Release Notes

The following release notes are for the Business Edition of Portainer. For Community Edition release notes, refer to the GitHub releases page.

Release 2.26.1

January 21, 2025

Known issues

Known issues with Docker support

• Service pruning does not work with stacks using relative paths

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script

• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)

• Support for only CentOS 9, Podman 5 rootful

Known issues with Talos clusters managed by Omni

• Loading Omni specific information in the Cluster Details view and configuring an existing Talos cluster is currently restricted to Portainer Admins. Environment Admins will get a forbidden error when attempting to do this. This only applies to Omni configuration, and does not affect authentication for any other functionality in the cluster.

Known issues with Kubernetes

• Displaying job executions of cron jobs are limited to 3.

Changes

• Fixed issues relating to the Omni / Talos integration:

  • Implemented additional validation when adding Omni credentials in Portainer to ensure the Service Account key is correct, that it has an admin role, and that it is not expired.

  • Prevent the deletion of Omni credentials if they are still in use with an Omni environment within Portainer.

  • Do not apply Machine Config patches when ‘Override network settings’ is disabled.

Release 2.26.0

January 15, 2025

This is a STS (Short Term Support) release that includes all the changes added up to and including the 2.25.1 patch release as well as various fixes aimed at enhancing the stability and scalability of Portainer. For more details on what is included from the 2.25 release, refer to the 2.25 release notes.

Known issues

Known issues with Docker support

• Service pruning does not work with stacks using relative paths

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script

• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)

• Support for only CentOS 9, Podman 5 rootful

Known issues with Talos clusters managed by Omni

• Loading Omni specific information in the Cluster Details view and configuring an existing Talos cluster is currently restricted to Portainer Admins. Environment Admins will get a forbidden error when attempting to do this. This only applies to Omni configuration, and does not affect authentication for any other functionality in the cluster.

Known issues with Kubernetes

• Displaying job executions of cron jobs are limited to 3.

New in this release

• Added the ability to remove associated volumes when deleting a stack

• Improved the performance for edge:

  • Optimized the server polling handler

  • Optimized the snapshot diff for async

  • Optimized AddEnvironmentToEdgeGroups()

  • Made the async polling handler work concurrently in an optimistic way to allow for more parallelism

  • Optimized the async command creation to reduce DB lookups

  • Optimized the concurrent Edge Stack retrieval by the agent

  • Optimized the Edge Stack status update by the agent

• Fixed a goroutine leak in the Agent that would exhaust the resources over time

• Fixed Edge Stack status updates so that it doesn’t cause wrong counts

• Updated compose-unpacker so it doesn’t rely on the docker-compose binary

• Fixed data races:

  • GetPlatform()

  • Docker transport

  • Agent stack manager

  • Edge auto-onboarding

• Fixed potential logic problems related to edge environment configurations

• Fixed the async snapshot diff logic for Kubernetes environments

• Fixed the router for Kubernetes requests

• Fixed a problem that prevented the assignment of multiple edge groups to async agents on association

• Fixed a problem that prevented the association of async devices without groups

• Fixed a problem that would cause for the edge stack local filesystem path to not be retained when using GitOps edge configs

• Fixed the volume list retrieval and app template deployment when the environment snapshot doesn’t exist

• Standardized the lower case string comparison method

• Fixed a problem that prevented the update of edge stacks when using webhooks with async environments

• Added a new feature to integrate with Sidero Omni

• Added a feature behind a feature flag to disable automatic sync of the built-in Kubernetes roles

• Added a 30 minutes time interval to the OAuth session timeout options

• Added a new Kubernetes view for Jobs and Cron Jobs

• Fixed update create from file option order

Deprecated and removed features

Deprecated features

None

Removed features

None

Release 2.25.1

December 20, 2024

Known issues

Known issues with Docker support

• Service pruning does not work with stacks using relative paths

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script

• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)

• Support for only CentOS 9, Podman 5 rootful

Resolved CVEs

• CVE-2024-45337 [BE-11511]

Changes

• Fixed an issue where excessive warnings were logged if agents weren’t updated to match server version [BE-11498]

Release 2.21.5

December 20, 2024

Resolved CVEs

• CVE-2024-45337

Changes

• Fixed an issue that omitted copying the IP address in container port mapping when provided during the Edit/Duplicate operation for an existing container.

• Fixed an issue with images that included files failing to build.

• Fixed a resource leak that prevented the backup process from finishing under some specific circumstances.

• Optimized the space used by Git repositories.

• Fixed aggressive image pulling retry.

• Fixed an issue where LDAP users get duplicated in a Team for each login.

Release 2.25.0

December 16, 2024

This is a STS (Short Term Support) release that includes all the changes added up to and including the 2.24.1 patch release as well as various fixes aimed at enhancing the stability and scalability of Portainer. For more details on what is included from the 2.24 release, refer to the 2.24 release notes.

Known issues

Known issues with Docker support

• Service pruning does not work with stacks using relative paths

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script

• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)

• Support for only CentOS 9, Podman 5 rootful

New in this release

• Added the ability to prune services while updating Compose Edge Stacks

• Updated Compose to v2.31

• Optimized the HTTP request/response compressor to reduce allocations and improve performance

• Async Edge Agent: cleaned up executed commands to improve performance

• Reduced the total locking time for the backup process and improved the error messages

• Stopped preventing the server startup when docker_config/config.json file is corrupted

• Added the ability for users to specify Portainer agent and updater images from their private registry when creating a remote update or rollback schedule for agents

• Fixed a problem that prevented interaction with Swarm volumes

• Fixed a problem that prevented the GitOps edge configurations from working properly

• Fixed the missing IP binding of published ports when editing a container

• Enforced timeouts for offline environments when doing parallel edge deployments

• Fixed a resource leak that prevented the backup process from finishing under some specific circumstances

• Removed incorrect persistence of filters when interacting with Services and Stack pages

