Releases: containers/podman
Releases · containers/podman
v5.3.0
Features
- The
podman kube generate
andpodman kube play
commands can now create and run Kubernetes Job YAML (#17011). - The
podman kube generate
command now includes information on the user namespaces for pods and containers in generated YAML. Thepodman kube play
command uses this information to duplicate the user namespace configuration when creating new pods based on the YAML. - The
podman kube play
command now supports Kubernetes volumes of type image (#23775). - The service name of systemd units generated by Quadlet can now be set with the
ServiceName
key in all supported Quadlet files (#23414). - Quadlets can now disable their implicit dependency on
network-online.target
via a new key,DefaultDependencies
, supported by all Quadlet files (#24193). - Quadlet
.container
and.pod
files now support a new key,AddHost
, to add hosts to the container or pod. - The
PublishPort
key in Quadlet.container
and.pod
files can now accept variables in its value (#24081). - Quadlet
.container
files now support two new keys,CgroupsMode
andStartWithPod
, to configure cgroups for the container and whether the container will be started with the pod it is part of (#23664 and #24401). - Quadlet
.container
files can now use the network of another container by specifying the.container
file of the container to share with in theNetwork
key. - Quadlet
.container
files can now mount images managed by.image
files into the container by using theMount=type=image
key with a.image
target. - Quadlet
.pod
files now support six new keys,DNS
,DNSOption
,DNSSearch
,IP
,IP6
, andUserNS
, to configure DNS, static IPs, and user namespace settings for the pod (#23692). - Quadlet
.image
files can now give an image multiple times by specifying theImageTag
key multiple times (#23781). - Quadlets can now be placed in the
/run/containers/systemd
directory as well as existing directories like$HOME/containers/systemd
and/etc/containers/systemd/users
. - Quadlet now properly handles subdirectories of a unit directory being a symlink (#23755).
- The
podman manifest inspect
command now includes the manifest's annotations in its output. - The output of the
podman inspect
command for containers now includes a new field,HostConfig.AutoRemoveImage
, which shows whether a container was created with the--rmi
option set. - The output of the
podman inspect
command for containers now includes a new field,Config.ExposedPorts
, which includes all exposed ports from the container, improving Docker compatibility. - The output of the
podman inspect
command for containers now includes a new field,Config.StartupHealthCheck
, which shows the container's startup healthcheck configuration. - The output of the
podman inspect
command for containers now includes a new field inMounts
,SubPath
, which contains any subpath set for image or named volumes. - The
podman machine list
command now supports a new option,--all-providers
, which lists machines from all supported VM providers, not just the one currently in use. - VMs run by
podman machine
on Windows will now provide API access by exposing a Unix socket on the host filesystem which forwards into the VM (#23408). - The
podman buildx prune
andpodman image prune
commands now support a new option,--build-cache
, which will also clean the build cache. - The Windows installer has a new radio button to select virtualization provider (WSLv2 or Hyper-V).
- The
--add-host
option topodman create
,podman run
, andpodman pod create
now supports specifying multiple hostnames, semicolon-separated (e.g.podman run --add-host test1;test2:192.168.1.1
) (#23770). - The
podman run
andpodman create
commands now support three new options for configuring healthcheck logging:--health-log-destination
(specify where logs are stored),--health-max-log-count
(specify how many healthchecks worth of logs are stored), and--health-max-log-size
(specify the maximum size of the healthcheck log).
Changes
- Podman now uses the Pasta
--map-guest-addr
option by default which is used for thehost.containers.internal
entry in/etc/hosts
to allow containers to reach the host by default (#19213). - The names of the infra containers of pods created by Quadlet are changed to the pod name suffixed with
-infra
(#23665). - The
podman system connection add
command now respects HTTP path prefixes specified withtcp://
URLs. - Proxy environment variables (e.g.
https_proxy
) declared incontainers.conf
no longer escape special characters in their values when used withpodman machine
VMs (#23277). - The
podman images --sort=repository
command now also sorts by image tag as well, guaranteeing deterministic output ordering (#23803). - When a user has a rootless
podman machine
VM running and second rootfulpodman machine
VM initialized, and the rootless VM is removed, the connection to the second, rootful machine now becomes the default as expected (#22577). - Environment variable secrets are no longer contained in the output of
podman inspect
on a container the secret is used in (#23788). - Podman no longer exits 0 on SIGTERM by default.
