Security
- This release fixes CVE-2022-41723, a vulnerability in the golang.org/x/net package where a maliciously crafted HTTP/2 stream could cause excessive CPU consumption, sufficient to cause a denial of service.
Changes
- Added
SYS_CHROOTback to the default set of capabilities.
Bugfixes
- Fixed a bug where quadlet would not use the default runtime set.
- Fixed a bug where
podman system service --log-level=tracedid not hijack the client connection, causing remotepodman run/attachcalls to work incorrectly (#17749). - Fixed a bug where the podman-mac-helper returned an incorrect exit code after erroring.
podman-mac-helpernow exits with 1 on error (#17785). - Fixed a bug where
podman run --dns ... --networkwould not respect the dns option. Podman will no longer add host nameservers to resolv.conf when aardvark-dns is used (#17499). - Fixed a bug where
podman logserrored out with the passthrough driver when the container was run from a systemd service. - Fixed a bug where
--health-on-failure=restartwould not restart the container when the health state turned unhealthy (#17777). - Fixed a bug where podman machine VMs could have their system time drift behind real time. New machines will no longer be affected by this (#11541).
API
- Fixed a bug where creating a network with the Compat API would return an incorrect status code. The API call now returns 409 when creating a network with an existing name and when CheckDuplicate is set to true (#17585).
- Fixed a bug in the /auth REST API where logging into Docker Hub would fail (#17571).
Misc
- Updated the containers/common library to v0.51.1
- Updated the Mac pkginstaller QEMU to v7.2.0