Canonical Release Notes

Name: Canonical
Brand: Canonical

Last updated: Mar 20, 2026

Get this feed: RSS Email API CSV MCP Slack n8n Zapier

Canonical Products

Ubuntu

14 release notes

All Canonical Release Notes (14)

Oct 1, 2025
- Date parsed from source:
  Oct 1, 2025
- First seen by Releasebot:
  Mar 20, 2026
Ubuntu by Canonical

Ubuntu 25.10 (Questing Quokka)

Ubuntu ships 25.10 Questing Quokka with a new Linux 6.17 kernel, GNOME 49 on Wayland, dracut by default on desktop, chrony as the new time daemon, and major updates across toolchains, desktop apps, cloud, server, and hardware support.
These release notes for Ubuntu 25.10 (Questing Quokka) provide an overview of the release and document the known issues with Ubuntu and its flavours.

Support lifespan

Ubuntu 25.10 will be supported for 9 months until July 2026. If you need long term support, we recommend you use Ubuntu 24.04.3 LTS which is supported until at least 2029.

Upgrades

Upgrades to 25.10 are expected to be enabled on or before Nov 3.

Current blockers:

https://bugs.launchpad.net/ubuntu/+source/rust-coreutils/+bug/2125535

https://bugs.launchpad.net/ubuntu/+source/rust-coreutils/+bug/2127970

New features in 25.10

Updated Packages

Linux kernel 6.17🐧

This release delivers the newest 6.17 Linux kernel. Due to the final upstream release occurring after Kernel Freeze, the kernels shipped with the release images will be based on 6.17-rc7. Updates for all Questing Quokka kernels are scheduled for release in the subsequent week to incorporate the final upstream 6.17 release.

Highlights for this release:

The linux-modules-extra-* packages have been deprecated (LP#2042831). All the kernel modules are now shipped by the linux-modules-- packages.

linux-generic for arm64 will provide via stubble broader compatibility for arm64 desktop platforms that utilize UEFI for booting (LP#2121352).

The foundation for Intel TDX Host Support was merged upstream on Linux 6.16 with additional improvements included in 6.17. The Ubuntu 6.17 kernel will ship with early support for kexec/kdump for TDX-enabled hosts (LP#2121873).

From 25.10, the Ubuntu RISC-V kernel (linux-riscv) will only support hardware that implements the RVA23S64 ISA profile. Systems that don’t satisfy this requirement will not be able to run 25.10. The RISC-V kernel in 24.04 will continue to support boards with RVA20 processor cores.

Other features can be found in the Linux 6.17 upstream changelog.

systemd v257.9

The init system was updated to systemd v257.9. See the upstream changelog for more information about individual features.

sudo-rs and sudo

sudo-rs is the default sudo provider on Ubuntu from 25.10 onwards. 0.2.8 release includes support for older Linux kernels < 5.9, sudoedit, support for NOEXEC and AppArmor profile switching. The Ubuntu release also includes various bug fixes picked from the main upstream branch.

sudo (original sudo maintained by Todd C. Miller) has been upgraded to the latest version 1.9.17p2. The binary files are now renamed with the .ws suffix. Additionally, sudo-ldap package has been removed, please switch to using LDAP authentication via PAM.

Please see Ubuntu Server Docs for configuring default sudo provider and differences between sudo-rs and sudo.ws.

rust-coreutils and gnu-coreutils

The core utilities of the operating system are now provided by the rust-coreutils package. We just updated to the latest version of it: 0.2.2, which features incredible performance improvements to base64 amongst other things.

As rust-coreutils are not necessarily fully compatible yet, we are providing the old utilities by the side, so you can switch back and forth between them. We are also keeping a list of these diversions here.

Netplan v1.1.2ubuntu3

Adds support non-standard OVS setups, e.g. inside snap environments.

Toolchain Upgrades

GCC is updated to 15.2, binutils to 2.45, and glibc to 2.42

Python is updated to 3.13.7 while 3.14 is now available

LLVM defaults to version 20 while 21 is now available

Rust toolchain defaults to version 1.85 while 1.88 is now available

Golang is updated to 1.24

OpenJDK defaults to 21 (LTS), while version 25 (LTS) and an early access snapshot of version 26 are now available

.NET 10 now available

Zig is available for the first time in Ubuntu, defaults to version 0.14.1.

And Ubuntu Toolchains has a new homepage

OpenJDK

OpenJDK 21 is still the default. OpenJDK 25 (LTS) is now available. An early access snapshot of OpenJDK 26 is also included. Support for OpenJDK LTS versions 17, 11 and 8 is being maintained. OpenJDK with CRaC version 25 is also made available, while versions 17 and 21 continue to be supported.

The devpack-for-spring snap now supports development environment setup, by automating the installation and configuration of development tools (OpenJDK, container runtime, IDEs etc.) selected by the user. The Maven and Gradle plugins for Rockcraft have been extended to support native images compiled by GraalVM.

GraalVM Community Edition v25 is available through the graalvm-jdk snap, while GraalVM CE v21 continues to be supported. The snap is now available on arm64 too.

.NET

.NET versions 8 and 9 continue to be supported.

The .NET 10 RC1 SDK and runtimes are now included. Following its general availability in November, the final release will be provided as a subsequent package update.

Alternatively, .NET 10 is available on the latest/beta channel of the official .NET snap. It will be promoted to the latest/stable channel upon final release in November.

Support for the PowerShell snap has been expanded to include the arm64, s390x, and ppc64el architectures, broadening its availability across platforms.

Default configuration changes

Ubuntu Desktop

Installer

New TPM-Backed disk encryption features include:

Passphrase support and management

Regeneration of the recovery key

Better integration with firmware updates

When you enable Install third-party software for graphics and Wi-Fi hardware and additional media formats during installation, screen recording will be hardware accelerated for supported hardware.

The installer has also seen plenty of accessibility fixes.

Updates

When system updates are available, the Software Updater window no longer pops up unprompted, stealing the keyboard focus. Instead, a notification shows up with options to open the Software Updater or to install all updates directly.

An icon in the system tray reminds you that updates are available even after dismissing the notification. It also provides a quick way to apply all the updates or inspect them in the Software Updater.

Enterprise

authd: Ubuntu’s cloud authentication solution:

Supports device registration with EntraID

authctl is a new command line tool to manage authd

Many improvements and important bug fixes such as UID/GID handling

Wayland

The Ubuntu Desktop session now runs only on the Wayland back end. The Ubuntu on X.org session is no longer available because GNOME Shell can no longer run as an X.org session.

Suspend-resume support is now enabled in the proprietary Nvidia driver so as to prevent corruption and freezes when waking an Nvidia desktop.

GNOME

GNOME Shell and related components have been updated to GNOME 49.

You can now set an application to start automatically after login in Settings → Apps.

Fractional scaling factors are now optimized so as to minimize blur.

The default monospace font size has been reduced to match the default user interface font size. The monospace font is used in terminals and similar applications.

New default applications

The Image Viewer app is now provided by Loupe instead of Eye of GNOME (EOG). Loupe is written in Rust and powered by the Glycin library.

The Terminal app is now provided by Ptyxis instead of GNOME Terminal.

Security Center

You can now manage your recovery key for the TPM-backed Full Disk Encryption. For details, see Encrypt your disk with TPM.

Ubuntu Insights

Ubuntu Insights is being developed as a replacement for Ubuntu Report and gives you more control over the non-personally identifying system metrics that you choose to share with Canonical. The metrics collection is opt-in.

In this release, Ubuntu Insights introduces periodic metric collection and replaces Ubuntu Report integration in GNOME Initial Setup.

Note: Any consent that you previously granted to Ubuntu Report will not be carried over to Ubuntu Insights.

Dracut

Ubuntu Desktop 25.10 now uses Dracut as its default initial ramdisk infrastructure, replacing initramfs-tools. Dracut uses systemd in the initial ramdisk and supports new features like Bluetooth and NVM Express over Fabrics (NVMe-oF). Ubuntu Server installations and Ubuntu Desktop for Raspberry Pi continue to use initramfs-tools while we port the remaining hooks. The original initramfs-tools remains supported and you can switch between the two implementations if required. For details about the switch, see [Spec] Switch to Dracut.

Updated Applications

Firefox 143

LibreOffice 25.8

OpenVINO™ Toolkit 2025.2.0 includes openvino.genai for the first time.
Also related to that:

Audacity 3.7.1 comes with OpenVINO™ AI plugins for music separation, noise suppression, music generation and continuation, transcription, and super resolution, and can be run on Intel CPU, GPU, and NPU.

GIMP 3.0.4 which supports the usage of the snap to add AI functionality to GIMP for stable diffusion, super resolution, and semantic segmentation via OpenVINO™ AI plugins for GIMP 3.1.2.

Updated Subsystems

BlueZ 5.83

Pipewire 1.4.7

Support for new Intel® integrated and discrete GPUS

This release brings full support for Intel® Core™ Ultra Xe3 integrated Intel® Arc™ graphics, and Intel® Arc™ Pro B50 and B60 “Battlemage” discrete GPUs. Further Intel® Graphics related features are now available by changes in various components:

Via the Linux Kernel v6.17:

Initial support for Intel’s next-gen client platform codenamed Panther Lake

Enhanced IOMMU and PCIe subsystem for improved GPU virtualization and passthrough.

Improved multi-GPU configuration support for Intel hardware.

Via Mesa 25.2.3:

VK_KHR_shader_bfloat16 enabled in Intel ANV Vulkan driver for Battlemage and Panther Lake** (GFX125+).

Completed OpenCL 2.0 coarse grain buffer SVM support in Iris driver.

Improved color fast-clear handling and multi-engine surface usage for Intel Vulkan (ANV) driver.

Via intel-media-driver 25.3.0:

Panther Lake Upstream decoding and VP9 encoding support

Via intel-compute-runtime 25.31:

Enabling a Level Zero device unified shared memory (USM) pool as a performance change.

A performance-minded change for Xe2 graphics to ensure Level Zero events are always allocated in the local device memory.

Via level-zero 1.24:

Update Level Zero Loader and Headers to support v1.13.1 of L0 Spec

Via level-zero-raytracing 1.1.0:

Ray Tracing Acceleration Structure (RTAS) Extensions

Ubuntu Foundations

Ubuntu 25.10 Foundations Edition: What’s Coming and What’s Next

Cryptography

OpenSSL has been updated to 3.5.3 (It includes security patches from 3.5.4). The most notable updates are:

Support for server side QUIC (RFC 9000).

Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA).

The default TLS supported groups list has been changed to include and prefer Hybrid PQC KEM groups.

Package Management: APT 3.1

APT has been updated to 3.1.6, the latest release, including many new features:

The new solver is now the default. For more insight, see the post “How we delivered the new APT solver in 25.10”

The apt why and apt why-not commands have been added that tell you why the solver installed or could not install a package.

Repositories can now be configured with Include and Exclude directives. In the Include case, only these packages are included; in the Exclude case, these packages are excluded from the repository. This allows you to restrict a repository to specific packages.

The apt history-list and apt history-info commands are included as an early preview easter egg. Enjoy!

Ubuntu Server

ubuntu-server Meta and Seed

Starting in 25.10, the default Ubuntu server image and ubuntu-server metapackage have been updated. Read more at the public spec on Discourse.

screen has been removed from the ubuntu-server seed, and moved to a supported seed. screen remains in main. Users will still see screen installed in most cases, as it is now listed as a dependency of ubuntu-release-upgrader.

wget has been removed from the ubuntu-server seed, and moved to a supported seed. wget remains in main. Users utilizing wget have a number of options.

for simple cases (downloading a file from the internet), wcurl is available as part of the still included curl. This can be a drop-in replacement for simple calls such as wget $URL to wcurl $URL. wcurl exposes all of curl’s options, so adding retries is easy.

For more specialized cases, ensuring wget is installed prior to running is required.

byobu has been removed from the ubuntu-server seed and meta-package and demoted to universe. byobu is still available in Ubuntu.

cloud-guest-utils has been removed from the ubuntu-server seed and meta-package. It is expected to still be installed via cloud-init-base which is a dependency of cloud-init.

dirmngr has been removed from the ubuntu-server seed and metapackage. it is expected to still be installed as it is a dependency of many packages (gnupg, gpg, vanilla-gnome-desktop and other desktop flavors).

Apache 2

Apache 2 has been upgraded to version 2.4.64. This new release includes several bug and security fixes. It also includes the following changes to specific modules:

core: Report invalid Options= argument when parsing AllowOverride directives.

mod_systemd added systemd socket activation support.

Mod_http2 was updated to version 2.0.32, which includes a new directive H2MaxHeaderBlockLen to set the limit on response header sizes.

Mod_proxy now reuses ProxyRemote connections when possible.

For more details, see the upsteam release notes.

Bacula

This is a newly supported package in our “main” repo (was “universe” before).

It was updated from 13.0.4 to 15.0.3 (there was no v14).

You must upgrade the director and storage daemons at the same time.

Old file daemons are still compatible.

Storage volume format was updated from BB02 to BB03, old volumes are still supported.

The catalog database schema needs migration, which is automatically applied if you have installed dbconfig-common.

For more details, see the upstream v15 and v15.0.3 changelog.

Chrony

Chrony was upgraded to version v4.7 and comes pre-installed as the new default time-daemon in Ubuntu 25.10, replacing systemd-timesyncd. It ships with a configuration set to use Ubuntu Network Time Security (NTS) servers by default. In order to migrate upgraded systems to chrony you can execute apt-mark auto systemd-timesyncd && apt install chrony.

See upstream release notes for v4.7.

The two primary changes related to NTS are:

NTS/KE (“Key Exchange”) uses a separate port (4460/tcp) to negotiate security parameters, which are then used via the normal NTP port (123/udp).

A new CA is installed in /etc/chrony/nts-bootstrap-ubuntu.crt that is used specifically for the Ubuntu NTS bootstrap server, needed for when the clock is too far off. This is added to certificate set ID “1”, and defined via /etc/chrony/conf.d/ubuntu-nts.conf.

If your network does not allow access to the Ubuntu NTS servers or the required ports, and the new configuration is in place, chrony will not be able to adjust this system’s clock. To revert to NTP, edit the configuration file in /etc/chrony/sources.d/ubuntu-ntp-pools.sources and revert to using the listed NTP servers in favor of the NTS ones.

cloud-init v. 25.3

Notable features beyond 25.1.2 in Plucky:

Add RaspberryPi OS support

CentOS support for ca_certs writing

Azure: better reporting of platform VM ID errors

CloudStack: add ephemeral network support for early boot config

EC2: Support metadata retrieval over multiple NICs when crawling the datasource

GCE: add template rendering support for processing instance data

Hetzner: report private networks in cloud-init metadata

Oracle: detect ipv6 only for private ULA addresses

VMware: support to apply network configuration updates per-boot and hotplug events

WSL: support for Landscape installation request id provisioning

Add a generalized datasource clean operation for sudo cloud-init clean

Security fix: hotplug socket file is now only root-writable CVE-2024-11584

NetworkManager bug fix for reloading multiple connections

ENI rendering filter out dns entries from written config

Breaking changes:

Security fix CVE-2024-6174: cloud-init will be disabled on non-x86 platforms which do not declare a known datasource in early boot through DMI data, kernel boot params, filesystem configuration or environment files. Such environments may experience inability to SSH into launched VMs. This may require action for non-x86 image creators or OpenStack admins.

Container runtimes

Containerd was updated to the recent 2.1.3 and runC to 1.3.0, docker.io was updated to 28.2. But even more importantly along these updates it established a pattern to either keep the regular updates to the latest version or to opt for slower more stable updates throughout the time the release is active. For more please read Ubuntu Server Gazette - Issue 8 - Containers: Steady paths for agile stacks.

Django

Django has been updated to the latest LTS release 5.2 from 4.2, which includes many new features and bug fixes. All Django middleware provided in Ubuntu has also been updated to be compatible with the new version. See the 5.0 release notes for features and updates added with the major version change and the 5.2 release notes for the changes made leading up to the LTS release.

Dovecot

Upgrading from Dovecot 2.3.x to 2.4 requires several important config file changes. These are explained in detail in the link below. This includes renamed configuration parameters as well as a major change to the syntax. While converting an existing config is possible, it will need careful review to ensure your site customizations are carried through properly.

Additionally, Dovecot 2.4 brings new features including support for the ARGON2 password scheme, SCRAM-SHA-1 and SCRAM-SHA-256 SASL mechanisms, and the X25519 and X448 cryptographic curves for some plugins. A number of features are being removed, changed, or deprecated; for the full list please see: https://doc.dovecot.org/main/installation/upgrade/2.3-to-2.4.html

Notably, support for building for 32-bit architectures has ended, so dovecot will no longer be natively installable on i386 and armhf platforms.

EDK2

Added firmware for Intel ® TDX guests with secure boot capability (LP#2125123).

frr

The FRRouting package was updated to version 10.4.1. Series 10.4.x introduced many new features and bugfixes: please see Release FRR Release 10.4.0 · FRRouting/frr · GitHub for details.

HAProxy

Updated from 3.0.8 to the recent release 3.0.10 which includes
https://www.mail-archive.com/[email protected]/msg45741.html
https://www.mail-archive.com/[email protected]/msg45804.html

Furthermore, it now uses jemalloc for memory allocation which is faster and less memory hungry than the default allocator.

iPXE

iPXE was updated to upstream version from June 2025.

For physically booting to iPXE (e.g. via grub), make sure to install the grub-ipxe package and to adjust you GRUB scripts/config to use ipxe.efi (UEFI) or ipxe.lkrn (x86 BIOS).

UEFI network boot roms for qemu (from ipxe-qemu) are network drivers only (for PXE or HTTP boot) without the iPXE stack.

