Skip to content

Commit ba6aa8b

Browse files
vvolandvvoland
committed
engine: 28.5.2
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
1 parent a67aed7 commit ba6aa8b

File tree

1 file changed

+34
-0
lines changed
  • content/manuals/engine/release-notes

1 file changed

+34
-0
lines changed

content/manuals/engine/release-notes/28.md

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,40 @@ For more information about:
2727
- Deprecated and removed features, see [Deprecated Engine Features](../deprecated.md).
2828
- Changes to the Engine API, see [Engine API version history](/reference/api/engine/version-history.md).
2929

30+
## 28.5.2
31+
32+
{{< release-date date="2025-11-05" >}}
33+
34+
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
35+
36+
- [docker/cli, 28.5.2 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.5.2)
37+
- [moby/moby, 28.5.2 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.5.2)
38+
39+
> [!CAUTION]
40+
> This release contains fixes for three high-severity security vulnerabilities in runc:
41+
> - [CVE-2025-31133](https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2)
42+
> - [CVE-2025-52565](https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r)
43+
> - [CVE-2025-52881](https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm)
44+
>
45+
> All three vulnerabilities ultimately allow (through different methods) for full container breakouts by bypassing runc's restrictions for writing to arbitrary `/proc` files.
46+
47+
### Bug fixes and enhancements
48+
49+
- dockerd-rootless.sh: if slirp4netns is not installed, try using pasta (passt). [moby/moby#51162](https://github.com/moby/moby/pull/51162)
50+
51+
### Packaging updates
52+
53+
- Update BuildKit to [v0.25.2](https://github.com/moby/buildkit/releases/tag/v0.25.2). [moby/moby#51398](https://github.com/moby/moby/pull/51398)
54+
- Update Go runtime to [1.24.9](https://go.dev/doc/devel/release#go1.24.9). [moby/moby#51387](https://github.com/moby/moby/pull/51387), [docker/cli#6613](https://github.com/docker/cli/pull/6613)
55+
- Update runc to [v1.3.3](https://github.com/opencontainers/runc/releases/tag/v1.3.3). [moby/moby#51394](https://github.com/moby/moby/pull/51394)
56+
57+
### Deprecations
58+
59+
- Go-SDK: cli/command/image/build: deprecate `DefaultDockerfileName`, `DetectArchiveReader`, `WriteTempDockerfile`, `ResolveAndValidateContextPath`. These utilities were only used internally and will be removed in the next release. [docker/cli#6610](https://github.com/docker/cli/pull/6610)
60+
- Go-SDK: cli/command/image/build: deprecate IsArchive utility. [docker/cli#6560](https://github.com/docker/cli/pull/6560)
61+
- Go-SDK: opts: deprecate `ValidateMACAddress`. [docker/cli#6560](https://github.com/docker/cli/pull/6560)
62+
- Go-SDK: opts: deprecate ListOpts.Delete(). [docker/cli#6560](https://github.com/docker/cli/pull/6560)
63+
3064
## 28.5.1
3165

3266
{{< release-date date="2025-10-08" >}}

0 commit comments

Comments
 (0)