[CI:DOCS] Update release notes for v4.0.3 and v3.4.7 #13954
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,62 @@ | ||
| # Release Notes | ||
|
|
||
| ## 4.0.3 | ||
| ### Security | ||
| - This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set. | ||
|
|
||
| ### Changes | ||
| - The `podman machine rm --force` command will now remove running machines as well (such machines are shut down first, then removed) ([#13448](https://github.com/containers/podman/issues/13448)). | ||
| - When a `podman machine` VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) ([#13510](https://github.com/containers/podman/issues/13510)). | ||
|
|
||
| ### Bugfixes | ||
| - Fixed a bug where devices added to containers by the `--device` option to `podman run` and `podman create` would not be accessible within the container. | ||
| - Fixed a bug where Podman would refuse to create containers when the working directory in the container was a symlink ([#13346](https://github.com/containers/podman/issues/13346)). | ||
| - Fixed a bug where pods would be created with cgroups even if cgroups were disabled in `containers.conf` ([#13411](https://github.com/containers/podman/issues/13411)). | ||
| - Fixed a bug where the `podman play kube` command would produce confusing errors if invalid YAML with duplicated container named was passed ([#13332](https://github.com/containers/podman/issues/13332)). | ||
|
There was a problem hiding this comment. Fixed a bug where the |
||
| - Fixed a bug where the `podman machine rm` command would not remove the Podman API socket on the host that was associated with the VM. | ||
| - Fixed a bug where the remote Podman client was unable to properly resize the TTYs of containers on non-Linux OSes. | ||
| - Fixed a bug where rootless Podman could hang indefinitely when starting containers on systems with IPv6 disabled ([#13388](https://github.com/containers/podman/issues/13388)). | ||
| - Fixed a bug where the `podman version` command could sometimes print excess blank lines as part of its output. | ||
| - Fixed a bug where the `podman generate systemd` command would sometimes generate systemd services with names beginning with a hyphen ([#13272](https://github.com/containers/podman/issues/13272)). | ||
| - Fixed a bug where locally building the pause image could fail if the current directory contained a `.dockerignore` file ([#13529](https://github.com/containers/podman/issues/13529)). | ||
| - Fixed a bug where root containers in VMs created by `podman machine` could not bind ports to specific IPs on the host ([#13543](https://github.com/containers/podman/issues/13543)). | ||
| - Fixed a bug where the storage utilization percentages displayed by `podman system df` were incorrect ([#13516](https://github.com/containers/podman/issues/13516)). | ||
| - Fixed a bug where the CPU utilization percentages displayed by `podman stats` were incorrect ([#13597](https://github.com/containers/podman/pull/13597)). | ||
| - Fixed a bug where containers created with the `--no-healthcheck` option would still display healthcheck status in `podman inspect` ([#13578](https://github.com/containers/podman/issues/13578)). | ||
| - Fixed a bug where the `podman pod rm` command could print a warning about a missing cgroup ([#13382](https://github.com/containers/podman/issues/13382)). | ||
| - Fixed a bug where the `podman exec` command could sometimes print a `timed out waiting for file` error after the process in the container exited ([#13227](https://github.com/containers/podman/issues/13227)). | ||
| - Fixed a bug where virtual machines created by `podman machine` were not tolerant of changes to the path to the qemu binary on the host ([#13394](https://github.com/containers/podman/issues/13394)). | ||
| - Fixed a bug where the remote Podman client's `podman build` command did not properly handle the context directory if a Containerfile was manually specified using `-f` ([#13293](https://github.com/containers/podman/issues/13293)). | ||
|
There was a problem hiding this comment. nit and where has my inline suggestion button gone GitHub? |
||
| - Fixed a bug where Podman would not properly detect the use of `systemd` as PID 1 in a container when the entrypoint was prefixed with `/bin/sh -c` ([#13324](https://github.com/containers/podman/issues/13324)). | ||