• Restored the remember functionality in the filtered stacks search results

• Enforced Edge Stack naming rules

• Fixed an issue with images that included files failing to build

• Ensured proper Edge Stack removal after a power interruption in the Agent

• Fixed an issue where Git stacks using sub-directories and environment files could not be edited

• Fixed an issue where an extra network is created when deploying a stack with only external networks defined

• Fixed an issue where the env_file field in Compose files were being ignored

• Fixed an issue where a stack that built an image that it then referenced would fail to deploy with a "no such image" error

• Ensured that the PORTAINER_EDGE_ID variable is properly exposed when using Edge Configurations

• Added a new feature called Download Support Bundle

• Added a new feature to enable/disable debug logging within the Portainer UI

• Added a new button in the Licenses Page to support renewal

• Fixed an issue where Helm status was not correctly shown for deployments

• Fixed an issue where the date picker was unusable for activity logs in the dark mode

• Fixed an issue where the namespace level access not being applied to teams

• Fixed an issue where edge stack fails to be deleted when K8s job is set with TTL

• Fixed an issue where LDAP users get duplicated in a Team for each login

• Improved kapa.ai landing page

• Migrated a handful of legacy Angular based Kubernetes pages to React

Deprecated and removed features

Deprecated features

• PUT /kubernetes/{id}/namespaces API endpoint

Removed features

None

Release 2.24.1

December 3, 2024

Known issues

Known issues with Docker support

• Service pruning does not work with stacks using relative paths

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script

• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)

• Support for only CentOS 9, Podman 5 rootful

Changes

• Fixed an issue where Git stacks using subdirectories and environment files could not be edited.

• Fixed an issue where an extra network was being created when deploying a stack with only external networks defined.

• Fixed an issue where the env_file field in Compose files was being ignored.

• Fixed an issue where users were unable to pull images from private registries as expected.

• Fixed an issue where a stack that built an image that it then referenced would fail to deploy with a "no such image" error.

• Fixed an infinite recursion issue in an RBAC route when switching users and connecting to an agent endpoint.

• Fixed an issue that omitted copying the IP address in container port mapping when provided during the Edit/Duplicate operation for an existing container.

• Fixed an issue with images that included files failing to build.

• Fixed an issue where activity logs shown in the Portainer UI were encoded with base64.

Release 2.24.0

November 20, 2024

This is a STS (Short Term Support) release that includes all the changes added up to the 2.23 release and 2.21.4 LTS patch release, as well as various fixes aimed at enhancing the stability and scalability of Portainer. For more details on what is included from the 2.23 release, refer to the 2.23 release notes.

Known issues

Known issues with Docker support

• Service pruning does not work with stacks using relative paths

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script

• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)

• Support for only CentOS 9, Podman 5 rootful

New in this release

• Bumped Go version to 1.23

• Improved the status tracking for Kubernetes Edge Stacks

• Rewrote the stack deployment code to remove the need for the docker-compose binary

• Clean-up and compact user activity DB on start-up

• Added the ability to prune services while deploying Compose stacks

• Added a retry period to Edge Stack deployments

• Fixed user authentication log sorting

• Defaulted to descending timestamp order in the user activity log

• Fixed user activity log sorting

• Fixed aggressive image pulling retry

• Relocated the GitOps TLS toggle so it’s harder to overlook

• Added timeouts to OAuth requests

• Fixed problem that prevented environment association in the waiting room

• Fixed a problem that prevented the Docker image exporting

• Improved the Kubernetes Cluster node view to display conditions

• Migrated more Angular based pages to React

• Fixed the following Kubernetes regressions:

  • Standard user can't get cluster scoped ingress controllers

  • CPU/Memory Limit & Reservation values not multiplied by replica count on "Applications running on this node" table

  • Application rollout restart isn’t functional

Deprecated and removed features

Deprecated features

None

Removed features

None

Release 2.21.4

October 25, 2024

Changes

• Ported client API negotiation changes to ensure LTS can be compatible with future Docker versions.

• Improved the Edge-related API error response by including environment ID and name.

• Added the display of the missing Edge stack deployment errors on the Edge stack environment status page.

• Fixed an issue that prevented the removal of older files when updating an Edge configuration.

• Fixed an issue that prevented consecutive updates of Swarm services from reloading the page.

Release 2.23.0

October 16, 2024

This is a STS (Short Term Support) release that includes all the changes added up to and including the 2.22.0 release, as well as various fixes aimed at enhancing the stability and scalability of Portainer. For more details on what is included from the 2.22 release, refer to the 2.22 release notes.

Known issues

Known issues with Docker support

• Image export is not functioning

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script

• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)

• Support for only CentOS 9, Podman 5 rootful

• Unable to create an image from a container

Known issues with Kubernetes support

• Service accounts, Cluster Roles/Bindings, Roles/Role Bindings) show system resources when toggle is off

• Standard user can't get cluster scoped ingress controllers

• CPU/Memory Limit & Reservation values not multiplied by replica count on "Applications running on this node" table

• Application rollout restart is not functioning

New in this release

• Improved the Home page search speed

• Improved OAuth logging to help diagnose errors

• Increased the CRL request timeout in the Agent to 30s

• Moved the webhook deploying logic to the background to avoid timeouts

• Optimized the space used by Git repositories

• Improved the Edge-related API error response by including environment ID and name

• Fixed the removal of old files when doing an Edge Config update

• Added the display of the missing Edge stack deployment errors on the Edge stack environment status page

• Fixed the Pending status getting stuck for Edge stacks when re-associating environments

• Fixed issues with Kubernetes resources not showing information correctly

• Improved the overall experience for Kubernetes

Deprecated and removed features

Deprecated features

None

Removed features

• Platform and Architecture-Specific Images:

  • We have removed image tags named for various architectures using the convention <platform>-<arch>. These images tags were deprecated in a previous release. This change ensures further standardization and consistency across our software distribution.

Release 2.21.3

October 8, 2024

Changes

• Improved home page search performance, addressing slow response times in certain environments.

• Fixed an issue where the Edge admin role would be removed after login when authenticating via OAuth.

