[El-errata] ELBA-2017-3586 Oracle Linux 7 docker-engine docker-engine-selinux bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Jun 27 09:48:21 PDT 2017 

Oracle Linux Bug Fix Advisory ELBA-2017-3586

http://linux.oracle.com/errata/ELBA-2017-3586.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
docker-engine-17.03.1.ce-3.0.1.el7.x86_64.rpm
docker-engine-selinux-17.03.1.ce-3.0.1.el7.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/docker-engine-17.03.1.ce-3.0.1.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/docker-engine-selinux-17.03.1.ce-3.0.1.el7.src.rpm



Description of changes:

docker-engine
[17.03.1-ce-1.0.1]
- Enable configuration of Docker daemon via sysconfig [orabug 21804877]
- Require UEK4 for docker 1.9 [orabug 22235639 22235645]
- Add docker.conf for prelink [orabug 25147708]
- Update oracle linux selinux policy to match upstream [orabug 25653794]
- Use dockerd instead of docker daemon as it is deprecreated [orabug 
25653794]

[17.03.1-ce]
- Fix autoremove on older api 
[#31692](https://github.com/docker/docker/pull/31692)
- Fix default network customization for a stack 
[#31258](https://github.com/docker/docker/pull/31258/)
- Correct CPU usage calculation in presence of offline CPUs and newer 
Linux [#31802](https://github.com/docker/docker/pull/31802)
- Fix issue where service healthcheck is {} in remote API 
[#30197](https://github.com/docker/docker/pull/30197)
- Update runc to 54296cf40ad8143b62dbcaa1d90e520a2136ddfe 
[#3166](https://github.com/docker/docker/pull/31666)
- Ignore cgroup2 mountpoints 
[opencontainers/runc#1266](https://github.com/opencontainers/runc/pull/1266)
- Update containerd to 595e75c212d19a81d2b808a518fe1afc1391dad5 
[#31662](https://github.com/docker/docker/pull/31662)
- Register healtcheck service before calling restore() 
[docker/containerd#609](https://github.com/docker/containerd/pull/609)
- Fix docker exec not working after unattended upgrades that reload 
apparmor profiles [#31773](https://github.com/docker/docker/pull/31773)
- Fix unmounting layer without merge dir with Overlay2 
[#31069](https://github.com/docker/docker/pull/31069)
- Do not ignore "volume in use" errors when force-delete 
[#31450](https://github.com/docker/docker/pull/31450)
- Update swarmkit to 17756457ad6dc4d8a639a1f0b7a85d1b65a617bb 
[#31807](https://github.com/docker/docker/pull/31807)
- Scheduler now correctly considers tasks which have been assigned to a 
node but aren't yet running 
[docker/swarmkit#1980](https://github.com/docker/swarmkit/pull/1980)
- Allow removal of a network when only dead tasks reference it 
[docker/swarmkit#2018](https://github.com/docker/swarmkit/pull/2018)
- Retry failed network allocations less aggressively 
[docker/swarmkit#2021](https://github.com/docker/swarmkit/pull/2021)
- Avoid network allocation for tasks that are no longer running 
[docker/swarmkit#2017](https://github.com/docker/swarmkit/pull/2017)
- Bookkeeping fixes inside network allocator allocator 
[docker/swarmkit#2019](https://github.com/docker/swarmkit/pull/2019) 
[docker/swarmkit#2020](https://github.com/docker/swarmkit/pull/2020)
- Cleanup HCS on restore 
[#31503](https://github.com/docker/docker/pull/31503)

[17.03.0-ce]
- Fix panic in docker stats --format 
[#30776](https://github.com/docker/docker/pull/30776)
- Update various bash and zsh completion scripts 
[#30823](https://github.com/docker/docker/pull/30823), 
[#30945](https://github.com/docker/docker/pull/30945) and more...