To boot x86-64 qemu VMs with UEFI and network boot using iPXE scripts, make sure to chainload ipxe.efi (from ipxe package) (see https://ipxe.org/howto/chainloading).

libvirt

The libvirt package was upgraded to version 11.6.0. Here are the important changes since Ubuntu Plucky:

qemu: ppc64 POWER11 processor support

Allow control over QEMU TLS priority strings

qemu: Add support for NVMe disks

qemu: add support for AMD IOMMU device

qemu: Add support for Intel ® TDX guests

Adds TDX as a new type of .

All helper programs are now detected from $PATH during runtime - allowing you to modify its behavior more easily

qemu: Added guest load averages to the output of virDomainGetGuestInfo

qemu: Add support for multiple iothreads for virtio-scsi controller

qemu: integrate support for VM shutdown on host shutdown - a new opt-in way to shut down guests on host shutdown

qemu: Add support for parallel save/restore

qemu: Support for Block Disk Along with Throttle Filters

nodedev: Support ccwgroup based qeth devices

Introduce virtio-mem model for s390 guests

For more details, please see the upstream changelog.

Additionally in Ubuntu, the default URI choice behavior was modified slightly: In the past Ubuntu enforced the qemu:///system URI by overriding LIBVIRT_DEFAULT_URI in /etc/profile.d/libvirt-uri.sh. Starting with Ubuntu 25.10, we’re dropping that profile.d script in favour of a fallback mechanism, which still perserves the default beahvior as qemu:///system for privileged and non-privileged users, but allows to override that default choice by setting LIBVIRT_DEFAULT_URI manually or changing the uri_default parameter in /etc/libvirt/libvirt.conf or ~/.config/libvirt/libvirt.conf (for non-privileged users) respectively.

MySQL

MySQL 8.4 now builds directly against tcmalloc for additional memory efficiency. For more information, see the most recent edition of the Ubuntu Server Gazette.

Nginx

Nginx was updated from 1.26.3 that we had in plucky to the latest stable version 1.28 which, among many other fixes and improvements, brings:

Performance and stability improvements in HTTP/3 and QUIC

Feature: SSL certificates, secret keys, and CRLs are now cached on start or during reconfiguration.

For more details see the upstream release notes.

OpenLDAP

Updated from 2.6.9 to 2.6.10, which contains various bugfixes. See the 2.6 series upstream release notes.

OpenSSH

Updated to the new major 10.0 upstream release, which among other things now uses a hybrid post-quantum algorithm by default for key agreement. It also adds support for glob patterns in “Authorized{Keys,Principals}File” and Match version/sessiontype/command stanzas inside ssh[d]_config, e.g. “Match version OpenSSH_10.*”. And adds support for FIDO tokens that return no attestation data.

Breaking changes

Removes support for the weak DSA signature algorithm.

Announces itself as “SSH-2.0-OpenSSH_10.0”. Do not match on “OpenSSH_1*”.

For more please see the full release notes.

PHP

Upgrade to the 8.4.11 upstream version. The upgrade mostly improves stability and security, fixing crashes and leaks. It brings fixes for a few CVEs (CVE-2025-1735, CVE-2025-6491, CVE-2025-1220).

For more read the upstream changelog since the former version in Plucky that was 8.4.5.

PostgreSQL

PostgreSQL stayed on version 17, but received the stable updates (which we also backport regularly) and now is on 17.6.

A dump/restore is not required for those running 17.X.

If you have self-referential foreign key constraints on partitioned tables, it may be necessary to recreate those constraints to ensure that they are being enforced correctly.

If you have any BRIN numeric_minmax_multi_ops indexes, it is advisable to reindex them after updating.

For more details check the upstream release notes for 17.5 and 17.6.

QEMU

The QEMU package was updated to version 10.1.0. Here are the changes since Ubuntu 25.04.

Arm is able to emulate Secure EL2 physical and virtual timers as well as architectural features FEAT_AFP, FEAT_RPRES, FEAT_XS and even more by 10.1

Arm’s virt board can configuring a larger PCIe MMIO regions via highmem-mmio-size

RISC-V got various improvements like

support for Smdbltrp, Ssdbltrp and Smrnmi extensions

Add ‘sha’ support

Support of the RVA23 Profile

s390x added support for generation 17 mainframe CPUs and virtio-mem

s390x Control program identification data can now be retrieved via QOM

x86 emulation got a performance boost handling string instructions

x86 furthermore got more recent CPU types like ClearwaterForest

virtio-scsi has gained true multiqueue support

Support for Intel ® TDX included

Support for starting a TDX or SEV-SNP virtual machine from an IGVM file.

Support for VFIO on TDX and SNP virtual machines and many more vfio improvements.

32 bit hosts never could never provide the atomicity requirements of 64-bit guests. From 10.0, QEMU has disabled configuration of 64-bit guests on 32-bit hosts.

It is important to note that very old machine types have been deprecated for a while and now finally have been removed upstream and in Ubuntu.

x86 dropped every type <= 2.5 which translates to anything <=xenial. That implies that you can migrate your older guests e.g. from trusty up to 24.04 LTS (noble) or 25.04 (plucky). The former giving another 4 + 5 +5 (basic, pro, legacy) years of support. But then after way more than a decade, guests would need to be bumped to a newer machine type which is generally recommended regularly.

On s390x the cleanup was a bit more agressive - with <=4.1 and thereby <=eoan gone. This is a slightly shorter timeline, but still all the 5+5+5 years of support of an Ubuntu LTS plus the 4 years between focal and noble and thereby quite a long time until you need to consider updating your guest to a newer machine type.

On ppc64 no Ubuntu related machine type was dropped yet, on arm we didn’t yet need to introduce them.

For more details, please see related upstream changelogs and the general log on removed features:

10.1 Changelog

Removed Features

Samba

Samba has been updated to the new upstream 4.22 version.

New features:

SMB3 Directory Leases

Netlogon Ping over LDAP and LDAPS

Experimental Himmelblaud Authentication in Samba

AD DC schema upgrade and provision performance improvements

Removed features:

nmbd proxy logon

cldap port

fruit:posix_rename

Please refer to the upstream release notes for details: https://www.samba.org/samba/history/samba-4.22.0.html

Strongswan

Strongswan was upgraded to v6.0.1, following upstream in dropping the NTRU post-quantum encryption algorithm. See upstream changelogs for the full listing of changes:

Release strongSwan 5.9.14 · strongswan/strongswan · GitHub

https://github.com/strongswan/strongswan/releases/tag/6.0.0

Release strongSwan 6.0.1 · strongswan/strongswan · GitHub

Intel® QuickAssist Technology (Intel® QAT)

Intel® QAT components have been updated to their most recent versions. Those are:

qatlib : 25.08.0
For more information, visit the project’s repo.

qatengine : updated to 2.0.0
For more information, visit the project’s repo.

qatzip : updated to 1.3.1
For more information, visit the project’s repo.

sos (sosreport)

sos was updated to version 4.10.0. Key updates below

The temporary directory has now been changed from /tmp to /var/tmp. This follows changed in systemd-tmpfiles and the cleaning of /var/tmp, this aligns with other distros.

sos clean now cleans the sos concurrently, improving the speed of cleaning.

Many new additional plugins include authd, charmed_mysql, helm, opensearch, pulseaudio and valkey

Many other plugins have also been updated.

Upstream release notes can be viewed on the sos project GitHub.

Subiquity

Please see the 25.10 Release Notes post on GitHub.

Valkey

Valkey was updated to version 8.1, starting with 8.1.1. This includes additional significant performance and efficiency improvements, without any backwards-incompatible changes to commands and responses. For more information on the new version, see the Valkey 8.1 blog post. Release notes are available on the Valkey project GitHub.

Additionally, now that Redis has been updated to 8.0, Valkey no longer acts as a drop-in replacement. Therefore, the valkey-redis-compat package has been removed. If you are planning to swap from Redis to Valkey, make sure to do so prior to upgrading.

OpenStack

OpenStack has been updated to the 2025.2 (Flamingo) release. This includes packages for Aodh, Barbican, Ceilometer, Cinder, Designate, Glance, Heat, Horizon, Ironic, Keystone, Magnum, Manila, Masakari, Mistral, Neutron, Nova, Octavia, Swift, Vitrage, Watcher and Zaqar.

This release is also provided for Ubuntu 24.04 LTS via the Ubuntu Cloud Archive.

The Flamingo release significantly strengthens OpenStack’s security posture with new confidential computing features in Nova (SEV-ES support, one-time passthrough devices), credential rotation capabilities in Magnum, and bring-your-own encryption keys in Manila. The Eventlet Removal is still underway, already being removed across multiple core services including Ironic, Barbican, Heat, modernizing OpenStack’s asynchronous operations foundation for long-term sustainability.

Ceph

Open vSwitch (OVS) and Open Virtual Network (OVN)

OVS was updated to 3.6.0 and OVN was updated 25.09.0. Please refer to the upstream NEWS files for more information about individual features:

OVS 3.6.0

OVN 25.09.0

Platforms

GRUB2

We’ve started shipping a pre-release beta of GRUB 2.14 as the bootloader. Everything should work smoothly, but if you notice anything strange, please file a bug report and let us know!

Public Cloud / Cloud images

Microsoft Azure

Ubuntu images on Microsoft Azure now include azure-vm-utils package, which provides consistent disk naming across SCSI and NVMe devices, improved handling for accelerated networking (MANA and Mellanox), and removes the need for custom udev or Netplan configurations.

How to report any issues resulting from these changes

Raspberry Pi :strawberry:

A new layout of the boot partition is introduced to enhance the reliability of the boot process (LP: #2116266). This will automatically “test” new boot assets written to the boot partition before committing them as the current “known good” set. See the call for testing for more information, or the blog post covering the feature for the full details (including advice on how to opt-out of this feature, where required)

Please note that, due to the new boot process, the boot firmware on your Pi must be up to date. On the Pi 3, 3+, and Zero 2W, the boot firmware is in the image itself, and so is guaranteed to be up to date. On the Pi 5, all boot firmware since release are compatible. However, on the Pi 4 your boot firmware must be dated no earlier than 2022-11-25. To check this, run sudo rpi-eeprom-update. If your firmware is dated earlier than this, using Ubuntu 24.04 (noble) or later, run sudo rpi-eeprom-update -a and reboot.

The Ubuntu desktop images for Raspberry Pi are now based upon the “desktop-minimal” seed rather than “desktop” (LP: #2103808). This greatly reduces the default set of applications installed on the images (saving approximately 777MB of space on the uncompressed image, and thus on user’s systems). The list of applications removed from the image is:

deja-dup (backup service)

file-roller (archive handler)

gnome-calendar

gnome-snapshot (camera application)

libreoffice-*

remmina (remote desktop client)

rhythmbox (music player)

shotwell (photo catalogue)

simple-scan (flat-bed scanner application)

thunderbird (email client)

totem (video player)

transmission-gtk (bittorrent client)

The applications mentioned above will not be automatically removed for upgraders as the ubuntu-desktop meta-package remains manually installed in this circumstance. If you wish to remove these applications (in bulk), you may do so with: sudo apt purge ubuntu-desktop --autoremove. If you wish to keep specific applications, simply “install” them with apt first (which will mark them as “manually installed”, excluding them from automatic removal).

The creation of the swap-file on the desktop images is now handled by cloud-init (LP: #2116275). You may customize the size of the swapfile by editing user-data on the boot partition prior to first boot.

IBM Z and LinuxONE (s390x) image

With every new Ubuntu release, the s390-tools package got upgraded to it’s latest available release v2.38 (LP: #2115416), that now includes support to provide Topology-Map information to user-space (LP: #2098361), support to convert LUKS2 volume from AES keys to retrievable PAES keys (LP: #2117450) as well as Control Program Identification (CPI) hardening for SEL (Security Enhanced Linux) guests (LP: #2118866).

Further support and enhancements were done in the virtualization stack with the implementation of virsh hypervisor-cpu-models in libvirt (LP: #2027925), performance enhanced refresh PCI translation in qemu (LP: #2049699) and kernel (LP: #2049700), the implementation of Control Program Identification (CPI) in qemu (LP: #2118769) and the new reporting of vfio-ap configuration changes with CHSC Store Event Information in KVM, kernel (LP: #2118771) and qemu (LP: #2119160).

Significant effort was spent to enable Ubuntu for the latest IBM Z (z17) and LinuxONE (LinuxONE 5) hardware generations, with support in glibc (LP: #2117398), and the tool-chain, namely:

gcc (LP: #2117410)

llvm (LP: #2117411)

valgrind (LP: #2116735 and LP: #2119288)

Another big area of enhancements is cryptography:

with the upgrade to opencryptoki v3.25 (LP: #2116720) there is now also

support for ep11 token based import and export of secure key objects (LP: #2117436)

the new tools p11kmip that allows to import/export PKCS #11 keys from to a KMIP server (LP: #2117449)

and basic support for AES-GCM in CCA tokens (LP: #2117451)
In addition several cryptography packages were updated, like:

openssl-ibmca to v2.5.0 (LP: #2116709)

openssl-pkcs11-sign-provider to v1.0.2 (LP: #2116721)

libzpc to v1.4.0 (LP: #2116711)

libica4 to v4.4.1 (LP: #2116716)

cryptsetup to v2.8.0 (LP: #2116736)

The kernel also comes with new PHMAC support for MSA 11 HMAC (LP: #2096891).

Finally further tools were updated, like the

smc-tools to v1.8.5, used for shared memory communication cards (LP: #2119285)

libzdnn to v1.1.2, for neuronal network usage with IBM Z hardware support (LP: #2116713) and the

qclib to v2.5.1, that allows to query s390x hardware data (LP: #2116708)

IBM POWER (ppc64el)

RISC-V

Ubuntu 25.10 targets the RVA23S64 ISA profile. Systems that don’t satisfy this requirement cannot run Ubuntu 25.10. RVA20 hardware will continue to be supported by Ubuntu 24.04 LTS.

If you’d like to try it out in a VM, please refer to this guide https://canonical-ubuntu-boards.readthedocs-hosted.com/en/latest/how-to/qemu-riscv/

Known Issues

As is to be expected with any release, there are some significant known bugs that users may encounter with this release of Ubuntu. The ones we know about at this point (and some of the workarounds) are documented here, so you don’t need to spend time reporting these bugs again:

General

Offline installs ticking the box for Nvidia drivers result in Nouveau drivers being installed instead - to work around, install online or update drivers after install. (LP: #2127099)

There is a bug (LP: #2104316) in the beta images that prevents netboot installs in some scenarios.

It has been reported that cloud-init may fails to upgrade properly in the Oracular to Pluck upgrade path, see LP: #2104316.

The Live Session of the new Ubuntu Desktop installer is not localized. It is still possible to perform a non-English installation using the new installer, but internet access at install time is required to download the language packs. (LP: #2013329)

ZFS with Encryption on Ubuntu 24.10 will fail to activate the cryptoswap partition. This affects both new installs and upgrades. We expect to address this post-release with an archive update.

Some particular hardware (e.g. Thinkpad x201) might have issues (general freeze, desktop-security-center not launching, nomodeset) (LP: #2127161, LP: #2048473, LP: #2061118).
Follow these steps if you encounter such an issue:

At the GRUB boot menu, press e (keep Shift pressed during early boot if the menu doesn’t show up).

Add nomodeset to linux line, like the example below: linux /casper/vmlinuz nomodeset ---

Press Ctrl-x to continue the boot process

After installation is complete, reboot, use nomodeset again, like the example below: linux /boot/vmlinuz-6.11.0-8-generic nomodeset root=UUID=c5605a23-05ae-4d9d-b65f-e47ba48b7560 ro

Add nomodeset to the GRUB config file, /etc/default/grub, like the example below: GRUB_CMDLINE_LINUX="nomodeset"

Finally, make the change take effect: sudo update-grub

flatpak is failing to install applications due to missing or incorrect apparmor rules in the profile for fusermount3. Please see Bug #2122161 “[SRU] error: Failed to install org.gnome.Platform:...” : Bugs : Release Notes for Ubuntu for details.

Linux kernel

There is an apparmor issue where confined profiles may unexpectedly seem to apply to another process and restrict things like “ > output.log” from working inside questing LXD containers. See Bug #2121552 ""free > file” blocked by apparmor inside questing ... : Bugs : Release Notes for Ubuntu for more details.

Ubuntu Desktop

Screen reader support is present with the new desktop installer, but is incomplete (LP: #2061015, LP: #2061018, LP: #2036962, LP: #2061021)

You will perhaps experience crashes trying to use the snap-store on Qualcomm Snapdragon X Elite hardware (LP: #2127161)

OEM installs are not supported yet (LP: #2048473)

GTK4 apps (including the desktop wallpaper) do not display correctly with VirtualBox or VMWare with 3D Acceleration (LP: #2061118).

Incompatibility between TPM-backed Full Disk Encryption and Absolute: TPM-backed Full Disk Encryption (FDE) has been introduced to enhance data security. However, it’s important to note that this feature is incompatible with Absolute (formerly Computrace) security software. If Absolute is enabled on your system, the machine will not boot post-installation when TPM-backed FDE is also enabled. Therefore, disabling Absolute from the BIOS is recommended to avoid booting issues.

Hardware-Specific Kernel Module Requirements for TPM-backed Full Disk Encryption: TPM-backed Full Disk Encryption (FDE) requires a specific kernel snap which may not include certain kernel modules necessary for some hardware functionalities. A notable example is the vmd module required for NVMe RAID configurations. In scenarios where such specific kernel modules are indispensable, the hardware feature may need to be disabled in the BIOS (such as RAID) to ensure the continued availability of the affected hardware post-installation. If disabling in the BIOS is not an option, the related hardware will not be available post-installation with TPM-backed FDE enabled.

FDE specific bug reports.

Installing ubuntu-fonts-classic results in a non-Ubuntu font being displayed (LP#2083683). To resolve this, install gnome-tweaks and set ‘Interface Text’ to ‘Ubuntu’.

Wayland desktop performance using the Nvidia driver is still suboptimal. Work is underway to resolve this in 26.04 (LP#2081140).

