1.0.0

🎂 container is one year old!

Try out the new container machine feature and let us know what you think!

Note

The UserProperty-backed system settings have been replaced by a TOML configuration file. See the tutorial for details.

Highlights

⌨️ denotes breaking CLI changes.

👩‍💻 denotes breaking API changes.

• Core
  • container machine for long-lived Linux environments with tight host integration.
  • ⌨️ A TOML configuration file replaces UserDefault-backed system properties, removing the container system property get and set subcommands.
  • ⌨️ Cleaned up structured (JSON, YAML, TOML) output shape for container, image, network, and volume ls and inpect.
  • Fixed container help subcommand...
  • Fixed output formatting for several commands
  • Add --stop-signal option for container run
  • 👩‍💻 Removed compatibility with application major version 0 XPC APIs. A subsequent release will introduce a version on the API itself so that clients and server can check compatibility.
• Network
  • Use XPC-connection-as-lease to fix IP address leaks
• Storage
  • Add container cp command
  • Fixed accounting errors in system df

What's Changed

• Tests/CLITests: drain stdout/stderr concurrently in CLITest.run by @mvanhorn in #1471
• Build output should just be tags/paths. by @jglogan in #1478
• Use NetworkResource for network management in API server. by @jglogan in #1421
• Use SystemPath for HostDNSResolver. by @jglogan in #1480
• Update documents with note about container-to-host networking. by @jglogan in #1482
• Sort networks by ID in API server list(). by @jglogan in #1487
• CLI: Support --shm-size by @dcantah in #1488
• Improve integration test speed by @noah-thor in #1489
• Simplify the serial suite trait by @katiewasnothere in #1497
• Switch NetworksService, VolumesService, EntityStore to FilePath. by @jglogan in #1493
• [scripts]: add prompt for updating container with unsigned package by @saehejkang in #1468
• Change PR build to generate coverage and comment it by @noah-thor in #1474
• Deps: Bump CZ to 0.32.0 by @dcantah in #1498
• Move to TOML configuration for defaults by @noah-thor in #1425
• docs: fix typos and polish README wording by @12ya in #1499
• De-duplicate building during testing by @noah-thor in #1507
• Centralize utilities for configuration loading and path parsing by @noah-thor in #1448
• Use SystemPath for PacketFilter. by @chrisgeo in #1518
• swift-configuration decoder by @noah-thor in #1447
• Fix PR coverage comment never posting by @noah-thor in #1541
• Use SystemPath for DirectoryWatcher. by @chrisgeo in #1522
• Adds XPC sessions with disconnect handlers. by @jglogan in #1524
• Use allocate with session to automatically clean up IPs. by @jglogan in #1544
• Use SystemPath for ContainerResource.Filesystem. by @chrisgeo in #1523
• Add support for layered and plugin configurations by @noah-thor in #1543
• Bump containerization to 0.32.1 by @JaewonHur in #1549
• Remove IP allocation from API server. by @jglogan in #1545
• Add variant Support by @ajemory in #1548
• ci: bump actions/labeler from 6.0.1 to 6.1.0 in the github-actions group by @dependabot[bot] in #1550
• Relax host-only network test. by @jglogan in #1552
• Fix inconsistent volume createdAt JSON encoding by @realrajaryan in #1556
• Fix: image list align with other commands when use format should ignore quiet by @tico88612 in #1553
• Reject conflicting DNS flags by @LeSingh1 in #1559
• Reject conflicting volume delete flags by @realrajaryan in #1560
• Validate container system logs --last flag by @realrajaryan in #1561
• Ensure read-only user config removed on every startup. by @jglogan in #1567
• Rename config file to config.toml. by @jglogan in #1568
• Make inspect error handling for missing resources consistent by @realrajaryan in #1564
• Add container copy/cp command for host-container file transfer by @simone-panico in #1190
• [images]: convert save to use FilePath by @saehejkang in #1574
• [images]: fix image load error to write to stderr and use FilePath by @saehejkang in #1570
• Reorganize runtime targets for scalable plugin support by @ajemory in #1577
• Add more tests for container copy by @JaewonHur in #1579
• Update container copy to use FilePath by @JaewonHur in #1580
• Add notes regarding --log-root to the command reference. by @jglogan in #1582
• cli: Add support for --stop-signal by @dcantah in #1462
• fix: clamp ProgressBar barLength to non-negative value to avoid crash by @ErwanLegrand in #1525
• Adds vertical space between groups in help. by @jglogan in #1585
• Refine custom init how-to and BUILDING documentation. by @jglogan in #1586
• Improve readability of progress bar width computation. by @jglogan in #1584
• Bump containerization to 0.33.1 by @dkovba in #1601
• Use FilePath for app, install, and log roots. by @jglogan in #1558
• Support use of custom app root with system config in CLI commands by @katiewasnothere in #1600
• Add shmSize to management flag's init by @katiewasnothere in #1603
• cli: resolve subcommand path in container help by @0xMH in #1587
• Add ability to configure integration test list at command line by @katiewasnothere in #1608
• Align JSON output with shape for container resource. by @jglogan in #1611
• Use ManagedResource for volumes in CLI commands by @katiewasnothere in #1607
• Fix potential integer math crash on PublishPort. by @jglogan in #1612
• Reorganize Swift package targets for network plugin. by @jglogan in #1615
• [how-to]: fix documentation example by @saehejkang in #1596
• Remove XPC compatibility code, simplify network model. by @jglogan in #1616
• Use FilePath for PublishSocket by @chrisgeo in #1594
• Fix system df to count content blobs and deduplicate shared storage by @realrajaryan in #1555
• Create ImageResource conforming to ManagedResource by @katiewasnothere in #1619
• Use a consistent container CLI path in integration tests by @zdk in #1621
• Normalize JSON output for network and volume resources. by @jglogan in #1624
• Fix TestCLIVersion build-type check for release CI by @zdk in #1627
• Add NOTICE entry for swift-configuration-toml by @katiewasnothere in #1629
• kill: Wait for container to exit after sigkill by @dcantah in #1589
• Add an error message for dockerfile >= 16KB until #735 is resolved by @katiewasnothere in https://github.com/apple/container...