- Podman no longer explicitly sets rlimits to their default value, as this could lower the actual value available to containers if it had been set higher previously.
- Quadlet user units now correctly wait for the network to be ready to use via a new service,
podman-user-wait-network-online.service
, instead of the user session's nonfunctionalnetwork-online.target
. - Exposed ports in the output of
podman ps
are now correctly grouped and deduplicated when they are also published (#23317). - Quadlet build units no longer use
RemainAfterExit=yes
by default.
Bugfixes
- Fixed a bug where the
--build-context
option topodman build
did not function properly on Windows, breaking compatibility with Visual Studio Dev Containers (#17313). - Fixed a bug where Quadlet would generate bad arguments to Podman if the
SecurityLabelDisable
orSecurityLabelNested
keys were used (#23432). - Fixed a bug where the
PODMAN_COMPOSE_WARNING_LOGS
environment variable did not suppress warnings printed bypodman compose
that it was redirecting to an external provider. - Fixed a bug where, if the
podman container cleanup
command was run on a container in the process of being removed, an error could be printed. - Fixed a bug where rootless Quadlet units placed in
/etc/containers/systemd/users/
would be loaded for root as well when/etc/containers/systemd
was a symlink (#23483). - Fixed a bug where the remote Podman client's
podman stop
command would, if called with--cidfile
pointing to a non-existent file and the--ignore
option set, stop all containers (#23554). - Fixed a bug where the
podman wait
would only exit only after 20 second when run on a container which rapidly exits and is then restarted by theon-failure
restart policy. - Fixed a bug where
podman volume rm
andpodman run -v
could deadlock when run simultaneously on the same volume (#23613). - Fixed a bug where running
podman mount
on a container in the process of being created could cause a nonsensical error indicating the container already existed (#23637). - Fixed a bug where the
podman stop
command could deadlock when run on containers with very large annotations (#22246). - Fixed a bug where the
podman machine stop
command could segfault on Mac when a VM failed to stop gracefully (#23654). - Fixed a bug where the
podman stop
command would not ensure containers created with--rm
were removed when it exited (#22852). - Fixed a bug where the
--rmi
option topodman run
did not function correctly with detached containers. - Fixed a bug where running
podman inspect
on a container on FreeBSD would emit an incorrect value for theHostConfig.Device
field, breaking compatibility with the Ansible Podman module. - Fixed a bug where rootless Podman could fail to start containers using the
--cgroup-parent
option (#23780). - Fixed a bug where the
podman build -v
command did not properly handle Windows paths passed as the host directory. - Fixed a bug where Podman could leak network namespace files if it was interrupted while creating a network namespace (#24044).
- ...
v5.3.0-RC3
Features
- The
podman kube generate
andpodman kube play
commands can now create and run Kubernetes Job YAML (#17011). - The
podman kube generate
command now includes information on the user namespaces for pods and containers in generated YAML. Thepodman kube play
command uses this information to duplicate the user namespace configuration when creating new pods based on the YAML. - The
podman kube play
command now supports Kubernetes volumes of type image (#23775). - The service name of systemd units generated by Quadlet can now be set with the
ServiceName
key in all supported Quadlet files (#23414). - Quadlets can now disable their implicit dependency on
network-online.target
via a new key,DefaultDependencies
, supported by all Quadlet files (#24193). - Quadlet
.container
and.pod
files now support a new key,AddHost
, to add hosts to the container or pod. - The
PublishPort
key in Quadlet.container
and.pod
files can now accept variables in its value (#24081). - Quadlet
.container
files now support two new keys,CgroupsMode
andStartWithPod
, to configure cgroups for the container and whether the container will be started with the pod it is part of ([#23664](htt
ps://github.com//issues/23664) and #24401). - Quadlet
.container
files can now use the network of another container by specifying the.container
file of the container to share with in theNetwork
key. - Quadlet
.container
files can now mount images managed by.image
files into the container by using theMount=type=image
key with a.image
target. - Quadlet
.pod
files now support six new keys,DNS
,DNSOption
,DNSSearch
,IP
,IP6
, andUserNS
, to configure DNS, static IPs, and user namespace settings for the pod ([#23692](https://github.com/co\
ntainers/podman/issues/23692)). - Quadlet
.image
files can now give an image multiple times by specifying theImageTag
key multiple times (#23781). - Quadlets can now be placed in the
/run/containers/systemd
directory as well as existing directories like$HOME/containers/systemd
and/etc/containers/systemd/users
. - Quadlet now properly handles subdirectories of a unit directory being a symlink (#23755).
