Release 2.40.0 STS

Known issues

• On Async Edge environments, an invalid update schedule date can be displayed when browsing a snapshot

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script
• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)
• Support for only CentOS 9, Podman 5 rootful

Changes

New and improved features

• Added an information panel showing current and planned GitOps deployment details when a Git URL or config path is changed
• Docker Compose GitOps stacks can now have their Git URL, config path, and entry point edited after creation
• Cleaned up Git authentication token handling — GitHub tokens can now be entered directly in the Token field rather than the Basic auth field
• Added a -remove-orphans / prune option when deploying Docker Compose stacks
• Added support for -security-opt when creating Docker containers
• Upgraded Helm Go SDK to v4
• Upgraded Kubernetes dependencies to v1.35

Security improvements

• Upgraded CIRCL library to v1.6.3 to fix GO-2026-4550 incorrect secp384r1 CombinedMult calculation
• Upgraded go-git to v5.17.0 to fix GO-2026-4473 improper verification of data integrity for .idx and .pack files
• Upgraded OpenTelemetry Go SDK to v1.41.0 to fix GO-2026-4394 arbitrary code execution via PATH hijacking vulnerability
• Upgraded OpenTelemetry SDK to v1.42.0 to fix CVE-2026-24051
• Upgraded Docker binary to v29.3.0 to mitigate CVE-2025-68121
• Bumped golang-jwt/jwt/v4 to v4.5.2 to fix CVE-2025-30204 regression
• Upgraded gRPC to v1.79.3 to fix CVE-2026-33186
• Fixed missing authorization check on the Custom Template file content API endpoint

Bug fixes

• Fixed GitOps Edge Configurations not restarting the correct service when a bind-mounted configuration file changes
• Fixed Git reference (branch/tag/commit) input field not working in GitOps forms
• Fixed container incorrectly shown as running in the UI while Docker reports it as restarting or removing
• Fixed stack update/edit button remaining clickable during form submission
• Fixed Git-based Docker stacks from GitLab failing environment variable validation for non-admin users
• Fixed Helm Edge stacks being incorrectly marked as External Edge stacks
• Fixed Portainer console freezing when pasting more than 2000 characters
• Fixed TLS certificate upload failing when updating environment connection settings
• Fixed deleting a Kubernetes Edge stack causing the environment to appear as offline
• Fixed LDAP DN builder not accepting dashes in field values
• Fixed "Edit This Application" button being disabled for non-admin users on the Kubernetes application details page
• Fixed Docker Swarm Overlay Network issues causing "Unable to find an agent on any manager node" errors
• Fixed environment selector crashing after upgrade when a group referenced in a stack no longer exists
• Fixed not all containers for a Swarm service being shown
• Fixed blank dashboard appearing after upgrade to 2.39.0 caused by a panic in the UAC evaluation for external stacks
• Fixed container view failing with "Unable to retrieve registries: Unauthorized" for non-admin users
• Fixed race condition in stack update function registration that could cause internal state corruption
• Fixed WebSocket data race in logout handling
• Improved PostInitMigrate() performance from O(N²) to O(N log N)
• Fixed OAuth login failing when the OAuth provider returns a malformed Content-Type header (affects providers such as Cloudflare Access)
• Fixed log lines that are JSON-encoded strings rendering as character-index pairs instead of the actual log text
• Aligned Axios error message display in CE with the EE implementation

Deprecated and removed features

Deprecated features

• None

Removed features

• None

Release 2.39.1 LTS

Known issues

• On Async Edge environments, an invalid update schedule date can be displayed when browsing a snapshot

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script
• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)
• Support for only CentOS 9, Podman 5 rootful

Changes

• Fixed an issue where a Git-based Docker stack from GitLab failed validation for non-admin users
• Re-enabled image registries for FIPS
• Fixed an issue where groups were missing after an upgrade
• Fixed an issue where not all containers for a service were shown in v2.39.0 Alpine
• Fixed an issue where users could not add new environments to an existing group when the group already contained a large number of environments
• Fixed an issue where the Edit this application button was disabled for non-admin users
• Fixed an issue where custom template file content was accessible to unauthorized users
• Fixed an issue where users could not view their containers
• Fixed an issue where users saw a blank dashboard
• Updated the kubectl shell image to version 1.35.2
• Updated Kubernetes to version 1.35
• Updated Go to version 1.25.8 to mitigate the following CVEs:
  • CVE-2026-25679
  • CVE-2026-27142
  • CVE-2026-27139
• Resolved the following CVEs:
  • GO-2026-4550
  • GO-2026-4473
  • GO-2026-4394
  • CVE-2026-24051
  • CVE-2025-68121
  • CVE-2026-33186

Deprecated and removed features

Deprecated features

• None

Removed features

• None

Release 2.39.0 LTS

Known issues

• On Async Edge environments, an invalid update schedule date can be displayed when browsing a snapshot

Known issues with Podman support

• Auto onboarding a Podman environment defaults to "Standard" and not "Podman"
• Podman environments aren't supported by auto-onboarding script
• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)
• Support for only CentOS 9, Podman 5 rootful