0.12.3

This patch release includes two security fixes:

• Prevent HTTP downgrade in registry-related commands
• Prevent path and rule injection in container system dns commands

What's Changed

• Fix RequestScheme formatting. by @jglogan in #1473
• ImagePush: print image reference to stdout on success by @mvanhorn in #1470
• ensure-container-stopped.sh: don't fail on launchctl errors by @p-linnane in #1461

Full Changelog: 0.12.2...0.12.3

0.12.1

This patch release addresses an API compatibility fix that only surfaces on Sequoia. There are no functional changes.

What's Changed

• Allow macOS 15 to list and delete networks by @katiewasnothere in #1464

Full Changelog: 0.12.0...0.12.1

0.12.0

Highlights

⌨️ denotes breaking CLI changes.

👩‍💻 denotes breaking API changes.

• Core
  • plain progress output
  • color progress output
  • Use plain if stderr is not a TTY
  • Consolidated output format handling
  • YAML output format support
  • ⌨️ Support --cap-add and --cap-drop for containers. The default set of capabilities has been reduced, so if you need the old behavior that grants all capabilities, you will need to delete and recreate your containers.
  • Use TOML for plugin configuration files
  • Pass SSH_AUTH_SOCK properly if its value changes after user login
  • Update kernel to kata-3.28.0
• Images
  • User-friendly platform error message for image save
• Build
  • Fix unable to write data to the archive, code 0 error during build
  • 👩‍💻Fix errors with Dockerfile-specific ignore file and read-only build context. This change modified the container-builder-shim gRPC protocol such that older clients cannot perform builds. Please file an issue if this adversely affects your project. We've going to attempt to keep the protocol compatible for subsequent major version 0 releases.
  • Fix ARG parsing bugs
• Storage
  • Fix unreliable single file mounts
  • Journal option for container volume create

