Last checked and updated on 06 Jun 2026
What is new in Docker Engine 27
Docker Engine 27 delivers steady improvements in networking, especially around IPv6, along with better device authentication, multi-platform image handling, and continued enhancements to BuildKit and containerd integration. The release series focuses on making IPv6 easier to use by default while adding useful new CLI capabilities and security patches.
Administrators and developers will appreciate the stronger IPv6 defaults, new options for Swarm services, and refined CLI behavior across many commands.
Key Highlights
- IPv6 is now enabled by default for Linux bridge networks with
ip6tablessupport - New device code login flow for Docker Hub, offering a more secure alternative to password-based authentication
- Experimental multi-platform image support in
docker image ls --treewhen using the containerd image store --platformflag added todocker image pushfor selecting specific platforms from multi-platform images- Support for
driver_optsindocker stack deployservice networks OomScoreAdjsetting now available for Swarm services
Networking Improvements
Networking received significant attention in the 27 series:
| Feature | Description |
|---|---|
| IPv6 Defaults | ip6tables enabled by default on bridge networks. Unique Local Address prefix is automatically added if not configured. |
| Flexible IPv6 Pools | Any size IPv6 subnet can now be used in default-address-pools. |
| Gateway Mode | New com.docker.network.bridge.gateway_mode_ipv6=routed option for direct IPv6 routing without NAT. |
| Per-interface Sysctls | Improved support for setting sysctls on specific network interfaces. |
These changes make IPv6 deployment simpler and more reliable for modern container environments.
Security Updates
Docker Engine 27 includes several security fixes across its patch releases:
- Fixed authorization plugin bypass (CVE-2024-41110) in version 27.1.1
- Updated runc to address CVE-2024-45310 in 27.2.1
- Go runtime updates fixing CVE-2024-45341 and CVE-2024-45336 in 27.5.1
- General hardening through updated BuildKit, containerd, and other components
Upgrading is recommended to benefit from these protections.
New Features and Enhancements
| Area | Change |
|---|---|
| Authentication | Device code login support for Docker Hub |
| CLI | docker image push --platformdocker image ls --tree (experimental multi-platform) |
| Swarm | driver_opts support in service networksOomScoreAdj for services |
| Daemon | New --feature flag and experimental DOCKER_CUSTOM_HEADERS environment variable |
Component Updates
The 27 series keeps core dependencies current:
| Component | Latest Version in 27.x |
|---|---|
| BuildKit | v0.20.0 |
| containerd | v1.7.25 |
| runc | v1.2.4 |
| Go runtime | 1.22.11 |
| Docker Buildx | v0.20.0 |
These updates bring performance improvements, bug fixes, and the latest security patches from upstream projects.
Bug Fixes
Numerous stability and usability issues were resolved throughout the series, including:
- Improved handling of bridge network kernel modules in Docker-in-Docker and rootless setups
- Fixed race conditions during container deletion and image pruning
- Better log driver behavior with corrupted files
- Resolved issues with port publishing, DNS proxy on Windows, and volume metadata
- Fixed various CLI panics and output inconsistencies
- Improved reliability when using the containerd image store
Deprecations and Breaking Changes
Some older behaviors are being phased out:
- Legacy
--sysctlsyntax for per-interface settings will be rejected in future versions. Use the new endpoint sysctls approach instead. - Internal Go packages and some API fields have been deprecated to clean up the codebase.
- Certain warning messages in
docker infowere adjusted for accuracy.
Most deployments will upgrade smoothly, but review any custom networking or sysctl configurations before moving to production.
Upgrade Recommendations
When upgrading to Docker Engine 27, test your IPv6 configurations and Swarm stacks thoroughly. The new device code login and multi-platform improvements are worth exploring for teams using Docker Hub or building for multiple architectures. Overall, this release provides a solid foundation with better defaults and ongoing stability improvements.