Skip to content

Releases: containers/podman

v5.3.0

13 Nov 13:14
v5.3.0
Compare
Choose a tag to compare

Features

  • The podman kube generate and podman kube play commands can now create and run Kubernetes Job YAML (#17011).
  • The podman kube generate command now includes information on the user namespaces for pods and containers in generated YAML. The podman kube play command uses this information to duplicate the user namespace configuration when creating new pods based on the YAML.
  • The podman kube play command now supports Kubernetes volumes of type image (#23775).
  • The service name of systemd units generated by Quadlet can now be set with the ServiceName key in all supported Quadlet files (#23414).
  • Quadlets can now disable their implicit dependency on network-online.target via a new key, DefaultDependencies, supported by all Quadlet files (#24193).
  • Quadlet .container and .pod files now support a new key, AddHost, to add hosts to the container or pod.
  • The PublishPort key in Quadlet .container and .pod files can now accept variables in its value (#24081).
  • Quadlet .container files now support two new keys, CgroupsMode and StartWithPod, to configure cgroups for the container and whether the container will be started with the pod it is part of (#23664 and #24401).
  • Quadlet .container files can now use the network of another container by specifying the .container file of the container to share with in the Network key.
  • Quadlet .container files can now mount images managed by .image files into the container by using the Mount=type=image key with a .image target.
  • Quadlet .pod files now support six new keys, DNS, DNSOption, DNSSearch, IP, IP6, and UserNS, to configure DNS, static IPs, and user namespace settings for the pod (#23692).
  • Quadlet .image files can now give an image multiple times by specifying the ImageTag key multiple times (#23781).
  • Quadlets can now be placed in the /run/containers/systemd directory as well as existing directories like $HOME/containers/systemd and /etc/containers/systemd/users.
  • Quadlet now properly handles subdirectories of a unit directory being a symlink (#23755).
  • The podman manifest inspect command now includes the manifest's annotations in its output.
  • The output of the podman inspect command for containers now includes a new field, HostConfig.AutoRemoveImage, which shows whether a container was created with the --rmi option set.
  • The output of the podman inspect command for containers now includes a new field, Config.ExposedPorts, which includes all exposed ports from the container, improving Docker compatibility.
  • The output of the podman inspect command for containers now includes a new field, Config.StartupHealthCheck, which shows the container's startup healthcheck configuration.
  • The output of the podman inspect command for containers now includes a new field in Mounts, SubPath, which contains any subpath set for image or named volumes.
  • The podman machine list command now supports a new option, --all-providers, which lists machines from all supported VM providers, not just the one currently in use.
  • VMs run by podman machine on Windows will now provide API access by exposing a Unix socket on the host filesystem which forwards into the VM (#23408).
  • The podman buildx prune and podman image prune commands now support a new option, --build-cache, which will also clean the build cache.
  • The Windows installer has a new radio button to select virtualization provider (WSLv2 or Hyper-V).
  • The --add-host option to podman create, podman run, and podman pod create now supports specifying multiple hostnames, semicolon-separated (e.g. podman run --add-host test1;test2:192.168.1.1) (#23770).
  • The podman run and podman create commands now support three new options for configuring healthcheck logging: --health-log-destination (specify where logs are stored), --health-max-log-count (specify how many healthchecks worth of logs are stored), and --health-max-log-size (specify the maximum size of the healthcheck log).

Changes

  • Podman now uses the Pasta --map-guest-addr option by default which is used for the host.containers.internal entry in /etc/hosts to allow containers to reach the host by default (#19213).
  • The names of the infra containers of pods created by Quadlet are changed to the pod name suffixed with -infra (#23665).
  • The podman system connection add command now respects HTTP path prefixes specified with tcp:// URLs.
  • Proxy environment variables (e.g. https_proxy) declared in containers.conf no longer escape special characters in their values when used with podman machine VMs (#23277).
  • The podman images --sort=repository command now also sorts by image tag as well, guaranteeing deterministic output ordering (#23803).
  • When a user has a rootless podman machine VM running and second rootful podman machine VM initialized, and the rootless VM is removed, the connection to the second, rootful machine now becomes the default as expected (#22577).
  • Environment variable secrets are no longer contained in the output of podman inspect on a container the secret is used in (#23788).
  • Podman no longer exits 0 on SIGTERM by default.
  • Podman no longer explicitly sets rlimits to their default value, as this could lower the actual value available to containers if it had been set higher previously.
  • Quadlet user units now correctly wait for the network to be ready to use via a new service, podman-user-wait-network-online.service, instead of the user session's nonfunctional network-online.target.
  • Exposed ports in the output of podman ps are now correctly grouped and deduplicated when they are also published (#23317).
  • Quadlet build units no longer use RemainAfterExit=yes by default.