What's Changed

• Removes unused Archiver.uncompress(). by @jglogan in #1372
• Relocate Source/Helpers folders to sensible locations. by @jglogan in #1363
• ci: bump the github-actions group with 2 updates by @dependabot[bot] in #1374
• Add Plain Progress Output Mode by @nrthakur in #1367
• Adding Bug Report Guide by @ajemory in #1292
• Fixing issue template help paths by @ajemory in #1382
• doc: Document plain clear-on finish behavior by @manojmahapatra in #1379
• Remove XPC timeout based on SIGTERM timeout in container stop by @katiewasnothere in #1387
• Dedupe user-supplied IDs for container delete. by @jglogan in #1388
• feat: add help for cli plugin by @tico88612 in #1068
• Bump containerization to 0.30.1 by @adityaramani in #1396
• Consolidate CLI formatting infrastructure by @realrajaryan in #1385
• Move exit status check into ExitWaiter register call by @katiewasnothere in #1397
• Create ResourceLabels and use for ManagedResource, NetworkConfiguration. by @jglogan in #1360
• Add capabilities support by @dcantah in #1383
• API: Rename to NetworkClient, client as instance. by @jglogan in #1405
• Write file data into archive only for regular files by @adityaramani in #1403
• Add Color Progress Output Mode by @nrthakur in #1384
• Fall back to simple text output when stdout is not a TTY by @knQzx in #1392
• Fix ContainerResource build failure by @DePasqualeOrg in #1408
• ci: bump the github-actions group with 3 updates by @dependabot[bot] in #1419
• Move to TOML configuration for plugin configurations by @noah-thor in #1422
• Fix ssh forwarding to use current SSH_AUTH_SOCK value by @JaewonHur in #1420
• Update builder API to use grpc-swift-2. (#1309) by @jglogan in #1416
• stats: restore terminal when streaming is interrupted by a signal by @Otoru in #1355
• improve error message when image save platform is not available by @knQzx in #1418
• Fix using docker specific ignore with read-only build context by @JaewonHur in #1349
• Update kernel to kata-3.28.0. by @jglogan in #1431
• Makes bootstrap env parameter compatible with older clients. by @jglogan in #1434
• Add unit and integration coverage report make targets by @noah-thor in #1427
• [build]: add tests for copy from by @saehejkang in #1380
• Explicitly pass default subnets into network creation by @noah-thor in #1424
• Updates containerization dependency to 0.31.0. by @jglogan in #1435
• Fix: memory leak and silent read error in Archiver._compressFile causing build failures under /Users/ by @Ronitsabhaya75 in #1432
• Adds journal option to container volume create. by @jglogan in #1412
• Create a NOTICE file for apple/container's dependencies by @katiewasnothere in #1436
• Make ProgressFlags.makeConfig() public. by @jglogan in #1438
• Change guest ssh socket path by @JaewonHur in #1441
• Add container system version with format yaml by @tico88612 in #1353
• add plugin label to builder by @realrajaryan in #1443
• Add yams to apple/container's notice file by @katiewasnothere in #1442
• Fix "not installing shadowed plugin" startup log noise. by @jglogan in #1451

New Contributors

• @nrthakur made their first contribution in #1367
• @knQzx made their first contribution in #1392
• @DePasqualeOrg made their first contribution in #1408
• @noah-thor made their first contribution in #1422

Full Changelog: 0.11.0...0.12.0

0.11.0

Highlights

⌨️ denotes breaking CLI changes.

👩‍💻 denotes breaking API changes.

• Core
  • Fix container lifecycle-related hangs
  • Set default CPUs and memory for regular containers via system properties
  • Set default CPUs and memory for builder via system properties
• Images
  • CONTAINER_DEFAULT_PLATFORM for default image platform selection
  • container export writes an OCI layout tar file for a stopped container
• Build
  • Build using Dockerfile-specific ignore files
  • Build using secrets
  • Fix ARG parsing bugs
• Networking
  • Adds mtu network attachment option

