Canonical Release Notes

Name: Canonical
Brand: Canonical

Last updated: Apr 11, 2026

Get this feed: RSS Email API CSV MCP Slack n8n Zapier

Canonical Products

Ubuntu

27 release notes

All Canonical Release Notes (27)

Feb 12, 2026
- Date parsed from source:
  Feb 12, 2026
- First seen by Releasebot:
  Apr 11, 2026
Ubuntu by Canonical

Ubuntu 24.04.4 LTS released

Ubuntu releases 24.04.4 LTS for Desktop, Server, Cloud, and official flavours, bringing updated installation media, security updates, and fixes for high-severity bugs while keeping a focus on stability and compatibility with Ubuntu 24.04 LTS.

Hello there!

The Ubuntu team is pleased to announce the release of Ubuntu 24.04.4 LTS (Long-Term Support) for its Desktop, Server, and Cloud products, as well as other flavours of Ubuntu with long-term support.

As usual, this point release includes many updates and updated installation media has been provided so that fewer updates will need to be downloaded after installation. These include security updates and corrections for other high-severity bugs, with a focus on maintaining stability and compatibility with Ubuntu 24.04 LTS.

Kubuntu 24.04.4 LTS, Ubuntu Budgie 24.04.4 LTS, Lubuntu 24.04.4 LTS, Ubuntu Kylin 24.04.4 LTS, Ubuntu Studio 24.04.4 LTS, Xubuntu 24.04.4 LTS, Edubuntu 24.04.4 LTS, Ubuntu Cinnamon 24.04.4 LTS and Ubuntu Unity 24.04.4 LTS are also now available. More details can be found in their individual release notes (see 'Official flavours'):

Maintenance updates will be provided for 5 years from the initial 24.04 LTS release for Ubuntu Desktop, Ubuntu Server, Ubuntu Cloud, and Ubuntu Core. All the remaining flavours will be supported for 3 years. Additional security support is available with ESM (Expanded Security Maintenance).

To get Ubuntu 24.04.4 LTS

In order to download Ubuntu 24.04.4 LTS, visit:

Users of Ubuntu 22.04 LTS will be offered an automatic upgrade to 24.04.4 LTS via Update Manager.

We recommend that all users read the 24.04.4 LTS release notes, which document caveats and workarounds for known issues, as well as more in-depth notes on the release itself. They are available at:

If you have a question, or if you think you may have found a bug but aren't sure, you can try asking in any of the following places:

Help Shape Ubuntu

If you would like to help shape Ubuntu, take a look at the list of ways you can participate at:

About Ubuntu

Ubuntu is a full-featured Linux distribution for desktops, laptops, clouds and servers, with a fast and easy installation and regular releases. A tightly-integrated selection of excellent applications is included, and an incredible variety of add-on software is just a few clicks away.

Professional services including support are available from Canonical and hundreds of other companies around the world. For more information about support, visit:

More Information

You can learn more about Ubuntu and about this release on our website listed below:

To sign up for future Ubuntu announcements, please subscribe to Ubuntu's very low volume announcement list at:

On behalf of the Ubuntu Release Team,

Skia
Original source Report a problem
Feb 12, 2026
- Date parsed from source:
  Feb 12, 2026
- First seen by Releasebot:
  Mar 22, 2026
Ubuntu by Canonical

Ubuntu 24.04.4

Ubuntu ships bug fixes and security updates between 24.04.3 and 24.04.4, with updated CD images, improved installation and upgrade reliability, desktop and server cloud fixes, and broader kernel and hardware support improvements.

This is a brief summary of bugs fixed between Ubuntu 24.04.3 and 24.04.4. This summary covers only changes to packages in main and restricted, which account for all packages in the officially-supported images; there are further changes to various packages in universe and multiverse. Some of these fixes were by Ubuntu developers directly, while others were by upstream developers and backported to Ubuntu. For full details, see the individual package changelogs.

In addition to the bugs listed below, this update includes all security updates from the Ubuntu Security Notice affecting Ubuntu 24.04.4 LTS that were released up to and including February 12, 2026.

Installation bug fixes

Updated CD images are provided with this release, including fixes for some installation bugs. (Many installation problems are hardware-specific; for those, see “Hardware support bugs” below.)

Upgrade bug fixes

These changes fix upgrade issues, smoothing the way for future upgrades to later releases of Ubuntu (and not only).

Desktop fixes

These changes mainly affect desktop installations of Ubuntu and other Ubuntu-based desktop systems.

Server and Cloud related fixes

These changes mainly affect installations of Ubuntu on server systems and clouds.

Kernel and Hardware support updates

Considerable work has been done on improving support for many specific items of hardware.
Original source Report a problem
All of your release notes in one feed

Join Releasebot and get updates from Canonical and hundreds of other software products.

Create account
Get updates with: RSS Email API CSV MCP Slack n8n Zapier
Oct 9, 2025
- Date parsed from source:
  Oct 9, 2025
- First seen by Releasebot:
  Apr 11, 2026
Ubuntu by Canonical

Ubuntu 25.10 ("Questing Quokka") released

Ubuntu ships 25.10 Questing Quokka with GNOME 49, new Loupe and Ptyxis apps, Linux 6.17, stronger TPM-backed full disk encryption, NTS by default, updated developer toolchains, and Rust-based sudo and coreutils for improved memory safety.

Ubuntu 25.10, codenamed "Questing Quokka", is here. This release continues Ubuntu's proud tradition of integrating the latest and greatest open-source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, partnering with the community and our partners, to introduce new features and fix bugs.

Ubuntu 25.10 introduces GNOME 49 with media and power controls on the lock screen, HDR brightness settings, and enhanced accessibility features in line with the European Accessibility Act. New apps include Loupe, a modern image viewer, and Ptyxis, a lightweight terminal emulator.

Built on the Linux 6.17 kernel, this release brings nested virtualization on Arm, early Intel TDX host support for confidential computing, and enhanced support for TPM-backed full disk encryption with passphrase support, recovery key management and better integration with firmware updates. Network Time Security (NTS) is enabled by default for more secure time synchronization.

Developer experience advances with updated toolchains for Python 3.13.7 and availability of 3.14 RC3, GCC 15, Rust 1.85, Go 1.25, OpenJDK 25, and previews of .NET 10 and Zig.

Ubuntu 25.10 also debuts Rust-based implementations of sudo and coreutils for improved memory safety, and adopts the new RVA23 profile as the baseline for RISC-V, paving the way to Ubuntu 26.04 LTS.

The newest Edubuntu, Kubuntu, Lubuntu, Ubuntu Budgie, Ubuntu Cinnamon, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, and Xubuntu are also being released today. More details can be found for these at their individual release notes under the Official Flavours section:

Maintenance updates will be provided for 9 months for all flavours releasing with 25.10.

To get Ubuntu 25.10

In order to download Ubuntu 25.10, visit:

Users of Ubuntu 25.04 will be offered an automatic upgrade to 25.10 if they have selected to be notified of all releases rather than just LTS upgrades. For further information about upgrading, see:

As always, upgrades to the latest version of Ubuntu are entirely free of charge.

We recommend that all users read the release notes, which document caveats, workarounds for known issues, as well as more in-depth notes on the release itself. They are available at:

Find out what's new in this release with a graphical overview:

If you have a question, or if you think you may have found a bug but aren't sure, you can try asking in any of the following places:

Help Shape Ubuntu

If you would like to help shape Ubuntu, take a look at the list of ways you can participate at:

About Ubuntu

Ubuntu is a full-featured Linux distribution for desktops, laptops, IoT, cloud, and servers, with a fast and easy installation and regular releases. A tightly-integrated selection of excellent applications is included, and an incredible variety of add-on software is just a few clicks away.

Professional services including support are available from Canonical and hundreds of other companies around the world. For more information about support, visit:

More Information

You can learn more about Ubuntu and about this release on our website listed below:

To sign up for future Ubuntu announcements, please subscribe to Ubuntu's very low volume announcement list at:

On behalf of the Ubuntu Release Team,
Utkarsh Gupta
Original source Report a problem
Oct 1, 2025
- Date parsed from source:
  Oct 1, 2025
- First seen by Releasebot:
  Mar 20, 2026
Ubuntu by Canonical

Ubuntu 25.10 (Questing Quokka)

Ubuntu ships 25.10 Questing Quokka with a new Linux 6.17 kernel, GNOME 49 on Wayland, dracut by default on desktop, chrony as the new time daemon, and major updates across toolchains, desktop apps, cloud, server, and hardware support.
These release notes for Ubuntu 25.10 (Questing Quokka) provide an overview of the release and document the known issues with Ubuntu and its flavours.

Support lifespan

Ubuntu 25.10 will be supported for 9 months until July 2026. If you need long term support, we recommend you use Ubuntu 24.04.3 LTS which is supported until at least 2029.

Upgrades

Upgrades to 25.10 are expected to be enabled on or before Nov 3.

Current blockers:

https://bugs.launchpad.net/ubuntu/+source/rust-coreutils/+bug/2125535

https://bugs.launchpad.net/ubuntu/+source/rust-coreutils/+bug/2127970

New features in 25.10

Updated Packages

Linux kernel 6.17🐧

This release delivers the newest 6.17 Linux kernel. Due to the final upstream release occurring after Kernel Freeze, the kernels shipped with the release images will be based on 6.17-rc7. Updates for all Questing Quokka kernels are scheduled for release in the subsequent week to incorporate the final upstream 6.17 release.

Highlights for this release:

The linux-modules-extra-* packages have been deprecated (LP#2042831). All the kernel modules are now shipped by the linux-modules-- packages.

linux-generic for arm64 will provide via stubble broader compatibility for arm64 desktop platforms that utilize UEFI for booting (LP#2121352).

The foundation for Intel TDX Host Support was merged upstream on Linux 6.16 with additional improvements included in 6.17. The Ubuntu 6.17 kernel will ship with early support for kexec/kdump for TDX-enabled hosts (LP#2121873).

From 25.10, the Ubuntu RISC-V kernel (linux-riscv) will only support hardware that implements the RVA23S64 ISA profile. Systems that don’t satisfy this requirement will not be able to run 25.10. The RISC-V kernel in 24.04 will continue to support boards with RVA20 processor cores.

Other features can be found in the Linux 6.17 upstream changelog.

systemd v257.9

The init system was updated to systemd v257.9. See the upstream changelog for more information about individual features.

sudo-rs and sudo

sudo-rs is the default sudo provider on Ubuntu from 25.10 onwards. 0.2.8 release includes support for older Linux kernels < 5.9, sudoedit, support for NOEXEC and AppArmor profile switching. The Ubuntu release also includes various bug fixes picked from the main upstream branch.

sudo (original sudo maintained by Todd C. Miller) has been upgraded to the latest version 1.9.17p2. The binary files are now renamed with the .ws suffix. Additionally, sudo-ldap package has been removed, please switch to using LDAP authentication via PAM.

Please see Ubuntu Server Docs for configuring default sudo provider and differences between sudo-rs and sudo.ws.

rust-coreutils and gnu-coreutils

The core utilities of the operating system are now provided by the rust-coreutils package. We just updated to the latest version of it: 0.2.2, which features incredible performance improvements to base64 amongst other things.

As rust-coreutils are not necessarily fully compatible yet, we are providing the old utilities by the side, so you can switch back and forth between them. We are also keeping a list of these diversions here.

Netplan v1.1.2ubuntu3

Adds support non-standard OVS setups, e.g. inside snap environments.

Toolchain Upgrades

GCC is updated to 15.2, binutils to 2.45, and glibc to 2.42

Python is updated to 3.13.7 while 3.14 is now available

LLVM defaults to version 20 while 21 is now available

Rust toolchain defaults to version 1.85 while 1.88 is now available

Golang is updated to 1.24

OpenJDK defaults to 21 (LTS), while version 25 (LTS) and an early access snapshot of version 26 are now available

.NET 10 now available

Zig is available for the first time in Ubuntu, defaults to version 0.14.1.

And Ubuntu Toolchains has a new homepage

OpenJDK

OpenJDK 21 is still the default. OpenJDK 25 (LTS) is now available. An early access snapshot of OpenJDK 26 is also included. Support for OpenJDK LTS versions 17, 11 and 8 is being maintained. OpenJDK with CRaC version 25 is also made available, while versions 17 and 21 continue to be supported.

The devpack-for-spring snap now supports development environment setup, by automating the installation and configuration of development tools (OpenJDK, container runtime, IDEs etc.) selected by the user. The Maven and Gradle plugins for Rockcraft have been extended to support native images compiled by GraalVM.

GraalVM Community Edition v25 is available through the graalvm-jdk snap, while GraalVM CE v21 continues to be supported. The snap is now available on arm64 too.

.NET

.NET versions 8 and 9 continue to be supported.

The .NET 10 RC1 SDK and runtimes are now included. Following its general availability in November, the final release will be provided as a subsequent package update.

Alternatively, .NET 10 is available on the latest/beta channel of the official .NET snap. It will be promoted to the latest/stable channel upon final release in November.

Support for the PowerShell snap has been expanded to include the arm64, s390x, and ppc64el architectures, broadening its availability across platforms.

Default configuration changes

Ubuntu Desktop

Installer

New TPM-Backed disk encryption features include:

Passphrase support and management

Regeneration of the recovery key

Better integration with firmware updates

When you enable Install third-party software for graphics and Wi-Fi hardware and additional media formats during installation, screen recording will be hardware accelerated for supported hardware.

The installer has also seen plenty of accessibility fixes.

Updates

When system updates are available, the Software Updater window no longer pops up unprompted, stealing the keyboard focus. Instead, a notification shows up with options to open the Software Updater or to install all updates directly.

