LXD 6.3 has been released

tomp · March 12, 2025, 8:48am

Introduction

The LXD team would like to announce the release of LXD 6.3!

This is the third feature release in the 6.x series.

It includes many new features and improvements.

Thank you to everyone who contributed to this release!

New features and highlights

New snap track for the 6.x series

With the recent announcement that the MicroCloud snap’s latest/stable channel is due to be closed in preference to series specific tracks (e.g. 2/stable for the current LTS and the yet-to-be-released 3/stable for the next series) the LXD snap is aligning by also using series specific tracks.

As such the 6.x series will now be published into both latest/stable and 6/stable.

The per-feature release tracks (e.g 6.x/stable) will no longer be created.
However snap updates can still be controlled.

The 6/stable channel will continue to follow the LXD 6.x series as it progresses from a feature release series into an LTS release in 2026.

There are no plans currently for LXD’s latest/stable channel to be closed, however we would encourage you to install from a series specific track so that your systems are not on a forever rolling release, and instead remain with particular series until manually switched.

snap refresh lxd --channel=6/stable

A reminder that the current LTS series for LXD is available from the 5.21/stable snap channel.

Pure storage driver

LXD now supports new storage driver pure, allowing interaction with remote Pure Storage arrays.

Pure Storage is a software-defined storage solution. It offers the consumption of redundant block storage across the network.

LXD supports connecting to Pure Storage storage clusters through two protocols: either iSCSI or NVMe/TCP. In addition, Pure Storage offers copy-on-write snapshots, thin provisioning, and other features. Note that iSCSI requires iscsiadm to be installed on the LXD host.

To use Pure Storage with LXD it requires a Pure Storage API version of at least 2.21, corresponding to a minimum Purity//FA version of 6.4.2.

The following command demonstrates how to create a storage pool named my-pool that connects to a Pure Storage storage array using NVMe/TCP.

lxc storage create my-pool pure \
    pure.gateway=https://<pure-storage-address> \
    pure.api.token=<pure-storage-api-token> \
    pure.mode=nvme

Support for storage driver pure is also included in LXD UI.

Documentation: Pure Storage

API extension: storage_driver_pure

Ubuntu Pro attachment for LXD instances

LXD now supports auto-attachment of Ubuntu Pro to LXD instances. This means that Ubuntu Pro can be automatically enabled inside LXD instances if configured on the host where LXD is running.

This feature can be enabled by configuring the lxd_guest_attach setting in the Ubuntu Pro client.

pro config set lxd_guest_attach={on,available,off}

An additional configuration key ubuntu_pro.guest_attach (values on/off/available) was also added to override this behaviour in the guest. The below table contains all options for the host and guest.

	`on (host)`	`available (host)`	`off (host)`	`unset (host)`
`on (guest)`	auto-attach on start	auto-attach on start	guest attachment disabled	guest attachment disabled
`available (guest)`	attach on `pro auto-attach`	attach on `pro-auto-attach`	guest attachment disabled	guest attachment disabled
`off (guest)`	guest attachment disabled	guest attachment disabled	guest attachment disabled	guest attachment disabled
`unset (guest)`	auto-attach on start	attach on `pro-auto-attach`	guest attachment disabled	guest attachment disabled

Note: Ubuntu Pro guest attachment will become available upon the next release of the Ubuntu Pro client. The upgraded client must be present on both the host and the guest.

API extension: ubuntu_pro_guest_attach

Nvidia GPU container pass-through support on Ubuntu Core 24 hosts

LXD now supports GPU pass-through support in containers when running on Ubuntu Core 24 systems.

Currently, this feature requires having a recent version of snapd and the core24 snap.
Also the pc-kernel snap needs to be installed from a custom snap channel.

E.g.

First update the Ubuntu Core system:

snap refresh snapd
snap refresh core24

Next install a custom kernel snap:

snap refresh pc-kernel --channel 24/edge/nvidia-components-sdp
snap install pc-kernel+nvidia-550-ko
modprobe nvidia_drm modeset=1
sudo modprobe nvidia_uvm
snap install pc-kernel+nvidia-550-user

Next install the mesa libraries snap and plug the nvidia components into it:

snap install mesa-2404 --channel latest/edge
snap connect mesa-2404:kernel-gpu-2404 pc-kernel

Then install LXD:

snap install lxd --channel 6/stable
lxd init --auto

Then it can be used the same way as classical NVIDIA container GPU pass-through:

lxc init ubuntu:noble c1
lxc config device add c1 gpu0 gpu gputype=physical id=nvidia.com/gpu=0
lxc start c1
lxc exec c1 -- nvidia-smi

SSH key injection via cloud-init

LXD now supports the ability to define public SSH keys in profile and instance config that will be configured inside the guest by cloud-init (if installed).

