Last checked and updated on 05 Jun 2026
What is new in Docker Engine 25
Docker Engine 25 marks a significant step forward with stronger focus on modern device handling, improved build performance, and enhanced security. This release series introduces full support for the Container Device Interface (CDI), brings major updates to BuildKit, and delivers many quality improvements across the CLI, API, and runtime.
Users will benefit from better GPU and hardware device management, faster and more reliable builds, and a cleaner set of defaults that prepare Docker for the next generation of container workflows.
Key Highlights
- Full Container Device Interface (CDI) support for easier and more secure device passthrough including GPUs
- BuildKit updated to v0.12 with substantial performance and feature improvements
- New
docker buildx bakeenhancements and better multi-platform build handling - Improved rootless mode with better user namespace and network support
- Many CLI and API refinements for better usability and consistency
- Updated core components including containerd, runc, and Go runtime
New Features and Enhancements
| Area | Details |
|---|---|
| Device Management | CDI support enabled by default. Devices are automatically discovered and can be used with --device or CDI specifications. |
| Build System | BuildKit 0.12 brings faster cache handling, improved Git integration, and new frontend capabilities. |
| CLI | Enhanced docker info output for CDI devices, better progress display during builds, and various command improvements. |
| Rootless Mode | Better support for user namespaces, cgroup v2, and networking in rootless environments. |
| Networking | Improvements to IPv6 handling and overlay network stability. |
Component Updates
Docker Engine 25 updates several key dependencies to newer, more secure, and performant versions:
| Component | Updated Version |
|---|---|
| BuildKit | v0.12.x |
| containerd | v1.7.x series |
| runc | v1.1.x with security fixes |
| Go runtime | 1.21 or newer |
These updates bring the latest bug fixes, performance gains, and security improvements from the upstream projects.
Security Improvements
This release includes several security-related fixes and enhancements:
- Hardened device handling through CDI to reduce risk of privilege escalation
- Fixes for potential information leaks and permission issues in certain edge cases
- Updated runc with patches addressing known vulnerabilities
- Better validation of mount paths and configuration files
Administrators are encouraged to upgrade promptly to benefit from these protections.
Bug Fixes
Docker Engine 25 resolves numerous issues reported by the community:
- Fixed various race conditions during container start and stop
- Improved reliability of
docker system pruneand image cleanup operations - Resolved problems with certain volume mount behaviors and bind propagation
- Fixed CLI output formatting and error messages for better clarity
- Addressed stability issues in Swarm mode and service updates
- Corrected handling of large images and layer downloads
Deprecations and Breaking Changes
As Docker continues to modernize the engine, a few older features have been deprecated or adjusted:
- Some legacy CLI flags and API fields are now marked as deprecated
- Older cgroup v1 behaviors receive reduced support
- Certain internal APIs and SDK methods have been cleaned up or renamed for consistency
- Minimum requirements for host kernel and Go version have been raised slightly
Most users will experience a smooth upgrade, but it is wise to test custom setups and automation scripts before moving to production.
Upgrade Recommendations
When upgrading to Docker Engine 25, focus on testing your device passthrough workflows and build pipelines. The new CDI support offers a cleaner way to handle GPUs and other hardware, so consider updating your deployment scripts accordingly. Overall, this release delivers noticeable improvements in security, performance, and ease of use for both developers and operators.