Sourced from github.com/docker/docker's releases.

25.0.5

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 25.0.5 milestone
• moby/moby, 25.0.5 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Security

This release contains a security fix for CVE-2024-29018, a potential data exfiltration from 'internal' networks via authoritative DNS servers.

Bug fixes and enhancements

• CVE-2024-29018: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589
• plugin: fix mounting /etc/hosts when running in UserNS. moby/moby#47588
• rootless: fix open /etc/docker/plugins: permission denied. moby/moby#47587
• Fix multiple parallel docker build runs leaking disk space. moby/moby#47527

• e63daec Merge pull request #47589 from vvoland/v25.0-47538
• 817bccb Merge pull request #47588 from vvoland/v25.0-47558
• 2a0601e Merge pull request #47587 from vvoland/v25.0-47559
• 9df9ccc Merge pull request #47586 from vvoland/v25.0-47569
• a987bc5 libnet: Don't forward to upstream resolvers on internal nw
• 20c205f Environment variable to override resolv.conf path.
• 4be9723 daemon: move getUnprivilegedMountFlags to internal package
• 7ed7e6c plugin: fix mounting /etc/hosts when running in UserNS
• 81ad706 rootless: fix open /etc/docker/plugins: permission denied
• 02d4ee3 Makefile: generate-files: fix check for empty TMP_OUT
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)