- The
podman manifest inspect
command now includes the manifest's annotations in its output. - The output of the
podman inspect
command for containers now includes a new field,HostConfig.AutoRemoveImage
, which shows whether a container was created with the--rmi
option set. - The output of the
podman inspect
command for containers now includes a new field,Config.ExposedPorts
, which includes all exposed ports from the container, improving Docker compatibility. - The output of the
podman inspect
command for containers now includes a new field,Config.StartupHealthCheck
, which shows the container's startup healthcheck configuration. - The
podman machine list
command now supports a new option,--all-providers
, which lists machines from all supported VM providers, not just the one currently in use. - VMs run by
podman machine
on Windows will now provide API access by exposing a Unix socket on the host filesystem which forwards into the VM (#23408). - The
podman buildx prune
andpodman image prune
commands now support a new option,--build-cache
, which will also clean the build cache. - The Windows installer has a new radio button to select virtualization provider (WSLv2 or Hyper-V).
- The
--add-host
option topodman create
,podman run
, andpodman pod create
now supports specifying multiple hostnames, semicolon-separated (e.g.podman run --add-host test1;test2:192.168.1.1
) (#2377
0). - The
podman run
andpodman create
commands now support three new options for configuring healthcheck logging:--health-log-destination
(specify where logs are stored),--health-max-log-count
(specify how many healthchecks worth of logs are stored), and--health-max-log-size
(specify the maximum size of the healthcheck log).
Changes
- Podman now uses the Pasta
--map-guest-addr
option by default which is used for thehost.containers.internal
entry in/etc/hosts
to allow containers to reach the host by default (#19213). - The names of the infra containers of pods created by Quadlet are changed to the pod name suffixed with
-infra
(#23665). - The
podman system connection add
command now respects HTTP path prefixes specified withtcp://
URLs. - Proxy environment variables (e.g.
https_proxy
) declared incontainers.conf
no longer escape special characters in their values when used withpodman machine
VMs ([#23277](https://github.com/containers/p\
odman/issues/23277)). - The
podman images --sort=repository
command now also sorts by image tag as well, guaranteeing deterministic output ordering (#23803). - When a user has a rootless
podman machine
VM running and second rootfulpodman machine
VM initialized, and the rootless VM is removed, the connection to the second, rootful machine now becomes the default as expected (#22577). - Environment variable secrets are no longer contained in the output of
podman inspect
on a container the secret is used in (#23788). - Podman no longer exits 0 on SIGTERM by default.
- Podman no longer explicitly sets rlimits to their default value, as this could lower the actual value available to containers if it had been set higher previously.
- Quadlet user units now correctly wait for the network to be ready to use via a new service,
podman-user-wait-network-online.service
, instead of the user session's nonfunctionalnetwork-online.target
. - Exposed ports in the output of
podman ps
are now correctly grouped and deduplicated when they are also published (#23317). - Quadlet build units no longer use
RemainAfterExit=yes
by default.