Bugfixes

  • Fixed a bug where the --build-context option to podman build did not function properly on Windows, breaking compatibility with Visual Studio Dev Containers (#17313).
  • Fixed a bug where Quadlet would generate bad arguments to Podman if the SecurityLabelDisable or SecurityLabelNested keys were used (#23432).
  • Fixed a bug where the PODMAN_COMPOSE_WARNING_LOGS environment variable did not suppress warnings printed by podman compose that it was redirecting to an external provider.
  • Fixed a bug where, if the podman container cleanup command was run on a container in the process of being removed, an error could be printed.
  • Fixed a bug where rootless Quadlet units placed in /etc/containers/systemd/users/ would be loaded for root as well when /etc/containers/systemd was a symlink (#23483).
  • Fixed a bug where the remote Podman client's podman stop command would, if called with --cidfile pointing to a non-existent file and the --ignore option set, stop all containers (#23554).
  • Fixed a bug where the podman wait would only exit only after 20 second when run on a container which rapidly exits and is then restarted by the on-failure restart policy.
  • Fixed a bug where podman volume rm and podman run -v could deadlock when run simultaneously on the same volume (#23613).
  • Fixed a bug where running podman mount on a container in the process of being created could cause a nonsensical error indicating the container already existed (#23637).
  • Fixed a bug where the podman stop command could deadlock when run on containers with very large annotations (#22246).
  • Fixed a bug where the podman machine stop command could segfault on Mac when a VM failed to stop gracefully (#23654).
  • Fixed a bug where the podman stop command would not ensure containers created with --rm were removed when it exited (#22852).
  • Fixed a bug where the --rmi option to podman run did not function correctly with detached containers.
  • Fixed a bug where running podman inspect on a container on FreeBSD would emit an incorrect value for the HostConfig.Device field, breaking compatibility with the Ansible Podman module.
  • Fixed a bug where rootless Podman could fail to start containers using the --cgroup-parent option (#23780).
  • Fixed a bug where the podman build -v command did not properly handle Windows paths passed as the host directory.
  • Fixed a bug where Podman could leak network namespace files if it was interrupted while creating a network namespace (#24044).
  • ...
Read more