An icon in the system tray reminds you that updates are available even after dismissing the notification. It also provides a quick way to apply all the updates or inspect them in the Software Updater.

Enterprise

authd: Ubuntu’s cloud authentication solution:

Supports device registration with EntraID

authctl is a new command line tool to manage authd

Many improvements and important bug fixes such as UID/GID handling

Wayland

The Ubuntu Desktop session now runs only on the Wayland back end. The Ubuntu on X.org session is no longer available because GNOME Shell can no longer run as an X.org session.

Suspend-resume support is now enabled in the proprietary Nvidia driver so as to prevent corruption and freezes when waking an Nvidia desktop.

GNOME

GNOME Shell and related components have been updated to GNOME 49.

You can now set an application to start automatically after login in Settings → Apps.

Fractional scaling factors are now optimized so as to minimize blur.

The default monospace font size has been reduced to match the default user interface font size. The monospace font is used in terminals and similar applications.

New default applications

The Image Viewer app is now provided by Loupe instead of Eye of GNOME (EOG). Loupe is written in Rust and powered by the Glycin library.

The Terminal app is now provided by Ptyxis instead of GNOME Terminal.

Security Center

You can now manage your recovery key for the TPM-backed Full Disk Encryption. For details, see Encrypt your disk with TPM.

Ubuntu Insights

Ubuntu Insights is being developed as a replacement for Ubuntu Report and gives you more control over the non-personally identifying system metrics that you choose to share with Canonical. The metrics collection is opt-in.

In this release, Ubuntu Insights introduces periodic metric collection and replaces Ubuntu Report integration in GNOME Initial Setup.

Note: Any consent that you previously granted to Ubuntu Report will not be carried over to Ubuntu Insights.

Dracut

Ubuntu Desktop 25.10 now uses Dracut as its default initial ramdisk infrastructure, replacing initramfs-tools. Dracut uses systemd in the initial ramdisk and supports new features like Bluetooth and NVM Express over Fabrics (NVMe-oF). Ubuntu Server installations and Ubuntu Desktop for Raspberry Pi continue to use initramfs-tools while we port the remaining hooks. The original initramfs-tools remains supported and you can switch between the two implementations if required. For details about the switch, see [Spec] Switch to Dracut.

Updated Applications

Firefox 143

LibreOffice 25.8

OpenVINO™ Toolkit 2025.2.0 includes openvino.genai for the first time.
Also related to that:

Audacity 3.7.1 comes with OpenVINO™ AI plugins for music separation, noise suppression, music generation and continuation, transcription, and super resolution, and can be run on Intel CPU, GPU, and NPU.

GIMP 3.0.4 which supports the usage of the snap to add AI functionality to GIMP for stable diffusion, super resolution, and semantic segmentation via OpenVINO™ AI plugins for GIMP 3.1.2.

Updated Subsystems

BlueZ 5.83

Pipewire 1.4.7

Support for new Intel® integrated and discrete GPUS

This release brings full support for Intel® Core™ Ultra Xe3 integrated Intel® Arc™ graphics, and Intel® Arc™ Pro B50 and B60 “Battlemage” discrete GPUs. Further Intel® Graphics related features are now available by changes in various components:

Via the Linux Kernel v6.17:

Initial support for Intel’s next-gen client platform codenamed Panther Lake

Enhanced IOMMU and PCIe subsystem for improved GPU virtualization and passthrough.

Improved multi-GPU configuration support for Intel hardware.

Via Mesa 25.2.3:

VK_KHR_shader_bfloat16 enabled in Intel ANV Vulkan driver for Battlemage and Panther Lake** (GFX125+).

Completed OpenCL 2.0 coarse grain buffer SVM support in Iris driver.

Improved color fast-clear handling and multi-engine surface usage for Intel Vulkan (ANV) driver.

Via intel-media-driver 25.3.0:

Panther Lake Upstream decoding and VP9 encoding support

Via intel-compute-runtime 25.31:

Enabling a Level Zero device unified shared memory (USM) pool as a performance change.

A performance-minded change for Xe2 graphics to ensure Level Zero events are always allocated in the local device memory.

Via level-zero 1.24:

Update Level Zero Loader and Headers to support v1.13.1 of L0 Spec

Via level-zero-raytracing 1.1.0:

Ray Tracing Acceleration Structure (RTAS) Extensions

Ubuntu Foundations

Ubuntu 25.10 Foundations Edition: What’s Coming and What’s Next

Cryptography

OpenSSL has been updated to 3.5.3 (It includes security patches from 3.5.4). The most notable updates are:

Support for server side QUIC (RFC 9000).

Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA).

The default TLS supported groups list has been changed to include and prefer Hybrid PQC KEM groups.

Package Management: APT 3.1

APT has been updated to 3.1.6, the latest release, including many new features:

The new solver is now the default. For more insight, see the post “How we delivered the new APT solver in 25.10”

The apt why and apt why-not commands have been added that tell you why the solver installed or could not install a package.

Repositories can now be configured with Include and Exclude directives. In the Include case, only these packages are included; in the Exclude case, these packages are excluded from the repository. This allows you to restrict a repository to specific packages.

The apt history-list and apt history-info commands are included as an early preview easter egg. Enjoy!

Ubuntu Server

ubuntu-server Meta and Seed

Starting in 25.10, the default Ubuntu server image and ubuntu-server metapackage have been updated. Read more at the public spec on Discourse.

screen has been removed from the ubuntu-server seed, and moved to a supported seed. screen remains in main. Users will still see screen installed in most cases, as it is now listed as a dependency of ubuntu-release-upgrader.

wget has been removed from the ubuntu-server seed, and moved to a supported seed. wget remains in main. Users utilizing wget have a number of options.

for simple cases (downloading a file from the internet), wcurl is available as part of the still included curl. This can be a drop-in replacement for simple calls such as wget $URL to wcurl $URL. wcurl exposes all of curl’s options, so adding retries is easy.

For more specialized cases, ensuring wget is installed prior to running is required.

byobu has been removed from the ubuntu-server seed and meta-package and demoted to universe. byobu is still available in Ubuntu.

cloud-guest-utils has been removed from the ubuntu-server seed and meta-package. It is expected to still be installed via cloud-init-base which is a dependency of cloud-init.

dirmngr has been removed from the ubuntu-server seed and metapackage. it is expected to still be installed as it is a dependency of many packages (gnupg, gpg, vanilla-gnome-desktop and other desktop flavors).

Apache 2

Apache 2 has been upgraded to version 2.4.64. This new release includes several bug and security fixes. It also includes the following changes to specific modules:

core: Report invalid Options= argument when parsing AllowOverride directives.

mod_systemd added systemd socket activation support.

Mod_http2 was updated to version 2.0.32, which includes a new directive H2MaxHeaderBlockLen to set the limit on response header sizes.

Mod_proxy now reuses ProxyRemote connections when possible.

For more details, see the upsteam release notes.

Bacula

This is a newly supported package in our “main” repo (was “universe” before).

It was updated from 13.0.4 to 15.0.3 (there was no v14).

You must upgrade the director and storage daemons at the same time.

Old file daemons are still compatible.

Storage volume format was updated from BB02 to BB03, old volumes are still supported.

The catalog database schema needs migration, which is automatically applied if you have installed dbconfig-common.

For more details, see the upstream v15 and v15.0.3 changelog.

Chrony

Chrony was upgraded to version v4.7 and comes pre-installed as the new default time-daemon in Ubuntu 25.10, replacing systemd-timesyncd. It ships with a configuration set to use Ubuntu Network Time Security (NTS) servers by default. In order to migrate upgraded systems to chrony you can execute apt-mark auto systemd-timesyncd && apt install chrony.

See upstream release notes for v4.7.

The two primary changes related to NTS are:

NTS/KE (“Key Exchange”) uses a separate port (4460/tcp) to negotiate security parameters, which are then used via the normal NTP port (123/udp).

A new CA is installed in /etc/chrony/nts-bootstrap-ubuntu.crt that is used specifically for the Ubuntu NTS bootstrap server, needed for when the clock is too far off. This is added to certificate set ID “1”, and defined via /etc/chrony/conf.d/ubuntu-nts.conf.

If your network does not allow access to the Ubuntu NTS servers or the required ports, and the new configuration is in place, chrony will not be able to adjust this system’s clock. To revert to NTP, edit the configuration file in /etc/chrony/sources.d/ubuntu-ntp-pools.sources and revert to using the listed NTP servers in favor of the NTS ones.

cloud-init v. 25.3

Notable features beyond 25.1.2 in Plucky:

Add RaspberryPi OS support

CentOS support for ca_certs writing

Azure: better reporting of platform VM ID errors

CloudStack: add ephemeral network support for early boot config

EC2: Support metadata retrieval over multiple NICs when crawling the datasource

GCE: add template rendering support for processing instance data

Hetzner: report private networks in cloud-init metadata

Oracle: detect ipv6 only for private ULA addresses

VMware: support to apply network configuration updates per-boot and hotplug events

WSL: support for Landscape installation request id provisioning

Add a generalized datasource clean operation for sudo cloud-init clean

Security fix: hotplug socket file is now only root-writable CVE-2024-11584

NetworkManager bug fix for reloading multiple connections

ENI rendering filter out dns entries from written config

Breaking changes:

Security fix CVE-2024-6174: cloud-init will be disabled on non-x86 platforms which do not declare a known datasource in early boot through DMI data, kernel boot params, filesystem configuration or environment files. Such environments may experience inability to SSH into launched VMs. This may require action for non-x86 image creators or OpenStack admins.

Container runtimes

Containerd was updated to the recent 2.1.3 and runC to 1.3.0, docker.io was updated to 28.2. But even more importantly along these updates it established a pattern to either keep the regular updates to the latest version or to opt for slower more stable updates throughout the time the release is active. For more please read Ubuntu Server Gazette - Issue 8 - Containers: Steady paths for agile stacks.

Django

Django has been updated to the latest LTS release 5.2 from 4.2, which includes many new features and bug fixes. All Django middleware provided in Ubuntu has also been updated to be compatible with the new version. See the 5.0 release notes for features and updates added with the major version change and the 5.2 release notes for the changes made leading up to the LTS release.

Dovecot

Upgrading from Dovecot 2.3.x to 2.4 requires several important config file changes. These are explained in detail in the link below. This includes renamed configuration parameters as well as a major change to the syntax. While converting an existing config is possible, it will need careful review to ensure your site customizations are carried through properly.

Additionally, Dovecot 2.4 brings new features including support for the ARGON2 password scheme, SCRAM-SHA-1 and SCRAM-SHA-256 SASL mechanisms, and the X25519 and X448 cryptographic curves for some plugins. A number of features are being removed, changed, or deprecated; for the full list please see: https://doc.dovecot.org/main/installation/upgrade/2.3-to-2.4.html

Notably, support for building for 32-bit architectures has ended, so dovecot will no longer be natively installable on i386 and armhf platforms.

EDK2

Added firmware for Intel ® TDX guests with secure boot capability (LP#2125123).

frr

The FRRouting package was updated to version 10.4.1. Series 10.4.x introduced many new features and bugfixes: please see Release FRR Release 10.4.0 · FRRouting/frr · GitHub for details.

HAProxy

Updated from 3.0.8 to the recent release 3.0.10 which includes
https://www.mail-archive.com/[email protected]/msg45741.html
https://www.mail-archive.com/[email protected]/msg45804.html

Furthermore, it now uses jemalloc for memory allocation which is faster and less memory hungry than the default allocator.

iPXE

iPXE was updated to upstream version from June 2025.

For physically booting to iPXE (e.g. via grub), make sure to install the grub-ipxe package and to adjust you GRUB scripts/config to use ipxe.efi (UEFI) or ipxe.lkrn (x86 BIOS).

UEFI network boot roms for qemu (from ipxe-qemu) are network drivers only (for PXE or HTTP boot) without the iPXE stack.

To boot x86-64 qemu VMs with UEFI and network boot using iPXE scripts, make sure to chainload ipxe.efi (from ipxe package) (see https://ipxe.org/howto/chainloading).

libvirt

The libvirt package was upgraded to version 11.6.0. Here are the important changes since Ubuntu Plucky:

qemu: ppc64 POWER11 processor support

Allow control over QEMU TLS priority strings

qemu: Add support for NVMe disks

qemu: add support for AMD IOMMU device

qemu: Add support for Intel ® TDX guests

Adds TDX as a new type of .

All helper programs are now detected from $PATH during runtime - allowing you to modify its behavior more easily

qemu: Added guest load averages to the output of virDomainGetGuestInfo

qemu: Add support for multiple iothreads for virtio-scsi controller

qemu: integrate support for VM shutdown on host shutdown - a new opt-in way to shut down guests on host shutdown

qemu: Add support for parallel save/restore

qemu: Support for Block Disk Along with Throttle Filters

nodedev: Support ccwgroup based qeth devices

Introduce virtio-mem model for s390 guests

For more details, please see the upstream changelog.

Additionally in Ubuntu, the default URI choice behavior was modified slightly: In the past Ubuntu enforced the qemu:///system URI by overriding LIBVIRT_DEFAULT_URI in /etc/profile.d/libvirt-uri.sh. Starting with Ubuntu 25.10, we’re dropping that profile.d script in favour of a fallback mechanism, which still perserves the default beahvior as qemu:///system for privileged and non-privileged users, but allows to override that default choice by setting LIBVIRT_DEFAULT_URI manually or changing the uri_default parameter in /etc/libvirt/libvirt.conf or ~/.config/libvirt/libvirt.conf (for non-privileged users) respectively.

MySQL

MySQL 8.4 now builds directly against tcmalloc for additional memory efficiency. For more information, see the most recent edition of the Ubuntu Server Gazette.

