Podman 6.0 fixes a leak risk and drops Intel Mac support

Podman 6.0.0 is a major update with breaking changes. It fixes CVE-2026-57231, a security issue where a malicious container image with malformed Env entries could leak host into . The flaw could also use the * glob operator to expose many without knowing their exact names.

Podman 6.0.0 must be paired with Buildah 1.44.0, Skopeo 1.23, Netavark and Aardvark 2.0.0, and container-libs common/v0.68.0 s. BoltDB support is gone, and Podman 6 will try to move an existing BoltDB database to SQLite automatically. Support has also been removed for Intel Macs, Windows 10, cgroups v1, iptables, CNI networking, and the slirp4netns rootless network stack.

Users are expected to move to cgroups v2, nftables, and Netavark.

Key points

  • CVE-2026-57231 could let a malicious image leak host into .
  • Podman 6.0.0 needs matching versions of Buildah, Skopeo, Netavark, Aardvark, and container-libs s.
  • BoltDB support has ended, with automatic migration to SQLite attempted on startup.
  • Intel Mac support has been removed, which directly affects older s.
  • cgroups v1, iptables, CNI, and slirp4netns support are gone; the replacement path is cgroups v2, nftables, and Netavark.
Read original