There is no simple way to customize the login screen (upstream issue). As a workaround, you can copy your personal monitor settings to the login screen with: sudo cp ~/.config/monitors.xml /var/lib/gdm3/seat0/config/ and (at your own risk) you can copy all your other personal settings to the login screen with: sudo cp ~/.config/dconf/user /var/lib/gdm3/seat0/config/dconf/

Ubuntu Server
rabbitmq-server
Certain version hops may be unsupported due to feature flags, raising questions about how Ubuntu will maintain this package moving forward. We are currently exploring the use of snaps as a potential solution to enable smoother upgrades. For more information please read LP: #2074309.
Openstack
Currently, Nova Compute is non-functional because of a python3.13 incompatiblity (LP:#2103413). The Openstack team and Upstream work on it and it will be resolved via an SRU later.

The Ubuntu Cloud Archive is not affected by this bug.
Installer
On systems booting via U-Boot, U-Boot should be updated to the current Plucky version before installation as subiquity does not run flash-kernel and grub-update during the installation. So for first boot the device-tree from U-Boot will be used.

In some situations, it is acceptable to proceed with an offline installation when the mirror is inaccessible. In this scenario, it is advised to use: apt: fallback: offline-install

Network interfaces left unconfigured at install time are assumed to be configured via dhcp4. If this doesn’t happen (for example, because the interface is physically not connected) the boot process will block and wait for a few minutes (LP: #2063331). This can be fixed by removing the extra interfaces from /etc/netplan/50-cloud-init.conf or by marking them as optional: true. Cloud-init is disabled on systems installed from ISO images, so settings will persist.

Installing to a remote NVMe drive using NVMe over TCP firmware support can result in an unbootable system. A workaround exists using an autoinstall directive. Alternatively, the configuration on the target system can be manually fixed post installation before rebooting to the target system. More information at LP: #2127072.

Raspberry Pi
The new gnome-initial-setup has issues preventing it from working properly:

Time zone input dropdown can “wobble” (LP: #2084611)

The hostname change is mandatory (LP: #2093132)

During boot on the server image, if your cloud-init configuration (in user-data on the boot partition) relies upon networking (importing SSH keys, installing packages, etc.) you must ensure that at least one network interface is required (optional: false) in network-config on the boot partition. This is due to netplan changes to the wait-online service (LP: #2060311)

The seeded totem video player will not prompt users to install missing codecs when attempting to play a video requiring them (LP: #2060730)

With the removal of the crda package in 22.04, the method of setting the wifi regulatory domain (editing /etc/default/crda) no longer operates. On server images, use the regulatory-domain option in the Netplan configuration. On desktop images, append cfg80211.ieee80211_regdom=GB (substituting GB for the relevant country code) to the kernel command line in the cmdline.txt file on the boot partition (LP: #1951586).

The power LED on the Raspberry Pi 2B, 3B, 3A+, 3B+, and Zero 2W currently goes off and stays off once the Ubuntu kernel starts booting (LP: #2060942).

Colours appear incorrectly in the Ubuntu App Centre (LP: #2076919).

On server images, re-authentication to WiFi APs when regulatory domain is set result in dmesg spam to the console (LP: #2063365).

On the Pi Zero 2W, the release image contains a bug in the Bluetooth components of the firmware package. This is due to be fixed in an SRU (LP: #2127041).

Google Compute Platform

Google cloud’s ssh-in-browser is broken in 25.10

ssh-in-browser (i.e. the SSH button in the console GUI) does not work in Questing 25.10. This is because the capability relies on older ssh algorithms (diffie-hellman-group-exchange-sha256 and diffie-hellman-group14-sha1) which have now been deprecated in 25.10 (LP: #2127982).

Microsoft Azure

When inspecting system logs with journalctl, users may encounter a denied log entry relating to systemd-detect-virt. There is no known impact on functionality (LP:#2124958).

AWS

Nothing yet.

s390X

During upgrade from Ubuntu Server 25.04 (Plucky Puffin) to Ubuntu 25.10 (Questing Quokka) one may notice the following error with kdump-tools:

“Errors were encountered while processing:
kdump-tools”

This is likely due to a race condition.

One may proceed and complete the upgrade, but at the end of the process the system needs to be manually rebooted. The bug is tracked here: LP: #2126934.

Official flavours

Find the release notes for the official flavours at the following links:

Edubuntu Release Notes

Kubuntu Release Notes

Lubuntu Release Notes

Ubuntu Budgie Release Notes

Ubuntu MATE Release Notes

Ubuntu Studio Release Notes

Ubuntu Unity Release Notes

Xubuntu Release Notes

Ubuntu Kylin Release Notes

Ubuntu Cinnamon Release Notes

More information

Reporting bugs

Your comments, bug reports, patches and suggestions help fix bugs and improve the quality of future releases. Please report bugs using the tools provided. If you want to help with bugs, the Bug Squad is always looking for help.

What happens if there is a high or critical priority CVE during release day?

Server, Desktop and Cloud plan to release in lockstep on release day, but there are some exceptions.

In the unlikely event that a critical or high-priority CVE is announced on release day, the release team have agreed on the following plan of action:

For critical priority CVEs, the release of Server, Desktop and Cloud will be blocked until new images can be built addressing the CVE.

For high-priority CVEs, the decision to block release will be made on a per-product (Server, Desktop and Cloud) basis and will depend on the nature of the CVE, which might result in images not being released on the same day.

This was discussed in the ubuntu–release mailing list March/April 2023.

The mailing list thread also confirmed there is no technical or policy reason why a package cannot be pushed to the Updates or Security pocket to address high or critical-priority CVEs prior to the release.

Participate in Ubuntu

If you would like to help shape Ubuntu, look at the list of ways you can participate at community.ubuntu.com/contribute.

More about Ubuntu

You can find out more about Ubuntu on the Ubuntu website.

To sign up for future Ubuntu development announcements, subscribe to Ubuntu’s development announcement list at ubuntu-devel-announce.
Original source Report a problem
Jul 1, 2025
- Date parsed from source:
  Jul 1, 2025
- First seen by Releasebot:
  Mar 20, 2026
Ubuntu by Canonical

Ubuntu 24.04.3

Ubuntu ships bug fixes and security updates between 24.04.2 and 24.04.3, with updated CD images, installation fixes, desktop and server and cloud improvements, base platform updates, and broad kernel and hardware support work.

This is a brief summary of bugs fixed between Ubuntu 24.04.2 and 24.04.3.

This summary covers only changes to packages in main and restricted, which account for all packages in the officially-supported images; there are further changes to various packages in universe and multiverse.

Some of these fixes were by Ubuntu developers directly, while others were by upstream developers and backported to Ubuntu. For full details, see the individual package changelogs.

In addition to the bugs listed below, this update includes all security updates from the Ubuntu Security Notice affecting Ubuntu 24.04.2 LTS that were released up to and including August 4, 2025.

Installation bug fixes

Updated CD images are provided with this release, including fixes for some installation bugs. (Many installation problems are hardware-specific; for those, see “Hardware support bugs” below.)

Desktop fixes

These changes mainly affect desktop installations of Ubuntu and other Ubuntu-based desktop systems.

Server and Cloud related fixes

These changes mainly affect installations of Ubuntu on server systems and clouds.

Base platform fixes

These changes affect the core fundamental components of all the Ubuntu flavors.

Kernel and Hardware support updates

Considerable work has been done on improving support for many specific items of hardware.
Original source Report a problem
All of your release notes in one feed

Join Releasebot and get updates from Canonical and hundreds of other software products.

Create account
Get updates with: RSS Email API CSV MCP Slack n8n Zapier
Feb 12, 2025
- Date parsed from source:
  Feb 12, 2025
- First seen by Releasebot:
  Mar 20, 2026
Ubuntu by Canonical

Ubuntu 24.04.2

Ubuntu 24.04.2 LTS ships bug fixes and security updates, with refreshed CD images that improve installation, upgrades, desktop systems, server and cloud setups, and core platform components.

This is a brief summary of bugs fixed between Ubuntu 24.04.1 and 24.04.2.

This summary covers only changes to packages in main and restricted, which account for all packages in the officially-supported images; there are further changes to various packages in universe and multiverse. Some of these fixes were by Ubuntu developers directly, while others were by upstream developers and backported to Ubuntu. For full details, see the individual package changelogs.

In addition to the bugs listed below, this update includes all security updates from the Ubuntu Security Notice affecting Ubuntu 24.04.2 LTS that were released up to and including February 20, 2025.

Installation bug fixes

Updated CD images are provided with this release, including fixes for some installation bugs. (Many installation problems are hardware-specific; for those, see “Hardware support bugs” below.)

Upgrade bug fixes

These changes fix upgrade issues, smoothing the way for future upgrades to later releases of Ubuntu (and not only).

Desktop fixes

These changes mainly affect desktop installations of Ubuntu and other Ubuntu-based desktop systems.

Server and Cloud related fixes

These changes mainly affect installations of Ubuntu on server systems and clouds.

Base platform fixes

These changes affect the core fundamental components of all the Ubuntu flavors.
Original source Report a problem
Aug 1, 2024
- Date parsed from source:
  Aug 1, 2024
- First seen by Releasebot:
  Mar 20, 2026
Ubuntu by Canonical

24.04.1

Ubuntu fixes bugs between 24.04 and 24.04.1, shipping updated CD images with installation and upgrade improvements plus broader desktop, server, cloud, base platform, kernel, and hardware support fixes across supported packages.

This is a brief summary of bugs fixed between Ubuntu 24.04 and 24.04.1. This summary covers only changes to packages in main and restricted, which account for all packages in the officially-supported images; there are further changes to various packages in universe and multiverse. Some of these fixes were by Ubuntu developers directly, while others were by upstream developers and backported to Ubuntu. For full details, see the individual package changelogs.

Installation bug fixes

Updated CD images are provided with this release, including fixes for some installation bugs. (Many installation problems are hardware-specific; for those, see “Hardware support bugs” below.)

Upgrade bug fixes

These changes fix upgrade issues, smoothing the way for future upgrades to later releases of Ubuntu (and not only).

Desktop fixes

These changes mainly affect desktop installations of Ubuntu and other Ubuntu-based desktop systems.

Server and Cloud related fixes

These changes mainly affect installations of Ubuntu on server systems and clouds.

Base platform fixes

These changes affect the core fundamental components of all the Ubuntu flavors.

Kernel and Hardware support updates

Considerable work has been done on improving support for many specific items of hardware.

Unsorted changes

[The release notes include detailed tables of source packages, bug numbers, and descriptions of fixes and improvements across various components such as livecd-rootfs, ubuntu-release-upgrader, gnome-shell, linux kernel variants, apparmor, snapd, and many others.]
Original source Report a problem
Apr 1, 2024
- Date parsed from source:
  Apr 1, 2024
- First seen by Releasebot:
  Mar 20, 2026
Ubuntu by Canonical

Ubuntu 24.04 LTS (Noble Numbat)

Ubuntu 24.04 LTS ships major updates across the kernel, Netplan, systemd and core toolchains, while adding Year 2038 support for armhf, stronger security hardening, improved crash handling, and new defaults for .NET, OpenJDK, Python and more.
These release notes for Ubuntu 24.04 LTS (Noble Numbat) provide an overview of the release and document the known issues with Ubuntu and its flavours. For details of the changes applied since 24.04, please see the 24.04.2 change summary.

Support lifespan

Ubuntu 24.04 LTS will be security maintained for 5 years until 31 May 2029. Users can choose to extend this to 10 years with Ubuntu Pro or 12 years with the Legacy add-on.

Upgrades

Users of Ubuntu 23.10 have been offered an automatic upgrade to 24.04 since shortly after the release. Users of 22.04 LTS will also start being offered the automatic upgrade now that 24.04.1 LTS has been released.

New features in 24.04 LTS

Year 2038 support for the armhf architecture

Ubuntu 24.04 LTS solves the Year 2038 problem that existed on armhf. More than a thousand packages have been updated to handle time using a 64-bit value rather than a 32-bit one, making it possible to handle times up to 292 billion years in the future.

Updated Packages

Linux kernel :penguin:

Ubuntu 24.04 LTS includes the new 6.8 Linux kernel that brings many new features. Detailed changes are reported in the Noble Kernel Release Notes post.

systemd v255.4

The init system was updated to systemd v255.4. See the upstream changelog for more information about individual features.

Netplan v1.0 :globe_with_meridians:

The network stack was updated to Netplan version 1.0. Supporting simultaneous WPA2 & WPA3, Mellanox VF-LAG for high-performance SR-IOV networking and VXLAN improvements. It also provides a stable libnetplan1 API and a new netplan status --diff sub-command to find differences between configuration and system state. For more information please see the Introducing Netplan v1.0 blog post.

Toolchain Upgrades :hammer_and_wrench:

GCC is updated to the 14, binutils to 2.42, and glibc to 2.39.

Python now defaults to version 3.12

OpenJDK now defaults to LTS version 21

LLVM now defaults to version 18

Rust toolchain defaults to version 1.75

Golang is updated to 1.22

.NET 8 is now default

OpenJDK

OpenJDK LTS 21 is the default in Ubuntu 24.04 LTS while maintaining support for versions 17, 11, and 8. OpenJDK 17 and 21 are also TCK certified, which means they adhere to Java standards and ensure interoperability with other Java platforms. A special FIPS-compliant OpenJDK 11 package is also available for Ubuntu Pro users.

.NET

With the introduction of .NET 8, Ubuntu is taking a significant step forward in supporting the .NET community. .NET 8 will be fully supported on Ubuntu 24.04 LTS and 22.04 LTS for the entire lifecycle of both releases. This enables developers to upgrade their applications to newer .NET versions before upgrading their Ubuntu release. Starting with 24.04 LTS the .NET support has also been extended to the IBM System Z platform.

.NET 6 and .NET 7 packages with limited support are available via a PPA.

Apport

Apport added integration with systemd-coredump to handle crashes. Developers on Ubuntu can co-install systemd-coredump now and use coredumpctl to analyze crash data. Apport will continue to collect crash information and submit it to the Ubuntu Error Tracker and Launchpad.

Security Improvements :locked:

Unprivileged user namespace restrictions

In combination with the apparmor package, the Ubuntu kernel now restricts the use of unprivileged user namespaces. This affects all programs on the system that are unprivileged and unconfined. A default AppArmor profile is provided that allows the use of user namespaces for unprivileged and unconfined applications but will deny the subsequent use of any capabilities within the user namespace. A common use-case for unprivileged user namespaces is applications that construct their own sandboxes or work with styles of container workloads. As such, AppArmor profiles that allow the use of unprivileged user namespaces are also provided for common applications and frameworks that come from the Ubuntu archive, as well as popular third party applications like Google Chrome, Discord and others. This is a subsequent step towards trying to mitigate the larger attack surface presented by unprivileged user namespaces (the first being the introduction of this feature in Ubuntu 23.10 where it was not enabled by default).

Whilst significant effort has been expended to try and identify all applications that may require such profiles, it is expected that there may be cases where additional profiles are required.

In this case, there are several options if you run into problems:

Confine your applications with an AppArmor profile. Because this can be potentially onerous, a new unconfined profile mode/flag has been added to AppArmor. This designates the profile to essentially act like the unconfined mode for AppArmor where an application is not restricted, and it allows additional permissions to be added, such as the userns permission. Such profile for, e.g. Google Chrome, would look like the following, and it would be located within the /etc/apparmor.d/chrome file:

abi <abi/4.0>, include <tunables/global> /opt/google/chrome/chrome flags=(unconfined) { userns, # Site-specific additions and overrides. See local/README for details. include if exists <local/chrome> }

Alternatively, a complete AppArmor profile for the application can be created (see the AppArmor documentation).

Launch your application in a way that doesn’t use unprivileged user namespaces, e.g. google-chrome-stable --no-sandbox. However, since this disables the use of an internal security feature within the application, this is not recommended. Instead, use the unconfined profile mode described above instead.

Disable this restriction on the entire system for one boot by executing echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns. This setting is lost on reboot. This similar to the previous behaviour, but it does not mitigate against kernel exploits that abuse the unprivileged user namespaces feature.

Disable this restriction using a persistent setting by adding a new file (/etc/sysctl.d/60-apparmor-namespace.conf) with the following contents:
kernel.apparmor_restrict_unprivileged_userns=0
Reboot. This is similar to the previous behaviour, but it does not mitigate against kernel exploits that abuse the unprivileged user namespaces feature.

TLS 1.0, 1.1 and DTLS 1.0 are forcefully disabled

for software using openssl this was the case since 20.04

for software using gnutls, this is now enforced (with openconnect being a notable exception)

More consistent application of openssl and gnutls system configurations

Some libraries do not raise errors when their configuration is not accessible; this could happen when apparmor does not allow access to the configuration files. Due to how widespread openssl and gnutls are, the apparmor rules now grant access to their configuration files by default. Their system-wide configuration will therefore be followed better.

Deprecation and disablement of 1024-bit RSA APT repository signing keys

APT in 24.04 requires repositories to be signed with the RSA keys no smaller than 2048 bits, Ed25519, or Ed448. As work to resign old Launchpad PPAs with a stronger keys is still ongoing for some weeks, this is initially only a warning.

Once Launchpad PPAs have been resigned, you will need to manually migrate any affected PPAs to new signing keys by removing and re-adding them to quiesce the warning.

The final APT 2.8.0 release that converts the warning to an error should be published as a stable release update some time after the resigning is complete.

pptpd removed

pptpd and bcrelay have been removed

OpenSSH with reduced dependencies

As per the XZ-utils backdoor, openssh in ubuntu does not depends anymore in libsystemd, reducing the number of dependencies and making it less prone to future security issues.

Package security-hardening improvements

Packages are now built with security-hardening features which stop many undiscovered security vulnerabilities, rendering them unexploitable.

The gcc compiler and dpkg now defaults to -D_FORTIFY_SOURCE=3 instead of -D_FORTIFY_SOURCE=2 which greatly increases buffer overflow detection and mitigation.

dpkg now defaults to use -mbranch-protection=standard which mitigates code reuse attacks on arm64.