Nginx

Nginx was updated from 1.26.3 that we had in plucky to the latest stable version 1.28 which, among many other fixes and improvements, brings:

Performance and stability improvements in HTTP/3 and QUIC

Feature: SSL certificates, secret keys, and CRLs are now cached on start or during reconfiguration.

For more details see the upstream release notes.

OpenLDAP

Updated from 2.6.9 to 2.6.10, which contains various bugfixes. See the 2.6 series upstream release notes.

OpenSSH

Updated to the new major 10.0 upstream release, which among other things now uses a hybrid post-quantum algorithm by default for key agreement. It also adds support for glob patterns in “Authorized{Keys,Principals}File” and Match version/sessiontype/command stanzas inside ssh[d]_config, e.g. “Match version OpenSSH_10.*”. And adds support for FIDO tokens that return no attestation data.

Breaking changes

Removes support for the weak DSA signature algorithm.

Announces itself as “SSH-2.0-OpenSSH_10.0”. Do not match on “OpenSSH_1*”.

For more please see the full release notes.

PHP

Upgrade to the 8.4.11 upstream version. The upgrade mostly improves stability and security, fixing crashes and leaks. It brings fixes for a few CVEs (CVE-2025-1735, CVE-2025-6491, CVE-2025-1220).

For more read the upstream changelog since the former version in Plucky that was 8.4.5.

PostgreSQL

PostgreSQL stayed on version 17, but received the stable updates (which we also backport regularly) and now is on 17.6.

A dump/restore is not required for those running 17.X.

If you have self-referential foreign key constraints on partitioned tables, it may be necessary to recreate those constraints to ensure that they are being enforced correctly.

If you have any BRIN numeric_minmax_multi_ops indexes, it is advisable to reindex them after updating.

For more details check the upstream release notes for 17.5 and 17.6.

QEMU

The QEMU package was updated to version 10.1.0. Here are the changes since Ubuntu 25.04.

Arm is able to emulate Secure EL2 physical and virtual timers as well as architectural features FEAT_AFP, FEAT_RPRES, FEAT_XS and even more by 10.1

Arm’s virt board can configuring a larger PCIe MMIO regions via highmem-mmio-size

RISC-V got various improvements like

support for Smdbltrp, Ssdbltrp and Smrnmi extensions

Add ‘sha’ support

Support of the RVA23 Profile

s390x added support for generation 17 mainframe CPUs and virtio-mem

s390x Control program identification data can now be retrieved via QOM

x86 emulation got a performance boost handling string instructions

x86 furthermore got more recent CPU types like ClearwaterForest

virtio-scsi has gained true multiqueue support

Support for Intel ® TDX included

Support for starting a TDX or SEV-SNP virtual machine from an IGVM file.

Support for VFIO on TDX and SNP virtual machines and many more vfio improvements.

32 bit hosts never could never provide the atomicity requirements of 64-bit guests. From 10.0, QEMU has disabled configuration of 64-bit guests on 32-bit hosts.

It is important to note that very old machine types have been deprecated for a while and now finally have been removed upstream and in Ubuntu.

x86 dropped every type <= 2.5 which translates to anything <=xenial. That implies that you can migrate your older guests e.g. from trusty up to 24.04 LTS (noble) or 25.04 (plucky). The former giving another 4 + 5 +5 (basic, pro, legacy) years of support. But then after way more than a decade, guests would need to be bumped to a newer machine type which is generally recommended regularly.

On s390x the cleanup was a bit more agressive - with <=4.1 and thereby <=eoan gone. This is a slightly shorter timeline, but still all the 5+5+5 years of support of an Ubuntu LTS plus the 4 years between focal and noble and thereby quite a long time until you need to consider updating your guest to a newer machine type.

On ppc64 no Ubuntu related machine type was dropped yet, on arm we didn’t yet need to introduce them.

For more details, please see related upstream changelogs and the general log on removed features:

10.1 Changelog

Removed Features

Samba

Samba has been updated to the new upstream 4.22 version.

New features:

SMB3 Directory Leases

Netlogon Ping over LDAP and LDAPS

Experimental Himmelblaud Authentication in Samba

AD DC schema upgrade and provision performance improvements

Removed features:

nmbd proxy logon

cldap port

fruit:posix_rename

Please refer to the upstream release notes for details: https://www.samba.org/samba/history/samba-4.22.0.html

Strongswan

Strongswan was upgraded to v6.0.1, following upstream in dropping the NTRU post-quantum encryption algorithm. See upstream changelogs for the full listing of changes:

Release strongSwan 5.9.14 · strongswan/strongswan · GitHub

https://github.com/strongswan/strongswan/releases/tag/6.0.0

Release strongSwan 6.0.1 · strongswan/strongswan · GitHub

Intel® QuickAssist Technology (Intel® QAT)

Intel® QAT components have been updated to their most recent versions. Those are:

qatlib : 25.08.0
For more information, visit the project’s repo.

qatengine : updated to 2.0.0
For more information, visit the project’s repo.

qatzip : updated to 1.3.1
For more information, visit the project’s repo.

sos (sosreport)

sos was updated to version 4.10.0. Key updates below

The temporary directory has now been changed from /tmp to /var/tmp. This follows changed in systemd-tmpfiles and the cleaning of /var/tmp, this aligns with other distros.

sos clean now cleans the sos concurrently, improving the speed of cleaning.

Many new additional plugins include authd, charmed_mysql, helm, opensearch, pulseaudio and valkey

Many other plugins have also been updated.

Upstream release notes can be viewed on the sos project GitHub.

Subiquity

Please see the 25.10 Release Notes post on GitHub.

Valkey

Valkey was updated to version 8.1, starting with 8.1.1. This includes additional significant performance and efficiency improvements, without any backwards-incompatible changes to commands and responses. For more information on the new version, see the Valkey 8.1 blog post. Release notes are available on the Valkey project GitHub.

Additionally, now that Redis has been updated to 8.0, Valkey no longer acts as a drop-in replacement. Therefore, the valkey-redis-compat package has been removed. If you are planning to swap from Redis to Valkey, make sure to do so prior to upgrading.

OpenStack

OpenStack has been updated to the 2025.2 (Flamingo) release. This includes packages for Aodh, Barbican, Ceilometer, Cinder, Designate, Glance, Heat, Horizon, Ironic, Keystone, Magnum, Manila, Masakari, Mistral, Neutron, Nova, Octavia, Swift, Vitrage, Watcher and Zaqar.

This release is also provided for Ubuntu 24.04 LTS via the Ubuntu Cloud Archive.

The Flamingo release significantly strengthens OpenStack’s security posture with new confidential computing features in Nova (SEV-ES support, one-time passthrough devices), credential rotation capabilities in Magnum, and bring-your-own encryption keys in Manila. The Eventlet Removal is still underway, already being removed across multiple core services including Ironic, Barbican, Heat, modernizing OpenStack’s asynchronous operations foundation for long-term sustainability.

Ceph

Open vSwitch (OVS) and Open Virtual Network (OVN)

OVS was updated to 3.6.0 and OVN was updated 25.09.0. Please refer to the upstream NEWS files for more information about individual features:

OVS 3.6.0

OVN 25.09.0

Platforms

GRUB2

We’ve started shipping a pre-release beta of GRUB 2.14 as the bootloader. Everything should work smoothly, but if you notice anything strange, please file a bug report and let us know!

Public Cloud / Cloud images

Microsoft Azure

Ubuntu images on Microsoft Azure now include azure-vm-utils package, which provides consistent disk naming across SCSI and NVMe devices, improved handling for accelerated networking (MANA and Mellanox), and removes the need for custom udev or Netplan configurations.

How to report any issues resulting from these changes

Raspberry Pi :strawberry:

A new layout of the boot partition is introduced to enhance the reliability of the boot process (LP: #2116266). This will automatically “test” new boot assets written to the boot partition before committing them as the current “known good” set. See the call for testing for more information, or the blog post covering the feature for the full details (including advice on how to opt-out of this feature, where required)

Please note that, due to the new boot process, the boot firmware on your Pi must be up to date. On the Pi 3, 3+, and Zero 2W, the boot firmware is in the image itself, and so is guaranteed to be up to date. On the Pi 5, all boot firmware since release are compatible. However, on the Pi 4 your boot firmware must be dated no earlier than 2022-11-25. To check this, run sudo rpi-eeprom-update. If your firmware is dated earlier than this, using Ubuntu 24.04 (noble) or later, run sudo rpi-eeprom-update -a and reboot.

The Ubuntu desktop images for Raspberry Pi are now based upon the “desktop-minimal” seed rather than “desktop” (LP: #2103808). This greatly reduces the default set of applications installed on the images (saving approximately 777MB of space on the uncompressed image, and thus on user’s systems). The list of applications removed from the image is:

deja-dup (backup service)

file-roller (archive handler)

gnome-calendar

gnome-snapshot (camera application)

libreoffice-*

remmina (remote desktop client)

rhythmbox (music player)

shotwell (photo catalogue)

simple-scan (flat-bed scanner application)

thunderbird (email client)

totem (video player)

transmission-gtk (bittorrent client)

The applications mentioned above will not be automatically removed for upgraders as the ubuntu-desktop meta-package remains manually installed in this circumstance. If you wish to remove these applications (in bulk), you may do so with: sudo apt purge ubuntu-desktop --autoremove. If you wish to keep specific applications, simply “install” them with apt first (which will mark them as “manually installed”, excluding them from automatic removal).

The creation of the swap-file on the desktop images is now handled by cloud-init (LP: #2116275). You may customize the size of the swapfile by editing user-data on the boot partition prior to first boot.

IBM Z and LinuxONE (s390x) image

With every new Ubuntu release, the s390-tools package got upgraded to it’s latest available release v2.38 (LP: #2115416), that now includes support to provide Topology-Map information to user-space (LP: #2098361), support to convert LUKS2 volume from AES keys to retrievable PAES keys (LP: #2117450) as well as Control Program Identification (CPI) hardening for SEL (Security Enhanced Linux) guests (LP: #2118866).

Further support and enhancements were done in the virtualization stack with the implementation of virsh hypervisor-cpu-models in libvirt (LP: #2027925), performance enhanced refresh PCI translation in qemu (LP: #2049699) and kernel (LP: #2049700), the implementation of Control Program Identification (CPI) in qemu (LP: #2118769) and the new reporting of vfio-ap configuration changes with CHSC Store Event Information in KVM, kernel (LP: #2118771) and qemu (LP: #2119160).

Significant effort was spent to enable Ubuntu for the latest IBM Z (z17) and LinuxONE (LinuxONE 5) hardware generations, with support in glibc (LP: #2117398), and the tool-chain, namely:

gcc (LP: #2117410)

llvm (LP: #2117411)

valgrind (LP: #2116735 and LP: #2119288)

Another big area of enhancements is cryptography:

with the upgrade to opencryptoki v3.25 (LP: #2116720) there is now also

support for ep11 token based import and export of secure key objects (LP: #2117436)

the new tools p11kmip that allows to import/export PKCS #11 keys from to a KMIP server (LP: #2117449)

and basic support for AES-GCM in CCA tokens (LP: #2117451)
In addition several cryptography packages were updated, like:

openssl-ibmca to v2.5.0 (LP: #2116709)

openssl-pkcs11-sign-provider to v1.0.2 (LP: #2116721)

libzpc to v1.4.0 (LP: #2116711)

libica4 to v4.4.1 (LP: #2116716)

cryptsetup to v2.8.0 (LP: #2116736)

The kernel also comes with new PHMAC support for MSA 11 HMAC (LP: #2096891).

Finally further tools were updated, like the

smc-tools to v1.8.5, used for shared memory communication cards (LP: #2119285)

libzdnn to v1.1.2, for neuronal network usage with IBM Z hardware support (LP: #2116713) and the

qclib to v2.5.1, that allows to query s390x hardware data (LP: #2116708)

IBM POWER (ppc64el)

RISC-V

Ubuntu 25.10 targets the RVA23S64 ISA profile. Systems that don’t satisfy this requirement cannot run Ubuntu 25.10. RVA20 hardware will continue to be supported by Ubuntu 24.04 LTS.

If you’d like to try it out in a VM, please refer to this guide https://canonical-ubuntu-boards.readthedocs-hosted.com/en/latest/how-to/qemu-riscv/

Known Issues

As is to be expected with any release, there are some significant known bugs that users may encounter with this release of Ubuntu. The ones we know about at this point (and some of the workarounds) are documented here, so you don’t need to spend time reporting these bugs again:

General

Offline installs ticking the box for Nvidia drivers result in Nouveau drivers being installed instead - to work around, install online or update drivers after install. (LP: #2127099)

There is a bug (LP: #2104316) in the beta images that prevents netboot installs in some scenarios.

It has been reported that cloud-init may fails to upgrade properly in the Oracular to Pluck upgrade path, see LP: #2104316.

The Live Session of the new Ubuntu Desktop installer is not localized. It is still possible to perform a non-English installation using the new installer, but internet access at install time is required to download the language packs. (LP: #2013329)

ZFS with Encryption on Ubuntu 24.10 will fail to activate the cryptoswap partition. This affects both new installs and upgrades. We expect to address this post-release with an archive update.

Some particular hardware (e.g. Thinkpad x201) might have issues (general freeze, desktop-security-center not launching, nomodeset) (LP: #2127161, LP: #2048473, LP: #2061118).
Follow these steps if you encounter such an issue:

At the GRUB boot menu, press e (keep Shift pressed during early boot if the menu doesn’t show up).