- Block obsolete socket families in default seccomp profile - mitigates 
unpatched kernels' CVE-2017-6074 
[#29076](https://github.com/docker/docker/pull/29076)
- Fix bug on overlay encryption keys rotation in cross-datacenter swarm 
[#30727](https://github.com/docker/docker/pull/30727)
- Fix side effect panic in overlay encryption and network control plane 
communication failure ("No installed keys could decrypt the message") on 
frequent swarm leader re-election 
[#25608](https://github.com/docker/docker/pull/25608)
- Several fixes around system responsiveness and datapath programming 
when using overlay network with external kv-store 
[docker/libnetwork#1639](https://github.com/docker/libnetwork/pull/1639), 
[docker/libnetwork#1632](https://github.com/docker/libnetwork/pull/1632) 
and more...
- Discard incoming plain vxlan packets for encrypted overlay network 
[#31170](https://github.com/docker/docker/pull/31170)
- Release the network attachment on allocation failure 
[#31073](https://github.com/docker/docker/pull/31073)
- Fix port allocation when multiple published ports map to the same 
target port 
[docker/swarmkit#1835](https://github.com/docker/swarmkit/pull/1835)
- Fix a deadlock in docker logs 
[#30223](https://github.com/docker/docker/pull/30223)
- Fix cpu spin waiting for log write events 
[#31070](https://github.com/docker/docker/pull/31070)
- Fix a possible crash when using journald 
[#31231](https://github.com/docker/docker/pull/31231) 
[#31263](https://github.com/docker/docker/pull/31231)
- Fix a panic on close of nil channel 
[#31274](https://github.com/docker/docker/pull/31274)
- Fix duplicate mount point for --volumes-from in docker run 
[#29563](https://github.com/docker/docker/pull/29563)
- Fix --cache-from does not cache last step 
[#31189](https://github.com/docker/docker/pull/31189)
- Shutdown leaks an error when the container was never started 
[#31279](https://github.com/docker/docker/pull/31279)
- Fix possibility of tasks getting stuck in the "NEW" state during a 
leader failover 
[docker/swarmkit#1938](https://github.com/docker/swarmkit/pull/1938)
- Fix extraneous task creations for global services that led to 
confusing replica counts in docker service ls 
[docker/swarmkit#1957](https://github.com/docker/swarmkit/pull/1957)
- Fix problem that made rolling updates slow when task-history-limit was 
set to 1 
[docker/swarmkit#1948](https://github.com/docker/swarmkit/pull/1948)
- Restart tasks elsewhere, if appropriate, when they are shut down as a 
result of nodes no longer satisfying constraints 
[docker/swarmkit#1958](https://github.com/docker/swarmkit/pull/1958)

[1.13.1]
- Do not require a custom build of tini 
[#28454](https://github.com/docker/docker/pull/28454)
- Upgrade to Go 1.7.5 [#30489](https://github.com/docker/docker/pull/30489)
- Support secrets in docker stack deploy with compose file 
[#30144](https://github.com/docker/docker/pull/30144)
- Fix size issue in docker system df 
[#30378](https://github.com/docker/docker/pull/30378)
- Fix error on docker inspect when Swarm certificates were expired. 
[#29246](https://github.com/docker/docker/pull/29246)
- Fix deadlock on v1 plugin with activate error 
[#30408](https://github.com/docker/docker/pull/30408)
- Fix SELinux regression 
[#30649](https://github.com/docker/docker/pull/30649)
- Support global scoped network plugins (v2) in swarm mode 
[#30332](https://github.com/docker/docker/pull/30332)
- Add docker plugin upgrade 
[#29414](https://github.com/docker/docker/pull/29414)
- Fix small regression with old plugins in Windows 
[#30150](https://github.com/docker/docker/pull/30150)
- Fix warning on Windows 
[#30730](https://github.com/docker/docker/pull/30730)

[1.13.0]
- Add capability to specify images used as a cache source on build. 