v5.3.0-RC3

06 Nov 19:15
v5.3.0-rc3
8469dcc
Compare
Choose a tag to compare
v5.3.0-RC3 Pre-release
Pre-release

Features

  • The podman kube generate and podman kube play commands can now create and run Kubernetes Job YAML (#17011).
  • The podman kube generate command now includes information on the user namespaces for pods and containers in generated YAML. The podman kube play command uses this information to duplicate the user namespace configuration when creating new pods based on the YAML.
  • The podman kube play command now supports Kubernetes volumes of type image (#23775).
  • The service name of systemd units generated by Quadlet can now be set with the ServiceName key in all supported Quadlet files (#23414).
  • Quadlets can now disable their implicit dependency on network-online.target via a new key, DefaultDependencies, supported by all Quadlet files (#24193).
  • Quadlet .container and .pod files now support a new key, AddHost, to add hosts to the container or pod.
  • The PublishPort key in Quadlet .container and .pod files can now accept variables in its value (#24081).
  • Quadlet .container files now support two new keys, CgroupsMode and StartWithPod, to configure cgroups for the container and whether the container will be started with the pod it is part of ([#23664](htt
    ps://github.com//issues/23664) and #24401).
  • Quadlet .container files can now use the network of another container by specifying the .container file of the container to share with in the Network key.
  • Quadlet .container files can now mount images managed by .image files into the container by using the Mount=type=image key with a .image target.
  • Quadlet .pod files now support six new keys, DNS, DNSOption, DNSSearch, IP, IP6, and UserNS, to configure DNS, static IPs, and user namespace settings for the pod ([#23692](https://github.com/co\
    ntainers/podman/issues/23692)).
  • Quadlet .image files can now give an image multiple times by specifying the ImageTag key multiple times (#23781).
  • Quadlets can now be placed in the /run/containers/systemd directory as well as existing directories like $HOME/containers/systemd and /etc/containers/systemd/users.
  • Quadlet now properly handles subdirectories of a unit directory being a symlink (#23755).
  • The podman manifest inspect command now includes the manifest's annotations in its output.
  • The output of the podman inspect command for containers now includes a new field, HostConfig.AutoRemoveImage, which shows whether a container was created with the --rmi option set.
  • The output of the podman inspect command for containers now includes a new field, Config.ExposedPorts, which includes all exposed ports from the container, improving Docker compatibility.
  • The output of the podman inspect command for containers now includes a new field, Config.StartupHealthCheck, which shows the container's startup healthcheck configuration.
  • The podman machine list command now supports a new option, --all-providers, which lists machines from all supported VM providers, not just the one currently in use.
  • VMs run by podman machine on Windows will now provide API access by exposing a Unix socket on the host filesystem which forwards into the VM (#23408).
  • The podman buildx prune and podman image prune commands now support a new option, --build-cache, which will also clean the build cache.
  • The Windows installer has a new radio button to select virtualization provider (WSLv2 or Hyper-V).
  • The --add-host option to podman create, podman run, and podman pod create now supports specifying multiple hostnames, semicolon-separated (e.g. podman run --add-host test1;test2:192.168.1.1) (#2377
    0
    ).
  • The podman run and podman create commands now support three new options for configuring healthcheck logging: --health-log-destination (specify where logs are stored), --health-max-log-count (specify how many healthchecks worth of logs are stored), and --health-max-log-size (specify the maximum size of the healthcheck log).

Changes

  • Podman now uses the Pasta --map-guest-addr option by default which is used for the host.containers.internal entry in /etc/hosts to allow containers to reach the host by default (#19213).
  • The names of the infra containers of pods created by Quadlet are changed to the pod name suffixed with -infra (#23665).
  • The podman system connection add command now respects HTTP path prefixes specified with tcp:// URLs.
  • Proxy environment variables (e.g. https_proxy) declared in containers.conf no longer escape special characters in their values when used with podman machine VMs ([#23277](https://github.com/containers/p\
    odman/issues/23277)).
  • The podman images --sort=repository command now also sorts by image tag as well, guaranteeing deterministic output ordering (#23803).
  • When a user has a rootless podman machine VM running and second rootful podman machine VM initialized, and the rootless VM is removed, the connection to the second, rootful machine now becomes the default as expected (#22577).
  • Environment variable secrets are no longer contained in the output of podman inspect on a container the secret is used in (#23788).
  • Podman no longer exits 0 on SIGTERM by default.
  • Podman no longer explicitly sets rlimits to their default value, as this could lower the actual value available to containers if it had been set higher previously.
  • Quadlet user units now correctly wait for the network to be ready to use via a new service, podman-user-wait-network-online.service, instead of the user session's nonfunctional network-online.target.
  • Exposed ports in the output of podman ps are now correctly grouped and deduplicated when they are also published (#23317).
  • Quadlet build units no longer use RemainAfterExit=yes by default.

