<div class="container">
<h1>Security update for podman</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:20805-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-10-01T13:49:41Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1239088">bsc#1239088</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1242132">bsc#1242132</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1245320">bsc#1245320</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-6032.html">CVE-2025-6032</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-6032</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">9.0</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-6032</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-6032</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">8.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Micro 6.1</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves one vulnerability and has two fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update for podman fixes the following issues:</p>
<ul>
<li>CVE-2025-6032: Fixed machine init command failing to verify TLS
certificate (bsc#1245320)</li>
<li>Fix conditional Requires (remove deprecated sle_version macro)</li>
<li>
<p>Update to version 5.4.2:</p>
</li>
<li>
<p>Add release notes for v5.4.2</p>
</li>
<li>Fix a potential deadlock during <code>podman cp</code></li>
<li>Improve the file format documentation of podman-import.</li>
<li>Revert "podman-import only supports gz and tar"</li>
<li>Bump buildah to v1.39.4</li>
<li>libpod: do not cover idmapped mountpoint</li>
<li>test: Fix runc error message</li>
<li>oci: report empty exec path as ENOENT</li>
<li>test: adapt tests new crun error messages</li>
<li>test: remove duplicate test</li>
<li>cirrus: test only on f41/rawhide</li>
<li>CI: use z1d instance for windows machine testing</li>
<li>New images 2025-03-24</li>
<li>test/e2e: use go net.Dial() ov nc</li>
<li>test: use ncat over nc</li>
<li>New images 2025-03-12</li>
<li>RPM: Add riscv64 to ExclusiveArch-es</li>
<li>Fix HealthCheck log destination, count, and size defaults</li>
<li>Win installer test: hardcode latest GH release ID</li>
<li>Packit: Fix action script for fetching upstream commit</li>
<li>Bump to v5.4.2-dev</li>
<li>Bump to v5.4.1</li>
<li>update gvproxy version to 0.8.4</li>
<li>Update Buildah to v1.39.2</li>
<li>Update release notes for v5.4.1</li>
<li>Fix reporting summed image size for compat endpoint</li>
<li>podman-import only supports gz and tar</li>
<li>quadlet kube: correctly mark unit as failed</li>
<li>pkg/domain/infra/abi/play.go: fix two nilness issues</li>
<li>kube play: don't print start errors twice</li>
<li>libpod: race in WaitForConditionWithInterval()</li>
<li>libpod: race in WaitForExit() with autoremove</li>
<li>Don't try to resolve host path if copying to container from stdin.</li>
<li>Use svg for pkginstaller banner</li>
<li>Create quota before _data dir for volumes</li>
<li>Packit: clarify secondary status in CI</li>
<li>Packit/RPM: Display upstream commit SHA in all rpm builds</li>
<li>podman run: fix --pids-limit -1 wrt runc</li>
<li>vendor: update github.com/go-jose/go-jose/v3 to v3.0.4</li>
<li>chore(deps): update module github.com/go-jose/go-jose/v4 to v4.0.5 [security]</li>
<li>wire up --retry-delay for artifact pull</li>
<li>Revert "silence false positve from golangci-lint"</li>
<li>update golangci-lint to v1.64.4</li>
<li>update golangci-lint to v1.64.2</li>
<li>silence false positve from golangci-lint</li>
<li>cmd/podman: refactor Context handling</li>
<li>fix new usetesting lint issue</li>
<li>Packit/Copr: Fix <code>podman version</code> in rpm</li>
<li>Remove persist directory when cleaning up Conmon files</li>
<li>Bump to v5.4.1-dev</li>
<li>Bump to v5.4.0</li>
<li>Update release notes for v5.4.0 final</li>
<li>In SQLite state, use defaults for empty-string checks</li>
<li>Bump FreeBSD version to 13.4</li>
<li>docs: add v5.4 to API reference</li>
<li>Update rpm/podman.spec</li>
<li>RPM: set buildOrigin in LDFLAG</li>
<li>RPM: cleanup macro defs</li>
<li>Makefile: escape BUILD_ORIGIN properly</li>
<li>rootless: fix hang on s390x</li>
<li>Set Cirrus DEST_BRANCH appropriately to fix CI</li>
<li>Bump to v5.4.0-dev</li>
<li>Bump to v5.4.0-rc3</li>
<li>Update release notes for v5.4.0-rc3</li>
<li>Add BuildOrigin field to podman info</li>
<li>artifact: only allow single manifest</li>
<li>test/e2e: improve write/removeConf()</li>
<li>Add --noheading to artifact ls</li>
<li>Add --no-trunc to artifact ls</li>
<li>Add type and annotations to artifact add</li>
<li>pkg/api: honor cdi devices from the hostconfig</li>
<li>util: replace Walk with WalkDir</li>
<li>fix(pkg/rootless): avoid memleak during init() contructor.</li>
<li>Add <code>machine init --playbook</code></li>
<li>RPM: include empty check to silence rpmlint</li>
<li>RPM: adjust qemu dependencies</li>
<li>Force use of iptables on Windows WSL</li>
<li>rpm: add attr as dependency for podman-tests</li>
<li>update gvproxy version</li>
<li>[v5.4] Bump Buildah to v1.39.0</li>
<li>podman exec: correctly support detaching</li>
<li>libpod: remove unused ExecStartAndAttach()</li>
<li>[v5.4] Bump c/storage to v1.57.1, c/image v5.34.0, c/common v0.62.0</li>
<li>Move detection of libkrun and intel</li>
<li>Prevent two podman machines running on darwin</li>
<li>Remove unnecessary error handling</li>
<li>Remove usused Kind() function</li>
<li>Bump to v5.4.0-dev</li>
<li>Bump to v5.4.0-rc2</li>
<li>Update release notes for v5.4.0-rc2</li>
<li>Safer use of <code>filepath.EvalSymlinks()</code> on Windows</li>
<li>error with libkrun on intel-based machines</li>
<li>chore(deps): update dependency pytest to v8.3.4</li>
<li>test/buildah-bud: skip two new problematic tests on remote</li>
<li>Fix podman-restart.service when there are no containers</li>
<li>Avoid upgrading from v5.3.1 on Windows</li>
<li>Clean up after unexpectedly terminated build</li>
<li>system-tests: switch ls with getfattr for selinux tests</li>
<li>vendor latest c/{buildah,common,image,storage}</li>
