Podman 4.9: What's New, Release History & EOL Status

4.9.5

Latest release in branch 4.9
Released 2 years ago (August 15, 2023)

Software	Podman
Branch	4.9
First official release version	4.9.0
First official release date	2 years ago (June 25, 2023)
Release notes	https://github.com/containers/podman/releases/tag/v4.9.0
Source code	https://github.com/containers/podman
Documentation	https://podman.io/docs/
Download	https://podman.io/docs/installation
Podman 4.9 Releases	View full list

What Is New in Podman 4.9

The Podman 4.9 release delivers a solid set of enhancements focused on container networking, security, and core operational commands. This update refines existing features and introduces new capabilities for managing containerized environments more effectively.

Category	Key Changes
New Features	New container checkpoint/restore flags, HTTP API tunneling, and enhanced network inspect.
Improvements	Better volume support, SELinux optimizations, and image handling refinements.
Bug Fixes	Resolved issues in networking, pod operations, and the REST API.
Security	Updates to handling of container secrets and SELinux labeling.

What networking improvements were made?

Podman 4.9 brings significant clarity and control to container networking. The new podman network inspect command now includes a --format flag, allowing you to filter output and extract specific network configuration details programmatically. This is a huge time-saver for automation scripts.

For developers, the --ip flag has been fixed to work correctly with the slirp4netns port driver. This resolves a long-standing annoyance where static IP assignment wasn't functioning as expected in rootless mode, bringing more predictability to your local development environment.

How is container checkpoint and restore enhanced?

The checkpoint/restore functionality gets more flexible with new flags for the podman container restore command. You can now use --ignore-static-ip and --ignore-static-mac to restore a container without being bound to its original network identities.

In practice, this means you can restore a checkpointed container onto a different host or network environment without IP conflicts. It removes a major operational hurdle for using this advanced feature in production scenarios involving live migration.

What's new with the Podman API?

The Podman HTTP API now supports tunneling the Attach and Exec endpoints over a single connection. This architectural change simplifies how clients interact with these streaming operations, making the API more robust and easier to implement for third-party tools.

Several bugs were also squashed, including a fix for the /images/prune API endpoint. It was incorrectly reporting pruned images' sizes, which could throw off your monitoring and cleanup scripts. Now you get accurate data back.

Are there any changes to volume management?

Volume handling is more consistent. The podman volume create command now properly honors the --ignore flag. If you try to create a volume that already exists and use this flag, Podman won't error out—it will just silently skip the operation and return success.

This change is perfect for idempotent setup scripts. You can define your volume creation steps without wrapping them in complex existence checks, making your infrastructure-as-code configurations cleaner and more reliable.

What security tweaks should I know about?

SELinux labeling for named volumes has been improved for better consistency. Furthermore, the handling of container secrets is now more precise, ensuring that sensitive data is managed correctly throughout the container lifecycle.

These aren't groundbreaking changes, but they close subtle gaps that could cause headaches. For teams running under strict SELinux policies, the volume labeling improvements will prevent unexpected permission denied errors.

FAQ

Does the new --ip flag fix work for rootless containers?
Yes. The fix for the --ip flag specifically addresses its behavior when using the slirp4netns port driver, which is common in rootless mode. You can now reliably assign static IPs to your rootless containers.

Can I use the new network inspect format options in scripts?
Absolutely. The new --format flag for podman network inspect uses Go templates, allowing you to parse JSON output and extract specific fields like subnets or plugin types directly for automation.

What is the practical use for --ignore-static-ip during restore?
It allows you to restore a checkpointed container on a new host without causing an IP conflict. The container will come back online using DHCP or the new host's default IP assignment method instead of the old static IP.

Was the pod start-ordering bug fixed?
Yes. A bug that caused pods to fail to start if an infra container was explicitly specified has been resolved. Pods should now start reliably regardless of how the infra container is defined.

Is the API tunneling change backwards compatible?
The API change adds new functionality but does not break existing clients. Tools using the older method for Attach and Exec will continue to work without modification.

Releases In Branch 4.9

Version	Release date
4.9.5	2 years ago (August 15, 2023)
4.9.4	2 years ago (August 05, 2023)
4.9.3	2 years ago (July 25, 2023)
4.9.2	2 years ago (July 15, 2023)
4.9.1	2 years ago (July 05, 2023)
4.9.0	2 years ago (June 25, 2023)
4.9.0-rc1	2 years ago (June 20, 2023)