Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: moby/moby
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v28.5.1
Choose a base ref
...
head repository: moby/moby
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v28.5.2
Choose a head ref
  • 14 commits
  • 33 files changed
  • 6 contributors

Commits on Oct 10, 2025

  1. dockerd-rootless.sh: if no slirp4netns, try pasta 

    Signed-off-by: Rob Murray <[email protected]>
(cherry picked from commit 7e63d2a)
Signed-off-by: Paweł Gronowski <[email protected]>
    @robmry @vvoland
    robmry authored and vvoland committed Oct 10, 2025
    Configuration menu
    Copy the full SHA
    f822c9f View commit details
    Browse the repository at this point in the history

  2. dockerd-rootless: default MTU 65520 for slirp4netns 

    When DOCKERD_ROOTLESS_ROOTLESSKIT_MTU is not set, and ...
- DOCKERD_ROOTLESS_ROOTLESSKIT_NET is not set and slirp4netns
  is selected, MTU defaults to 65520.
- DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns, MTU defaults
  to 1500.

Change the logic so that, however slirp4netns is selected, MTU
defaults to 65520.

Signed-off-by: Rob Murray <[email protected]>
(cherry picked from commit a6206f2)
Signed-off-by: Paweł Gronowski <[email protected]>
    @robmry @vvoland
    robmry authored and vvoland committed Oct 10, 2025
    Configuration menu
    Copy the full SHA
    df58dd5 View commit details
    Browse the repository at this point in the history

  3. Merge pull request #51162 from vvoland/51149-28.x 

    [28.x backport] dockerd-rootless.sh: if no slirp4netns, try pasta
    @thaJeztah
    thaJeztah authored Oct 10, 2025
    Configuration menu
    Copy the full SHA
    b651c09 View commit details
    Browse the repository at this point in the history

Commits on Nov 4, 2025

  1. update to go1.24.9 

    go1.24.9 (released 2025-10-13) includes fixes to the crypto/x509 package.
See the Go 1.24.9 milestone on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.24.9+label%3ACherryPickApproved
- full diff: golang/go@go1.24.8...go1.24.9

Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 4, 2025
    Configuration menu
    Copy the full SHA
    d24eab9 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #51387 from thaJeztah/28.x_bump_go 

    [28.x] update to go1.24.9
    @thaJeztah
    thaJeztah authored Nov 4, 2025
    Configuration menu
    Copy the full SHA
    4489660 View commit details
    Browse the repository at this point in the history

Commits on Nov 5, 2025

  1. Dockerfile: update runc binary to v1.3.3 

    Update the version used in CI and for the static binaries.

- release notes: https://github.com/opencontainers/runc/releases/tag/v1.3.3
- full diff: opencontainers/runc@v1.3.2...v1.3.3

This release contains fixes for three high-severity security
vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, and
CVE-2025-52881). All three vulnerabilities ultimately allow (through
different methods) for full container breakouts by bypassing runc's
restrictions for writing to arbitrary /proc files.

Signed-off-by: Paweł Gronowski <[email protected]>
(cherry picked from commit 35f6a78)
Signed-off-by: Paweł Gronowski <[email protected]>
    @vvoland
    vvoland committed Nov 5, 2025
    Configuration menu
    Copy the full SHA
    1967515 View commit details
    Browse the repository at this point in the history

  2. integration-cli: Adjust nofile limits 

    runc v1.3.3 needs more file descriptors now.

Signed-off-by: Paweł Gronowski <[email protected]>
    @vvoland
    vvoland committed Nov 5, 2025
    Configuration menu
    Copy the full SHA
    bd98008 View commit details
    Browse the repository at this point in the history

  3. dockerd-rootless.sh: reject DOCKERD_ROOTLESS_ROOTLESSKIT_NET=host 

    `rootlesskit --net=host` does not work with Docker.

Alternative ways to run Rootless Docker without the network overhead:
- Use https://github.com/rootless-containers/bypass4netns
- Or, use `docker run --net=host` with a PR 47103 (WIP)

See issue 51363

Signed-off-by: Akihiro Suda <[email protected]>
(cherry picked from commit 76b1d30)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @AkihiroSuda @thaJeztah
    AkihiroSuda authored and thaJeztah committed Nov 5, 2025
    Configuration menu
    Copy the full SHA
    2fbc51b View commit details
    Browse the repository at this point in the history

  4. api/docs: remove BuildCache.Parent field for API v1.42 and up 

    The BuildCache.Parent field was removed in API v1.42 in [e0db820].
While we had to keep the Go struct field around to backfil the field for
older API versions, it's no longer part of API v1.42 and up (using the
"omitempty" is just an implementation detail).

This patch corrects the swagger files to match this.

[e0db820]: e0db820

Signed-off-by: Sebastiaan van Stijn <[email protected]>
(cherry picked from commit a5d9619)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
    @thaJeztah
    thaJeztah committed Nov 5, 2025
    Configuration menu
    Copy the full SHA
    d525277 View commit details
    Browse the repository at this point in the history

  5. Merge pull request #51394 from vvoland/51393-28.x 

    [28.x backport] Dockerfile: update runc binary to v1.3.3
    @thaJeztah
    thaJeztah authored Nov 5, 2025
    Configuration menu
    Copy the full SHA
    33cc06f View commit details
    Browse the repository at this point in the history

  6. vendor: github.com/moby/buildkit v0.25.2 

    full diff: moby/buildkit@v0.25.1...v0.25.2

Signed-off-by: Paweł Gronowski <[email protected]>
(cherry picked from commit 39f2dbf)
Signed-off-by: Paweł Gronowski <[email protected]>
    @vvoland
    vvoland committed Nov 5, 2025
    Configuration menu
    Copy the full SHA
    0cae4e5 View commit details
    Browse the repository at this point in the history

  7. Merge pull request #51398 from vvoland/51397-28.x 

    [28.x backport] vendor: github.com/moby/buildkit v0.25.2
    @vvoland
    vvoland authored Nov 5, 2025
    Configuration menu
    Copy the full SHA
    6178456 View commit details
    Browse the repository at this point in the history

  8. Merge pull request #51395 from thaJeztah/28.x_backport_rootless_reject 

    [28.x backport] dockerd-rootless.sh: reject DOCKERD_ROOTLESS_ROOTLESSKIT_NET=host
    @austinvazquez
    austinvazquez authored Nov 5, 2025
    Configuration menu
    Copy the full SHA
    9b93878 View commit details
    Browse the repository at this point in the history

  9. Merge pull request #51396 from thaJeztah/28.x_backport_api_docs 

    [28.x backport] api/docs: remove BuildCache.Parent field for API v1.42 and up
    @vvoland
    vvoland authored Nov 5, 2025
    Configuration menu
    Copy the full SHA
    89c5e8f View commit details
    Browse the repository at this point in the history
Loading