Changes

• Fixed an issue preventing environment group changes for Kubernetes standard agents from the environment details view
• Addressed security vulnerability disclosure
• Updated form behavior to only show errors after the input has been touched/visited or submitted
• Improved HTTP response code handling via the Portainer API
• Added default alphabetical sorting to the namespace dropdown list
• Fixed a UI issue where the dropdown form elements were overlapping with the footer
• Updated styling of shared tabs used throughout Portainer
• Improved TLS initialization for custom registries
• Fixed a memory leak in kubectl delete
• Fixed an issue where a ""Release: not found" error was presented when installing a Traefik ingress
• Fixed an issue when editing an environment that could inadvertently remove unix:// from URLs
• Reordered the agent options in the "Add Environment" interface
• Fixed an issue where Portainer was unable to pull from a private registry with a port in the URL
• Fixed an issue where a webhook was missing during the initial deployment
• Fixed an issue where the API response code from /docker/containers/create was returning 200 instead of 201
• Improved visibility of the "New version available" alert in light mode
• Upgraded package versions to mitigate potential frontend vulnerabilities
• Associated environments in a group will now only be saved when submitting the form
• Updated the documentation link supplied in the Portainer logs when a user tries to start Portainer BE with a CE database
• Fixed a 500 issue when loading Docker in the dashboard
• Fixed a problem with GitOps removing containers when image pull fails
• Fixed incorrect transaction usage around webhooks
• Fixed incorrect transaction usage when deleting endpoints
• Resolved the following CVEs:
  • CVE-2025-61726
  • CVE-2025-68121
  • GO-2026-4337
  • CVE-2025-15467

Deprecated and removed features

Deprecated features

• None

Removed features

• None

Release 2.38.1 STS

Known issues

• On Async Edge environments, an invalid update schedule date can be displayed when browsing a snapshot

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script
• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)
• Support for only CentOS 9, Podman 5 rootful

Changes

• Fixed an issue around changing an environment group for Kubernetes standard agent within the environment details view
• Fixed an issue where local environments using Docker would have their protocol removed
• Improved the namespace dropdown list to be sorted alphabetically by default
• Resolved the following CVEs:
  • CVE-2025-61726
  • CVE-2025-61728
  • CVE-2025-61730

Deprecated and removed features

Deprecated features

• None

Removed features

• None

Release 2.33.7 LTS

Known issues

• On Async Edge environments, an invalid update schedule date can be displayed when browsing a snapshot

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script
• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)
• Support for only CentOS 9, Podman 5 rootful

Changes

• Fixed an issue where clicking the Update stack button would do nothing
• Fixed an issue that would cause the Containers page to not load
• Fixed an error when updating Edge Stacks
• Fixed a panic in Edge Group creation
• Fixed a deadlock in the auto onboarding
• Fixed a problem that prevented the loading of the Containers page
• Fixed a problem in Edge Stacks and GitOps when the entry file name was not at the repository root
• Upgraded compose to v2.40.3 to fix a nil pointer error
• Resolved the following CVEs:
  • CVE-2025-61726
  • CVE-2025-68121

Deprecated and removed features

Deprecated features

• None

Removed features

• None

Release 2.38.0 STS

Known issues

• On Async Edge environments, an invalid update schedule date can be displayed when browsing a snapshot

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script
• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)
• Support for only CentOS 9, Podman 5 rootful

Changes

• Fixed an issue where starting Stack was failed when the private image referenced by the stack was removed from the environment
• Fixed an issue where deploying a Stack in Kubernetes caused a memory leak
• Fixed a UI issue when updating edge stacks
• Changed the Docker security settings to safer default values
• Fixed a panic in Edge Group creation
• Fixed quote handling in TLS CLI flags
• Fixed error in GitOps while updating Stacks
• Fixed a problem that would cause for the Containers page to not load
• Bumped up the max Docker API version in the proxy
• Fixed a problem while duplicating/editing containers related to persistent MAC addresses
• Added proper propagation of Docker error messages back to the frontend
• Added missing validations for Swarm environments security settings
• Optimized server allocations for a faster startup
• Fixed GO-2025-3460
• Upgraded to Compose v2.40.3 to fix a panic
• Fixed a problem in config removal
• Upgraded Git library to fix compatibility problem with gitee
• Removed all the Matomo code
• Removed confusing Podman log message in Docker environments
• Replaced gopkg.in/yaml.v3 to go.yaml.in/yaml/v3
• Ensured the surfacing of Edge Stack file not found errors to the UI
• Changed the code to avoid creating updater networks
• Fixed registry selection recall for Stacks pages
• Fixed a nil pointer dereference error in FilterEndpoints()
• Fixed a nil pointer dereference error in deleteEndpointGroup()
• Fixed a nil pointer dereference error in CopyPath()
• Improved visibility on proxy errors
• Fixed a problem while renaming stacks on Swarm
• Fixed a problem that could cause encrypting an existing Portainer database to fail
• Improved the Azure Container Instance (ACI) experience with a new environment variables section in the creation form and a corresponding table in the instance view.
• Updated the Portainer logo and favicon throughout the application to the new branding.
• Upgraded the golang/stdlib to version 1.24.11 to the following CVEs in the Portainer agent:
  • CVE-2025-61729
  • CVE-2025-61727
  • CVE-2025-47914
• Fixed an issue where Web Editor based Kubernetes app deployment ignores selected namespace.
• Fixed an issue where Edit/Upgrade buttons not functioning on Helm chart details page.

