Docker, a leading open-source platform for developing, shipping, and running applications within containers, has officially released Docker Engine 29, with a focus on modernization and alignment with the broader container ecosystem.
The most significant change is that the containerd image store now serves as the default for all new installations. This shift replaces Docker’s legacy graph driver backend for managing image layers. In fact, this is not surprising.
Containerd has long been at the heart of Docker’s runtime layer, but until now, Docker continued to rely on its own storage subsystem for image management. The adoption of the containerd image store simplifies Docker’s architecture by unifying execution and storage, reducing duplication, and aligning Docker Engine with platforms like Kubernetes, which already depend on containerd.
For users, this change brings the following benefits:
- Simplified design: Docker Engine now uses containerd for both runtime and storage.
- Improved interoperability: Aligns with containerd-based tools and workflows.
- Future innovation: Enables new features like snapshotter optimizations, lazy pulling, and peer-to-peer image distribution.
Existing installations will continue to use the current setup, but new users and fresh installations will automatically adopt the containerd image store.
Another noteworthy addition is experimental support for nftables. Until now, Docker Engine has relied on traditional iptables and ip6tables for managing bridge and overlay network rules. However, with Linux distributions gradually deprecating iptables, Docker is moving toward a more modern and efficient firewall framework.
When enabled, Docker Engine v29 can now create nftables rules directly rather than relying on translation through iptables-nft. Users can test nftables by starting Docker with:
dockerd --firewall-backend=nftablesCode language: Bash (bash)Keep in mind that this feature is still experimental and not yet recommended for production. Support for Docker Swarm and further nftables optimizations are planned for upcoming releases.
Under the hood, Docker’s Moby project—the open-source core behind Docker Engine—has migrated to Go modules, replacing its legacy dependency vendoring system.
At the same time, with Docker Engine v29, the minimum supported API version has been raised to 1.44, corresponding to Moby v25. This means that older Docker clients (v25 and below) will no longer be able to communicate with the latest Docker Engine by default.
Additionally, apart from the changes mentioned above, the new version includes tons of bug fixes and improvements. For details, see the full changelog or release notes for this edition. The official announcement is on Docker Blog.
Linux users running Docker can update to version 29 via their distribution’s repositories. Docker Desktop users will receive these changes automatically in upcoming updates to Docker Desktop.