What's Changed

• Bump containerization to 0.26.4 by @realrajaryan in #1276
• Stabilize testBuildNetworkAccess. by @jglogan in #1271
• Fix container start hang on invalid executable by @JaewonHur in #1278
• [building]: add steps for using container-builder-shim locally by @saehejkang in #1279
• Bump Containerization to 0.26.5 by @realrajaryan in #1282
• GH actions: do not interpolate template variables in run blocks. by @jglogan in #1284
• Capture container logs on failed CI runs. by @jglogan in #1285
• Add mtu option for network attachments by @realrajaryan in #1267
• ci: bump the github-actions group with 2 updates by @dependabot[bot] in #1288
• Add container.cpus and container.memory system properties by @realrajaryan in #1266
• Feat: add RegistryResource by @tico88612 in #1195
• Fix race condition on SandboxService.waiters by @JaewonHur in #1289
• Add build.cpus and build.memory system properties by @realrajaryan in #1293
• Serialize network tests again by @JaewonHur in #1294
• Move parser tests that rely on userdefault manipulation to TestCLINoP… by @realrajaryan in #1299
• Tolerate container-builder-shim check fail by @JaewonHur in #1297
• Give more time to DirectoryWatcherTest by @JaewonHur in #1296
• Add fallback to CONTAINER_DEFAULT_PLATFORM for image architecture by @Willjianger9 in #1286
• Bump to use containerization 0.27.0 by @adityaramani in #1304
• Refactor: container export a tar archive by @tico88612 in #1303
• Reap auto remove containers if there are running on system start by @JaewonHur in #1290
• Remove trailing comma by @benediktjohannes in #1315
• Update builder API to use grpc-swift-2. by @jglogan in #1309
• Fix docker ignore by @JaewonHur in #1273
• Add support for build secrets by @percontation in #1300
• Remove user defaults on userdata uninstall. by @jglogan in #1317
• [networks]: add decoder/encoder to Attachment and NetworkStatus by @saehejkang in #1216
• Revert "Update builder API to use grpc-swift-2. (#1309)" by @egernst in #1324
• volumes: Allow "." by @dcantah in #1326
• Add rootfs override by @JaewonHur in #1323
• Bump Containerization version to 0.29.0 by @adityaramani in #1327
• Use Sendable DNS types. by @jglogan in #1269
• make schemeFor public by @realrajaryan in #1331
• README: Add logo by @dcantah in #1339
• ci: bump actions/download-artifact from 8.0.0 to 8.0.1 in the github-actions group by @dependabot[bot] in #1325
• Remove obsolete disableAllocator from network delete path by @manojmahapatra in #1332
• Add TestCLIVersion to integration tests and fix assertions by @tico88612 in #1312
• CLI: stop and delete should error on not found containers by @dcantah in #878
• Fix a compilation error by @dkovba in #1346
• Make ProcessConfiguration.User Equatable by @JaewonHur in #1357
• Add plugin resources by @JaewonHur in #1356
• Ensure that the bar length never exceeds the remaining width by @dkovba in #1348
• build: extend signal handling scope to cover the unpack phase by @Otoru in #1358
• Update builder to 0.11.0. by @jglogan in #1369
• [build]: add tests for dockerfile arg parsing by @saehejkang in #1342
• Don't bake DNS server into builder container config. by @jglogan in #1370
• Add TestCLIStatus to integration tests and fix assertions by @tico88612 in #1368

New Contributors

• @Willjianger9 made their first contribution in #1286
• @benediktjohannes made their first contribution in #1315
• @percontation made their first contribution in #1300
• @Otoru made their first contribution in #1358

Full Changelog: 0.10.0...0.11.0

0.10.0

Highlights

⌨️ denotes breaking CLI changes.

👩‍💻 denotes breaking API changes.

• Core
  • 👩‍💻Rework ClientContainer as client as a generic client
  • 👩‍💻Update API calls to use correct form of the term "clean up"
  • Fix kernel panic (selinux_inode_free_security) in container under load
  • Support selecting VM init image on container create/run
  • 👩‍💻Container bundle creation moved to SandboxService
  • Add a script for updating container to release package
  • Support exporting current container to image
• Networking
  • 👩‍💻Support using multiple different network plugins

