moby/docs/sources/release-notes.md

page_title: Docker 1.x Series Release Notes page_description: Release Notes for Docker 1.x. page_keywords: docker, documentation, about, technology, understanding, release

#Release Notes

You can view release notes for earlier version of Docker by selecting the desired version from the drop-down list at the top right of this page.

##Version 1.4.1 (2014-12-17)

This release fixes an issue related to mounting volumes on create. Details available in the Github milestone.

##Version 1.4.0 (2014-12-11)

This release provides a number of new features, but is mainly focused on bug fixes and improvements to platform stability and security.

For a complete list of patches, fixes, and other improvements, see the merge PR on GitHub.

New Features

• You can now add labels to the Docker daemon using key=value pairs defined with the new --label flag. The labels are displayed by running docker info. In addition, docker info also now returns an ID and hostname field. For more information, see the command line reference.
• The ENV instruction in the Dockerfile now supports arguments in the form of ENV name=value name2=value2... For more information, see the command line reference
• Introducing a new, still experimental, overlayfs storage driver.
• You can now add filters to docker events to filter events by event name, container, or image. For more information, see the command line reference.
• The docker cp command now supports copying files from the filesystem of a container's volumes. For more information, see the remote API reference.

• The docker tag command has been fixed so that it correctly honors --force when overriding a tag for existing image. For more information, see the command line reference.

• Container volumes are now initialized during docker create. For more information, see the command line reference.

Security Fixes

Patches and changes were made to address the following vulnerabilities:

• CVE-2014-9356: Path traversal during processing of absolute symlinks. Absolute symlinks were not adequately checked for traversal which created a vulnerability via image extraction and/or volume mounts.
• CVE-2014-9357: Escalation of privileges during decompression of LZMA (.xz) archives. Docker 1.3.2 added chroot for archive extraction. This created a vulnerability that could allow malicious images or builds to write files to the host system and escape containerization, leading to privilege escalation.
• CVE-2014-9358: Path traversal and spoofing opportunities via image identifiers. Image IDs passed either via docker load or registry communications were not sufficiently validated. This created a vulnerability to path traversal attacks wherein malicious images or repository spoofing could lead to graph corruption and manipulation.

Note: the above CVEs are also patched in Docker 1.3.3, which was released concurrently with 1.4.0.

Runtime fixes

• Fixed an issue that caused image archives to be read slowly.

Client fixes

• Fixed a regression related to STDIN redirection.
• Fixed a regression involving docker cp when the current directory is the destination.

Note: Development history prior to version 1.0 can be found by searching in the Docker GitHub repo.