This feature uses the cloud-init.ssh-keys.<keyname> instance option. The <keyname> is an arbitrary key name, and the value must follow the format <user>:<ssh-public-key>. These keys are merged into the existing cloud-init seed data before being injected into an instance, ensuring no disruption to the current cloud-init configuration.

For example, use the following command to configure a public SSH key for the ubuntu user:

lxc config set cloud-init.ssh-keys.my-key "ubuntu:ssh-ed25519 ..."

It is also possible to use ssh_import_id, e.g. to import from Github:

lxc config set cloud-init.ssh-keys.my-key "ubuntu:gh:<github username>"

Documentation: How to inject SSH keys into instances

API extension: cloud_init_ssh_keys

Authentication and authorization improvements

Custom OIDC scopes

LXD now supports an oidc.scopes configuration key, which accepts a space-separated list of OIDC scopes to request from the identity provider. This configuration option can be used to request additional scopes that might be required for retrieving identity provider groups from the identity provider. Additionally, the optional scopes profile and offline_access can be unset via this setting. Note that the openid and email scopes are always required.

API extension: oidc_scopes

Return entitlements when listing entities in the LXD API

When listing entities via the LXD API the results can now optionally be returned with an access_entitlements field that lists the additional entitlements the requesting user has on the entities being listed.

This requires that the current identity is fine-grained and the request to fetch the LXD entities has the with-access-entitlements=<comma_separated_list_of_candidate_entitlements> query parameter present.

This feature is used by the LXD UI to improve the user experience when using fine-grained authorization to restrict user actions.

For example, as a fine-grained identity that is a member of a group that has the “operator” entitlement on the “default” project:

lxc query /1.0/projects/default?with-access-entitlements=can_view,can_edit,can_create_instances
{
        "access_entitlements": ["can_view","can_create_instances"],
        "config": { ... },
        "description": "Default LXD project",
        "name": "default",
        "used_by": [ ... ]
}

Note that the “can_edit” entitlement was not returned because the user does not have this entitlement on the project (the built-in operator role does not include it).

Additionally when querying /1.0/auth/identities/current the response now contains a new fine_grained field indicating whether the current identity interacting with the LXD API has fine-grained authorization. This means that associated permissions are managed via group membership.

API extension: entities_with_entitlements

Client certificate presence

Similarly it is now possible for a client to identify if is sending a TLS certificate via the new client_certificate field added to the /1.0 endpoint. This is set to true if client is sending a certificate. This is used by the LXD UI to assist with new certificate generation.

API extension: client_cert_presence

Allow attaching VM root volumes as disk devices

LXD now allows attaching virtual machine volumes as disk devices to other instances.

This can be useful for backup/restore and data recovery operations where an application running inside an instance needs to access the root disk of another VM.

In order to prevent concurrent access, security.protection.start must be set on an instance before its root volume can be attached to another virtual-machine.

lxc config set vm1 security.protection.start=true
lxc storage volume attach my-pool virtual-machine/vm1 vm2

Since simultaneous access to storage volumes with content-type: block is considered unsafe, certain limitations apply:

When security.protection.start is enabled, the root volume can be attached to only one other instance. This is recommended for interactive use, such as when access to the block device is needed for volume recovery.
Enabling security.shared removes the restriction of how many instances can access the block volume simultaneously. However, it comes with the risk of volume corruption.
When neither security.protection.start nor security.shared is enabled, the root volume cannot be attached to another instance.

Documentation: Attach instance root volumes to other instances

API extension: vm_root_volume_attachment

Container unix device improvements

Ownership inheritance from host
Adds a new ownership.inherit configuration option for unix-hotplug devices. This option controls whether the device inherits ownership (GID and/or UID) from the host. When set to true and GID and/or UID are unset, host ownership is inherited. When set to false , host ownership is not inherited and ownership can be configured by setting gid and uid.