<li>Makefile: Add validatepr description for 'make help' output</li>
<li>docs: Enhance podman build --secret documentation and add examples</li>
<li>docs: mount.md - idmapped mounts only work for root user</li>
<li>Define, and use, PodmanExitCleanlyWithOptions</li>
<li>Eliminate PodmanSystemdScope</li>
<li>Fix image ID query</li>
<li>Revert "Use the config digest to compare images loaded/pulled using different methods"</li>
<li>Update c/image after https://github.com/containers/image/pull/2613</li>
<li>Update expected errors when pulling encrypted images</li>
<li>Eliminate PodmanExtraFiles</li>
<li>Introduce PodmanTestIntegration.PodmanWithOptions</li>
<li>Restructure use of options</li>
<li>Inline PodmanBase into callers</li>
<li>Pass all of PodmanExecOptions to various [mM]akeOptions functions</li>
<li>Turn PodmanAsUserBase into PodmanExecBaseWithOptions</li>
<li>Avoid indirect links through quadlet(5)</li>
<li>do not set the CreateCommand for API users</li>
<li>Add podman manifest rm --ignore</li>
<li>Bump to v5.4.0-dev</li>
<li>Bump to v5.4.0-rc1</li>
<li>fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.2</li>
<li>podman artifact</li>
<li>vendor latest c/{common,image,storage}</li>
<li>fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.2</li>
<li>cirrus: bump macos machine test timeout</li>
<li>pkg/machine/e2e: improve podman.exe match</li>
<li>pkg/machine/e2e: improve "list machine from all providers"</li>
<li>Remove JSON tag from UseImageHosts in ContainerConfig</li>
<li>Set network ID if available during container inspect</li>
<li>Stop creating a patch for v5.3.1 upgrades on windows</li>
<li>compose docs: fix typo</li>
<li>Document kube-play CDI support</li>
<li>docs: Add quadlet debug method systemd-analyze</li>
<li>Replace instances of PodmanExitCleanly in play_kube_test.go</li>
<li>docs: add 'initialized' state to status filters</li>
<li>fix(deps): update module google.golang.org/protobuf to v1.36.3</li>
<li>Switch all calls of assert.Nil to assert.NoError</li>
<li>Add --no-hostname option</li>
<li>Fix unescaping octal escape sequence in values of Quadlet unit files</li>
<li>Remove <code>.exe</code> suffix if any</li>
<li>Add kube play support for CDI resource allocation</li>
<li>add support to <code>;</code> for comments in unit files as per systemd documentation</li>
<li>Use PodmanExitCleanly in attach_test.go</li>
<li>Introduce PodmanTestIntegration.PodmanExitCleanly</li>
<li>chore(deps): update dependency setuptools to ~=75.8.0</li>
<li>Add newer c/i to support artifacts</li>
<li>fix(deps): update module golang.org/x/tools to v0.29.0</li>
<li>fix(deps): update module golang.org/x/net to v0.34.0</li>
<li>specgenutil: Fix parsing of mount option ptmxmode</li>
<li>namespaces: allow configuring keep-id userns size</li>
<li>Update description for completion</li>
<li>Quadlet - make sure the /etc/containers/systemd/users is traversed in rootless</li>
<li>Document .build for Image .container option</li>
<li>fix(deps): update module github.com/vbauerster/mpb/v8 to v8.9.1</li>
<li>New VM Images</li>
<li>update golangci/golangci-lint to v1.63.4</li>
<li>fix(deps): update module google.golang.org/protobuf to v1.36.2</li>
<li>chore(deps): update dependency setuptools to ~=75.7.0</li>
<li>Fixing ~/.ssh/identity handling</li>
<li>vendor latest c/common from main</li>
<li>fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.12</li>
<li>fix(deps): update module github.com/opencontainers/runc to v1.2.4</li>
<li>specgen: fix comment</li>
<li>Add hint to restart Podman machine to really accept new certificates</li>
<li>fix(deps): update module github.com/onsi/gomega to v1.36.2</li>
<li>fix(deps): update module github.com/moby/term to v0.5.2</li>
<li>Pass container hostname to netavark</li>
<li>Fix slirp4netns typo in podman-network.1.md</li>
<li>Add support to ShmSize in Pods with Quadlet</li>
<li>fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.1</li>
<li>chore(deps): update module golang.org/x/crypto to v0.31.0 [security]</li>
<li>fix(deps): update module golang.org/x/net to v0.33.0 [security]</li>
<li>Kube volumes can not container _</li>
<li>fix(deps): update module github.com/docker/docker to v27.4.1+incompatible</li>
<li>test/system: fix "podman play --build private registry" error</li>
<li>test/system: CopyDirectory() do not chown files</li>
<li>test/system: remove system dial-stdio test</li>
<li>shell completion: respect CONTAINERS_REGISTRIES_CONF</li>
<li>fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.6</li>
<li>When generating host volumes for k8s, force to lowercase</li>
<li>test: enable newly added test</li>
<li>vfkit: Use 0.6.0 binary</li>
<li>gvproxy: Use 0.8.1 binary</li>
<li>systemd: simplify parser and fix infinite loop</li>
<li>Revert "win-installer test: revert to v5.3.0"</li>
<li>Avoid rebooting twice when installing WSL</li>
<li>Avoid rebooting on Windows when upgrading and WSL isn't installed</li>
<li>Add win installer patch</li>
<li>Bump WiX toolset version to 5.0.2</li>
<li>test/e2e: SkipOnOSVersion() add reason field</li>
<li>test/e2e: remove outdated SkipOnOSVersion() calls</li>
<li>Update VM images</li>
<li>fix(deps): update module golang.org/x/crypto to v0.31.0 [security]</li>
<li>fix(deps): update module github.com/crc-org/crc/v2 to v2.45.0</li>
<li>fix(deps): update module github.com/opencontainers/runc to v1.2.3</li>
<li>quadlet: fix inter-dependency of containers in <code>Network=</code></li>
<li>Add man pages to Mac installer</li>
<li>fix(deps): update module github.com/onsi/gomega to v1.36.1</li>
<li>fix(deps): update module github.com/docker/docker to v27.4.0+incompatible</li>
<li>Fix device limitations in podman-remote update on remote systems</li>
<li>Use latest version of VS BuildTools</li>
<li>bin/docker: fix broken escaping and variable substitution</li>
<li>manifest annotate: connect IndexAnnotations</li>
<li>Fix panic in <code>manifest annotate --index</code></li>
<li>fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.5</li>