Bugfixes

  • Fixed a bug where the --build-context option to podman build did not function properly on Windows, breaking compatibility with Visual Studio Dev Containers (#17313).
  • Fixed a bug where Quadlet would generate bad arguments to Podman if the SecurityLabelDisable or SecurityLabelNested keys were used (#23432).
  • Fixed a bug where the PODMAN_COMPOSE_WARNING_LOGS environment variable did not suppress warnings printed by podman compose that it was redirecting to an external provider.
  • Fixed a bug where, if the podman container cleanup command was run on a container in the process of being removed, an error could be printed.
  • Fixed a bug where rootless Quadlet units placed in /etc/containers/systemd/users/ would be loaded for root as well when /etc/containers/systemd was a symlink (#23483).
  • Fixed a bug where the remote Podman client's podman stop command would, if called with --cidfile pointing to a non-existent file and the --ignore option set, stop all containers (#23554).
  • Fixed a bug where the podman wait would only exit only after 20 second when run on a container which rapidly exits and is then restarted by the on-failure restart policy.
  • Fixed a bug where podman volume rm and podman run -v could deadlock when run simultaneously on the same volume (#23613).
  • Fixed a bug where running podman mount on a container in the process of being created could cause a nonsensical error indicating the container already existed (#23637).
  • Fixed a bug where the podman stop command could deadlock when run on containers with very large annotations (#22246).
  • Fixed a bug where the podman machine stop command could segfault on Mac when a VM failed to stop gracefully (#23654).
  • Fixed a bug where the podman stop command would not ensure containers created with --rm were removed when it exited (#22852).
  • Fixed a bug where the --rmi option to podman run did not function correctly with detached containers.
  • Fixed a bug where running podman inspect on a container on FreeBSD would emit an incorrect value for the HostConfig.Device field, breaking compatibility with the Ansible Podman module.
  • Fixed a bug where rootless Podman could fail to start containers using the --cgroup-parent option (#23780).
  • Fixed a bug where the podman build -v command did not properly handle Windows paths passed as the host directory.
  • Fixed a bug where Podman could leak network namespace files if it was interrupted while creating a network namespace (#24044).
  • Fixed a bug where the remote Podman client's podman run command could sometimes fail to retrieve a container's exit code for containers run with the --rm...
Read more

v5.3.0-RC2

31 Oct 13:52
v5.3.0-rc2
Compare
Choose a tag to compare
v5.3.0-RC2 Pre-release
Pre-release

This is the second release candidate for Podman v5.3.0. Preliminary release notes are below.

Features

  • The podman kube generate and podman kube play commands can now create and run Kubernetes Job YAML (#17011).
  • The podman kube generate command now includes information on the user namespaces for pods and containers in generated YAML. The podman kube play command uses this information to duplicate the user namespace configuration when creating new pods based on the YAML.
  • The podman kube play command now supports Kubernetes volumes of type image (#23775).
  • The service name of systemd units generated by Quadlet can now be set with the ServiceName key in all supported Quadlet files (#23414).
  • Quadlets can now disable their implicit dependency on network-online.target via a new key, DefaultDependencies, supported by all Quadlet files (#24193).
  • Quadlet .container and .pod files now support a new key, AddHost, to add hosts to the container or pod.
  • The PublishPort key in Quadlet .container and .pod files can now accept variables in its value (#24081).
  • Quadlet .container files now support a new key, CgroupsMode, to configure cgroups for the container (#23664).
  • Quadlet .container files can now use the network of another container by specifying the .container file of the container to share with in the Network key.
  • Quadlet .pod files now support six new keys, DNS, DNSOption, DNSSearch, IP, IP6, and UserNS, to configure DNS, static IPs, and user namespace settings for the pod (#23692).
  • Quadlet .image files can now give an image multiple times by specifying the ImageTag key multiple times (#23781).
  • Quadlets can now be placed in the /run/containers/systemd directory as well as existing directories like $HOME/containers/systemd and /etc/containers/systemd/users.
  • Quadlet now properly handles subdirectories of a unit directory being a symlink (#23755).
  • The podman manifest inspect command now includes the manifest's annotations in its output.
  • The output of the podman inspect command for containers now includes a new field, HostConfig.AutoRemoveImage, which shows whether a container was created with the --rmi option set.
  • The output of the podman inspect command for containers now includes a new field, Config.ExposedPorts, which includes all exposed ports from the container, improving Docker compatibility.
  • The output of the podman inspect command for containers now includes a new field, Config.StartupHealthCheck, which shows the container's startup healthcheck configuration.
  • The podman machine list command now supports a new option, --all-providers, which lists machines from all supported VM providers, not just the one currently in use.
  • VMs run by podman machine on Windows will now provide API access by exposing a Unix socket on the host filesystem which forwards into the VM (#23408).
  • The podman buildx prune and podman image prune commands now support a new option, --build-cache, which will also clean the build cache.
  • The Windows installer has a new radio button to select virtualization provider (WSLv2 or Hyper-V).
  • The --add-host option to podman create, podman run, and podman pod create now supports specifying multiple hostnames, semicolon-separated (e.g. podman run --add-host test1;test2:192.168.1.1) (#23770).
  • The podman run and podman create commands now support three new options for configuring healthcheck logging: --health-log-destination (specify where logs are stored), --health-max-log-count (specify how many healthchecks worth of logs are stored), and --health-max-log-size (specify the maximum size of the healthcheck log).