Performance :zap:

Performance Engineering tools

A set of performance engineering tools is installed by default on relevant Ubuntu systems. Additionally, a performance-tools metapackage has been created to assist in debugging performance and reliability issues. See specification for more details.

Default configuration changes :gear:

As always there are many changes to defaults, mostly by newer versions of packages. But a few are worth spelling out if your former automation, configuration and tuning relied on those settings being one or the other way.

Apt priority of the proposed pocket

The proposed pocket is used as a staging area for software updates. These updates land in the proposed pocket before they are released to the wider public userbase.

But in the past, if someone enabled the proposed pocket for testing they often got into trouble by getting their system flooded with everything that is in the proposed pocket.

If just one of the packages in there was weirdly broken you’d have been broken by that as well - and it might have been unrelated to what you really care about and made your regular testing consume more effort and thereby less attractive.

By changing the default priority, users are less likely to install potentially unstable updates unintentionally. Therefore the default apt priority of the proposed pocket was reduced from 500 to 100. This change already happened in Ubuntu Lunar, but Noble is the first Ubuntu LTS to pick it up and therefore there is much more time of consumption from the proposed pocket in front of it.

With the change, users can now selectively install packages from the proposed pocket. This allows for more conscious selection and testing of updates.

You can always see the new versions of the packages e.g. via apt-cache policy but they will no more auto-install.

To install a package from proposed you’d now need to select from which pocket you want to install like apt install /-proposed

The above helps a lot for the conscious testing of changes. But on the other hand having automation and people testing (almost) all new package versions regularly can provide great signal. Especially in canary setup with their very own workload it can prevent breaking these specific setup unintentionally as it might be different from what is tested elsewhere.

Therefore in those situations if you want to go back to the old behavior of just getting everything from proposed all the time, you’d need to bump the apt pin priority back up to 500 so the versions from the proposed pocket compete on the same level with the rest of the Ubuntu Archive. To do that you could put the following in a file like /etc/apt/preferences.d/bump-proposed-prio:

# Consider proposed all the time, set default priority 500 Package: * Pin: release a=noble-proposed Pin-Priority: 500

Deb822 sources management

The sources configuration for Ubuntu has moved from /etc/apt/sources.list to /etc/apt/sources.list.d/ubuntu.sources in the more featureful deb822 format, aligning with PPAs that already migrated to deb822 last year. See the specification for more details.

Services restart on unattended-upgrade

The needrestart package has been modified to systematically restart services if affected by a library upgrade, including in non-interactive scenarios such as unattended-upgrade. The reason for this change is that unattended-upgrade defaults to security updates only, and failing to restart services means that those running daemons will still be exposed to the security issues fixed by the update.

It is possible to exclude specific services from automatic restart by adding them to the override_rc section of /etc/needrestart/needrestart.conf.

See this Discourse post for more details.

irqbalance no more installed and enabled by default

The irqbalance service is designed to distribute hardware interrupts across processors on a multiprocessor system to increase performance. This is particularly useful in server configurations where multiple devices will be competing for the CPU’s attention. And in doing so it has served Ubuntu well being default enabled since 14 years based on a discussion and related to the kernel actively delegating this to userspace.

But evolution of the wider ecosystem has outpaced irqbalance in most situations.

Irqbalance can still be useful, but unless the admin configures it, the policy it provides is not a discernible improvement over the in-kernel default policy.

At the same time a few cases have been reported where irqbalance causes issues, hence discussions have been ongoing for quite a while. It does usually not make as much sense for virtual guests, it might conflict with manual tuning and other power consumption or latency targets. Furthermore the kernel and in particular many device drivers evolved since then and often do an equal or better job now.

This change is just not installing it by default, irqbalance will stay available and anyone that benefits or even just want to experiment with it can use it as before.

Some specific scenarios, like particular cloud images, already had irqbalance disabled by default before. In a similar fashion some have been (and more might be) identified which will keep it enabled by default as there has been evidence that on this platform it is more helpful.

... (The release notes continue with extensive details on many packages, features, known issues, and upgrade considerations.)
Original source Report a problem
Mar 21, 2023
- Date parsed from source:
  Mar 21, 2023
- First seen by Releasebot:
  Mar 20, 2026
Ubuntu by Canonical

Ubuntu 20.04 LTS (Focal Fossa) Release Notes

Ubuntu releases 20.04 LTS, bringing a refreshed desktop, updated kernel and toolchain, Python 3 by default, improved server installation, ZFS enhancements, and expanded cloud and virtualization support across the release.
These release notes for Ubuntu 20.04 LTS (Focal Fossa) provide an overview of the release and document the known issues with Ubuntu 20.04 LTS and its flavors. For details of the changes applied since 20.04, please see the 20.04.6 change summary. The release notes for 20.04, 20.04.1, 20.04.2, 20.04.3, 20.04.4, and 20.04.5 change summary are available as well.

Support lifespan

Maintenance updates will be provided for 5 years until April 2025 for Ubuntu Desktop, Ubuntu Server, Ubuntu Cloud, and Ubuntu Core. All the remaining flavours will be supported for 3 years. Additional security support is available with ESM (Extended Security Maintenance).

Official flavor release notes

Find the links to release notes for official flavors here.

Get Ubuntu 20.04.6 LTS

Download Ubuntu 20.04.6 LTS

Images can be downloaded from a location near you.

You can download ISOs and flashable images from:

https://releases.ubuntu.com/20.04/ (Ubuntu Desktop and Server for AMD64)
http://cdimage.ubuntu.com/ubuntu/releases/20.04/release/ (Less Frequently Downloaded Ubuntu Images)
http://cloud-images.ubuntu.com/daily/server/focal/current/ (Ubuntu Cloud Images)
http://cdimage.ubuntu.com/kubuntu/releases/20.04/release/ (Kubuntu)
http://cdimage.ubuntu.com/lubuntu/releases/20.04/release/ (Lubuntu)
http://cdimage.ubuntu.com/ubuntu-budgie/releases/20.04/release/ (Ubuntu Budgie)
http://cdimage.ubuntu.com/ubuntukylin/releases/20.04/release/ (Ubuntu Kylin)
https://ubuntu-mate.org/download/ (Ubuntu MATE)
http://cdimage.ubuntu.com/ubuntustudio/releases/20.04/release/ (Ubuntu Studio)
http://cdimage.ubuntu.com/xubuntu/releases/20.04/release/ (Xubuntu)

Upgrading from Ubuntu 18.04 LTS or 19.10

You can upgrade to Ubuntu 20.04 LTS from either Ubuntu 18.04 LTS or Ubuntu 19.10.

Ensure that you have all updates installed for your current version of Ubuntu before you upgrade.

Confirm that you also have a network connectivity to one of the official mirrors or to a locally accessible mirror as there are no offline upgrade options.

To upgrade on a desktop system:

Open the "Software & Updates" Setting in System Settings.

Select the 3rd Tab called "Updates".

Set the "Notify me of a new Ubuntu version" drop down menu to "For any new version" if you are using 19.10; set it to "For long-term support versions" if you are using 18.04 LTS.

Press Alt+F2 and type update-manager -c into the command box if you are using 19.10; type update-manager -c -d if you are using 18.04 LTS.

Update Manager should open up and tell you that Ubuntu 20.04 LTS is now available.

Click Upgrade and follow the on-screen instructions.

To upgrade on a server system:

Install update-manager-core if it is not already installed.

Make sure the Prompt line in /etc/update-manager/release-upgrades is set to 'normal' if you are using 19.10, or 'lts' if you are using 18.04 LTS.

Launch the upgrade tool with the command sudo do-release-upgrade on 19.10; use sudo do-release-upgrade -d if you are using 18.04 LTS.

Follow the on-screen instructions.

Note that the server upgrade will use GNU screen and automatically re-attach in case of dropped connection problems.

The -d switch is necessary to upgrade from Ubuntu 18.04 LTS as upgrades have not yet been enabled and will only be enabled after the first point release of 20.04 LTS.

Upgrades on i386

Users of the i386 architecture will not be presented with an upgrade to Ubuntu 20.04 LTS. Support for i386 as a host architecture was dropped in 19.10.

New Features in 20.04 LTS

RISC-V image

RISC-V images for SiFive HiFive Unleashed and Unmatched boards are now available, which can also be used as a VM with QEMU on any Ubuntu 20.04 machine. For more details see RISC-V page.

Updated Packages

As with every Ubuntu release, Ubuntu 20.04 LTS comes with a selection of the latest and greatest software developed by the free software community.

Linux Kernel

Ubuntu 20.04 LTS is based on the long-term supported Linux release series 5.4. HWE stack updated to Linux release series 5.8.

NOTE: Users who installed from Ubuntu Desktop media should see the note about desktop tracking the rolling hardware enablement kernel series by default here.

Notable features and enhancements in 5.4 since 5.3 include:

Support for new hardware including Intel Comet Lake CPUs and initial Tiger Lake platforms, AMD Navi 12 and 14 GPUs, Arcturus and Renoir APUs along with Navi 12 + Arcturus power features.

Support has been added for the exFAT filesystem, virtio-fs for sharing filesystems with virtualized guests and fs-verity for detecting file modifications.

Built in support for the WireGuard VPN.

Enablement of lockdown in integrity mode.

Other notable kernel updates to 5.4 since version 4.15 released in 18.04 LTS include:

Support for AMD Rome CPUs, Radeon RX Vega M and Navi GPUs, Intel Cannon Lake platforms.

Support for raspberry pi (Pi 2B, Pi 3B, Pi 3A+, Pi 3B+, CM3, CM3+, Pi 4B)

Significant power-saving improvements.

Numerous USB 3.2 and Type-C improvements.

A new mount API, the io_uring interface, KVM support for AMD Secure Encrypted Virtualization and pidfd support.

Boot speed improvements through changing the default kernel compression algorithm to lz4 (in Ubuntu 19.10) on most architectures, and changing the default initramfs compression algorithm to lz4 on all architectures.

Toolchain Upgrades 🛠️

Ubuntu 20.04 LTS comes with refreshed state-of-the-art toolchain including new upstream releases of glibc 2.31, OpenJDK 11, rustc 1.41, GCC 9.3, Python 3.8.2, ruby 2.7.0, php 7.4, perl 5.30, golang 1.13.

Ubuntu Desktop

Ubuntu Desktop flavour now always tracks HWE (hardware enablement) kernel. It means that from January 2021 the Ubuntu Desktop will gain new major kernel versions every 6 months through to summer of 2022, even if you installed Ubuntu Desktop earlier than this.

New graphical boot splash (integrates with the system BIOS logo).

Refreshed Yaru theme with Light/Dark theme switching.

GNOME 3.36 with new lock screen design, new system menu design, new app folder design, smoother performance, lower CPU usage for window and overview animations, JavaScript execution, mouse movement, and window movement (which also has lower latency now).

10-bit deep colour support.

X11 fractional scaling.

Mesa 20.0 OpenGL stack.

BlueZ 5.53.

PulseAudio 14.0 (prerelease).

Firefox 75.0.

Thunderbird 68.7.0.

LibreOffice 6.4.

Network configuration

With this Ubuntu release, netplan.io has grown multiple new features, some of which are:

Basic support for configuring SR-IOV network devices.

Support for GSM modems via the NetworkManager backend.

Adding WiFi flags for bssid/band/channel settings.

Adding ability to set ipv6-address-generation for the NetworkManager backend and emit-lldp for networkd.

Storage/File Systems
ZFS 0.8.3
Continuing with what started in the Eoan release, Ubuntu Focal ships zfs 0.8.3. Highlights include:

Native Encryption (with hardware acceleration enabled in Focal)

Device removal

Pool TRIM

Sequential scrub and resilver (performance)

Other base system changes since 18.04 LTS

Python3 by default

In 20.04 LTS, the python included in the base system is Python 3.8. Python 2.7 has been moved to universe and is not included by default in any new installs.
Remaining packages in Ubuntu which require Python 2.7 have been updated to use /usr/bin/python2 as their interpreter, and /usr/bin/python is not present by default on any new installs. On systems upgraded from previous releases, /usr/bin/python will continue to point to python2 for compatibility. Users who require /usr/bin/python for compatibility on newly-installed systems are encouraged to install the python-is-python3 package, for a /usr/bin/python pointing to python3 instead.
Due to this transition the legacy python and python-minimal packages might be removed during an upgrade, being replaced by the python2 and python2-minimal packages as dependencies of the python-is-python2 package.

Snap Store

The Snap Store (snap-store) replaces ubuntu-software as the default tool for finding and installing packages and snaps.

Ubuntu Server

Installer

The live server installer is now the preferred media to install Ubuntu Server on all architectures.
Besides architecture support, the main user visible new features are support for automated installs and being able to install the bootloader to multiple disks (for a more resilient system).
There have been many other fixes under the hood to make using encryption easier, better support installing to multipath disks, more reliable installation onto disks that have been used in various ways and allowing failures to be reported more usefully.
Starting from Ubuntu Server 20.04.2 the ISO images can optionally boot the installer using the HWE kernel. In this case the installed system will automatically make use of the HWE stack.

QEMU

QEMU was updated to 4.2 release.

Some highlights:

free page hinting through virtio-balloon to avoid migrating unused pages which can speed up migrations

PPC: NVIDIA V100 GPU/NVLink2 passthrough for spapr using VFIO PCI

Many speed improvements for LUKS backend

pmem/nvdimm support

Please see the full change logs 4.2 and 4.1 for major changes since Ubuntu 19.10.
For Upgraders from Ubuntu 18.04 please also check out 4.0, 3.1, 3.0, and 2.12.
When upgrading it is always recommended to upgrade the machine types allowing guests to fully benefit from all the improvements and fixes of the most recent version.

UPGRADING FROM 19.10

For trimmed down container like isolation use-cases the new qemu has the microvm machine type which can be combined with the qboot ROM (available as bios-microvm.bin) to provide a reduced feature set at a much faster startup time. You can use the package qemu-system-x86-microvm which provides an alternative QEMU binary stripped of all features not needed these use cases as suggested by the qboot ROM.
The VMX related features can now be controlled individually instead of just vmx on/off. The VMX-subfeatures of certain CPU types might have slightly changed (matching those of the selected CPU type now instead of almost randomly depending on the underlying hardware). It is recommended to use a well defined cpu type when defining a guest.

People that like to work or experiment with nvdimms and persistent memory QEMU now has pmem and nvdimm support enabled in Ubuntu Focal Fossa.

UPGRADING FROM 18.04

QEMU now has virglrenderer enabled which allows to create a virtual 3D GPU inside QEMU virtual machines. That is inferior to GPU passthrough, but can be handy if the platform used lacks the capability for classic PCI passthrough as well as more modern mediated devices.
The graphical QEMU back-end is now based on GTK instead of SDL. That provides much better Desktop integration and is often faster.

libvirt

libvirt was updated to version 6.0.

UPGRADING FROM 19.10

Features include:

access NVMe disks directly now allowing a speed oriented setup that still supports migration.

Mediated GPU devices are now supported as boot display.

Support kvm-hint-dedicated performance hint allowing the guest to enable optimizations when running on dedicated vCPUs.

UPGRADING FROM 18.04

libvirt can now enable QEMUs ability to use parallel connections for migration which can help to speed up migrations if one doesn't saturate your network yet.
Added the ability to have GL enabled graphics as well as mediated devices to be configured while still being guarded by custom apparmor profiles generated per guest.

TRANSITION LIBVIRT-BIN -> LIBVIRT-CLIENTS / LIBVIRT-DAEMON / LIBVIRT-DAEMON-SYSTEM

The package libvirt-bin was split into libvirt-daemon-system, libvirt-clients, and libvirt-daemon.

dpdk

Ubuntu 20.04 LTS includes the latest stable release 19.11.1 of the latest LTS series 19.11.x.

Open vSwitch

Open vSwitch has been updated to 2.13.

Chrony

Chrony been updated to version 3.5 which provides plenty of improvements in accuracy and controls.

cloud-init

Cloud-init was updated to version 20.1-10. Notable features include new datasource detection/support, Azure dhcp6 support, EC2 improvements, Scaleway fixes, LRU cache improvements, and drop python2 support.

PHP 7.4

PHP 7.4 is a new feature update, bringing typed properties, arrow functions, weak references, and unpacking inside arrays among other things.

Ruby 2.7

The default Ruby interpreter was updated to version 2.7 with many improvements.

Ruby on Rails 5.2.3

Ruby on Rails was updated to version 5.2.3.

Ubuntu HA/Clustering

KRONOSNET is the new underlying network protocol for Linux HA components.

OpenStack Ussuri

Ubuntu 20.04 LTS includes the latest OpenStack release, Ussuri.

Ceph

Ceph was updated to the 15.2.1 release, Ceph Octopus.

Cloud Images

Amazon Web Services (AWS) AMIs have the ec2-instance-connect package installed and enabled by default starting in Focal.

Known issues

There are some significant known bugs documented including issues with installer and live session, distribution upgrades, desktop, Raspberry Pi, RISC-V, server, and general issues.

Official flavours

The release notes for the official flavors can be found at the following links: Lubuntu, Kubuntu, Ubuntu Budgie, Ubuntu MATE, Ubuntu Studio, Xubuntu, Ubuntu Kylin.

More information

Your comments, bug reports, patches and suggestions will help fix bugs and improve the quality of future releases. Please report bugs using the tools provided.
If you want to help out with bugs, the Bug Squad is always looking for help.
If you would like to help shape Ubuntu, take a look at the list of ways you can participate at https://community.ubuntu.com/contribute.
You can find out more about Ubuntu on the Ubuntu website and Ubuntu wiki.
To sign up for future Ubuntu development announcements, please subscribe to Ubuntu's development announcement list at https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-announce.
Original source Report a problem
Mar 21, 2023
- Date parsed from source:
  Mar 21, 2023
- First seen by Releasebot:
  Mar 20, 2026
Ubuntu by Canonical

20.04.6

Ubuntu 20.04.6 LTS fixes bugs across the main and restricted packages, refreshes CD images, and includes security updates through March 15, 2022. It also brings installation, upgrade, desktop, server, cloud, base platform, and hardware support improvements.

