Covering the journey from Ubuntu 24.04 LTS (Noble Numbat) to Ubuntu 26.04 LTS (Resolute Raccoon)
The Ubuntu Foundations team manages the fundamental components of the OS: the hardware interface, package assembly, and toolchain maintenance. Our work over the last two years has spanned three interim releases: Ubuntu 24.10, 25.04, and 25.10. These cycles served as the primary environment for developing and validating the features we are now delivering in Ubuntu 26.04 LTS. Here’s a tour of what’s changed, starting from the hardware and working upward.
Hardware architecture and platform support
amd64v3: getting more performance from modern processors
Hardware enablement usually carries a tension between broad compatibility and peak performance. Our goal is to reduce this tension and ensure that peak performance is available across as wide a range of modern hardware models as possible, while maintaining stability on older platforms. In Ubuntu 25.10 (Oracular Oriole), we began closing this gap with architecture variants, a new mechanism in dpkg and apt that allows the archive to ship multiple builds of a package. Each build targets a different CPU capability level. The first beneficiary is amd64v3 (x86-64-v3), covering the modern processor instruction set available on virtually every machine made in the last decade. Most packages in the main repository were rebuilt for Ubuntu 25.10. For Ubuntu 26.04 LTS, the full archive (going beyond the main repository) has been rebuilt and tested to the same standard as any other Ubuntu package, making amd64v3 a fully supported architecture. To ensure maximum out-of-the-box compatibility, Ubuntu Desktop and Server images will continue to be delivered as amd64, with amd64v3 available as an opt-in architecture through apt update. See Ubuntu 26.04 LTS Release Notes for more details.
RISC-V: raising the baseline
For RISC-V, we raised the architecture baseline to the RVA23 profile across the archive. This brings mandatory support for scalable vector extensions and pointer masking. These capabilities bring RISC-V execution performance closer to ARM and x86. Optional extensions include control flow integrity and vector cryptography. As RVA23 hardware is not yet widely available, QEMU remains the primary supported platform for 26.04. Existing hardware continues to be supported in the 24.04 LTS series.
ARM64: Secure Boot on Qualcomm Snapdragon laptops
Ubuntu’s generic ARM64 desktop ISO, introduced in Ubuntu 24.10, targets broad UEFI-based compatibility. Supporting Secure Boot was a specific challenge on Qualcomm Snapdragon laptops: these devices lack working ACPI support on Linux, require device trees that firmware does not supply, and previously could not load those trees in a Secure Boot-compatible way. The solution was stubble, a new EFI stub developed by Canonical. It bundles device trees directly into the kernel image. The resulting binary kernel, stub, and device trees combined can be signed through the existing Launchpad signing pipeline. You can read the full technical design in the stubble specification on Ubuntu Discourse. Starting with Ubuntu 25.10, Qualcomm Snapdragon laptops boot Ubuntu with Secure Boot enabled, without grub workarounds. Ubuntu 26.04 LTS will be the first LTS to benefit from this work.
Raspberry Pi: safer kernel updates with A/B boot
On Raspberry Pi, we introduced an A/B boot partition layout that automatically validates new kernel assets before committing them as the current “known good” set. New boot assets are written to the inactive partition and tested on the next boot. If they succeed, they are promoted. This reduces the risk of a failed kernel update leaving a Pi unbootable. This functionality is particularly important for IoT and headless deployments. You can learn more about how A/B boot works in the call for testing post on Ubuntu Discourse.
The boot stack: adopting dracut
As boot requirements evolve, Ubuntu’s established initramfs-tools faced increasing compatibility challenges with modern features : Advance encryption, network boot, RAID, iSCSI and confidential computing workloads all align naturally with Dracut, a modular tool used to create initramfs images. The real obstacle to switching was migration effort: hundreds of packages ship initramfs hooks, and getting it right across a 2 year LTS support window required careful, coordinated work. That work is now done. After a gradual transition that started two years ago, dracut is the default in 25.10 with Ubuntu Server and 26.04 with Ubuntu Desktop.
Preparing for post-quantum cryptography
The threat from sufficiently capable quantum hardware may still be years away. However, the “harvest now, decrypt later” attack is already a real concern: adversaries collecting encrypted traffic today could decrypt it once quantum hardware matures, even if it doesn’t happen instantly. Ubuntu 26.04 LTS takes concrete steps toward quantum-resistant communications.
Since Ubuntu 25.10, OpenSSL 3.5 ships with support for NIST-standardized post-quantum algorithms:
- ML-KEM (CRYSTALS-Kyber) for key encapsulation
- ML-DSA (CRYSTALS-Dilithium) for digital signatures
- SLH-DSA (SPHINCS+) as a hash-based backup signature scheme
TLS connections on 25.10 and 26.04 LTS now negotiate the hybrid X25519MLKEM768 key exchange by default. This means an attacker must break both the classical and post-quantum components to compromise a session. This is a deliberate design choice: post-quantum cryptography is young, cryptanalysis is active, and hybrid key exchange means that a flaw in either component alone does not compromise the connection.
OpenSSH defaults to the mlkem768x25519-sha256 key exchange algorithm when connecting to a compatible server. This is visible when connecting to any server running OpenSSH 10.0+.
Support for these algorithms also extends to libgcrypt, wolfssl, and rustls. For users who require a post-quantum-only configuration rather than hybrid, a system-wide profile option is in preparation. You can read the full details in the post-quantum support announcement on Ubuntu Discourse.