These images do not need to have local parent chain and can be pulled 
from other registries [#26839](https://github.com/docker/docker/pull/26839)
- (experimental) Add option to squash image layers to the FROM image 
after successful builds 
[#22641](https://github.com/docker/docker/pull/22641)
- Fix dockerfile parser with empty line after escape 
[#24725](https://github.com/docker/docker/pull/24725)
- Add step number on docker build 
[#24978](https://github.com/docker/docker/pull/24978)
- Add support for compressing build context during image build 
[#25837](https://github.com/docker/docker/pull/25837)
- add --network to docker build 
[#27702](https://github.com/docker/docker/pull/27702)
- Fix inconsistent behavior between --label flag on docker build and 
docker run [#26027](https://github.com/docker/docker/issues/26027)
- Fix image layer inconsistencies when using the overlay storage driver 
[#27209](https://github.com/docker/docker/pull/27209)
- Unused build-args are now allowed. A warning is presented instead of 
an error and failed build 
[#27412](https://github.com/docker/docker/pull/27412)
- Fix builder cache issue on Windows 
[#27805](https://github.com/docker/docker/pull/27805)
- Allow USER in builder on Windows 
[#28415](https://github.com/docker/docker/pull/28415)
- Handle env case-insensitive on Windows 
[#28725](https://github.com/docker/docker/pull/28725)
- Add support for building docker debs for Ubuntu 16.04 Xenial on 
PPC64LE [#23438](https://github.com/docker/docker/pull/23438)
- Add support for building docker debs for Ubuntu 16.04 Xenial on s390x 
[#26104](https://github.com/docker/docker/pull/26104)
- Add support for building docker debs for Ubuntu 16.10 Yakkety Yak on 
PPC64LE [#28046](https://github.com/docker/docker/pull/28046)
- Add RPM builder for VMWare Photon OS 
[#24116](https://github.com/docker/docker/pull/24116)
- Add shell completions to tgz 
[#27735](https://github.com/docker/docker/pull/27735)
- Update the install script to allow using the mirror in China 
[#27005](https://github.com/docker/docker/pull/27005)
- Add DEB builder for Ubuntu 16.10 Yakkety Yak 
[#27993](https://github.com/docker/docker/pull/27993)
- Add RPM builder for Fedora 25 
[#28222](https://github.com/docker/docker/pull/28222)
- Add make deb support for aarch64 
[#27625](https://github.com/docker/docker/pull/27625)
- Update notary dependency to 0.4.2 (full changelogs 
[here](https://github.com/docker/notary/releases/tag/v0.4.2)) 
[#27074](https://github.com/docker/docker/pull/27074)
- Support for compilation on windows 
[docker/notary#970](https://github.com/docker/notary/pull/970)
- Improved error messages for client authentication errors 
[docker/notary#972](https://github.com/docker/notary/pull/972)
- Support for finding keys that are anywhere in the 
~/.docker/trust/private directory, not just under 
~/.docker/trust/private/root_keys or ~/.docker/trust/private/tuf_keys 
[docker/notary#981](https://github.com/docker/notary/pull/981)
- Previously, on any error updating, the client would fall back on the 
cache.  Now we only do so if there is a network error or if the server 
is unavailable or missing the TUF data. Invalid TUF data will cause the 
update to fail - for example if there was an invalid root rotation. 
[docker/notary#982](https://github.com/docker/notary/pull/982)
- Improve root validation and yubikey debug logging 
[docker/notary#858](https://github.com/docker/notary/pull/858) 
[docker/notary#891](https://github.com/docker/notary/pull/891)
- Warn if certificates for root or delegations are near expiry 
[docker/notary#802](https://github.com/docker/notary/pull/802)
- Warn if role metadata is near expiry 
[docker/notary#786](https://github.com/docker/notary/pull/786)
- Fix passphrase retrieval attempt counting and terminal detection 
[docker/notary#906](https://github.com/docker/notary/pull/906)
- Avoid unnecessary blob uploads when different users push same layers 
to authenticated registry 
[#26564](https://github.com/docker/docker/pull/26564)
- Allow external storage for registry credentials 
