Podman

This is the third release candidate of Podman 5.0.0. Full release notes will be available with the fourth release candidate.

This is the second release candidate for Podman v5.0.0.

Release notes are not yet available, but will be published as part of a subsequent release candidate.

This is the first release candidate for Podman v5.0.0.

Release notes are not yet available, but will be published as part of a subsequent release candidate.

Security
- This release addresses CVE-2024-3727, a vulnerability in the containers/image library which allows attackers to trigger authenticated registry access on behalf of the victim user.

API
- Fixed a bug in the Compat List endpoint for Networks which could result in a server crash due to concurrent writes to a map ([22330](https://github.com/containers/podman/issues/22330)).

Security
- Fixed [CVE-2024-1753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1753) in Buildah and `podman build` which allowed a user to write files to the `/` directory of the host machine if selinux was not enabled.

Bugfixes
- Fixed a bug where health check status would be updated to "healthy" before the startup delay had expired.

Features
- The `podman container commit` command now features a `--config` option which accepts a filename containing a JSON-encoded container configuration to be merged in to the newly-created image.