This is a brief summary of bugs fixed between Ubuntu 20.04.5 and 20.04.6. This summary covers only changes to packages in main and restricted , which account for all packages in the officially-supported CD images; there are further changes to various packages in universe and multiverse. Some of these fixes were by Ubuntu developers directly, while others were by upstream developers and backported to Ubuntu. For full details, see the individual package changelogs.

In addition to the bugs listed below, this update includes all security updates from the Ubuntu Security Notice list affecting Ubuntu 20.04 LTS that were released up to and including March 15, 2022. The last update included was USN-5954-1 (Firefox vulnerabilities).

Installation bug fixes

Updated CD images are provided with this release, including fixes for some installation bugs. (Many installation problems are hardware-specific; for those, see “Hardware support bugs” below.)

Upgrade bug fixes

These changes fix upgrade issues, smoothing the way for future upgrades to later releases of Ubuntu (and not only).

Desktop fixes

These changes mainly affect desktop installations of Ubuntu, Kubuntu, Ubuntu MATE and other Ubuntu-based systems.

Server and Cloud related fixes

These changes mainly affect installations of Ubuntu on server systems and clouds.

Base platform fixes

These changes affect the core fundamental components of all the Ubuntu flavors.

Kernel and Hardware support updates

Considerable work has been done on improving support for many specific items of hardware.

Unsorted changes

[Detailed lists of package fixes, patches, and updates follow in the original document but are omitted here for brevity.]
Original source Report a problem
Sep 1, 2022
- Date parsed from source:
  Sep 1, 2022
- First seen by Releasebot:
  Mar 20, 2026
Ubuntu by Canonical

20.04.5

Ubuntu ships bug fixes and security updates in 20.04.5, covering installation, upgrade, desktop, server, cloud, base platform, kernel, and hardware support improvements for Ubuntu 20.04 LTS.
Contents

Installation bug fixes

Upgrade bug fixes

Desktop fixes

Server and Cloud related fixes

Base platform fixes

Kernel and Hardware support updates

Unsorted changes

This is a brief summary of bugs fixed between Ubuntu 20.04.4 and 20.04.5. This summary covers only changes to packages in main and restricted, which account for all packages in the officially-supported CD images; there are further changes to various packages in universe and multiverse. Some of these fixes were by Ubuntu developers directly, while others were by upstream developers and backported to Ubuntu. For full details, see the individual package changelogs.

In addition to the bugs listed below, this update includes all security updates from the Ubuntu Security Notice list affecting Ubuntu 20.04 LTS that were released up to and including August 30, 2022. The last update included was USN-5585-1 (Jupyter Notebook vulnerabilities).

Installation bug fixes

Updated CD images are provided with this release, including fixes for some installation bugs. (Many installation problems are hardware-specific; for those, see "Hardware support bugs" below.)

Upgrade bug fixes

These changes fix upgrade issues, smoothing the way for future upgrades to later releases of Ubuntu (and not only).

Desktop fixes

These changes mainly affect desktop installations of Ubuntu, Kubuntu, Ubuntu MATE and other Ubuntu-based systems.

Server and Cloud related fixes

These changes mainly affect installations of Ubuntu on server systems and clouds.

Base platform fixes

These changes affect the core fundamental components of all the Ubuntu flavors.

Kernel and Hardware support updates

Considerable work has been done in Ubuntu 20.04.1 on improving support for many specific items of hardware.

Unsorted changes

FocalFossa/ReleaseNotes/ChangeSummary/20.04.5 (last edited 2022-09-01 09:02:17 by sil2100)
Original source Report a problem
Feb 23, 2022
- Date parsed from source:
  Feb 23, 2022
- First seen by Releasebot:
  Mar 20, 2026
Ubuntu by Canonical

20.04.4

Ubuntu ships a broad 20.04.4 update with installation, upgrade, desktop, server, cloud, kernel and hardware fixes. It also includes newer security updates, improved NVIDIA and Mesa support, OpenStack and cloud-init updates, and expanded device support for laptops, workstations and Azure, AWS and GCP images.
Contents

Installation bug fixes

Upgrade bug fixes

Desktop fixes

Server and Cloud related fixes

Kernel and Hardware support updates

Unsorted changes

This is a brief summary of bugs fixed between Ubuntu 20.04.3 and 20.04.4. This summary covers only changes to packages in main and restricted , which account for all packages in the officially-supported CD images; there are further changes to various packages in universe and multiverse . Some of these fixes were by Ubuntu developers directly, while others were by upstream developers and backported to Ubuntu. For full details, see the individual package changelogs.

In addition to the bugs listed below, this update includes all security updates from the Ubuntu Security Notice list affecting Ubuntu 20.04 LTS that were released up to and including February 22, 2022. The last update included was USN-5301-1 (Cyrus SASL vulnerability).

Installation bug fixes

These changes fix upgrade issues, smoothing the way for future upgrades to later releases of Ubuntu (and not only).

Updated CD images are provided with this release, including fixes for some installation bugs. (Many installation problems are hardware-specific; for those, see "Hardware support bugs" below.)

livecd-rootfs 1940136 Generate manifest for HyperV desktop image

livecd-rootfs 1949102 Add the 099-ubuntu-image-customization.chroot for desktop-preinstalled images similar to what we have in groovy+ (for the pi desktop), but improved for amd64 platforms. We need it to generate a valid grub.cfg on the rootfs (similar to ubuntu-cpc) and then use that instead of a static configuration locked on the boot partition.

livecd-rootfs 1917920 magic-proxy: Replace http.client with urllib calls. live-build/auto/build: change iptables calls to query rules and quickly check that connectivity works after transparent proxy has been installed.

livecd-rootfs 1944906 magic-proxy: fix TypeError when trying to call get_uri()

update-notifier 1821412 Adjust update-notifier-crash.service so that the report process is not killed before it has a chance to act

livecd-rootfs 1952093 live-build/ubuntu-server/hooks/032-installer-squashfs.binary: be more careful in deleting snaps that snap-preseed has copied up into the live installer layer.

ubiquity 1942648 ubi-partman.py: Do not display a restart button in the advanced partitioning screen when installing alongside Windows Boot Manager. Thanks to Sam van Kampen for the patch.

ubiquity 1951519 tests/test_timezone.py: The Bahamas moved their DST rules to sync with the U.S. in 2007 but tzdata only recently incorporated this change.

partman-auto 1959971 Bump minimum and maximum sizes for /boot partitions on default, x86, and EFI platforms to a minimum of 768Mb and maximum of 1536Mb.

ubiquity 1960306 Backport the ability to unhide passwords that are being typed-in during various stages of the installation.

ubiquity 1959971 Automatic update of included source packages: partman-auto 134ubuntu13.1.

Upgrade bug fixes

These changes fix upgrade issues, smoothing the way for future upgrades to later releases of Ubuntu (and not only).

update-manager 1938043 ubuntu-security-status: use ubuntu-advantage-tools to determine whether or not livepatch or esm are enabled and if the system is attached. Thanks to Chad Smith for the patch.

update-manager 1955471 ubuntu-security-status: Check if ESM for Apps is enabled or if it is not in beta before displaying information about the packages available from there. Additionally, improve pluralization in a couple of locations.

Desktop fixes

These changes mainly affect desktop installations of Ubuntu, Kubuntu, Ubuntu MATE and other Ubuntu-based systems.

alsa-ucm-conf 1937980 d/p/0031-sof-soundwire-rt1316-DAC-L-and-R-is-replaced-by-DAC.patch The mixer name is changed in the codec driver rt1316-sdw.c, so need to handle the new mixer name. https://github.com/alsa-project/alsa-ucm-conf/pull/109

alsa-ucm-conf 1940788 d/p/0032-sof-hda-dsp-Set-Capture-Switch-on-in-the-BootSequenc.patch The input volume of the external microphone is 0 by default for all machines with sof audio driver, that is because the capture switch is set to off by default, need to set it to on in the ucm. https://github.com/alsa-project/alsa-ucm-conf/pull/107

oem-somerville-melisa-meta 1940904 Update the hardware support for Dell XPS 13 9300.

nvidia-graphics-drivers-470 1939673 Include the actual changes that were only mentioned in the changelog for the previous release.

nvidia-graphics-drivers-470 1939673 New upstream release:

gnome-control-center 1938747 d/p/git-Fix-volume-adjustment-failure-on-volume-slider.patch Can't adjust the output volume via volume-slider after changing the current output-device.

libdrm 1940504 intel-Add-support-for-ADLP.patch: Add support for ADL-P.

mesa 1940504 Backport support for ADL-P.

nvidia-settings 1943160 Do not read config on Power Saving mode..

mesa 1945227 patches: Backport support for AMD Yellow Carp.

oem-sutton.simon-baird-meta 1943535 Update the hardware support for Lenovo ThinkStation P340 Tiny.

oem-sutton.newell-cade-meta 1942497 Update the hardware support for Lenovo ThinkCentre M70q/M80q/M90q.

nvidia-graphics-drivers-470 1944955 New upstream release:

nautilus 1843588 restore copying filenames functionality

gnome-shell-extension-desktop-icons 1898005 Add desktopManager-Avoid-scheduling-multiple-_layoutChil.patch to fix crashes in st_bin_destroy

nvidia-graphics-drivers-495 1948025 Initial release.

nvidia-graphics-drivers-470 1948025 New upstream release:

nvidia-graphics-drivers-470 1949026 Enable runtime PM after driver is bound.

alsa-lib 1949329 ucm: Fix a Regex parser bug, when there is no match, need to set err to 0, otherwise, the caller will get a wrong match instead of no match.

oem-stella.cmit-eevee-meta 1945277 Update the hardware support for HP Z8 G4 Workstation.

oem-stella.cmit-ivysaur-meta 1945186 Update the hardware support for HP Z2 Mini G5 Workstation, SFF G5 Workstation, TWR G5 Workstation.

nvidia-graphics-drivers-465 1931131 New upstream release:

accountsservice 1950149 SECURITY UPDATE: double-free in the SetLanguage D-Bus method

mutter 1948894 Fix Xwayland crash Xwayland crash in gdm as screen off and touchscreen detach (cherry picked commits — )

gnome-shell-extension-desktop-icons 1898005 Really apply the patch added in 20.04.0-3~ubuntu20.04.4

mesa 1950174 gallium-Reset-d-r-Priv-in-dri_unbind_context.patch: Fix chromium hangs on WSL.

nvidia-graphics-drivers-470 1950665 New upstream release:

mesa 1952083 Add support for AMD Beige Goby.

gnome-shell-extension-desktop-icons 1883174 Check fileItem before using it.

oem-sutton.simon-carrie-meta 1951238 Meta package for Lenovo ThinkStation P350 Tiny.

pulseaudio 1951667 cherry pick an upstream commit to fix the issue of hdmi can't be restored after s3 resume

firefox 1945770 Bump dump_sys to bf7f6bd855eb6ecb233b52bfa7b2c975b7026540

nvidia-graphics-drivers-495 1954818 New upstream release:

nvidia-graphics-drivers-470 1954818 Drop the following IDs in favour of the 495 series: 1fbc, 249c, 249d, 24b6, 24b7, 24b8, 25a0, 25b8.

ubuntu-drivers-common 1943816 Install nvidia-prime in eariler stage.

ubuntu-drivers-common 1943816 Install nvidia-prime, so that we can handle hybrid systems, and pick up the NVIDIA driver configuration.

ubuntu-drivers-common 1942788 Enable RTD3 only on laptops.

thunderbird 1945770 Bump dump_sys to bf7f6bd855eb6ecb233b52bfa7b2c975b7026540

thunderbird 1930315 Fix FTBFS on ppc64el

thunderbird 1916469 Enable native Wayland support

thunderbird 1943234 Fix non-fatal stracktrace in the apport hook

network-manager 1955797 wwan: Set MTU based on what ModemManager exposes

nvidia-graphics-drivers-510 1957790 Initial release.

nvidia-graphics-drivers-470 1957790 New upstream release.

nvidia-graphics-drivers-470 1935082 Add build-dependency on libnvidia-egl-wayland1, and re-enable libnvidia-vulkan-producer.

mesa 1956915 New bugfix release.

nvidia-settings 1957094 Disable the item of power saving mode if on-demand is supported.

Server and Cloud related fixes

These changes mainly affect installations of Ubuntu on server systems and clouds.

postfix 1906970 d/postfix.postinst: tolerate search domain with a leading dot

samba 1892145 d/p/fix-double-free-with-unresolved-credentia-cache.patch: Fix double free with unresolved credential cache.

libvirt 1892132 Add support for switchdev NICs that link representor ports to parent PCI device.

php7.4 1939853 Fix a segmentation fault and implement support for using cursors on prepared statements in the mysqli database driver.

pyroute2 1904730 Increase default recv-buf size

memcached 1887943 Enable TLS capabilities present in Memcached since version 1.5.13. TLS support is required in order to harden Memcached deployments in cloud environments or similar scenarios where the network is not to be entirely trusted.

python-os-vif 1892132 Add support for switchdev NICs that link representor ports to parent PCI device.

libvirt 1943481 Fixup backport of "util: Add phys_port_name support on virPCIGetNetName" to include the incorrectly removed "firstEntryName = NULL;" line, which caused a regression bringing up network pools.

cinder 1941048 New stable point release for OpenStack Ussuri.

designate 1941048 New stable point release for OpenStack Ussuri.

glance 1941048 New stable point release for OpenStack Ussuri.

horizon 1941048 New stable point release for OpenStack Ussuri.

nova 1941048 New stable point release for OpenStack Ussuri.

open-vm-tools 1933143 Update to latest release v11.3.0 Remaining changes:

open-vm-tools 1933143 New upstream version 11.3.0

procps 1917148 Fixes version output of utilities

nvidia-graphics-drivers-470-server 1939673 Ignore subsystem vendor and id when generating modaliases, so that we don't exclude devices that are actually supported.

nvidia-graphics-drivers-470-server 1939673 debian/nvidia_supported, debian/rules:

dpdk 1940913 Merge the latest upstream stable minor release 19.11.10 Release notes available at: https://doc.dpdk.org/guides-19.11/rel_notes/release_19_11.html

dpdk 1940957 d/p/u/lp-1940957-net-i40e-support-25G-AOC-ACC-cables.patch: fix issues with 25G AOC cables

postfix 1885403 d/rules: Removed LDFLAG -Bsymbolic-functions.

netplan.io 1938920 Backport netplan.io 0.103-0ubuntu5 to 20.04

gce-compute-image-packages 1938440 No-change rebuild for Focal.

ceilometer 1941048 New stable point release for OpenStack Ussuri.

mysql-8.0 1882527 d/systemd: Disable service timeout For large databases, the service could timeout on stop, possibly leading to data corruption during a system shutdown.

cloud-init 1939603 cherry-pick 612e3908: Add connectivity_url to Oracle's EphemeralDHCPv4 (#988)

cloud-init 1940871 New upstream snapshot.

dovecot 1912118 d/p/handle-unbounded-mime.patch: Fix crash during deinit when searching mails with non-ending MIME boundaries.

s390-tools 1942908 d90344a d/p/0003-genprotimg-check-return-value-of-BIO_reset.patch Added additional build dependency libcurl4-openssl-dev to debian/control, needed by d/p/0001-genprotimg-add-host-key-document-verification.patch.

cloud-init 1938299 cherry-pick 9c147e83: Allow disabling of network activation (SC-307) (#1048)

heat 1943712 New stable point release for OpenStack Ussuri.

keystone 1943712 New stable point release for OpenStack Ussuri.

barbican 1943712 New stable point release for OpenStack Ussuri.

swift 1943712 New stable point release for OpenStack Ussuri.

placement 1943712 New stable point release for OpenStack Ussuri.

neutron 1934912 d/p/lp1934912-set-arp-entries-only-for-single-ip.patch: Cherry-pick upstream patch

neutron 1943712 New stable point release for OpenStack Ussuri.

ceph 1940902 New upstream release.

netplan.io 1942930 Add d/p/0006-netplan-set-make-it-possible-to-unset-a-whole-devtyp.patch: Fix unset of a devtype subtree, e.g. "netplan set network.ethernets=null"

netplan.io 1943120 Add d/p/0005-Implement-YAML-state-tracking-and-use-it-in-the-DBus.patch: Allow to pass a state to netplan apply/try so it can cleanup unused virtual network interfaces after itself. Make use of this functionality inside the DBus Config.Try()/Apply() API and the 'netplan try' CLI.

open-vm-tools 1944946 d/rules: provide a compat link for the old open-vm-tools library/plugin paths

python-jmespath 1877792 Python 3.8 raises a syntax warning when using is to compare integers or string literals.

python-netaddr 1877792 d/p/fix-python-38-syntaxwarning.patch:

ovn 1914988 Add RBAC rules for IGMP_Group table:

ovn 1943266 d/p/lp-1943266-physical-do-not-forward-traffic-from-localport-to-a-.patch: Do not forward traffic from localport to localnet ports.a

ovn 1937075 d/p/lp-1937075-ovn-ctl-Fix-stucked-while-do-cluster-db-init.patch: Fix issue where clustered database might not be upgraded.

cloud-initramfs-tools 1949102 When performing growroot, we don't need to perform a wait-for-root call as we already waited for the whole of udev to settle before that. This should help with weird cases where the device loses the ID_FS_TYPE property after growpart.

python-glance-store 1948439 d/p/0001-Add-lock-per-share-for-cinder-nfs-mount-umount.patch: Cherry-picked from upstream to fix image creation failure with cinder as storage backend.

software-properties 1948806 cloudarchive: Enable support for the Yoga Ubuntu Cloud Archive on 20.04.