Add nomodeset to linux line, like the example below: linux /casper/vmlinuz nomodeset ---

Press Ctrl-x to continue the boot process

After installation is complete, reboot, use nomodeset again, like the example below: linux /boot/vmlinuz-6.11.0-8-generic nomodeset root=UUID=c5605a23-05ae-4d9d-b65f-e47ba48b7560 ro

Add nomodeset to the GRUB config file, /etc/default/grub, like the example below: GRUB_CMDLINE_LINUX="nomodeset"

Finally, make the change take effect: sudo update-grub

flatpak is failing to install applications due to missing or incorrect apparmor rules in the profile for fusermount3. Please see Bug #2122161 “[SRU] error: Failed to install org.gnome.Platform:...” : Bugs : Release Notes for Ubuntu for details.

Linux kernel

There is an apparmor issue where confined profiles may unexpectedly seem to apply to another process and restrict things like “ > output.log” from working inside questing LXD containers. See Bug #2121552 ""free > file” blocked by apparmor inside questing ... : Bugs : Release Notes for Ubuntu for more details.

Ubuntu Desktop

Screen reader support is present with the new desktop installer, but is incomplete (LP: #2061015, LP: #2061018, LP: #2036962, LP: #2061021)

You will perhaps experience crashes trying to use the snap-store on Qualcomm Snapdragon X Elite hardware (LP: #2127161)

OEM installs are not supported yet (LP: #2048473)

GTK4 apps (including the desktop wallpaper) do not display correctly with VirtualBox or VMWare with 3D Acceleration (LP: #2061118).

Incompatibility between TPM-backed Full Disk Encryption and Absolute: TPM-backed Full Disk Encryption (FDE) has been introduced to enhance data security. However, it’s important to note that this feature is incompatible with Absolute (formerly Computrace) security software. If Absolute is enabled on your system, the machine will not boot post-installation when TPM-backed FDE is also enabled. Therefore, disabling Absolute from the BIOS is recommended to avoid booting issues.

Hardware-Specific Kernel Module Requirements for TPM-backed Full Disk Encryption: TPM-backed Full Disk Encryption (FDE) requires a specific kernel snap which may not include certain kernel modules necessary for some hardware functionalities. A notable example is the vmd module required for NVMe RAID configurations. In scenarios where such specific kernel modules are indispensable, the hardware feature may need to be disabled in the BIOS (such as RAID) to ensure the continued availability of the affected hardware post-installation. If disabling in the BIOS is not an option, the related hardware will not be available post-installation with TPM-backed FDE enabled.

FDE specific bug reports.

Installing ubuntu-fonts-classic results in a non-Ubuntu font being displayed (LP#2083683). To resolve this, install gnome-tweaks and set ‘Interface Text’ to ‘Ubuntu’.

Wayland desktop performance using the Nvidia driver is still suboptimal. Work is underway to resolve this in 26.04 (LP#2081140).

There is no simple way to customize the login screen (upstream issue). As a workaround, you can copy your personal monitor settings to the login screen with: sudo cp ~/.config/monitors.xml /var/lib/gdm3/seat0/config/ and (at your own risk) you can copy all your other personal settings to the login screen with: sudo cp ~/.config/dconf/user /var/lib/gdm3/seat0/config/dconf/

Ubuntu Server
rabbitmq-server
Certain version hops may be unsupported due to feature flags, raising questions about how Ubuntu will maintain this package moving forward. We are currently exploring the use of snaps as a potential solution to enable smoother upgrades. For more information please read LP: #2074309.
Openstack
Currently, Nova Compute is non-functional because of a python3.13 incompatiblity (LP:#2103413). The Openstack team and Upstream work on it and it will be resolved via an SRU later.

The Ubuntu Cloud Archive is not affected by this bug.
Installer
On systems booting via U-Boot, U-Boot should be updated to the current Plucky version before installation as subiquity does not run flash-kernel and grub-update during the installation. So for first boot the device-tree from U-Boot will be used.

In some situations, it is acceptable to proceed with an offline installation when the mirror is inaccessible. In this scenario, it is advised to use: apt: fallback: offline-install

Network interfaces left unconfigured at install time are assumed to be configured via dhcp4. If this doesn’t happen (for example, because the interface is physically not connected) the boot process will block and wait for a few minutes (LP: #2063331). This can be fixed by removing the extra interfaces from /etc/netplan/50-cloud-init.conf or by marking them as optional: true. Cloud-init is disabled on systems installed from ISO images, so settings will persist.

Installing to a remote NVMe drive using NVMe over TCP firmware support can result in an unbootable system. A workaround exists using an autoinstall directive. Alternatively, the configuration on the target system can be manually fixed post installation before rebooting to the target system. More information at LP: #2127072.

Raspberry Pi
The new gnome-initial-setup has issues preventing it from working properly:

Time zone input dropdown can “wobble” (LP: #2084611)

The hostname change is mandatory (LP: #2093132)

During boot on the server image, if your cloud-init configuration (in user-data on the boot partition) relies upon networking (importing SSH keys, installing packages, etc.) you must ensure that at least one network interface is required (optional: false) in network-config on the boot partition. This is due to netplan changes to the wait-online service (LP: #2060311)

The seeded totem video player will not prompt users to install missing codecs when attempting to play a video requiring them (LP: #2060730)

With the removal of the crda package in 22.04, the method of setting the wifi regulatory domain (editing /etc/default/crda) no longer operates. On server images, use the regulatory-domain option in the Netplan configuration. On desktop images, append cfg80211.ieee80211_regdom=GB (substituting GB for the relevant country code) to the kernel command line in the cmdline.txt file on the boot partition (LP: #1951586).

The power LED on the Raspberry Pi 2B, 3B, 3A+, 3B+, and Zero 2W currently goes off and stays off once the Ubuntu kernel starts booting (LP: #2060942).

Colours appear incorrectly in the Ubuntu App Centre (LP: #2076919).

On server images, re-authentication to WiFi APs when regulatory domain is set result in dmesg spam to the console (LP: #2063365).

On the Pi Zero 2W, the release image contains a bug in the Bluetooth components of the firmware package. This is due to be fixed in an SRU (LP: #2127041).

Google Compute Platform

Google cloud’s ssh-in-browser is broken in 25.10

ssh-in-browser (i.e. the SSH button in the console GUI) does not work in Questing 25.10. This is because the capability relies on older ssh algorithms (diffie-hellman-group-exchange-sha256 and diffie-hellman-group14-sha1) which have now been deprecated in 25.10 (LP: #2127982).

Microsoft Azure

When inspecting system logs with journalctl, users may encounter a denied log entry relating to systemd-detect-virt. There is no known impact on functionality (LP:#2124958).

AWS

Nothing yet.

s390X

During upgrade from Ubuntu Server 25.04 (Plucky Puffin) to Ubuntu 25.10 (Questing Quokka) one may notice the following error with kdump-tools:

“Errors were encountered while processing:
kdump-tools”

This is likely due to a race condition.

One may proceed and complete the upgrade, but at the end of the process the system needs to be manually rebooted. The bug is tracked here: LP: #2126934.

Official flavours

Find the release notes for the official flavours at the following links:

Edubuntu Release Notes

Kubuntu Release Notes

Lubuntu Release Notes

Ubuntu Budgie Release Notes

Ubuntu MATE Release Notes

Ubuntu Studio Release Notes

Ubuntu Unity Release Notes

Xubuntu Release Notes

Ubuntu Kylin Release Notes

Ubuntu Cinnamon Release Notes

More information

Reporting bugs

Your comments, bug reports, patches and suggestions help fix bugs and improve the quality of future releases. Please report bugs using the tools provided. If you want to help with bugs, the Bug Squad is always looking for help.

What happens if there is a high or critical priority CVE during release day?

Server, Desktop and Cloud plan to release in lockstep on release day, but there are some exceptions.

In the unlikely event that a critical or high-priority CVE is announced on release day, the release team have agreed on the following plan of action:

For critical priority CVEs, the release of Server, Desktop and Cloud will be blocked until new images can be built addressing the CVE.

For high-priority CVEs, the decision to block release will be made on a per-product (Server, Desktop and Cloud) basis and will depend on the nature of the CVE, which might result in images not being released on the same day.

This was discussed in the ubuntu–release mailing list March/April 2023.

The mailing list thread also confirmed there is no technical or policy reason why a package cannot be pushed to the Updates or Security pocket to address high or critical-priority CVEs prior to the release.

Participate in Ubuntu

If you would like to help shape Ubuntu, look at the list of ways you can participate at community.ubuntu.com/contribute.

More about Ubuntu

You can find out more about Ubuntu on the Ubuntu website.

To sign up for future Ubuntu development announcements, subscribe to Ubuntu’s development announcement list at ubuntu-devel-announce.
Original source Report a problem

Aug 7, 2025

Date parsed from source:
Aug 7, 2025
First seen by Releasebot:
Apr 11, 2026

Ubuntu by Canonical

Ubuntu 24.04.3 LTS released

Ubuntu releases 24.04.3 LTS for Desktop, Server, Cloud, and official flavours, bringing updated installation media, security updates, and high-severity bug fixes to improve stability and compatibility with Ubuntu 24.04 LTS.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Greetings!

The Ubuntu team is pleased to announce the release of Ubuntu 24.04.3 LTS
(Long-Term Support) for its Desktop, Server, and Cloud products, as well
as other flavours of Ubuntu with long-term support.

As usual, this point release includes many updates and updated
installation media has been provided so that fewer updates will need to
be downloaded after installation. These include security updates and
corrections for other high-severity bugs, with a focus on maintaining
stability and compatibility with Ubuntu 24.04 LTS.

Kubuntu 24.04.3 LTS, Ubuntu Budgie 24.04.3 LTS, Ubuntu MATE 24.04.3 LTS,
Lubuntu 24.04.3 LTS, Ubuntu Kylin 24.04.3 LTS, Ubuntu Studio 24.04.3 LTS,
Xubuntu 24.04.3 LTS, Edubuntu 24.04.3 LTS, Ubuntu Cinnamon 24.04.3 LTS
and Ubuntu Unity 24.04.3 LTS are also now available. More details can be
found in their individual release notes (see 'Official flavours'):

Maintenance updates will be provided for 5 years from the initial 24.04 LTS
release for Ubuntu Desktop, Ubuntu Server, Ubuntu Cloud, and Ubuntu Core.
All the remaining flavours will be supported for 3 years. Additional security
support is available with ESM (Expanded Security Maintenance).

### To get Ubuntu 24.04.3 LTS

In order to download Ubuntu 24.04.3 LTS, visit:

Users of Ubuntu 22.04 LTS will be offered an automatic upgrade to
24.04.3 LTS via Update Manager.

We recommend that all users read the 24.04.3 LTS release notes, which
document caveats and workarounds for known issues, as well as more
in-depth notes on the release itself. They are available at:

If you have a question, or if you think you may have found a bug but
aren't sure, you can try asking in any of the following places:

### Help Shape Ubuntu

If you would like to help shape Ubuntu, take a look at the list of ways
you can participate at:

### About Ubuntu

Ubuntu is a full-featured Linux distribution for desktops, laptops,
clouds and servers, with a fast and easy installation and regular
releases. A tightly-integrated selection of excellent applications is
included, and an incredible variety of add-on software is just a few
clicks away.

Professional services including support are available from Canonical and
hundreds of other companies around the world. For more information
about support, visit:

### More Information

You can learn more about Ubuntu and about this release on our website
listed below:

To sign up for future Ubuntu announcements, please subscribe to Ubuntu's
very low volume announcement list at:

On behalf of the Ubuntu Release Team,

Paride Legovini

-----BEGIN PGP SIGNATURE-----

wsC7BAEBCgBvBYJolLZ7CRDWWGGIPgFNuUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmcDMITpOBJw70Qy7gqITdaf+DQr6eiyJJAxGW0nMNsN
N5xYhBFYa1YXu12aSG6jdltZYYYg+AU25AADJYwf7BwuzRF3JEYgPMYoTx2QWDBqL
xw5z6n8A01rNF49EjnFJdBm1+eas5gVDoDaUMz8iKbk9ku9xkJtshwIAqA+sNl5J
BjYKib6KWXm+1yKa9DkNJlmhOKI/99OR2A3yzQnBOQnb5uZEghsWJsG2aRnA0m02
fD+iPkuri6N0mIljGU9eh+ZppkjC70v1wxZ8lbxoS5nbJEVCbiPLgiLAo6hYdxvX
MdSXMvIbTOJWan7gTzgPBWXIvL2zJvr2BqPBFSlf5PSxD9i8Uzm7t1nmHB58p/1d
+zHnoVpUctGCchB2TPDE7O3RysQsHaRVt9G8/fbn9D6DwigwUv/hOXRjl/wh6Q==
=zDan
-----END PGP SIGNATURE-----

Original source Report a problem

Jul 1, 2025
- Date parsed from source:
  Jul 1, 2025
- First seen by Releasebot:
  Mar 20, 2026
Ubuntu by Canonical

Ubuntu 24.04.3

Ubuntu ships bug fixes and security updates between 24.04.2 and 24.04.3, with updated CD images, installation fixes, desktop and server and cloud improvements, base platform updates, and broad kernel and hardware support work.

This is a brief summary of bugs fixed between Ubuntu 24.04.2 and 24.04.3.

This summary covers only changes to packages in main and restricted, which account for all packages in the officially-supported images; there are further changes to various packages in universe and multiverse.

Some of these fixes were by Ubuntu developers directly, while others were by upstream developers and backported to Ubuntu. For full details, see the individual package changelogs.

In addition to the bugs listed below, this update includes all security updates from the Ubuntu Security Notice affecting Ubuntu 24.04.2 LTS that were released up to and including August 4, 2025.