• Fixed an issue where the CRL (Certificate Revocation List) request timeout may be too short, causing potential connection issues.

Release 2.22.0

October 3, 2024

This is a STS (Short Term Support) release that includes all the changes added up to and including the 2.21.2 release, as well as various fixes aimed at enhancing the stability and scalability of Portainer. For more details on what is included from the 2.21 release, refer to the 2.21 release notes.

Breaking changes

As part of the changes on the Kubernetes experiences, some API operations for Kubernetes management may have changed slightly.

Known issues

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script

• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)

• Support for only CentOS 9, Podman 5 rootful

• Unable to create an image from a container

Known issues with Kubernetes management

• Applications deployed via helm chart are no longer grouped on the App list screen

• Service accounts, Cluster Roles/Bindings, Roles/Role Bindings) show system resources when toggle is off

• Standard user can't get cluster scoped ingress controllers

• Unused label incorrectly showing on used volumes, and Used by column is blank

• NaN value on Memory & CPU used bars on Node Details screen

• CPU/Memory Limit/Reservation values on Applications running on this node table rounding down

• Volumes created within Portainer are incorrectly labelled as External

New in this release

• Podman Support:

  • Portainer now supports Podman. It can be installed on Podman and manage Podman environments. Initial support includes Podman 5.x running on CentOS environments.

• ACI Enhancements:

  • Enhancements to ACI management include support for GPUs, private IPs, persistence, and the ability to start, stop, and restart container instances, among other improvements.

• Better Kubernetes Management Experience:

  • The Kubernetes management experience has been overhauled by relocating most of the logic from the client to the server, improving client speed and responsiveness. This update also introduces the ability to manage all Kubernetes resources via a simplified, abstracted API.

• Security Controls for Kubernetes:

  • New security controls allow administrators to disable access to downloading Kubeconfig files and interacting with the Kubernetes shell for non-administrator users.

• Edge Capabilities Improvements:

  • Enhancements to the Edge features have resulted in a more stable, performant, and reliable experience when using Edge capabilities.

• Stability Improvements:

  • Various fixes have been applied to increase the overall stability of Portainer.

• Scalability Enhancements:

  • Adjustments have been made to improve Portainer's performance and reliability at scale, especially in larger environments.

• Security:

  • Critical and high-security vulnerabilities (CVEs) in dependencies shipped within the Portainer images have been addressed. Key components, such as the Docker client and kubectl, have been updated to ensure a secure environment.

Deprecated and removed features

Deprecated features

• Platform and Architecture-Specific Images:

  • We are deprecating image tags named for various architectures using the convention <platform>-<arch>. This change ensures further standardization and consistency across our software distribution.

Removed features

• Platform and Architecture-Specific Images:

  • We are removing images named using the convention <platform>-<arch>-<version>. These images were deprecated in a previous release in favor of the newer convention <version>-<platform>-<arch>. This change ensures standardization and consistency across our software distribution.

• Kompose Logic:

  • All logic related to Kompose has been removed, following its deprecation in a previous version.

• Nomad Support:

  • All logic related to Nomad support has been removed after it was deprecated and subsequently removed from the client in version 2.20.

Release 2.21.2

September 24, 2024

Changes

• Updated Linode branding to align with the new “Akamai Connected Cloud”.

• Fixed an issue with stack deployment on Docker when using a .env file from a Git Repository and referencing it in the Compose file.

Release 2.21.1

September 10, 2024

Changes

• Fixed an issue where Portainer would crash when cloning a large Git repository

• Introduced a JWT revocation mechanism to revoke JWTs after logout

• Fixed an issue when re-creating a container on Docker 24

• Fixed an issue with stack deployment on Docker when using environment variables in the volumes section of the Compose file

Release 2.21.0

August 27, 2024

This is our first Long-Term Support (LTS) release, which includes all the changes that have been added up to the 2.20.3 release, as well as various fixes aimed at enhancing the stability and scalability of Portainer.

What’s Included

• Changes from 2.20.x:

  • This LTS release incorporates all the features, improvements, and bug fixes from the 2.20.x series of releases.

  • For detailed information about the changes included in the 2.20.x releases, please refer to the 2.20.x release notes.

New in this Release

• Stability Improvements: Various fixes have been applied to increase the overall stability of Portainer.

• Scalability Enhancements: Specific adjustments have been made to improve the usage of Portainer at scale, ensuring better performance and reliability in larger environments.

• Security: Critical and high security vulnerabilities (CVEs) associated with dependencies shipped within the Portainer images have been addressed. This includes updates to key components like the Docker client and kubectl to ensure a secure environment.

Deprecated Capabilities and Features

• We’re deprecating the platform and architecture-specific images named using the convention <platform>-<arch>-<version> in favor of the newer convention <version>-<platform>-<arch>. This change ensures standardization and consistency across our software distribution. In the future, we’ll only build and publish images using the new tag convention.

Release 2.20.3

May 21, 2024

This is an STS (Short-Term Support) release. Read more in our "Portainer 2.20 STS" blog post.

Important Notice

On update to this Portainer version, stacks and edge stacks will have their containers restarted after updating them. This is caused by the use of Docker Compose 2.26.1, which requires this restart. Note: If you already updated to 2.20.0, 2.20.1 or 2.20.2 previously, stacks and edge stacks that DO NOT use relative paths may already have had their containers restarted on update of them, and you would not then see a restart again.

Edge

• Resolved an issue where edge configuration files were not being backed up.

• Resolved an issue where device registration via the waiting room was extremely slow during large-scale edge deployment.

• Resolved an issue where users were unable to remove or update an edge configuration that was pending deployment on a device.

