Last checked and updated on 10 Jun 2026
What Is New in Docker Engine 1.3
Docker Engine 1.3 introduced critical features focused on security and control, making it a significant update for production environments.
| Category | Key Changes |
|---|---|
| New Features | Digital image IDs, docker exec, docker create, TLS client verification |
| Security | Official images signed, --no-new-privileges flag |
| Improvements | Faster docker build, enhanced docker logs |
| Bug Fixes | Various fixes for stability and networking |
How did Docker 1.3 improve container security?
Security got a major boost with two key additions. First, the introduction of the --no-new-privileges flag prevents a containerized process from gaining additional privileges, effectively locking down its capabilities.
Second, Docker began signing Official Images with digital signatures. This allows you to verify the authenticity and integrity of images like ubuntu:14.04 directly from the Docker Hub, ensuring they haven't been tampered with.
What new process control features were added?
The headline feature is docker exec. This command lets you jump into a running container to execute a new process, which is invaluable for debugging without having to commit or restart.
We also got docker create. This command prepares a container's filesystem and metadata without starting it, giving you more control over the container lifecycle before it goes live.
Were there any changes to image management?
Yes, images now have digital image IDs. This provides a more reliable and permanent way to reference images compared to human-readable tags, which can change.
Under the hood, docker build became significantly faster. The build process was optimized to be more efficient, saving a lot of time during development cycles.
How was the developer experience enhanced?
The docker logs command became much more flexible. You can now use --since and --tail to filter log output, making it easier to find specific events without being overwhelmed by data.
For those running their own registries, the push and pull operations were made more robust. This improved the reliability of shipping images across your infrastructure.
FAQ
What does the --no-new-privileges flag actually do?
It stops a process inside a container from elevating its own privileges, even if the process binary has setuid/setgid bits set. This is a core security feature to limit the potential damage from a compromised container.
When should I use docker create instead of docker run?
Use docker create when you need to set up a container's filesystem and configuration in advance but don't want to start it immediately. You can then use docker start later to launch it, which is useful for complex orchestration scripts.
How do I verify the signature of an Official Image?
You need to use the docker pull command. The daemon will automatically verify the digital signature of any Official Image you pull from the Docker Hub, assuming you're using a supported version.
Can I use docker exec on a container that is starting up?
In practice, you might run into issues if the main process hasn't finished initializing. It's most reliable to exec into a container that is already in a running state to avoid connection failures.
Why are digital image IDs better than tags?
Tags are mutable-someone can push a new image with the same tag. A digital image ID is a immutable identifier based on the image's content, guaranteeing you're always referencing the exact same image every time.