Bugfixes
- Fixed a bug where the
--build-context
option topodman build
did not function properly on Windows, breaking compatibility with Visual Studio Dev Containers (#17313). - Fixed a bug where Quadlet would generate bad arguments to Podman if the
SecurityLabelDisable
orSecurityLabelNested
keys were used (#23432). - Fixed a bug where the
PODMAN_COMPOSE_WARNING_LOGS
environment variable did not suppress warnings printed bypodman compose
that it was redirecting to an external provider. - Fixed a bug where, if the
podman container cleanup
command was run on a container in the process of being removed, an error could be printed. - Fixed a bug where rootless Quadlet units placed in
/etc/containers/systemd/users/
would be loaded for root as well when/etc/containers/systemd
was a symlink (#23483). - Fixed a bug where the remote Podman client's
podman stop
command would, if called with--cidfile
pointing to a non-existent file and the--ignore
option set, stop all containers (#23554). - Fixed a bug where the
podman wait
would only exit only after 20 second when run on a container which rapidly exits and is then restarted by theon-failure
restart policy. - Fixed a bug where
podman volume rm
andpodman run -v
could deadlock when run simultaneously on the same volume (#23613). - Fixed a bug where running
podman mount
on a container in the process of being created could cause a nonsensical error indicating the container already existed (#23637). - Fixed a bug where the
podman stop
command could deadlock when run on containers with very large annotations (#22246). - Fixed a bug where the
podman machine stop
command could segfault on Mac when a VM failed to stop gracefully (#23654). - Fixed a bug where the
podman stop
command would not ensure containers created with--rm
were removed when it exited (#22852). - Fixed a bug where the
--rmi
option topodman run
did not function correctly with detached containers. - Fixed a bug where running
podman inspect
on a container on FreeBSD would emit an incorrect value for theHostConfig.Device
field, breaking compatibility with the Ansible Podman module. - Fixed a bug where rootless Podman could fail to start containers using the
--cgroup-parent
option (#23780). - Fixed a bug where the
podman build -v
command did not properly handle Windows paths passed as the host directory. - Fixed a bug where Podman could leak network namespace files if it was interrupted while creating a network namespace (#24044).
- Fixed a bug where the remote Podman client's
podman run
command could sometimes fail to retrieve a container's exit code for containers run with the--rm
...
v5.3.0-RC2
This is the second release candidate for Podman v5.3.0. Preliminary release notes are below.
Features
- The
podman kube generate
andpodman kube play
commands can now create and run Kubernetes Job YAML (#17011). - The
podman kube generate
command now includes information on the user namespaces for pods and containers in generated YAML. Thepodman kube play
command uses this information to duplicate the user namespace configuration when creating new pods based on the YAML. - The
podman kube play
command now supports Kubernetes volumes of type image (#23775). - The service name of systemd units generated by Quadlet can now be set with the
ServiceName
key in all supported Quadlet files (#23414). - Quadlets can now disable their implicit dependency on
network-online.target
via a new key,DefaultDependencies
, supported by all Quadlet files (#24193). - Quadlet
.container
and.pod
files now support a new key,AddHost
, to add hosts to the container or pod. - The
PublishPort
key in Quadlet.container
and.pod
files can now accept variables in its value (#24081). - Quadlet
.container
files now support a new key,CgroupsMode
, to configure cgroups for the container (#23664). - Quadlet
.container
files can now use the network of another container by specifying the.container
file of the container to share with in theNetwork
key. - Quadlet
.pod
files now support six new keys,DNS
,DNSOption
,DNSSearch
,IP
,IP6
, andUserNS
, to configure DNS, static IPs, and user namespace settings for the pod (#23692). - Quadlet
.image
files can now give an image multiple times by specifying theImageTag
key multiple times (#23781). - Quadlets can now be placed in the
/run/containers/systemd
directory as well as existing directories like$HOME/containers/systemd
and/etc/containers/systemd/users
. - Quadlet now properly handles subdirectories of a unit directory being a symlink (#23755).
- The
podman manifest inspect
command now includes the manifest's annotations in its output. - The output of the
podman inspect
command for containers now includes a new field,HostConfig.AutoRemoveImage
, which shows whether a container was created with the--rmi
option set. - The output of the
podman inspect
command for containers now includes a new field,Config.ExposedPorts
, which includes all exposed ports from the container, improving Docker compatibility. - The output of the
podman inspect
command for containers now includes a new field,Config.StartupHealthCheck
, which shows the container's startup healthcheck configuration. - The
podman machine list
command now supports a new option,--all-providers
, which lists machines from all supported VM providers, not just the one currently in use. - VMs run by
podman machine
on Windows will now provide API access by exposing a Unix socket on the host filesystem which forwards into the VM (#23408). - The
podman buildx prune
andpodman image prune
commands now support a new option,--build-cache
, which will also clean the build cache. - The Windows installer has a new radio button to select virtualization provider (WSLv2 or Hyper-V).