Docker

• Resolved an issue introduced in 2.20.0 where stopped Docker containers were incorrectly shown with an Unused badge. portainer/portainer#11797

Swarm

• Resolved an issue where the Edit Container page on Swarm environments was not loading properly. portainer/portainer#11830

Kubernetes

• Resolved an issue introduced in 2.20.0 where, when a placement rule was created for a Kubernetes application, if it was not met for a node, then it would not show up in the expand rows of the Application Details Placement constraints/preferences table. portainer/portainer#11826

• Resolved an issue when creating a MicroK8s cluster where using a hyphen to specify an IP range had stopped working in 2.19.

• Resolved an issue where the "More resources" views in Kubernetes would redirect to the Dashboard upon refresh.

• Resolved an issue in the Kubernetes Applications List page where the namespace filter selection of a system namespace did not persist on refresh or revisit. portainer/portainer#11798

• Introduced a tooltip to the 'Rollback to previous configuration' button in the Kubernetes Application Details screen to explain how rollback works. portainer/portainer#11804

• Prevented a panic from occurring when mistakenly attempting to deploy a Kubernetes application and supplying a docker-compose.yaml instead of a Kubernetes manifest. portainer/portainer#11796

MicroK8s

• Applied updates and ensured confirmed Kubernetes 1.30 support with creation of MicroK8s clusters.

• Introduced an offline mode for creation of a MicroK8s Kubernetes cluster on air-gapped nodes.

Portainer

• Resolved an issue where pending actions to be run on environments could end up in a panic state. portainer/portainer#11818

• Resolved an issue where the subpath of an image tag was incorrectly truncated. portainer/portainer#11831

• Resolved an issue around excessive GitHub API Portainer version checking on page loads. portainer/portainer#11795

• Resolved an issue where loading a large number of volumes took an unreasonable amount of time portainer/portainer#11829

• Resolved an issue in the agent where removing an undeployed stack resulted in errors. portainer/portainer#11828

• Corrected the title wording and some UI styling in the Authentication Logs and Activity Logs screens. portainer/portainer#11807

• Resolved an issue with deploying of containers via Portainer running on Windows Server 2022, where an error regarding CAP_AUDIT_WRITE was occurring. portainer/portainer#11805

API Changes

Release 2.20.2

May 1, 2024

This is an STS (Short-Term Support) release. Read more in our "Portainer 2.20 STS" blog post.

Resolved CVEs

• Resolved CVE vulnerabilities for Windows images portainer/portainer#11716

• Updated kubectl to resolve CVEs. portainer/portainer#11741

• Resolved CVE vulnerabilities for docker binary portainer/portainer#11717

• Resolved CVE vulnerabilities for protobuf portainer/portainer#11718

• Resolved CVE vulnerabilities for crypto portainer/portainer#11719

• Updated k8s.io/apiserver and Helm to resolve CVEs. portainer/portainer#11740

• Resolved CVE vulnerabilities for containerd

• Updated Docker client library to resolve CVEs. portainer/portainer#11738

• Resolved CVE vulnerabilities for otelgrpc

• Resolved CVE vulnerabilities for stdlib portainer/portainer#11720

• Resolved CVE-2024-29296 by creating uniform response time for login attempts. portainer/portainer#11736

• Resolved a CVE regarding data encryption. portainer/portainer#11737

• Updated Docker Compose to resolve CVEs. portainer/portainer#11739

• Updated OPA Gatekeeper for Pod security constraints feature in order to resolve CVEs.

Edge

• Resolved an issue with the edge post initiation migration runner to ensure it runs migrations at the appropriate time, when connection between an edge environment and Portainer server has been established. portainer/portainer#11733

Docker

• Resolved an issue that caused errors when users attempted to connect to their Docker environment via API using HTTPS portainer/portainer#11721

• Provided info text in the UI to clearly explain environment variables stack.env file usage when deploying Docker stacks via Git vs. other methods. portainer/portainer#11732

Kubernetes

• Ensured confirmed support of vanilla Kubernetes 1.30 clusters. portainer/portainer#11730

• Fixed a bug with 2.20 migrating of Kubernetes secrets ownership to an improved model where the migration was not being flagged as complete.

• Resolved an issue with Kubernetes environments that have a significant number of services where the Dashboard services panel never completed loading and the loading spinner was indefinitely displayed. portainer/portainer#11734

KaaS

• Ensured Kubernetes 1.29 is supported with Azure Kubernetes Service (AKS) provisioning of KaaS clusters.

• Ensured Kubernetes 1.29 is supported with Linode Kubernetes Engine (LKE) provisioning of KaaS clusters.

Portainer

• Fixed an issue introduced in 2.20.0 where a user logged in using external SSO could no longer create a Portainer API access token. portainer/portainer#11731

• Resolved an issue where pending actions to be run on environments would still be considered for deleted environments (although not actually run). portainer/portainer#11735

• Resolved issue where containers that exited with code 0 were incorrectly marked as failed deployments portainer/portainer#11724

• Introduced an additional option to automatically detect the authentication style for OAuth portainer/portainer#11725

API Changes

• Fixed the content type for responses from the API endpoint used for token generation portainer/portainer#11723

Release 2.19.5

April 22, 2024

Portainer

• Resolved CVE-2024-29296 by creating uniform response time for login attempts

Release 2.20.1

April 5, 2024

This is an STS (Short-Term Support) release. Read more in our "Portainer 2.20 STS" blog post.

Important Note Regarding Docker 26 Support

Please be aware that support for Docker 26 is provided on an "as-is" basis and is primarily driven by best-effort principles. Minimal regression testing has been conducted to ensure basic functionality. Users should proceed with caution and report any issues they encounter.

Docker

• Resolved an issue where Docker 25/26 API changes affected container-related pages and image size display portainer/portainer#11504

Kubernetes

• Resolved an issue where deploying GitOps edge stacks on a Kubernetes edge device resulted in error portainer/portainer#11503

• Resolved an issue where the secret owner migration process could lead to a deadlock, preventing the HTTP(S) server from starting. portainer/portainer#11501

Portainer

• Fixed an issue where local stacks were being overwritten by orphaned stacks with the same name in the regular stack listing page portainer/portainer#11502

Release 2.20.0

March 19, 2024

Overview of changes

Introducing the new Portainer BE 2.20.0 release. This is an STS (Short-Term Support) release.

