docker.io (27.5.1+dfsg1-1) experimental; urgency=medium

  * Combined point release updates for Docker Engine v27.0.1 through v27.5.1:

    [ 27.5.0 (2025-01-13) ]
    * Fix: Garbage collection policies now correctly inherit
      the **defaultKeepStorage** limit if the **keepStorage** value is unset
    * Fix: Network labels are now preserved during daemon startup
    * Fix: Resolved a potential race condition error when deleting containers
    * Fix: Restored the ability to pass a build context via tarball to the
      `/build` endpoint when using the containerd image store

    [ 27.4.1 (2024-12-18) ]
    * Fix: Addressed excessive memory allocations occurring when
      OpenTelemetry (OTel) tracing is not configured.
    * Enhancement: The `docker info` command no longer incorrectly
      includes warnings about `bridge-nf-call-iptables` or
      `bridge-nf-call-ip6tables` being disabled, as the daemon now
      attempts to load the necessary kernel module (`br_netfilter`) when
      required.
    * Enhancement: Improved attempts to load kernel modules, including
      `ip6_tables` and `br_netfilter`, for compatibility inside
      Docker-in-Docker containers
    * Fix: Resolved a bug that could result in an iptables `DOCKER FILTER`
      chain not being cleaned up upon failure

    [ 27.4.0 (2024-12-09) ]
    * API: `GET /images/json` with the `manifests` option enabled now
      preserves the original order in which manifests appeared in the
      manifest-index.
    * Log Handling: When reading logs with the `jsonfile` or `local` log
      drivers, errors encountered while trying to read or parse underlying
      log files will cause the remainder of that file to be skipped,
      allowing the log stream to continue to the next file rather than
      immediately closing the stream
    * Log Optimization: Compressed log files using `jsonfile` or `local`
      drivers are now only decompressed when needed
    * Networking Fix: Resolved an issue that prevented inter-container
      communication on bridge networks when `userland-proxy` was disabled
      and the required kernel module (`br_netfilter`) was not loaded
      The daemon will now attempt to load the module when required
    * Fix: The Docker daemon no longer fails to fully start with a
      "context deadline exceeded error" when using the containerd
      snapshotter with many builds or images
    * Fix: Anonymous volumes created using the `--mount` option are now
      correctly marked as anonymous
    * Optimization: `docker stats` command operation improved to reduce
      flickering issues
    * CLI: `docker login` and `docker logout` now only update the
      configuration file if the credentials actually changed
    * Rootless Enhancement: Access to `/etc/cdi` and `/var/run/cdi` is
      enabled for the Container Device Interface (CDI) integration
    * Fix: Image pulls initiated during `docker run` can now be correctly
      cancelled

    [ 27.3.1 (2024-09-20) ]
    * CLI Fix: Resolved an issue where command execution metrics were not
      being exported correctly

    [ 27.3.0 (2024-09-19) ]
    * Daemon Feature: Added a `--feature` flag to the daemon options
    * Enhancement: Updated the handling of the `--gpus=0` flag to be
      consistent with the NVIDIA Container Runtime
    * Enhancement: Added support for WSL2 mirrored-mode networking using
      the interface `loopback0`
    * Fix: `docker image prune -a` no longer incorrectly untags images
      still in use by containers referenced by a digested reference
      (containerd image store)
    * CLI Fix: Prevented a panic within the CLI when running `docker
      volume update` without passing a volume argument

    [ 27.2.1 (2024-09-09) ]
    * Improvement: Enhanced the `docker pull` error message displayed when
      the image platform specified does not match the image
    * Fix: Non-container images are no longer hidden in the `docker image
      ls` output
    * CLI Fix: The browser-login flow no longer fails if the CLI process
      is suspended and subsequently resumed while waiting for user
      authentication
    * CLI Fix: `docker login` now returns an error instead of hanging if
      called non-interactively with password inputs but without the
      `--user` flag

    [ 27.2.0 (2024-08-27) ]
    * **New Feature:** Added support for **Device code login** for
      authenticating to Docker Hub
    * **New Experimental Feature:** Added multi-platform support
      capability to `docker image ls`
    * CLI Fix: IPv6 addresses displayed by `docker ps` in port bindings
      are now correctly bracketed
    * Networking Fix: Resolved an issue preventing creation of networks
      with an `--ip-range` ending exactly on a 64-bit boundary
    * Fix: Corrected an issue in `docker load` where an early error exit
      occurred if image unpacking failed

    [ 27.1.2 (2024-08-13) ]
    * Fix Regression: Resolved an issue that caused `ResourceExhausted`
      errors when attempting a build with a very large Dockerfile
    * CLI Fix: `docker attach` now forwards the `SIGINT` signal to the
      container and waits for exit upon receiving it
    * CLI Fix: Ensured that the `--device-read-bps` and
      `--device-write-bps` options now correctly take effect

    [ 27.1.1 (2024-07-23) ]
    * **Security Fix:** Applied a fix for CVE-2024-41110 /
      GHSA-v23v-6jw2-98fq, which impacted setups utilizing authorization
      plugins (AuthZ) for access control

    [ 27.1.0 (2024-07-22) ]
    * Rootless Fix: Added `Requires=dbus.socket` to prevent daemon startup
      errors on cgroup v2 systems using systemd
    * Build Enhancement: BuildKit integration now correctly emits the
      `image tag` event when images are built
    * CLI Enhancement: Added `OOMScoreAdj` support to `docker service
      create` and `docker stack` commands
    * CLI Enhancement: Enabled shell completion for `docker image rm`,
      `docker image history`, and `docker image inspect`

    [ 27.0.3 (2024-07-01) ]
    * Fix Regression: Resolved incorrect error reporting for port mapping
      from a host IPv6 address to an IPv4-only container
    * Fix Regression: Resolved duplicate subnet allocations occurring
      during network creation
    * Rootless Fix Regression: Fixed `fail to register layer: failed to
      Lchown` errors encountered when pulling images with rootless enabled
      on systems supporting native overlay with user-namespaces

    [ 27.0.2 (2024-06-27) ]
    * CLI Fix Regression: Resolved an issue where port numbers were
      erroneously ignored when parsing a Docker registry URL

    [ 27.0.1 (2024-06-24) ]
    * **New Feature (Networking):** IPv6 support (`ip6tables`) is now
      generally available (no longer experimental) and is enabled by
      default for Linux bridge networks
    * **New Feature (Networking):** Automatic Unique Local Address (ULA)
      base prefix is added to default address pools for IPv6-enabled
      networks if not configured
    * **New Feature (CLI):** Added the `--platform` flag to `docker image
      push` to allow selecting specific platform manifests
    * Security Enhancement: A custom seccomp profile is no longer ignored
      when used in conjunction with `--privileged`

 -- Reinhard Tartler <siretart@tauware.de>  Tue, 14 Oct 2025 06:13:56 -0400