Installation bug fixes

Updated CD images are provided with this release, including fixes for some installation bugs. (Many installation problems are hardware-specific; for those, see “Hardware support bugs” below.)

Desktop fixes

These changes mainly affect desktop installations of Ubuntu and other Ubuntu-based desktop systems.

Server and Cloud related fixes

These changes mainly affect installations of Ubuntu on server systems and clouds.

Base platform fixes

These changes affect the core fundamental components of all the Ubuntu flavors.

Kernel and Hardware support updates

Considerable work has been done on improving support for many specific items of hardware.
Original source Report a problem
Apr 1, 2025
- Date parsed from source:
  Apr 1, 2025
- First seen by Releasebot:
  Apr 1, 2026
Ubuntu by Canonical

Ubuntu 25.04 (Plucky Puffin)

Ubuntu releases 25.04 Plucky Puffin with a newer Linux 6.14 kernel, systemd and APT updates, GNOME 48, refreshed desktop and server apps, stronger security defaults, expanded hardware support, and broad improvements across cloud, gaming, containers, and developer tools.
Subscribers to the ubuntu-{devel-}announce mailing list and long term participants in the Ubuntu community will have come across Steve Langasek’s work. Steve, known in the community as vorlon, was a long-term member of the Release team (along with being a member of Archive Admin, Techboard, SRU team, and so on) and a colleague to many of us at Canonical. As a member of the Release team, Steve was responsible for devising many of the processes, policies, and tools which we use today, and teaching his fellow members the ropes. Steve passed away on 1st January 2025 after being unwell for quite some time. The Ubuntu Release Team dedicates 25.04 “Plucky Puffin” to our colleague and friend, Steve Langasek. He is missed and will live in our hearts forever. Thank you for everything, Steve.

Upgrades
We’ve identified two issues in the ubuntu-release-upgrader affecting upgrades to Ubuntu 25.04 “Plucky Puffin”:
• Handling of Qt dependencies
• Removal of foreign packages from disabled sources
As a result, upgrades to Ubuntu 25.04 have been temporarily suspended while these issues are being addressed.
The necessary updates are already in the pipeline, and we expect to re-enable upgrades very soon.
Thank you for your patience.

Introduction
These release notes for Ubuntu 25.04 (Plucky Puffin) provide an overview of the release and document the known issues with Ubuntu and its flavours.

Support lifespan
Ubuntu 25.04 will be supported for 9 months until January 2026. If you need long term support, we recommend you use Ubuntu 24.04.2 LTS which is supported until at least 2029.

Upgrades
Upgrades to to Ubuntu 25.04 will refresh seeded snaps to the appropriate snap channels, regardless of what was being tracked before. Snaps that are newly-seeded will be installed during the upgrade. In particular, the following snaps will be installed or refreshed on upgrade:
Early upgrades may wish to perform these updates manually.

New features in 25.04
Updated Packages
Linux kernel 6.14🐧
This release delivers the latest Linux kernel, following Canonical’s new policy. Kernel developers can now make use of a new scheduling system, “sched_ext”, which provides a mechanism to implement scheduling policies as eBPF programs. This enables developers to defer scheduling decisions to standard user-space programs and implement fully functional hot-swappable Linux schedulers, using any language, tool, library, or resource accessible in user-space.
A new NTSYNC driver that emulates WinNT sync primitives is also available, delivering better performance potential for Windows games running on Wine and Proton (Steam Play).
The “bpftools” and linux-perf tools have been decoupled from the kernel version, making dependency management easier for developers working with containers. These tools are now shipped in their own packages.
Other features can be found in the Linux 6.14 upstream changelog.
After the generic kernel grew the ability to tune responsiveness at boot time, the linux-lowlatency binary package has been retired in favour of a combination of linux-generic and a new userspace lowlatency-kernel package, responsible of tuning the grub cmdline.

systemd v257.4
The init system was updated to systemd v257.4. See the upstream changelog for more information about individual features. To highlight a few things:
• In Ubuntu, systemd is no longer built with utmp support. Among other things, this means that systemd’s default /usr/lib/tmpfiles.d/systemd.conf no longer creates /run/utmp.
There is currently this known bug (LP: #2103489) in Ubuntu 25.04, that prevents ‘who’ from properly working and requires a coreutils rebuild.
• The complete removal of support for cgroup v1 (‘legacy’ and ‘hybrid’ hierarchies) is scheduled for v258.
• Support for System V service scripts is deprecated and will be removed in v258. Please make sure to update your software now to include a native systemd unit file instead of a legacy System V script to retain compatibility with future systemd releases.

Netplan v1.1.2 :globe_with_meridians:
Netplan v1.1.2
Adding support for wpa-psk-sha256 WiFis and allowing to configure routing-policy on the NetworkManager backend (LP: #2086544). Additionally, the version shipped in Ubuntu enables new functionality in systemd-networkd-wait-online to wait for DNS servers to be configured and reachable, before considering an interface to be online.

Toolchain Upgrades :hammer_and_wrench:
• GCC a snapshot of the upcoming GCC 15, binutils updated to 2.44, and glibc to 2.41.
• Python is updated to 3.13.3
• LLVM now defaults to version 20
• Rust toolchain defaults to version 1.84
• Golang is updated to 1.24
• OpenJDK versions 24 GA and 25 early access snapshot are now available

OpenJDK
OpenJDK 21 is still the default. OpenJDK 24 is included as an optional OpenJDK. An early access snapshot of OpenJDK 25 is also included. Support for OpenJDK LTS versions 17, 11 and 8 is being maintained. OpenJDK with CRaC versions 17 and 21 also continue to be supported.
We are excited to announce the devpack-for-spring snap and a set of Spring® content snaps that will serve as development tools for Spring® projects. Developers can now quickly build Ubuntu ROCK images for their Java applications using the Gradle and Maven plugins for Rockcraft.
Additionally, GraalVM Community Edition for JDK versions 21, 24 and 25ea is now available as a snap. Java developers now have a choice to build and deploy their applications with standard OpenJDK, with OpenJDK-CRaC or as a GraalVM native image.

.NET
.NET versions 8 and 9 continue to be supported.
The dotnet snap is updated to include .NET version 9. The powershell-preview snap has been updated to build from source.

Default configuration changes :gear:
AppArmor profiles
AppArmor profile writing effort
As part of a profile writing effort to improve overall system security, the AppArmor package now includes many new profiles for applications. This improved sandboxing can help mitigate the impact of any exploit in the confined applications. However, these profiles may cause breakage for unanticipated uses of those applications, and we encourage users to file a bug on Launchpad for AppArmor-induced breakage in common use cases. When AppArmor denies an action, it usually generates a log entry describing the denial, which will help us investigate the bug, but which can also be used to add additional rules for customization or to work around the denials. AppArmor log entries can be read in the auditd logs, if auditd is installed, or in the syslog otherwise. This page describes how the information contained in the denial log can be used to update a local override.

AppArmor profile for bwrap
AppArmor now comes with a bwrap profile (bwrap-userns-restrict) that allows it to create user namespaces and set up sandboxing, before transitioning to a tighter profile that denies capabilities for the processes running inside the bwrap sandbox. The addition of this profile should unblock more use cases for bwrap while allowing a reduction in the kernel attack surface opened up by unprivileged user namespaces. However, this profile still restricts unprivileged userns creation and capability usage even when bwrap (and its sandboxed application) are run as a privileged user, so such use cases may not be fully supported yet.

AppArmor profile removals
As part of hardening improvements around AppArmor user namespace mediation, profiles for busybox and nautilus that directly allowed them access to user namespaces have been removed. As a result, the busybox unshare function can no longer be used to create unprivileged user namespaces. Nautilus’ use of user namespaces should still work due to the new bwrap-users-restrict profile, but regressions are possible if there are bugs in the bwrap profile.

tzdata
Previously, the tzdata package in Ubuntu used the /etc/timezone file to configure the system’s timezone. This method is not supported by systemd and certain desktop environments, which instead only change the /etc/localtime symlink to point to a file in /usr/share/zoneinfo.
For this reason, starting with version 2024b-5, the tzdata package no longer automatically creates the /etc/timezone file, but still updates it if it exists. In the next Ubuntu 25.10 release, the /etc/timezone file will be automatically removed and support for it in the maintainer scripts will be completely dropped.

Ubuntu Desktop
New ARM64 Desktop Image
• There is now also an official generic arm64 desktop ISO targeting VMs, ACPI + EFI platforms and Snapdragon based WoA devices.
• Initial hardware enablement work for the Snapdragon X Elite platform is included in the desktop ISO

Installer and Upgrades
• Added the option to replace an existing Ubuntu installation
• Improved dual boot UX (with a focus on BitLocker protected Windows systems):
◦ Added the option to install Ubuntu alongside existing BitLocker partitions if enough unallocated space (or a sufficiently large and resizable partition) is available
◦ Made encrypted installations and other ‘advanced options’ available for dual boot scenarios

Enterprise
• authd: Ubuntu’s cloud authentication solution:
◦ Many fixes and improvements to the EntraID provider
◦ New Google provider
◦ New authd documentation
• ADSys Release: the Active Directory Group Policy client for Ubuntu, supports the latest Polkit and comes with improvements and bug fixes to certificates enrolment.

GNOME :footprints:
GNOME has been updated to include new features and fixes from the latest GNOME release, GNOME 48
GNOME 48 now includes the triple buffering feature from Ubuntu

Default app changes
• The Document Viewer app for viewing PDFs is now provided by Papers instead of Evince. Papers started with the Evince codebase but it has been updated to use GTK4 and partially rewritten in Rust.
• xdg-terminal-exec is installed by default making it easier to switch a user’s default terminal for the Ctrl+Alt+T keyboard shortcut and for opening terminal apps (LP: #2107326)
• Geolocation services are now backed by BeaconDB after Mozilla Location Services was retired last year
• The JPEG XL format is now supported without needing to install any additional packages

Updated Applications
• Firefox 137
• LibreOffice 25.2
• Thunderbird 128 “Supernova”
• GNU Image Manipulation Program 3.0 is available for install
• The fish shell has undergone a significant transformation, rewritten entirely in Rust. This change brings enhanced performance and improved stability, while maintaining the feature set. The upstream community has a blog about the rust port.

Updated Subsystems
• BlueZ 5.79
• Cairo 1.18.4
• NetworkManager 1.52
• Pipewire 1.2.7
• Poppler 25.03
• xdg-desktop-portal 1.20
• Nvidia 570
• The libva library is now available in the Main repository component. The library implements VA-API (Video Acceleration API) for hardware video decoding and encoding. Applications can now use VA-API out of box. Notably, you can record your screen at the original screen rate. Without VA-API, your screen recording has a reduced frame rate because it’s limited by the CPU. To use VA-API, enable third-party drivers during Ubuntu installation. You can also install the library after installation: sudo apt install va-driver-all

Gaming
NVIDIA Dynamic Boost
This release enabled NVIDIA Dynamic Boost by default on supported laptops with NVIDIA GPUs.
NVIDIA Dynamic Boost is a feature of the NVIDIA drivers that dynamically shifts power between CPU and GPU depending on the workload on the system. While gaming, this allows extracting more performance by granting more power to the GPU.
Dynamic Boost will be active only when the laptop is powered by AC and there is enough load on the GPU. It will not be engaged when the system is running on battery.
For more details refer to NVIDIA’s documentation.

Support for new Intel® integrated and discrete GPUS
This release brings full support for Intel® Core™ Ultra Xe2 integrated Intel® Arc™ graphics, and Intel® Arc™ B580 and B570 “Battlemage” discrete GPUs.
Moreover, the following features are also included:
• Improved GPU and CPU ray tracing rendering performance in applications with Intel Embree support, such as Blender (v4.2+). Ray tracing hardware acceleration on the GPU improves frame rendering by 20-30%, due to a 2-4x speed-up for the ray tracing component.
• Full hardware accelerated video encoding of AVC, JPEG, HEVC, and AV1 on “Battlemage” devices.
• Introduction of the new CCS optimization in Intel® Compute Runtime.
• Enable debugging support for Intel Xe GPUs.
• oneAPI Level Zero Ray Tracing improves AI/ML workload speeds via Embree on SYCL

Ubuntu Foundations
Cryptography
OpenSSL has been updated to 3.4.1 and GnuTLS has been updated to 3.8.9. In addition, patches from their git stable branches have been added in order to include as many fixes as possible starting with release day.

Package Management: APT 3.0
APT has been updated to 3.0.
The new dependency solver is now automatically used if the classic solver cannot find a solution to either find a solution or add more context to the failure, and in other cases to evaluate its performance.
APT has switched from GnuTLS and gcrypt to the OpenSSL library for TLS connections and file hashing, which should improve compatibility and reduces the footprint of minimal installations.
An automatic pager has been added to apt(8) for commands such as show and list, similar to git log and journalctl.
The apt-key command has been removed. Signature verification now makes direct use of gpgv. Some packages and system administration scripts may need adjustment for managing keys directly, advice can be found in the apt-secure(8) manual page.

