{"id":10893,"date":"2025-03-01T10:09:44","date_gmt":"2025-03-01T17:09:44","guid":{"rendered":"https:\/\/jasonsblog.ddns.net\/?p=10893"},"modified":"2025-03-01T10:09:44","modified_gmt":"2025-03-01T17:09:44","slug":"docker-engine-28-strengthens-container-security","status":"publish","type":"post","link":"https:\/\/jasonsblog.ddns.net\/index.php\/2025\/03\/01\/docker-engine-28-strengthens-container-security\/","title":{"rendered":"Docker Engine 28 Strengthens Container Security"},"content":{"rendered":"\n

Interesting security improvement for Docker 28. Consequently, this blog as well as my SearxNG and Whoogle<\/a> privacy search proxies all run in Docker on this server. <\/p>\n\n\n\n

https:\/\/linuxiac.com\/docker-engine-28-strengthens-container-security\/<\/a><\/p>\n\n\n

<\/div><\/div><\/div>\n\n\n
Docker Engine 28 enhances security by blocking unpublished container ports from LAN access, reducing exposure risks.<\/h5>\n\n\n\n

By Bobby Borisov<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

Docker, a leading open-source platform for developing, shipping, and running applications inside containers, has officially rolled out Docker Engine 28, an update brimming with enhancements that lock down container networking by default.<\/p>\n\n\n\n

Previously, containers on Docker\u2019s default \u201cbridge\u201d network could be accessed if a user\u2019s host firewall was permissive. However, starting with Docker v28, these unpublished ports are blocked by default, effectively shutting the door to these local network exploits.<\/p>\n\n\n\n

Who might be affected? Upgrading to the new version will seamlessly improve security for most Docker users on a single machine. Docker Desktop users are not impacted since the internal networking there already includes protection for unpublished ports.<\/p>\n\n\n\n

Beyond the headline security updates, Docker Engine 28 brings several useful additions and improvements:<\/p>\n\n\n\n