[#26354](https://github.com/docker/docker/pull/26354)
- Standardize the default logging tag value in all logging drivers 
[#22911](https://github.com/docker/docker/pull/22911)
- Improve performance and memory use when logging of long log lines 
[#22982](https://github.com/docker/docker/pull/22982)
- Enable syslog driver for windows 
[#25736](https://github.com/docker/docker/pull/25736)
- Add Logentries Driver 
[#27471](https://github.com/docker/docker/pull/27471)
- Update of AWS log driver to support tags 
[#27707](https://github.com/docker/docker/pull/27707)
- Unix socket support for fluentd 
[#26088](https://github.com/docker/docker/pull/26088)
- Enable fluentd logging driver on Windows 
[#28189](https://github.com/docker/docker/pull/28189)
- Sanitize docker labels when used as journald field names 
[#23725](https://github.com/docker/docker/pull/23725)
- Fix an issue where docker logs --tail returned less lines than 
expected [#28203](https://github.com/docker/docker/pull/28203)
- Splunk Logging Driver: performance and reliability improvements 
[#26207](https://github.com/docker/docker/pull/26207)
- Splunk Logging Driver: configurable formats and skip for verifying 
connection [#25786](https://github.com/docker/docker/pull/25786)
- Add --attachable network support to enable docker run to work in 
swarm-mode overlay network 
[#25962](https://github.com/docker/docker/pull/25962)
- Add support for host port PublishMode in services using the --publish 
option in docker service create 
[#27917](https://github.com/docker/docker/pull/27917) and 
[#28943](https://github.com/docker/docker/pull/28943)
- Add support for Windows server 2016 overlay network driver (requires 
upcoming ws2016 update) 
[#28182](https://github.com/docker/docker/pull/28182)
- Change the default FORWARD policy to DROP 
[#28257](https://github.com/docker/docker/pull/28257)
- Add support for specifying static IP addresses for predefined network 
on windows [#22208](https://github.com/docker/docker/pull/22208)
- Fix --publish flag on docker run not working with IPv6 addresses 
[#27860](https://github.com/docker/docker/pull/27860)
- Fix inspect network show gateway with mask 
[#25564](https://github.com/docker/docker/pull/25564)
- Fix an issue where multiple addresses in a bridge may cause 
--fixed-cidr to not have the correct addresses 
[#26659](https://github.com/docker/docker/pull/26659)
- Add creation timestamp to docker network inspect 
[#26130](https://github.com/docker/docker/pull/26130)
- Show peer nodes in docker network inspect for swarm overlay networks 
[#28078](https://github.com/docker/docker/pull/28078)
- Enable ping for service VIP address 
[#28019](https://github.com/docker/docker/pull/28019)
- Move plugins out of experimental 
[#28226](https://github.com/docker/docker/pull/28226)
- Add --force on docker plugin remove 
[#25096](https://github.com/docker/docker/pull/25096)
- Add support for dynamically reloading authorization plugins 
[#22770](https://github.com/docker/docker/pull/22770)
- Add description in docker plugin ls 
[#25556](https://github.com/docker/docker/pull/25556)
- Add -f/--format to docker plugin inspect 
[#25990](https://github.com/docker/docker/pull/25990)
- Add docker plugin create command 
[#28164](https://github.com/docker/docker/pull/28164)
- Send request's TLS peer certificates to authorization plugins 
[#27383](https://github.com/docker/docker/pull/27383)
- Support for global-scoped network and ipam plugins in swarm-mode 
[#27287](https://github.com/docker/docker/pull/27287)
- Split docker plugin install into two API call /privileges and /pull 
[#28963](https://github.com/docker/docker/pull/28963)
- Support docker stack deploy from a Compose file 
[#27998](https://github.com/docker/docker/pull/27998)
- (experimental) Implement checkpoint and restore 
[#22049](https://github.com/docker/docker/pull/22049)
- Add --format flag to docker info 
[#23808](https://github.com/docker/docker/pull/23808)
- Remove --name from docker volume create 
[#23830](https://github.com/docker/docker/pull/23830)