| - Fixed a bug where rootless Podman could, on systems that do not use `systemd` as init, print a warning message about the rootless network namespace ([#13703](https://github.com/containers/podman/issues/13703)). | ||
| - Fixed a bug where the default systemd unit file for `podman system service` did not delegate all cgroup controllers, resulting in `podman info` queries against the remote API returning incorrect cgroup controllers ([#13710](https://github.com/containers/podman/issues/13710)). | ||
| - Fixed a bug where the `slirp4netns` port forwarder for rootless Podman would only publish the first port of a range ([#13643](https://github.com/containers/podman/issues/13643)). | ||
|
|
||
| ### API | ||
| - Fixed a bug where the Compat Create API for containers did not properly handle permissions for tmpfs mounts ([#13108](https://github.com/containers/podman/issues/13108)). | ||
|
|
||
| ### Misc | ||
| - The static binary for Linux is now built with CGo disabled to avoid panics due to a Golang bug ([#13557](https://github.com/containers/podman/issues/13557)). | ||
| - Updated Buildah to v1.24.3 | ||
| - Updated the containers/storage library to v1.38.3 | ||
| - Updated the containers/image library to v5.19.2 | ||
| - Updated the containers/common library to v0.47.5 | ||
|
|
||
| ## 4.0.2 | ||
| ### Bugfixes | ||
| - Revert "use GetRuntimeDir() from c/common" | ||
|
|
||
| ## 4.0.1 | ||
| ### Bugfixes | ||
| - Fixed a bug where the `podman play kube` command did not honor the `mountPropagation` field in Pod YAML ([#13322](https://github.com/containers/podman/issues/13322)). | ||
| - Fixed a bug where the `--build=false` option to `podman play kube` was not honored ([#13285](https://github.com/containers/podman/issues/13285)). | ||
| - Fixed a bug where a container using volumes from another container (via `--volumes-from`) could, under certain circumstances, exit with errors that it could not delete some volumes if the other container did not exit before it ([#12808](https://github.com/containers/podman/issues/12808)). | ||
| - Fixed a bug where the `CONTAINERS_CONF` environment variable was not propagated to Conmon, which could result in Podman cleanup processes being run with incorrect configurations. | ||
|
|
||
| ## 4.0.0 | ||
| ### Security | ||
| - This release addresses CVE-2022-1227, where running `podman top` on a container made from a maliciously-crafted image and using a user namespace could allow for code execution in the host context. | ||
|
|
||
| ### Features | ||
| - Podman has seen an extensive rewrite of its network stack to add support for Netavark, a new tool for configuring container networks, in addition to the existing CNI stack. Netavark will be default on new installations when it is available. | ||
| - The `podman network connect` command now supports three new options, `--ip`, `--ip6`, and `--mac-address`, to specify configuration for the new network that will be attached. | ||
|
|
@@ -196,6 +252,24 @@ | |
| - Updated the containers/common library to v0.47.1 | ||
| - Updated the containers/psgo library to v1.7.2 | ||
|
|
||
| ## 3.4.7 | ||
| ### Security | ||
| - This release addresses CVE-2022-1227, where running `podman top` on a container made from a maliciously-crafted image and using a user namespace could allow for code execution in the host context. | ||
|
|
||
| ## 3.4.6 | ||
| ### Security | ||
| - This release addresses CVE-2022-27191, where an attacker could potentially cause crashes in remote Podman by using incorrect SSH ciphers. | ||
|
|
||
| ## 3.4.5 | ||
| ### Security | ||
| - This release addresses CVE-2022-27649, where Podman would set excess inheritable capabilities for processes in containers. | ||
|
|
||
| ### Bugfixes | ||
| - Fixed a bug where the `podman images` command could, under some circumstances, take an excessive amount of time to list images ([#11997](https://github.com/containers/podman/issues/11997)). | ||
|
|
||
| ### Misc | ||
| - Updates the containers/common library to v0.44.5 | ||
|
|
||
| ## 3.4.4 | ||
| ### Bugfixes | ||
| - Fixed a bug where the `podman exec` command would, under some circumstances, print a warning message about failing to move `conmon` to the appropriate cgroup ([#12535](https://github.com/containers/podman/issues/12535)). | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should add a test for this in the future. @edsantiago ideas? context: #13947