Announcement
- Announcement: https://discourse.ubuntu.com/t/lxd-6-8-has-been-released/80650
- Release notes: https://documentation.ubuntu.com/lxd/latest/reference/release-notes/release-notes-6.8/
What's Changed
- Less negative
grepby @simondeziel in #17751 - Use source file size when recreating volumes during recovery by @kadinsayani in #17752
- shared/cert: Close the response body in GetRemoteCertificate by @nmezhenskyi in #17762
- doc: Include LXC bump to v6.0.6 in LXD 6.7 release notes by @tomponline in #17768
- test/clustering: Test image publish in a project with features.images disabled by @MusicDin in #17755
- Conflicts between operations by @skozina in #17721
- Unify IsRecursionRequest return type and consolidate GetInstances SDK methods by @gajeshbhat in #17679
- Add
createTLSListenerhelper by @simondeziel in #17771 - Minor string handling improvements by @simondeziel in #17774
- Client certificate handling simplifications by @simondeziel in #17763
- lxd/resouces: avoid repeatedly building filepaths by @simondeziel in #17760
- Reinstate
udevrules to triggerlxd-agent.servicein LXD VMs by @simondeziel in #17767 - Minor improvements to DNS handler by @simondeziel in #17772
- Fix --profile and --no-profiles flags being ignored on cluster moves by @tugbataluy in #17756
- Prevent concurrent evacuations by @kadinsayani in #17475
- Fix mutex leak and unclosed files by @larrasket in #17778
- Minor improvements to device equality helpers by @simondeziel in #17773
- QEMU micro optimizations by @simondeziel in #17766
- GPU physical device micro optimizations by @simondeziel in #17765
- Add "RequestorAuditor" for use in operations by @markylaing in #17769
- lxc/file: fix recursive pull failing on existing directories by @tugbataluy in #17739
- build(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3 in the actions group across 1 directory by @dependabot[bot] in #17782
- operations: Clean up orphaned operations after successful initial heartbeat by @markylaing in #17734
- lxd/db/operationtype: Clarify comment by @kadinsayani in #17785
- doc: use intersphinx for snap docs links by @minaelee in #17786
- Replace
deviceEqualsbymaps.Equalby @simondeziel in #17788 - Apply refresh config server-side for copy and migration by @kadinsayani in #17678
- DB: Make identity ID int64 by @markylaing in #17789
- lxd/operations: operation.Render() error is unused by @skozina in #17791
- Fix ignored config keys (boot priority) when adding device to an instance. by @tugbataluy in #17790
- lxc/config/file: include path to bogus or missing file in errors by @simondeziel in #17795
- Get operations from DB rather than memory by @skozina in #17783
- lxc/console_unix: improve logging on errors and fix channel leak by @simondeziel in #17798
- lxd: Fix snapshot URL in clustered mode by @MusicDin in #17794
- github: ask Dependabot to respect
gorilla/websocket@v1.5.1pinning by @simondeziel in #17802 - test/main: ignore WGA crashes by @simondeziel in #17807
- build(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 in the actions group across 1 directory by @dependabot[bot] in #17805
- Identity ID follow up and report operation run hook error on connect by @markylaing in #17799
- Followup fixes on GET /1.0/operations changes by @skozina in #17800
- lxd: Use correct name in create from backup entity URL by @markylaing in #17810
- lxd/db/cluster: Remove backticks from integer values in errors by @skozina in #17812
- Disk device micro optimizations by @simondeziel in #17764
- lxd/instance/drivers/qemu: only add udev rules on platform lacking DMI support by @simondeziel in #17816
- Start scheduled operations automatically by @skozina in #17814
- Avoid
os.Lstat+os.ReadFilepattern by @simondeziel in #17815 - Improve error message for low limits.memory by @larrasket in #17775
- Enforce limits.instances in clusters by @kadinsayani in #17822
- Improve limits.instances error message by @kadinsayani in #17824
- Remove support for
fan.type=ipipnetworks by @simondeziel in #17826 - Cluster: control-plane cluster role by @kadinsayani in #17269
- Cluster link identity by @kadinsayani in #17819
- Refactor cluster role handling and simplify documentation by @kadinsayani in #17831
