Podman

v5.8.3 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 17h Containers & Orchestration

✓ No known CVEs patched

This release patches 1 known CVE

Topics

containers docker kubernetes linux

Affected surfaces

rce_ssrf

ReleasePort's take

Moderate signal

editorial:auto 16h

The release fixes CVE-2026-44517 affecting Dockerfile ADD/COPY operations.

Why it matters: CVE‑2026‑44517 (severity 95) impacts the Dockerfile build process; upgrade to v5.8.3 immediately if using ADD or COPY.

AI summary

Fixes CVE-2026-44517 allowing files outside the build context to be included via malicious ADD/COPY.

Type	Severity	Summary	CVE
Security	Critical	Fixes CVE-2026-44517 vulnerability in Dockerfile ADD/COPY handling. Fixes CVE-2026-44517 vulnerability in Dockerfile ADD/COPY handling. Source: llm_adapter@2026-06-12 Confidence: high	—
Dependency	Low	Updates Buildah dependency to version 1.43.2. Updates Buildah dependency to version 1.43.2. Source: llm_adapter@2026-06-12 Confidence: high	—
Dependency	Low	Updates gvisor-tap-vsock dependency to version 0.8.9. Updates gvisor-tap-vsock dependency to version 0.8.9. Source: llm_adapter@2026-06-12 Confidence: high	—

Full changelog

This release addresses CVE-2026-44517, where building a Dockerfile using a ADD or COPY instruction accessing a malicious Git repository or tar archive could cause files outside the build context directory to be included in the build context or copied into the build. Please see GHSA-49p4-px3h-rq49 for more details.

CVE-2026-44517 — malicious Git repository or tar archive in ADD/COPY can include files outside the build context (GHSA-49p4-px3h-rq49)

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track Podman

Get notified when new releases ship.

About Podman

Podman: A tool for managing OCI containers and pods.