As you gear up for the transition to Portainer BE 2.20.0, our latest STS (Short-Term Support) installment, ensuring a smooth upgrade is key. We urge you to back up your configurations via the Portainer UI beforehand. This backup acts as your safety net, ensuring you can gracefully revert to the prior version or state if the new frontier proves too wild. Additionally, pore over the release notes for catching any compatibility issues, understanding deprecated functionalities, and identifying essential tweaks to your current setup. Your diligence will pave the way for a seamless update.

A Short-Term Support release can be considered as "bleeding-edge" as it will contain the latest features and functionality we've developed. The STS releases (including this one) will go through a significant amount of pre-release testing, but there may be changes that could cause regressions and features that might see further iterations. As such, if stability is a crucial concern for your setup we wouldn't recommend deploying STS releases on production environments.

Read more in our "Portainer 2.20 STS" blog post.

Breaking changes

• Discontinued Nomad support in this release. Users won't be able to create new Nomad environments from the UI, and existing Nomad environments are hidden, ceasing their management through Portainer

• Introduced a requirement to specify the current user's password when adding an API token via the UI or the POST /users/{id}/tokens API endpoint.

• Fixed issue when deploying Docker stacks from Git-based custom templates where a user could edit the content via the web editor, when they should only have been able to deploy the content from Git.

Deprecation notice

• DEPRECATED API endpoint GET /kubernetes/{id}/namespaces/{namespace}/configuration. Following Portainer 2.19 split of K8s ConfigMaps and Secrets to two UI tabs and K8s API proxy use, the original endpoint combining both resource types is marked deprecated.

• DEPRECATED API endpoint GET+POST /endpoints/{id}/kubernetes/helm/repositories, MOVED Helm UI option to Advanced Deployment/Create from Manifest screen + now allow users to delete their Helm repos. New endpoint GET+POST /users/{id}/helm/repositories added.

Resolved CVEs

• Updated various packages to resolve CVEs. portainer/portainer#9224

• Resolved CVEs for Portainer Agent

• Resolved CVEs for Portainer CE and BE

Edge

• Addressed CVEs affecting Nomad, enhancing security and stability

• Fixed an issue where edge stacks deployed with retry policy and failing to deploy would remain stuck indefinitely after 1 hour of retries

• Fixed issue where edge stacks with GitOps enabled, would stop polling after restarting the server.

• Fixed issue where confirmation modal was missing when user was trying to update edge stacks.

• Resolving an issue where newer versions of images were not being pulled from the registry as expected when re-pull option was turned on.

• Fixed issue where pre-pull image and retry deployment options were missing after edge stack was deployed

• Fixed an issue where clicking to filter ascending/descending by a column on the waiting room page did not result in any sorting.

• Fixed issue where admin users were unable to update a Git-based edge stack created by another user.

• Fixed an issue where, upon disabling the waiting room feature, existing devices in the waiting room are now automatically associated to prevent them from remaining unassociated

• Implemented a new "Edge Admin" role, enabling users to administer the edge compute feature without altering Portainer settings.

• Fixed issue where the "Retry deployment" toggle did not persist when editing an edge stack.

• Improved UX of making "GitOps Edge Configuration" stand independently, simplifying access and allowing users to effortlessly enable relative paths during configuration.

• Resolved an issue where the count of configurations pushed to edge devices was inaccurately displayed. We now prevent double counting and ensure accurate representation

• Updated app template version to 3.0, now supporting edge apps in templates.

• Corrected the incorrect icon style for edge groups in the UI

• Enhanced the tooltips in the auto onboarding page to provide clear instructions on how to use the "Edge ID" field. Users will now receive guidance on the specific command to run in the script for generating the edge ID

• Resolved an issue where the waiting room remained visible in the sidebar menu despite being disabled by the administrator. The waiting room now correctly hides when disabled.

• Simplified scheduler time settings by removing seconds, providing users with a more straightforward configuration experience.

• Fixed issue where searching for edge groups in the waiting room returned no results

• Fixed issue where non-trusted environments were incorrectly counted for static edge groups

• Implemented the ability for users to upload and manage edge configurations grouped by folders, allowing seamless deployment based on matching edge group names rather than individual devices.

• Resolved an issue by implementing timeouts for the agent during snapshot building, preventing it from getting stuck indefinitely or taking excessive time in unresponsive Docker daemon scenarios

• Fixed an issue where the Edge Agent was resetting EndpointId to 0 and polling global-key incorrectly when disconnected from Portainer server, even with disabled edge compute features

• Introduced Edge App Templates and Custom Templates to address the absence of app and custom templates for edge stacks in Portainer

• Fixed an issue where a dynamic edge group would erroneously create a stack even if no environment was present

• Decoupled the display of Portainer API server URL and tunnel server address from the Edge Compute feature toggle, ensuring clear visibility regardless of the Edge Compute setting, addressing potential user confusion.

Swarm

• Resolved an issue with the Docker Swarm Service List screen where image up to date indicators were not always correct.

• Fixed issue where relative path volumes in Docker Swarm environments did not update when new commits were pushed to the upstream repository and the user clicked "Pull and redeploy" in stacks with GitOps updates enabled.

• Updated the documentation link for Swarm agent setup in the UI to ensure it directs users to the correct documentation.

• Updated the Quick Setup wizard to provide a more accurate message, eliminating misleading connection failure notifications when adding the local environment via Agent deployment.

• Resolved an issue where deleting a Docker Swarm agent stack caused continuous error messages in logs portainer/portainer#7937

• Resolved an issue where a Swarm stack failed to restart after being stopped when using private images. portainer/portainer#8262

Docker

• Introduced the ability to trigger reload of image up to date indicators in the UI.

• Fixed issue where Docker Images List breaks when an image has no tags.

• Resolved inconsistencies between image up to date indicators of Docker Container List, Stack List and Stack Details screens.