Changes

  • Podman now uses the Pasta --map-guest-addr option by default which is used for the host.containers.internal entry in /etc/hosts to allow containers to reach the host by default (#19213).
  • The names of the infra containers of pods created by Quadlet are changed to the pod name suffixed with -infra (#23665).
  • The podman system connection add command now respects HTTP path prefixes specified with tcp:// URLs.
  • Proxy environment variables (e.g. https_proxy) declared in containers.conf no longer escape special characters in their values when used with podman machine VMs (#23277).
  • The podman images --sort=repository command now also sorts by image tag as well, guaranteeing deterministic output ordering (#23803).
  • When a user has a rootless podman machine VM running and second rootful podman machine VM initialized, and the rootless VM is removed, the connection to the second, rootful machine now becomes the default as expected (#22577).
  • Environment variable secrets are no longer contained in the output of podman inspect on a container the secret is used in (#23788).
  • Podman no longer exits 0 on SIGTERM by default.
  • Podman no longer explicitly sets rlimits to their default value, as this could lower the actual value available to containers if it had been set higher previously.
  • Quadlet user units now correctly wait for the network to be ready to use via a new service, podman-user-wait-network-online.service, instead of the user session's nonfunctional network-online.target.
  • Exposed ports in the output of podman ps are now correctly grouped and deduplicated when they are also published (#23317).

Bugfixes

  • Fixed a bug where the --build-context option to podman build did not function properly on Windows, breaking compatibility with Visual Studio Dev Containers (#17313).
  • Fixed a bug where Quadlet would generate bad arguments to Podman if the SecurityLabelDisable or SecurityLabelNested keys were used (#23432).
  • Fixed a bug where the PODMAN_COMPOSE_WARNING_LOGS environment variable did not suppress warnings printed by podman compose that it was redirecting to an external provider.
  • Fixed a bug where, if the podman container cleanup command was run on a container in the process of being removed, an error could be printed.
  • Fixed a bug where rootless Quadlet units placed in /etc/containers/systemd/users/ would be loaded for root as well when /etc/containers/systemd was a symlink (#23483).
  • Fixed a bug where the remote Podman client's podman stop command would, if called with --cidfile pointing to a non-existent file and the --ignore option set, stop all containers (#23554).
  • Fixed a bug where the podman wait would only exit only after 20 second when run on a container which rapidly exits and is then restarted by the on-failure restart policy.
  • Fixed a bug where podman volume rm and podman run -v could deadlock when run simultaneously on the same volume (#23613).
  • Fixed a bug where running podman mount on a container in the process of being created could cause a nonsensical error indicating the container already existed (#23637).
  • Fixed a bug where the podman stop command could deadlock when run on containers with very large annotations (#22246).
  • Fixed a bug where the podman machine stop command could segfault on Mac when a VM failed to stop gracefully (#23654).
  • Fixed a bug where the podman stop command would not ensure containers created with --rm were removed when it exited (#22852).
  • Fixed a bug where the --rmi option to podman run did not function correctly with detached containers.
  • Fixed a bug where running podman inspect on a container on FreeBSD would emit an incorrect value for the HostConfig.Device field, breaking compatibility with the Ansible Podman module.
  • Fixed a bug where rootless Podman could fail to start containers using the --cgroup-parent option (#23780).
  • Fixed a bug where the podman build -v command did not properly handle Windows paths passed as the host directory.
  • Fixed a bug where Podman could leak network namespace files if it was interrupted while creating a network namespace (#24044).
  • Fixed a bug where the remote Podman client's podman run command could sometimes fail to retrieve a container's exit code for containers run with the --rm option.
  • Fixed a bug where podman machine on Windows could fail to run VMs for certain usernames containing special characters.
  • Fixed a bug where Quadlet would reject RemapUsers=keep-id when run as root.
  • Fixed a bug where XFS quotas on volumes were not unique, meaning that all volumes...
Read more

v5.3.0-RC1

22 Oct 15:57
v5.3.0-rc1
d306e80
Compare
Choose a tag to compare
v5.3.0-RC1 Pre-release
Pre-release

This is the first release candidate of Podman v5.3.0. Release notes will be provided next week in Podman v5.3.0-rc2.

v5.2.5

23 Oct 17:48
v5.2.5
Compare
Choose a tag to compare

Security

  • This release addresses CVE-2024-9675, which allows arbitrary access to the host filesystem from RUN --mount type=cache arguments to a Dockerfile being built.
  • This release also addresses CVE-2024-9676, which allows malicious images with a symlink /etc/passwd or /etc/group to potentially cause a denial of service through reading a FIFO on the host.

