Hirsute Hippo Release Notes
These release notes for Ubuntu 21.04 (Hirsute Hippo) provide an overview of the release and document the known issues with Ubuntu and its flavours.
Subscribers to the
ubuntu-announce mailing list and long term participants in the Ubuntu community will have come across Adam Conrad’s work. Adam, known in the community as infinity, was a long-term member of the release team and colleague to many of us at Canonical. As a member of the release team, Adam was responsible for devising many of the processes and tools which we use today, and (whether he wanted to or not) teaching his fellow members the ropes. Adam passed away earlier this year after being unwell for some time. The Ubuntu Release Team dedicates 21.04 “Hirsute Hippo” to our colleague and friend infinity. He is missed and will live in our hearts forever.
Ubuntu 21.04 will be supported for 9 months until January 2022. If you need Long Term Support, it is recommended you use Ubuntu 20.04 LTS instead.
Get Ubuntu 21.04
Download Ubuntu 21.04
Images can be downloaded from a location near you.
You can download ISOs and flashable images from:
- Ubuntu Desktop and Server for 64-bit x86 (AMD64)
- Less Frequently Downloaded Ubuntu Images
- Ubuntu Cloud Images
- Ubuntu Budgie
- Ubuntu Kylin
- Ubuntu MATE
- Ubuntu Studio
New features in 21.04
Ubuntu 21.04 includes the 5.11 Linux kernel. This includes numerous updates and added support since the 5.8 Linux kernel released in Ubuntu 20.10. Some notable examples include:
- Better anonymous memory management to reduce swapping
- New cgroup slab controller which allows sharing of slab memory between cgroups
- Proactive memory compaction to reduce latency for huge-page allocations under fragmented memory conditions
- Support for running BPF programs on socket lookups
- FSGSBASE support to improve context switch performance on x86 processors
- Support for using Intel SGX to create encrypted enclaves
- Support for running SEV-ES guests under KVM to protect guest register state from the hypervisor
- Support for extended attributes in NFS
- fsync() performance improvements for ext4 and btrfs
- Btrfs performance and data recovery improvements
- io_uring restriction support to facilitate secure sharing of rings to less-trusted processes
- virtio-fs DAX support to improve performance and reduce memory consumption
- Intel Rocketlake and DG1 graphics support
- AMD Vangogh, Green Sardine, and Dimgrey Cavefish graphics support
GCC was updated to the 10.3.0 release, binutils to 2.36.1, and glibc to 2.33. Python now ships at version 3.9.4, Perl at version 5.32.1. LLVM now defaults to version 12. golang defaults to version 1.16.x. rustc defaults to version 1.50.
In addition to OpenJDK 11, OpenJDK 16 is now provided (but not used for package builds).
Ruby was updated from v2.7.0 to v2.7.2, and rubygems has been extracted from ruby2.7 source and is provided as a separate package.
Secureboot on x86_64 (amd64) and AArch64 (arm64) have been improved to include SBAT capable shim, grub2, fwupd. For more details see this discourse post.
nftables is now the default backend for the firewall.
- Added support for smartcard authentication (via
- Wayland is now the default on most configurations, which features better security and performance
- The desktop view now properly handles drag and drop interactions, e.g. dragging from/to the file manager
- The power profile mode can now be changed from the settings (on configuration where there is proper kernel support)
- Pipewire support is now enabled which restore working screen recording and allow better audio handling for sandboxed applications
- The installer includes support for specifying a recovery key, which can be used to decrypt the disk if the password is forgotten
- The Active Directory integration has been improved. User authentication with GPO enabled works out of the box after installation. It also includes a Group Policy client (ADSys) to configure various settings from a central AD controller.
While the new shell version hasn’t been included yet in Ubuntu the applications have been mostly updated to their GNOME 40 versions.
- Firefox version 87
- LibreOffice version 7.1.2-rc2
- Thunderbird version 78.8.1
- PulseAudio 14
- BlueZ 5.56
- NetworkManager 1.30
This release brings you Rails 6! For users coming from Ubuntu 20.04, they can now enjoy the newer version of Rails, moving from v5.2.3 to v126.96.36.199. Some of the exciting features include the new Action Mailbox, Action Text, Parallel Testing, Action Cable Testing, support for Host Authorization, and so on.
QEMU was updated to the 5.2 release.
- One noteworthy new feature is the addition of a first version of virtio-mem which allows which allows fine-grained, NUMA-aware memory hot(un)plug for VMs, avoiding many limitations known from memory ballooning (virtio-balloon)
- Furthermore RISC-V emulation made major steps adding various further CPU types.