- lxd: Add godoc and named return by @kadinsayani in #17834
- Prealloc fixes by @simondeziel in #17841
- Cgroup tweaks by @simondeziel in #17838
- Minor tweaks for
lxc listby @simondeziel in #17836 - lxd/apparmor/apparmor: avoid TOCTOU in
hasProfileby @simondeziel in #17837 - shared/tcp/tcp_timeout_user: do not shadow error from
unix.SetsockoptIntby @simondeziel in #17833 - build(deps): bump the actions group across 1 directory with 2 updates by @dependabot[bot] in #17846
- Add operation type for scheduled snapshot creation by @markylaing in #17849
- Address many TOCTOU races by @simondeziel in #17840
- String handling improvements by @simondeziel in #17835
- Makefile: Pin to dqlite v1.18.x branch by @tomponline in #17854
- Improve file operation error messages for missing paths by @larrasket in #17777
- lxd/operations: Don't send event on schedule by @skozina in #17851
- Use
net.KeepAliveConfigand enable TCP_USER_TIMEOUT inRFC3493Dialerby @tomponline in #17830 - Bulk instance state resource url by @markylaing in #17857
- Endpoints: Listener improvements by @tomponline in #17861
- Optimize dnsmasq log message creation by @tugbataluy in #17848
- Add location to the Operation structure by @skozina in #17867
- go: Bump Go min by @simondeziel in #17865
- Endpoints: Setup TCP keep alive and user timeouts on incoming API connections by @tomponline in #17868
- Remove
miniosupport by @simondeziel in #17673 - Correctly report QEMU from external snap by @simondeziel in #17876
- Add more DNS tests by @simondeziel in #17873
- doc: Added reference to CVE-2026-28384 in 6.7 release notes by @tomponline in #17879
- storage/connector: Force multipath for single iSCSI connection by @MusicDin in #17858
- lxd/operations: Make operation error a string by @skozina in #17859
- Drop MAAS controller by @simondeziel in #17872
- lxd/dnsmasq: Clean up orphaned .removing files on bridge network start by @tugbataluy in #17869
- test/lint: Add error-msg linter by @kadinsayani in #17817
- Storage: Drop
sourceconfig key for Ceph/CephFS by @roosterfish in #17853 - Minor device improvements by @simondeziel in #17884
- golangci-lint: remove now unused exclusion rule by @simondeziel in #17880
- Scheduled snapshot optype follow up by @simondeziel in #17883
- build(deps): bump the actions group across 1 directory with 2 updates by @dependabot[bot] in #17889
- lxd/dnsmasq: do not swallow errors in
DHCPAllAllocationsby @simondeziel in #17893 - Instance: Ensure that
initial.diskconfig is not stored in database by @tomponline in #17891 - lxd/daemon: Use CSRF protection from stdlib by @nmezhenskyi in #17897
- Bump go version to 1.26.1 by @kadinsayani in #17896
- Improved error logging on errors by @simondeziel in #17875
- Use stricter permissions where appropriate by @simondeziel in #17894
- build(deps): bump github.com/openfga/openfga from 1.11.5 to 1.11.6 in the gomod group across 1 directory by @dependabot[bot] in #17870
- Storage: Don't set Ceph RBD default features by @roosterfish in #17890
- test/suites/operations: Optimize get_operations by @skozina in #17895
- test/suites/devlxd: renaming the NIC during boot can take some time by @simondeziel in #17915
- lxd: Prevent use of raw.apparmor and raw.qemu.conf when low level options are blocked by @MusicDin in #17909
- lxd/instance/drivers/qemu: unconditionally install
udevrules for agent by @simondeziel in #17904 - Constant-time comparison of secrets by @simondeziel in #17910
- github: instruct copilot to avoid inline variable declaration in if statements by @kadinsayani in #17913
- [minor] lxc/main_aliases: avoid duplicated
os.Getenvby @simondeziel in #17903 - [minor] lxc/exec_unix: Small tweaks by @simondeziel in #17901
- [minor]
dnsmasqimprovements by @simondeziel in #17885 - doc: restructure and improve storage pools how-to by @minaelee in #17878
- tests: Add test for lowlevel options to increase test converage by @MusicDin in #17920
- Bulk operations by @skozina in #17801
- Network: When using MicroOVN get Northbound DB addresses from
ovn.envby @nmezhenskyi in #17874 - Followup on bulk operations by @skozina in #17923