<li>fix(deps): update module golang.org/x/net to v0.32.0</li>
<li>fix(deps): update module golang.org/x/tools to v0.28.0</li>
<li>fix(deps): update module golang.org/x/crypto to v0.30.0</li>
<li>fix(deps): update module golang.org/x/sys to v0.28.0</li>
<li>Fix overwriting of LinuxResources structure in the database</li>
<li>api: replace inspectID with name</li>
<li>fix(deps): update github.com/opencontainers/runtime-tools digest to f7e3563</li>
<li>Replace ExclusiveArch with ifarch</li>
<li>fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.1</li>
<li>Improve platform specific URL handling in <code>podman compose</code> for machines</li>
<li>Fix <code>podman info</code> with multiple imagestores</li>
<li>Switch to fixed common</li>
<li>refact: use uptime.minutes instead of uptime.seconds</li>
<li>fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.11</li>
<li>fix(deps): update golang.org/x/exp digest to 2d47ceb</li>
<li>fix(deps): update github.com/godbus/dbus/v5 digest to c266b19</li>
<li>Cover Unix socket in inpect test on Windows platform</li>
<li>Add a test for forcing compression and v2s2 format</li>
<li>fix(deps): update module github.com/crc-org/vfkit to v0.6.0</li>
<li>Package podman-machine on supported architectures only.</li>
<li>Fixes missing binary in systemd.</li>
<li>stats: ignore errors from containers without cgroups</li>
<li>api: Error checking before NULL dereference</li>
<li>[skip-ci] Packit/copr: switch to fedora-all</li>
<li>make remotesystem: fail early if serial tests fail</li>
<li>spec: clamp rlimits without CAP_SYS_RESOURCE</li>
<li>Clarify the reason for skip_if_remote</li>
<li>Sanity-check that the test is really using partial pulls</li>
<li>Fix apparent typos in zstd:chunked tests</li>
<li>Fix compilation issues in QEMU machine files (Windows platform)</li>
<li>Mount volumes before copying into a container</li>
<li>Revert "libpod: remove shutdown.Unregister()"</li>
<li>docs: improve documentation for internal networks</li>
<li>docs: document bridge mode option</li>
<li>[skip-ci] Packit: remove epel and re-enable c9s</li>
<li>chore(deps): update dependency golangci/golangci-lint to v1.62.2</li>
<li>vendor: update containers/common</li>
<li>OWNERS: remove edsantiago</li>
<li>fix(deps): update module github.com/onsi/gomega to v1.36.0</li>
<li>fix(deps): update github.com/containers/common digest to ceceb40</li>
<li>refact: EventerType and improve consistency</li>
<li>Add --hosts-file flag to container and pod commands</li>
<li>Add nohosts option to /build and /libpod/build</li>
<li>fix(deps): update module github.com/stretchr/testify to v1.10.0</li>
<li>Quadlet - Use = sign when setting the pull arg for build</li>
<li>win-installer test: revert to v5.3.0</li>
<li>fix(deps): update module github.com/crc-org/crc/v2 to v2.44.0</li>
<li>fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.0</li>
<li>chore(deps): update dependency setuptools to ~=75.6.0</li>
<li>Update windows installer tests</li>
<li>Windows: don't install WSL/HyperV on update</li>
<li>Switch to non-installing WSL by default</li>
<li>fix(deps): update github.com/containers/buildah digest to 52437ef</li>
<li>Configure HealthCheck with <code>podman update</code></li>
<li>CI: --image-volume test: robustify</li>
<li>docs: add 5.3 as Reference version</li>
<li>Bump CI VMs</li>
<li>libpod: pass down NoPivotRoot to Buildah</li>
<li>vendor: bump containers/buildah</li>
<li>fix(deps): update module github.com/opencontainers/runc to v1.2.2</li>
<li>Overlay mounts supersede image volumes & volumes-from</li>
<li>libpod: addHosts() prevent nil deref</li>
<li>only read ssh_config for non machine connections</li>
<li>ssh_config: allow IdentityFile file with tilde</li>
<li>ssh_config: do not overwrite values from config file</li>
<li>connection: ignore errors when parsing ssh_config</li>
<li>Bump bundled krunkit to 0.1.4</li>
<li>fix(deps): update module google.golang.org/protobuf to v1.35.2</li>
<li>add support for driver-specific options during container creation</li>
<li>doc: fix words repetitions</li>
<li>Update release notes on main for v5.3.0</li>
<li>chore(deps): update dependency setuptools to ~=75.5.0</li>
<li>CI: system tests: parallelize 010</li>
<li>fix podman machine init --ignition-path</li>
<li>vendor: update containers/common</li>
<li>spec: clamp rlimits in a userns</li>
<li>Add subpath support to volumes in <code>--mount</code> option</li>
<li>refactor: simplify LinuxNS type definition and String method</li>
<li>test/e2e: remove FIPS test</li>
<li>vendor containers projects to tagged versions</li>
<li>fix(deps): update module github.com/moby/sys/capability to v0.4.0</li>
<li>chore(deps): update dependency setuptools to ~=75.4.0</li>
<li>system tests: safer install_kube_template()</li>
<li>Buildah treadmill tweaks</li>
<li>update golangci-lint to v1.62.0</li>
<li>fix(deps): update module golang.org/x/net to v0.31.0</li>
<li>fix(deps): update module golang.org/x/tools to v0.27.0</li>
<li>Revert "Reapply "CI: test nftables driver on fedora""</li>
<li>Yet another bump, f41 with fixed kernel</li>
<li>test: add zstd:chunked system tests</li>
<li>pkg/machine/e2e: remove dead code</li>
<li>fix(deps): update module golang.org/x/crypto to v0.29.0</li>
<li>kube SIGINT system test: fix race in timeout handling</li>
<li>New <code>system connection add</code> tests</li>
<li>Update codespell to v2.3.0</li>
<li>Avoid printing PR text to stdout in system test</li>
<li>Exclude symlink from pre-commit end-of-file-fixer</li>
<li>api: Add error check</li>
<li>[CI:ALL] Bump main to v5.4.0-dev</li>
<li>test/buildah-bud: build new inet helper</li>
<li>test/system: add regression test for TZDIR local issue</li>
<li>vendor latest c/{buildah,common,image,storage}</li>
<li>Reapply "CI: test nftables driver on fedora"</li>
<li>Revert "cirrus: test only on f40/rawhide"</li>
<li>test f41 VMs</li>
<li>AdditionalSupport for SubPath volume mounts</li>
<li>wsl-e2e: Add a test to ensure port 2222 is free with usermode networking</li>
