Update docker.io/portainer/portainer-ce Docker tag to v2.40.0

v2.40.0: STS

Compare Source

Known issues

• On Async Edge environments, an invalid update schedule date can be displayed when browsing a snapshot

Known issues with Podman support

• Podman environments aren't supported by auto-onboarding script
• It's not possible to add Podman environments via socket, when running a Portainer server on Docker (and vice versa)
• Support for only CentOS 9, Podman 5 rootful

Changes

New and improved features

• Added an information panel showing current and planned GitOps deployment details when a Git URL or config path is changed
• Docker Compose GitOps stacks can now have their Git URL, config path, and entry point edited after creation
• Cleaned up Git authentication token handling — GitHub tokens can now be entered directly in the Token field rather than the Basic auth field
• Added a -remove-orphans / prune option when deploying Docker Compose stacks
• Added support for -security-opt when creating Docker containers
• Upgraded Helm Go SDK to v4
• Upgraded Kubernetes dependencies to v1.35

Security improvements

• Upgraded CIRCL library to v1.6.3 to fix GO-2026-4550 incorrect secp384r1 CombinedMult calculation
• Upgraded go-git to v5.17.0 to fix GO-2026-4473 improper verification of data integrity for .idx and .pack files
• Upgraded OpenTelemetry Go SDK to v1.41.0 to fix GO-2026-4394 arbitrary code execution via PATH hijacking vulnerability
• Upgraded OpenTelemetry SDK to v1.42.0 to fix CVE-2026-24051
• Upgraded Docker binary to v29.3.0 to mitigate CVE-2025-68121
• Bumped golang-jwt/jwt/v4 to v4.5.2 to fix CVE-2025-30204 regression
• Upgraded gRPC to v1.79.3 to fix CVE-2026-33186
• Fixed missing authorization check on the Custom Template file content API endpoint

Bug fixes

• Fixed GitOps Edge Configurations not restarting the correct service when a bind-mounted configuration file changes
• Fixed Git reference (branch/tag/commit) input field not working in GitOps forms
• Fixed container incorrectly shown as running in the UI while Docker reports it as restarting or removing
• Fixed stack update/edit button remaining clickable during form submission
• Fixed Git-based Docker stacks from GitLab failing environment variable validation for non-admin users
• Fixed Helm Edge stacks being incorrectly marked as External Edge stacks
• Fixed Portainer console freezing when pasting more than 2000 characters
• Fixed TLS certificate upload failing when updating environment connection settings
• Fixed deleting a Kubernetes Edge stack causing the environment to appear as offline
• Fixed LDAP DN builder not accepting dashes in field values
• Fixed "Edit This Application" button being disabled for non-admin users on the Kubernetes application details page
• Fixed Docker Swarm Overlay Network issues causing "Unable to find an agent on any manager node" errors
• Fixed environment selector crashing after upgrade when a group referenced in a stack no longer exists
• Fixed not all containers for a Swarm service being shown
• Fixed blank dashboard appearing after upgrade to 2.39.0 caused by a panic in the UAC evaluation for external stacks
• Fixed container view failing with "Unable to retrieve registries: Unauthorized" for non-admin users
• Fixed race condition in stack update function registration that could cause internal state corruption
• Fixed WebSocket data race in logout handling
• Improved PostInitMigrate() performance from O(N²) to O(N log N)
• Fixed OAuth login failing when the OAuth provider returns a malformed Content-Type header (affects providers such as Cloudflare Access)
• Fixed log lines that are JSON-encoded strings rendering as character-index pairs instead of the actual log text
• Aligned Axios error message display in CE with the EE implementation

Deprecated and removed features

Deprecated features

• None

Removed features

• None