Announcement
https://discourse.ubuntu.com/t/lxd-6-5-has-been-released/64873
What's Changed
- feat(csp) harden content security policy for the ui serving to include only an allowed list of domains by @edlerd in #15675
- Linter: Fix remaining
musttagissues across the entire codebase by @roosterfish in #15673 - Move LXD 5.0 into extended support by @simondeziel in #15678
- doc: update howto/instances_routed_nic_vm.md by @almeidaraul in #15668
- test: ask
tarto stop scanning archive after finding the file we wanted by @simondeziel in #15680 - github: provide pkg-config path to
lxc.pcfor TiCS run by @simondeziel in #15679 - Misc improvements by @simondeziel in #15681
- dependabot: only track security updates for 5.0
gomodby @simondeziel in #15683 - lxc/network_zone: Fix typo in help description (from Incus) by @simondeziel in #15684
- github: Update TICS viewerURL by @roosterfish in #15691
- lxd: Add target request forwarding to storagePoolVolumeTypeStateGet by @edlerd in #15690
- doc/howto/instances_create: provide direct link to all instance-types to not rely on
autoindexby @simondeziel in #15687 - test/mini-oidc/storage: use stdlib
log/slogby @Juneezee in #15694 - lxd/cloudinit: Fix other formats of cloud-init user configuration options by @skozina in #15689
- Apply
modernizechanges by @simondeziel in #15686 - build(deps): bump redhat-plumbers-in-action/differential-shellcheck from 5.5.3 to 5.5.4 by @dependabot[bot] in #15698
- build(deps): bump github.com/NVIDIA/nvidia-container-toolkit from 1.17.7 to 1.17.8 by @dependabot[bot] in #15697
- github: fix copy-n-paste error in step name in tests workflow by @simondeziel in #15705
- lxc: Prevent panic when overwriting the progress renderer by @roosterfish in #15708
- lxd: Resolve the intermittent "file already closed" errors in
distributeImageby @tomponline in #15674 - Network: Show info for macvlan networks by @nmezhenskyi in #15682
- lxd/cloudinit: Fix parsing of invalid cloud-init yaml by @skozina in #15707
- lxd/cloudinit: Fix behavior when vendor-data parsing fails and when user-data are not provided. by @skozina in #15712
- github: fix conditional around optionally skipping unit tests by @simondeziel in #15710
- test: Don't modify go modules during go test by @tomponline in #15711
- dependabot: disable schedule to only deal with security updates for 5.0
gomodby @simondeziel in #15723 - Run shellcheck only once by @simondeziel in #15722
- Makefile: Pin dqlite to last known good version by @tomponline in #15729
- test/suites/auth: use ecdsa certs instead of (slow) rsa4096 by @simondeziel in #15725
- cluster: Fix panic during exclusive DB mode by @tomponline in #15726
- Images: Fix "database is locked" errors when deleting old image records after update by @tomponline in #15716
- github: add golangci-lint action by @simondeziel in #15720
- Misc tweaks by @simondeziel in #15719
- lxd/images: accumulate node IDs while building the node list by @simondeziel in #15736
- Storage: Fix CephFS mount timeout by @roosterfish in #15542
- Documentation: Update Storage docs - Backup storage volumes [WD-22293] by @Kxiru in #15685
- test: Check that network info shows correct MTU for macvlan network by @nmezhenskyi in #15718
- lxd/daemon: Manage images and backups volumes without symlinks by @skozina in #15482
- Add tests for cloud-init by @skozina in #15728
- lxd/db: Rework RunExclusive to use context with timeout internally by @tomponline in #15743
- github: Drop LXD_CONCURENT variable by @simondeziel in #15737
- lxd: Pass around the request context instead of the request by @MusicDin in #15529
- doc: Add Ubuntu Pro how-to by @markylaing in #15717
- build(deps): bump golang.org/x/crypto from 0.38.0 to 0.39.0 by @dependabot[bot] in #15746
- build(deps): bump github/codeql-action from 3.28.18 to 3.28.19 by @dependabot[bot] in #15752
- build(deps): bump github.com/pkg/xattr from 0.4.10 to 0.4.11 by @dependabot[bot] in #15748
- build(deps): bump github.com/canonical/go-dqlite/v3 from 3.0.0 to 3.0.1 by @dependabot[bot] in #15749
- build(deps): bump golang.org/x/tools from 0.33.0 to 0.34.0 by @dependabot[bot] in #15751
