- Added a new I/O threading implementation and an improved replication mechanism, boosting throughput on multi‑core systems
- Included security patches for CVE‑2024‑46981 and CVE‑2024‑51741 along with multiple bug fixes and performance optimizations
- Released Alpine/Debian Docker images and Snap/Homebrew packages, plus new INFO metrics and extended Modules API
Docker changelog digest
Jan 20 - Jan 26, 2025. Useful releases, risky migrations, and noisy updates from the Docker channel.
No matching updates in this bucket.
Docker updates in 2025-w04
- Fixed HTTP/2 memory leak on premature connection close and addressed ERR_PROTO issues (CVE‑2025‑23085).
- Patched path traversal vulnerability in normalize() on Windows (CVE‑2025‑23084).
- Updated undici to v5.28.5, mitigating insufficient randomness in fetch() (CVE‑2025‑22150).
- Fix multiple CVEs: internal worker permission check (CVE‑2025‑23083), HTTP/2 memory leak and ERR_PROTO (CVE‑2025‑23085), and Windows path traversal in normalize() (CVE‑2025‑23084)
- Update undici to v6.21.1 addressing CVE‑2025‑22150 (insufficiently random values in fetch)
- Apply related patches to src, loader, permission, and path modules
- Throw on InternalWorker usage when permission model is enabled (CVE‑2025‑23083)
- Fix HTTP/2 memory leak on premature close and ERR_PROTO (CVE‑2025‑23085)
- Patch path traversal in normalize() on Windows and update undici to v6.21.1 (CVE‑2025‑23084, CVE‑2025‑22150)
- Added permission check that throws on InternalWorker usage when the permission model is enabled (CVE‑2025‑23083).
- Patched HTTP/2 memory leak and ERR_PROTO handling, and fixed path traversal in normalize() on Windows (CVE‑2025‑23085, CVE‑2025‑23084).
- Updated undici to v6.21.1, addressing CVE‑2025‑22150 (insufficiently random values).