Ubuntu Server
Apache2
• mod_md: update to version 2.4.31
◦ Improved behavior waiting for ACME server to verify domains.
◦ Fix certificate retrieval on ACME renewal to not require a ‘Location:’ header returned by the ACME CA. This was the way it was done in ACME before it became an IETF standard. Let’s Encrypt still supports this, but other CAs do not.
◦ When the server starts, it looks for new, staged certificates to activate. If the staged set of files in ‘md/staging/’ is messed up, this could prevent further renewals to happen. Now, when the staging set is present, but could not be activated due to an error, purge the whole directory.
◦ Restore compatibility with OpenSSL < 1.1.
• Add the ldap-search option to mod_authnz_ldap, allowing authorization to be based on arbitrary expressions that do not include the username.
• mod_ssl: Restore support for loading PKCS#11 keys via ENGINE without “SSLCryptoDevice” configured.
• http: Remove support for Request-Range header sent by Navigator 2-3 and MSIE 3.
• mod_rewrite: Don’t require [UNC] flag to preserve a leading // added by applying the perdir prefix to the substitution.
• mod_proxy: Avoid AH01059 parsing error for SetHandler “unix:” URLs in (incomplete fix in 2.4.62).
• mod_tls: removed the experimental module. It now is availble standalone from GitHub - icing/mod_tls: rustls based TLS for Apache httpd. The rustls provided API is not stable and does not align with the httpd release cycle.
• mod_rewrite: Better question mark tracking to avoid UnsafeAllow3F.
• mod_http2: Return connection monitoring to the event MPM when blocking on client updates.

Clamav
ClamAV was updated from 1.3 in Ubuntu 24.10, to version 1.4.2 in 25.04.
This brings a number of fixes, along with the following noteworthy changes from the Clamav 1.4.0 feature release:
• Added support for extracting ALZ archives. The new ClamAV file type for ALZ archives is CL_TYPE_ALZ. Added a DCONF (Dynamic CONFiguration) option to enable or disable ALZ archive support, via ClamAV .cfg “signatures”.
• Added support for extracting LHA/LZH archives. The new ClamAV file type for LHA/LZH archives is CL_TYPE_LHA_LZH. Added a DCONF option to enable or disable LHA/LZH archive support.
• Added the ability to disable image fuzzy hashing, if needed. For context, image fuzzy hashing is a detection mechanism useful for identifying malware by matching images included with the malware or phishing email/document.
• Added a DCONF option to enable or disable image fuzzy hashing support.
• Fixed an unaligned pointer dereference issue on select architectures.
For complete details of all changes leading up to 1.4.2, please see the upstream release notes at: https://blog.clamav.net/

Chrony
Starting with version 4.5-3ubuntu4, chrony will ship with a default configuration set to use Ubuntu NTS servers by default.
The two main changes are:
a) NTS/KE uses a separate port (4460/tcp) to negotiate security parameters, which are then used via the normal NTP port (123/udp). This is a new deployment, running on different IP addresses than the service without NTS.
b) A new CA is installed in /etc/chrony/nts-bootstrap-ubuntu.crt that is used specifically for the Ubuntu NTS bootstrap server, needed for when the clock is too far off. This is added to certificate set ID “1”, and defined via /etc/chrony/conf.d/ubuntu-nts.conf. There is also a staging CA shipped with the package, but it’s not referred to anywhere and is just there as a convenience for testing the staging servers.
If your network does not allow access to the Ubuntu NTS servers and the required ports, and the new configuration is in place, chrony will not be able to adjust this system’s clock. To revert to NTP, just edit the configuration file in /etc/chrony/sources.d/ubuntu-ntp-pools.sources and revert to using the listed NTP servers in favor of the NTS ones. Or revert to your previous copy of that configuration file.
For other changes introduced in version 4.6.1, please refer to the upstream release notes.

cloud-init v. 25.1.1
Notable features beyond v. 24.3 present in Oracular:
• oracle: add true single stack ipv6 support
• networkd: Support RequiredForOnline option
• smartos: Add addrconf IPv6 support
• networkd: Conditionally remove networkd online dependency on Ubuntu (#5772)-
• security: Ensure random passwords contain multiple character types
• Enable new datasource for CloudCIX platform
• vmware:
◦ Move DS VMware to be in front of DS OVF (#5912)
◦ Convert imc network config to v2 (#5937)
• Identify Samsung Cloud Platform as OpenStack (#5924)
• aliyun: support crawl metadata at once (#5942) [jinkangkang]
For the full list of changes, please see the upstream release notes.
Breaking changes:
• To avoid installing unnecessary debian package dependencies on all images, cloud-init debian package now creates separate binaries:
◦ cloud-init-base: installs all debian package Depends: common to all cloud platforms
◦ separate cloud-init- metapackage defining cloud-specific package dependencies for platforms such as CloudSigma, SmartOs.
Seeding the cloud-init metapackage in Plucky and later will continue to install all package dependencies previously provided by the cloud-init package on Noble and Oracular.

Containerd
The containerd (src:containerd-app) package was updated to version 2.0.2. Version 2 includes the stabilization of new features added in the last 1.x release as well as the removal of features which were deprecated in 1.x, meaning you should expect breaking changes here.
For further details on such changes, please refer to the upstream release notes.

runc
runc (src:runc-app) was updated to upstream version 1.2.5. This new version includes several fixes and changes including
• When using cgroups v2, allow to set or update memory limit to “unlimited” and swap limit to a specific value.
• Mount options on bind-mounts that clear a mount flag are now always applied. Previously, if a user requested a bind-mount with only clearing options (such as rw,exec,dev) the options would be ignored and the original bind-mount options would be set.
• Container configurations using bind-mounts with superblock mount flags (i.e. filesystem-specific mount flags, referred to as “data” in mount(2), as opposed to VFS generic mount flags like MS_NODEV) will now return an error.
• Fix CVE-2024-45310, a low-severity attack that allowed maliciously configured containers to create empty files and directories on the host.
• runc features is no longer experimental.
• runc option --criu is now ignored (with a warning), and the option will be removed entirely in a future release.
• runc kill option -a is now deprecated. Previously, it had to be specified to kill a container (with SIGKILL) which does not have its own private PID namespace (so that runc would send SIGKILL to all processes). Now, this is done automatically.
• runc now supports id-mapped mounts for bind-mounts (with no restrictions on the mapping used for each mount).
• runc will now use cgroup.kill if available to kill all processes in a container (such as when doing runc kill).
For a complete list of changes and more details on the ones above, refer to the upstream changelog.

Docker
The docker.io (src:docker.io-app) package was updated to version 27.5.1. Some highlights of this version include:
• docker image ls now supports --tree flag that shows a multiplatform-aware image list.
• The Aliases field returned by docker inspect contains the container short ID once the container is started. This behavior was removed. Now, the Aliases field only contains the aliases set through the docker container create and docker run flag --network-alias. A new field DNSNames containing the container name (if one was specified), the hostname, the network aliases, as well as the container short ID, has been introduced in v25.0 and should be used instead of the Aliases field.
• Add --platform flag to docker image push and improve the default behavior when not all platforms of the multi-platform image are available locally.
• Several improvements to IPv6 network configuration.
• ip6tables is no longer experimental. You may remove the experimental configuration option and continue to use IPv6, if it is not required by any other features.
• ip6tables is now enabled for Linux bridge networks by default.
Watch out for deprecation or removal of features in this upstream page.

docker-buildx:
docker-buildx was updated to version 0.20.1. This version introduces new features such as
• New --call option allows setting evaluation method for a build, replacing the previous experimental --print flag.
• Build command now ensures that multi-node builds use the same build reference for each node.
• Several improvements for the bake command.
• New buildx history command has been added that allows working with build records of completed and running builds.

docker-compose-v2:
docker-compose-v2 was updated to version 2.33.0. This version introduces several fixes and new features such as
• A new --environment flag to config command to output the resolved environment variables used for interpolation.
• A new --prune option to the docker-compose watch command to ensure that dangling images are pruned automatically when rebuilding.
• Support to bake was added.

HAProxy
The HAProxy package was upgraded to version 3.0.7. This new version introduces performance improvements for Lua scripts and stick tables, support for virtual ACL and map files, limiting glitchy HTTP/2 connections, and persistent stats after a reload.
Breaking changes include detection of accidental multiple commands sent to the Runtime API, rejecting the enabled keyword for dynamic servers, stricter parsing of non-standard URIs and renaming of tune.ssl.ocsp-update to tune.ocsp-update. You can learn more about it at https://www.haproxy.com/blog/announcing-haproxy-3-0. A complete list of changes is avalilable at https://www.haproxy.org/download/3.0/src/CHANGELOG.

freeradius
freeradius 3.2.7+dfsg-1ubuntu1 drops radlast. This is due to radlast calling last, which is no longer available in Ubuntu. These use wtmp 32 bit files, which are not 2038 compliant. Upstream source has dropped radlast and other tools in an upstream commit. These were originally made optional, and later removed entirely. Information in lp: 2096611.

libvirt
The libvirt package was upgraded to version 10.10.0. Here are the changes since Ubuntu Oracular:
• network: make networks with more useful.
It is now permissable to have a network that has no IP address assigned to the host’s port of the bridge. This is the only way to create a libvirt network where guests are unreachable from the host (and vice versa) and also 0 firewall rules are added on the host.
It is now also possible for a network to use the zone attribute of to set the firewalld zone of the bridge interface (normally it would not be set, as is done with other forward modes).
• qemu: zero block detection for non-shared-storage migration
Users can now request that all-zero blocks are not transferred when migrating non-shared disk data without actually enabling zero detection on the disk itself. This allows sparsifying images during migration where the source has no access to the allocation state of blocks at the cost of CPU overhead.
This feature is available via the --migrate-disks-detect-zeroes option for virsh migrate or VIR_MIGRATE_PARAM_MIGRATE_DISKS_DETECT_ZEROES migration parameter. See the documentation for caveats.
• qemu: internal snapshot improvements
The qemu internal snapshot handling code was updated to use modern commands which avoid the problems the old ones had, preventing use of internal snapshots on VMs with UEFI NVRAM. Internal snapshots of VMs using UEFI are now possible provided that the NVRAM is in qcow2 format.
• qemu: add multi boot device support on s390x
For classical mainframe guests (i.e. LPAR or z/VM installations), you always have to explicitly specify the disk where you want to boot from (or “IPL” from, in s390x-speak – IPL means “Initial Program Load”).
In the past QEMU only used the first device in the boot order to IPL from. With the new multi boot device support on s390x that is available with QEMU version 9.2 and newer, this limitation is lifted. If the IPL fails for the first device with the lowest boot index, the device with the second lowest boot index will be tried and so on until IPL is successful or there are no remaining boot devices to try.
Limitation: The s390x BIOS will try to IPL up to 8 total devices, any number of which may be disks or network devices.
• qemu: Add support for versioned CPU models
Updates to QEMU CPU models with -vN suffix can now be used in libvirt just like any other CPU model.
• qemu: Automatically add IOMMU when needed
When domain of qemu or kvm type have more than 255 vCPUs, IOMMU with EIM mode is required. Starting with this release libvirt automatically adds one (or turns on the EIM mode if there’s IOMMU without it).
• In 10.5 (thereby oracular) already support for SEV-SNP was introduced as another type of . Its support is reported in both domain capabilities and virt-host-validate. Now also the qemu version in the release is ready to provide that.
• The Debian (and consequently the Ubuntu) libvirt package has been significantly redesigned. To quote its NEWS file:
All the various drivers and storage backends come in their own separate binary packages now, which makes it possible to install exactly as many or as few as desired.
The system-wide configuration for the libvirtd daemon is no longer shipped separately from the daemon itself, as was the case until now. The libvirt-daemon-system package still exists, but it’s now simply a convenient way to install the “typical” libvirt deployment consisting of all the components needed to run a QEMU-based hypervisor.
For more details, please see the upstream changelog.

Monitoring Plugins
Monitoring-plugins is upgraded to the 2.4.0 release in Plucky Penguin. While primarily a bugfix release, this includes a few minor enhancements:
• Add new test function for percentage expressions
• check_ups: output ups.realpower if supported
• check_curl: add haproxy protocol option
• check_disk: increase alert precision
• check_ircd: IPv6 support
• check_nwstat: adds percentage used space
• check_swap: Possibility to run check_swap without thresholds
• check_ups: additional alarm conditions
For the full list of changes, please see the upstream release notes.

Nginx
The upgrade from Oracular’s 1.26.0 to Plucky’s 1.26.3 brings a handful of bug fixes, along with security fixes (already backported to the Oracular version). There are no feature changes this release.

OpenLDAP
The 2.6.9 release is a bugfix-only release with improvements to libldap, slapd, and slapo subcomponents. For the full list of changes please see the release notes.

Openssh
OpenSSH was updated to version 9.9. Here are some highlights since 9.7, last shipped in Ubuntu 24.10:
• new PerSourcePenalties option that will penalise client addresses that for some reason do not complete authentication. New in version 9.8.
• support for a new hybrid post-quantum key exchange algorithm, called “mlkem768x25519-sha256”. Described in https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03, it’s available by default. New in version 9.8.
• new match option invalid-user, which can be used when the target username is not valid
• prevent private keys from being included in core dump files for most of their lifespans. New in version 9.8.
• and more
For a detailed list of the changes since 9.7, please consult the upstream release notes at https://www.openssh.com/releasenotes.html.
In terms of Ubuntu and Debian packaging, here are the most important changes:
• New sshd.service alias to ssh.service. Both names can now be used in systemctl commands.
• New binary packages called openssh-client-gssapi and openssh-server-gssapi. This is in preparation for a future split of the GSSAPI authentication mechanism into separate packages in the near future. For now, they just pull in their non-gssapi counterparts, if installed. See https://lists.debian.org/debian-devel/2024/04/msg00044.html for the detailed plan.
• Host DSA keys are no longer generated.

Valkey
Valkey was updated to version 8, starting with 8.0.2. This includes significant performance and reliability improvements, without any backwards-incompatible changes to commands and responses. For more information on the new version, see the Valkey 8 blog post. Release notes are available on the Valkey project GitHub.

