Join our Discord Server
Ajeet Raina Ajeet Singh Raina is a former Docker Captain, Community Leader and Distinguished Arm Ambassador. He is a founder of Collabnix blogging site and has authored more than 700+ blogs on Docker, Kubernetes and Cloud-Native Technology. He runs a community Slack of 9800+ members and discord server close to 2600+ members. You can follow him on Twitter(@ajeetsraina).

What’s New in Docker Desktop 4.30.0

3 min read

Docker Desktop 4.30.0 is now available to download and install on your laptop. It brings a variety of improvements and bug fixes for developers building and deploying containerized applications. This update focuses on three key areas:

  • Enhanced security,
  • Streamlined workflows, and
  • Platform-specific fixes.

List of upgrades and the versions:

  • Docker Compose v2.27.0
  • Docker Engine v26.1.1
  • Wasm runtimes:
  • Updated runwasi shims to v0.4.0
  • Updated deislabs shims to v0.11.1
  • Updated spin shim to v0.13.1
  • Docker Scout CLI v1.8.0
  • Docker Debug v0.0.29
  • Linux kernel v6.6.26
  • Go 1.22.2

Improved Security:

Enhanced Container Isolation (ECI)

Docker Desktop 4.30.0 strengthens security for ECI users by improving how it handles “docker build” commands within rootless containers.

ECI provides an additional layer of security by limiting the capabilities of containers. With Docker Desktop 4.30.0, there are improvements in how ECI handles “docker build” commands within rootless containers. This likely strengthens the isolation between the build process and the host system. Enhanced Container Isolation is in addition to other container security techniques used by Docker. For example, reduced Linux Capabilities, Seccomp, AppArmor.

Imagine you’re building a Docker image that installs system packages. In a non-ECI environment, the build process might have access to install system packages on the host machine as well. With ECI, such access would be restricted, enhancing security.

Now you might ask – Does ECI protect all containers launched with Docker Desktop?

Not yet. It protects all containers launched by users via docker create and docker run.Note that ECI always protects containers used by docker build, when using the docker-container build driver, since Docker Desktop 4.19 and on all supported platforms (Windows with WSL 2 or Hyper-V, Mac, and Linux). ECI does not yet protect Docker Desktop Kubernetes pods, Extension containers, and Dev Environments containers.

Linux Kernel Update

The update includes the latest Linux kernel version (v6.6.26).
This includes various security patches and improvements to the core of the Linux kernel used within Docker Desktop. These patches address vulnerabilities and potential exploits in the kernel code.

A recent kernel vulnerability might have allowed attackers to gain unauthorized access to a system. The update to version 6.6.26 likely includes a fix for this vulnerability, making it more difficult for attackers to exploit.

Mac-Specific Security Boosts

For Mac users, Docker Desktop 4.30.0 enables the CONFIG_SECURITY=y kernel configuration, potentially enhancing security for tools like Tetragon.

Tetragon is a runtime security scanner for containers. With CONFIG_SECURITY=y enabled, Tetragon might have access to additional kernel features that improve its ability to detect and prevent security threats within containers.

Streamlined Workflows:

SOCKS5 Proxy Support (Business Only)

This update allows users with a Business subscription to leverage SOCKS5 proxies for container network connections.

SOCKS (Socket Secure) is a protocol that facilitates the routing of network packets between a client and a server through a proxy server. It provides a way to enhance privacy, security, and network performance for users and applications.

You can enable SOCKS proxy support to allow outgoing requests, such as pulling images, and access Linux container backend IPs from the host.

To enable and set up SOCKS proxy support:

  1. Navigate to the Resources tab in Settings.
  2. From the dropdown menu select Proxies.
  3. Switch on the Manual proxy configuration toggle.
  4. In the Secure Web Server HTTPS box, paste your socks5://host:port URL.

Improved Build UI

The build user interface offers better bulk deletion of build records and the ability to launch relevant web pages for container images and Git sources used in builds. Additionally, users can now download Provenance and OpenTelemetry traces in Jaeger or OTLP formats for easier analysis.

  • Bulk deletion of build records: This allows you to easily remove multiple build history entries at once.
  • Launching web pages for build dependencies: You can quickly access the web pages for container images and Git sources used in your builds directly from the build UI.
  • Downloading Provenance and OpenTelemetry traces: These trace files provide valuable insights into the performance and behavior of your builds. You can now download them in Jaeger or OTLP formats for easier analysis with debugging tools.

Imagine you’re having issues with a build and want to analyze the build process in more detail. Downloading the OpenTelemetry traces would allow you to visualize the different stages of the build and identify where the problem might be occurring.

Kerberos and NTLM Proxy Authentication (Windows – Business Only)

Business users on Windows can now leverage Kerberos and NTLM for proxy authentication, simplifying their development workflows.

This feature simplifies development workflows for Windows users with a business subscription by enabling them to leverage existing Kerberos or NTLM proxy authentication mechanisms for container network connections.
Example:

A company might use Kerberos for internal authentication. With NTLM proxy authentication support, containerized applications can seamlessly access resources that require Kerberos or NTLM credentials without needing additional configuration within the containers themselves.

Platform-Specific Fixes:

Mac Bug Fixes

Docker Desktop 4.30.0 addresses several Mac-specific issues, including a segmentation fault with the Virtualization Framework, enabling SQUASHFS compression support again, and resolving a bug that prevented startup if Rosetta was not installed.

Windows Bug Fixes

This update fixes several Windows-related bugs, including a regression in host file binding, issues with Docker CLI bash completions in WSL environments, and a problem that caused a new version of Docker Desktop to be marked as damaged. Additionally, Docker Desktop 4.30.0 introduces a simplified provisioning mode for WSL2, potentially streamlining the setup process.

By incorporating these improvements and bug fixes, Docker Desktop 4.30.0 aims to make the container development experience smoother, more secure, and more efficient for developers across all platforms.

Have Queries? Join https://launchpass.com/collabnix

Ajeet Raina Ajeet Singh Raina is a former Docker Captain, Community Leader and Distinguished Arm Ambassador. He is a founder of Collabnix blogging site and has authored more than 700+ blogs on Docker, Kubernetes and Cloud-Native Technology. He runs a community Slack of 9800+ members and discord server close to 2600+ members. You can follow him on Twitter(@ajeetsraina).
Join our Discord Server
Index