Release Notes

WSL Containers (WSLC) is now in Public Preview

We're excited to announce that WSL Containers (WSLC) is now available in public preview. WSLC brings native Linux container support to WSL, letting you build, run, and manage containers directly through the new wslc command line tool and a fully projected SDK (C++, C#/WinRT).

Highlights of what's available in this preview:

• Container lifecycle: create, run, start, kill, export, prune, and inspect containers, with per-container resource limits (--cpus, --memory, --ulimit), --shm-size, and configurable stop signals.
• Images: build (with --label support), pull, push, import, save (including multiple images in a single tar), inspect, list/prune with filters, and multi-image delete.
• Networking: create and manage networks, attach containers to multiple networks, network aliases, container:<name|id> network mode, custom network types, port publishing, and network prune.
• Volumes: create, list, prune, and remove volumes, with VHD-backed volumes and Uid/Gid/Fixed driver options.
• GPU support: GPU-enabled containers with CDI, mounted GPU executables and libraries accessible to non-root users.
• Sessions: named sessions with a default session created on demand, configurable storage location, and a default of 32 GB session storage.
• SDK: a C++ and C#/WinRT projection of the WSLC API, shipped as NuGet packages, plus a documented plugin API.
• Tooling: wslc logs with --timestamps, --since, --until, and -n; container stats; structured CLI output with color; MSBuild and CMake build integration; and group policy (ADMX) support for management.

Bug Fixes

• Fixed a stuck systemctl poweroff that could block VM termination by @chemwolf6922 in #40866
• Fixed use-after-free issues in the virtiofs request worker thread by @OneBlue in #40792 and in WSLC container exec-process teardown by @yao-msft in #40822
• Fixed a potential init crash by catching exceptions in scope_exit reset by @OneBlue in #40691
• Fixed shared pointer circular reference leaks by @chemwolf6922 in #40480
• Fixed an IPv6 guest port reservation leak in Consomme (VirtioProxy) networking by @benhillis in #40803
• Fixed mirrored mode port tracking for implicit binds from accept() calls by @FetoiuCatalin in #40287 and denied guest binds to the host ephemeral port range in mirrored mode by @FetoiuCatalin in #40597
• Avoided a distro zombie state when WSL init dies in systemd mode by @chemwolf6922 in #40433
• Protected binfmt_misc from a cross-distro wipe at shutdown by @benhillis in #40621
• Fixed incorrect wslpath translation of \\wsl.localhost when the current distro name is a subset of the target distro name by @OneBlue in #40687
• Fixed CreateInstance failure when the Windows hosts file exceeds the message size cap by @benhillis in #40718
• Fixed various initial tty sizing issues and added test coverage by @OneBlue in #40722
• Improved virtiofs and VirtioProxy performance with a per-device SWIOTLB pool by @benhillis in #40654

Fixes and Improvements

• Renamed the VirtioProxy networking mode to Consomme by @benhillis in #40873
• Updated VM termination logic to enforce timeouts and avoid hanging when init is stuck by @OneBlue in #40431
• Improved DNS tunneling reliability and VirtioNet tracing by @benhillis in #40430 and @damanm24 in #40446
• Avoided std::terminate in the Plan9 FsUserContext destructor by @benhillis in #40417
• Hardened VHD attach/restore by impersonating the mounting user, fixing a TOCTOU by @benhillis in #40782
• Fixed MoveDistribution failing with E_ACCESSDENIED when setting the VHD owner under impersonation by @benhillis in #40717
• Downgraded the system integrity-level impersonation token to high by @Brian-Perkins in #40447

Security

• Updated the .NET runtime to 10.0.9 (CVE-2026-45491).
• Updated MSRDC to 1.2.7214 (CVE-2026-32157).

Full Changelog: 2.7.10...2.9.3