- See the upstream changelog for 5.1 and 5.2 for an overview of the many improvements.
Libvirt has been updated to version 7.0.
- Since Libvirt 6.10 TLS based connections will do client TLS certificate validation by default for
- Since 6.9.0 one can use transient disks and vdpa devices with the qemu hypervisor
- Since 6.7.0 iSCSI passthrough devices can also configure an initiator
- See the upstream Changelogs for the many improvements and fixes since version 6.6 that was in Groovy.
DPDK was updated to 20.11.1
- Various new features and drivers can be found in the 20.11 release notes
- Hirsute ships with 20.11.1 already being the first stable release of the 20.11 series.
Open vSwitch has been updated to 2.15
- The ovsdb transaction format in the database files has been changed. New ovsdb-server process will be able to read old database format, but old processes will fail to read database created by the new one. For cluster and active-backup service models follow upgrade instructions in ‘Upgrading from version 2.14 and earlier to 2.15 and later’ section of ovsdb(7).
- Further changes and improvements can be found in the changelog
Chrony has been updated to version 4.0
- Chronyd’s configuration can now be fragmented. Please see
/etc/chrony/conf.d/README for more information.
- NTP sources can be specified in /etc/chrony/sources.d. Please see
/etc/chrony/sources.d/README for more information.
- The seccomp filtering was further improved and is now enabled by default
- Better security with AES-CMAC keys (AES128, AES256) via Nettle and support for Network Time Security (NTS) authentication
- More details what changed since the former version 3.5 can be found on the upstreams news page.
Strongswan has been updated to 5.9.1
- AEAD algorithms are now preferred for ESP and therefore openvpn puts AES-GCM in a default AEAD proposal in front of the previous default proposal
- Various fixes for the Networkmanager frontend and backend
- These and more changes since the former 5.8.4 can be found in the upstream changelog
Openvpn has been updated to 2.5.1
- Connection setup is now much faster
- Improved TLS 1.3
- Better Asynchronous (deferred) support for authentication, client-connect scripts and plugins
- 802.1q VLAN support on TAP servers
- IPv6-only tunnels
- These and many more changes since the 2.4.x series can be read in detail in the upstream changelog of the 2.5 series
Virt-manager has been updated to 3.2.0
- Generally the UI flow has been streamlined (rare options got removed) but that isn’t dropping those features entirely - anything else that comes to mind can be addressed via the now stable builtin XML editor.
- Details can be found on the news page of the upstream project.
Postgresql has been updated to v13.2
- This update contains many new features and enhancements, including:
- Space savings and performance gains from de-duplication of B-tree index entries
- Improved performance for queries that use aggregates or partitioned tables
- Better query planning when using extended statistics
- Parallelized vacuuming of indexes
- Incremental sorting
- These and a long list of further enhancements as well as bug fixes can be found in the release notes of v13.0, v13.1 and v13.2
Samba has been updated to 4.13.3
- Samba’s original domain controller mode has been deprecated. Sites using Samba as a Domain Controller should upgrade from the NT4-like ‘classic’ Domain Controller to a Samba Active Directory Domain Controller to ensure full operation with modern Windows clients.
- SMBv1-only protocol options have been deprecated. A number of smb.conf parameters for less-secure authentication methods which are only possible over SMBv1 are deprecated in this release.
SSSD has been updated to 2.40
- Support for libnss has been dropped. SSSD now supports only openssl cryptography.
Net-SNMP has been updated to 5.9
- Support for OpenSSL 1.1.1 has been added.
Rsyslog has been updated to 8.2102.0
- A new module “imhttp” has been added, which allows rsyslog to receive log data via HTTP.
Containerd has been updated to 1.4.4
- Support cgroups v2
- Improved SELinux support
- Deprecate io.containerd.runtime.v1.* and io.containerd.runc.v1
Runc has been updated to 1.0.0-rc93
- Support cgroups v2
- Special handling for seccomp profiles to avoid making new syscalls unusable for glibc
- Various rootless containers improvements
Docker.io has been updated to 20.10.2
- Support cgroups v2
- Deprecate aufs storage driver. For more deprecations take a look at Deprecated Engine Features
Targetcli-fb replaces tgt
- Already in Ubuntu 20.10 targetcli-fb which controls the kernels LIO support was fully supported. That was the first step to replace the aging tgt. Now in 21.04 the last remaining ties to tgt were cut (and thereby tgt got demoted) making targetcli-fb the single recommended tool to provide iSCSI targets.
- Compared to tgt It provides better performance for iSCSI targets, full SCSI 3 reservations (for clustering) and a multitude of further features missing from the narrower implementation of tgt.