- Followup fixes on cancelling bulk operations by @skozina in #17929
- Extend ACME tests by @simondeziel in #17882
- Instance: Don't store initial. device config in DB during update by @tomponline in #17930
- lxd/instance_logs:
edk2.logandqemu.early.logshould be treated like other instance logs by @simondeziel in #17926 - github: symlink the
lxdbinary into a commonPATHfor UI tests by @simondeziel in #17933 - Storage: ZFS promotion by @tomponline in #17336
- build(deps): bump actions/download-artifact from 8.0.0 to 8.0.1 in the actions group across 1 directory by @dependabot[bot] in #17943
- build(deps): bump github.com/openfga/openfga from 1.11.6 to 1.12.0 in the gomod group by @dependabot[bot] in #17941
- Improve validation on certificate edit by @markylaing in #17936
- Minor improvements to BGP listener by @simondeziel in #17931
- doc: add release notes template by @minaelee in #17906
- Import: Create backup config from index by @roosterfish in #17921
- Import: Remove dead code by @roosterfish in #17957
- build(deps): bump google.golang.org/grpc from 1.79.2 to 1.79.3 by @dependabot[bot] in #17963
- lxd: Rename "manual roles" to "custom roles" for cluster member roles by @kadinsayani in #17959
- HTTP hardening (from Incus) by @simondeziel in #17950
- Import: Followup on device overrides by @roosterfish in #17966
- Add
zizmorworkflow for static analysis of GitHub Actions by @simondeziel in #17961 - Transition to standard RenderTemplate logic (from Incus) by @simondeziel in #17971
- build(deps): bump github.com/mattn/go-sqlite3 from 1.14.34 to 1.14.37 in the gomod group by @dependabot[bot] in #17970
- shared/ws/upgrader: reintroduce checkOrigin for compat with pylxd by @simondeziel in #17973
- doc/howto/instances_console: make it explicit that
--console=vgais for VM only by @simondeziel in #17974 - Simplify database function generation by @markylaing in #17624
- storage: Async storage pool endpoints by @MusicDin in #17955
- Error wrapping for generic database functions by @markylaing in #17979
- doc: prevent indexing older versions by @minaelee in #17984
- lxc: Implement
lxc project get-currentby @MggMuggins in #17975 - Require can_view on source for instance copy by @kadinsayani in #17914
- lxd: Stricter image fingerprint validation by @MusicDin in #17985
- Migration: Don't allow pull mode in restricted projects by @tomponline in #17988
- doc: Fix storage pool success response in api spec by @MusicDin in #17989
- doc: update IP inconsistency in tutorial by @minaelee in #17997
- doc: update storage buckets how-to by @minaelee in #17996
- Device: GPU CDI fixes by @tomponline in #17958
- storage/connector: Wait disk device resize by @MusicDin in #17862
- build(deps): bump the actions group across 5 directories with 3 updates by @dependabot[bot] in #18003
- Fix creating instances using a local image from another project by @nmezhenskyi in #17924
- Add support for --column/-c flag everywhere that --format csv is supported by @larrasket in #17825
- doc: Add an example lxd-dns-lxdbr0.service file in the resolved persistent setup by @lgp171188 in #17999
- Add support for custom port numbers in NVMe and iSCSI storage connectors by @adanishal in #17982
- lxd/db/dbgen: Don't allow joins on structs ending 'Row' by @markylaing in #18017
- Lint: Prevent
lxdalias for client package by @markylaing in #18019 - lxd/api: use a shared helper for OIDC handlers by @simondeziel in #17949
- Stop asking for lxc info by @setharnold in #18022
- Use
dbgenfor identities by @markylaing in #17850 - doc: correct a typo by @elijahgreenstein in #18025
- lxd/storage/drivers/load: surface the error/reason why a driver isn't available by @simondeziel in #18024
- Remove deprecated bits by @simondeziel in #18011
- Cacheable identity types by @markylaing in #18020
- lxd: Async network and network ACL endpoints by @MusicDin in #17978
- lxd: Ensure untrusted requests are proxied with correct permissions by @markylaing in #17828
- Check for multiple match errors by @markylaing in #18026
- lxd: Remove operation resources by @markylaing in #18028
- gomod: Update deps by @tomponline in #18031
- Add