- The
--add-host
option topodman create
,podman run
, andpodman pod create
now supports specifying multiple hostnames, semicolon-separated (e.g.podman run --add-host test1;test2:192.168.1.1
) (#23770). - The
podman run
andpodman create
commands now support three new options for configuring healthcheck logging:--health-log-destination
(specify where logs are stored),--health-max-log-count
(specify how many healthchecks worth of logs are stored), and--health-max-log-size
(specify the maximum size of the healthcheck log).
Changes
- Podman now uses the Pasta
--map-guest-addr
option by default which is used for thehost.containers.internal
entry in/etc/hosts
to allow containers to reach the host by default (#19213). - The names of the infra containers of pods created by Quadlet are changed to the pod name suffixed with
-infra
(#23665). - The
podman system connection add
command now respects HTTP path prefixes specified withtcp://
URLs. - Proxy environment variables (e.g.
https_proxy
) declared incontainers.conf
no longer escape special characters in their values when used withpodman machine
VMs (#23277). - The
podman images --sort=repository
command now also sorts by image tag as well, guaranteeing deterministic output ordering (#23803). - When a user has a rootless
podman machine
VM running and second rootfulpodman machine
VM initialized, and the rootless VM is removed, the connection to the second, rootful machine now becomes the default as expected (#22577). - Environment variable secrets are no longer contained in the output of
podman inspect
on a container the secret is used in (#23788). - Podman no longer exits 0 on SIGTERM by default.
- Podman no longer explicitly sets rlimits to their default value, as this could lower the actual value available to containers if it had been set higher previously.
- Quadlet user units now correctly wait for the network to be ready to use via a new service,
podman-user-wait-network-online.service
, instead of the user session's nonfunctionalnetwork-online.target
. - Exposed ports in the output of
podman ps
are now correctly grouped and deduplicated when they are also published (#23317).
Bugfixes
- Fixed a bug where the
--build-context
option topodman build
did not function properly on Windows, breaking compatibility with Visual Studio Dev Containers (#17313). - Fixed a bug where Quadlet would generate bad arguments to Podman if the
SecurityLabelDisable
orSecurityLabelNested
keys were used (#23432). - Fixed a bug where the
PODMAN_COMPOSE_WARNING_LOGS
environment variable did not suppress warnings printed bypodman compose
that it was redirecting to an external provider. - Fixed a bug where, if the
podman container cleanup
command was run on a container in the process of being removed, an error could be printed. - Fixed a bug where rootless Quadlet units placed in
/etc/containers/systemd/users/
would be loaded for root as well when/etc/containers/systemd
was a symlink (#23483). - Fixed a bug where the remote Podman client's
podman stop
command would, if called with--cidfile
pointing to a non-existent file and the--ignore
option set, stop all containers (#23554). - Fixed a bug where the
podman wait
would only exit only after 20 second when run on a container which rapidly exits and is then restarted by theon-failure
restart policy. - Fixed a bug where
podman volume rm
andpodman run -v
could deadlock when run simultaneously on the same volume (#23613). - Fixed a bug where running
podman mount
on a container in the process of being created could cause a nonsensical error indicating the container already existed (#23637). - Fixed a bug where the
podman stop
command could deadlock when run on containers with very large annotations (#22246). - Fixed a bug where the
podman machine stop
command could segfault on Mac when a VM failed to stop gracefully (#23654). - Fixed a bug where the
podman stop
command would not ensure containers created with--rm
were removed when it exited (#22852). - Fixed a bug where the
--rmi
option topodman run
did not function correctly with detached containers. - Fixed a bug where running
podman inspect
on a container on FreeBSD would emit an incorrect value for theHostConfig.Device
field, breaking compatibility with the Ansible Podman module. - Fixed a bug where rootless Podman could fail to start containers using the
--cgroup-parent
option (#23780). - Fixed a bug where the
podman build -v
command did not properly handle Windows paths passed as the host directory. - Fixed a bug where Podman could leak network namespace files if it was interrupted while creating a network namespace (#24044).
