SECURITY:
- deps: Updated runc to 1.1.12 to address CVE-2024-21626313 [GH-313]
IMPROVEMENTS:
- build: Updated to Go 1.21.5 [GH-303]
- api: Address a backwards incompatible change in Podman 4.6.0 preventing jobs from restarting [GH-278]
IMPROVEMENTS:
- config: Add support for auth helper or config file in plugin configuration [GH-265]
- config: Add support for setting tlsVerify in task configuration [GH-262]
- config: Add support for setting extra_hosts in task configuration [GH-255]
BUG FIXES:
- config: Set recover_stopped to false by default since Client may hang if enabled [GH-260]
- runtime: Correctly configure cpuset on system using cgroups v2 [GH-252]
- runtime: Fixed a bug where driver would panic on systems without a nobody user in /etc/passwd [GH-266]
IMPROVEMENTS:
- config: Add
extra_labelsoption [GH-215] - config: Allow setting
pids_limitoption. [GH-203] - config: Allow setting
usernsoption. [GH-212] - config: Allow setting
entrypointas a list of strings. [GH-209] - runtime: Set mount propagation from TaskConfig [GH-204]
BUG FIXES:
- driver: Fixed a bug that caused
image_pull_timeoutto the capped by the value ofclient_http_timeout[GH-218]
FEATURES:
- config: Set custom apparmor profile or disable apparmor. [GH-188]
IMPROVEMENTS:
- config: Add
selinux_optsoption [GH-139] - perf: Use ping api instead of system info for fingerprinting [GH-186]
- runtime: Prevent concurrent image pulls of same imageRef [GH-159]
BUG FIXES:
- runtime: Don't apply SELinux labels to volumes of privileged containers [GH-196]
- runtime: Fixed a bug caused by a Podman API change that prevented the task driver to detect stopped containers [GH-183]
FEATURES:
- config: Map host devices into container. [GH-41]
- config: Stream logs via API, support journald log driver. [GH-99]
- config: Privileged containers. [GH-137]
- config: Add
cpu_hard_limitandcpu_cfs_periodoptions [GH-149] - config: Allow mounting rootfs as read-only. [GH-133]
- config: Allow setting
ulimitconfiguration. [GH-166] - config: Allow setting
image_pull_timeoutandclient_http_timeout[GH-131] - runtime: Add support for host and CSI volumes and using podman tasks as CSI plugins [GH-169][GH-152]
IMPROVEMENTS:
- log: Improve log messages on errors. [GH-177]
BUG FIXES:
- log: Use error key context to log errors rather than Go err style. [GH-126]
- telemetry: respect telemetry.collection_interval to reduce cpu churn when running many containers [GH-130]
- config: Image registry authentication [GH-71]
- config: Added tty option
- config: Support for sysctl configuration [GH-82]
- config: Fixed a bug where we always pulled an image if image name has a transport prefix [GH-88]
- config: Added labels option
- config: Add force_pull option
- config: Added logging options
BUG FIXES:
- [GH-93] use slirp4netns as default network mode if running rootless
- [GH-92] parse rootless info correctly from podman 3.0.x struct
FEATURES:
- core: Support for Podman V2 HTTP API [GH-51]
- config: Support for group allocated ports [GH-74]
- config: Ability to configure dns server list [GH-54]
- runtime: Add support for SignalTask [GH-64]
BUG FIXES:
- [GH-67] run container from oci-archive image
BACKWARDS INCOMPATIBILITIES:
- core: The driver no longer supports varlink communication with Podman
- config:
port_mapis deprecated in favor or group network ports and labels
FEATURES:
- config: Add ability to configure container network_mode [GH-33]
- network: (Consul Connect) Ability to accept a bridge network namespace from Nomad. [GH-38]
- runtime: Ability to run podman rootless [GH-42]
- config: Ability to specify varlink socket path [GH-42]
- runtime: Conditionally set memory swappiness only if cgroupv1 is running [GH-42]
- config: Ability to configure linux capabilities (cap_add/cap_drop) [GH-44]
FEATURES:
- #8 podman --init support
- #14 oom killer handling, logging
- #10 support for --user option
- #15 configurable swap and memory reservation
- Add recover_stopped driver option
IMPROVEMENTS:
- varlink retries in case of socket issues
BUG FIXES:
- fixed problem with container naming conflict on startup/recovery