Kubernetes

• Introduced warning that Civo KaaS provisioning for a Kubernetes 1.27+ cluster on Extra Small node size may no longer complete as the compute resources are now too limited for required workloads.

• Ensured that, when enabling addons on a MicroK8s cluster during initial set-up of that cluster, any errors that arise are now shown in the UI.

• Ensured that, when enabling addons on a MicroK8s cluster post set-up of that cluster, any errors that arise are now shown in the UI.

• Disabled GKE functionality's Google API client telemetry.

• Updated the version of the kubectl client in the kubectl shell console. portainer/portainer#11303

• Fixed the stripping of labels from certain Kubernetes resources - Ingress, ConfigMap or Secret - when form-editing them. portainer/portainer#11147

• Resolved inconsistency in Kubernetes deployment behavior between standard and async agents regarding the 'Use namespace(s) specified from manifest' switch

• Fixed an issue where namespaces 'set to system' from within Portainer weren't being detected as system. portainer/portainer#11146

• Fixed 'Unable to determine which association to use to convert form' error when adding a service to a Kubernetes pod that had been deployed external to Portainer. portainer/portainer#11136

• Fixed an issue introduced in 2.19.0 where a Kubernetes application deployed from Git required re-entry of Git credentials when changing the deployment.

• Corrected a minor UI issue introduced in 2.19.0, where, on create of Kubernetes application, if the user scrolled down and clicked 'Add persisted folder' without populating name and image fields, the focus would jump up to the first empty required field. portainer/portainer#11155

• Fixed an issue introduced in 2.19 in the ConfigMaps and Secrets lists where a check was no longer made against them for deployments of type Pod and hence an 'Unused' badge in those instances was then not shown. portainer/portainer#11145

• Fixed a 'this.formValues.Services is undefined' error that was shown when editing a pod created via manifest. portainer/portainer#11152

• Resolved an issue where ConfigMaps and Secrets created via manifest were incorrectly shown with the 'External' badge. portainer/portainer#11169

• Fixed issues that occurred when creating a Kubernetes namespace after disabling cluster's over-commit setting, including "Value must be between 0 and -x." warning that was incorrectly shown.

• Introduced a per-user option to enable five-minute data caching for non-edge Kubernetes environments - to improve performance. portainer/portainer#11118

• Resolved an issue with deploying of an edge stack to a Kubernetes async device failing.

• Fixed the Kubernetes Application details screen not showing referenced resources for an app that had used 'envFrom:' in its manifest to load an entire ConfigMap or Secret as environment variables instead of referencing individual values via 'valueFrom:'. portainer/portainer#11144

• Introduced a setting to turn off the Stacks functionality within the Kubernetes side of Portainer. portainer/portainer#11119

• Renamed the Kubernetes Advanced Deployment screen to be 'Create from Manifest'. portainer/portainer#11128

• Corrected display of a very high 'CPU used' value in the Kubernetes Cluster details screen when micro-CPU units were being used. portainer/portainer#11154

• DEPRECATED API endpoint GET+POST /endpoints/{id}/kubernetes/helm/repositories, MOVED Helm UI option to Advanced Deployment/Create from Manifest screen + now allow users to delete their Helm repos. New endpoint GET+POST /users/{id}/helm/repositories added. portainer/portainer#11127

• Introduced an option to enforce admin-only viewing/editing of Kubernetes Secret contents in the UI (where the user did not create that Secret).

• Resolved issues that occurred around editing a Kubernetes application when a namespace had resource quotas set, where the application's (pre-edit) existing resource usage was not being taken into account. portainer/portainer#11143

• Introduced a change so that, on deletion of an ECR or other registry, any related Kubernetes registry secret will now be removed. Note that this type of secret is auto created when assigning a registry to a namespace in a Kubernetes environment. portainer/portainer#11158

• Migrated the Kubernetes Application Details screen's YAML, Events and Containers sections plus any of the screen's remaining code from Angular to React. portainer/portainer#11121

• Fixed an issue around the display of incorrect search results for Kubernetes applications that are exposed via an ingress. portainer/portainer#11160

• Corrected the Kubernetes Volume Details screen to show the Shared Access Policy of the Volume rather than (erroneously) of the StorageClass. portainer/portainer#11163

• Corrected the deploying of a Kubernetes Daemonset with shared storage so that RWX access is granted to the Persistent Volume Claim, as relevant. portainer/portainer#11168

• Migrated the Kubernetes Cluster Setup screen from Angular to React and improved loading of its elements. portainer/portainer#11122

• Introduced a change so that, on assigning a user access to a Kubernetes environment that is down, the access is enabled when the environment next connects. portainer/portainer#11157

• Fixed a console error that could arise in the Kubernetes Add/Edit Application screen when updating resource sliders. portainer/portainer#11159

• Resolved error shown on editing a Kubernetes namespace when the cluster's 'Allow resource over-commit' setting had been turned off where the namespace had originally been created when the cluster's setting was on.

• Corrected the labelling of the Stack field in the Kubernetes Advanced Deployment (now 'Create from Manifest') screen. Also clarified the labelling of Namespace and Name concepts. portainer/portainer#11120

• Introduced new screen for listing, searching and deleting Kubernetes Cluster Roles and their Bindings.

• Introduced new screen for listing, searching and deleting Kubernetes Roles and their Bindings.

• Updated the Ingress list screen to indicate system resources correctly. portainer/portainer#11162

• Fixed incorrect display of an error message when adding a Kubernetes secret under certain circumstances. portainer/portainer#11156

• Made changes to allow stopping of a replicated Kubernetes application by scaling it to zero instances. portainer/portainer#11117

• Introduced new screen for listing, searching and deleting Kubernetes Service Accounts.

• Migrated most of the components of the Kubernetes Create and Edit application screens from Angular to React. portainer/portainer#11123

• Migrated the Kubernetes Add Namespace screen from Angular to React. portainer/portainer#11124

KaaS

• Ensured Kubernetes 1.28 is supported with Linode Kubernetes Engine (LKE) provisioning of KaaS clusters.

