Why This Release Deserves Your Attention
Docker Desktop has been evolving on a fast cadence, but version 4.42—shipped on 6 June 2025, with the hot‑fix 4.42.1 landing twelve days later—marks the most ambitious leap the product has taken since the switch to the new Docker Engine 28 line. The headline additions—first‑class IPv6 networking, an embedded Model‑Client‑Protocol (MCP) toolkit, upgraded AI workflows, and a raft of security hardening—touch every stage of the container development lifecycle. They also coincide with a surge in enterprise interest in both dual‑stack networking and local‑first large‑language‑model experimentation, making 4.42 much more than a routine point upgrade.
At the same time, early adopters—especially macOS users—have reported regressions around proxy handling, port‑binding, and io_uring syscall support. Docker’s decision to rush out 4.42.1 and begin work on 4.43 in parallel underscores both the size of the feature set and the importance of cautious rollout.
Native IPv6 Networking: Future‑Proofing Container Connectivity
For years, Docker Desktop lagged behind Linux server deployments that had already embraced IPv6, forcing developers to test in dual‑stack or IPv4‑only simulation modes. Version 4.42 finally removes that gap. The new network panel lets you pick dual‑stack, IPv4‑only, or IPv6‑only defaults; under the hood Docker now filters DNS responses so containers never attempt to connect over an unsupported protocol family, eliminating the half‑second “AAAA fallback” delay that used to plague IPv4‑only VPNs.
Administrators can lock the setting through the Admin Console or a centrally‑managed admin‑settings.json, ensuring fleet‑wide consistency even when individual developers tweak their local preferences. Because Docker rewrote its port‑mapping layer to fully understand 128‑bit addresses, existing compose files that publish ::80 will continue to work while gaining the option to expose services on IPv6‑only subnets. For organisations running Kubernetes clusters with Calico or Cilium in pure‑IPv6 mode, 4.42 means developers can finally reproduce production‑grade networking behaviour on their laptops without resorting to custom daemons.
MCP Toolkit and AI Workflow Upgrades
If IPv6 is about plumbing, the MCP Toolkit is about productivity. Docker introduced the Model‑Context‑Protocol last year so that GUI tools, command‑line clients, and autonomous agents could all invoke the same micro‑services—think GitHub issue fetchers, Vault secret injectors, or custom vector‑database indexes—without bespoke glue code. Building on that, 4.42 bundles more than one hundred MCP “servers” inside signed, sandboxed containers that start with a click in the Desktop dashboard or a terse docker mcp start github on the CLI.
The integration shines when paired with Docker’s AI assistant, Gordon. Because Gordon now calls MCP servers directly, you can ask, “Show me open Jira tickets labelled network and generate a Mermaid diagram of dependencies,” and receive a composed answer that hops safely between corporate APIs, the local LLM, and the Docker dashboard. Meanwhile, the Model Runner GUI gains a three‑tab interface—Local, Docker Hub, and Logs—and Windows‑on‑Qualcomm support. The complementary docker model package command converts GGUF‑format weights into OCI images, so you can push a fine‑tuned Mistral model to a private registry and pull it unchanged into your on‑prem inference cluster.
Taken together, the MCP Toolkit and Model Runner reposition Docker Desktop as more than a container simulator; it becomes a hub where code, infrastructure, and AI tooling converge behind a single security boundary.
Security Hardening and System‑Level Changes
Security teams will welcome the return of seccomp filters as the default runtime profile after they were temporarily relaxed during the 4.38–4.41 cycle. Containers now lose io_uring by default, closing off a high‑performance but complex kernel interface that has seen a steady trickle of privilege‑escalation CVEs. Developers who need ultra‑low‑latency I/O—for example when benchmarking MariaDB 11.8—can opt back in with --security-opt seccomp=unconfined, but Docker’s forum threads confirm that doing so remains unsupported on macOS until the Desktop VM regains eBPF support later this summer.
The base engine moves to 28.2.2, bringing user‑namespace enhancements and overlay2 performance tweaks, while Buildx 0.24 and Compose 2.36.2 align schema support with Compose Bridge so that multi‑architecture builds work consistently across local and cloud builders. GPU users get NVIDIA Toolkit 1.17.7, whose Vulkan interceptors sidestep a long‑standing crash on Windows Insider kernels.
Less visible, but no less important, is Desktop’s new willingness to accept X.509 certificates with negative serial numbers—handy for legacy private PKIs—and the decision to mask sensitive host variables from diagnostics after CVE‑2025‑6587. Security scanners like Docker Scout receive a minor version bump, but the real win lies in the stricter runtime defaults that narrow the attack surface out‑of‑the‑box.
4.42.1 and Community Feedback
Every major release brings edge‑cases; 4.42 delivered several. macOS users on corporate laptops discovered that Desktop’s proxy autodetection clashed with MDM‑enforced settings, triggering curl error 35: SSL_ERROR_SYSCALL in containers and, eventually, daemon hangs. A Reddit thread amassed a list of workarounds—chief among them disabling automatic proxy discovery—but many simply rolled back to 4.41.2 while waiting for a patch.
Docker’s response was swift. Version 4.42.1 fixed the proxy‑null‑route bug, patched a port‑expose race, and disabled Resource Saver for WSL 2 to eliminate frozen Bash prompts on Windows. It also re‑enabled io_uring via an eBPF tweak on macOS and ironed out a container‑listing glitch in the GUI.
Still, not all issues are resolved. GitHub issue #7712 tracks a devcontainer hang that persists in 4.42.1, and JetBrains has flagged broken DevContainer support across IntelliJ‑based IDEs pending a Compose update. If your workflow leans heavily on VS Code’s Remote – Containers or JetBrains Gateway, staging is prudent.
Should You Upgrade?
For teams whose production fleet already runs IPv6—or who are building GenAI features that rely on on‑device model execution—Docker Desktop 4.42 is compelling. The networking stack finally mirrors modern data‑centres, and the MCP‑driven AI integrations collapse what used to be a sprawl of extensions, bash scripts, and ad‑hoc containers into a first‑class workflow.
Yet the release’s breadth means upgrade risk is real. The safest approach is ring‑based deployment. Begin with a handful of volunteer developers on non‑critical workstations. Verify that seccomp doesn’t block performance‑sensitive workloads and that any internal CA certificates still validate. If you run macOS under stringent proxy policies, keep a downgrade path to 4.41.2 and monitor Docker’s GitHub issues for new patches. Once Docker Desktop 4.42.1—or 4.42.2 if it lands—survives a full sprint without regressions, expand to CI agents, then the wider developer base.
Where Model Runner and docker model package are concerned, remember that registry size and network egress can swell rapidly when images carry multi‑gigabyte weights. Establish storage quotas and rely on Docker Hub’s lifetime image pruning or an internal Harbor registry to keep artefact sprawl in check. For GPU clusters, pin NVIDIA drivers to versions certified with Toolkit 1.17.7 or later to avoid runtime mismatches.
Final Thoughts
Docker Desktop 4.42 signals where the platform is headed: a unified experience where containerisation, AI, and secure supply‑chain tooling converge. Native IPv6 closes a lingering functionality gap; MCP integration and model packaging extend Docker’s reach into agentic AI; and the return to stricter seccomp defaults reaffirms a “secure by default” stance. Provided you budget time for validation—and patch promptly to 4.42.1 or newer—this release offers tangible gains that developers will feel day‑to‑day and that ops teams will appreciate in reduced workaround overhead. In short, 4.42 is the version that turns Docker Desktop from a handy local runtime into a forward‑looking platform ready for the dual challenges of IPv6 adoption and on‑premises AI experimentation.