What's Changed

• [Docs] Fix typo in BUILDING.md: launchd -> launchctl by @manojmahapatra in #1146
• CI: Add signed commit check by @dcantah in #1152
• CLI: Rework ClientContainer by @dcantah in #1139
• Add debugging to the PR labeler CI flow by @katiewasnothere in #1155
• Fix file path for the PR number in the PR labeler workflow by @katiewasnothere in #1158
• [deps]: bump containerization to 0.25.0 by @saehejkang in #1161
• [build-command]: Add --pull option for fetching latest image by @saehejkang in #844
• chore: Replace force-unwrapped String(data:encoding:) with String(decoding:as:) by @manojmahapatra in #1164
• CLI: Forego logging errors on multi-container operations by @dcantah in #1163
• Send tar hash in the first BuildTransfer packet by @JaewonHur in #1149
• Add builder tests by @JaewonHur in #1154
• Don't enable selinux LSM on boot. by @jglogan in #1166
• Warn user when a named volume is auto-created by @poetryofcode in #1108
• Fix relative path mount tests by @dkovba in #1168
• feat: Add runtime flag to container create and run commands (#1049) by @iko1 in #1109
• feat: add --init-image flag for specifying custom init filesystem images per VM by @manuschillerdev in #937
• Feat: add container registry list by @tico88612 in #1119
• APIServer: Add support for filtering to list rpc by @dcantah in #1175
• Fix persistent CI failures. by @jglogan in #1205
• feat: Moving bundle creation from ContainerService to SandboxService by @ajemory in #1076
• Support using multiple different network plugins by @katiewasnothere in #1151
• ContainerService: Add minimum memory amount validation by @dcantah in #1208
• Add init methods for all the members of the Flags type by @adityaramani in #1203
• Support exporting current container to image by @JaewonHur in #1172
• Fix CI integration test coldstart issues. by @jglogan in #1230
• Add test for container export by @JaewonHur in #1229
• bump to containerization 0.26.2 by @yibozhuang in #1235
• CI observability enhancements. by @jglogan in #1193
• added the other labels by @Ronitsabhaya75 in #1125
• Downgrade the mapping of warnings to the default log level by @dkovba in #1238
• Add --format option for system status. by @jglogan in #1237
• Fix: Environment variables can be duplicated on run by @simone-panico in #1218
• Minimal runtime variant plumbing. by @jglogan in #1239
• Revert "Minimal runtime variant plumbing. (#1239)" by @jglogan in #1255
• cli: Add --init to run/create by @dcantah in #1244
• [scripts]: add update-container script for upgrade/downgrades by @saehejkang in #1173
• Fix directory watcher by @JaewonHur in #1234
• Try to trigger the network privacy alert on port publish. by @jglogan in #1248

New Contributors

• @manojmahapatra made their first contribution in #1146
• @poetryofcode made their first contribution in #1108
• @ajemory made their first contribution in #1076
• @simone-panico made their first contribution in #1218

Full Changelog: 0.9.0...0.10.0

0.9.0

Highlights

⌨️ denotes breaking CLI changes.

👩‍💻 denotes breaking API changes.

• Core
  • Use Kata 3.26.0 kernel
  • Unpack layer content compressed with zstd
  • Install kernels compressed with zstd
  • Configure resource limits
• Network
  • Access host services through hostnames like host.docker.internal
  • Create networks with host-only access