• Ensured Kubernetes 1.29 is supported with DigitalOcean Kubernetes (DOKS) provisioning of KaaS clusters.

• Applied updates and ensured Kubernetes 1.29 is supported with Amazon Elastic Kubernetes Service (EKS) provisioning of KaaS clusters.

• Ensured Kubernetes 1.28 is supported with Civo Kubernetes provisioning of KaaS clusters.

• Ensured Kubernetes 1.28 is supported with Google Kubernetes Engine (GKE) provisioning of KaaS clusters.

• Ensured Kubernetes 1.27 is supported with Civo Kubernetes provisioning of KaaS clusters.

• Ensured Kubernetes 1.27 is supported with Linode Kubernetes Engine (LKE) provisioning of KaaS clusters.

• Ensured Kubernetes 1.28 is supported with Azure Kubernetes Service (AKS) provisioning of KaaS clusters.

• Ensured Kubernetes 1.28 is supported with DigitalOcean Kubernetes (DOKS) provisioning of KaaS clusters.

• Applied updates and ensured Kubernetes 1.28 is supported with Amazon Elastic Kubernetes Service (EKS) provisioning of KaaS clusters.

• Corrected access to Add Shared Credentials screen to prevent standard users from navigating to it (although note that it was already correctly disallowing add or view of credentials).

• Removed the possibility of a race condition occurring on use of the eksctl binary for Amazon EKS KaaS cluster provisioning.

• Ensured confirmed support of vanilla Kubernetes 1.29 clusters. portainer/portainer#11129

MicroK8s

• Applied updates and ensured confirmed Kubernetes 1.29 support with creation of MicroK8s clusters.

• Corrected the grammar of a MicroK8s version retrieval error message.

• Ensured confirmed Kubernetes 1.28 support with creation of MicroK8s clusters.

• Introduced the ability for admins to enable the mayastor addon (that has prerequisites) for a MicroK8s cluster, and for admins and environments admins to enable or disable the mayastor addon for a MicroK8s cluster, after is has been provisioned.

• Introduced the ability for admins to enable the minio addon (that has prerequisites) for a MicroK8s cluster, and for admins and environments admins to enable or disable the minio addon for a MicroK8s cluster, after is has been provisioned.

• Resolved a Portainer and MicroK8s issue where, on installing Portainer Agent, the microk8s status command incorrectly shows Portainer Server as enabled. Note, this is fixed in fresh MicroK8s 1.29 installs (and is unrelated to the Portainer version).

Portainer

• Fixed an issue where the "Force HTTPS only" toggle in the SSL certificates section was not functioning as expected.

• Fixed an issue that caused local stacks to be overwritten by orphaned stacks with the same name on the regular stack listing page

• Added version path to in-app documentation links to support long-term support (LTS) vs. short-term support (STS) releases. portainer/portainer#11375

• Fixed issue where users could erroneously edit web editor content in Git-based custom templates.

• Improved logging of in-app Kubernetes CE to BE upgrade.

• Resolved an issue with restoring from backup where portainer_data was stored on a network volume. portainer/portainer#11150

• Fixed web editor errors when selecting between templates with identical Mustache variables and default values.

• Added experimental feature (behind a feature flag) to stream Syslog-formatted user activity and authentication logs to an external Security Information and Event Management (SIEM) system.

• Fixed issue where Bitbucket commit links were broken due to incorrect URL formatting.

• Resolved 'Unable to download backup' error that sometimes occurred when initiating database backup if portainer_data was sited on a network volume. portainer/portainer#11153

• Fixed an issue where a webhook error occurred during the redeployment of a stack created from a private Git repository with relative path enabled.

• Fixed an issue where the cursor would jump to the end of the field after entering a character while editing environment variables for a stack.

• Fixed issue where sorting images by tags in the Images view of a Docker/Swarm environment had no effect, ensuring that images are now sorted in tag order when clicking on the Tags column header.

• Fixed an issue where users were unable to edit the YAML provided by a selected Custom template when deploying a stack.

• Improved GitOps auto updates to prevent piling up when the deployment time exceeds the polling interval.

• Resolved an issue with the upgrade and rollback process where the database was being backed up to a name that the rollback was not expecting. portainer/portainer#10751

• Fixed an issue with the Log viewer where lines that only contained numerical values were not shown.

• Fixed a minor typo in the 'Back up Portainer' settings section. portainer/portainer#11138

• Fixed a UI issue in Backup settings where, on reopening, they would revert to the default view after saving as S3.

• Fixed an invalid commit link in the Stack details screen that could occur if the original copy/pasted Git URL of the stack was a GitHub repo URL with an extension of .git. portainer/portainer#11140

• Fixed an issue where triggering a non-admin container's webhook changed the permission to admin-only.

• Resolved repository reference display discrepancy on deployed Environment Stacks details page

• Fixed inconsistency in container counting between the environment tile on the home page and the containers tile on the environment's Dashboard.

• Introducing 'Auto-Complete' branch selection for Git repositories in stack creation

• Introduced a UI fix to show a 'disabled input' cursor on hover of a toggle that's disabled for change (similar to existing disabled fill-ins, etc.). portainer/portainer#11165

• Provided information text to notify users that the GPU feature supports only Nvidia graphics cards, addressing any potential confusion

• Changed the "Upgrade Licenses" button to "Buy more nodes" for accurate representation of the action, as it reflects the purchase of additional licenses for expanding the number of nodes.

• Resolved an issue in GitLab registry handling, ensuring that Portainer continues loading images seamlessly despite errors such as deleted repositories, preventing 401 errors from affecting the display.

• Discontinued Nomad support in this release. Users won't be able to create new Nomad environments from the UI, and existing Nomad environments are hidden, ceasing their management through Portainer

• Enhanced version details popup to display the current Git commit hash and specific server environment variables for improved transparency and troubleshooting.