<li>winmake.ps1: Fix the syntax of the function call Win-SSHProxy</li>
<li>volume ls: fix race that caused it to fail</li>
<li>gvproxy: Disable port-forwarding on WSL</li>
<li>build: update gvisor-tap-vsock to 0.8.0</li>
<li>podman: update roadmap</li>
<li>Log network creation and removal events in Podman</li>
<li>libpod: journald do not lock thread</li>
<li>Add key to control if a container can get started by its pod</li>
<li>Honor users requests in quadlet files</li>
<li>CI: systests: workaround for parallel podman-stop flake</li>
<li>Fix inconsistent line ending in win-installer project</li>
<li>fix(deps): update module github.com/opencontainers/runc to v1.2.1</li>
<li>Quadlet - support image file based mount in container file</li>
<li>API: container logs flush status code</li>
<li>rework event code to improve API errors</li>
<li>events: remove memory eventer</li>
<li>libpod: log file use Wait() over event API</li>
<li>Makefile: vendor target should always remove toolchain</li>
<li>cirrus: check consitent vendoring in test/tools</li>
<li>test/tools/go.mod: remove toolchain</li>
<li>fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.10</li>
<li>fix(deps): update module github.com/onsi/gomega to v1.35.1</li>
<li>doc: explain --interactive in more detail</li>
<li>fix(deps): update golang.org/x/exp digest to f66d83c</li>
<li>fix(deps): update github.com/opencontainers/runtime-tools digest to 6c9570a</li>
<li>fix(deps): update github.com/linuxkit/virtsock digest to cb6a20c</li>
<li>add default polling interval to Container.Wait</li>
<li>Instrument cleanup tracer to log weird volume removal flake</li>
<li>make podman-clean-transient.service work as user</li>
<li>Add default remote socket path if empty</li>
<li>Use current user if no user specified</li>
<li>Add support for ssh_config for connection</li>
<li>libpod: use pasta Setup() over Setup2()</li>
<li>fix(deps): update module github.com/onsi/ginkgo/v2 to v2.21.0</li>
<li>fix(deps): update module github.com/onsi/gomega to v1.35.0</li>
<li>logformatter: add cleanup tracer log link</li>
<li>docs: fix broken example</li>
<li>docs: add missing swagger links for the stable branches</li>
<li>readthedocs: build extra formats</li>
<li>pkg/machine/e2e: remove debug</li>
<li>fix(docs): Integrate pasta in rootless tutorial</li>
<li>chore(deps): update dependency setuptools to ~=75.3.0</li>
<li>libpod: report cgroups deleted during Stat() call</li>
<li>chore: fix some function names in comment</li>
<li>CI: parallelize 450-interactive system tests</li>
<li>CI: parallelize 520-checkpoint tests</li>
<li>CI: make 070-build.bats use safe image names</li>
<li>test/system: add podman network reload test to distro gating</li>
<li>System tests: clean up unit file leaks</li>
<li>healthcheck: do not leak service on failed stop</li>
<li>healthcheck: do not leak statup service</li>
<li>fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.0</li>
<li>Add Startup HealthCheck configuration to the podman inspect</li>
<li>buildah version display: use progress()</li>
<li>new showrun() for displaying and running shell commands</li>
<li>Buildah treadmill: redo the .cirrus.yml tweaks</li>
<li>Buildah treadmill: more allow-empty options</li>
<li>Buildah treadmill: improve test-failure instructions</li>
<li>Buildah treadmill: improve wording in test-fail instructions</li>
<li>doc: Remove whitespace before comma</li>
<li>fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.3.0</li>
<li>ps: fix display of exposed ports</li>
<li>ps: do not loop over port protocol</li>
<li>readme: Add reference to pasta in the readme</li>
<li>test/system: Fix spurious "duplicate tests" failures in pasta tests</li>
<li>Improve "podman load - from URL"</li>
<li>Try to repair c/storage after removing an additional image store</li>
<li>Use the config digest to compare images loaded/pulled using different methods</li>
<li>Simplify the additional store test</li>
<li>Fix the store choice in "podman pull image with additional store"</li>
<li>Bump to v5.3.0-dev</li>
<li>Bump to v5.3.0-rc1</li>
<li>Set quota on volume root directory, not _data</li>
<li>fix(deps): update module github.com/opencontainers/runc to v1.2.0</li>
<li>test: set soft ulimit</li>
<li>Vagrantfile: Delete</li>
<li>Enable pod restore with crun</li>
<li>vendor: update c/{buildah,common,image,storage}</li>
<li>Fix 330-corrupt-images.bats in composefs test runs</li>
<li>quadlet: add default network dependencies to all units</li>
<li>quadlet: ensure user units wait for the network</li>
<li>add new podman-user-wait-network-online.service</li>
<li>contrib/systemd: switch user symlink for file symlinks</li>
<li>Makefile: remove some duplication from install.systemd</li>
<li>contrib/systemd: move podman-auto-update units</li>
<li>quadlet: do not reject RemapUsers=keep-id as root</li>
<li>test/e2e: test quadlet with and without --user</li>
<li>CI: e2e: fix checkpoint flake</li>
<li>APIv2 test fix: image history</li>
<li>pasta udp tests: new bytecheck helper</li>
<li>Document packaging process</li>
<li>[skip-ci] RPM: remove dup Provides</li>
<li>Update dependency setuptools to ~=75.2.0</li>
<li>System tests: safer pause-image creation</li>
<li>Update module github.com/opencontainers/selinux to v1.11.1</li>
<li>Added escaping to invoked powershell command for hyperv stubber.</li>
<li>use slices.Clone instead of assignment</li>
<li>libpod API: only return exit code without conditions</li>
<li>Housekeeping: remove duplicates from success_task</li>
<li>Thorough overhaul of CONTRIBUTING doc.</li>
<li>api: Replace close function in condition body</li>
<li>test/e2e: fix default signal exit code test</li>
<li>Test new VM build</li>
<li>CI: fix changing-rootFsSize flake</li>
<li>scp: add option types</li>
<li>Unlock mutex before returning from function</li>
<li>Note in the README that we are moving to timed releases</li>
<li>cirrus: let tar extract figure out the compression</li>
<li>Make error messages more descriptive</li>
<li>Mention containers.conf settings for podman machine commands</li>