Other noteworthy changes
needrestart is installed by default on Ubuntu Server.
The nginx lua module has been removed as the latest upstream version of this module no longer works with Nginx directly. See bug 1893753 for details.
Ubuntu 21.04 includes the latest OpenStack release, Wallaby, including the following components:
- OpenStack Identity - Keystone
- OpenStack Imaging - Glance
- OpenStack Block Storage - Cinder
- OpenStack Compute - Nova
- OpenStack Networking - Neutron
- OpenStack Telemetry - Ceilometer, Aodh, Gnocchi, and Panko
- OpenStack Orchestration - Heat
- OpenStack Dashboard - Horizon
- OpenStack Object Storage - Swift
- OpenStack DNS - Designate
- OpenStack Bare-metal - Ironic
- OpenStack Filesystem - Manila
- OpenStack Key Manager - Barbican
- OpenStack Load Balancer - Octavia
- OpenStack Instance HA - Masakari
Please refer to the OpenStack Wallaby release notes for full details of this release of OpenStack.
OpenStack Wallaby is also provided via the Ubuntu Cloud Archive for OpenStack Wallaby for Ubuntu 20.04 LTS users.
WARNING: Upgrading an OpenStack deployment is a non-trivial process and care should be taken to plan and test upgrade procedures which will be specific to each OpenStack deployment.
Make sure you read the OpenStack Charm Release Notes for more information about how to deploy and operate Ubuntu OpenStack using Juju.
Google Cloud Platform images now include the Google OS Config Agent.
Azure images will use /dev/ptp_hyperv as the main PTP refclock, to avoid conflicts with other PTP devices. (LP: #1913763)
- Support for accelerated Wayland-based desktop
- Support for GPIO via libgpiod and the new liblgpio (bug 1916901), and an updated gpiozero library with liblgpio support integrated
- Support for WiFi and Bluetooth on the Compute Module 4 (bug 1912905 and bug 1921915)
- HiFive SiFive Unleashed and HiFive SiFive Unmatched images are now available. See wiki for more details.
- Both image are usable in QEMU, however currently requires u-boot-qemu from Hirsute.
IBM Z and LinuxONE / s390x-specific enhancements since 20.10 (partially not limited to s390x):
SMC-D v2 support was added to the kernel (bug 1853291) which enables docker connectivity. The smc-tools were upgraded to 1.5.0 (bug 1914034), SMC-R Link Group (LG) support added to the kernel (bug 1905023) and the s390-tools (bug 1887932), and wireshark was updated to include SMC support (bug 1887933).
Support for HiperSockets/Ethernet Converged Interfaces was added to the kernel (bug 1853286) and s390-tools (bug 1891514), now allowing to form a single LAN based on HiperSockets and OSA/RoCE interfaces. The network configuration is simplified with a single network interface and provides the ability to communicate with z/OS hosts using HiperSockets Layer 2.
Several virtualization stack improvements were added like enablement for enhanced hardware diagnose data of guest kernel (bug 1853313) and qemu (bug 1853314), full implementation of zPCI function properties in kernel (bug 1887923) and qemu (bug 1887922), support for virtio-fs was added (bug 1887924) as well as libvirt node device driver support for DASD (bug 1904701) and for vfio-ap matrix device (bug 1905019). In addition host key document verification for s390-tools genprotimg was added (bug 1882807).
The NVMe support was expanded with IPL Load Normal support in kernel (bug 1887921) and s390-tools (bug 1887920) and stand-alone dump support again in kernel (bug 1887940) and s390-tools (bug 1892824).
Valgrind was updated to v3.16.1 (bug 1825343) with additional IBM Z support (z14).
The zcrypt device driver was improved to provide indications that ap bus initialization and bindings are complete (bug 1901674), additional state for ‘offline due to error’ was added to the kernel (bug 1902866) and the s390-tools (bug 1902865) and EP11 related enhancements for the pkey module and the zkey tool were done (bug 1902862). Opencryptoki was bumped to the latest version 3.15.1 with patches on top (bug 1906369), including PKCS #11 3.0 baseline provider support (bug 1904558), enhanced EP11 token functionality (bug 1904560) and improved key management tool support for key deletion (bug 1904561).
By making use of SCLP’s ‘extended-length-SCCB facility’ to read SCP and CPU info, current 4k limitations are solved and the preparation for future hardware take its course (bug 1925030).
Several installer enhancements were added (that largely also landed in 20.04.2), like DASD FBA fixes and support (bug 1885890), (bug 1876011) and (bug 1899692), DASD ECKD pass over via virtio-blk support (bug 1893775), low-level DASD ECKD format support (bug 1887669), DASD ECKD ModA EAV (bug 1887669) and EAV-II support (bug 1878596), refinements in LVM handing (bug 1905412) and installer update improvements (bug 1921820).
