Podman, an open-source container engine used to build, run, and manage containers on Linux, macOS, and Windows, has rolled out its latest update, version 5.7.
This release addresses CVE-2025-52881, a critical container escape and denial-of-service vulnerability stemming from arbitrary write gadgets and procfs write redirects. The flaw could potentially allow malicious containers to break isolation or disrupt host operations.
A new key feature in this release is full support for TLS and mTLS encryption in the remote Podman client and API service. This means connections between clients and servers can now be authenticated and encrypted by certificates, offering a secure channel for remote container management.
Additionally, the `pod…
Podman, an open-source container engine used to build, run, and manage containers on Linux, macOS, and Windows, has rolled out its latest update, version 5.7.
This release addresses CVE-2025-52881, a critical container escape and denial-of-service vulnerability stemming from arbitrary write gadgets and procfs write redirects. The flaw could potentially allow malicious containers to break isolation or disrupt host operations.
A new key feature in this release is full support for TLS and mTLS encryption in the remote Podman client and API service. This means connections between clients and servers can now be authenticated and encrypted by certificates, offering a secure channel for remote container management.
Additionally, the podman system connection add command has also been updated to create connections over encrypted TCP sockets, further tightening communication security.
On the Kubernetes integration side, Podman 5.7 now allows podman kube play and podman kube down to accept multiple YAML files in a single command. Plus, users can now deploy or tear down multiple pods or deployments simultaneously.
Quadlet, Podman’s bridge to systemd, receives an impressive set of enhancements. Version 5.7 introduces support for .artifact file types, templated dependencies for volumes and networks, and multiple new configuration keys, including:
HttpProxyfor disabling automatic proxy forwarding,StopTimeoutfor managing pod shutdowns, andBuildArgandIgnoreFilefor more flexible build handling.
Additionally, Quadlet now supports multiple YAML documents in .kube files and introduces a new podman quadlet cat alias for easier inspection.
Artifact management has been improved, too. Commands like podman artifact remove now accept multiple arguments and include new options such as --replace and --ignore, while listings now show artifact creation times and virtual sizes.
Podman 5.7 also introduces smarter performance behavior: when loading or building images inside Podman Machine VMs, Podman now directly accesses shared filesystem paths rather than streaming data through APIs, offering a measurable speed improvement.
Lastly, with Podman 6.0 on the horizon, the team is preparing to retire BoltDB. Starting in 5.7, installations using BoltDB will display visible warnings unless the environment variable SUPPRESS_BOLTDB_WARNING=true is set. Users are encouraged to migrate early to avoid disruption in future versions.
For more information, see the changelog.
Bobby Borisov
Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.