Misc

  • Updated Buildah to v1.37.5
  • Updated the containers/storage library to v1.55.1

v5.2.4

07 Oct 16:04
v5.2.4
76d0859
Compare
Choose a tag to compare

Security

  • This release addresses CVE-2024-9407, which allows arbitrary access to the host filesystem from RUN --mount arguments to a Dockerfile being built.
  • This release also addresses CVE-2024-9341, allowing the mounting of arbitrary directories from the host into containers on FIPS enabled systems using a malicious image with crafted symlinks.

Misc

  • Updated Buildah to v1.37.4
  • Updated the containers/common library to v0.60.4

v5.2.3

24 Sep 15:17
v5.2.3
Compare
Choose a tag to compare

Bugfixes

  • Fixed a bug that could cause network namespaces to fail to unmount, resulting in Podman commands hanging.
  • Fixed a bug where Podman could not run images which included SCTP exposed ports.
  • Fixed a bug where containers run by the root user, but inside a user namespace (including inside a container), could not use the pasta network mode.
  • Fixed a bug where volume copy-up did not properly chown empty volumes when the :idmap mount option was used.

Misc

  • Updated Buildah to v1.37.3

v5.2.2

21 Aug 19:58
v5.2.2
fcee481
Compare
Choose a tag to compare

Bugfixes

  • Fixed a bug where rootless Podman could fail to validate the runtime's volume path on systems with a symlinked /home (#23515).

Misc

  • Updated Buildah to v1.37.2
  • Updated the containers/common library to v0.60.2
  • Updated the containers/image library to v5.32.2

v5.2.1

14 Aug 18:07
v5.2.1
d0582c9
Compare
Choose a tag to compare

Bugfixes

  • Fixed a bug where Podman could sometimes save an incorrect container state to the database, which could cause a number of issues including but not limited to attempting to clean up containers twice (#21569).

Misc

  • Updated Buildah to v1.37.1
  • Updated the containers/common library to v0.60.1
  • Updated the containers/image library to v5.32.1

v5.2.0

02 Aug 12:04
v5.2.0
b22d5c6
Compare
Choose a tag to compare

Features

  • Podman now supports libkrun as a backend for creating virtual machines on MacOS. The libkrun backend has the advantage of allowing GPUs to be mounted into the virtual machine to accelerate tasks. The default backend remains applehv.
  • Quadlet now has support for .build files, which allows images to be built by Quadlet and then used by Quadlet containers.
  • Quadlet .container files now support two new fields, LogOpt to specify container logging configuration and StopSignal to specify container stop signal (#23050).
  • Quadlet .container and .pod files now support a new field, NetworkAlias, to add network aliases.
  • Quadlet drop-in search paths have been expanded to include top-level type drop-ins (container.d, pod.d) and truncated unit drop-ins (unit-.container.d) (#23158).
  • Podman now supports a new command, podman system check, which will identify (and, if possible, correct) corruption within local container storage.
  • The podman machine reset command will now reset all providers available on the current operating system (e.g. ensuring that both HyperV and WSL podman machine VMs will be removed on Windows).

Changes

  • Podman now requires the new kernel mount API, introducing a dependency on Linux Kernel v5.2 or higher.
  • Quadlet .image units now have a dependency on network-online.target (#21873).
  • The --device option to podman create and podman run is no longer ignored when --privileged is also specified (#23132).
  • The podman start and podman stop commands no longer print the full ID of the pod started/stopped, but instead the user's input used to specify the pod (e.g. podman pod start b will print b instead of the pod's full ID) (#22590).
  • Virtual machines created by podman machine on Linux now use virtiofs instead of 9p for mounting host filesystems. Existing mounts will be transparently changed on machine restart or recreation. This should improve performance and reliability of host mounts. This requires the installation of virtiofsd on the host system to function.
  • Using both the --squash and --layers=false options to podman build at the same time is now allowed.
  • Podman now passes container's stop timeout to systemd when creating cgroups, causing it to be honored when systemd stops the scope. This should prevent hangs on system shutdown due to running Podman containers.
  • The --volume-driver option to podman machine init is now deprecated.