- Make it easy to build and test LXD by @simondeziel in #15734
- devLXD: Response format based on vsock usage by @MusicDin in #15727
- Ubuntu 24.04 runners for tests by @simondeziel in #15763
- Cluster: Reject invalid cluster evacuate modes by @kadinsayani in #15768
- Partially undo switch to
ubuntu-24.04runners by @simondeziel in #15770 - Improve
make test-shella bit by @simondeziel in #15764 - Update context (from Incus) by @kadinsayani in #15587
- lxc/remote/add: Fixed runtime error (index out of range [0] with length 0) by @TanishkBansode in #15745
- Add
lxd-benchmarktests by @simondeziel in #15724 - Storage: Fix comment and error message by @roosterfish in #15775
- Backup: Rearrange consts to allow narrowing down volume lookup by @roosterfish in #15776
- devlxd: Fix regression in LXD agent where string responses are escaped by @MusicDin in #15774
- github: use actions/setup-python to cache pip dependencies by @simondeziel in #15778
- Makefile: Add
make update-fmtby @kadinsayani in #15779 - test/lint/bad-grep: check test scripts for
grepmisuse by @simondeziel in #15789 - lxd: Replace request context keys with request info by @MusicDin in #15762
- Allow using the same volume for storage.images_volume and storage.backups_volume by @skozina in #15621
- lxd/devices/proxy: Fix unix socket cleanup by @kadinsayani in #15788
- Install storage driver tools on-demand by @simondeziel in #15780
- tests: Add
is_backend_availablehelper function by @kadinsayani in #15793 - Storage: Add reverter pattern for custom volume backend actions by @roosterfish in #15777
- test/suites/concurrent: ignore PIDs that vanished by @simondeziel in #15799
- github: add option to install optional dependencies in actions/install-lxd-runtimedeps by @simondeziel in #15797
- Tiny speed and precision tweak to a few tests by @simondeziel in #15800
- Misc test tweaks by @simondeziel in #15801
- test/suites/migration: use small volumes by @simondeziel in #15790
- doc: add vGPU acronym for virtual GPU by @minaelee in #15805
- build(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by @dependabot[bot] in #15808
- build(deps): bump github.com/minio/minio-go/v7 from 7.0.92 to 7.0.93 by @dependabot[bot] in #15809
- build(deps): bump github.com/openfga/openfga from 1.8.13 to 1.8.15 by @dependabot[bot] in #15812
- build(deps): bump github.com/zitadel/oidc/v3 from 3.38.1 to 3.39.0 by @dependabot[bot] in #15810
- dqlite: Revert pin and use main by @tomponline in #15740
- Device: Add thread pool option for VM filesystem
diskshares usingvirtiofsdby @tomponline in #15792 - lxd: Add headers only if value is not empty when connecting to other cluster member by @MusicDin in #15791
- doc: update and add information about releases and snap by @minaelee in #15785
- test/suites/basic: check
--versionand--helpfor all binaries by @simondeziel in #15804 - Run CI on
tmpfsmount by @simondeziel in #15818 - lxd-agent: Added RSS metrics + Simplified calculation for better scalability by @MrMartyK in #15094
- doc: add sphinx-sitemap to generate sitemap for SEO by @minaelee in #15828
- doc: css to hide rtd versions flyout when printing by @minaelee in #15830
- lxd/instance/qemu: Fix shared storage volume setup during instance migration (from Incus) by @nmezhenskyi in #15798
- devlxd: Separate UbutuPro type used in LXD and in devLXD by @MusicDin in #15787
- lxd-benchmark: test report generation and
launchcommand by @simondeziel in #15824 - Migration test improvements by @simondeziel in #15829
- Test tweaks by @simondeziel in #15820
- Cluster: Add post-migration instance device cleanup by @kadinsayani in #15552
- Doc: Cover VM
diskio.*options in the storage-configure-IO section by @tomponline in #15831 - Add basic VM tests by @simondeziel in #15825
- Makefile: do not build doc on
make diston GH PRs by @simondeziel in #15839 - Refactor UnixSocket function (from Incus) by @kadinsayani in #15842
- doc: rename variable used by sitemap per conflict by @minaelee in #15843
- doc: use lxd instead of lxd.daemon for snap services mgmt by @minaelee in #15845
- lxd: Clarify usage of io.threads in restricted projects by @MusicDin in #15846
