Changes.Watch
Digest
weekly changelog digest

Docker changelog digest

Mar 23 - Mar 29, 2026. Useful releases, risky migrations, and noisy updates from the Docker channel.

DockerGitHubNode.jsPostgreSQLRedis

Most useful

2026-03-24, Version 25.8.2 (Current), @RafaelGSS2026-03-24, Version 24.14.1 'Krypton' (LTS), @RafaelGSS prepared by @juanarbol2026-03-24, Version 22.22.2 'Jod' (LTS), @RafaelGSS prepared by @aduh952026-03-24, Version 20.20.2 'Iron' (LTS), @marco-ippolito8.6.2

Most risky

2026-03-24, Version 25.8.2 (Current), @RafaelGSS2026-03-24, Version 24.14.1 'Krypton' (LTS), @RafaelGSS prepared by @juanarbol2026-03-24, Version 22.22.2 'Jod' (LTS), @RafaelGSS prepared by @aduh952026-03-24, Version 20.20.2 'Iron' (LTS), @marco-ippolito8.6.2

Noise filtered

No matching updates in this bucket.

all updates

Docker updates in 2026-w13

5 updates
Node.jsUsefulAI-assisted summary

2026-03-24, Version 25.8.2 (Current), @RafaelGSS

score 0
  • +Wrapped SNICallback in try/catch and added timing‑safe HMAC/KMAC comparisons, null‑prototype header objects, and permission checks for pipe, realpath.native, and fs/promises to address several high‑severity CVEs
  • ~Fixed URL handling crashes, NGHTTP2 flow‑control errors, and added tests for array‑index hash collisions
  • ~Updated dependencies: Undici to 7.24.4, npm to 11.11.1, and V8 depot tools version
Security-relevantsecurityminorsource failing
Source
Node.jsUsefulAI-assisted summary

2026-03-24, Version 24.14.1 'Krypton' (LTS), @RafaelGSS prepared by @juanarbol

score 0
  • ~Fix multiple high‑ and medium‑severity CVEs (e.g., null‑prototype headers, SNICallback try/catch, array index hash collision, timing‑safe crypto comparisons, NGHTTP2 flow‑control handling, URL format crash, permission checks for fs.promi...
  • ~Update core dependencies: undici to 7.24.4, npm to 11.11.0, and backport several V8 fixes
  • +Add permission checks in lib/fs/promises and realpath.native to harden file‑system APIs
Security-relevantsecuritybugfixsource failing
Source
Node.jsUsefulAI-assisted summary

2026-03-24, Version 22.22.2 'Jod' (LTS), @RafaelGSS prepared by @aduh95

score 0
  • +Wrap SNICallback invocation in a try/catch to mitigate crashes (CVE‑2026‑21637).
  • +Use null‑prototype objects for headersDistinct/trailersDistinct and timing‑safe HMAC comparison, and add permission checks to realpath.native and fs/promises (CVE‑2026‑21710, ‑21713, ‑21715, ‑21716).
  • +Handle NGHTTP2 ERR_FLOW_CONTROL error code and address array index hash collision (CVE‑2026‑21714, ‑21717).
Security-relevantsecuritybugfixsource failing
Source
Node.jsUsefulAI-assisted summary

2026-03-24, Version 20.20.2 'Iron' (LTS), @marco-ippolito

score 0
  • ~Fixed multiple CVE‑related vulnerabilities including array index hash collisions, timing‑side‑channel issues in Web Crypto HMAC/KMAC, and unsafe header prototypes
  • +Added permission checks to lib/fs/promises and realpath.native to harden file‑system APIs
  • ~Improved error handling for NGHTTP2 flow‑control errors and wrapped TLS SNICallback in try/catch
Security-relevantsecuritybugfixsource failing
Source
RedisUsefulAI-assisted summary

8.6.2

score 0
  • ~Fixed multiple bugs including potential use‑after‑free, crashes during command processing and ACL checks, and memory‑leak issues
  • +Added new internal command XIDMPRECORD with AOFRW emission to restore stream IDMP state
  • ~Improved stream handling: XADD with IDMP/IDMPAUTO now records metadata changes, IDMP cron expiration works after RDB load, and HSETEX/HGETEX now validate field specifications
bugfixfeatureminorsource needs reviewLast checked 4 days ago
Source