What's Changed

• [image-inspect]: stdout/stderr and logging refactor by @saehejkang in #1044
• Fix: prevent delete default network by @tico88612 in #1083
• Place image store data correctly for app-root path. by @jglogan in #1085
• Add --dns support to build command for custom DNS resolution by @cympak2 in #1067
• Add option to stop services in all launchd domains by @p-linnane in #1077
• Host connection by @JaewonHur in #1078
• Feat: container image delete force option by @tico88612 in #1096
• Make TerminalProgress a library. by @jglogan in #1093
• Isolated network by @JaewonHur in #1079
• Fix grammar in BUILDING.md by @claudeaceae in #984
• Refactor container lifecycle functions to perform scoped rollback on failure by @JaewonHur in #1080
• Implement container prune by @tico88612 in #904
• [image-list]: Add full size field to json output by @saehejkang in #1098
• Removes ArgumentParser import from NetworkMode. by @jglogan in #1102
• Fix testExecOnExitingContainer by @JaewonHur in #1107
• ci: bump actions/checkout from 6.0.1 to 6.0.2 in the github-actions group by @dependabot[bot] in #1100
• Launch a service with waitForDebugger if specified by @JaewonHur in #1101
• Bump to use containerization 0.23.2 by @adityaramani in #1106
• Set mtu to old Containerization default by @dcantah in #1110
• DirectoryWatcher: Small adjustments by @dcantah in #1112
• Update to kata 3.20.0 kernel. by @jglogan in #1114
• Add resource.role label to builder container by @realrajaryan in #1120
• [docs]: update steps on building with containerization project by @saehejkang in #1116
• Fix file descriptor leak in DirectoryWatcher by @Ronitsabhaya75 in #1104
• Fix pfctl executable path in PacketFilter DNS reload by @w-ferg in #1128
• Use labels instead of id to discriminate the builtin network. by @jglogan in #1123
• CLI: Add support for rlimits by @dcantah in #1129
• Deps: Bump Containerization to 0.24.0 by @dcantah in #1127
• Add explanatory message before admin password prompt in uninstall script by @william-laverty in #1118
• Upgrade kernel to Kata 3.26.0. by @jglogan in #1134
• Add in missing rlimits by @dcantah in #1140

New Contributors

• @cympak2 made their first contribution in #1067
• @p-linnane made their first contribution in #1077
• @dependabot[bot] made their first contribution in #1100
• @w-ferg made their first contribution in #1128
• @william-laverty made their first contribution in #1118

Full Changelog: 0.8.0...0.9.0

0.8.0

Important

This release addresses a low severity security issue (CVE-2026-20613) in the containerization library whereby a poorly assembled or maliciously crafted image tar archive can write files to locations other than the extraction directory. The issue is present when a user runs the container image load command (or the `cctl image load command in containerization)

No privilege escalation is possible by exploiting the issue; the archive extractor can only write files that the user could write themselves.

Highlights

⌨️ denotes breaking CLI changes.

👩‍💻 denotes breaking API changes.

• Core
  • Prevent container image load from writing files outside the extraction directory
  • Fixed panics filesystem data integrity errors when stressing containers
  • Numerous stability fixes for container start and stop.
  • container system version shows version info
  • `--read-only command for container create/run mounts root filesystem read-only
  • Add platform architecture aliases for amd64 and arm64
  • 👩‍💻 Reorganized client APIs and numerous other API changes
• Network
  • container network prune removes unused networks
  • IPv6 network configuration, container DNS, and port forwarding
• Storage
  • Improve volume filesystem performance
  • Translate block mount options correctly, use sync mode by default

What's Changed

• fix(TerminalProgress): make the progress bar respect locale-specific decimal separator by @TTtie in #936
• Fix broken image integration tests. by @jglogan in #944
• Update CONTRIBUTORS to MAINTAINERS and point at containerization by @katiewasnothere in #942
• [volumes]: refactor prune command by @saehejkang in #940
• Lowercase error messages by @dkovba in #945
• Deps: Bump Containerization to 0.16.2 by @dcantah in #947
• feat: implement version sub command by @fatelei in #911
• CLI: Fix -it not being able to pipe stdout by @dcantah in #951
• [images]: refactor prune command by @saehejkang in #941
• Feat: customize console output with env variable by @karenheckel in #952
• Upgrade GitHub Actions for Node 24 compatibility by @salmanmkc in #958
• Add Dependabot for GitHub Actions updates by @salmanmkc in #960
• Upgrade GitHub Actions to latest versions by @salmanmkc in #959
• Use new IP/CIDR types from Containerization. by @jglogan in #957
• [networks]: add prune command by @saehejkang in #914
• Fix: Kubes Cluster in Container Crashing Container (IS#923) by @Michaelgathara in #930
• Turn on oops=panic kernel cmdline by @dcantah in #971
• Add support for reading env from named pipes by @Bortnyak in #974
• Adds network IPv6 configuration. by @jglogan in #975
• Fix container auto-delete on rapid stop/start by @realrajaryan in #841
• Fix MAC address option typo in how-to documentation by @claudeaceae in #980
• Fix bash completion source path in documentation by @claudeaceae in #981
• CLI: Fix stop not signalling waiters by @dcantah in #972
• Fix grammar in tutorial.md by @claudeaceae in #985
• Clarify uninstall script location in README by @claudeaceae in #982
• Use full path for uninstall script in upgrade instructions by @claudeaceae in #983
• Fix OSS header dates that break CI checks. by @jglogan in #1009
• Update OSS header in Package.swift. by @jglogan in #1010
• Fix port validation to allow same port for different protocols (#992) by @iko1 in #1000
• CLI: Small fixups for implicit envvars by @dcantah in #1014
• Deps: Bump Containerization to 0.19.0 by @dcantah in #1015
• Parser: Support relative paths for --volume by @dcantah in #1013
• Update license header on all files to include the current year by @katiewasnothere in #1024
• makefile: Add cli target by @dcantah in #1022
• Reorganize client libraries. by @jglogan in #1020
• Update to containerization 0.20.0. by @jglogan in #1027
• Tests: Fix relative path mount tests by @dcantah in #1028
• CLI: Add read-only flag to run/create by @dcantah in #999
• Resolve IPv6 address queries for container names. by @jglogan in #1016
• [container]: add startedDate field by @saehejkang in #1018
• Adds IPv6 port forwarding. by @jglogan in #1029
• ProgressBar: Various fixes by @dcantah in #1025
• Add instructions for using locally built init filesystem. by @jglogan in #1032
• fix: improve error message when binding to privileged ports (fixes #978) by @Ronitsabhaya75 in #1031
• fix: extract hostname from FQDN (#1011) by @iko1 in #1017
• Fix: Support x86_64 architecture alias to prevent silent pull failure… by @Ronitsabhaya75 in #1036
• Fix relative path resolution in entrypoint by @ParkSeongGeun in #987
• Fix the FS error when using Virtualization by @JaewonHur in #1041
• Add support for aarch64 architecture alias by @Ronitsabhaya75 in #1040
• fix: use pax instead of tar for pkg payload extraction by @manuschillerdev in #1038
• Fix unstable integration tests. by @jglogan in #1060
• Adds opt-in pre-commit hook for format and header checks. by @jglogan in #1062
• Update for containerization 0.21.0. by @jglogan in #1056
• fix: performance warning should not output ANSI codes if stderr redirected by @iko1 in #1059
• ContainerSvc: Handle unexpected sandbox svc exits by @dcantah in #1065
• Throw error when starting a container with invalid virtiofs source by @JaewonHur in #1051
• Change behavior of the default arguments in the plugin config by @katiewasnothere in #1063
• Use configuration subnet and fallback to default subnet in allocation only plugin by @katiewasnothere in #1057
• Update to containerization 0.21.1. by @jglogan in #1064
• Use StderrLogHandler for rich logging features. by @jglogan in #1066
• Select macOS 26 CI runners. by @jglogan in #1074

New Contributors

• @TTtie made their first contribution in #936
• @fatelei made their first contribution in #911
• @karenheckel made their first contribution in #952
• @salmanmkc made their first contribution in #958
• @Michaelgathara made their first contribution in #930
• @Bortnyak made their first contribution in #974
• @claudeaceae made their first contribution in #980
• @iko1 made their first contribution in #1000
• @ParkSeongGeun made their first contribution in #987
• @JaewonHur made their first contribution in #1041
• @manuschillerdev made their first contribution in #1038

Full Changelog: 0.7.1...0.8.0

0.7.1

This release includes changes to address data integrity issues reported in #614.

Highlights

⌨️ denotes breaking CLI changes.

👩‍💻 denotes breaking API changes.

• Core
  • Add --max-concurrent-downloads for image pull
• Storage
  • Use containerization 0.16.1 with fs fix, and set default sync mode to fsync

What's Changed

• Add --max-concurrent-downloads flag for parallel layer downloads by @sbhavani in #716
• Data integrity: bump to cz 0.16.1, adjust sync mode. by @jglogan in #939

New Contributors

• @sbhavani made their first contribution in #716

Full Changelog: 0.7.0...0.7.1

0.7.0

Highlights

⌨️ denotes breaking CLI changes.

