Changes:
[Bugfixes, misc and API changes were omitted due taking too much space and
probably not so interesting]
3.4.4
=====
3.4.4 is a bugfixes release.
3.4.3
=====
Security
* This release addresses CVE-2021-4024, where the podman machine command
opened the gvproxy API (used to forward ports to podman machine VMs) to the
public internet on port 7777.
* This release addresses CVE-2021-41190, where incomplete specification of
behavior regarding image manifests could lead to inconsistent decoding on
different clients.
Features
--------
* The --secret type=mount option to podman create and podman run supports a
new option, target=, which specifies where in the container the secret will
be mounted (#12287).
Several misc, bugfixes and API changes.
3.4.2
=====
3.4.2 is a bugfixes release.
3.4.1
=====
3.4.1 is a misc and bugfixes release.
3.4.0
=====
Features
--------
* Pods now support init containers! Init containers are containers which run
before the rest of the pod starts. There are two types of init containers:
"always", which always run before the pod is started, and "once", which
only run the first time the pod starts and are subsequently removed. They
can be added using the podman create command's --init-ctr option.
* Support for init containers has also been added to podman play kube and
podman generate kube - init containers contained in Kubernetes YAML will be
created as Podman init containers, and YAML generated by Podman will
include any init containers created.
* The podman play kube command now supports building images. If the --build
option is given and a directory with the name of the specified image exists
in the current working directory and contains a valid Containerfile or
Dockerfile, the image will be built and used for the container.
* The podman play kube command now supports a new option, --down, which
removes any pods and containers created by the given Kubernetes YAML.
* The podman generate kube command now generates annotations for SELinux
mount options on volume (:z and :Z) that are respected by the podman play
kube command.
* A new command has been added, podman pod logs, to return logs for all
containers in a pod at the same time.
* Two new commands have been added, podman volume export (to export a volume
to a tar file) and podman volume import) (to populate a volume from a given
tar file).
* The podman auto-update command now supports simple rollbacks. If a
container fails to start after an automatic update, it will be rolled back
to the previous image and restarted again.
* Pods now share their user namespace by default, and the podman pod create
command now supports the --userns option. This allows rootless pods to be
created with the --userns=keep-id option.
* The podman pod ps command now supports a new filter with its --filter
option, until, which returns pods created before a given timestamp.
* The podman image scp command has been added. This command allows images to
be transferred between different hosts.
* The podman stats command supports a new option, --interval, to specify the
amount of time before the information is refreshed.
* The podman inspect command now includes ports exposed (but not published)
by containers (e.g. ports from --expose when --publish-all is not
specified).
* The podman inspect command now has a new boolean value, Checkpointed, which
indicates that a container was stopped as a result of a podman container
checkpoint operation.
* Volumes created by podman volume create now support setting quotas when run
atop XFS. The size and inode options allow the maximum size and maximum
number of inodes consumed by a volume to be limited.
* The podman info command now outputs information on what log drivers,
network drivers, and volume plugins are available for use (#11265).
* The podman info command now outputs the current log driver in use, and the
variant and codename of the distribution in use.
* The parameters of the VM created by podman machine init (amount of disk
space, memory, CPUs) can now be set in containers.conf.
* The podman machine ls command now shows additional information (CPUs,
memory, disk size) about VMs managed by podman machine.
* The podman ps command now includes healthcheck status in container state
for containers that have healthchecks (#11527).
Changes
-------
* The podman build command has a new alias, podman buildx, to improve
compatibility with Docker. We have already added support for many docker
buildx flags to podman build and aim to continue to do so.
* Cases where Podman is run without a user session or a writable temporary
files directory will now produce better error messages.
* The default log driver has been changed from file to journald. The file
driver did not properly support log rotation, so this should lead to a
better experience. If journald is not available on the system, Podman will
automatically revert to the file.
* Podman no longer depends on ip for removing networks (#11403).
* The deprecated --macvlan flag to podman network create now warns when it is
used. It will be removed entirely in the Podman 4.0 release.
* The podman machine start command now prints a message when the VM is
successfully started.
* The podman stats command can now be used on containers that are paused.
* The podman unshare command will now return the exit code of the command
that was run in the user namespace (assuming the command was successfully
run).
* Successful healthchecks will no longer add a healthy line to the system log
to reduce log spam.
* As a temporary workaround for a lack of shortname prompts in the Podman
remote client, VMs created by podman machine now default to only using the
docker.io registry.
Several misc, bugfixes and API changes.
15ecedb4f2