Docker Engine 29.3 Ships with Native gRPC Support and BuildKit v0.28
Docker Engine 29.3.0 introduces native gRPC support on listening sockets, BuildKit v0.28.0, and a new bind-create-src option for flexible volume mounting. The release lowers the minimum API version to v1.40 for broader backward compatibility and fixes DNS configuration corruption during daemon reloads.
Docker Engine 29.3.0 has been released with native gRPC support, BuildKit v0.28.0, and backward-compatibility improvements that extend the minimum supported API version back to Docker 19.03. The release continues Docker's cadence of monthly point releases that add features while maintaining stability for production environments.
Native gRPC Support
Docker Engine's listening socket now natively handles gRPC connections alongside the existing REST API. This enables richer, bidirectional communication between Docker clients and the daemon, with support for streaming responses that are more efficient than the long-polling mechanisms used by the REST API for operations like container log tailing and build progress tracking.
The gRPC interface is opt-in and coexists with the REST API — existing tooling and scripts continue to work without modification. Container orchestration tools and monitoring systems can use the gRPC interface for lower-latency interactions with the Docker daemon.
BuildKit v0.28.0
The integrated BuildKit build engine has been updated to version 0.28.0, which includes improvements to cache management, multi-platform build performance, and Dockerfile frontend capabilities. A new bind-create-src option for the --mount flag allows bind mounts to automatically create the source directory on the host if it doesn't exist — eliminating a common error when mounting paths in CI environments where directory structures aren't pre-created.
Backward Compatibility
The minimum API version has been lowered from v1.44 to v1.40, corresponding to Docker Engine 19.03. This means older Docker clients can communicate with Docker Engine 29.3 without version negotiation failures — important for environments where upgrading all clients simultaneously isn't practical. CLI plugin hooks now fire on command failure in addition to success, enabling plugins to provide diagnostic hints when commands fail.
Bug Fixes
A notable fix addresses DNS configuration corruption during daemon reloads. Previously, reloading the Docker daemon configuration (via SIGHUP or the /reload API) could corrupt the DNS resolver configuration for running containers, causing intermittent name resolution failures. The fix ensures that DNS configuration is atomically updated during reloads. Network endpoint handling has also been improved, with POST /networks/{id}/connect now correctly applying the MacAddress field in EndpointSettings.
Related Articles
GitHub Expands Developer Platform with Actions Artifacts v5 and Copilot Extensions GA
GitHub has shipped Actions Artifacts v5 with immutable storage and artifact attestation for tamper-proof build outputs, alongside the general availability of Copilot Extensions that let third-party tools integrate directly into the Copilot chat experience. The platform also expanded GitHub Models with seven new providers.
GitHub Adds Dependabot Pre-Commit Support and 28 New Secret Scanning Detectors
GitHub has shipped two major supply chain security features: Dependabot now parses .pre-commit-config.yaml files and opens PRs to update hook versions, while secret scanning gains 28 new detectors from 15 providers including Snowflake, Supabase, and Vercel. Push protection is now enabled by default for 39 secret types.
GitLab Patches 15 Security Flaws Including Critical XSS in Markdown Processing
GitLab has released critical security patches in versions 18.9.2, 18.8.6, and 18.7.6 fixing 15 vulnerabilities, including a high-severity cross-site scripting flaw with a CVSS score of 8.7 that could enable session hijacking through crafted Markdown. Three additional high-severity denial-of-service bugs also received fixes.