software-properties 1939732 Handle absent /var/lib/ubuntu-advantage/status.json for non-root users

software-properties 1934439 Show Ubuntu Pro banner on Livepatch page

software-properties 1920836 Show ESM support status

rsync 1896251 d/p/allow-missing-parent-dir-delete-missing-args.patch: Fix error caused by files being deleted having a missing parent directory. Thanks to Wayne Davison [email protected].

netplan.io 1771740 Add offload configuration options.

netplan.io 1949761 Add d/p/0010-parse-nm-Handle-missing-gateway-in-keyfile-routes-ke.patch

netplan.io 1949104 Fix regression in 'netplan try'

nvidia-graphics-drivers-470-server 1948960 Move nvidia-prime and nvidia-settings to "Suggests".

nvidia-graphics-drivers-470-server 1948025 New upstream release.

nvidia-graphics-drivers-460-server 1948025 New upstream release.

nvidia-graphics-drivers-450-server 1948025 New upstream release.

cloud-init 1949521 New upstream release.

samba 1942195 samba.postinst: do not populate sambashare from the Ubuntu admin group

barbican 1946787 d/p/fix-castellan-secret-store-encoding.patch: Fix inconsistent encoding of SecretDTO objects.

libvirt 1927519 d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid issues due to corrupted apparmor profiles

nova 1948914 New stable point release for OpenStack Ussuri.

glance 1948914 New stable point release for OpenStack Ussuri.

cinder 1948914 New stable point release for OpenStack Ussuri.

livecd-rootfs 1946520 magic-proxy: fix exception handling for URLError

samba 1952187 SECURITY REGRESSION: backup command raises FileNotFoundError

python-oslo.messaging 1940858 New stable point release for OpenStack Ussuri.

openssl 1951943 Cherry-pick upstream fixes to prevent double engine loading

ipset 1918936 d/p/lp-1918936-{fix-p,P}arse-port-before-trying-by-service-name.patch: speed up numeric port adds.

netplan.io 1949893 dbus-wait-for-netplan-try-to-be-ready-LP-1949893-245.patch

netplan.io 1946957 get-set-ignore-empty-YAML-hints-and-delete-files-on-.patch

php7.4 1951031 d/p/0047-fix-exception-infinite-loop.patch: Fix ErrorException infinite loop

walinuxagent 1954678 Build on arm64.

ceph 1946211 d/p/rgw_clear_buckets_before_calling_list_buckets.patch: Cherry-pick upstream change to fix duplicate entries with large buckets.

openssh 1952421 d/p/match-host-certs-w-public-keys.patch: Add patch to match host certificates agianst host public keys.

gce-compute-image-packages 1953673 No-change rebuild for Focal.

sosreport 1941745 New 4.2 upstream release.

nvidia-graphics-drivers-460-server 1948960 Move nvidia-prime and nvidia-settings to "Suggests".

nvidia-graphics-drivers-450-server 1948960 Move nvidia-prime and nvidia-settings to "Suggests".

nvidia-graphics-drivers-470-server 1957790 New upstream release.

nvidia-graphics-drivers-450-server 1957790 New upstream release.

Kernel and Hardware support updates

Considerable work has been done in Ubuntu 20.04.1 on improving support for many specific items of hardware.

modemmanager 1934286 Backport to focal.

libmbim 1934286 Backport to focal.

libqmi 1934286 Backport to focal.

thermald 1931565 Pull in bug fixes between 2.4.3 and 2.4.6

linux 1939799 focal/linux: 5.4.0-82.92 -proposed tracker

linux-aws-5.11 1939769 hirsute/linux: 5.11.0-32.34 -proposed tracker

linux-aws 1939799 focal/linux: 5.4.0-82.92 -proposed tracker

linux-azure-5.11 1939759 focal/linux-azure-5.11: 5.11.0-1014.15~20.04.1 -proposed tracker

linux-azure-5.11 1939760 hirsute/linux-azure: 5.11.0-1014.15 -proposed tracker

linux-azure-5.11 1939769 hirsute/linux: 5.11.0-32.34 -proposed tracker

linux-azure-5.11 1939553 hirsute/linux: 5.11.0-31.33 -proposed tracker

linux-azure-5.11 1939301 REGRESSION: shiftfs lets sendfile fail with EINVAL

linux-azure 1939775 focal/linux-azure: 5.4.0-1057.59 -proposed tracker

focal/linux-azure: 5.4.0-1057.59 -proposed tracker

linux-azure 1939799 focal/linux: 5.4.0-82.92 -proposed tracker

linux-azure-5.8 1939805 focal/linux-hwe-5.8: 5.8.0-65.73 -proposed tracker

linux-gcp 1939799 focal/linux: 5.4.0-82.92 -proposed tracker

linux-gke 1939799 focal/linux: 5.4.0-82.92 -proposed tracker

linux-gkeop 1939799 focal/linux: 5.4.0-82.92 -proposed tracker

linux-hwe-5.11 1939768 focal/linux-hwe-5.11: 5.11.0-33.35~20.04.1 -proposed tracker

focal/linux-hwe-5.11: 5.11.0-33.35~20.04.1 -proposed tracker

linux-hwe-5.11 1939769 hirsute/linux: 5.11.0-32.34 -proposed tracker

linux-hwe-5.11 1934012 Hirsute update: upstream stable patchset 2021-06-29

Acer Aspire 5 sound driver issues // Hirsute update: upstream stable patchset 2021-06-29

Update SmartPQI driver

REGRESSION: shiftfs lets sendfile fail with EINVAL

Bass speakers not enabled on Lenovo Yoga 9i // Hirsute update: upstream stable patchset 2021-06-14

SRU][OEM-5.10/H] Fix HDMI output issue on Intel TGL GPU

ubuntu-host driver lacks lseek ops

ubuntu_kernel_selftests ftrace fails on arm64 F / aws-5.8 / amd64 F azure-5.8

Hirsute update: upstream stable patchset 2021-06-14 // Race betwee

"Front" ALSA volume control affects headphones on some machines

Hirsute update: upstream stable patchset 2021-06-14

Intel AX201 8086:7af0 subsys 8086:4070 hardware reset periodically: FW error in SYNC CMD UNKNOWN

EHL] Intel ishtp VNIC driver

I225-IT Ethernet (8086:0d9f) does not work on AAEON's EHL Board

EHL][TGL][ADL] Enable Time Coordinated Compute interface driver

TGL][ADL] Enable CET(Control-flow Enforcement Technology)

ehl] board does not support soft reboot // [ehl] Shutdown hangs on board

Add Intel WiFi/Bluetooth firmware for ADL-S/ADL-P

Add RevID field to VPD info in EEPROM

Check if secure boot is enabled with development keys

Support Alder Lake P graphics

Add initial firmware for Yellow Carp

Add initial firmware for Beige Goby

Update firmware for MT7921 WiFi/Bluetooth

Fix System hangs on black screen when reboot

Add support for Qualcomm WCN6856

Add support for goodix and new elan and synaptics devices. Elan and synaptics drivers only need to list new product IDs to work with new devices, and including other changes that new devices may require. While adding the new goodix moc driver, that is already part of many stable releases now, coming with full unit test and latest supported devices.

Fix template struct in goodix drivers

Add support manual firmware upgrading for Foxconn and Quectel modems.

Fix missing external headset after resume problem for Cirrus CS8409 sound driver

Fix cpufreq: cpufreq_online: Failed to initialize policy for cpu: 0 (-19)

Add support for NVIDIA EC backlight

Let VMD follow host bridge PCIe settings

Switch to building raspi classic images using the 'classic' branch instead of '18'. This is needed for proper Pi Zero 2 support.

Fall back from on-demand to on if nvidia < 450.

Raise CPU frequency to 1.2 GHz as used in upstream U-Boot in d/p/0011-riscv-sifive-dts-fu740-Add-board-u-boot.dtsi-files.patch

Pod traffic not taking advantage of interfaces with multiple tx queues

Avoid unhandled exceptions during connecting to iSCSI portals

Increase image file to 2GB in autopkgtest

Add the capability to build an ISO image for the Intel IoT project. Additionally, stop using universe with the project given that the kernel is now in main.

Fix bug where using '--' command line syntax fails to read input files

Teach lintian that jammy is a valid Ubuntu release.

Merge from Debian unstable. Remaining changes:

Compile the tpm plugin against the tpm2 software stack (tss2) (Debian packaging cherry-pick)

Update ubuntu.csv for trusty and xenial ESM extended dates.

Add Ubuntu 22.04, Jammy Jellyfish.

Correctly handle compressed APT index files

Backport new upstream release: to focal

New upstream release 27.3

disallow enabling fips on focal on clouds until cloud-optimized focal fips-certified kernel is ready

rely only on cloud-id to determine cloud type

catch errors when determining cloud type (GH: #1541)

New upstream release 27.4

New upstream release 27.5

livepatch: always use the full path in livepatch calls

Do not look for a base snap on snaps of type base, because recursive dependencies are not allowed for snaps

Avoid unhandled exceptions during connecting to iSCSI portals

Fix FTBFS on ppc64el

Enable native Wayland support

Fix non-fatal stracktrace in the apport hook

Bump dump_sys to bf7f6bd855eb6ecb233b52bfa7b2c975b7026540

Initial release.

Enable runtime PM after driver is bound.

Fix a Regex parser bug, when there is no match, need to set err to 0, otherwise, the caller will get a wrong match instead of no match.

Update the hardware support for HP Z8 G4 Workstation.

Update the hardware support for HP Z2 Mini G5 Workstation, SFF G5 Workstation, TWR G5 Workstation.

Include the actual changes that were only mentioned in the changelog for the previous release.

New upstream release:

Can't adjust the output volume via volume-slider after changing the current output-device.

Backport support for ADL-P.

Do not read config on Power Saving mode..

Backport the ability to unhide passwords that are being typed-in during various stages of the installation.

Bump minimum and maximum sizes for /boot partitions on default, x86, and EFI platforms to a minimum of 768Mb and maximum of 1536Mb.

Automatic update of included source packages: partman-auto 134ubuntu13.1.

Add the 099-ubuntu-image-customization.chroot for desktop-preinstalled images similar to what we have in groovy+ (for the pi desktop), but improved for amd64 platforms. We need it to generate a valid grub.cfg on the rootfs (similar to ubuntu-cpc) and then use that instead of a static configuration locked on the boot partition.

Generate manifest for HyperV desktop image

Adjust update-notifier-crash.service so that the report process is not killed before it has a chance to act

live-build/ubuntu-server/hooks/032-installer-squashfs.binary: be more careful in deleting snaps that snap-preseed has copied up into the live installer layer.

ubi-partman.py: Do not display a restart button in the advanced partitioning screen when installing alongside Windows Boot Manager. Thanks to Sam van Kampen for the patch.

tests/test_timezone.py: The Bahamas moved their DST rules to sync with the U.S. in 2007 but tzdata only recently incorporated this change.

ubuntu-security-status: use ubuntu-advantage-tools to determine whether or not livepatch or esm are enabled and if the system is attached. Thanks to Chad Smith for the patch.

ubuntu-security-status: Check if ESM for Apps is enabled or if it is not in beta before displaying information about the packages available from there. Additionally, improve pluralization in a couple of locations.

Original source Report a problem
Oct 1, 2021
- Date parsed from source:
  Oct 1, 2021
- First seen by Releasebot:
  Mar 20, 2026
Ubuntu by Canonical

Jammy Jellyfish Release Notes

Ubuntu ships 22.04 LTS Jammy Jellyfish with long-term support, updated kernels and toolchains, major desktop and server refreshes, stronger security defaults, and broad platform upgrades across cloud, virtualization, databases, and developer stacks.
These release notes for Ubuntu 22.04 LTS (Jammy Jellyfish) provide an overview of the release and document the known issues with Ubuntu and its flavours. For details of the changes applied since 20.04, please see the 22.04.5 change summary. The change summary for 22.04.1, 22.04.2, 22.04.3, and 22.04.4 are available as well.

Support lifespan

Maintenance updates will be provided for 5 years until April 2027 for Ubuntu Desktop, Ubuntu Server, Ubuntu Cloud, and Ubuntu Core. All the remaining flavours will be supported for 3 years. Additional security support is available with ESM (Extended Security Maintenance).

Get Ubuntu 22.04 LTS

Download Ubuntu 22.04.4

Images can be downloaded from a location near you.

You can download ISOs and flashable images from:

Ubuntu Desktop and Server for 64-bit x86 (AMD64)

Less Frequently Downloaded Ubuntu Images

Ubuntu Cloud Images

Lubuntu

Kubuntu

Ubuntu Budgie

Ubuntu Kylin

Ubuntu MATE

Ubuntu Studio

Xubuntu

Upgrading from Ubuntu 21.10

To upgrade on a desktop system:

Open the “Software & Updates” Setting in System Settings.

Select the 3rd Tab called “Updates”.

Set the “Notify me of a new Ubuntu version” dropdown menu to “For any new version”.

Press Alt + F2 and type in update-manager -c into the command box.

Update Manager should open up and tell you: “New distribution release ‘22.04’ is available.”

If not you can also use /usr/lib/ubuntu-release-upgrader/check-new-release-gtk

Click Upgrade and follow the on-screen instructions.

To upgrade on a server system:

Make sure the Prompt line in /etc/update-manager/release-upgrades is set to normal.

Launch the upgrade tool with the command sudo do-release-upgrade.

Follow the on-screen instructions.

Note that the server upgrade will use GNU screen and automatically re-attach in case of dropped connection problems.

There are no offline upgrade options for Ubuntu Desktop and Ubuntu Server. Please ensure you have network connectivity to one of the official mirrors or to a locally accessible mirror and follow the instructions above.

New features in 22.04 LTS

Updated Packages
Linux kernel :penguin:
Ubuntu 22.04 LTS ships multiple optimized kernels on per-product basis:

Ubuntu Desktop will automatically opt-into v5.17 kernel on the latest generations of certified devices (linux-oem-22.04)

Ubuntu Desktop uses a rolling HWE kernel (linux-hwe-22.04) on all other generations of hardware. The rolling HWE kernel is based on the v5.15 kernel for 22.04.0 and 22.04.1 point releases

Ubuntu Server defaults to a non-rolling LTS kernel v5.15 (linux-generic)

Ubuntu Cloud and Devices use optimized kernels in collaboration with partners (v5.15+ with additional backports and features)

Additional optimized and certified kernel flavours will become available in Ubuntu 22.04 LTS in due course.
UDP disabled for NFS mounts
Since Ubuntu 20.10 (“Groovy Gorilla”), the kernel option CONFIG_NFS_DISABLE_UDP_SUPPORT=y is set and this disables using UDP as the transport for NFS mounts, regardless of NFS version.

In practice, if you try to use udp, you will get this error:

$ sudo mount f1:/storage /mnt -o udp mount.nfs: an incorrect mount option was specified
Toolchain Upgrades :hammer_and_wrench:
GCC was updated to the 11.2.0 release, binutils to 2.38, and glibc to 2.35. Python :snake: now ships at version 3.10.4, Perl :camel: at version 5.34.0. LLVM now defaults to version 14. golang defaults to version 1.18.x. rustc defaults to version 1.58.

In addition to OpenJDK 11, OpenJDK 18 is now provided (but not used for package builds).

Ruby :gem: was updated from v2.7.4 to v3.0.
systemd v249.11
The init system was updated to systemd v249, using a solid .11 patchlevel for the LTS. Please refer to the upstream changelog for more information about the individual features. We’ve enabled the userspace OOMD service and are shipping the systemd-oomd package by default on the “Ubuntu Desktop” flavour, to avoid overloaded systems and the need of the kernel’s OOM killer to kick in. The OOMD status can be checked using oomctl.
OpenSSL 3.0
We’ve upgraded the OpenSSL library to the new 3.0 version, which disables a lot of legacy algorithms by default, as detailed in their migration guide. In particular, certificates using SHA1 or MD5 as hash algorithms are now invalid under the default security level.

In addition to the upstream deprecations, please note that since Ubuntu 20.04 (Focal Fossa), the security level 2 (which is the default) disables the (D)TLS protocols below 1.2 (included).

Since the new version has an API bump, third-party packages that depend on libssl1.1 will need to be rebuilt to instead depend on libssl3, as the older ABI isn’t provided anymore.
plocate
plocate is now the default locate implementation, replacing mlocate. The mlocate package is now a transitional package and will install plocate. plocate is largely argument-compatible with mlocate, but some incompatibilities do exist. For details, see the manual for plocate.

Security Improvements :lock:

nftables is now the default backend for the firewall. All applications on the system must agree on whether they will use the legacy xtables backend or the newer nftables backend. Bug 1968608 provides some context that may be helpful. Docker may not be ready for the new nftables backend.

ssh-rsa is now disabled by default in OpenSSH. See bug 1961833 to learn how to selectively re-enable it if necessary. If you are upgrading a system remotely over SSH, you should check that you are not relying on this to ensure that you will retain access after the upgrade.

scp offers a -s command line option to use sftp mode rather than scp mode when handling remote filenames. This new, safer, behaviour will eventually become the default.

Ubuntu Desktop

Ubuntu now offers 10 color choices each in dark and light styles

Firefox is now only provided in Ubuntu as a snap. Some benefits include

Directly maintained by Mozilla

More maintainable for the entire Ubuntu LTS lifecycle

… Which means faster access to the newest Firefox versions

Easily switch to a different Firefox flavor with snap channels including esr/stable, latest/candidate, latest/beta, and latest/edge

Sandboxed for improved security hardening for this critical app

Improved in 22.04.1: Firefox startup speed is significantly faster now compared to the original Ubuntu 22.04 release.

Desktop icons are shown in the bottom right by default but this can be changed through new settings added to the Appearance panel of the Settings app.

Also there are new settings to control the Dock look and behavior

Dock devices and filemanager integration has been improved

GNOME :footprints:

GNOME has been updated to include new features and fixes from GNOME 41 and GNOME 42

Several apps are still at their 41 version numbers to provide a more time-tested experience for the LTS desktop by mostly avoiding libadwaita.

The new cross-desktop dark style preference is supported.