- Fixed a bug where the remote Podman client's
podman run
command could sometimes fail to retrieve a container's exit code for containers run with the--rm
option. - Fixed a bug where
podman machine
on Windows could fail to run VMs for certain usernames containing special characters. - Fixed a bug where Quadlet would reject
RemapUsers=keep-id
when run as root. - Fixed a bug where XFS quotas on volumes were not unique, meaning that all volumes...
v5.3.0-RC1
This is the first release candidate of Podman v5.3.0. Release notes will be provided next week in Podman v5.3.0-rc2.
v5.2.5
Security
- This release addresses CVE-2024-9675, which allows arbitrary access to the host filesystem from
RUN --mount type=cache
arguments to a Dockerfile being built. - This release also addresses CVE-2024-9676, which allows malicious images with a symlink
/etc/passwd
or/etc/group
to potentially cause a denial of service through reading a FIFO on the host.
Misc
- Updated Buildah to v1.37.5
- Updated the containers/storage library to v1.55.1
v5.2.4
Security
- This release addresses CVE-2024-9407, which allows arbitrary access to the host filesystem from
RUN --mount
arguments to a Dockerfile being built. - This release also addresses CVE-2024-9341, allowing the mounting of arbitrary directories from the host into containers on FIPS enabled systems using a malicious image with crafted symlinks.
Misc
- Updated Buildah to v1.37.4
- Updated the containers/common library to v0.60.4
v5.2.3
Bugfixes
- Fixed a bug that could cause network namespaces to fail to unmount, resulting in Podman commands hanging.
- Fixed a bug where Podman could not run images which included SCTP exposed ports.
- Fixed a bug where containers run by the root user, but inside a user namespace (including inside a container), could not use the
pasta
network mode. - Fixed a bug where volume copy-up did not properly chown empty volumes when the
:idmap
mount option was used.
Misc
- Updated Buildah to v1.37.3
v5.2.2
v5.2.1
Bugfixes
- Fixed a bug where Podman could sometimes save an incorrect container state to the database, which could cause a number of issues including but not limited to attempting to clean up containers twice (#21569).
Misc
- Updated Buildah to v1.37.1
- Updated the containers/common library to v0.60.1
- Updated the containers/image library to v5.32.1
v5.2.0
Features
- Podman now supports
libkrun
as a backend for creating virtual machines on MacOS. Thelibkrun
backend has the advantage of allowing GPUs to be mounted into the virtual machine to accelerate tasks. The default backend remainsapplehv
. - Quadlet now has support for
.build
files, which allows images to be built by Quadlet and then used by Quadlet containers. - Quadlet
.container
files now support two new fields,LogOpt
to specify container logging configuration andStopSignal
to specify container stop signal (#23050). - Quadlet
.container
and.pod
files now support a new field,NetworkAlias
, to add network aliases. - Quadlet drop-in search paths have been expanded to include top-level type drop-ins (
container.d
,pod.d
) and truncated unit drop-ins (unit-.container.d
) (#23158). - Podman now supports a new command,
podman system check
, which will identify (and, if possible, correct) corruption within local container storage. - The
podman machine reset
command will now reset all providers available on the current operating system (e.g. ensuring that both HyperV and WSLpodman machine
VMs will be removed on Windows).
Changes
- Podman now requires the new kernel mount API, introducing a dependency on Linux Kernel v5.2 or higher.
- Quadlet
.image
units now have a dependency onnetwork-online.target
(#21873). - The
--device
option topodman create
andpodman run
is no longer ignored when--privileged
is also specified (#23132). - The
podman start
andpodman stop
commands no longer print the full ID of the pod started/stopped, but instead the user's input used to specify the pod (e.g.podman pod start b
will printb
instead of the pod's full ID) (#22590). - Virtual machines created by
podman machine
on Linux now usevirtiofs
instead of9p
for mounting host filesystems. Existing mounts will be transparently changed on machine restart or recreation. This should improve performance and reliability of host mounts. This requires the installation ofvirtiofsd
on the host system to function. - Using both the
--squash
and--layers=false
options topodman build
at the same time is now allowed. - Podman now passes container's stop timeout to systemd when creating cgroups, causing it to be honored when systemd stops the scope. This should prevent hangs on system shutdown due to running Podman containers.