MySQL
MySQL was updated from 8.0 to 8.4 LTS, starting with 8.4.4. This is MySQL’s first official long term support release, including various internal improvements, new features, and some important configuration changes.
Upstream release notes are now available in the Mysql 8.4 documentation library. For more information about the transition from MySQL 8.0 to 8.4, see the MySQL 8.4 overview.
Due to upstream policy, support for 32-bit MySQL Server has been removed. However, Ubuntu will continue to provide a MySQL client and client library for 8.4.

MySQL Shell
MySQL Shell was updated from 8.0.38 to 8.4.4 to coencide with MySQL 8.4. It adds support for MySQL 8.4 servers, and provides additional improvements for interacting with MySQL 8.0 servers. For a list of features, see the MySQL Shell 8.4 documentation. Release notes for MySQL Shell 8.4 can be found here.

Percona Xtrabackup
Percona-Xtrabackup was updated from the 8.0 track to 8.4 with 8.4.0-1, also to coencide with the release of MySQL 8.4. This version provides changes to match MySQL 8.4, along with support for the keyring_vault component. For more information see the upstream release notes.

PHP
PHP was updated to version 8.4. This is a major update of the languages including new features such as property hooks, asymmetric visibility, an updated DOM API, and more.
For more details see the upstream release notes.

PostgreSQL
PostgreSQL was updated to version 17, which contains several new features and enhancements, including
• A new memory management system for VACUUM, which reduces memory consumption and can improve overall vacuuming performance;
• New SQL/JSON capabilities, including constructors, identity functions, and the JSON_TABLE() function, which converts JSON data into a table representation;
• Various query performance improvements and Logical replication enhancements; and
• A new client-side connection option, sslnegotiation=direct], that performs a direct TLS handshake to avoid a round-trip negotiation.
For more details, see the upstream release notes.

QEMU
The QEMU package was updated to version 9.2.0. Here are the changes since Ubuntu Oracular.
• The scsi property of virtio-blk devices has been removed. SCSI command passthrough had never been present on virtio-blk 1.0 devices, and is now removed from legacy devices as well. Use virtio-scsi instead.
• The block migration options to the migrate commands (blk and inc for QMP, -b / -i for the human monitor) have been removed; guest management software such as libvirt is able to perform block migration more efficiently using block jobs and NBD devices.
• The compress migration capability has been removed; multifd migration is able to do compression and can be used instead.
• The proxy backend for 9pfs, and the virtfs-proxy-helper program, have been removed. Use the local backend driver or virtio-fs instead.
• x86
◦ Support for AMD SEV-SNP using the “-object sev-snp-guest” command line option in QEMU 9.1 followed by fixups for related virtio handling in QEMU 9.2.
◦ As usual new named CPU models and detection of their related CPU features, this time new variants of Icelake-Server, Cascadelake-Server, GraniteRapids, and SapphireRapids
• ARM
◦ New CPU architectural features emulated:
FEAT_NMI
FEAT_CSV2_3
FEAT_ETS2
FEAT_Spec_FPACC
FEAT_WFxT
FEAT_Debugv8p8
FEAT_EBF16
FEAT_CMOW
◦ The max CPU and any new CPU types will default to a 1GHz generic timer frequency rather than the old 62.5MHz (this is architecturally required from ARMv8.6 onwards).
◦ KVM-based VMs can now support MTE (if the host CPU has MTE support).
• RISC-V
◦ Support RISC-V privilege 1.13 spec.
◦ Implement SBI debug console (DBCN) calls for KVM.
◦ Add support for Zve32x extension.
◦ Add support for Zve64x extension.
◦ Add th.sxstatus CSR emulation.
◦ Remove experimental prefix from B extension.
◦ Support the zimop, zcmop, zama16b and zabha extensions.
◦ Add decode support for Zawrs extension.
◦ Add smcntrpmf extension support.
◦ Support 64-bit addresses for initrd.
◦ QEMU support for KVM Guest Debug on RISC-V.
◦ Add fcsr register to QEMU log as a part of F extension.
◦ Add Svvptc extension support.
◦ Support for control flow integrity extensions.
◦ Support for the IOMMU with the virt machine.
• s390x
◦ New architectural features emulated:
FMAF
IMA
VIS3
VIS4
◦ No new cpu types with these features are added, yet, but one may enable them manually with -cpu ,+.
◦ The s390-ccw guest firmware now supports booting from other devices in case the previous ones fail.
For more details, please see related upstream changelogs: 9.1, 9.2

Samba
Samba was updated to series 4.21.x. Here are some of the highlights:
• LDAP TLS/SASL channel binding support
• Group Managed Service Accounts
• Samba can now claim Functional Level 2012R2 support
• Some Samba public libraries made private by default
• Samba AD will rotate expired passwords on smartcard-required accounts
• Automatic keytab update after machine password change
• and more
For a more detailed explanation, please refer to the upstream release notes at https://www.samba.org/samba/history/samba-4.21.0.html

samba on i386
Samba version 4.21.x added a dependency to the python3-samba package: python3-cryptography. Unfortunately, python3-cryptography was last built for i386 for Ubuntu Bionic 18.04, and is no longer available for that architecture, making this new dependency unsatisfiable.
For Ubuntu Plucky, it was decided to not build python3-samba for i386. Please see LP: #2099895 for details. The main consequence is that the samba-tool script (part of that package) is no longer available for i386.

Upgrading an AD/DC from previous Ubuntu releases
If you have deployed a Samba Active Directory Domain Controller WITHOUT having installed the samba-ad-dc package, you should install it before doing a release upgrade to Ubuntu Plucky Puffin 25.04. If samba-ad-dc is not installed prior to the release upgrade, the Active Directory Domain Controller functionality will not work on the upgraded system due to many missing components.
See LP: #2101838 for more information.

Squid
Squid 6.13 is a stable release consisting mainly of bugfixes and cleanups. One functional change of note is that ext_time_quota_acl no longer supports the -l option. For the complete list of changes, see the v6.13 change list.

SSSD
SSSD has been updated to 2.10.1 and these are the highlights:
• unprivileged service user: there is initial support for running sssd with less privileges, but in Debian/Ubuntu the main daemons still run under root. Filesystem capabilities had to be added to many binary helpers, though:
◦ sssd_pam : cap_dac_read_search
◦ selinux_child : cap_setuid, cap_setgid
◦ ldap_child : cap_dac_read_search
◦ krb5_child : cap_dac_read_search, cap_setuid, cap_setgid
This should all be transparent.
• The sssctl cache-upgrade command was removed. SSSD will do automatic cache upgrades at startup if needed.
• Default ldap_id_use_start_tls value changed from false to true.
• Obsolete config_file_version option was removed.
• Option reconnection_retries was removed.
For more details and other changes, please refer to the upstream release notes at https://sssd.io/release-notes/sssd-2.10.0.html.

Intel® QuickAssist Technology (Intel® QAT)
Intel® QAT components have been updated to their most recent versions. Those are:
• qatlib : 24.09.0
For more information, visit the project’s repo.
• qatengine : 1.8.1
For more information, visit the project’s repo.
• qatzip : 1.2.1
For more information, visit the project’s repo.
• ipp-crypto : 1:1.0.0
For more information, visit the project’s repo.

Subiquity
Please see the 25.04 Release Notes post on GitHub.

thin-provisioning-tools
The thin-provisioning tools package was updated to version 1.1.0, which was fully re-written in rust from scratch.
See the upstream changelog for more details.

Ubuntu HA/Clustering
fence-agents
fence-agents was updated to version 4.16.0, which introduces bug fixes and a new fence-agents-nutanix-ahv which adds support for Nutanix AHV Cluster.

resource-agents
fence-agents was updated to version 4.16.0, which introduces bug fixes and improvements, including support for the asure aznfs filesystem.

sos (sosreport)
The sosreport package was renamed to sos with the upgrade to 4.9.0 from 4.8.0.
• The rename follows upstream name change in 2020 and the removal of sosreport and sos-collector commands.
• The sosreport package will remain as a transitional package that will carry the sosreport and sos-collector command for a few revisions of Ubuntu.
• sos upload is a new sub command, that allows you to upload a collected sos or a file to a vendor primarily Canonical or RedHat See man pages for more details.
• Further details on the changes between 4.8.0 and 4.9.0 can be viewed upstream release notes.

Ubuntu WSL
WSL images publication has moved to cdimage.ubuntu.com (previously on cloud-images.ubuntu.com)

OpenStack
OpenStack has been updated to the 2025.1 (Epoxy) release. This includes packages for Aodh, Barbican, Ceilometer, Cinder, Designate, Glance, Heat, Horizon, Ironic, Keystone, Magnum, Manila, Masakari, Mistral, Neutron, Nova, Octavia, Swift, Vitrage, Watcher and Zaqar.
This release is also provided for Ubuntu 24.04 LTS via the Ubuntu Cloud Archive.

Ceph

Open vSwitch (OVS) and Open Virtual Network (OVN)
OVS was updated to version 3.5.0, and OVN to 25.03.0.
Common to both projects are changes in SSL/TLS support:
• Protocols can be specified as ranges, e.g TLSv1.2+ or TLSv1.2-TLSv1.3.
• Explicit support for configuring TLSv1.3 protocol and accompanying ciphersuites. TLSv1.3 was supported in earlier versions only when protocols option was not set.
• Support for TLSv1 and TLSv1.1 is deprecated and will be removed in the next release.
OVS:
• DPDK 24.11.1 support.
• New tool called ovs-flowviz capable of visualizing OpenFlow and datapath flow dumps.
• Prefix tracking is enabled by default for both IPv4 and IPv6, allowing to significantly reduce amount of datapath flows generated from mixed IPv4+IPv6 flow tables.
• Userspace datapath TSO now includes support for VXLAN, Geneve and GRE tunneled packets.
• TC offload now supports matching on tunnel flags as well as setting the Don’t Fragment (DF) flag in encap action.
• Various improvements in ovs-ctl for handling IPSec configuration.
OVN:
• Dynamic routing support allows the ovn-controller to exchange routing information with a routing protocol daemon. The dynamic-routing-redistribute option controls what routes are redistributed including lb and nat options which can be used for resource location. When used together with the routing protocol redirect feature, a routing protocol daemon can speak using a Logical Router Port (LRP) IP implemented in the OVS datapath, facilitating accelerated networking.
• Support was added for routing IPv4 packets over IPv6 networks as well as the ability to create LRPs without specifying an IPv4 address. When used together with the new dynamic routing features and a suitable routing protocol daemon, this can be used to configure BGP unnumbered peering.
• New Logical Switch Port (LSP) type switch to directly connect two logical switches, which can be used to construct multi-stage clos topology for logical switches.
• New Transit Router concept for use with OVN Interconnect which may improve traffic flow between AZs for some configurations.
• New ACL option persist-established that allows for established connections to bypass ACL matching.
• Logical router policies can now be arranged in chains, using the new jump, chain, and jump_chain actions.
• Support for STT tunnels is deprecated and will be removed in the next release.

GRUB2
The cd-boot-images-* packages are no longer used in the build process of plucky ISOs and were removed from the archive. Instead the ISO build processes uses the shim, grub2 and u-boot packages directly, streamlining the build process and reducing maintenance burden
Also there was about 27 CVE fixes in grub2 release for Plucky!

Platforms
Public Cloud / Cloud images
• UseDomains=true is set in /etc/systemd/networkd.conf.d/50-cloudimg-settings.conf to restore the pre-Oracular behavior of adding search domains from DHCP responses to /etc/resolv.conf. The new default behavior introduced in Oracular broke some common use cases and it is too strict for cloud environments where there’s usually no risk of a malicious DHCP server on the network (LP: #2106729).

How to report any issues resulting from these changes
If you notice any unexpected changes or bugs in the minimal images, create a new bug in cloud-images.

Raspberry Pi :strawberry:
• Camera support is now included with libcamera 0.4 and libpisp (LP: #2038669)
• The desktop now uses gnome-initial-setup as the first time setup guide. This runs directly under Wayland, and is much quicker than the legacy ubiquity installer. Please see the known issues section below before reporting bugs against gnome-initial-setup as it is possible you are running into something being worked on
• The above change also means cloud-init is now useable on the Raspberry Pi desktop images; this can be used to automate initial user creation, package installation, customization, etc.
• The legacy libraspberry-bin utilities have been replaced with raspi-utils
• nbd-client is now seeded in the Raspberry Pi images, making it simple to network boot your Pi with these images

arm64
• In addition to arm64 server ISO there is now also an official generic arm64 desktop ISO targeting VMs, ACPI + EFI platforms and Snapdragon based WoA devices.
• Initial hardware enablement work for the Snapdragon X Elite platform is included in the desktop ISO