- lxd/instances_post: Use correct project on cross-project copy (from Incus) by @kadinsayani in #15840
- build(deps): bump github.com/minio/minio-go/v7 from 7.0.93 to 7.0.94 by @dependabot[bot] in #15847
- build(deps): bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2 by @dependabot[bot] in #15849
- build(deps): bump github.com/openfga/openfga from 1.8.15 to 1.8.16 by @dependabot[bot] in #15848
- shared: Add context to
GetRemoteCertificateby @kadinsayani in #15858 - OIDC: Use client secret for authorization code flow by @nmezhenskyi in #15706
- Test tweaks by @simondeziel in #15856
- Revert "dependabot: disable schedule to only deal with security updat… by @simondeziel in #15860
- lxd: Only run
PostMigrateSendwhen migrating instances by @kadinsayani in #15868 - github: Add LXD_OIDC_CLIENT_SECRET env var to ui-e2e-tests by @nmezhenskyi in #15867
- Update Go min to 1.24.4 and update Go modules by @simondeziel in #15864
- doc: Metadata endpoint returns JSON, not YAML by @markylaing in #15875
- test: Add test for container migration with attached local volume by @nmezhenskyi in #15869
- test/includes/setup: fix how virtiofsd is detected by @simondeziel in #15876
- Improve
snapshots.patterntests by @simondeziel in #15879 - tests: Snapshot can be copied to
localhostremote with bridged NIC device by @kadinsayani in #15870 - Devices: Add common filter capabilities by @roosterfish in #15859
- Auth: Extend TLS identity helper functions to support multiple identity types by @kadinsayani in #15838
- test: Add test for VM migration with attached local volume by @nmezhenskyi in #15883
- Test tweaks by @simondeziel in #15881
- Cluster: Rework post-migration steps to cleanup NIC bridged devices for cluster member moves only by @kadinsayani in #15873
- lxd/instance/drivers: Don't return post-migration errors by @kadinsayani in #15886
- network: Fix bridge duplicate IP assignment to VM copies by @skozina in #15884
- VM: Fix
limits.memorywhen using % of host memory (from Incus) by @kadinsayani in #15888 - test/suites/basic: test memory limits and container/snapshot names by @simondeziel in #15890
- API: Validate Content-Type if supplied, or if non-zero Content-Length supplied by @tomponline in #15880
- Check operation and websocket requestor details by @markylaing in #15893
- lxd/auth/drivers: Add comment to explain metrics entitlement by @markylaing in #15902
- build(deps): bump github/codeql-action from 3.29.0 to 3.29.1 by @dependabot[bot] in #15898
- lxd/instance/drivers: drop unneeded test code by @simondeziel in #15895
- Daemon: Validate browser fetch metadata if supplied to reject non-same-origin requests by @tomponline in #15900
- build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.0 to 4.1.1 by @dependabot[bot] in #15897
- test/lint/test-tests: check for missing
|| falsefallbacks by @simondeziel in #15891 - Faster ping checks by @simondeziel in #15903
- doc/metrics: metrics for all accessible projects are returned by default by @simondeziel in #15912
- test/suites: Use testimage for auth checks by @markylaing in #15906
- doc/metrics: improve wording for
projectparameter by @simondeziel in #15914 - doc: remove unnecessary step to remove hold to refresh snap by @minaelee in #15916
- doc: add migration.stateful restriction for local volumes by @minaelee in #15918
- doc: ignore anchor when checking maas link by @minaelee in #15917
- Misc test fixes by @simondeziel in #15910
- Network: Fix state endpoint for OVN networks without port binding by @roosterfish in #15921
- Auth: Improvements to network allocation used by URL checks by @markylaing in #15907
- VM: Informative error message for QEMU version by @xypron in #15889
- Daemon: Don't request full
Stateinactivateifneededcommand to avoid running instance driver feature checks by @tomponline in #15919 - test/suites/lxd_user: augment test coverage a bit by @simondeziel in #15926
- Avoid unneeded format variant of logger functions by @simondeziel in #15924
- Storage: Skip custom vol updates early by @roosterfish in #15927
- daemon: Update Sec-Fetch-Site checks by @tomponline in #15932
- test/suites/container_devices_unix: do not completely skip tests with