<li>[skip-ci] Packit: re-enable CentOS Stream 10/Fedora ELN teasks"</li>
<li>cmd: use logrus to print error</li>
<li>podman: do not set rlimits to the default value</li>
<li>spec: always specify default rlimits</li>
<li>vendor: update containers/common</li>
<li>Note in the README that we are moving to timed releases</li>
<li>Revert "CI: test nftables driver on fedora"</li>
<li>cirrus: use zstd over bzip2 for repo archive</li>
<li>cirrus: use shared repo_prep/repo_artifacts scripts</li>
<li>cirrus: speed up postbuild</li>
<li>cirrus: change alt arch task to only compile binaries</li>
<li>cirrus: run make with parallel jobs where useful</li>
<li>Makefile: allow man-page-check to be run in parallel</li>
<li>cirrus: use fastvm for builds</li>
<li>test/e2e: skip some Containerized checkpoint tests</li>
<li>test: update timezone checks</li>
<li>cirrus: update CI images</li>
<li>test/e2e: try debug potential pasta issue</li>
<li>CI: quadlet system tests: use airgapped testimage</li>
<li>Allow removing implicit quadlet systemd dependencies</li>
<li>fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.4</li>
<li>libpod API: make wait endpoint better against rm races</li>
<li>podman-remote run: improve how we get the exit code</li>
<li>[skip-ci] Packit: constrain koji and bodhi jobs to fedora package to avoid dupes</li>
<li>055-rm test: clean up a test, and document</li>
<li>CI: remove skips for libkrun</li>
<li>Bump bundled krunkit to 0.1.3</li>
<li>fix(deps): update module google.golang.org/protobuf to v1.35.0</li>
<li>fix(deps): update module golang.org/x/net to v0.30.0</li>
<li>server: fix url parsing in info</li>
<li>fix(deps): update module golang.org/x/tools to v0.26.0</li>
<li>Makefile: fix ginkgo FOCUS option</li>
<li>fix(deps): update module golang.org/x/crypto to v0.28.0</li>
<li>podman-systemd.unit.5: adjust example options</li>
<li>docs: prefer --network to --net</li>
<li>fix(deps): update module golang.org/x/term to v0.25.0</li>
<li>fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.24</li>
<li>fix(deps): update module golang.org/x/sys to v0.26.0</li>
<li>OWNERS file audit and update</li>
<li>Exposed ports are only included when not --net=host</li>
<li>libpod: hasCurrentUserMapped checks for gid too</li>
<li>[CI:DOCS] Document TESTFLAGS in test README file</li>
<li>Validate the bind-propagation option to <code>--mount</code></li>
<li>Fix typo in secret inspect examples</li>
<li>Mention <code>no_hosts</code> and <code>base_hosts_file</code> configs in CLI option docs</li>
<li>Fixes for vendoring Buildah</li>
<li>vendor: update buildah to latest</li>
<li>Makefile - silence skipped tests when focusing on a file</li>
<li>vendor: update to latest c/common</li>
<li>Quadlet - prefer "param val" over "param=val" to allow env expansion</li>
<li>System tests: sdnotify: wait for socket file creation</li>
<li>Switch to moby/sys/capability</li>
<li>platformInspectContainerHostConfig: rm dead code</li>
<li>CI: require and test CI_DESIRED_NETWORK on RHEL</li>
<li>Add ExposedPorts to Inspect's ContainerConfig</li>
<li>fix(deps): update golang.org/x/exp digest to 701f63a</li>
<li>quadlet: allow variables in PublishPort</li>
<li>fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.9</li>
<li>fix(deps): update github.com/godbus/dbus/v5 digest to a817f3c</li>
<li>Document that zstd:chunked is downgraded to zstd when encrypting</li>
<li>fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.3</li>
<li>chore(deps): update dependency ubuntu to v24</li>
<li>rpm: do not load iptables modules on f41+</li>
<li>adding docs for network-cmd-path</li>
<li>Include exposed ports in inspect output when net=host</li>
<li>feat(libpod): support kube play tar content-type (#24015)</li>
<li>podman mount: some better error wrapping</li>
<li>podman mount: ignore ErrLayerUnknown</li>
<li>Quadlet - make sure the order of the UnitsDir is deterministic</li>
<li>packit: disable Centos Stream/fedora ELN teasks</li>
<li>libpod: remove shutdown.Unregister()</li>
<li>libpod: rework shutdown handler flow</li>
<li>libpod: ensure we are not killed during netns creation</li>
<li>Update module github.com/moby/sys/capability to v0.3.0</li>
<li>Update documentation of <code>--no-hosts</code>, <code>--hostname</code>, and <code>--name</code> CLI options</li>
<li>Update documentation of <code>--add-host</code> CLI option</li>
<li>System tests: set a default XDG_RUNTIME_DIR</li>
<li>Modify machine "Remove machine" test</li>
<li>CORS system test: clean up</li>
<li>Add --health-max-log-count, --health-max-log-size, --health-log-destination flags</li>
<li>troubleshooting: adjust home path in tip 44</li>
<li>test/system: For pasta port forwarding tests don't bind socat server</li>
<li>Update connection on removal</li>
<li>Simplify <code>RemoveConnections</code></li>
<li>Move <code>DefaultMachineName</code> to <code>pkg/machine/define</code></li>
<li>vendor: update containers/image</li>
<li>vendor: update containers/storage</li>
<li>CI: skip the flaking quadlet test</li>
<li>CI: make systemd tests parallel-safe (*)</li>
<li>CI: run and collect cleanup tracer logs</li>
<li>add epbf program to trace podman cleanup errors</li>
<li>CI: parallelize logs test as much as possible</li>
<li>CI: format test: use local registry if available</li>
<li>CI: make 700-play parallel-safe</li>
<li>docs: Fix missing negation</li>
<li>bin/docker support warning message suppression from user config dir</li>
<li>Update module github.com/docker/docker to v27.3.1+incompatible</li>
<li>Quadlet - add full support for Symlinks</li>
<li>libpod: setupNetNS() correctly mount netns</li>
<li>vendor latest c/common</li>
<li>docs: remove usage of deprecated <code>--storage</code></li>
<li>Update module github.com/docker/docker to v27.3.0+incompatible</li>
<li>CI: Quadlet rootfs test: use container image as rootfs</li>
<li>CI: system test registry: use --net=host</li>
<li>CI: rm system test: bump grace period</li>
<li>CI: system tests: minor documentation on parallel</li>
<li>fix typo in error message Fixes: containers/podman#24001</li>
