Skip to content

Commit 290a947

Browse files
vvolandvvoland
committed
engine: 28.5.2
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
1 parent a67aed7 commit 290a947

File tree

1 file changed

+32
-0
lines changed
  • content/manuals/engine/release-notes

1 file changed

+32
-0
lines changed

content/manuals/engine/release-notes/28.md

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,38 @@ For more information about:
2727
- Deprecated and removed features, see [Deprecated Engine Features](../deprecated.md).
2828
- Changes to the Engine API, see [Engine API version history](/reference/api/engine/version-history.md).
2929

30+
## 28.5.2
31+
32+
{{< release-date date="2025-11-05" >}}
33+
34+
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
35+
36+
- [docker/cli, 28.5.2 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.5.2)
37+
- [moby/moby, 28.5.2 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.5.2)
38+
39+
40+
> [!CAUTION]
41+
> This release contains fixes for three high-severity security vulnerabilities in runc:
42+
> - [CVE-2025-31133](https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2)
43+
> - [CVE-2025-52565](https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r)
44+
> - [CVE-2025-52881](https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm)
45+
> All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary `/proc` files.
46+
47+
### Packaging updates
48+
- Update runc to [v1.3.3](https://github.com/opencontainers/runc/releases/tag/v1.3.3). [moby/moby#51394](https://github.com/moby/moby/pull/51394)
49+
50+
### Bug fixes and enhancements
51+
52+
- dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt). [moby/moby#51162](https://github.com/moby/moby/pull/51162)
53+
- Update Go runtime to [1.24.9](https://go.dev/doc/devel/release#go1.24.9). [moby/moby#51387](https://github.com/moby/moby/pull/51387), [docker/cli#6613](https://github.com/docker/cli/pull/6613)
54+
55+
### Deprecations
56+
57+
- Go-SDK: cli/command/image/build: deprecate `DefaultDockerfileName`, `DetectArchiveReader`, `WriteTempDockerfile`, `ResolveAndValidateContextPath`. These utilities were only used internally and will be removed in the next release. [docker/cli#6610](https://github.com/docker/cli/pull/6610)
58+
- Go-SDK: cli/command/image/build: deprecate IsArchive utility. [docker/cli#6560](https://github.com/docker/cli/pull/6560)
59+
- Go-SDK: opts: deprecate `ValidateMACAddress`. [docker/cli#6560](https://github.com/docker/cli/pull/6560)
60+
- Go-SDK: opts: deprecate ListOpts.Delete(). [docker/cli#6560](https://github.com/docker/cli/pull/6560)
61+
3062
## 28.5.1
3163

3264
{{< release-date date="2025-10-08" >}}

0 commit comments

Comments
 (0)