Security release updates bundled dependencies and runtime patches.
Docker changelog digest
May 4 - May 10, 2026. Useful releases, risky migrations, and noisy updates from the Docker channel.
Docker updates in 2026-w19
Add experimental node:ffi module for loading native libraries (requires --experimental-ffi flag and appropriate permission; API is unsafe).
Patch release includes planner fixes and replication reliability updates.
Updated docs call out persistence settings that can surprise small teams.
Temporal API is now enabled by default, providing a modern date‑time API;
Patched several remote‑code‑execution vulnerabilities (CVE‑2026‑23479, ‑25243, ‑23631, ‑25588, ‑25589) affecting unblock client flow, RESTORE, Lua, and Time‑Series modules.
Patched multiple critical Use‑After‑Free and invalid memory access vulnerabilities (CVE‑2026‑23479,‑25243,‑23631,‑25588‑25589) that could lead to remote code execution.
Patched multiple remote code execution vulnerabilities (CVE‑2026‑23479, 25243, 23631, 25588, 25589) affecting client flow, Lua, and RESTORE across modules.
Security patches address multiple RCE vulnerabilities (CVE‑2026‑23479, CVE‑2026‑25243, CVE‑2026‑23631) related to use‑after‑free and invalid memory access.
Fixed multiple remote code execution vulnerabilities (CVE‑2026‑23479, CVE‑2026‑25243, CVE‑2026‑23631) related to use‑after‑free and memory errors.
Fixed CVE‑2026‑25243: corrected invalid memory access in RESTORE to prevent remote code execution.