Skip to content

Commit 3eef0f5

Browse files
thaJeztahthaJeztah
authored
Merge pull request #24526 from vvoland/update-docker
engine: 29.3.1
2 parents 2eee937 + 2927267 commit 3eef0f5

File tree

1 file changed

+39
-0
lines changed
  • content/manuals/engine/release-notes

1 file changed

+39
-0
lines changed

content/manuals/engine/release-notes/29.md

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,45 @@ For more information about:
2222
- Deprecated and removed features, see [Deprecated Engine Features](../deprecated.md).
2323
- Changes to the Engine API, see [Engine API version history](/reference/api/engine/version-history/).
2424

25+
## 29.3.1
26+
27+
{{< release-date date="2026-03-25" >}}
28+
29+
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
30+
31+
- [docker/cli, 29.3.1 milestone](https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A29.3.1)
32+
- [moby/moby, 29.3.1 milestone](https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A29.3.1)
33+
34+
### Security
35+
36+
This release includes fixes for multiple security vulnerabilities affecting Docker Engine and related components.
37+
38+
- **CVE-2026-34040** Fix an authorization bypass in AuthZ plugins that could allow authorization plugins to be bypassed under specific conditions.
39+
[GHSA-x744-4wpc-v9h2](https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2)
40+
41+
- **CVE-2026-33997** Fix a flaw in `docker plugin install` where privilege validation could be partially bypassed, potentially leading to unauthorized privilege escalation.
42+
[GHSA-pxq6-2prw-chj9](https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9)
43+
44+
- **CVE-2026-33748** Fix insufficient validation of Git URL `#ref:subdir` fragments in BuildKit, which could allow access to files outside the intended repository scope.
45+
[GHSA-4vrq-3vrq-g6gg](https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg)
46+
47+
- **CVE-2026-33747** Fix a vulnerability in BuildKit where an untrusted frontend could cause files to be written outside the BuildKit state directory.
48+
[GHSA-3c29-8rgm-jvjj](https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj)
49+
50+
### Bug fixes and enhancements
51+
52+
- Fix a daemon crash during docker build if `.dockerignore` contained an invalid pattern. [moby/moby#52214](https://github.com/moby/moby/pull/52214)
53+
- Fix a panic when the containerd client uses a closed stream. [moby/moby#52211](https://github.com/moby/moby/pull/52211)
54+
55+
### Packaging updates
56+
57+
- Update containerd (static binaries) to [v2.2.2](https://github.com/containerd/containerd/releases/tag/v2.2.2). [moby/moby#52213](https://github.com/moby/moby/pull/52213)
58+
- Update Go runtime to [1.25.8](https://go.dev/doc/devel/release#go1.25.8). [moby/moby#52210](https://github.com/moby/moby/pull/52210), [docker/cli#6883](https://github.com/docker/cli/pull/6883)
59+
60+
### Go SDK
61+
62+
- Add missing build-tag, which could cause `cannot range over 10 (untyped int constant)` when importing the `cli/command` package. [docker/cli#6884](https://github.com/docker/cli/pull/6884)
63+
2564
## 29.3.0
2665

2766
{{< release-date date="2026-03-05" >}}

0 commit comments

Comments
 (0)