Bugfixes

  • Fixed a bug where rootless containers created with the --sdnotify=healthy option could panic when started (#22651).
  • Fixed a bug where containers created with the --sdnotify=healthy option that exited quickly would sometimes return an error instead of notifying that the container was ready (#22760).
  • Fixed a bug where the podman system reset command did not remove the containers/image blob cache (#22825).
  • Fixed a bug where Podman would sometimes create a cgroup for itself even when the --cgroups=disabled option was specified at container creation time (#20910).
  • Fixed a bug where the /etc/hosts file in a container was not created with a newline at the end of the file (#22729).
  • Fixed a bug where the podman start command could sometimes panic when starting a container in the stopped state.
  • Fixed a bug where the podman system renumber command would fail if volumes existed when using the sqlite database backend (#23052).
  • Fixed a bug where the podman container restore command could not successfully restore a container in a pod.
  • Fixed a bug where an error message from podman diff would suggest using the --latest option when using the remote Podman client (#23038).
  • Fixed a bug where user could assign more memory to a Podman machine than existed on the host (#18206).
  • Fixed a bug where the podman events command was rarely unable to report errors that occurred (#23165).
  • Fixed a bug where containers run in systemd units would sometimes not be removed correctly on exit when using the --cidfile option.
  • Fixed a bug where the first Podman command run after a reboot could cause hang when using transient mode (#22984).
  • Fixed a bug where Podman could throw errors about a database configuration mismatch if certain paths did not exist on the host.
  • Fixed a bug where the podman run and podman start commands could throw strange errors if another Podman process stopped the container at a midpoint in the process of starting (#23246).
  • Fixed a bug where the podman system service command could leak a mount on termination.
  • Fixed a bug where the Podman remote client would panic if an invalid image filter was passed to podman images (#23120).
  • Fixed a bug where the podman auto-update and podman system df commands could fail when a container was removed while the command was running (#23279).
  • Fixed a bug where the podman machine init command could panic when trying to decompress an empty file when preparing the VM image (#23281).
  • Fixed a bug where the podman ps --pod and podman pod stats commands could sometimes fail when a pod was removed while the command was running (#23282).
  • Fixed a bug where the podman stats and podman pod stats commands would sometimes exit with a container is stopped error when showing all containers (or pod containers, for pod stats) if a container stopped while the command was running (#23334).
  • Fixed a bug where the output of container healthchecks was not properly logged if it did not include a final newline (#23332).
  • Fixed a bug where the port forwarding firewall rules of an existing container could be be overwritten when starting a second container which forwarded the same port on the host even if the second container failed to start as the port was already bound.
  • Fixed a bug where the containers created by the podman play kube command could sometimes not properly clean up their network stacks (#21569).

API

  • The Build API for Images now accepts a comma-separated list in the Platform query parameter, allowing a single API call to built an image for multiple architectures (#22071).
  • Fixed a bug where the Remove endpoint for Volumes would return an incorrectly formatted error when called with an ambiguous volume name (#22616).
  • Fixed a bug where the Stats endpoint for Containers would return an incorrectly formatted error when called on a container that did not exist (#22612).
  • Fixed a bug where the Start endpoint for Pods would return a 409 error code in cases where a 500 error code should have been returned (#22989).
  • Fixed a bug where the Top endpoint for Pods would return a 200 status code and then subsequently an error (#22986).

Misc

  • Podman no longer requires all parent directories of its root and runroot to be world-executable (#23028).
  • Error messages from the podman build command when the -f option is given, but points to a file that does not exist, have been improved (#22940).
  • The Podman windows installer is now built using WiX 5.
  • Updated the gvisor-tap-vsock library to v0.7.4. This release contains a fix for a gvproxy crash on macOS when there is heavy network traffic on a fast link.
  • Updated Buildah to v1.37.0
  • Updated the containers/image library to v5.32.0
  • Updated the containers/storage library to v1.55.0
  • Updated the containers/common library to v0.60.0