Docker Engine v25 — BuildKit ulimit change, OpenTelemetry, and CDI device support
Key update
Docker Engine v25 (Engine v25.0) introduces several operational changes and new features with immediate practical impact: the daemon now honors systemd's default LimitNOFILE for BuildKit-created build containers (previously set to infinity), OpenTelemetry tracing is built in, Container Device Interface (CDI) device support was added for Linux, and there are build/daemon usability additions (recursive read-only mounts, a new --log-format for dockerd, image filtering by timestamp, etc.). (docs.docker.com)
Why it matters
This release affects real-world developer workflows and CI pipelines. The systemd LimitNOFILE change can change file-descriptor availability inside BuildKit builds — causing surprising memory/behavior shifts or failures in environments that relied on the prior unlimited setting; you should validate builds and, if necessary, set a systemd drop-in or revert limits for build services. Built-in OpenTelemetry makes it straightforward to collect daemon-level traces/metrics without custom wrappers, improving observability for flaky builds and runtime debugging. CDI device support simplifies passing specialized hardware (GPUs, accelerators) into builds/containers on Linux, which matters for ML/edge workloads. Overall: test CI and local builds against v25, add monitoring for file-descriptor and memory behavior, and opt into OpenTelemetry/CDI only after confirming config and security policies. (docs.docker.com)
Source
Read Next
Node.js v25 scheduled for 2025‑10‑15 — semver‑major release imminent
September 30, 2025Node.js v25 is scheduled for October 15, 2025 (commit cutoff 2025‑09‑15). Teams should run CI against the new major, validate native modules, and prepare canary deployments.
Azure Functions Proxies: community support ends 2025‑09‑30 — migrate off Proxies now
September 29, 2025Azure announced Azure Functions Proxies will be unsupported after 2025‑09‑30; teams still using Proxies must inventory and migrate to a supported API surface (APIM, Front Door, or a lightweight reverse proxy) immediately.
NodeShield: runtime SBOM enforcement (CBOM) for Node.js limits supply‑chain attacks with negligible overhead
September 28, 2025A new paper introduces NodeShield, a runtime enforcement system that uses SBOMs extended with per‑dependency capabilities (CBOM) to prevent supply‑chain abuses in Node.js with ~98% effectiveness and <1ms overhead.