<li>CI: system tests: always create pause image</li>
<li>CI: quadlet system test: be more forgiving</li>
<li>vendor latest c/common</li>
<li>CI: make 200-pod parallel-safe</li>
<li>allow exposed sctp ports</li>
<li>test/e2e: add netns leak check</li>
<li>test/system: netns leak check for rootless as well</li>
<li>test/system: Improve TODO comments on IPv6 pasta custom DNS forward test</li>
<li>test/system: Clarify "Local forwarder" pasta tests</li>
<li>test/system: Simplify testing for nameserver connectivity</li>
<li>test/system: Consolidate "External resolver" pasta tests</li>
<li>test/system: Move test for default forwarder into its own case</li>
<li>CI: make 090-events parallel-safe</li>
<li>Misc minor test fixes</li>
<li>Add network namespace leak check</li>
<li>Add workaround for buildah parallel bug</li>
<li>registry: lock start attempts</li>
<li>Update system test template and README</li>
<li>bats log: differentiate parallel tests from sequential</li>
<li>ci: bump system tests to fastvm</li>
<li>clean_setup: create pause image</li>
<li>CI: make 012-manifest parallel-safe</li>
<li>podman-manifest-remove: update docs and help output</li>
<li>test/system: remove wait workaround</li>
<li>wait: fix handling of multiple conditions with exited</li>
<li>Match output of Compat Top API to Docker</li>
<li>system test parallelization: enable two-pass approach</li>
<li>New VMs: test crun 1.17</li>
<li>libpod: hides env secrets from container inspect</li>
<li>CI: e2e: workaround for events out-of-sequence flake</li>
<li>update golangci-lint to 1.61.0</li>
<li>libpod: convert owner IDs only with :idmap</li>
<li>Podman CLI --add-host with multiple host for a single IP</li>
<li>Quadlet - Split getUnitDirs to small functions</li>
<li>fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.5</li>
<li>chore(deps): update dependency setuptools to ~=75.1.0</li>
<li>Fxi typo in cache-ttl.md</li>
<li>Get WSL disk as an OCI artifact</li>
<li>CI: make 260-sdnotify parallel-safe</li>
<li>quadlet: do not log ENOENT errors</li>
<li>pkg/specgen: allow pasta when running inside userns</li>
<li>troubleshooting: add tip about the user containers</li>
<li>chore(deps): update dependency setuptools to v75</li>
<li>Convert windows paths in volume arg of the build command</li>
<li>Improve error when starting multiple machines</li>
<li>fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.2</li>
<li>Minor typo noticed when reading podman man page</li>
<li>Remove <code>RemoveFilesAndConnections</code></li>
<li>Add <code>GetAllMachinesAndRootfulness</code></li>
<li>rewrite typo osascript</li>
<li>typo</li>
<li>fix(deps): update module github.com/docker/docker to v27.2.1+incompatible</li>
<li>Add radio buttons to select WSL or Hyper-V in windows setup.exe</li>
<li>[skip-ci] Packit: split out ELN jobs and reuse fedora downstream targets</li>
<li>[skip-ci] Packit: Enable sidetags for bodhi updates</li>
<li>vendor: update c/common</li>
<li>CI: make 710-kube parallel-safe</li>
<li>CI: mark 320-system-df <em>NOT</em> parallel safe</li>
<li>Add kube play support for image volume source</li>
<li>refactor: add sshClient function</li>
<li>fix(deps): update module golang.org/x/tools to v0.25.0</li>
<li>CI: make 505-pasta parallel safe</li>
<li>CI: make 020-tag parallel-safe</li>
<li>CI: make 410-selinux parallel-safe</li>
<li>Bump VMs. ShellCheck is now built-in</li>
<li>troubleshooting: add tip about auto, keep-id, nomap</li>
<li>libpod: make use of new pasta option from c/common</li>
<li>vendor latest c/common</li>
<li>podman images: sort repository with tags</li>
<li>Remove containers/common/pkg/config from pkg/util</li>
<li>fix(deps): update module golang.org/x/net to v0.29.0</li>
<li>fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.23</li>
<li>fix(deps): update module golang.org/x/crypto to v0.27.0</li>
<li>Fix CI</li>
<li>Detect and fix typos using codespell</li>
<li>Fix typo: replace buildin with built-in</li>
<li>Add codespell config, pre-commit definition, and move options from Makefile</li>
<li>prune: support clearing build cache using CleanCacheMount</li>
<li>test/e2e: fix network prune flake</li>
<li>Add support for Job to kube generate & play</li>
<li>Add podman-rootless.7 man page</li>
<li>Add DNS, DNSOption and DNSSearch to quadlet pod</li>
<li>podman.1.md: improve policy.json section</li>
<li>e2e: flake fix: SIGPIPE in hook test</li>
<li>libpod: fix rootless cgroup path with --cgroup-parent</li>
<li>vendor: update c/storage</li>
<li>CI: make 055-rm parallel-safe</li>
<li>CI: make 130-kill parallel-safe</li>
<li>CI: make 125-import parallel-safe</li>
<li>CI: make 110-history parallel-safe</li>
<li>CI: system tests: parallelize low-hanging fruit</li>
<li>Add disclaimer to <code>podman machine info</code> manpage.</li>
<li>man pages: refactor two more options</li>
<li>update github.com/opencontainers/runc to v1.2.0-rc.3</li>
<li>update go.etcd.io/bbolt to v1.3.11</li>
<li>update github.com/onsi/{ginkgo,gomega}</li>
<li>Update module github.com/shirou/gopsutil to v4</li>
<li>packit: update fedora and epel targets</li>
<li>bump go to 1.22</li>
<li>cirrus: test only on f40/rawhide</li>
<li>cirrus: remove CI_DESIRED_NETWORK reference</li>
<li>cirrus: prebuild use f40 for extra tests</li>
<li>chore(deps): update dependency setuptools to ~=74.1.0</li>
<li>libpod: fix HostConfig.Devices output from 'podman inspect' on FreeBSD</li>
<li>fix(deps): update golang.org/x/exp digest to 9b4947d</li>
<li>Implement publishing API UNIX socket on Windows platforms</li>
<li>Vendor c/common:8483ef6022b4</li>
<li>quadlet: support container network reusing</li>
<li>docs: update read the docs changes</li>
<li>CI: parallel-safe network system test</li>
<li>Quadlet - Support multiple image tags in .build files</li>
<li>fix(deps): update module github.com/vbauerster/mpb/v8 to v8.8.3</li>
<li>cirrus: remove _bail_if_test_can_be_skipped</li>
<li>cirrus: move renovate check into validate</li>
<li>cirrus: remove 3rd party connectivity check</li>