Phased updates in APT
APT now respects phased updates, see the Phased updates in APT 21.04 thread for more details.
The package popularity-contest is no longer seeded and is not configured to submit information to popcon.ubuntu.com as the client and server have been broken for multiple releases of Ubuntu.
As is to be expected, with any release, there are some significant known bugs that users may run into with this release of Ubuntu. The ones we know about at this point (and some of the workarounds), are documented here so you don’t need to spend time reporting these bugs again:
Upgrades from Ubuntu 20.10 to Ubuntu 21.04 are not enabled as it is possible for some systems to end up in an unbootable state if they use EFI version 1.10 - bug 1925010. Release upgrades will be enabled once an updated version of shim is available which is compatible with EFI version 1.10.
[s390x KVM guests only] Hirsute KVM guests do not react correctly to the detachment of KVM disks initiated from the host, leaving stale block devices that can cause hung processes. It is advisable to defer upgrading s390x KVM guests to Hirsute until bug 1925211 is fixed if disks are to be detached from the VM.
KVM postcopy migration will - with the new default settings of kernel v5.11 - no more work out of the box. This is due to userfaultfd: add user-mode only option to unprivileged_userfaultfd sysctl knob which for security reasons has a default that prohibits this kind of migrations. If an admin wants to enable unrestricted userfaults he can do so via
sudo sysctl -w "vm.unprivileged_userfaultfd=1"then postcopy migrations will work again.
On a system which uses Broadcom wireless if you enable the wireless driver before installing Ubuntu then the drivers will not be available on the installed system. To workaround this do not enable the wireless driver before installation. (bug 1923477)
Audio doesn’t work on systems with Intel Soundwire. However HDMI, Bluetooth or USB devices work fine:
VMWare Player “Easy Install” stops on the “Prepare” page of the installer. The user must click on “Continue” to continue the installation automatically.
- When launching Azure Virtual Machines with accelerated networking enabled, public key(s) might not be deployed correctly on the instance. Please see bug 1919177 for more information.
- Due to changes in glibc 2.33 Ubuntu 21.04 container images require updated container runtimes.
All widely used container runtimes shipped in supported versions of Ubuntu have been updated via the standard stable release updates procedure.
Container hosts running other operating systems may need manual updates. (bug 1916485)
- After initial user setup on the desktop image, the desktop will be running X11. Restart to login to a Wayland session (bug 1925483)
- After initial user setup on the desktop image, several packages can still be autoremoved (bug 1925265); run
sudo apt autoremoveto work around this
- The FKMS overlay has been switched to KMS on the desktop image to fix corruption of X11 applications; this affects the display functionality of the Raspberry Pi camera applications (
libraspberrypi-binpackage). As a result the camera firmware is disabled in
config.txt(and will be disabled, if found, for upgraders from Groovy). You may enable it again, and recording / capture functionality of these applications should work but be aware that preview will not
- On the desktop image, the wrong audio output device is selected on each boot. A workaround is available in the bug report (bug 1899962)
- On the desktop image, the default user does not belong to the “dialout” group with the result that they do not have non-root access to the GPIO pins (bug 1923363); run
sudo adduser $USER dialoutthen logout and login if you wish to work around this
- On the Pi Foundation’s IO Board for the Compute Module 4, the USB ports are routed to the DWC2 USB2 controller (which is attached to the USB-C port on the Pi 4). This is not in host-mode by default meaning that keyboards (and other devices) will not work. Add the following line to the
config.txtin order to enable the USB ports on the IO board:
A commented out instance of this line can be found in
- On the server image, the “overlay_map” device-tree is in the wrong location on the boot partition until the first run of “flash-kernel” (bug 1922779); run
sudo flash-kernelto work around this.
The release notes for the official flavours can be found at the following links:
- Kubuntu Release Notes
- Lubuntu Release Notes
- Ubuntu Budgie Release Notes
- Ubuntu Kylin Release Notes
- Ubuntu MATE Release Notes
- Ubuntu Studio Release Notes
- Xubuntu Release Notes
Your comments, bug reports, patches and suggestions will help fix bugs and improve the quality of future releases. Please report bugs using the tools provided. If you want to help out with bugs, the Bug Squad is always looking for help.
Participate in Ubuntu
If you would like to help shape Ubuntu, take a look at the list of ways you can participate at:
More about Ubuntu
You can find out more about Ubuntu on the Ubuntu website.
To sign up for future Ubuntu development announcements, please subscribe to Ubuntu’s development announcement list at: