29.6.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 29.6.1 milestone
• moby/moby, 29.6.1 milestone

Security

This release includes fixes for multiple security vulnerabilities affecting Docker Engine.

• A malicious image could supply a malicious /etc/passwd or /etc/group-style file causing excessive memory consumption, potentially resulting in process termination due to Out Of Memory (OOM) conditions. GHSA-mjcv-p78q-w5fw, GHSA-jpcc-p29g-p8mq, GHSA-72x6-4j93-7w86
• A custom frontend could send a crafted build request that disabled Seccomp and AppArmor protections for the build container, even if the user did not explicitly allow the security.insecure entitlement. Other security measures, like Linux capabilities were still applied to these containers. GHSA-7236-3392-c5c6

Bug fixes and enhancements

• Update containerd (static binaries) to v2.2.5. moby/moby#52950

Packaging updates

• Update BuildKit to v0.31.1. moby/moby#52954