
Add coverprofile generation reporting
Add -a to our Go build flags, removing the need for recompiling the stdlib manually
Update Dockerfile to be more canonical and have less spurious warnings during build
Fix some miscellaneous docker pull progress bar display issues
Migrate more miscellaneous packages under the "pkg" folder
Update TextMate highlighting to automatically be enabled for files named "Dockerfile"
Reorganize syntax highlighting files under a common "contrib/syntax" directory
Update install.sh script (https://get.docker.io/) to not fail if busybox fails to download or run at the end of the Ubuntu/Debian installation
Add support for container names in bash completion
Packaging:
Add an official Docker client binary for Darwin (Mac OS X)
Remove empty "Vendor" string and added "License" on deb package
Add a stubbed version of "/etc/default/docker" in the deb package
Runtime:
Update layer application to extract tars in place, avoiding file churn while handling whiteouts
Fix permissiveness of mtime comparisons in tar handling (since GNU tar and Go tar do not yet support sub-second mtime precision)
Reimplement docker top in pure Go to work more consistently, and even inside Docker-in-Docker (thus removing the shell injection vulnerability present in some versions of lxc-ps)
Update -H unix:// to work similarly to -H tcp:// by inserting the default values for missing portions
Fix more edge cases regarding dockerinit and deleted or replaced docker or dockerinit files
Update container name validation to include '.'
Fix use of a symlink or non-absolute path as the argument to -g to work as expected
Update to handle external mounts outside of LXC, fixing many small mounting quirks and making future execution backends and other features simpler
Update to use proper box-drawing characters everywhere in docker images -tree
Move MTU setting from LXC configuration to directly use netlink
Add -S option to external tar invocation for more efficient spare file handling
Add arch/os info to User-Agent string, especially for registry requests
Add -mtu option to Docker daemon for configuring MTU
Fix docker build to exit with a non-zero exit code on error
Add DOCKER_HOST environment variable to configure the client -H flag without specifying it manually for every invocation

Docker Changelog

What's new in Docker 17.05.0

New in Docker 1.13.1 (Feb 8, 2017)

New in Docker 1.13.0 (Jan 20, 2017)

New in Docker 1.13.0 RC2 (Nov 28, 2016)

New in Docker 1.13.0 RC1 (Nov 13, 2016)

New in Docker 1.12.3 (Oct 28, 2016)

New in Docker 1.12.2 (Oct 17, 2016)

New in Docker 1.12.2 RC2 (Oct 5, 2016)

New in Docker 1.12.2 RC1 (Sep 28, 2016)

New in Docker 1.12.1 (Sep 9, 2016)

New in Docker 1.12.0 (Jul 30, 2016)

New in Docker 1.11.1 (May 17, 2016)

New in Docker 1.11.0 (Apr 13, 2016)

New in Docker 1.10.2 (Feb 23, 2016)

New in Docker 1.10.0 (Feb 4, 2016)

New in Docker 1.10.0 RC1 (Jan 16, 2016)

New in Docker 1.9.1 (Nov 23, 2015)

New in Docker 1.9.0 (Nov 8, 2015)

New in Docker 1.9.0 RC1 (Oct 15, 2015)

New in Docker 1.8.3 (Oct 15, 2015)

New in Docker 1.8.2 (Sep 12, 2015)

New in Docker 1.8.0 RC1 (Jul 27, 2015)

New in Docker 1.7.1 (Jul 15, 2015)

New in Docker 1.7.0 (Jun 21, 2015)

New in Docker 1.6.2 (May 14, 2015)

New in Docker 1.6.1 (May 9, 2015)

New in Docker 1.6.0 (Apr 19, 2015)

New in Docker 1.5.0 (Feb 10, 2015)

New in Docker 1.4.1 (Dec 19, 2014)

New in Docker 1.4.0 (Dec 13, 2014)

New in Docker 1.3.3 (Dec 11, 2014)

New in Docker 1.3.2 (Nov 25, 2014)

New in Docker 1.3.0 (Oct 16, 2014)

New in Docker 1.2.0 (Oct 13, 2014)

New in Docker 0.8.0 (Feb 6, 2014)

New in Docker 0.7.6 (Jan 16, 2014)

New in Docker 0.7.5 (Jan 13, 2014)

New in Docker 0.7.4 (Jan 9, 2014)

New in Docker 0.7.3 (Jan 4, 2014)

New in Docker 0.7.2 (Dec 17, 2013)

New in Docker 0.7.1 (Dec 7, 2013)

New in Docker 0.7.0 (Dec 5, 2013)