fanotifyby @simondeziel in #15931 - Storage: Add all custom storage vols to instance's backup config by @roosterfish in #15523
- Misc test tweaks by @simondeziel in #15934
- test: Omit escape sequences from prompt length in inspect subshell. by @markylaing in #15941
- Storage: Add more context to errors by @roosterfish in #15939
- golangci: Disable
var-naminglinter onlxd/utilby @kadinsayani in #15944 - Storage: Improve pool name and volume name validation by @tomponline in #15940
- test/suites/remote: don't report progress on init/image copy/publish by @skozina in #15952
- Add util to get both "project" and "all-projects" parameters by @markylaing in #15920
- Apply
modernizechanges by @simondeziel in #15950 - Mount read-only snapshots with
norecoveryto avoid writes by @simondeziel in #15949 - lint: Fix
var-naminglint error onutilpackage by @markylaing in #15956 - build(deps): bump github.com/openfga/openfga from 1.8.16 to 1.9.0 by @dependabot[bot] in #15970
- build(deps): bump github.com/pkg/xattr from 0.4.11 to 0.4.12 by @dependabot[bot] in #15969
- build(deps): bump github.com/zitadel/oidc/v3 from 3.39.0 to 3.39.1 by @dependabot[bot] in #15968
- build(deps): bump github/codeql-action from 3.29.1 to 3.29.2 by @dependabot[bot] in #15963
- Daemon: Avoid race condition panics when resetting gateway cluster DB connection by @tomponline in #15971
- lxd: Expect content type header octet-stream when creating new instance file by @MusicDin in #15974
- Add tests for
ValidPoolName()andValidVolumeName()by @simondeziel in #15973 - Daemon: Only enforce content-type checks for browser clients by @tomponline in #15975
- Assorted ZFS tweaks by @simondeziel in #15947
- doc: linkcheck ignore sourceforge domain by @minaelee in #15978
- doc: [WD-22194] Adding network ipam UI information by @Kxiru in #15976
- Storage: Reject pool names starting with a dot by @tomponline in #15981
- tests/clustering: Use correct target project argument by @kadinsayani in #15987
- API: Use generic status text in LXD responses by @markylaing in #15985
- devlxd: Add check for origin PID being in same PID NS as the container name in found process by @tomponline in #15983
- lxd/db/cluster/projects: Optimize GetProjectConfig() by @skozina in #15988
- Auth: Update project manager description by @markylaing in #15989
- doc: Adding Network ACL UI Information [WD-22190] by @Kxiru in #15986
- doc: improve docs on attaching instances to ubuntu pro by @minaelee in #15953
- Storage: Remove quotas after removing volume from
dirstorage by @nmezhenskyi in #15943 - doc: pin canonical-sphinx-extensions version by @minaelee in #15994
- Disable template recursion and add unit tests for
snapshots.patternby @simondeziel in #15998 - README: Fix broken link by @tomponline in #16000
- lxd/instances/qemu: Handle deprecation of runas (from Incus) by @skozina in #15997
- lxd: Reorganise checks in images GET handler. by @markylaing in #16001
- lxd: Validate image fingerprint prefixes by @markylaing in #16002
- build(deps): bump golang.org/x/term from 0.32.0 to 0.33.0 by @dependabot[bot] in #16016
- Export a suggested recursion limit for rendering templates by @simondeziel in #16022
- build(deps): bump github.com/go-acme/lego/v4 from 4.23.1 to 4.24.0 by @dependabot[bot] in #16021
- build(deps): bump golang.org/x/sync from 0.15.0 to 0.16.0 by @dependabot[bot] in #16015
- build(deps): bump golang.org/x/tools from 0.34.0 to 0.35.0 by @dependabot[bot] in #16020
- build(deps): bump github.com/miekg/dns from 1.1.66 to 1.1.67 by @dependabot[bot] in #16030
- tests/clustering_move: Add test for moving instance to a new project by @kadinsayani in #16032
- lxd/request: Never get existing Info when setting up request context by @markylaing in #16038
- tests: Test instance file push using strings.Reader by @MusicDin in #16004
- lxc/network: Allow listing allocations in non-default projects via project switch. by @markylaing in #16034
- VM: Rework PCI hotplug (from Incus) by @tomponline in #16031
- test: Add tests for public images APIs by @markylaing in #16036
- lxd: Handle DevLXD image export directly in DevLXD handler by @markylaing in #16019