- Add docker stack ls [#23886](https://github.com/docker/docker/pull/23886)
- Add a new is-task ps filter 
[#24411](https://github.com/docker/docker/pull/24411)
- Add --env-file flag to docker service create 
[#24844](https://github.com/docker/docker/pull/24844)
- Add --format on docker stats 
[#24987](https://github.com/docker/docker/pull/24987)
- Make docker node ps default to self in swarm node 
[#25214](https://github.com/docker/docker/pull/25214)
- Add --group in docker service create 
[#25317](https://github.com/docker/docker/pull/25317)
- Add --no-trunc to service/node/stack ps output 
[#25337](https://github.com/docker/docker/pull/25337)
- Add Logs to ContainerAttachOptions so go clients can request to 
retrieve container logs as part of the attach process 
[#26718](https://github.com/docker/docker/pull/26718)
- Allow client to talk to an older server 
[#27745](https://github.com/docker/docker/pull/27745)
- Inform user client-side that a container removal is in progress 
[#26074](https://github.com/docker/docker/pull/26074)
- Add Isolation to the /info endpoint 
[#26255](https://github.com/docker/docker/pull/26255)
- Add userns to the /info endpoint 
[#27840](https://github.com/docker/docker/pull/27840)
- Do not allow more than one mode be requested at once in the services 
endpoint [#26643](https://github.com/docker/docker/pull/26643)
- Add capability to /containers/create API to specify mounts in a more 
granular and safer way [#22373](https://github.com/docker/docker/pull/22373)
- Add --format flag to network ls and volume ls 
[#23475](https://github.com/docker/docker/pull/23475)
- Allow the top-level docker inspect command to inspect any kind of 
resource [#23614](https://github.com/docker/docker/pull/23614)
- Add --cpus flag to control cpu resources for docker run and docker 
create, and add NanoCPUs to HostConfig 
[#27958](https://github.com/docker/docker/pull/27958)
- Allow unsetting the --entrypoint in docker run or docker create 
[#23718](https://github.com/docker/docker/pull/23718)
- Restructure CLI commands by adding docker image and docker container 
commands for more consistency 
[#26025](https://github.com/docker/docker/pull/26025)
- Remove COMMAND column from service ls output 
[#28029](https://github.com/docker/docker/pull/28029)
- Add --format to docker events 
[#26268](https://github.com/docker/docker/pull/26268)
- Allow specifying multiple nodes on docker node ps 
[#26299](https://github.com/docker/docker/pull/26299)
- Restrict fractional digits to 2 decimals in docker images output 
[#26303](https://github.com/docker/docker/pull/26303)
- Add --dns-option to docker run 
[#28186](https://github.com/docker/docker/pull/28186)
- Add Image ID to container commit event 
[#28128](https://github.com/docker/docker/pull/28128)
- Add external binaries version to docker info 
[#27955](https://github.com/docker/docker/pull/27955)
- Add information for Manager Addresses in the output of docker info 
[#28042](https://github.com/docker/docker/pull/28042)
- Add a new reference filter for docker images 
[#27872](https://github.com/docker/docker/pull/27872)
- Add --experimental daemon flag to enable experimental features, 
instead of shipping them in a separate build 
[#27223](https://github.com/docker/docker/pull/27223)
- Add a --shutdown-timeout daemon flag to specify the default timeout 
(in seconds) to stop containers gracefully before daemon exit 
[#23036](https://github.com/docker/docker/pull/23036)
- Add --stop-timeout to specify the timeout value (in seconds) for 
individual containers to stop 
[#22566](https://github.com/docker/docker/pull/22566)
- Add a new daemon flag --userland-proxy-path to allow configuring the 
userland proxy instead of using the hardcoded docker-proxy from $PATH 
[#26882](https://github.com/docker/docker/pull/26882)
- Add boolean flag --init on dockerd and on docker run to use 
[tini](https://github.com/krallin/tini) a zombie-reaping init process as 
PID 1 [#26061](https://github.com/docker/docker/pull/26061) 
[#28037](https://github.com/docker/docker/pull/28037)
- Add a new daemon flag --init-path to allow configuring the path to the 