<li>cirrus: remove cross jobs for aarch64 and x86_64</li>
<li>cirrus: do not upload alt arch cross artifacts</li>
<li>cirrus: remove ginkgo-e2e.json artifact</li>
<li>cirrus: fix default timeouts</li>
<li>github: remove fcos-podman-next-build-prepush</li>
<li>Clarify podman machine volume mounting behavior under WSL</li>
<li>machine: Add -all-providers flag to machine list</li>
<li>Create a podman-troubleshooting man page</li>
<li>chore(deps): update dependency setuptools to v74</li>
<li>fix(deps): update module github.com/docker/docker to v27.2.0+incompatible</li>
<li>Fix an improperly ignored error in SQLite</li>
<li>CI: flake workaround: ignore socat waitpid warnings</li>
<li>fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.1</li>
<li>Stop skipping machine volume test on Hyper-V</li>
<li>cleanup: add new --stopped-only option</li>
<li>fix races in the HTTP attach API</li>
<li>cirrus: skip windows/macos machine task on RHEL branches</li>
<li>Update module github.com/containers/gvisor-tap-vsock to v0.7.5</li>
<li>run: fix detach passthrough and --rmi</li>
<li>podman run: ignore image rm error</li>
<li>Add support for AddHost in quadlet .pod and .container</li>
<li>[CI:DOCS] Update dependency golangci/golangci-lint to v1.60.3</li>
<li>update github.com/vishvananda/netlink to v1.3.0</li>
<li>build: Update gvisor-tap-vsock to 0.7.5</li>
<li>Quote systemd DefaultEnvironment Proxy values, as documented in systemd.conf man page:</li>
<li>fix typo in podman-network-create.1.md</li>
<li>Use HTTP path prefix of TCP connections to match Docker context behavior</li>
<li>Makefile: remotesystem: use real podman server, no --url</li>
<li>Update module github.com/openshift/imagebuilder to v1.2.15</li>
<li>CI: parallel-safe userns test</li>
<li>Update module github.com/onsi/ginkgo/v2 to v2.20.1</li>
<li>Add support for IP in quadlet .pod files</li>
<li>Specify format to use for referencing fixed bugs.</li>
<li>CI: parallel-safe run system test</li>
<li>Revert "test/e2e: work around for pasta issue"</li>
<li>CI: On vX.Y-rhel branches, ensure that some downstream Jira issue is linked</li>
<li>quadlet: support user mapping in pod unit</li>
<li>Update Release Process</li>
<li>Test new VM build</li>
<li>command is not optional to podman exec</li>
<li>CI: parallel-safe namespaces system test</li>
<li>[CI:DOCS] Update dependency golangci/golangci-lint to v1.60.2</li>
<li>quadlet: add key CgroupsMode</li>
<li>Fix <code>podman stop</code> and <code>podman run --rmi</code></li>
<li>quadlet: set infra name to %s-infra</li>
<li>chore(deps): update dependency setuptools to v73</li>
<li>[skip-ci] Packit: update targets for propose-downstream</li>
<li>Do not segfault on hard stop</li>
<li>Fix description of :Z to talk about pods</li>
<li>CI: disable ginkgo flake retries</li>
<li>vendor: update go-criu to latest</li>
<li>golangci-lint: make darwin linting happy</li>
<li>golangci-lint: make windows linting happy</li>
<li>test/e2e: remove kernel version check</li>
<li>golangci-lint: remove most skip dirs</li>
<li>set !remote build tags where needed</li>
<li>update golangci-lint to 1.60.1</li>
<li>test/e2e: rm systemd start test</li>
<li>fix(deps): update module github.com/vbauerster/mpb/v8 to v8.8.1</li>
<li>podman wait: allow waiting for removal of containers</li>
<li>libpod: remove UpdateContainerStatus()</li>
<li>podman mount: fix storage/libpod ctr race</li>
<li>CI: quadlet tests: make parallel-safe</li>
<li>CI: system tests: make random_free_port() parallel-safe</li>
<li>remove trailing comma in example</li>
<li>CI: format test: make parallel-safe</li>
<li>Fix podman-docker.sh under -eu shells (fixes #23628)</li>
<li>docs: update podman-wait man page</li>
<li>libpod: remove duplicated HasVolume() check</li>
<li>podman volume rm --force: fix ABBA deadlock</li>
<li>test/system: fix network cleanup restart test</li>
<li>libpod: do not stop pod on init ctr exit</li>
<li>libpod: simplify WaitForExit()</li>
<li>CI: remove build-time quay check</li>
<li>Fix known_hosts file clogging and remote host id</li>
<li>Update docker.io/library/golang Docker tag to v1.23</li>
<li>Update dependency setuptools to ~=72.2.0</li>
<li>Update module github.com/docker/docker to v27.1.2+incompatible</li>
<li>healthcheck system check: reduce raciness</li>
<li>CI: healthcheck system test: make parallel-safe</li>
<li>Validate renovate config in every PR</li>
<li>pkg/machine: Read stderr from ssh-keygen correctly</li>
<li>Fix renovate config syntax error</li>
<li>CI: 080-pause.bats: make parallel-safe</li>
<li>CI: 050-stop.bats: make parallel-safe</li>
<li>Additional potential race condition on os.Readdir</li>
<li>pkg/bindings/containers: handle ignore for stop</li>
<li>remote: fix invalid --cidfile + --ignore</li>
<li>Update/simplify renovate config header comment</li>
<li>Migrate renovate config to latest schema</li>
<li>Fix race condition when listing /dev</li>
<li>docs/podman-systemd: Try to clarify <code>Exec=</code> more</li>
<li>libpod: reset state error on init</li>
<li>test/system: pasta_test_do add explicit port check</li>
<li>test/e2e: work around new push warning</li>
<li>vendor: update c/common to latest</li>
<li>stopIfOnlyInfraRemains: log all errors</li>
<li>libpod: do not save expected stop errors in ctr state</li>
<li>libpod: fix broken saveContainerError()</li>
<li>Quadlet: fix filters failure when the search paths are symlinks</li>
<li>readme: replace GPG with PGP</li>
<li>Drop APIv2 CNI configuration</li>
<li>De-duplicate docker-py testing</li>
<li>chore(podmansnoop): explain why crun comm is 3</li>
<li>libpod: cleanupNetwork() return error</li>
<li>fix(deps): update module golang.org/x/sys to v0.24.0</li>
<li>Reduce python APIv2 test net dependency</li>
<li>Fix not testing registry.conf updates</li>
<li>test/e2e: improve command timeout handling</li>
<li>Update module github.com/onsi/ginkgo/v2 to v2.20.0</li>
<li>Update module github.com/moby/sys/user to v0.3.0</li>
<li>Add passwd validate and generate steps</li>
<li>podman container cleanup: ignore common errors</li>
