Latest in branch 29
29.4.2
Released 01 May 2026
(12 days ago)
SoftwareDocker Engine
Branch29
Status
Supported
Initial release29.0.4
24 Nov 2025
(5 months ago)
Latest release29.4.2
01 May 2026
(12 days ago)
End of lifeTBD
(Supported)
Release noteshttps://docs.docker.com/engine/release-notes/29/
Source codehttps://github.com/docker/cli/tree/v29.4.2
Documentationhttps://docs.docker.com/
Downloadhttps://docs.docker.com/engine/install/
Docker Engine 29 ReleasesView full list
SEE ALSO: Kubernetes Kubernetes New Podman Podman

What is new in Docker Engine 29

Docker Engine 29 brings a range of improvements focused on security, stability, and modern container workflows. This release series introduces better support for newer technologies, refines the API, enhances CLI usability, and delivers important bug fixes across networking, storage, and daemon operations.

The 29.x line makes containerd the default image store for fresh installations, adds experimental nftables firewall backend support, and includes many quality-of-life enhancements for developers and administrators.

Key Highlights

  • Multiple security fixes addressing authorization bypass and BuildKit vulnerabilities
  • New bind-create-src option for more flexible bind mounts
  • Improved CLI plugin hooks that now trigger on command failures
  • Lowered minimum supported API version for better backward compatibility
  • Enhanced systemd integration with reload notifications
  • Updated BuildKit, containerd, and Go runtime for performance and security
  • CDI-based GPU injection for AMD GPUs
  • Significant networking stability improvements
  • Various deprecations and cleanups to modernize the codebase
  • Better rootless mode support including CDI devices

Security Updates

Docker Engine 29 includes several important security fixes, particularly in version 29.3.1:

CVE Description
CVE-2026-34040 Fix for authorization bypass in AuthZ plugins under specific conditions
CVE-2026-33997 Improved privilege validation during docker plugin install to prevent unauthorized escalation
CVE-2026-33748 Fixed insufficient validation of Git URL fragments in BuildKit
CVE-2026-33747 Prevented untrusted frontends from writing files outside the BuildKit state directory

These updates help keep your Docker environment more secure against potential exploits.

New Features and Enhancements

Several useful new capabilities were added throughout the 29.x releases:

  • bind-create-src option for the --mount flag, giving more control when creating bind mounts.
  • CLI plugin hooks now execute on command failure as well as success. Plugins can use error-hooks to provide helpful messages only when needed.
  • Support for the systemd Type=notify-reload protocol and RELOADING notifications when the daemon reloads its configuration.
  • CDI-based injection is now used for AMD GPUs with the --gpus option.
  • GET /images/json API endpoint now supports an identity query parameter to include manifest summaries and trusted identity information.
  • Improved handling of MacAddress field in network connection API calls.

Packaging and Component Updates

Docker Engine 29 keeps core components up to date for better performance and compatibility:

Component Updated To
BuildKit v0.28.0 (in 29.3.0) and v0.27.1 (in 29.2.1)
containerd (static binaries) v2.2.2
Go runtime 1.25.8

These updates bring the latest fixes and improvements from the upstream projects.

Networking Improvements

Networking received significant attention with fixes for:

  • DNS configuration corruption during daemon reload
  • Encrypted overlay networks compatibility with older engine versions
  • Port mapping and IP allocation stability
  • Issues with concurrent operations such as docker system prune and docker system df

Rootless mode also gained better IPv6 and device support.

Bug Fixes

Many stability issues were resolved, including:

  • Daemon crashes related to invalid .dockerignore patterns
  • Panics when using docker top on certain Windows containers
  • Problems with shared mount detection and bind propagation
  • Issues during concurrent container removal and system prune operations
  • Service registration problems on Windows under specific conditions
  • Spurious warnings during daemon startup and shutdown

Deprecations and Breaking Changes

As part of modernizing Docker Engine, some older features have been deprecated or removed:

  • cgroup v1 support is deprecated (with continued support until May 2029)
  • Docker Content Trust has been removed from the CLI
  • Several deprecated API fields and methods were cleaned up
  • Go SDK saw removal of deprecated packages and types
  • Minimum API version requirements have been adjusted for new installations

It is recommended to review the full upgrade notes before moving to Docker Engine 29, especially regarding the switch to containerd image store as default for fresh installs.

Go SDK Changes

The Go SDK received updates to improve compatibility and remove outdated code. One notable fix prevents build errors when importing certain CLI command packages.

Upgrade Recommendations

When upgrading to Docker Engine 29, test your workflows thoroughly, particularly if you rely on:

  • Custom AuthZ plugins
  • Encrypted overlay networks
  • Older API clients
  • cgroup v1 features

Most users will benefit from the improved security, stability, and modern tooling without major disruptions.

Releases In Branch 29

VersionRelease date
29.4.201 May 2026
(12 days ago)
29.4.320 Apr 2026
(23 days ago)
29.4.120 Apr 2026
(23 days ago)
29.4.003 Apr 2026
(1 month ago)
29.3.125 Mar 2026
(1 month ago)
29.3.005 Mar 2026
(2 months ago)
29.2.102 Feb 2026
(3 months ago)
29.2.026 Jan 2026
(3 months ago)
29.1.516 Dec 2025
(4 months ago)
29.1.416 Dec 2025
(4 months ago)
29.1.312 Dec 2025
(5 months ago)
29.1.202 Dec 2025
(5 months ago)
29.1.128 Nov 2025
(5 months ago)
29.1.027 Nov 2025
(5 months ago)
29.0.424 Nov 2025
(5 months ago)
29.0.324 Nov 2025
(5 months ago)