29.2.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 29.2.1 milestone
• moby/moby, 29.2.1 milestone

Bug fixes and enhancements

• Update BuildKit to v0.27.1. moby/moby#51962
• Fix docker system df failing when run concurrently with docker system prune. moby/moby#51979
• Fix daemon handling of duplicate container exit events to avoid repeated cleanup and state transitions. moby/moby#51925
• Fix panic after failed daemon initialization. moby/moby#51943
• Fix encrypted overlay networks not passing traffic to containers on v28 and older Engines. Encrypted overlay networks will no longer pass traffic to containers on v29.2.0 thru v29.0.0, v28.2.2, v25.0.14 or v25.0.13. moby/moby#51951
• Fix potential panic on docker network prune. moby/moby#51966

29.2.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 29.2.0 milestone
• moby/moby, 29.2.0 milestone

New

• docker info now includes NRI section. docker/cli#6710
• Add experimental NRI support. moby/moby#51711, moby/moby#51712, moby/moby#51675, moby/moby#51674, moby/moby#51636, moby/moby#51634
• New Identity field has been added to the inspect endpoint to show trusted origin information about the image. This includes build ref for locally built images, remote registry repository for pulled images, and verified signature information for images that contain a valid signed provenance attestation. moby/moby#51737

Bug fixes and enhancements

• Improve validation of --detach-keys command-line options. docker/cli#6742
• Prevent a potential panic on daemon shutdown after an incomplete initialization. moby/moby#51797
• Remove restriction on anonymous read-only volumes. moby/moby#51682
• The --validate flag on dockerd now also verifies system requirements, allowing for system requirements to be checked before starting the daemon. moby/moby#51868
• Handle --gpus requests for NVIDIA devices using CDI if possible. moby/moby#50228

Packaging updates

• Update BuildKit to v0.27.0. moby/moby#51886
• Update containerd (static binaries only) to v2.2.1. moby/moby#51765

Rootless

• Rootless: Consider $XDG_CONFIG_HOME/cdi and $XDG_RUNTIME_DIR/cdi when looking for CDI devices. moby/moby#51624
• Update RootlessKit to v2.3.6. moby/moby#51757

API

• Natively support gRPC on the listening socket. moby/moby#50744

Go SDK

• cli/command: add WithAPIClientOptions option. docker/cli#6740

Deprecations

• Remove %PROGRAMDATA%\Docker\cli-plugins from the list of paths used for CLI plugins on Windows. This path was present for backward compatibility with old installation, but replaced by %ProgramFiles%\Docker\cli-plugins. docker/cli#6713

client/v0.2.2

Bug fixes and enhancements

• GET /events now also supports application/jsonl when negotiating content-type. moby/moby#51668
• The http.Client value passed to client.WithHTTPClient() is now copied rather than mutated in-place. moby/moby#51817

API

• Update MaxAPIVersion to 1.53. moby/moby#51725

Deprecations

• client: ContainerListOptions: deprecate Since, Before, and Latest fields. moby/moby#51908

api/v1.53.0

New

• GET /info now includes an NRI field. If the Node Resource Interface (NRI) is enabled, this field contains information describing it. moby/moby#51713
• New Identity field has been added to the inspect endpoint to show trusted origin information about the image. This includes build ref for locally built images, remote registry repository for pulled images, and verified signature information for images that contain a valid signed provenance attestation. moby/moby#51737

Bug fixes and enhancements

• GET /events now also supports application/jsonl when negotiating content-type. moby/moby#51668
• Explicitly reject multiple AuthConfig values being passed instead of ignoring them silently. moby/moby#51919
• Fix some empty fields not being omitted in API responses. moby/moby#51932
• Update MaxAPIVersion to 1.53. moby/moby#51725

Deprecations

• POST /grpc and POST /sessions are deprecated and will be removed in future. moby/moby#51721

29.2.0-rc.2

For a full list of changes from the last release candidate refer to the diff:

• moby/moby, 29.2.0-rc.1...29.2.0-rc.2
• docker/cli, 29.2.0-rc.1...29.2.0-rc.2

New

• GET /info now includes an NRI field. If the Node Resource Interface (NRI) is enabled, this field contains information describing it. moby/moby#51713
• New Identity field has been added to the inspect endpoint to show trusted origin information about the image. This includes build ref for locally built images, remote registry repository for pulled images, and verified signature information for images that contain a valid signed provenance attestation. moby/moby#51737

Bug fixes and enhancements

• Improve validation of --detach-keys command-line options. docker/cli#6742
• Prevent a potential panic on daemon shutdown after an incomplete initialization. moby/moby#51797
• Remove restriction on anonymous read-only volumes. moby/moby#51682