certificatesandidentities_certificatestables by @markylaing in #17864 - Makefile: exclude .git from lxd-metadata scan by @kadinsayani in #18038
- Add pre-commit-checks agent skill by @kadinsayani in #17992
- github: minimize exposure to SSH key by @simondeziel in #18045
- doc: update google analytics files using remote source by @minaelee in #18044
- github: improve and update bug report (issue) template by @minaelee in #18041
- test/shared/entity: de-dup test cases and improve project/location coverage by @simondeziel in #18040
- Fix comment typo (Copilot code quality finding) by @kadinsayani in #18036
- lxd/api: fix UI and documentation MIME type by clearing pre-set
Content-Typeby @simondeziel in #18043 - build(deps): bump github/codeql-action from 4.31.9 to 4.35.1 in the actions group across 1 directory by @dependabot[bot] in #18048
- Device: Add support for hotplugging GPU CDI devices into containers by @tomponline in #17972
- doc: add xdelta3 to required test dependencies by @kadinsayani in #18050
- doc: add version number to sidebar and HTML title by @minaelee in #18049
- go: bump
github.com/openfga/openfgatov1.14.0by @simondeziel in #18062 - API: Include additional metadata fields for images fetched from SimpleStreams sources by @nmezhenskyi in #18016
- test/suites/container_devices_gpu: add missing arg handling by @simondeziel in #18065
- doc/installing: 64Ki subuid/subgid is what's documented in
doc/userns-idmapby @simondeziel in #18064 - scripts/check-snap.py: pull data from the snap store by @simondeziel in #18061
- lxd: Use cluster operation notification for cluster-wide async operations by @MusicDin in #18042
- Cluster: control-plane follow up fixes by @kadinsayani in #17881
- docs: add pocket id as OIDC provider WD-34162 by @omarelkashef in #17827
- lxd: Async storage bucket endpoints by @MusicDin in #18029
- Fix certificates table update by @markylaing in #18067
- doc: update link to Ubuntu kernels support by @AnneCYH in #18074
- Fix cluster member removal attempting to delete networks on other members by @kadinsayani in #18077
- Cluster: control-plane follow-up fixes by @kadinsayani in #18076
- doc: add xdelta3 to required deps by @kadinsayani in #18075
- Python improvements by @simondeziel in #18063
- lxd: Async load-balancer endpoints by @MusicDin in #18030
- build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 by @dependabot[bot] in #18081
- storage: Fix alletra client error message and comment by @MusicDin in #18083
- lxd: Fix network zone record patch by @MusicDin in #18080
- lxd: Async network forward endpoints by @MusicDin in #18072
- github: tweak Dependabot config for
golangci-linttool by @simondeziel in #18095 - lxd/network_load_balancers: Use explicit recursion == 1 check by @Copilot in #18089
- Fix CodeQL setup for proper compilation of LXD by @simondeziel in #18088
- lxd/network_forwards: Remove duplicate query param retrievals by @Copilot in #18085
- Instance: Only allow
initial.zfs.promoteduring refresh Update action by @tomponline in #18071 - test/suites/network_zone: use static IPv6 to avoid waiting on SLAAC by @simondeziel in #18090
- Trivy action rework by @simondeziel in #18099
- test/deps/import-busybox: minor fixes by @simondeziel in #18082
- build(deps): bump github.com/golangci/golangci-lint/v2 from 2.11.3 to 2.11.4 in /tools in the gomod group by @dependabot[bot] in #18096
- lxd/storage: Fix bugs and typos in Alletra WSApi1 client by @Copilot in #18087
- Bidirectional cluster links by @kadinsayani in #17554
- Standardise operation metadata entity URL by @markylaing in #18033
- lxd/db/cluster: Fix instance backup entity URL lookup by @tugbataluy in #18084
- build(deps): bump golang.org/x/sys from 0.42.0 to 0.43.0 in the gomod group by @dependabot[bot] in #18097
- lxd: Async network peer endpoints by @MusicDin in #18073
- Refactor: Push image volume creation logic down to storage drivers by @tugbataluy in #17908
- go: Update Go minimum version to 1.26.2 by @simondeziel in #18091
- Fix: Recover from phantom DB entries and orphaned storage after interrupted cluster migrations by @tugbataluy in #17969
- lxd/storage/drivers: Skip
loopFileSizeDefaulttests when space is low by @simondeziel in #18092 - lxd: Async network zone and zone records endpoints by @MusicDin in #18078