Oxidizing Ubuntu: replacing core components with Rust
In March 2025, Jon Seager (VP of Engineering at Canonical) announced Carefully but Purposefully Oxidising Ubuntu, a goal to replace selected core system components with memory-safe Rust alternatives. Two of these changes shipped in Ubuntu 25.10 and are now default in Ubuntu 26.04 LTS.
sudo-rs is now the default provider for sudo, replacing the historic sudo.ws. Privilege escalation is a high-value attack surface, and a memory-safe implementation helps address entire classes of vulnerabilities. For the vast majority of users and scripts, the change is invisible. The original sudo.ws remains available in the archive for those who need it.
uutils rust-coreutils is now the default provider for core system utilities, replacing GNU coreutils. The implementation is highly compatible with the GNU versions. Some tools have shown meaningful performance improvements. GNU coreutils remains available and fully maintained in the archive.
Package management: apt and dpkg improvements
The apt and dpkg tooling that underpins every Ubuntu system bring improvements spanning usability, performance, and hardware awareness.
The most visible addition is apt history-list and apt history-info. These new subcommands give users detailed, structured visibility into past package operations. You can now see exactly which packages were installed, upgraded, or removed in any given transaction, and when it happened.
Output quality also improved. Package listings are now colorized and column-aligned by default. This makes it easier to distinguish states at a glance during interactive use, which is particularly useful when reviewing long upgrade lists.
Under the hood, an all new dependency solver provides performance improvements that reduce resolution time for complex dependency graphs. For large systems or constrained environments with many package constraints, this translates directly into faster apt upgrade and apt install runs.
Finally, apt and dpkg now can select the best available architecture variant for the host when a user opts into architecture variants. This is the foundation that makes amd64v3 package upgrades work seamlessly. When a user opts in, the package manager handles selection transparently, with no manual intervention needed. Looking further ahead, this same mechanism will enable future architecture variants across other supported platforms.
Developer toolchains in the distro
The Ubuntu Foundations toolchains team expanded its mandate significantly over this two-year period. The goal is not just to ship the latest version of each toolchain, but to make Ubuntu a platform where every major language ecosystem has well-maintained, version-specific packages available across both the current release and older supported LTS releases. The team now maintains this depth across GCC, LLVM/Clang, Python, Rust, Go, Java, and .NET. Read more about the toolchains journey on Ubuntu.
A full version matrix for each toolchain across all supported Ubuntu releases is available in the toolchain availability reference on the Ubuntu for Developers documentation site.
GCC
Ubuntu 26.04 LTS ships GCC 15 as the default compiler, with versions 11 through 15 all available in the archive. Older LTS releases remain well-served: Noble Numbat (24.04 LTS) defaults to GCC 13 with versions 9 through 14 available, and Jammy Jellyfish (22.04 LTS) retains access to GCC 9 through 12.
LLVM/Clang
Ubuntu 26.04 LTS carries LLVM 21 as default, with versions 17 through 21 available in the archive, including an upstream snapshot package for pre-release functionality. Noble Numbat (24.04 LTS) defaults to LLVM 18, with versions 14 through 20 available.
Python
Ubuntu 26.04 LTS ships Python 3.13 as default. Noble Numbat (24.04 LTS) ships Python 3.12, and Jammy Jellyfish (22.04 LTS) ships Python 3.10. All releases carry additional minor versions in the archive alongside their default.
Rust
Ubuntu 26.04 LTS ships Rust 1.93.1. Noble Numbat (24.04 LTS) and Jammy Jellyfish (22.04 LTS) have updates to Rust 1.91,enabling projects that require a recent compiler to build on supported LTS releases without relying on unofficial channels.
Go
Ubuntu 26.04 LTS ships Go 1.24 as default. The Go snap provides versioned channels all the way back to 1.6, as well as FIPS-validated builds for Go 1.18 through 1.23. Jammy Jellyfish (22.04 LTS) has access to Go versions 1.13 through 1.23 via the archive.
Java (OpenJDK)
Ubuntu 26.04 LTS defaults to OpenJDK 21, with versions 8, 11, 17, 21, and 25 available in the archive. OpenJDK 17 and 21 are TCK-certified on Ubuntu, formally verified for conformance with the Java SE specification across five architectures on a quarterly basis. You can read more about Canonical’s TCK effort in the TCK certification post on Ubuntu Discourse. CRaC-enabled builds for checkpoint/restore workloads are available for OpenJDK 17, 21, and 25.
.NET
Ubuntu 26.04 LTS ships .NET 8 (LTS), .NET 9, and .NET 10 (LTS) as deb packages across amd64, arm64, s390x, and ppc64el. Canonical maintains a backports PPA for versions not committed to the full LTS lifetime, and a previews PPA tracking Microsoft pre-release builds. Noble Numbat (24.04 LTS) has access to .NET 8, 9, and 10 across all four architectures. A dotnet snap provides .NET 8 through 10 on Ubuntu 22.04 and above for amd64 and arm64, with debug symbols packages available for all three supported versions.
Looking ahead
Two years of work, one consistent theme: modernizing Ubuntu’s foundations on a robust foundation of 5 years of support. From silicon to cryptography, Resolute Raccoon lands with a stack that is better equipped for the decade ahead. But this is far from the end of the story. There is more road ahead. Between now and Ubuntu 28.04 LTS, there is a lot to build. We will keep sharing progress here as it happens, so stay tuned.