Lunar Lobster Release Notes

Lunar Lobster Release Notes


These release notes for Ubuntu 23.04 (Lunar Lobster) provide an overview of the release and document the known issues with Ubuntu and its flavours.

Support lifespan

Ubuntu 23.04 will be supported for 9 months until January 2024. If you need Long Term Support, it is recommended you use Ubuntu 22.04 LTS instead.

New features in 23.04

Updated Packages

Linux kernel :penguin:


Toolchain Upgrades :hammer_and_wrench:

debuginfod service

A lot of work has been done during this cycle to improve our debuginfod service.

  • The service now indexes and serves source-code for a considerable number of packages (those that honor dpkg-buildflags during build time). Ultimately, this means that users will not need to manually download a package’s source-code (using apt-get source, for example), nor will they need to fiddle with GDB’s dir or set substitute-path commands. Source-code fetching will be done transparently by the debugger, which will save a considerable amount of time.

  • The service is now able to index and service debugging artifacts from private PPAs. Currently, it only indexes the ESM PPAs.

  • The rate at which the service indexes new ddebs and source-code has been improved.


Ruby :gem: was updated from v3.0 to v3.1. More details in its section below.

Security Improvements :lock:


Base System


Ubuntu Desktop

New installer expected

GNOME :footprints:

Updated Applications

Updated Subsystems

Updated Ubuntu font

Ubuntu Server


  • mod_http2 has a partial rewrite of how connections and streams are handled in 2.4.55. APR pollset and pipes do the monitoring instead of stuttered timed waits. Resource handling for misbehaving clients is improved.
  • mod_proxy_hcheck detects AJP/CPING support correctly now.

AppArmor updates

Two more packages now have AppArmor profiles defaulting to enforce mode: rsyslog and isc-kea.

Previously, rsyslog did have an apparmor profile, but it was disabled by default. This profile was examined and changed, and is a bit more dynamic now, adjusting itself to the rsyslog configuration. For example, if the MySQL rsyslog module is installed, then the profile adapts to allow a connection to a local MySQL server.

isc-kea was lacking an AppArmor profile, and we added one now that also defaults to enforce mode.

Cloud images

  • Cloud Images updated default fstab entry for ext4 root filesystem to use commit=30 seconds option, previously 30 seconds was implicit default on amd64 images with linux-kvm kernel flavour, and 5 seconds on all other cases. This improves performance and power efficiency at the expense of data-safety. See bug and merge proposal for further details.
  • AWS amd64 images use now the new uefi-preferred boot mode. See AWS documentation for details.


cloud-init was updated from 22.4 to the 23.1 release. The new release includes the following highlights:

  • new datasource support: NWCS
  • Azure: fix device driver matching for NICs to match hv_netvsc
  • AliYun: support security token-based IMDS interaction
  • LXD:
    • support LXD preseed in #cloud-config
    • opt-in network hotplug for LXD datasource
  • NoCloud: live installer support DMI variable expansion for kernel cmdline params
  • OpenStack: IPv6 detection of IMDS
  • Netplan:
    • Direct pass-though of v2 network config in netplan systems
    • Render network config root-readonly to allow for security sensitive config
    • add gateway on-link support
  • Ansible: Ansible galaxy install, control module and pip bootstrap
  • ssh: support config for multiple host certs
  • cloud-config schema
    • Allow jinja template and variable expansion of instance-data.json values in /etc/cloud
    • cloud-init schema --system validates user-data and vendor-data
  • machine-readable output --format yaml/json in cloud-init status
  • cloud-init clean --machine-id better support for installed image clone
  • docs: documentation overhaul, new howtos, restructure to diataxis framework

Container runtimes


It was updated to version 20.10.21. This new version comes with many security and bug fixes, also library updates. For a more complete description of the changes refer to the upstream release notes.