- lxd/instance_logs: Perform stricter path validation (from Incus) by @tomponline in #16045
- Auth: Allow different cluster members to begin and end UI auth flow by @markylaing in #16046
- Container: Check for monitor process candidate's
NSpidvalue (from Incus) by @tomponline in #16047 - lxd: Instance device removal using instance patch by @MusicDin in #16040
- tests: Run Tiobe TICS on self-hosted runners by @MusicDin in #16054
- lxd/auth/oidc: The
login_idcookie must haveSameSite=Laxby @markylaing in #16055 - Pongo2 templates rework by @simondeziel in #16056
- Assorted improvements by @simondeziel in #16053
- Cache
apparmor_parser --versioninfo during daemon init by @simondeziel in #16052 - Revert "tests: Run Tiobe TICS on self-hosted runners" by @MusicDin in #16057
- VM: Disk device hotplug improvements and fixes by @tomponline in #16049
- Auth: Use correct entity type when enriching storage pool access entitlements by @markylaing in #16037
- Network: Add
EvacuateandRestorefunctions by @roosterfish in #16035 - build(deps): bump redhat-plumbers-in-action/differential-shellcheck from 5.5.4 to 5.5.5 by @dependabot[bot] in #16064
- build(deps): bump github.com/minio/minio-go/v7 from 7.0.94 to 7.0.95 by @dependabot[bot] in #16061
- shared/util: Handle panics in the pongo2 package by @tomponline in #16065
- doc: storage pools and buckets updates by @minaelee in #15938
- doc: Update the instance
boot.autostartoption description by @nmezhenskyi in #16069 - VM: Re-generate agent-mounts.json file when directory disks are hotplugged by @tomponline in #16067
- Cluster: Add pre-checks for evacuation/restore by @roosterfish in #16066
- test/suites/deps: run
lddon the actuallxcbinary by @simondeziel in #16078 - Test: Use
lxc network setinstead of custom SQL queries by @roosterfish in #16079 - Auth: OIDC improvements by @markylaing in #16081
- doc: update grafana base url to encounter ui prefix by @edlerd in #16082
- VM: PCIe allocation improvements by @tomponline in #16084
- lxd-agent: Clean up disk device removal from VM by @nmezhenskyi in #16051
- doc: linkcheck ignore ceph.io by @minaelee in #16085
- doc: Add limitation note about SDC and Ubuntu Noble Numbat images by @roosterfish in #16086
- lxd/sys/apparmor: do not try to get the cache dir if Apparmor is not available by @simondeziel in #16087
- build(deps): bump github.com/zitadel/oidc/v3 from 3.41.0 to 3.42.0 by @dependabot[bot] in #16108
- build(deps): bump github.com/go-acme/lego/v4 from 4.24.0 to 4.25.1 by @dependabot[bot] in #16107
- build(deps): bump github.com/mattn/go-sqlite3 from 1.14.28 to 1.14.29 by @dependabot[bot] in #16105
- build(deps): bump github/codeql-action from 3.29.2 to 3.29.4 by @dependabot[bot] in #16104
- VM: Restore classic PCIe allocation and standardise allocator functions by @tomponline in #16093
- github: ask dependabot to stop updating
github.com/olekukonko/tablewriterby @simondeziel in #16111 - Simplify functions by @skozina in #16113
- test: run
concurrenttests afterincremental_copyby @simondeziel in #16117 - test/suites/{remote,projects}: Clean up leftover images by @skozina in #16116
- lxd/rsync: Introduce CopyFile() to rsync single file by @skozina in #16115
- lxd/api_project: Rename import by @skozina in #16112
- github: only run some workflow on schedule for the main repo by @simondeziel in #16118
- doc: Adding Storage Buckets UI documentation [WD-22188] by @Kxiru in #16090
- DB: Add
ScanValuemethod and interfaces. by @markylaing in #16120 - lxd/daemon: Rename local variables by @skozina in #16123
- lxd/daemon: Introduce functions for custom volume mount and unmount by @skozina in #16122
- gomod: Update google.golang.org/grpc by @tomponline in #16125
- Apparmor regression fix by @simondeziel in #16126
- Network: Associate OVN load balancers and forwards with internal switch by @nmezhenskyi in #16119
- lxd/cluster/config: Remove
ClusterTxfromConfigby @markylaing in #16128
New Contributors
- @almeidaraul made their first contribution in #15668
- @TanishkBansode made their first contribution in #15745
- @MrMartyK made their first contribution in #15094
- @xypron made their first contribution in #15889
Full Changelog: lxd-6.4...lxd-6.5