API extension: unix_device_hotplug_ownership_inherit

Subsystem support
Adds a new subsystem configuration option for unix-hotplug devices. This adds support for detecting unix-hotplug devices by subsystem, and can be used in conjunction with productid and vendorid.

API extension: unix_device_hotplug_subsystem_device_option

Project improvements

Per-network project uplink IP limits

LXD now supports new project level limit configuration keys that restricts the maximum number of uplink IPs allowed from a specific network within a project. These keys define the maximum amount of IPs made available from an uplink network named that can be assigned for entities inside a certain project. These entities can be other networks (such as OVN networks), network forwards or load balancers.

lxc project set <project> limits.network.uplink_ips.ipv{4,6}.<network> <max>

# Example:
lxc project set my-project limits.network.uplink_ips.ipv4.lxdbr0 5

Documentation: Reference - Project limits

API extension: projects_limits_uplink_ips

All projects support for additional entities (from Incus)

The LXD API and CLI (via the --all-projects flag) now supports listing images, network zones and profiles from all projects.

API extensions:

Add nic and root disk devices to default profile when creating new projects

It is now possible to add nic and root disk devices to the default profile of new projects via the --network and --storage flags on lxc project create.

E.g. To create a new project with a default profile that has a nic device connected to the lxdbr0 network and a root disk device using the mypool storage pool:

lxc project create foo --network lxdbr0 --storage mypool

API extension: project_default_network_and_storage

Storage improvements

Ceph OSD pool replication size
Introduces new configuration keys; ceph.osd.pool_size, and cephfs.osd_pool_size to be used when adding or updating a ceph or cephfs storage pool to instruct LXD to create set the replication size for the underlying OSD pools.

API extension: storage_ceph_osd_pool_size

Other API improvements

Configuration scope information in the metadata API

There is now scope information added for each configuration setting in the GET /1.0/metadata/configuration API endpoint. Options marked with a global scope are applied to all cluster members. Options with a local scope must be set on a per-member basis.

API extension: metadata_configuration_scope

Cluster member specific network list

The /1.0/networks endpoint now accepts a target parameter that allows retrieving the unmanaged network interfaces on a particular cluster member.

API extension: network_get_target

UI updates

Network configuration

The new network detail page introduces a network map, featuring a connection graph that visualizes downstream usages, uplinks, or parent relationships for the current network. Interactive chips link to connected entities, making it easy and fun to navigate the topology.

In a clustered environment, network configuration can be customized per cluster member from a single page. As shown in the screenshot below, the parent can be modified individually for each cluster member, with the connection graph dynamically updating to reflect changes in real time.

Cluster member specific configurations

Similar to networks, clustered storage pools and server configurations enable the exploration and modification of cluster member-specific values.

Limited permissions in the UI

With the newly available entitlement checks in the API, the UI now adapts automatically for users with limited permissions. Actions and buttons are disabled if the required permissions are not granted. Additionally, hovering over a disabled action reveals the specific permission needed to perform it.

Snap packaging dependency updates

Switch to core24 base snap.
Switch swtmp, libusb, squashfs-tools-ng, virtiofsd, ovn and openvswitch to packages from Noble archive.
Drop support for openvswitch and ovn on armhf and riscv64 due to no package being available in Noble for amrhf and no support for QEMU or Ceph on those platforms already.
lxd-ui: Bump to 0.16
dqlite: Bump to v1.18.1
nvidia-container-toolkit: Bump to v1.17.4
nvidia-container: Bump to v1.17.14
qemu: Bump to import/1%8.2.2+ds-0ubuntu1.6

Complete changelog

Here is a complete list of all changes in this release:

Full commit list

lxd/db/instances: Separate profiles queries in instanceProfilesFill
lxd/db/projects: Implement ProjectsList
lxd/project/limits: Use ProjectsList for fetchProject
lxd/project/limits: Remove unused parameter
lxd/project/limits: Update fetchProject usage
lxd/device: Add support for discovering multiple unix hotplug devices
lxd/device: Clean up comments
lxd/device: Consolidate device matching logic to resolve inconsistent matching
api: Add images_all_projects extension
shared/api: Add project property to Image
lxd/images: Add support for all_projects
api: Run make update-api
lxc/client: Add GetImagesAllProjects function
lxc/client: Add GetImagesAllProjectsWithFilter function
lxc/image: Add --all-projects flag to list
test: Add tests to test/suites/auth.sh for lxc image list --all-projects
i18n: Update translation templates.
i18n: Update translations.
lxd/instance: Lock image access
lxd/instance_get: Use IsRecursiveRequest
lxd/storage: Remove GetCustomVolumeDisk
lxd/storage: Remove GetCustomVolumeDisk
lxd/device: Inline GetCustomVolumeDisk
lxd/storage: Rename MountCustomVolume → MountVolume
lxd/storage: Rename MountCustomVolume → MountVolume
lxd/storage: Use correct storage volume name in MountVolume
lxd/device: Rename MountCustomVolume → MountVolume
lxd: Rename MountCustomVolume → MountVolume
lxd/storage: Rename UnmountCustomVolume → UnmountVolume
lxd/storage: Rename UnmountCustomStorage → UnmountStorage
lxd/storage: Use correct storage volume name in MountVolume
lxd/device: Rename UmmountCustomVolume → UnmountVolume
lxd: Rename UnmountCustomVolume → UnmountVolume
lxd/device: Refactor storage volume parsing
lxd/device/disk: Allow specifying volume type in source property
lxd/storage: Parse source property in used-by calculation
test/storage: Refactor pool name
test/storage: custom/volume syntax
lxc: Create config paths when no local daemons
chore(ci) add workflow to run e2e tests from lxd-ui
lxd/cluster: Use api.StatusError when member is offline
lxd/instance/drivers/lxc: Return status Error for remote container
lxd/instance/drivers/qemu: Return status Error for remote VM
lxd/instance_get: Return instance info if remote node is unreachable
lxd/instances: Set Node field on InstanceArgs
lxd/instance/instance_utils: Set Node field on InstanceArgs
test/suites/clustering: Get config for instance on offline member
chore(ci) fix references to secrets
chore(ci) dynamic ui testsuite selection based on current branch
chore(ci) add ui tests as dependency for snap build
doc/guest-os-compatibility: 16.04 and 18.04 missing lxd-agent
lxd/instance/drivers/driver/qemu: Fix nvram file update from 2MB OVMF and CSM mode
lxd/device/tpm: simplify path/pathrm validation for VMs
lxd/device/tpm: remove condition on containers, VMs support them
lxd/device/usb: simplify serial validation
lxd/instance/instancetype/instance: simplify security.sev.session.{dh,data} validation
lxd/network/driver_common: simplify bgp password validation
lxd/storage/drivers/cephobject: simplify cephobject.bucker.name_prefix validation
lxd/storage/drivers/powerflex: simplify powerflex.domain validation
metadata: Run make update-metadata.
api: Add metadata_configuration_scope extension
shared/api: Add Scope field to MetadataConfigurationConfigKey struct
api: Run make update-api
lxd/network: Add scope to metadata for configuration options
lxd/storage: Add scope to metadata for configuration options
metadata: Run make update-metadata
lxc/image: Add GetImagesAllProjects and GetImagesAllProjectsWithFilter client functions and interfaces to simplestreams_images.go
doc/howto/migrate_from_lxc: suggest switching to 5.21/stable after the migration
doc/howto/snap: don’t mention feature releases tracks
doc/howto/snap: replace latest/stable by 5.21/stable in example
doc/installing: suggest switching to 5.21/stable after using lxd.migrate from 5.0
doc/installing: promote the default channel as the recommended one
test/suites/image: grep -v should not be used for testing
test/suites/image: use more precise grep
test/suites/image: add test_image_list_remotes()
test/main: add test_image_list_remotes test to the standalone list
github: only upload client binaries when merging PRs
build(deps): bump github.com/minio/minio-go/v7 from 7.0.80 to 7.0.81
build(deps): bump github.com/dell/goscaleio from 1.17.0 to 1.17.1
lxd/device: Use device Clone() function rather than duplicate config copy logic
lxd/device: Fix comment typos
lxd/device: Add named return results to unixDeviceAttributes
api: Add unix_device_hotplug_ownership_inherit extension