- The
--volume-driver
option topodman machine init
is now deprecated.
Bugfixes
- Fixed a bug where rootless containers created with the
--sdnotify=healthy
option could panic when started (#22651). - Fixed a bug where containers created with the
--sdnotify=healthy
option that exited quickly would sometimes return an error instead of notifying that the container was ready (#22760). - Fixed a bug where the
podman system reset
command did not remove the containers/image blob cache (#22825). - Fixed a bug where Podman would sometimes create a cgroup for itself even when the
--cgroups=disabled
option was specified at container creation time (#20910). - Fixed a bug where the
/etc/hosts
file in a container was not created with a newline at the end of the file (#22729). - Fixed a bug where the
podman start
command could sometimes panic when starting a container in the stopped state. - Fixed a bug where the
podman system renumber
command would fail if volumes existed when using thesqlite
database backend (#23052). - Fixed a bug where the
podman container restore
command could not successfully restore a container in a pod. - Fixed a bug where an error message from
podman diff
would suggest using the--latest
option when using the remote Podman client (#23038). - Fixed a bug where user could assign more memory to a Podman machine than existed on the host (#18206).
- Fixed a bug where the
podman events
command was rarely unable to report errors that occurred (#23165). - Fixed a bug where containers run in systemd units would sometimes not be removed correctly on exit when using the
--cidfile
option. - Fixed a bug where the first Podman command run after a reboot could cause hang when using transient mode (#22984).
- Fixed a bug where Podman could throw errors about a database configuration mismatch if certain paths did not exist on the host.
- Fixed a bug where the
podman run
andpodman start
commands could throw strange errors if another Podman process stopped the container at a midpoint in the process of starting (#23246). - Fixed a bug where the
podman system service
command could leak a mount on termination. - Fixed a bug where the Podman remote client would panic if an invalid image filter was passed to
podman images
(#23120). - Fixed a bug where the
podman auto-update
andpodman system df
commands could fail when a container was removed while the command was running (#23279). - Fixed a bug where the
podman machine init
command could panic when trying to decompress an empty file when preparing the VM image (#23281). - Fixed a bug where the
podman ps --pod
andpodman pod stats
commands could sometimes fail when a pod was removed while the command was running (#23282). - Fixed a bug where the
podman stats
andpodman pod stats
commands would sometimes exit with acontainer is stopped
error when showing all containers (or pod containers, forpod stats
) if a container stopped while the command was running (#23334). - Fixed a bug where the output of container healthchecks was not properly logged if it did not include a final newline (#23332).
- Fixed a bug where the port forwarding firewall rules of an existing container could be be overwritten when starting a second container which forwarded the same port on the host even if the second container failed to start as the port was already bound.
- Fixed a bug where the containers created by the
podman play kube
command could sometimes not properly clean up their network stacks (#21569).
API
- The Build API for Images now accepts a comma-separated list in the Platform query parameter, allowing a single API call to built an image for multiple architectures (#22071).
- Fixed a bug where the Remove endpoint for Volumes would return an incorrectly formatted error when called with an ambiguous volume name (#22616).
- Fixed a bug where the Stats endpoint for Containers would return an incorrectly formatted error when called on a container that did not exist (#22612).
- Fixed a bug where the Start endpoint for Pods would return a 409 error code in cases where a 500 error code should have been returned (#22989).
- Fixed a bug where the Top endpoint for Pods would return a 200 status code and then subsequently an error (#22986).
Misc
- Podman no longer requires all parent directories of its root and runroot to be world-executable (#23028).
- Error messages from the
podman build
command when the-f
option is given, but points to a file that does not exist, have been improved (#22940). - The Podman windows installer is now built using WiX 5.
- Updated the gvisor-tap-vsock library to v0.7.4. This release contains a fix for a gvproxy crash on macOS when there is heavy network traffic on a fast link.
- Updated Buildah to v1.37.0
- Updated the containers/image library to v5.32.0
- Updated the containers/storage library to v1.55.0
- Updated the containers/common library to v0.60.0