👩‍💻 denotes breaking API changes.

• Core
  • ⌨️ Replace --disable-progress-updates with --progress none
  • Use Rosetta for image builds
  • Show image download progress during builds
  • Allow use of stdio for image save and load
  • Allow reading of Dockerfile from stdin for build
  • Add container stats
• Network
  • Fix HTTPClient crash when download fails before shutdown
  • Add support for publish port ranges
• Storage
  • Translate block mount options correctly, use sync mode by default
  • Add container system df
  • Update container image prune to remove unused images as well as content

What's Changed

• [how-to-docs]: Add steps for installation of completion scripts by @saehejkang in #799
• Update documentation by @dkovba in #805
• Improvements to Makefile by @dkovba in #822
• Improvements to Protobuf.Makefile by @dkovba in #821
• [build-command]: refactor --progress option by @saehejkang in #810
• Add --mac-address flag to set custom MAC addresses for containers by @DSS3113 in #753
• Update builder-shim to 0.6.3 for metadata only Dockerfile support by @realrajaryan in #825
• Fix container DNS resolution broken by AAAA/IPv6 NXDOMAIN handling by @radoxtech in #786
• [options]: Replace --disable-progress-updates with --progress (none | ansi) by @saehejkang in #808
• Fix HTTPClient crash when download fails before shutdown by @realrajaryan in #837
• Clarify container list abstract to mention it shows running containers by @realrajaryan in #840
• Deps: Bump Containerization to 0.13.0 by @dcantah in #848
• UX: fix typos, grammar and consistency issues by @realrajaryan in #845
• Use container-builder-shim 0.7.0, ensures use of Rosetta. by @jglogan in #858
• Fix Info.plist system properties for symlinked container. by @jglogan in #859
• CLI: Implement exec -d by @dcantah in #852
• Add --rosetta option for arm64 images by @rgov in #846
• Actually resolve symlink when loading bundle Info.plist. by @jglogan in #864
• Add support for publish port ranges by @caztanj in #801
• Show image download progress during builds by @realrajaryan in #850
• Proxy refinements (thanks to @Lukasa). by @jglogan in #873
• [tests]: refactor run function for stdin/stdout support by @saehejkang in #830
• Fixes translation from Filesystem props to Mount runtimeOptions. by @jglogan in #877
• Fix progress bar crash on cached image rebuilds by @realrajaryan in #894
• [image-save-load]: support for stdin/stdout by @saehejkang in #734
• Import --publish checks and data representation. by @jglogan in #872
• [container-build]: Support inline Dockerfile from stdin by @saehejkang in #827
• Fix TestCLICreateCommand failing test by @tico88612 in #897
• Implement container stats by @dcantah in #851
• Fix container stats build break by @dcantah in #898
• Adds client uid validation to XPC server. by @jglogan in #896
• Updates to CZ 0.14.0. by @jglogan in #903
• Added the split method for labeler workflow by @Ronitsabhaya75 in #788
• Add container system df command for disk usage reporting by @realrajaryan in #902
• Build input file cannot be found: '.../CAuditToken.o' by @dkovba in #908
• Fix container image prune to actually remove images, add -a flag support, and bump cz to 0.15.0 by @realrajaryan in #909
• [docs]: add volume prune to command reference by @saehejkang in #910
• fix: connect to backend immediately on channel active for server-first protocols(#794) by @Ronitsabhaya75 in #813
• [docs]: move callout regarding documentation revisions by @saehejkang in #921
• [networks]: Add creationDate field by @saehejkang in #791
• Fix incorrect creationDate for networks. by @jglogan in #926
• Updates CZ to 0.16.0. by @jglogan in #927

New Contributors

• @DSS3113 made their first contribution in #753
• @radoxtech made their first contribution in #786
• @rgov made their first contribution in #846
• @caztanj made their first contribution in #801
• @tico88612 made their first contribution in #897

Full Changelog: 0.6.0...0.7.0