- Copilot improvements by @kadinsayani in #18103
- Replace new occurrences of
gopkg.in/yaml.v2bygo.yaml.in/yaml/v2by @simondeziel in #18104 - Take architecture from source config while copying by @tugbataluy in #18102
- build(deps): bump github.com/mattn/go-sqlite3 from 1.14.38 to 1.14.40 in the gomod group by @dependabot[bot] in #18107
- Workflow tweaks by @simondeziel in #18105
- Storage: Prevent using
initial.zfs.promote=trueduring instance creation from an image by @tomponline in #18114 - Network: Idempotent load balancer edits by @roosterfish in #18021
- Locking: Fix deadlock by only taking storage pool and network creation lock for external API requests by @tomponline in #18115
- test/deps/import-busybox: surface error message errors on upload by @simondeziel in #18116
- lxd/daemon: Do not prune leftover images when running in Mock mode by @nmezhenskyi in #18117
- doc: Update default storage advice [WD-34727] by @Kxiru in #18113
- Improve error messages for phantom db entries by @tugbataluy in #18101
- Refactor
ioprogressusage by @markylaing in #18109 - Images: Restrict public images to the default project by @nmezhenskyi in #18052
- CONTRIBUTING: simplify retroactively adding sign-offs by @simondeziel in #18124
- Improved
ceph.confparsing to support messenger protocol v2 by @simondeziel in #18094 ioprogessfollow up by @markylaing in #18126- Use context for event lifecyle requestor in instance and storage drivers by @markylaing in #18057
- Instance: Use instance rather than container in common progress reporter by @tomponline in #18128
- doc: update homepage to match standard pattern by @minaelee in #18118
- CONTRIBUTING: fix typos by @simondeziel in #18130
- Migration: Check that moving an instance to its existing member fails with a proper error by @tomponline in #18131
- github: add US English check to copilot-instructions.md by @minaelee in #18133
- doc: Adds LXD 6.8 release notes by @tomponline in #18069
- doc: Include dqlite v1.18.6 in LXD 6.8 release notes by @tomponline in #18138
- build(deps): bump the actions group across 5 directories with 4 updates by @dependabot[bot] in #18143
- build(deps): bump the gomod group with 7 updates by @dependabot[bot] in #18141
- Storage: Fix some incorrect operation entity URLs for storage volumes and buckets by @tomponline in #18139
- [minor] Address AI findings by @simondeziel in #18149
- lxd/storage/drivers/driver_zfs: suggest daemon reload if ZFS .ko added after daemon start by @simondeziel in #18148
- build(deps): bump github.com/go-acme/lego/v4 from 4.33.0 to 4.34.0 by @dependabot[bot] in #18147
- doc: add ui section to 6.8 release notes by @edlerd in #18137
- Network: Set veth/vtap host interface MTU to the larger of parent bridge or instance MTU by @tomponline in #18127
- Cluster: Fix cluster healing functionality by @tomponline in #18151
- doc: Update 6.8 bug fix list by @tomponline in #18153
- lxd: remove legacy ZFS bucket datasets at startup and pool deletion by @simondeziel in #18146
- Replicators by @kadinsayani in #18012
- test/network-ovn: Small tweaks by @simondeziel in #18155
- test/lint/storage-patches: verify all storage drivers register
patchGenericStoragepatches by @simondeziel in #18154 - Replicators follow-up by @kadinsayani in #18158
- doc: Add Replicators to 6.8 release notes by @tomponline in #18160
- lxd: Fix URL used for initial UI identity auth check by @markylaing in #18162
- Replicators follow-up by @kadinsayani in #18166
- doc: update landing pages by @minaelee in #18161
- Cluster: Fix non-control-plane standby demotion when below standby target by @kadinsayani in #18165
- lxd/api_replicators: Use push mode for forward replication by @kadinsayani in #18168
- Release LXD 6.8 by @tomponline in #18170
New Contributors
- @larrasket made their first contribution in #17778
- @lgp171188 made their first contribution in #17999
- @adanishal made their first contribution in #17982
- @setharnold made their first contribution in #18022
- @elijahgreenstein made their first contribution in #18025
- @AnneCYH made their first contribution in #18074
Full Changelog: lxd-6.7...lxd-6.8