Packaging updates

• Update BuildKit to v0.27.0-rc2. moby/moby#51864
• Update containerd (static binaries only) to v2.2.1. moby/moby#51765

Rootless

• Update RootlessKit to v2.3.6. moby/moby#51757

Go SDK

• cli/command: add WithAPIClientOptions option. docker/cli#6740

Deprecations

• Remove %PROGRAMDATA%\Docker\cli-plugins from the list of paths used for CLI plugins on Windows. This path was present for backward compatibility with old installation, but replaced by %ProgramFiles%\Docker\cli-plugins. docker/cli#6713

29.1.5

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 29.1.5 milestone
• moby/moby, 29.1.5 milestone

Packaging updates

• Update Go runtime to 1.25.6. moby/moby#51860, docker/cli#6750

Networking

• Fixed a regression where established network connections could be disrupted during a container's shutdown grace period. moby/moby#51843

29.1.4

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 29.1.4 milestone
• moby/moby, 29.1.4 milestone

Bug fixes and enhancements

• Fix docker run --network none panic on Windows. moby/moby#51830
• Fix image mounts failing with "file name too long" for long mount paths. moby/moby#51829
• Fix potential creation of orphaned overlay2 layers. moby/moby#51826, moby/moby#51824

Packaging updates

• Update BuildKit to v0.26.3. moby/moby#51821

29.2.0-rc.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 29.2.0 milestone
• moby/moby, 29.2.0 milestone

New

• docker info now includes NRI section. docker/cli#6710
• Add experimental NRI support. moby/moby#51711, moby/moby#51712, moby/moby#51675, moby/moby#51674, moby/moby#51636, moby/moby#51634

Packaging updates

• Update BuildKit to v0.26.3. moby/moby#51740

Rootless

• Rootless: Consider $XDG_CONFIG_HOME/cdi and $XDG_RUNTIME_DIR/cdi when looking for CDI devices. moby/moby#51624

API

• Natively support gRPC on the listening socket. moby/moby#50744

29.1.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 29.1.3 milestone
• moby/moby, 29.1.3 milestone

Bug fixes and enhancements

• Add shell completion for docker stack deploy --compose-file. docker/cli#6690
• containerd image store: Fix a bug causing docker build to ignore the explicitly set unpack image exporter option. moby/moby#51514
• Fix docker image ls dangling image handling. docker/cli#6704
• Fix a bug that could cause the Engine to leave containers with autoremove set in 'dead' state on shutdown, and never reclaim them. moby/moby#51693
• Fix build on i386. moby/moby#51528
• Fix explicit graphdriver configuration ("storage-driver") being treated as containerd snapshotter when prior graphdriver state exists. moby/moby#51516
• Fix potential creation of orphaned overlay2 layers. moby/moby#51703

Networking

• Allow creation of a container with a specific IP address when its networks were not configured with a specific subnet. moby/moby#51583
• Don't crash when starting a container created via the API before upgrade to v29.1.2, with PublishAll and a nil PortBindings map. moby/moby#51691
• Fix a bug preventing DNS resolution of containers attached to non swarm-scoped networks once the node has joined a Swarm cluster. moby/moby#51515
• Fix an issue that caused daemon crash when using a remote network driver plugin. moby/moby#51558
• Fix an issue that could lead to an "endpoint not found" error when creating a container with multiple network connections, when one of the networks is non-internal but does not have its own external IP connectivity. moby/moby#51538
• Fix an issue that prevented rootless Docker from starting on a host with IPv6 disabled. moby/moby#51543
• Return an error when a container is created with a port-mapping pointing to container port 0. moby/moby#51695

29.1.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 29.1.2 milestone
• moby/moby, 29.1.2 milestone

Security

• Update Go runtime to 1.25.5. moby/moby#51648, docker/cli#6688
  • Fixes a potential DoS via excessive resource usage when formatting hostname validation errors CVE-2025-61729
  • Fixes incorrect enforcement of excluded subdomain constraints for wildcard SANs, which could allow improperly trusted certificates CVE-2025-61727

Bug fixes and enhancements

• containerd image store: Fix docker image inspect failing to return available image data in case where not all distributable blobs are available locally. moby/moby#51629
• dockerd-rootless-setuptool.sh: fix nsenter: no namespace specified. moby/moby#51622
• Fix docker system df showing N/A for shared size and unique size when using graph-drivers as storage. moby/moby#51631

Packaging updates

• Update runc (in static binaries) to v1.3.4. moby/moby#51633

Networking

• Fix a bug preventing port mappings in rootless mode when slirp4netns is used. moby/moby#51616
• Prevent a crash when making an API request with HostConfig.PublishAllPorts set (-P), and no port bindings. moby/moby#51621