lxd/device: Add ownership.inherit setting for unix-hotplug devices
lxd/device: Use %q when quoting values in error messages where applicable
metadata: Run make update-metadata
Revert “github: only run CodeQL (go) on PRs and on weekly schedule”
doc: Add noble package to Windows image conversion
api: Add unix_device_hotplug_subsystem_device_option extension
lxd/device: Add subsystem device option for unix-hotplug devices
doc: Add subsystem device option to unix-hotplug configuration examples
metadata: Run make update-metadata
doc: Update doclint exceptions
test/suites: Check that a restricted client certificate cannot view server configuration.
lxd/request: Add new CtxOpenFGARequestCache context key
lxd/db/cluster: Add function to return a map of permissions by group name.
lxd/db/openfga: Add caching to OpenFGADatastore.
lxd/auth/drivers: Add context propagation for the OpenFGA datastore
lxd/auth/drivers: Remove concurrency limits.
lxd: Set OpenFGA cache in request context for all requests
doc/support: detail the 3 levels of LTS support
doc/support: don’t mention latest/* or the now defunct 6.1/stable channels
doc/howto/snap: allow linking to cohort note
doc/installing: add note about cohort and installing specific rev
github: switch to 24.04 runners for documentation step
github: switch to 24.04 runners for snap step
lxd/storage: Add storage driver cache update to storagePoolCreateLocal function
lxd/instance/instance_utils: Fix detection of suitable architecture when LXD is clustered
shared/api/instance: Introduce constants for source type
client/*: Replace hardcoded source types with constants
lxd/*: Replace hardcoded source types with constants
lxc/*: Replace hardcoded source types with constants
lxd-benchmark/benchmark/operation: Replace hardcoded source type with constant
lxd-to-lxd/main_migrate: Replace hardcoded source type with constant
lxd-migrate/main_migrate: Replace hardcoded source types with constants
lxc-to-lxd: Remove use of os.Exit in non-main function
lxd/project/limits/premissions: Do not overwrite builtin function with a variable
client: Fix unchecked assertions
client/lxd: Fix non-constant format string
i18n: Update translation templates.
i18n: Update translations.
github: add lp-snap-build action
client/lxd: Fix unnecessary error formatting
github: use actions/lp-snap-build
github: add missing git branch mapping from lxd to lxd-pkg-snap for 5.21
doc/cloud-init: clarify that size means quota
doc/explanation/clustering: clarify that size means quota
doc/explanation/storage: clarify that size means quota
doc/howto/initialize: clarify that size means quota
doc/howto/instances_backup: clarify that size means quota
doc/howto/storage_backup_volume: clarify that size means quota
doc/howto/storage_buckets: clarify that size means quota
doc/howto/storage_pools: clarify that size means quota
doc/reference/devices_disk: clarify that size means quota
doc/reference/storage_lvm: clarify that size means quota
doc/reference/storage_powerflex: clarify that size means quota
doc/reference/storage_zfs: clarify that size means quota
doc/tutorial/first_steps: clarify that size means quota
doc/tutorial/ui: clarify that size means quota
doc/metadata.txt: clarify that size means quota in storage config options shortdescs
lxd/storage: Fix comment typo
lxc/storage/drivers: Add DefaultBlockSize to driver info
lxd/storage/drivers: Make DefaultBlockSize package private
lxd/storage/drivers: Use private defaultBlockSize
lxd/storage/drivers: Create defaultBlockVolumeSize
lxc/storage/drivers: Populate DefaultBlockSize accordingly
lxd/storage/drivers: Use pool-specific DefaultBlockSize
lxd/storage: Create GetPoolDefaultBlockSize
lxd/scriptlet/instance_placement: Use pool-specific DefaultBlockSize
lxc/storage/drivers/powerflex: Return -1 when volume usage is not supported
build(deps): bump actions/cache from 4.1.2 to 4.2.0
build(deps): bump github/codeql-action from 3.27.5 to 3.27.6
Bump minimum version to 1.23.3 in docs and Makefile
gomod: Update dependencies
shared/validate: Linter fixes
lxd/db/node: Linter fixes
lxd/db: Linter fixes
Revert “github: add lp-snap-build action”
Revert “github: use actions/lp-snap-build”
test: add markdown table with the duration of each test
github: pass GITHUB_STEP_SUMMARY variable to system tests
doc/images: Add OVN internal networking diagrams.
doc/reference: Add OVN internals documentation.
doc: Add OVN internals doc to internal section.
doc: Add spellcheck exceptions.
lxd/storage: Get disk total size regardless of previous error
