Security
- This release addresses CVE-2025-9566, where Kubernetes YAML run by
podman play kubecontainingConfigMapandSecretvolumes can use crafted symlinks to overwrite content on the host.
Bugfixes
- Fixed a bug where network creation and removal events were displayed incorrectly when the
journaldevents driver was in use. - Fixed a bug where the
--security-opt seccomp=unconfinedoption was broken on Windows (#26855). - Fixed a bug where containers created with a name longer than 64 characters, no explicit hostname, the the
container_name_as_hostnameoption incontainers.confset totruewould fail to start. - Fixed a bug where Podman would fail to start containers when runc 1.3.0 or later was used as the OCI runtime (#26938).
Misc
- Adjusted the systemd-tmpfiles script to recursively remove temporary files directories placed in
/tmp, ensuring proper operation of Podman after a reboot if/tmpis not a tmpfs. - Updated Buildah to v1.41.4
- Updated the containers/storage to v1.59.1
- Updated the containers/common library to v0.64.2