• Resolved an issue where an invalid IP address caused an error when the PORT environment variable was used during stack deployment

• Fixed a minor UI issue with the Environment -> Manage access screen enabling the 'Create access' button even though no changes had been made. portainer/portainer#11141

• Fixed issue where editing stacks or edge stacks didn't display relative path information. We now ensure clarity on the mounting point used, despite users being unable to modify the relative path during the editing process

• Adjusted license check-in.

• Enlarged a too-small font used in the Web editor's search/replace feature. portainer/portainer#11175

• Improved authentication and activity logs exported content.

• Improved security by storing sensitive JWT tokens in a more secure manner, enhancing protection for user authentication in the local browser storage

• Implemented improvements to restrict access to specific environment group details

• Enhanced measures to prevent global admins from accessing each other's tokens through direct HTTP requests. This ensures data privacy and aligns with intended access levels in the User Interface.

• Fixed an issue where the "Save Settings" button remained disabled after changing Advanced Options for a Git stack

• Disabled ability to edit orphaned stacks, ensuring consistency and preventing unintended modifications from the UI.

• Fixed issue where sorting by the "Updated" column in the Stacks view of a Docker environment incorrectly sorted based on the "Created" column instead.

• Implemented displaying of the exit code for containers in the Portainer UI.

• Improved Portainer navigation so all submenus now have their top-level option moved down to be the first option within their submenu and they always open to that. Implemented several other small menu improvements. portainer/portainer#11116

• Fixed an issue where the client secret field appeared blank when editing an OAuth configuration under 'Settings - Authentication'.

• Improved the functionality around changing a linked environment's IP address so Portainer Server no longer needs restarting for the update to apply. portainer/portainer#11151

• Improved security by adding a dropdown to hide environment variables in the stack UI on the details page, preventing potential exposure of sensitive information in public or share environments.

• Resolved an issue where information was missing on the registry tag view due to certain registry servers not providing manifest v1 json

• Resolved an issue where hiding a container would incorrectly label the associated container image as Unused. We now ensure accurate representation and address potential user confusion and unintended image deletion.

• Introduced 'noindex' meta-tag to the Portainer login page to denote to search engines that the page should not be indexed and served in search results. portainer/portainer#11164

• Fixed a console error that occurred when resizing the browser window on the containers page, particularly during an active exec console session.

• Improved styling and layout of headings and sub-headings throughout the user interface to improve legibility and hierarchy within pages. portainer/portainer#11166

• Resolved an issue in Container Logs with the Wrap Lines toggle on, where the log display could be mangled and end up unreadable.

• Introduced success notification that was missing when adding a user to a team. portainer/portainer#11170

• Improved styling of toggles throughout the user interface to make it clearer whether they are on or off, both when they are enabled for change or disabled for change. portainer/portainer#11167

• Improved high contrast mode so that field borders, box selector text and expiry banners are easier to make out. portainer/portainer#11173

• Improved high contrast mode to introduce a border around modals and tooltips so they are easier to distinguish from the rest of the screen. portainer/portainer#11174

• Resolved an issue where adding an environment to a newly created group didn't move it from 'available environment' to 'associated environment'; this now functions correctly.

• Introduced support for input, copy and paste of extended Unicode characters in Docker container and Kubernetes kubectl shell consoles. portainer/portainer#5780

Development

• Updated Chisel to version 1.9 to facilitate the upgrade of Golang to version 1.20 for improved performance and compatibility

• Updated the logging library to restore colored console logs from the Portainer binary, enhancing readability and improving visibility for users.

API Docs

• Corrected Swagger API documentation for the Stack image status endpoint, which should be /stacks/{id}/images_status (rather than /docker/{environmentId}/stacks/{id}/images_status).

• Corrected Swagger API documentation for the GET+POST /users/{id}/tokens endpoint so the example response describes the digest format correctly as a string, rather than (erroneously) as a list of integers. portainer/portainer#11172

• Corrected Swagger API documentation for the Docker container, service and stack image status endpoints so they now include example responses and a status explanation.

• Corrected Swagger API documentation for various /cloud (KaaS) endpoints and around an edge generate key endpoint.

• Corrected Swagger API documentation for the GET /edge_update_schedules endpoint so it now describes the includeEdgeStacks parameter, and the /edge_update_schedules/active endpoint which is a POST request but was (erroneously) described as a GET request.

• Corrected Swagger API documentation which listed creation of custom template POST endpoints as /custom_templates/file (or repository or string), but should have listed them as /custom_templates/create/file (or repository or string). portainer/portainer#11149

• Corrected API endpoint GET /webhooks documentation to describe filters parameter as a JSON string. portainer/portainer#11148

• Resolved further Swagger API documentation problems including issues definition of GET /edge_stacks/{id}/logs/{endpoint_id}/file, GET /kubernetes/{id}/max_resource_limits and GET /kubernetes/{id}/namespaces/{namespace}/role_bindings. portainer/portainer#11171

• Fixed Swagger API documentation to accurately reflect the path where the 'environmentId' should be passed, addressing inconsistencies between the documentation and the actual implementation.

• Updated Swagger API documentation to ensure consistency in property naming conventions by using PascalCase instead of camelCase.

• Fixed Swagger API documentation issue where the kaas version and system version APIs erroneously shared the same swaggo ID.

REST API Changes

• Introduced a requirement to specify the current user's password when adding an API token via the UI or the POST /users/{id}/tokens API endpoint. portainer/portainer#11126

• Enhanced the system version API endpoint's response to now include the Portainer version type, distinguishing between Community Edition and Business Edition.

Release 2.19.4

December 6, 2023

Swarm

• Resolved the inability to change the replica set for a swarm service, addressing errors related to invalid CredentialSpec (A refresh of your browser cache may be required) portainer/portainer#10702

Release 2.19.3

November 22, 2023

Portainer

• Resolved an issue where polling and webhook methods failed to update the Stack portainer/portainer#10673

Release 2.19.2

November 13, 2023

Breaking changes

• Deprecation notice of Nomad support in next minor release.

Edge