Sourced from github.com/docker/docker's releases.

28.2.1

Packaging updates

• Fix packaging regression in v28.2.0 which broke creating the docker group/user on a fresh installations. docker-ce-packaging#1209

28.2.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.2.0 milestone
• moby/moby, 28.2.0 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

[!NOTE] RHEL packages are currently not available and will be released later.

New

• Add {{.Platform}} as formatting option for docker ps to show the platform of the image the container is running. docker/cli#6042
• Add support for relative parent paths (../) on bind mount sources when using docker run/create with -v/--volume or --mount type=bind options. docker/cli#4966
• CDI is now enabled by default. moby/moby#49963
• Show discovered CDI devices in docker info. docker/cli#6078
• docker image rm: add --platform option to remove a variant from multi-platform images. docker/cli#6109
• containerd image store: Initial BuildKit support for building Windows container images on Windows (requires an opt-in with DOCKER_BUILDKIT=1). moby/moby#49740

Bug fixes and enhancements

• Add a new log option for fluentd log driver (fluentd-write-timeout), which enables specifying write timeouts for fluentd connections. moby/moby#49911
• Add support for DOCKER_AUTH_CONFIG for the experimental --use-api-socket option. docker/cli#6019
• Fix docker exec waiting for 10 seconds if a non-existing user or group was specified. moby/moby#49868
• Fix docker swarm init ignoring cacert option of --external-ca. docker/cli#5995
• Fix an issue where the CLI would not correctly save the configuration file (~/.docker/config.json) if it was a relative symbolic link. docker/cli#5282
• Fix containers with --restart always policy using CDI devices failing to start on daemon restart. moby/moby#49990
• Fix shell-completion to only complete some flags once, even though they can be set multiple times. docker/cli#6030
• Fix the plugin does not implement PluginAddr interface error for Swarm CSI drivers. moby/moby#49961
• Improve docker login error messages for invalid options. docker/cli#6036
• Make sure the terminal state is restored if the CLI is forcefully terminated. docker/cli#6058
• Update the default seccomp profile to match the libseccomp v2.6.0. The new syscalls are: listmount, statmount, lsm_get_self_attr, lsm_list_modules, lsm_set_self_attr, mseal, uretprobe, riscv_hwprobe, getxattrat, listxattrat, removexattrat, and setxattrat. This prevents containers from receiving EPERM errors when using them. moby/moby#50077
• docker inspect: add shell completion, improve flag-description for --type and improve validation. docker/cli#6052
• containerd image store: Enable BuildKit garbage collector by default. moby/moby#49899
• containerd image store: Fix docker build not persisting overridden images as dangling. moby/moby#49702
• containerd image store: Fix docker system df reporting a negative reclaimable space amount. moby/moby#49707
• containerd image store: Fix duplicate PUT requests when pushing a multi-platform image. moby/moby#49949

Packaging updates

• Drop Ubuntu 20.04 "Focal" packages as it reached end of life. docker/docker-ce-packaging#1200
• Fix install location for RPM-based docker-ce man-pages. docker/docker-ce-packaging#1203

... (truncated)

• 0e2cc22 Merge pull request #50049 from robmry/nftables_env_var_enable
• e37efd4 Merge pull request #50068 from mmorel-35/github.com/containerd/errdefs
• 1d6b471 Merge pull request #50092 from thaJeztah/bump_dev_cli
• 5cc94a5 Merge pull request #50094 from thaJeztah/rm_non_compliant_registry_fallback
• 8330a08 Merge pull request #50097 from vvoland/seccomp-lsm
• 148a19b seccomp: Require CAP_SYS_ADMIN for lsm_* syscalls
• 0ab8108 seccomp: Fix typo in lsm_set_self_attr
• 21a165d Use env-var DOCKER_FIREWALL_BACKEND=nftables to enable nftables
• 637e814 clean up golangci-lint config for deprectated errdefs.*
• 37caf38 volume: replace uses of errdefs package
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)