[!IMPORTANT]

This release addresses a low severity security issue (CVE-2026-20613) in the containerization library whereby a poorly assembled or maliciously crafted image tar archive can write files to locations other than the extraction directory. The issue is present when a user runs the container image load command (or the `cctl image load command in containerization)

No privilege escalation is possible by exploiting the issue; the archive extractor can only write files that the user could write themselves.

Highlights

⌨️ denotes breaking CLI changes.

👩‍💻 denotes breaking API changes.

• Core
  • Prevent container image load from writing files outside the extraction directory
  • Fixed panics filesystem data integrity errors when stressing containers
  • Numerous stability fixes for container start and stop.
  • container system version shows version info
  • `--read-only command for container create/run mounts root filesystem read-only
  • Add platform architecture aliases for amd64 and arm64
  • 👩‍💻 Reorganized client APIs and numerous other API changes
• Network
  • container network prune removes unused networks
  • IPv6 network configuration, container DNS, and port forwarding
• Storage
  • Improve volume filesystem performance
  • Translate block mount options correctly, use sync mode by default

What's Changed

• fix(TerminalProgress): make the progress bar respect locale-specific decimal separator by @TTtie in https://github.com/apple/container/pull/936
• Fix broken image integration tests. by @jglogan in https://github.com/apple/container/pull/944
• Update CONTRIBUTORS to MAINTAINERS and point at containerization by @katiewasnothere in https://github.com/apple/container/pull/942
• [volumes]: refactor prune command by @saehejkang in https://github.com/apple/container/pull/940
• Lowercase error messages by @dkovba in https://github.com/apple/container/pull/945
• Deps: Bump Containerization to 0.16.2 by @dcantah in https://github.com/apple/container/pull/947
• feat: implement version sub command by @fatelei in https://github.com/apple/container/pull/911
• CLI: Fix -it not being able to pipe stdout by @dcantah in https://github.com/apple/container/pull/951
• [images]: refactor prune command by @saehejkang in https://github.com/apple/container/pull/941
• Feat: customize console output with env variable by @karenheckel in https://github.com/apple/container/pull/952
• Upgrade GitHub Actions for Node 24 compatibility by @salmanmkc in https://github.com/apple/container/pull/958
• Add Dependabot for GitHub Actions updates by @salmanmkc in https://github.com/apple/container/pull/960
• Upgrade GitHub Actions to latest versions by @salmanmkc in https://github.com/apple/container/pull/959
• Use new IP/CIDR types from Containerization. by @jglogan in https://github.com/apple/container/pull/957
• [networks]: add prune command by @saehejkang in https://github.com/apple/container/pull/914
• Fix: Kubes Cluster in Container Crashing Container (IS#923) by @Michaelgathara in https://github.com/apple/container/pull/930
• Turn on oops=panic kernel cmdline by @dcantah in https://github.com/apple/container/pull/971
• Add support for reading env from named pipes by @Bortnyak in https://github.com/apple/container/pull/974
• Adds network IPv6 configuration. by @jglogan in https://github.com/apple/container/pull/975
• Fix container auto-delete on rapid stop/start by @realrajaryan in https://github.com/apple/container/pull/841
• Fix MAC address option typo in how-to documentation by @claudeaceae in https://github.com/apple/container/pull/980
• Fix bash completion source path in documentation by @claudeaceae in https://github.com/apple/container/pull/981
• CLI: Fix stop not signalling waiters by @dcantah in https://github.com/apple/container/pull/972
• Fix grammar in tutorial.md by @claudeaceae in https://github.com/apple/container/pull/985
• Clarify uninstall script location in README by @claudeaceae in https://github.com/apple/container/pull/982
• Use full path for uninstall script in upgrade instructions by @claudeaceae in https://github.com/apple/container/pull/983

New Contributors

• @TTtie made their first contribution in https://github.com/apple/container/pull/936
• @fatelei made their first contribution in https://github.com/apple/container/pull/911
• @karenheckel made their first contribution in https://github.com/apple/container/pull/952
• @salmanmkc made their first contribution in https://github.com/apple/container/pull/958
• @Michaelgathara made their first contribution in https://github.com/apple/container/pull/930
• @Bortnyak made their first contribution in https://github.com/apple/container/pull/974
• @claudeaceae made their first contribution in https://github.com/apple/container/pull/980
• @iko1 made their first contribution in https://github.com/apple/container/pull/1000
• @ParkSeongGeun made their first contribution in https://github.com/apple/container/pull/987
• @JaewonHur made their first contribution in https://github.com/apple/container/pull/1041
• @manuschillerdev made their first contribution in https://github.com/apple/container/pull/1038

Full Changelog: https://github.com/apple/container/compare/0.7.1...0.8.0