Last checked and updated on 05 Jun 2026
What Is New in Docker Engine 19.03
Docker Engine 19.03 introduces significant enhancements focused on runtime capabilities and developer experience. The update brings GPU support to the core runtime, improves build performance, and refines container management. These changes streamline workflows for developers working with demanding applications and complex build pipelines.
| Category | Key Changes |
|---|---|
| New Features | Native GPU support for containers, docker build --secret for secure builds, Rootless mode (experimental) |
| Enhancements | Improved docker build performance, Enhanced docker info output, Better support for cgroup v2 |
| Deprecations | AUFS storage driver, Legacy overlay networks, docker engine subcommand |
How does native GPU support change container development?
Docker 19.03 integrates NVIDIA GPU support directly into the core runtime without needing the nvidia-docker2 package. This simplifies the setup for machine learning, data science, and graphics workloads. You can now use the --gpus flag with docker run to specify GPU resources.
In practice, this means you can run a CUDA container with a simple command like docker run --gpus all nvidia/cuda:10.0-base nvidia-smi. The engine handles the necessary device and library mappings automatically, reducing configuration overhead and potential errors.
What build improvements were introduced?
Builds are faster and more secure in 19.03. The docker build command saw performance optimizations, particularly around context handling and layer caching. More importantly, the new --secret flag allows you to pass sensitive information during build time without persisting it in the final image.
This is a game-changer for not leaking API keys or credentials into your image layers. You can use it by mounting a secret file during the build process, which is only available to the specific RUN command that needs it, and is not committed to the image history.
# syntax=docker/dockerfile:1.0-experimental
FROM alpine
RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecretWhat is Rootless mode and why does it matter?
Rootless mode allows the Docker daemon to run as a non-root user, greatly enhancing security by mitigating potential privilege escalation attacks. This is an experimental feature in 19.03 that lets users install and run Docker without requiring root privileges.
This matters because it fundamentally changes the security model. Even if a container runtime is compromised, the attack surface is limited to the user's privileges instead of full root access on the host machine. It's a significant step towards safer container deployments, especially in multi-user environments.
What was deprecated and what should I use instead?
Several legacy features were marked for removal. The AUFS storage driver was deprecated in favor of overlay2, which has become the default and offers better performance. Legacy overlay networks were also deprecated, so you should migrate to the newer overlay network implementation with Swarm mode.
The docker engine subcommand was deprecated. For managing Docker Engine installations, you should use your system's package manager (like apt or yum) instead. It's a good time to audit your scripts and configurations to ensure they don't rely on these deprecated features.
FAQ
How do I use the new --gpus flag?
Use docker run --gpus all to access all available GPUs. For specific GPU counts or devices, use --gpus 2 or --gpus '"device=0,1"'. This replaces the older nvidia-docker workflow.
Can I use build secrets without experimental features?
No, the --secret flag requires both the experimental CLI features enabled and a special syntax directive (# syntax=docker/dockerfile:1.0-experimental) at the top of your Dockerfile.
Is Rootless mode production-ready in 19.03?
No, Rootless mode is explicitly marked as experimental in this release. It's suitable for testing and development but not for production workloads due to potential limitations in stability and features.
What happens if I'm still using the AUFS driver?
Your existing setups will continue to work, but you'll see deprecation warnings. You should plan a migration to overlay2, as AUFS support will be completely removed in a future release.
Were there any changes to the default network setup?
Yes, legacy overlay networks (created with --attachable without Swarm) are deprecated. For attachable overlay networks, you must now use Swarm mode, which provides a more robust and secure networking foundation.