Deprecated and removed features

Deprecated features

• None

Removed features

• None

Release 2.33.6 LTS

Known issues

• On Async Edge environments, an invalid update schedule date can be displayed when browsing a snapshot

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script
• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)
• Support for only CentOS 9, Podman 5 rootful

Changes

• Fixed an issue where a standard stack could not pull private images from a private registry during a GitOps update (polling/webhook) when "Re-pull image" was enabled and a relative path was configured
• Fixed an issue where starting a Stack failed when a private image referenced by the Stack had been removed from the environment
• Fixed an issue where empty Docker snapshot could cause issues
• Fixed an issue where Duplicate/Edit Container adds persistent MAC address causing Network issues
• Fixed an issue where Docker Compose configs were not injected into containers for stacks correctly
• Fixed an issue where the API endpoint /endpoints/{id}/edge/stacks/{stackId} leaked environment names
• Fixed an issue where Docker Swarm Service view fails with the error message "Cannot read properties of undefined (reading 'Ports')"
• Resolved the following CVEs:
  • CVE-2025-47914
  • CVE-2025-61727
  • CVE-2025-61729

Deprecated and removed features

Deprecated features

• None

Removed features

• None

Release 2.37.0 STS

Known issues

• On Async Edge environments, an invalid update schedule date can be displayed when browsing a snapshot

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script
• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)
• Support for only CentOS 9, Podman 5 rootful

Changes

• Fixed an issue where a standard stack could not pull private images from a private registry during a GitOps update (polling/webhook) when "Re-pull image" was enabled and a relative path was configured
• Fixed an issue where the Update the Stack button was disabled when editing a standard stack deployed via the Web Editor
• Fixed Service view display for Docker Swarm
• Fixed a regression in the stack updates view
• Fixed the disabled Save button for GitHub Credentials Authentication
• Fixed the undesired regeneration of the webhook IDs
• Fixed the disabled Update stack button
• Fixed missing Compose configs for stacks
• Removed the environment names from error responses
• Fixed Edge Job logs API documentation
• Increased the validations in the Edge Jobs logs API
• Fixed an improper display of the editor search bar over a confirmation dialog
• Changed the Volumes Browser to prevent it from adding .txt extension when downloading files
• Removed the option to access host volumes for users that are not allowed to do it

Deprecated and removed features

Deprecated features

• None

Removed features

• None

Release 2.36.0 STS

Known issues

• On Async Edge environments, an invalid update schedule date can be displayed when browsing a snapshot

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script
• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)
• Support for only CentOS 9, Podman 5 rootful

Changes

• Fixed local development build scripts for community contributors with Apple M series chips
• Improved ECR session management in the Agent
• Added support for Docker v29
• Improved the consistency for GitOps across different scenarios
• Fixed the External label for Kubernetes environments
• Fixed namespace selection in the registry access page
• Improve the registry credential handling in compose files
• Fixed CVEs in the password reset helper
• Fixed the Prune services toggle for Swarm
• Added a --data-path flag to the password reset helper
• Fixed oversized custom icons in the templates view
• Added an access token connection test for DockerHub before registry creation
• Fixed the ability to uncheck filters after deleting filtered containers in the Container list view
• Fixed the Insecure toggle for custom registries
• Added the ability to rename Stacks
• Fixed the date picker calendar to display the 7 days of the week without overflowing
• Updated the privacy policy link
• Added auto-onboarding script for Podman
• Improved to display 'title' or 'tooltip' in all places that text is truncated in the UI
• Fixed the navigation bar to display Portainer correctly
• Fixed incorrect command syntax for Windows Edge agent deployment instructions
• Fixed Helm install docs link
• Fixed order of environment types
• Resolved the following CVEs:
  • CVE-2024-25621
  • CVE-2024-25621
  • CVE-2025-47913
  • CVE-2025-47906
  • CVE-2025-47910
  • CVE-2025-47907
  • CVE-2025-47912
  • CVE-2025-58183
  • CVE-2025-58185
  • CVE-2025-58186
  • CVE-2025-58187
  • CVE-2025-58188
  • CVE-2025-58189
  • CVE-2025-61723
  • CVE-2025-61724
  • CVE-2025-61725
  • CVE-2025-62725

Deprecated and removed features

Deprecated features

• Deprecated OpenAMT support

Removed features

• None

Release 2.33.5 LTS

Known issues

• On Async Edge environments, an invalid update schedule date can be displayed when browsing a snapshot

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script
• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)
• Support for only CentOS 9, Podman 5 rootful

Changes

• Added support for Docker v29

Breaking change

• Removed the optional raw snapshot response from some endpoint requests

Deprecated and removed features

Deprecated features

• None

Removed features

• None