The LXD 5.21/stable channel is being updated to include interim fixes since the LXD 5.21.4 LTS interim snap release 5.21.4-de343be.
It will become available progressively as snap version: 5.21.4-8caf727 in the 5.21/stable channel (it is available now in the 5.21/candidate snap channel).
This release includes fixes for several security issues:
- Container environment configuration newline injection (CVE-2026-23953 from Incus)
- Container image templating arbitrary host file read and write (CVE-2026-23954 from Incus)
- Container hook project command injection (from Incus)
Fixes:
- Security fixes - https://github.com/canonical/lxd/pull/17577
- OVN load balancers and network forwards on networks with no IPv6 - Network: Fix `getExternalSubnetInUse` function by nmezhenskyi · Pull Request #17633 · canonical/lxd · GitHub
- Pro and Microcloud feature flag handling - https://github.com/canonical/lxd/pull/17626
lxcCLI forward compatibility with LXD 6.7 - Backports (stable-5.21) by tomponline · Pull Request #17654 · canonical/lxd · GitHub- ZFS 2.4 support.