Docker Engine v29 makes containerd the default image store, raises API floor, moves Moby to Go modules

Key update

Docker Engine v29 (announced Nov 11, 2025) makes four practical, developer-facing changes: new installs use containerd’s image store by default (deprecating the legacy graph driver path), the minimum Engine API version is raised to 1.44 (Moby v25), the Moby codebase has migrated to Go modules (affecting Go import paths), and opt-in experimental nftables firewall support is available on Linux. Docker Desktop users are not required to take action immediately; these changes target Linux hosts running dockerd directly. (docker.com)

Why it matters

For teams running Docker Engine on Linux hosts or CI runners, new installs will behave differently at the image-layer level: containerd’s content store and snapshotter model enables features (lazy pulling, alternative snapshotters, remote/peer distribution) and aligns Docker Engine with Kubernetes and other containerd-based tooling, but it also means layer/content handling and tooling integrations should be validated during migration. The raised minimum API can break older clients and automated tooling that speak older Engine versions; maintainers should ensure CI agents, deployment tooling, and SDKs are updated or use the documented daemon overrides while they roll out upgrades. Go library consumers must update imports if they depend on the old github.com/docker/docker module path and switch to consuming github.com/moby/moby or follow the new guidance to stay current. The nftables backend changes firewall rule semantics (notably around DOCKER-USER) and is experimental now, so test carefully before enabling in production, particularly on hosts using firewalld or running Swarm (Swarm support for nftables is not ready). In short: test new installs in staging, update CI/agents and Go imports proactively, and opt into the migration path only after validating image handling and firewall behavior in your environment. (docker.com)

Source

• Source