It was updated to version 1.6.12. Some interesting changes are:

  • Migrate from to
  • Add support for CAP_BPF and CAP_PERFMON
  • Seccomp: Allow clock_settime64 with CAP_SYS_TIME
  • Allow ptrace(2) by default for kernels >= 4.8

Plus some security fixes. For the complete list of changes please refer to the upstream release page.


It was updated to version 1.1.4. Some interesting changes are:

  • Our seccomp -ENOSYS stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return -EPERM despite the existence of the -ENOSYS stub code (this was due to how s390x does syscall multiplexing).
  • Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes.

All the improvements and bug fixes can be found in the upstream release page.


Several new options are included with the upgrade from 2.86 to 2.89, including --fast-dns-retry, --use-stale-cache, --conf-script, and --port-limit. --nftset is like -ipset but for the newer nftables.


Following the yearly flow of upstream DPDK LTS releases Ubuntu 23.04 contains the most recent DPDK LTS including a follow up stable release on this LTS stream now being at 22.11.1 in lunar.

That contains various new device drivers, fixes and optimizations. Even the rather huge release notes is just about 22.11 itself. The Upstream changed from a four to a three release per year cadence, therefore compared to the former DPDK LTS 21.11 that shipped with Ubuntu 20.04, 21.04 and 21.10 you’d also want to read the DPDK release notes of 22.03, 22.07.

This new version of DPDK is now also built and available for riscv64.


frr was updated to version 8.4.2, after having stayed at 8.1 for two full Ubuntu releases (since Jammy). There have been many bug fixes and improvements between these versions, please see the upstream release notes collection at for details.



It was updated to version 3.1.7. This release contains important bugfixes and the knet_mtu (for more information please see corosync.conf(5)) feature. For more details, please, check out the upstream release notes.

Fence Agents

It was updated to version 4.12.1. It contains some fixes and improvements in various agents. For more details check the upstream repository.


haproxy was updated to the new upstream LTS series: 2.6. Many new features and performance improvements are present in this release, please see the announcement at and the corresponding blog post at for details.


Release 7.8 improves the Heimdal database (HDB) propagation feature to include progressive diff sending, partial writes, async I/O, and other associated refinements.


Tracking the releases of libvirt continuously version v9.0.0 is now provided in Ubuntu 23.04 which - among many other fixes, improvements and features - includes:

  • For example there have been many new features for qemu:
  • external snapshot deletion
  • external backend for swtpm
  • passing FDs instead of opening files for
  • Allow multiple nodes for preferred policy
  • Report Hyper-V Enlightenments in domcapabilities
  • Support for SGX EPC (enclave page cache)
  • Support migration of vTPM state of QEMU vms on shared storage
  • qemu: Core Scheduling support (not enabled by default)
  • qemu: Add support for specifying vCPU physical address size in bits
  • See the upstream changelog for the many further improvements and fixes since version 8.6.0 that was in Ubuntu 22.10

Open vSwitch

The new version 3.1.0 of openvswitch is in Ubuntu 23.04 and provides a general update including the following changes:

  • Now also built and available for riscv64
  • ovs-vswitchd now detects changes in CPU affinity and adjusts the number of handler and revalidator threads if necessary.
  • Add support for DPDK 22.11.1.
  • For the QoS max-rate and STP/RSTP path-cost configuration OVS now assumes 10 Gbps link speed by default in case the actual link speed cannot be determined.
  • ovs-ctl: New option ‘–dump-hugepages’ to include hugepages in core dumps. This can assist with postmortem analysis involving DPDK, but may also produce significantly larger core dump files.
  • Support for AF_XDP is now built by default.
  • The OVS News page holds more details about the new version.

PostgreSQL 15

PostgreSQL was updated to the new PostgreSQL 15 release. This new major release includes sort performance and compression improvements, support for the SQL MERGE command, and a new JSON logging format, which allows logs to be processed in structured logging systems.