GNOME Shell and mutter have lots of performance improvements including the triple buffering patch.

The default session for most systems that don’t have an Nvidia desktop graphics card is now Wayland. If you need a non-Wayland session, you can choose the Ubuntu on Xorg session by clicking the gear button after selecting your name on the login screen.

Hardware with privacy screen support is now supported

RDP is now available for sharing your desktop remotely. Legacy VNC is still available, but it is strongly recommended to use RDP for better security, privacy, and performance. If you were previously using VNC, you’ll need to manually re-enable desktop sharing in the Settings app and get your new login information.

Updated Applications

Firefox 103 :fire: :fox_face:

LibreOffice 7.3 :books:

Thunderbird 91 :cloud_with_lightning: :bird:

Updated Subsystems

BlueZ 5.63

CUPS 2.4

NetworkManager 1.36

Mesa 22

Poppler 22.02

PulseAudio 16

xdg-desktop-portal 1.14

Ubuntu Server

Ubuntu HA/Clustering

Corosync

It was updated to version 3.16 which includes some new features:

Support for changing crypto configuration during runtime. This includes turning cryptography on or off, changing crypto_cipher and crypto_hash and also changing of crypto key.

Default token timeout was changed from 1 seconds to 3 seconds.

Run corosync -v to get the list of supported crypto and compression models which can be used in corosync.conf

Cgroup v2 support.

For the complete list of changes please refer to the upstream release notes.

Pacemaker

It was updated to version 2.1.2 which includes some new features:

Add a new feature priority-fencing-delay. Optionally derive the priority of a node from the resource-priorities of the resources it is running.

Add on-fail=demote and no-quorum-policy=demote recovery policies for promoted resources.

support for OCF Resource Agent API 1.1 standard.

Many improvements in crm_mon and crm_resource.

For the complete list of changes please refer to the upstream release notes.

A notable difference from the version in Ubuntu Focal 20.04 is that the default configuration file does not define the node name as node1 anymore, now the output of uname -n is used as the default node name.

Resource agents

It was updated to version 4.7.0. Check the list of changes since Ubuntu Focal 20.04 here.

The agents are now separated in two packages: resource-agents-base and resource-agents-extra. The resource-agents-base package contains the agents which are curated by the Ubuntu Server team, which means that automated tests are running in a continuous integration system to guarantee the quality of those agents. The resource-agents package is now a metapackage which depends on both resource-agents-base and resource-agents-extra. Please note that the resource-agents package will be removed in future releases; we recommend that you do not rely on its existence.

Fence agents

It was updated to version 4.7.1.

The agents are now separated in two packages: fence-agents-base and fence-agents-extra. The fence-agents-base package contains the agents which are curated by the Ubuntu Server team, which means that automated tests are running in a continuous integration system to guarantee the quality of those agents. The fence-agents package is now a metapackage which depends on both fence-agents-base and fence-agents-extra. Please note that fence-agents will be removed in releases; we recommend that you do not rely on its existence.

Containers runtime

containerd

It was updated to version 1.5.9. Some interesting changes are:

Update pull to handle of non-https urls in descriptors

Install apparmor parser for arm64 and update seccomp to 2.5.1

Add support for clone3 syscall to fix issue with certain images when seccomp is enabled

Add image config labels in CRI container creation

For the complete list of changes please refer to the upstream release page.

runc

It was updated to version 1.1.0. There are many improvements and bug fixes which can be found in the upstream release page. Some deprecations and removals which might impact the upgrade are presented below:

Deprecation

runc run/start now warns if a new container cgroup is non-empty or frozen; this warning will become an error in runc 1.2

Removals

cgroup.GetHugePageSizes has been removed entirely, and been replaced with cgroup.HugePageSizes which is more efficient

intelrdt.GetIntelRdtPath has been removed. Users who were using this function to get the intelrdt root should use the new intelrdt.Root instead.

Ruby 3.0

The default Ruby interpreter was updated to version 3.0, whose goal is performance, concurrency, and Typing. To have a broad overview about the cool features and improvements check out the Ruby 3.0 Release Announcement.

Users coming from previous Ubuntu releases ( Ubuntu Focal 20.04 onward) will be moving from Ruby 2.7 to 3.0. In this case the Ruby 2.7 Release Announcement might be useful as well. An important thing to keep in mind is that the following libraries are not bundled anymore in Ruby:

sdbm

webrick

net-telnet

xmlrpc

If you need these libraries, please install them separately.

Please pay attention to the Other Notable Changes since 2.7 section in the Ruby 3.0 Release announcement when migrating your application to Ruby 3.0.

PHP now defaults to version 8.1.2

PHP 8.1 contains many new features: Enumerations allow defining custom types limited to a specific set of possible values, like using consts but with better type checking. Readonly properties prevent their value to be changed after initialization. With first-class callable syntax, static analysis is easier to perform on PHP code, and allows creating anonymous functions such as Closures. Intersection types allow specifying function parameters that must satisfy multiple type constraints; much like a union type expresses an A|B type relationship, intersection types allow expressing A&B types. Many other new features, such as fibers, final class constraints, never return values, explicit octal numeral notation, use of new inside initializers, and more will allow writing tighter, more expressive PHP code.

PHP 8.1 also received significant attention to performance, with a 23% speedup for the Symfony Demo test, and a 3.5% speedup for WordPress, as compared with PHP 8.0. A few of the performance-related features included in PHP 8.1 include an inheritance cache, fast class name resolution, and various optimizations to timelib, ext/date, SPL file-system interators, serialize/unserialize, and several heavily used internal functions.

Users of PHP 7.4 should note that version 8 removes a number of deprecated functionalities and when upgrading should be prepared to make the appropriate changes to their applications.

OpenLDAP 2.5.x series

If you are updating from Ubuntu Focal 20.04, you will encounter a new major OpenLDAP release on Ubuntu Jammy 22.04: version 2.5.11. This release brings several changes, new features and deprecations/removals. A non-exhaustive list of things to be aware of during the upgrade process is:

The shell (slapd-shell), the BDB and the HDB backends have all been removed.

The ppolicy module now provides its own built-in schema. The external ppolicy schema has been removed.

The nssov module has been removed.

In certain situations, it is possible that the post-installation scripts will not be able to successfully migrate your current installation to new formats (e.g., when you are using an old backend like BDB/HDB). If this happens, you will be notified about the failure and the slapd server will not be (re)started; you will then have to take manual action in order to migrate your data and start the service. Please look at the README.Debian file (under /usr/share/doc/slapd/) for more information.

BIND 9.18

BIND 9 has been updated to version 9.18.1. This new version includes

Support for DNS over TLS (DoT) and DNS over HTTPS (DoH).

named now supports zone transfers over TLS (XFR-over-TLS, XoT) for both incoming and outgoing zone transfers.

dig is now able to send DoT queries.

Users upgrading from previous versions should be aware of the following changes:

The binary files which are neither daemons nor administrative programs have been moved from /usr/sbin to /usr/bin.

Support for the map zone file format has been removed. Users relying on such zone file format should convert their zones to use the raw format and change configurations accordingly before upgrading.

Several obsolete, non-working configuration options have been removed and are now treated as configuration failures when present. A complete list of such configurations is available in the upstream release notes.

Apache has been updated to 2.4.52 from 2.4.48.

OpenSSL support is improved to support OpenSSL v3. mod_ssl also received various refinements for outgoing connection behaviors, backwards compatibility, and wireshark logging.

mod_md adds support for ACME External Account Binding (EAB) along with a host of other enhancements and fixes.

Numerous fixes, including better hostname and UDS URI checking and handling, status code responses, and so on.

PostgreSQL 14

PostgreSQL has been updated to version 14.2.

This update contains many new features and enhancements, including:

Stored procedures can now return data via OUT parameters.

The SQL-standard SEARCH and CYCLE options for common table expressions have been implemented.

Subscripting can now be applied to any data type for which it is a useful notation, not only arrays. In this release, the jsonb and hstore types have gained subscripting operators.

Range types have been extended by adding multiranges, allowing representation of noncontiguous data ranges.

Numerous performance improvements have been made for parallel queries, heavily-concurrent workloads, partitioned tables, logical replication, and vacuuming.

B-tree index updates are managed more efficiently, reducing index bloat.

VACUUM automatically becomes more aggressive, and skips inessential cleanup, if the database starts to approach a transaction ID wraparound condition.

Extended statistics can now be collected on expressions, allowing better planning results for complex queries.

libpq now has the ability to pipeline multiple queries, which can boost throughput over high-latency connections.

These and a long list of further enhancements as well as bug fixes can be found in the release notes of v14, v14.1, and v14.2.

Django 3.2.12

Django was updated from the previous LTS version 2.2 to the new LTS version 3.2.

The update contains many new features and bug fixes such as:

Automatic AppConfig discovery

Type customization of auto-created primary keys

Functional indexes

Asynchronous views and middleware support

JSONField for all supported database backends

And various further major and minor features, see the see the release notes for more

Users upgrading from previous versions should be aware of the following backwards incompatibilities:

Changes have been made to:

The Database backend API

django.contrib.admin

AbstractUser.first_name max_length - changed to 150

Model.save() when providing a default for the primary key

Along with various minor module changes

For additional information, especially since an upgrade would be from the former v2.2 LTS to v3.2 LTS do not only check the Django project release notes of 3.2 but also 3.1 and 3.0 as well as the various minor releases included up to 3.2.12 that is in Ubuntu 22.04.

MySQL 8.0

MySQL has been updated to version 8.0.28 in Jammy Jellyfish alongside Focal Fossa and Impish Indri.

It contains new features such as:

The audit_log_disable system

Data type updates

The CPU_TIME statement metric

See the 8.0.28 upstream release notes for more information.

NFS server

The NFS server and client packages have finally been updated to the latest upstream version.

All NFS services now read their configuration from /etc/nfs.conf and /etc/nfs.conf.d/.conf, which is an INI-style configuration file, where each section is about one daemon or aspect of the NFS service. The old /etc/defaults/nfs- configuration files are still left around, but are unused.

During upgrade, a conversion script is run if the package detects that the /etc/default/nfs-* files have been changed. This script is /usr/share/nfs-common/nfsconvert.py and it will read the options from /etc/defaults/nfs-* and generate /etc/nfs.conf.d/local.conf, which overrides the defaults in /etc/nfs.conf.

If the conversion script fails for some reason, the package installation or upgrade will fail, and the issue will have to be resolved. Please file a bug against nfs-utils in Launchpad if you encounter such a scenario.

A new tool called nfsconf(8) can be used to query the configuration settings of /etc/nfs.conf and /etc/nfs.conf.d/*.conf.

Samba server

Samba was updated to 4.15.5, which brings some noteworthy changes. Please see the upstream release notes for details, but here are some highlights:

The development SMB versions SMB2_22, SMB2_24 and SMB3_10 are no longer recognized. SMB2_22 and SMB2_24 should be replaced by SMB3_00, and SMB3_10 should be replaced by SMB3_11

server multi channel support is no longer experimental

command-line options in all CLI tooling are now using a common parser, and unknown options which might have been ignored in the past, will now be rejected. See the upstream release notes for details.

many /etc/samba/smb.conf parameters were changed, some removed. Please see the upstream release notes for details.

the CTDB package was adjusted to work with the new NFS server version shipped in this Ubuntu 22.04

findsmb(1) was removed

glusterfs support enabled in the Ubuntu packaging. This was possible because glusterfs was promoted to Main during the 22.04 LTS development cycle, which allowed us to enable the glusterfs vfs module. This module is now present in the samba-vfs-modules package.

Quagga replaced with frr

quagga was removed from Ubuntu 22.04 and replaced by FRRouting (frr, https://frrouting.org/).

Chrony time synchronization

Chrony has been updated to version 4.2 which includes

Add support for AES-CMAC and hash functions in GnuTLS

Improve server interleaved mode to be more reliable and support multiple clients behind NAT

Add statistics about interleaved mode to serverstats report

Adds and enabled further hardening options to the chrony service

Allow reading timemaster created configurations

For more details read the upstream release notes

Virtualization

As usual the release notes can only list a few bigger and more noteworthy changes and packages while underneath many more components have been updated as well. For an even more complete picture please have a look at the changelogs of packages and upstream releases of the respective components.

qemu

Qemu was updated to version v6.2.0 which brings many major and minor improvements. Among others this version includes:

fuse3 based non-root way to export image files

Jack support for low latency audio

Massively improved RISC-V support

Many fixes for the emulation of AMD virtualization extensions

Improved Power10 support

More devices for the microvm build (virtio-gpu, vhost-user-gpu, virtio-input-host, and vhost_user_input)

Allow to remove the additional drivers of qemu-block-extra

Most common qemu features are now separate modules

s390x got improved storage key emulation (e.g. fixed address handling, lazy storage key enablement for TCG, …)

See the upstream changelog for version 6.1 and 6.2 for an overview of the many further improvements. These also contain a list of suggested alternatives for removed, deprecated and incompatible features.

libvirt

Following the regular releases of libvirt version v8.0.0 is now provided in Ubuntu 22.04 which includes:

Support hotplug and hotunplug for virtiofs

Introduce virtio-mem model

qemu: Support librbd encryption

qemu: Add new API to inject a launch secret in a domain

enhanced swtpm integration (see swtpm below for more)

See the upstream Changelogs for the many further improvements and fixes since version 7.6 that was in Ubuntu 21.10.

virt-manager

The new version 4.0.0 of virt-manager is the most recent update after almost 1.5 years without a new upstream version) providing a list of new features:

shared memory configuration in the UI

virtiofs filesystem driver UI option

enable a TPM by default when UEFI is used

Use cpu host-passthrough by default on qemu x86

use virtio-gpu video for most modern distros

More details can be found on the news page and individual commits on the projects website.

dpdk

Following the yearly flow of upstream DPDK LTS releases Ubuntu 22.04 contains the most recent DPDK LTS 21.11.

That contains various new device drivers, fixes and optimizations. Even the rather huge release notes is just about 21.11 itself. Compared to the former DPDK LTS 20.11 that shipped with Ubuntu 21.10 you’d also want to read the DPDK release notes of 21.02, 21.05, and 21.08.

openvswitch

The new version 2.17.0 of openvswitch is in Ubuntu 22.04 and provides a general update including the following changes:

Various features that ease the use of a userspace datapath.

Performance improvements for the OVSDB and clustered OVSDB which is heavily used in OVN deployments.

Brings compatibility with DPDK 21.11 (see above).

The OVS News page holds more details about the new version.

swtpm

The swtpm as well as libtpms package is now available and supported in Ubuntu 22.04.

swtpm provides TPM emulators with different front-end interfaces to libtpms. TPM emulators provide socket interfaces (TCP/IP and unix) and the Linux CUSE interface for the creation of multiple native /dev/vtpm* devices…

A common use case for swtpm is to use it as virtual TPM for virtual machine and container use cases.

This is particular important for guest operating systems that consider TPM support mandatory.

See the upstream wiki for more details.

Squid

The squid package links against the GnuTLS library. If you would like to use OpenSSL, you can install the new squid-openssl package.

cloud-init

Version 22.1 of cloud-init has been released to 22.04, 21.10, 20.04 and 18.04.

Notable features introduced since the last LTS release:

Clouds and datasources

Add LXD datasource in Jammy which reads dynamic instance data from LXD socket and applies config changes across reboot

Added a native VMWare datasource

OpenStack and ConfigDrive now support vendor_data2 config overrides

Azure boot speed improvements, network config validation and SSH key handling

GCE detected earlier in boot

Config Modules

Add opt-in hotplug network support via user-data for OpenStack and ConfigDrive

Add deferred write_files config to emit files later in boot

Usability

Schema validation of #cloud-config userdata to annotate specific errors in user-provided configuration

ubuntu-advantage-tools

Ubuntu-advantage-tools version 27.8 is released with Jammy.

Notable improvements introduced in this cycle:

Service offerings:

Ubuntu Pro and Ubuntu Pro FIPS images on Azure, GCP and AWS

GCP support to add Ubuntu Advantage licenses to existing VMs

AWS support for IPv6 IMDS

CIS benchmarks packaged as part of Ubuntu Security Guide (USG)

Beta real-time kernel based on 5.15 and PREEMPT_RT patches

Usability

ua security-status provides a detailed view of available and applicable package updates provided by Ubuntu proper and Extended Security Maintenance channels

Enable Desktop installer to validate and attach Ubuntu Advantage tokens

Support machine-readable output JSON/YAML format for most commands

Configurable auto attach behavior via ua attach --attach-config

Ubuntu Server Main Promotions

For Ubuntu Server 22.04 LTS, the following source packages were promoted to main:

wireguard: fast, modern, secure kernel VPN tunnel

glusterfs: cluster file-system capable of scaling to several peta-bytes

frr: suite of internet routing protocols (BGP, OSPF, IS-IS, …)

LXD was updated to the new 5.0 LTS version

5.0 LTS significantly steps up LXD’s abilities, especially when operating in clustered environments. In comparison to LXD 4.0, virtual machines are now effectively at feature parity with containers, and a lot of networking options, clustering, and project features were added.

Some of the key changes include:

LXD virtual machines now come with vTPM support as well as arbitrary PCI passthrough support. VMs can now be live-migrated and support some device hotplug and additional storage options.

Networking now includes OVN support combined with BGP, DNS, floating IP and hardware acceleration support.

Projects have grown a numwber of additional limits and restrictions, making it easy to safely grant access to various teams and limit their resource usage.

LXD-migrate has been reworked with support for both containers and VMs

Cluster users can now perform easy maintenance through cluster evacuation, group servers into target groups and get detailed instance metrics across entire clusters.

Additional details and a complete changelog can be found here.

Ceph

Ubuntu 22.04 includes the latest release candidate of the Ceph Quincy release.

Ceph packages will be updated as a stable release update once Quincy is released by the Ceph community.

OpenStack

Ubuntu 22.04 includes the latest OpenStack release, Yoga, including the following components:

OpenStack Identity - Keystone

OpenStack Imaging - Glance

OpenStack Block Storage - Cinder

OpenStack Compute - Nova

OpenStack Networking - Neutron

OpenStack Telemetry - Ceilometer, Aodh, Gnocchi

OpenStack Orchestration - Heat

OpenStack Dashboard - Horizon

OpenStack Object Storage - Swift

OpenStack DNS - Designate

OpenStack Bare-metal - Ironic

OpenStack Filesystem - Manila

OpenStack Key Manager - Barbican

OpenStack Load Balancer - Octavia

OpenStack Instance HA - Masakari

Please refer to the OpenStack Yoga release notes for full details of this release of OpenStack.

OpenStack Yoga is also provided via the Ubuntu Cloud Archive for OpenStack Yoga for Ubuntu 20.04 LTS users.

WARNING: Upgrading an OpenStack deployment is a non-trivial process and care should be taken to plan and test upgrade procedures which will be specific to each OpenStack deployment.

Make sure you read the OpenStack Charm Release Notes for more information about how to deploy and operate Ubuntu OpenStack using Juju.

needrestart and unattended operations

needrestart was first installed by default in Ubuntu 21.04 and continues to feature in Ubuntu 22.04. It helps ensure that services are correctly restarted when their dependencies receive security updates.

By default, needrestart will prompt after upgrading packages if restarts are determined to be required. To suppress this behaviour, you can set DEBIAN_FRONTEND=noninteractive as usual. needrestart will then fall back to “list only mode”. It will be necessary to restart services afterwards, for example by rebooting or invoking needrestart -ra.

Phased updates in APT

Since 21.04 APT respects phased updates, see the Phased updates in APT 21.04 thread for more details.

Platforms

Cloud Images :cloud:
AWS

AWS amd64 images use now a GPT partition table and setup a ESP partition to make it possible to use UEFI as boot mode.

Oracle

Jammy Minimal images are available for ARM64 servers on Oracle Cloud Infrastructure. Note that OCI releases images on a fixed cadence, and Jammy release to OCI will be slightly delayed.

Raspberry Pi :strawberry:

The first long-term service (LTS) release of the Ubuntu Desktop for Raspberry Pi

Support for several Pi-specific boards and tools have been added to the archive:

All variants of the popular Pimoroni Unicorn HAT are now supported with packaging

The official DSI touchscreen is now supported

The rpiboot package contains the rpiboot utility for working with Raspberry Pi Compute Modules (and other Pi boot facilities)

The pyboard-rshell package contains the rshell utility for working with micro-controller boards supporting MicroPython, including the Raspberry Pi Pico

The rpi-imager package contains the Raspberry Pi imager utility. The equivalent snap package has also been updated to operate on all architectures (and bumped to the current version)

arm64
Ubuntu 22.04 LTS is available on ARM in many public clouds - Azure, AWS, Oracle Cloud.

Ubuntu 22.04 LTS adds linux-restricted-modules of NVIDIA drivers on ARM64. Users on ARM64 can now use ubuntu-drivers tool to install and configure NVIDIA drivers from the Ubuntu Archive.

linux-generic-64k kernel flavour with 64K pages support is now avalable as a GA LTS kernel. It was first introduced in 20.10 release, and has been available as an HWE kernel since 20.04.2 LTS.
ppc64el
Starting with 22.04 LTS, Ubuntu Server for IBM POWER (little endian) is now compiled for POWER9 processors using ‘–with-cpu=power9’ (bug 1930086).

Thus Ubuntu Server 22.04 LTS will not run, install or even boot on POWER8 systems anymore, due to the different instruction set requirements.

But Ubuntu Server 20.04 LTS can still be used for POWER8 systems for several years - at least until end of base support in April 2025.

Users running Ubuntu Server on POWER8 today will be prevented from being upgraded to 22.04 LTS using ‘do-release-upgrade’, as this will obviously break such systems (bug 1960255).

In addition, Ubuntu Server 22.04 LTS is the first Ubuntu release that comes with official support for POWER10.
s390x
Starting with Ubuntu Server 20.04 LTS (for IBM Z and LinuxONE), the minimal architectural level set was raised to z13 (and LinuxONE Rockhopper / Emperor) - this still applies to Ubuntu Server 22.04 LTS and support also includes all newer hardware that is in service as of today (22.04 release date). Support for additional future hardware might be added later.

Ubuntu Server 22.04 LTS can be installed in an LPAR (classic or DPM mode), as IBM z/VM guest, as KVM virtual machine and in different container environments, such as LXD, docker or kubernetes.

IBM Z and LinuxONE / s390x-specific enhancements since 21.10 (partially not limited to s390x):

Like mentioned above, 22.04 LTS is the first release that picked up OpenSSL 3, to be precise v3.0.2 (bug 1905022), this transition triggered for compatibility reasons (bug 1959736) further updates, that largely ended up in the renewal of the entire s390x crypto stack, including:

libica update to finally v4.0.1 (bug 1959421), including extend statistics to reflect security measures (bug 1959553)

openssl-ibmca update (bug 1958419) to finally 2.2.2 to ensure compatibility with libica4 (bug 1960004).

opencryptoki update to v3.17.0+dfsg+20220202.b40982e (since the planned release date for 3.18 is post 22.04 GA) (Bug:1959419), including several (security) fixes and new features like in the key management tool (LP 1959577).

with that cryptsetup was updated as well (bug 1959427)
Further updates in the area of cryptography that are relevant for s390x are:

the upgrade of libgcrypt(20) to latest v1.9.4

in kernel crypto optimization of chacha20 now using a SIMD implementation (bug 1853152)

zcrypt device driver update for adding exploitation of new IBM Z crypto hardware (bug 1959547)

and finally the newly packaged IBM Z protected-key crypto library that provides interfaces for cryptographic primitives (bug 1932522)

Furthermore new network features were added, like Enhanced HSCI (HiperSockets Converged Interface) Multi-MAC support for enhancing KVM setups and z/OS interoperability (kernel LP: 1932137 and s390-tools LP: 1929721). And significant updates in the area of Shared Memory Communication (SMC), like EID (Enterprise ID) support (kernel LP: 1929060, s390-tools LP: 1929056), SMC statistics support (bug 1959470) and SMC-R v2 support (bug 1929035) - and with all that the smc-tools have been upgraded to latest v1.7.0 (bug 1959428).

Several KVM and Secure Execution related new features landed too, like:

enablement of storage key checking for intercepted instructions handled by KVM (bug 1933176) and by user-space (bug 1933179)

the ‘access register mode’ got enabled (bug 1933178)

allowing long kernel command lines for QEMU (bug 1959984) and for Secure Execution guests (bug 1959985).

enable guest interrupt support via GISA for Secure Execution guests (bug 1959977)

support for Secure Execution guest dump encryption with customer keys (bug 1959965)

and enablement of vfio-ccw and vfio-ap in virt-* tools, especially virt-manager (bug 1959976)

In addition the KVM_CAP_S390_MEM_OP_EXTENSION capability was raised to 211 (bug 1963901) and KVM got improved SIGP architectural compliance (bug 1959735).

The modernized tool-chain was needed in order to add support for new IBM Z hardware (bug 1959379), and the 22.04 default gcc became v11.2 (12, 10 and 9 are in universe).
Binutils were aligned to gdb (bug 1959407) and updated to v2.38 (bug 1959463), again for adding support for new hardware (bug 1959408).
And LLVM was updated as well for new hardware support (bug 1959378) and to include further optimizations (bug 1959406), but not only v13 is available, even v14 is the default.

On top new hardware support was added to glibc (bug 1959385 and LP: 1959383) while glibc was upgraded to latest v2.35 (bug 1959429).
The Perl Compatible Regular Expression Library PCRE2 was updated to v10.39 and includes improvements for s390x and full JIT performance (bug 1959917).
The ‘Eigen3’ algebra library contains further optimizations for s390x too (bug 1884725) and the query capacity library and utility for extracting system information ‘qclib’ was raised to v2.3.0 (bug 1959464).
Finally a brand new low-level IBM Z Deep Neural Network Library (zDNN) library, that provides an interface for applications making use of Neural Network Processing Assist Facility (NNPA), got packaged and is now available (bug 1959396).

A core component of Ubuntu Server for IBM Z is the s390-tools package, which was upgraded to v2.2.0 (bug 1959420) in alignment to jammy’s kernel 5.15, and includes among other features now an environment block implementation (bug 1959409), that is a persistent configuration information which is evaluated during boot without the need to rewrite IPL records, an option to auto-activate PCI devices for DPM system (bug 1959537) and the new multipath re-IPL feature (bug 1959546).

The kernel received several s390x improvements as well, like kernel based support for new IBM Z hardware (bug 1960187), new CPU-MF Counters for new hardware (bug 1960117), support for long kernel command lines on s390x (bug 1960580), transparent PCI device recovery support (bug 1959532), enhanced user information on HBA firmware (bug 1959545) and as clean-up the deactivation of the CONFIG_QETH_OSX kernel config option (bug 1959890).

The service-call logical processor (SCLP) console interface driver (for ‘Operating Systems Messages’ line-mode and ‘Integrated ASCII console’ VT220) got two new debug features for logging relevant data for all sclp requests or just for failing sclp requests, which requires kernel (bug 1960435) as well as s390-tools modifications (bug 1960437).

RISC-V
Starting with 22.04 LTS, besides the standard device-specific preinstalled image, we now also provide a live installer image for the RISC-V architecture. This can be helpful when wanting to install Ubuntu on an NVMe drive on an Unmatched board, for instance.
UEFI and BIOS boot
Other operating systems are not displayed in the boot menu anymore, unless Ubuntu has been installed alongside another operating system. Once all other operating systems are removed from the machine, detection of other operating systems is disabled, and to re-enable if after installing another OS, you will have to delete /boot/grub/grub.cfg and immediately run update-grub again.

Known Issues

As is to be expected, with any release, there are some significant known bugs that users may run into with this release of Ubuntu. The ones we know about at this point (and some of the workarounds), are documented here so you don’t need to spend time reporting these bugs again:

Linux kernel

The kernel runtime parameter kernel.task_delayacct has been switched off by default in 5.14 and later. That saves a small amount of cpu cycles and memory for a rarely used feature. But if you use any monitoring that needs those you’d now need to enable this either at boot time via kernel parameter delayacct or at runtime via sudo sysctl -w kernel.task_delayacct=1 (There might be a slight delay after activating until statistics are available).

System

systemd / journald now defaults to zstd compression and uses the “keyed hash” feature (upstream default as of v246). Therefore, journal files written on Ubuntu 22.04 (using systemd v249) cannot be opened using an older version of journal (i.e. from a 18.04/20.04/Core20 installation). This will fail with an error (LP: #1953744, forum.snapcraft.io):
Journal file xxx.journal has unknown incompatible flags 0xc Failed to open journal file xxx.journal: Protocol not supported

Users of grub-customizer could hit a bug in the late stage of the upgrade process leading to the final stage of the upgrade to fail (autoremoval of packages). A workaround is available in the bug’s comments.

Ubuntu Desktop

The Ubuntu Desktop images can be slow to boot (taking up to 10 minutes) when booted from a USB drive on a BIOS system. The issue is being investigated, however once the system is installed this is not an issue.

The Ubuntu Desktop images can be very slow to boot (taking up to 30 minutes) when booted from optical media (DVD) on a a BIOS or UEFI system. This is due to an integrity checker being run against the installation media. A workaround (setting “fsck.mode=skip”) is documented in the relevant bug.

The Firefox snap does not support the NativeMessaging protocol yet but this feature is planned to be added soon. This means for instance that installing GNOME Shell extensions from Firefox won’t work. As a workaround, you can try the gnome-shell-extension-manager app.

Brazilians (and others that need PKCS#11 smartcard support in Firefox) should not upgrade to Jammy until pkcs#11 support is added to the firefox snap.

The GNOME Tweaks app no longer manages GNOME Shell extensions. You can install gnome-shell-extension-manager instead.

To use AppImages, you’ll first need to run sudo apt install libfuse2

When doing an offline install of Ubuntu Desktop with NVidia hardware enabled, nvidia-settings will not be installed. You will need to run sudo apt install nvidia-settings after enabling the network.

When performing an installation with a Broadcom wireless network adapter, which requires third party drivers, on a system with UEFI and Secure Boot enabled the driver will not be loaded due to a failure to sign the driver. A workaround exists in the bug tracking this particular issue.

A regression in the 22.04.5 images images prevents the Nvidia drivers to be correctly installed when whe installation is done in offline mode (LP #2080522). The drivers are installed correctly when the installer has access to the Internet.

Some Dell, HP, Lenovo systems might not be able finish the installation offline with Ubuntu Desktop 22.04.5 image due to a bug in the installer (LP: #2107458). This can be worked around by connecting to the internet during installation, or use 22.04.4 image to install instead.

Ubuntu Server

Starting with Subiquity 23.04.1 or Ubuntu Server 22.04.3: In some situations, it is acceptable to proceed with an offline install when the mirror is inaccessible. In this scenario, it is advised to use:
apt: fallback: offline-install

22.04.3 LTS live-server, which contains cloud-init version 22.2.1-0ubuntu0~22.04.1, is affected by this bug. The effect of this is that, when using cloud-init to provide autoinstall data, the h aka local-hostname or i aka instance-id nocloud datastore arguments should not be used. For an example of a working configuration, please see the autoinstall-quickstart guide.

Active Directory Integration

When logging in on a system joined with an Active Directory domain, sssd (the package responsible for this integration) will try to apply Group Policies by default. There are cases where if a specific policy is missing, the login will be denied.

This is being tracked in bug #1934997. The fix should now be available, otherwise please see comment #5 in that bug report for existing workarounds.

Platforms
Cloud Images Vagrant

Ubuntu 22.04 LTS images will fail to launch on Vagrant < 2.216 due to SSH connection issues. This includes vagrant running on older Ubuntu hosts, as 22.04 LTS is the first Ubuntu release to include vagrant >= 2.2.16. One workaround is to use an upstream version of vagrant on your system.

Upstream bug, already fixed. The Cloud Team is also working on a more permanent solution: Public cloud-images bug

Raspberry Pi

The Raspberry Pi desktop images have switched to using the Full KMS graphics drivers. The official Raspberry Pi DSI display does not work with full KMS enabled. To enable the use of the Raspberry Pi DSI display, edit the config.txt file on your Raspberry Pi’s hard drive and change the line dtoverlay=vc4-kms-v3d to dtoverlay=vc4-fkms-v3d

On the desktop image, the Firefox snap can take some time (several minutes has been noted) to complete initialization after first login (bug 1969529)

The legacy camera stack (MMAL based) is no longer supported on arm64; libcamera is the supported method of using the Pi Camera Module on the arm64 architecture (the boot-time configuration will automatically load overlays for detected modules)

After initial user setup on the desktop image, several packages can still be autoremoved (bug 1925265); run sudo apt autoremove --purge to work around this

On the desktop image, the wrong audio output device is selected on each boot. A workaround is available in the bug report (bug 1877194)

On upgrade from impish server (and possibly earlier releases) to jammy server, if a match/driver section is present in the netplan configuration, which matches a space-separated list of network drivers (as the default in impish does), netplan can fail to apply the ethernet configuration (potentially leading to no connectivity if no other interfaces are configured) (bug 1970761)

Various kernel modules have been moved from the linux-modules-raspi package in order to reduce the initramfs size. If you find an application failing due to missing kernel modules, please try the following:

sudo apt install linux-modules-extra-raspi

This is currently relevant for users of VLANs where the lack of the 8021q module can prevent the ethernet interface from configuring (bug 1973485)

With the removal of the crda package, the method of setting the wifi regulatory domain (editing /etc/default/crda) no longer operates. The only option to persist this information currently is to add cfg80211.ieee80211_regdom=XX (where XX is an ISO3166-1 alpha-2 country code, e.g. GB for the United Kingdom, US for the United States, etc.) to the cmdline.txt file on the boot partition (bug 1951586)

The Raspberry Pi Compute Module 3 is no longer supported as of the prior release, due to a lack of storage capacity (the CM3 shipped with 4GB of on-board eMMC storage, and Ubuntu Server for Raspberry Pi images now exceed this size). The later Compute Module 3+ models (for which the smallest storage capacity was 8GB of eMMC) are still supported.

Original source Report a problem

Canonical Release Notes

Canonical Products

All Canonical Release Notes (14)

Ubuntu 25.10 (Questing Quokka)

Support lifespan

Upgrades

New features in 25.10

Updated Packages

Linux kernel 6.17🐧

systemd v257.9

sudo-rs and sudo

rust-coreutils and gnu-coreutils

Netplan v1.1.2ubuntu3

Toolchain Upgrades

OpenJDK

.NET

Default configuration changes

Ubuntu Desktop

Installer

Updates

Enterprise

Wayland

GNOME

New default applications

Security Center

Ubuntu Insights

Dracut

Updated Applications

Updated Subsystems

Support for new Intel® integrated and discrete GPUS

Ubuntu Foundations

Cryptography

Package Management: APT 3.1

Ubuntu Server

ubuntu-server Meta and Seed

Apache 2

Bacula

Chrony

cloud-init v. 25.3

Container runtimes

Django

Dovecot

EDK2

frr

HAProxy

iPXE

libvirt

MySQL

Nginx

OpenLDAP

OpenSSH

PHP

PostgreSQL

QEMU

Samba

Strongswan

Intel® QuickAssist Technology (Intel® QAT)

sos (sosreport)

Subiquity

Valkey

OpenStack

Ceph

Open vSwitch (OVS) and Open Virtual Network (OVN)

Platforms

GRUB2

Public Cloud / Cloud images

Microsoft Azure

How to report any issues resulting from these changes

Raspberry Pi :strawberry:

IBM Z and LinuxONE (s390x) image

IBM POWER (ppc64el)

RISC-V

Known Issues

General

Linux kernel

Ubuntu Desktop

Ubuntu Server

Google Compute Platform

Microsoft Azure

AWS