IBM Z and LinuxONE (s390x) image
IBM Z and LinuxONE (s390x)
The key package, ‘s390-tools’, was step-by-step upgraded to latest version v2.37.0 (LP: #2096789, via LP: #2091549), that covers the removal of scsi_logging_level, since it’s now in sg3_utils (LP: #2098500), the new pvimg and with that the rewritten genprotimg tool in Rust (LP: #2098046), with it’s new info command (LP: #2098047), to display of encrypted & unencrypted Secure Execution (SE) image information, validations in genprotimg, if an SE image can run on particular host (LP: #2097576), supporting unencrypted SE images by exposing the resp. SE header flag (LP: #2098045), supporting extended attestation for SE (LP: #2097535) and support for retrievable secrets in SE guests (LP: #2097533 and kernel LP: #2097534).
Further enhancements based on the new 6.14 kernel are support for kprobes without stop machine (LP: #2100329), providing topology-map information to userspace (LP: #2098392), PCHID per port toleration (LP: #2095480), and the new option to display available host key hashes for SE, aka Query Host-key hash UVC (LP: #2101108).
Improvements in the area of zPCI came on top, with enhanced RAS and Call Home support (LP: #2095413), the new option of optics monitoring for PF in access mode (s390-tools: LP: #2095429, kernel: LP: #2095427), the promiscuous mode exploitation for new VFs (LP: #2096791) and base work in the kernel for CPU-MF counters in support for new IBM Z hardware (LP: #2101111).
So support of new hardware is another significant area of work - starting with new IBM Z hardware base support in the kernel (LP: #2100303) PAI/NNPA was updated for new IBM Z hardware (LP: #2100302) and a new CPU model for new IBM Z hardware (kernel: LP: #2097523 and qemu: LP: #2097521).
Also user space components were enabled for new IBM Z hardware, like for gdb v16.2 (LP: #2095361), valgrind v3.24 (LP: #2095363), binutils v2.44 (LP: #2095372), libzdnn v1.1.1 for exploiting new AI hardware (LP: #2095373) - and the smc-tool update to latest v1.8.4 (LP: #2095005).
Several dedicated new features were added, like:
• the cpacfinfo tool to provide CPACF (on-chip crypto co-processor) information (kernel: LP: #2096894, s390-tools: LP: #2096896)
• the zpwr tool, for LPAR level power consumption reporting (kernel: LP: #2098391, s390-tools: LP: #2098358)
• the chpstat tool, for additional channel measurements (kernel: LP: #2095483, s390-tools LP: #2095485)
• full boot order support in KVM (qemu: LP: #2049698, libvirt: LP: #2051239)
• enablement of virtio-mem support (kernel: LP: #2097883, qemu: LP: #2097884 and libvirt: LP: #2097886)
• enablement of dynamic updates of vfio-ap mediated (crypto) devices for management applications (kernel: LP: #2097489, s390-tools: LP: #2097488, libvirt: LP: #2097487 and mdevctl: LP: #2097486)
While mentioning cryptography, there are many more enhancements in this area, like in kernel crypto support:
• for MSA 10 XTS (LP: #2096809)
• for MSA 11 HMAC (LP: #2096812)
• for for MSA 12 (SHA3) (LP: #2100946)
• for PAES support for MSA 10 XTS (LP: #2100935)
but also:
• of MSA 10 and MSA 11 in cpacfstats (LP: #2096890)
• for zkey key for dm-crypt with XTS keys (LP: #2096892)
• for pkey, protected XTS and HMAC keys (LP: #2100936) and support
• for SE retrieved protected keys (LP: #2097543)
This partially also requires updates in openSSL:
• for MSA 10 XTS support (LP: #2096810)
• for MSA 11 HMAC support (LP: #2096811) and support
• for MSA 12 (SHA3) (LP: #2096949)
In addition openCryptoki was upgraded to the latest v3.24 (LP: #2095337), that includes support for:
• CCA token SHA3 (LP: #2096950)
• CCA token RSA OAEP v2.1 (LP: #2096951)
• CCA token cipher keys (LP: #2097111)
• CCA token of Dilithium (LP: #2096897) and support of
• CKM_RSA_AES_KEY_WRAP for cca, ica and soft tokens (LP: #2097110)
Finally further cryptography-related packages were updated, like:
• p11-kit v0.25.5, to update IBM specific mechanisms (up to IBM z16) (LP: #2098092)
• libica, to latest v4.4.0 (LP: #2095409)
• libzpc v1.3.0, to support protected key derived from SE retrievable secrets (LP: #2097545)

IBM POWER (ppc64el)
The powerpc-utils package was upgraded to the latest available version 1.3.13 (LP: #2096946).
The new package ‘secvarctl’ was added (LP: #2064345), that allows to handle secureboot artifacts and key management on ppc64el.

RISC-V
• Provide a single pre-installed image for all JH7110 boards.
• Support Pine64 Star64

Known Issues
As is to be expected with any release, there are some significant known bugs that users may encounter with this release of Ubuntu. The ones we know about at this point (and some of the workarounds) are documented here, so you don’t need to spend time reporting these bugs again:

General
• There is a bug (LP: #2104316) in the beta images that prevents netboot installs in some scenarios.
• It has been reported that cloud-init may fails to upgrade properly in the Oracular to Plucky upgrade path, see LP: #2104316.
• The Live Session of the new Ubuntu Desktop installer is not localized. It is still possible to perform a non-English installation using the new installer, but internet access at install time is required to download the language packs. (LP: #2013329)
• ZFS with Encryption on Ubuntu 24.10 will fail to activate the cryptoswap partition. This affects both new installs and upgrades. We expect to address this post-release with an archive update.
• Some particular hardware (e.g. Thinkpad x201) might have issues (general freeze, desktop-security-center not launching), when booted without nomodeset (Safe graphics). Follow these steps if you encounter such an issue:

At the GRUB boot menu, press e (keep Shift pressed during early boot if the menu doesn’t show up).

Add nomodeset to linux line, like the example below:

Original source Report a problem
Feb 20, 2025
- Date parsed from source:
  Feb 20, 2025
- First seen by Releasebot:
  Apr 11, 2026
Ubuntu by Canonical

Ubuntu 24.04.2 LTS released

Ubuntu releases 24.04.2 LTS for Desktop, Server and Cloud, bringing updated installation media, security fixes and high-severity bug corrections to improve stability and compatibility across official long-term support flavours.

Hello there!

The Ubuntu team is pleased to announce the release of Ubuntu 24.04.2 LTS

(Long-Term Support) for its Desktop, Server, and Cloud products, as well

as other flavours of Ubuntu with long-term support.

As usual, this point release includes many updates and updated

installation media has been provided so that fewer updates will need to

be downloaded after installation. These include security updates and

corrections for other high-severity bugs, with a focus on maintaining

stability and compatibility with Ubuntu 24.04 LTS.

Kubuntu 24.04.2 LTS, Ubuntu Budgie 24.04.2 LTS, Ubuntu MATE 24.04.2 LTS,

Lubuntu 24.04.2 LTS, Ubuntu Kylin 24.04.2 LTS, Ubuntu Studio 24.04.2 LTS,

Xubuntu 24.04.2 LTS, Edubuntu 24.04.2 LTS, Ubuntu Cinnamon 24.04.2 LTS

and Ubuntu Unity 24.04.2 LTS are also now available. More details can be

found in their individual release notes (see 'Official flavours'):

Maintenance updates will be provided for 5 years from the initial 24.04 LTS

release for Ubuntu Desktop, Ubuntu Server, Ubuntu Cloud, and Ubuntu Core.

All the remaining flavours will be supported for 3 years. Additional security

support is available with ESM (Expanded Security Maintenance).

To get Ubuntu 24.04.2 LTS

In order to download Ubuntu 24.04.2 LTS, visit:

Users of Ubuntu 22.04 LTS will be offered an automatic upgrade to

24.04.2 LTS via Update Manager.

We recommend that all users read the 24.04.2 LTS release notes, which

document caveats and workarounds for known issues, as well as more

in-depth notes on the release itself. They are available at:

If you have a question, or if you think you may have found a bug but

aren't sure, you can try asking in any of the following places:

Help Shape Ubuntu

If you would like to help shape Ubuntu, take a look at the list of ways

you can participate at:

About Ubuntu

Ubuntu is a full-featured Linux distribution for desktops, laptops,

clouds and servers, with a fast and easy installation and regular

releases. A tightly-integrated selection of excellent applications is

included, and an incredible variety of add-on software is just a few

clicks away.

Professional services including support are available from Canonical and

hundreds of other companies around the world. For more information

about support, visit:

More Information

You can learn more about Ubuntu and about this release on our website

listed below:

To sign up for future Ubuntu announcements, please subscribe to Ubuntu's

very low volume announcement list at:

On behalf of the Ubuntu Release Team,

Florent 'Skia' Jacquet
Original source Report a problem
Feb 12, 2025
- Date parsed from source:
  Feb 12, 2025
- First seen by Releasebot:
  Mar 20, 2026
Ubuntu by Canonical

Ubuntu 24.04.2

Ubuntu 24.04.2 LTS ships bug fixes and security updates, with refreshed CD images that improve installation, upgrades, desktop systems, server and cloud setups, and core platform components.

This is a brief summary of bugs fixed between Ubuntu 24.04.1 and 24.04.2.

This summary covers only changes to packages in main and restricted, which account for all packages in the officially-supported images; there are further changes to various packages in universe and multiverse. Some of these fixes were by Ubuntu developers directly, while others were by upstream developers and backported to Ubuntu. For full details, see the individual package changelogs.

In addition to the bugs listed below, this update includes all security updates from the Ubuntu Security Notice affecting Ubuntu 24.04.2 LTS that were released up to and including February 20, 2025.

Installation bug fixes

Updated CD images are provided with this release, including fixes for some installation bugs. (Many installation problems are hardware-specific; for those, see “Hardware support bugs” below.)

Upgrade bug fixes

These changes fix upgrade issues, smoothing the way for future upgrades to later releases of Ubuntu (and not only).

Desktop fixes

These changes mainly affect desktop installations of Ubuntu and other Ubuntu-based desktop systems.

Server and Cloud related fixes

These changes mainly affect installations of Ubuntu on server systems and clouds.

Base platform fixes

These changes affect the core fundamental components of all the Ubuntu flavors.
Original source Report a problem
Sep 12, 2024
- Date parsed from source:
  Sep 12, 2024
- First seen by Releasebot:
  Apr 11, 2026
Ubuntu by Canonical

Ubuntu 22.04.5 LTS released

Ubuntu releases 22.04.5 LTS point updates for Desktop, Server, Cloud, and official flavours, with refreshed installation media, security updates, and high-severity bug fixes focused on stability and compatibility.
The Ubuntu team is pleased to announce the release of Ubuntu 22.04.5 LTS
(Long-Term Support) for its Desktop, Server, and Cloud products, as well
as other flavours of Ubuntu with long-term support.

As usual, this point release includes many updates and updated
installation media has been provided so that fewer updates will need to
be downloaded after installation. These include security updates and
corrections for other high-severity bugs, with a focus on maintaining
stability and compatibility with Ubuntu 22.04 LTS.

Kubuntu 22.04.5 LTS, Ubuntu Budgie 22.04.5 LTS, Ubuntu MATE 22.04.5 LTS,
Lubuntu 22.04.5 LTS, Ubuntu Kylin 22.04.5 LTS, Ubuntu Studio 22.04.5 LTS,
and Xubuntu 22.04.5 LTS are also now available. More details can be found
in their individual release notes (see 'Official flavours'):

Maintenance updates will be provided for 5 years from the initial 22.04 LTS
release for Ubuntu Desktop, Ubuntu Server, Ubuntu Cloud, and Ubuntu Core.
All the remaining flavours will be supported for 3 years. Additional security
support is available with ESM (Expanded Security Maintenance).

To get Ubuntu 22.04.5 LTS

In order to download Ubuntu 22.04.5 LTS, visit:

Users of Ubuntu 20.04 LTS will be offered an automatic upgrade to
22.04.5 LTS via Update Manager.

We recommend that all users read the 22.04.5 LTS release notes, which
document caveats and workarounds for known issues, as well as more
in-depth notes on the release itself. They are available at:

If you have a question, or if you think you may have found a bug but
aren't sure, you can try asking in any of the following places:

#ubuntu on irc.libera.chat

Help Shape Ubuntu

If you would like to help shape Ubuntu, take a look at the list of ways
you can participate at:

About Ubuntu

Ubuntu is a full-featured Linux distribution for desktops, laptops,
clouds and servers, with a fast and easy installation and regular
releases. A tightly-integrated selection of excellent applications is
included, and an incredible variety of add-on software is just a few
clicks away.

Professional services including support are available from Canonical and
hundreds of other companies around the world. For more information
about support, visit:

More Information

You can learn more about Ubuntu and about this release on our website
listed below:

To sign up for future Ubuntu announcements, please subscribe to Ubuntu's
very low volume announcement list at:

On behalf of the Ubuntu Release Team,

Paride Legovini
Original source Report a problem

Canonical Release Notes

Canonical Products

All Canonical Release Notes (27)

Ubuntu 24.04.4 LTS released

To get Ubuntu 24.04.4 LTS

Help Shape Ubuntu

About Ubuntu

More Information

Ubuntu 24.04.4

Installation bug fixes

Upgrade bug fixes

Desktop fixes

Server and Cloud related fixes

Kernel and Hardware support updates

Ubuntu 25.10 ("Questing Quokka") released

To get Ubuntu 25.10

Help Shape Ubuntu

About Ubuntu

More Information

Ubuntu 25.10 (Questing Quokka)

Support lifespan

Upgrades

New features in 25.10

Updated Packages

Linux kernel 6.17🐧

systemd v257.9

sudo-rs and sudo

rust-coreutils and gnu-coreutils

Netplan v1.1.2ubuntu3

Toolchain Upgrades

OpenJDK

.NET

Default configuration changes

Ubuntu Desktop

Installer

Updates

Enterprise

Wayland

GNOME

New default applications

Security Center

Ubuntu Insights

Dracut

Updated Applications

Updated Subsystems

Support for new Intel® integrated and discrete GPUS

Ubuntu Foundations

Cryptography

Package Management: APT 3.1

Ubuntu Server

ubuntu-server Meta and Seed

Apache 2

Bacula

Chrony

cloud-init v. 25.3

Container runtimes

Django

Dovecot

EDK2

frr

HAProxy

iPXE

libvirt

MySQL

Nginx

OpenLDAP

OpenSSH

PHP

PostgreSQL

QEMU

Samba

Strongswan

Intel® QuickAssist Technology (Intel® QAT)

sos (sosreport)

Subiquity

Valkey

OpenStack

Ceph

Open vSwitch (OVS) and Open Virtual Network (OVN)

Platforms