Qemu was updated to version v7.2.0 which brings many major and minor improvements. Among others this version includes:

  • Arm
    • Emulation of arm Cortex-A76, Cortex-A35 and Neoverse-N1 CPUs
    • The virt board now supports emulation of the GICv4.0
    • Several new PCPU architecture features are now emulated as well
  • Risc-V
    • Add support for privileged spec version 1.12.0
    • Add support for the Zbkb, Zbkc, Zbkx, Zknd/Zkne, Zknh, Zksed/Zksh and Zkr extensions
    • Add support for Zmmul extension
    • Add TPM support to the virt board
    • virt machine device tree improvements
  • s390x
    • Emulate the s390x Vector-Enhancements Facility 2 with TCG
    • The s390-ccw bios has been fixed to also boot from drives with non-512 sector sizes that have a different geometry than the typical DASD drives
    • Fix emulation of LZRF, VISTR, SACF instructions
    • Enhanced zPCI interpretation support for KVM guests
    • Implement Message-Security-Assist Extension 5 (random number generation via PRNO instruction)
  • More
    • Support for zero-copy-send on Linux, which reduces CPU usage on the source host. Note that locked memory is needed to support this.
    • TCG performance improvements in full-system emulation
    • TCG support for AVX, AVX2, F16C, FMA3 and VAES instructions
  • There are many more changes, see the upstream changelog for version 7.1 and version 7.2 for an overview of those. These also contain a list of suggested alternatives for removed, deprecated and incompatible features.


The very feature rich and versatile rclone package received an update after having stayed at version 1.53 for the last two Ubuntu releases. The new version 1.60.1 has many new features, backends, and bugfixes. Please see the upstream release notes collection at for details on the changes in 1.60.1 and earlier.

Ruby 3.1

The default Ruby interpreter was updated to version 3.1, it keeps compatibility with Ruby 3.0 and adds many features. In order to get an overview of what changed please check out the Ruby 3.1 Release Announcement.

An important thing to keep in mind is that the following gems are not bundled in the standard library:

  • net-ftp
  • net-imap
  • net-pop
  • net-smtp
  • matric
  • prime
  • debug

One change that has impacted multiple projects is the Psych 4.0 change from Psych.load to safe_load by default, check it out when migrating to Ruby 3.1.


The samba package was updated to the 4.17.x series. Here are the upstream release notes:

Specially when compared with earlier releases, this series brings performance improvements in file operations which were previously impacted by security fixes for symlink attacks. Samba now uses less system calls when validating directory names, and has less wakeup events which previously led to massive latencies for some clients. See the release notes linked above for details.


Many new configuration options have been introduced in version 2.8.0. You can see a list of them by looking at upstream’s release notes.


In the upgrade from 0.9.1 to 0.10.4, Vulkan support has been implemented, which promises more efficient 3D performance on certain hardware.



Known Issues

As is to be expected, with any release, there are some significant known bugs that users may run into with this release of Ubuntu. The ones we know about at this point (and some of the workarounds), are documented here so you don’t need to spend time reporting these bugs again:


Nothing yet.

Linux kernel

Nothing yet.

Ubuntu Desktop

Nothing yet.

Ubuntu Server

Nothing yet.


Cloud Images


Raspberry Pi

Nothing yet.


Nothing yet.

Official flavours

The release notes for the official flavours can be found at the following links:

  • Kubuntu Release Notes
  • Lubuntu Release Notes
  • Ubuntu Budgie Release Notes
  • Ubuntu MATE Release Notes
  • Ubuntu Studio Release Notes
  • Ubuntu Unity Release Notes
  • Xubuntu Release Notes

More information

Reporting bugs

Your comments, bug reports, patches and suggestions will help fix bugs and improve the quality of future releases. Please report bugs using the tools provided. If you want to help out with bugs, the Bug Squad is always looking for help.

Participate in Ubuntu

If you would like to help shape Ubuntu, take a look at the list of ways you can participate at:

More about Ubuntu

You can find out more about Ubuntu on the Ubuntu website.

To sign up for future Ubuntu development announcements, please subscribe to Ubuntu’s development announcement list at: