Security
- This release addresses CVE-2026-57231, where a malicious image using malformed
Enventries could cause host environment variables to leak into containers run based on the image, including the ability to use the*glob operator to leak large numbers of environment variables without knowing their exact names (GHSA-4hq8-gpf5-8p68). - The golang.org/x/crypto library has been updated to v0.53.0, addressing CVE-2026-39830 and CVE-2026-42508.
Bugfixes
- Fixed a bug where the remote Podman client's
podman savecommand would fail on Linux when using the-f oci-diror-f docker-dirarguments.