docker-init binary [#26941](https://github.com/docker/docker/pull/26941)
- Add support for live reloading insecure registry in configuration 
[#22337](https://github.com/docker/docker/pull/22337)
- Add support for storage-opt size on Windows daemons 
[#23391](https://github.com/docker/docker/pull/23391)
- Improve reliability of docker run --rm by moving it from the client to 
the daemon  [#20848](https://github.com/docker/docker/pull/20848)
- Add support for --cpu-rt-period and --cpu-rt-runtime flags, allowing 
containers to run real-time threads when CONFIG_RT_GROUP_SCHED is 
enabled in the kernel [#23430](https://github.com/docker/docker/pull/23430)
- Allow parallel stop, pause, unpause 
[#24761](https://github.com/docker/docker/pull/24761) / 
[#26778](https://github.com/docker/docker/pull/26778)
- Implement XFS quota for overlay2 
[#24771](https://github.com/docker/docker/pull/24771)
- Fix partial/full filter issue in service tasks --filter 
[#24850](https://github.com/docker/docker/pull/24850)
- Allow engine to run inside a user namespace 
[#25672](https://github.com/docker/docker/pull/25672)
- Fix a race condition between device deferred removal and resume 
device, when using the devicemapper graphdriver 
[#23497](https://github.com/docker/docker/pull/23497)
- Add docker stats support in Windows 
[#25737](https://github.com/docker/docker/pull/25737)
- Allow using --pid=host and --net=host when --userns=host 
[#25771](https://github.com/docker/docker/pull/25771)
- (experimental) Add metrics (Prometheus) output for basic container, 
image, and daemon operations 
[#25820](https://github.com/docker/docker/pull/25820)
- Fix issue in docker stats with NetworkDisabled=true 
[#25905](https://github.com/docker/docker/pull/25905)
- Add docker top support in Windows 
[#25891](https://github.com/docker/docker/pull/25891)
- Record pid of exec'd process 
[#27470](https://github.com/docker/docker/pull/27470)
- Add support for looking up user/groups via getent 
[#27599](https://github.com/docker/docker/pull/27599)
- Add new docker system command with df and prune subcommands for system 
resource management, as well as docker {container,image,volume,network} 
prune subcommands [#26108](https://github.com/docker/docker/pull/26108) 
[#27525](https://github.com/docker/docker/pull/27525) / 
[#27525](https://github.com/docker/docker/pull/27525)
- Fix an issue where containers could not be stopped or killed by 
setting xfs max_retries to 0 upon ENOSPC with devicemapper 
[#26212](https://github.com/docker/docker/pull/26212)
- Fix docker cp failing to copy to a container's volume dir on CentOS 
with devicemapper [#28047](https://github.com/docker/docker/pull/28047)
- Promote overlay(2) graphdriver 
[#27932](https://github.com/docker/docker/pull/27932)
- Add --seccomp-profile daemon flag to specify a path to a seccomp 
profile that overrides the default 
[#26276](https://github.com/docker/docker/pull/26276)
- Fix ulimits in docker inspect when --default-ulimit is set on daemon 
[#26405](https://github.com/docker/docker/pull/26405)
- Add workaround for overlay issues during build in older kernels 
[#28138](https://github.com/docker/docker/pull/28138)
- Add TERM environment variable on docker exec -t 
[#26461](https://github.com/docker/docker/pull/26461)
- Honor a container’s --stop-signal setting upon docker kill 
[#26464](https://github.com/docker/docker/pull/26464)
- Add secret management 
[#27794](https://github.com/docker/docker/pull/27794)
- Add support for templating service options (hostname, mounts, and 
environment variables) [#28025](https://github.com/docker/docker/pull/28025)
- Display the endpoint mode in the output of docker service inspect 
--pretty [#26906](https://github.com/docker/docker/pull/26906)
- Make docker service ps output more bearable by shortening service IDs 
in task names [#28088](https://github.com/docker/docker/pull/28088)
- Make docker node ps default to the current node 
[#25214](https://github.com/docker/docker/pull/25214)
- Add --dns, --dns-opt, and --dns-search to service create. 
[#27567](https://github.com/docker/docker/pull/27567)
- Add --force to docker service update 
[#27596](https://github.com/docker/docker/pull/27596)
- Add --health-* and --no-healthcheck flags to docker service create and 
docker service update [#27369](https://github.com/docker/docker/pull/27369)
- Add -q to docker service ps 
[#27654](https://github.com/docker/docker/pull/27654)
- Display number of global services in docker service ls 
[#27710](https://github.com/docker/docker/pull/27710)
- Remove --name flag from docker service update. This flag is only 
functional on docker service create, so was removed from the update 
command [#26988](https://github.com/docker/docker/pull/26988)
- Fix worker nodes failing to recover because of transient networking 
issues [#26646](https://github.com/docker/docker/issues/26646)
- Add support for health aware load balancing and DNS records 
[#27279](https://github.com/docker/docker/pull/27279)
- Add --hostname to docker service create 
[#27857](https://github.com/docker/docker/pull/27857)
- Add --host to docker service create, and --host-add, --host-rm to 
docker service update [#28031](https://github.com/docker/docker/pull/28031)
- Add --tty flag to docker service create/update 
[#28076](https://github.com/docker/docker/pull/28076)
- Autodetect, store, and expose node IP address as seen by the manager 
[#27910](https://github.com/docker/docker/pull/27910)
- Encryption at rest of manager keys and raft data 
[#27967](https://github.com/docker/docker/pull/27967)
- Add --update-max-failure-ratio, --update-monitor and --rollback flags 
to docker service update 
[#26421](https://github.com/docker/docker/pull/26421)
- Fix an issue with address autodiscovery on docker swarm init running 
inside a container [#26457](https://github.com/docker/docker/pull/26457)
- (experimental) Add docker service logs command to view logs for a 
service [#28089](https://github.com/docker/docker/pull/28089)
- Pin images by digest for docker service create and update 
[#28173](https://github.com/docker/docker/pull/28173)
- Add short (-f) flag for docker node rm --force and docker swarm leave 
--force [#28196](https://github.com/docker/docker/pull/28196)
- Add options to customize Raft snapshots (--max-snapshots, 
--snapshot-interval) [#27997](https://github.com/docker/docker/pull/27997)
- Don't repull image if pinned by digest 
[#28265](https://github.com/docker/docker/pull/28265)
- Swarm-mode support for Windows 
[#27838](https://github.com/docker/docker/pull/27838)
- Allow hostname to be updated on service 
[#28771](https://github.com/docker/docker/pull/28771)
- Support v2 plugins [#29433](https://github.com/docker/docker/pull/29433)
- Add content trust for services 
[#29469](https://github.com/docker/docker/pull/29469)
- Add support for labels on volumes 
[#21270](https://github.com/docker/docker/pull/21270)
- Add support for filtering volumes by label 
[#25628](https://github.com/docker/docker/pull/25628)
- Add a --force flag in docker volume rm to forcefully purge the data of 
the volume that has already been deleted 
[#23436](https://github.com/docker/docker/pull/23436)
- Enhance docker volume inspect to show all options used when creating 
the volume [#26671](https://github.com/docker/docker/pull/26671)
- Add support for local NFS volumes to resolve hostnames 
[#27329](https://github.com/docker/docker/pull/27329)
- Fix selinux labeling of volumes shared in a container 
[#23024](https://github.com/docker/docker/pull/23024)
- Prohibit /sys/firmware/** from being accessed with apparmor 
[#26618](https://github.com/docker/docker/pull/26618)
- Marked the docker daemon command as deprecated. The daemon is moved to 
a separate binary (dockerd), and should be used instead 
[#26834](https://github.com/docker/docker/pull/26834)
- Deprecate unversioned API endpoints 
[#28208](https://github.com/docker/docker/pull/28208)
- Remove Ubuntu 15.10 (Wily Werewolf) as supported platform. Ubuntu 
15.10 is EOL, and no longer receives updates 
[#27042](https://github.com/docker/docker/pull/27042)
- Remove Fedora 22 as supported platform. Fedora 22 is EOL, and no 
longer receives updates 
[#27432](https://github.com/docker/docker/pull/27432)
- Remove Fedora 23 as supported platform. Fedora 23 is EOL, and no 
longer receives updates 
[#29455](https://github.com/docker/docker/pull/29455)
- Deprecate the repo:shortid syntax on docker pull 
[#27207](https://github.com/docker/docker/pull/27207)
- Deprecate backing filesystem without d_type for overlay and overlay2 
storage drivers [#27433](https://github.com/docker/docker/pull/27433)
- Deprecate MAINTAINER in Dockerfile 
[#25466](https://github.com/docker/docker/pull/25466)
- Deprecate filter param for endpoint /images/json 
[#27872](https://github.com/docker/docker/pull/27872)
- Deprecate setting duplicate engine labels 
[#24533](https://github.com/docker/docker/pull/24533)
- Deprecate "top-level" network information in NetworkSettings 
[#28437](https://github.com/docker/docker/pull/28437)

More information about the El-errata mailing list