<li>Quadlet - Allow the user to override the default service name</li>
<li>CI: e2e: serialize root containerPort tests</li>
<li>Should not force conversion of manifest type to DockerV2ListMediaType</li>
<li>fix(deps): update module golang.org/x/tools to v0.24.0</li>
<li>fix(deps): update github.com/containers/common digest to 05b2e1f</li>
<li>CI: mount system test: parallelize</li>
<li>Update module golang.org/x/net to v0.28.0</li>
<li>Ignore ERROR_SHARING_VIOLATION error on windows</li>
<li>CI: manifest system tests: make parallel-safe</li>
<li>Create volume path before state initialization</li>
<li>vendor: update c/storage</li>
<li>CI: fix broken libkrun test</li>
<li>test/e2e: work around for pasta issue</li>
<li>test/e2e: fix missing exit code checks</li>
<li>Test new CI images</li>
<li>Remove another race condition when mounting containers or images</li>
<li>fix(deps): update github.com/containers/common digest to c0cc6b7</li>
<li>Change Windows installer MajorUpgrade Schedule</li>
<li>Ignore missing containers when calling GetExternalContainerLists</li>
<li>Remove runc edit to lock to specific version</li>
<li>fix(deps): update module golang.org/x/sys to v0.23.0</li>
<li>CI: podman-machine: do not use cache registry</li>
<li>CI: completion system test: use safename</li>
<li>Temporarly disable failing Windows Installer CI test</li>
<li>libpod: fix volume copyup with idmap</li>
<li>libpod: avoid hang on errors</li>
<li>Temp. disable PM basic Volume ops test</li>
<li>Add libkrun Mac task</li>
<li>Never skip checkout step in release workflow</li>
<li>System tests: leak_test: readable output</li>
<li>fix(deps): update github.com/docker/go-plugins-helpers digest to 45e2431</li>
<li>vendor: bump c/common</li>
<li>Version: bump to v5.3.0-dev</li>
<li>libpod: inhibit SIGTERM during cleanup()</li>
<li>Tweak versions in register_images.go</li>
<li>fix network cleanup flake in play kube</li>
<li>WIP: Fixes for vendoring Buildah</li>
<li>Add --compat-volumes option to build and farm build</li>
<li>Bump to Buildah v1.37.0</li>
<li>Quadlet test - Split between success, warning and error cases</li>
<li>libpod: bind ports before network setup</li>
<li>Disable compose-warning-logs if PODMAN_COMPOSE_WARNING_LOGS=false</li>
<li>Use new syntax for selinux options in quadlet</li>
<li>fix(deps): update module github.com/onsi/gomega to v1.34.1</li>
<li>CI: kube test: fix broken external-storage test</li>
<li>Update dependency setuptools to v72</li>
<li>Convert additional build context paths on Windows</li>
<li>pkg/api: do not leak config pointers into specgen</li>
<li>Quadlet - Allow the user to set the service name for .pod files</li>
<li>Quadlet tests - allow overriding the expected service name</li>
<li>fix(deps): update module github.com/moby/sys/user to v0.2.0</li>
<li>fix(deps): update module github.com/vbauerster/mpb/v8 to v8.7.5</li>
<li>CI: enable root user namespaces</li>
<li>libpod: force rootfs for OCI path with idmap</li>
<li>fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.1</li>
<li>Add test steps for automount with multi images</li>
<li>CI: cp tests: use safename</li>
<li>[skip-ci] RPM: podman-iptables.conf only on Fedora</li>
<li>CI: 700-play: fix a leaked non-safename</li>
<li>test: check that kube generate/play restores the userns</li>
<li>test: disable artifacts cache with composefs</li>
<li>test: fix podman pull tests</li>
<li>vendor: bump c/storage</li>
<li>Update module github.com/cyphar/filepath-securejoin to v0.3.1</li>
<li>Add /run/containers/systemd, ${XDG_RUNTIME_DIR}/containers/systemd quadlet dirs</li>
<li>build: Update gvisor-tap-vsock to 0.7.4</li>
<li>test/system: fix borken pasta interface name checks</li>
<li>test/system: fix bridge host.containers.internal test</li>
<li>api: honor the userns for the infra container</li>
<li>play: handle 'private' as 'auto'</li>
<li>kube: record infra user namespace</li>
<li>infra: user ns annotation higher precedence</li>
<li>specgenutil: record the pod userns in the annotations</li>
<li>kube: invert branches</li>
<li>CI: system log test: use safe names</li>
<li>Update encryption tests to avoid a warning if zstd:chunked is the default</li>
<li>Fix "podman pull and decrypt"/"from local registry"</li>
<li>Use unique image names for the encrypted test images</li>
<li>CI: system tests: instrument to allow failure analysis</li>
<li>Fix outdated comment for the build step win-gvproxy</li>
<li>Add utility to convert VMFile to URL for UNIX sockets</li>
<li>Run codespell on source</li>
<li>fix(deps): update module github.com/docker/docker to v27.1.0+incompatible</li>
<li>chore(deps): update dependency setuptools to ~=71.1.0</li>
<li>logformatter: tweaks to pass html tidy</li>
<li>More information for podman --remote build and running out of space.</li>
<li>Fix windows installer deleting machine provider config file</li>
<li>Use uploaded .zip for Windows action</li>
<li>
<p>pr-should-include-tests: no more CI:DOCS override</p>
</li>
<li>
<p>Depend on runc unconditionally, not only on SLE 15 (bsc#1239088)</p>
</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Micro 6.1
<br/>
<code>zypper in -t patch SUSE-SLE-Micro-6.1-292=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64)
<ul>
<li>podman-remote-5.4.2-slfo.1.1_1.1</li>
<li>podmansh-5.4.2-slfo.1.1_1.1</li>
<li>podman-debuginfo-5.4.2-slfo.1.1_1.1</li>
<li>podman-5.4.2-slfo.1.1_1.1</li>
<li>podman-remote-debuginfo-5.4.2-slfo.1.1_1.1</li>
</ul>
</li>
<li>
SUSE Linux Micro 6.1 (noarch)
<ul>
<li>podman-docker-5.4.2-slfo.1.1_1.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-6032.html">https://www.suse.com/security/cve/CVE-2025-6032.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1239088">https://bugzilla.suse.com/show_bug.cgi?id=1239088</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1242132">https://bugzilla.suse.com/show_bug.cgi?id=1242132</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1245320">https://bugzilla.suse.com/show_bug.cgi?id=1245320</a>
</li>
</ul>
</div>