Features
- The remote Podman client and
podman system serviceAPI server now support encrypting connections with TLS and mTLS, including client authentication by certificate (#24583). - The
podman system connection addcommand can now create connections to TCP sockets with TLS and mTLS encryption. - The
podman runandpodman createcommands now support two new options,--credsand--cert-dir, to manage logging into registries to pull images. - The
podman kube playandpodman kube downcommands can now accept multiple files as input, creating or removing more than one pod or deployment with the same command (#26274). - The
podman kube playcommand now supports a new option,--no-pod-prefix, to disable prefixing container names with pod names. Please note that this can cause pods to fail to create if the pod shares a name with a container (#26396). - The
podman machine initcommand now supports a new option,--tls-verify, to control whether the machine image can be pulled from registries without a trusted TLS certificate, with the default beingtrue(TLS verification on) (#26517). - When running the
podman image loadandpodman buildcommands against apodman machineVM, if the path being loaded or built is shared into the VM, Podman will load it from the VM's filesystem instead of streaming the data through the REST API, improving performance (#26321). - A default location for container log files when using the
k8s-filelog driver can now be specified with thelog_pathoption incontainers.conf. - Default flags for the OCI runtime can now be set with the
runtimes_flagsoption incontainers.conf. - The
podman artifact removecommand can now accept multiple arguments, for example,podman artifact rm artifact1 artifact2. - The
podman waitcommand now supports a new option,--return-on-first, which causespodman waitto return after any container matches the condition, as opposed to waiting for all containers to match (#26691). - The
podman container restorecommand now supports a new option,--tcp-close, allowing containers with active TCP connections to be restored multiple times. - Quadlet now features support for a new file type,
.artifact, allowing OCI artifacts to be managed with Quadlet (#25778). - Quadlet
.containerfiles now support a new key,HttpProxy, to disable the automatic forwarding of HTTP proxy options from the host into the container (#26925). - Quadlet
.podfiles now support a new key,StopTimeout, to configure the stop timeout for the pod (#27120). - Quadlet
.buildfiles now support two new keys,BuildArgandIgnoreFile, to specify build arguments and an ignore file (#27065 and #27268). - Quadlet
.kubefiles now support multiple YAML files in a single.kubefile. - Quadlet now supports templated dependencies for volumes and networks (#25136).
- The
podman quadlet installcommand now supports a new option,--replace, which will replace any existing Quadlet with a conflicting name (#26930). - The
podman quadlet printcommand now has a new alias,podman quadlet cat(#27296). - The remote Podman client's
podman artifact removecommand now supports the--alloption. - The
podman artifact addcommand now supports a new option,--replace, which will replace any existing artifact with the given name (#27082). - The
podman artifact rmcommand now supports a new option,--ignore, which will suppress errors when attempting to remove an artifact that does not exist (#27084). - The
podman artifact listcommand now includes artifact creation time in its output (#27314). - The
podman artifact list --formatoption now supports two new format keys,VirtualSize, returning the size of the artifact in integer bytes, andCreatedAt, returning the time the artifact was created as an RFC3339 timestamp (the existingSizeandCreatedfields returned human-readable information) (#27085). - The
podman artifact inspectcommand now supports a new option,--format, to return specific information about an artifact with user-specified formatting (#27112).
Changes
- In preparation for a planned removal of the BoltDB database in Podman 6.0, a warning has been added for installations still using BoltDB. These warnings were added in Podman 5.6, but were not visible by default; they now are. They can be suppressed with the
SUPPRESS_BOLTDB_WARNING=trueenvironment variable. - A new Windows installer has been introduced with a simpler single MSI architecture that supports both user-scope (no admin required) and machine-scope installations. Note: To use the new installer, users must uninstall existing Podman installations before using the new installer, but all containers, images, machines, and other data will be preserved. The old installer is still provided to ensure backwards compatibility, though it will be removed in a future release (#22994 and #25968).
- Podman now requires Go 1.24.
- When the
-p/--publishand--network=ns:/pathoptions are used together when creating a container, Podman will not warn that the-poption will be ignored as an existing namespace is in use (this has always been the case, but Podman now prints a warning about it) (#26663). - The
podman statscommand now provides additional information about container resource utilization when run on FreeBSD. - Shell autocompletion has been enabled for the
--sysctloption topodman createandpodman run, and the--interface-nameoption topodman network create. - Artifacts created by Podman now include a creation timestamp by default, stored in the
org.opencontainers.image.createdannotation (#27081). - The
podman inspectcommand can now inspect artifacts. - The
podman artifact addcommand can now override theorg.opencontainers.image.titleannotation in created artifacts. - Podman can now optionally be built with Sequoia-PGP support. When so built, the
--sign-by-sq-fingerprintoption allows signing images using Seqoia-PGP keys.
Bugfixes
- Fixed a bug where the
--filter ancestor=option topodman psrequired complete matches, unlike Docker (which matched substrings) (#26623). - Fixed a bug where the
--filter label=option topodman eventsdid not support key-only matches (aspodman os --filter label=does) (#26702). - Fixed a bug where Quadlet could panic when a
Mountwas given without asourcebeing specified. - Fixed a bug where Quadlet would fail to generate for a
.buildfile when a systemd specifier was used in the[Build]section (#26746). - Fixed a bug where the
podman infocommand could panic when/proc/sys/fs/binfmt_miscwas not mounted. - Fixed a bug where the remote Podman client could lose some initial bytes of output from attach sessions (
podman run,podman exec,podman attach) due to a race condition (#26951). - Fixed a bug where the
podman buildcommand was ignoring SBOM related options (#23915). - Fixed a bug where the
--userns=ns:/pathoption topodman createandpodman runwas broken with runc 1.1.11 and higher (#27148).
API
- Added a new API endpoint to list quadlets (
GET /libpod/quadlets/json). - The Compat Inspect endpoint for Images no longer includes the
ContainerConfigfield. To access image configuration, use theConfigfield instead. This matches changes made by Docker in the v1.45 API. - Fixed a bug where the Stats and Commit endpoints for Containers (compat & libpod), the Push, Commit, Push, and Pull endpoints for Images (compat & libpod), and the Push endpoint for Manifests (libpod) were not returning a
Content-Typeheader.
Misc
- Error messages returned when an incomplete
--deviceoption (for example--device /dev/fuse::) is passed topodman createorpodman runhave been improved. - Updated Buildah to v1.42.0
- Updated the containers/image library to v5.38.0
- Updated the containers/storage library to v1.61.0
- Updated the containers/common library to v0.66.0
- The containers/image, containers/storage, and containers/common libraries are now sourced from the containers/container-libs monorepo.