lxd/storage: Return -1 disk size for containers without size limits
shared/api: Update instance state comments
doc: make update-api
lxc/info: Add disk total to instance info
test: Expect non-null disk state when usage is not supported
i18n: Update translation templates.
i18n: Update translations.
lxd/storage/drivers: Remove unnecessary fmt.Sprintfs
lxd/storage/drivers: Set default OSD pool size
lxd/storage/drivers: Set OSD pool size when creating
lxd/storage/drivers: Set OSD pool size when updating
lxd/storage/drivers: Add config validators
shared/version: Add osd pool size API extension
lxd/metadata: Update config metadata
.github/workflows: Allow size 1 pools in tests
.github/actions/setup-microceph: Setup microceph with 3 OSDs
test/suites: Test OSD pool size flag
lxd/storage/drivers: Fix linter errors
test/suites: Check that OSD pool is automatically removed
doc: Change order of discourse links
doc/metadata: run make update-metadata
github: Use cohort=“+” for trivy snap scan
github: (re)add lp-snap-build action
github: make use of actions/lp-snap-build in tests job
doc: Prefix discourse links with lxc:
Makefile: use git commit -S for siging the commit
Makefile: propose commit’ing generated files after make update-metadata
Makefile: propose commit’ing generated files after make update-gomod
Makefile: propose commit’ing generated files after make update-api
doc: Add VM live migration developer documentation
doc: Add VM live migration developer documentation to internals section
doc: Add spellcheck exceptions
lxc/storage_volume: Accept volume full name on detach
lxc/storage_volume: Add comment on path argument
lxc/completions: Allow filtering volume completions by type
lxc: Update cmpStoragePoolVolumes usage
test: Improve attach/detach tests
lxd/storage/drivers/zfs: zfs.delegate requires security.nesting=true to be useful
metadata: Run make update-metadata
doc/howto/storage_volumes: Replace generic commands with examples
doc/howto/storage_volumes: Move “view” instructions above “create”
lxd/devices: Rework ueventParseVendorProduct logic
lxd/devices: Use %q for debug message device name
lxd/instance/instancetype: Validate prefixed configuration keys
lxd/instance/instancetype: Validate configuration keys based on instance type
lxd/instance/instancetype: Utilize configuration key prefix slices for validation in ConfigKeyChecker
lxd/instance/instancetype: Use %q for configuration key in error message returned by ConfigKeyChecker
lxc/completion: Add missing completions for lxc config unset
README: Remove monthly from feature release
SECURITY: Remove monthly from feature release
doc/installing: Clarified new features in LTS
doc/support: Removed monthly from feature release
doc/support: Clarified 6/stable series
doc/installing: Fix command tabbing
github: add ~/go/bin to system PATH in actions/lp-snap-build
github: show PATH when building snap
github: another attempt at adding ~/go/bin to system path
lxd/devices: Update logger.*f messages with their contextual logging equivalents
lxd/storage/drivers: Add helpers for fetching osd pool default size
lxd/storage/drivers: Use helper to get default pool size in FIllConfig
lxd/storage/drivers: Only set pool size on create if not default
doc/howto/network_load_balancers: fix lxc network load-balancer backend add command syntax
lxd: Deny creating an empty ISO volume
test: Can’t create empty iso volume
doc: ISO volumes can be created from copies
Network: add target parameter for GET 1.0/networks and network_get_target api extension. fixes #14406
Network: add target parameter to cli for network list command
Network: add test for local interfaces per cluster member
build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0
lxd/storage/drivers/cephfs: Disallow set volume.security.shared on cephfs
test/suites: Test security.shared is not allowed for cephfs
test/suites: Test security.shared is only allowed in block vols
test/suites: Fix ineffective tests
lxd: Remove lint exception for defer rule.
lxd/instance/operationlock/operationlock: fix typo Reusuable->Reusable
lxd/instance/drivers/driver_lxc: fix typo Reusuable->Reusable
lxd/instance/drivers/driver_qemu: fix typo Reusuable->Reusable
Makefile: fix syntax to allow make static-<tab> completion to work
Makefile: consistently use tabs
test/lint/licenses: always restore COPYING content even on check failure
test/lint/i18n-up-to-date: close stdin when calling make i18n
test/lint/test-tests: check for invalid test constructs
test/lint/metadata-up-to-date: silence noise
test/lint/metadata-up-to-date: simplify restoring file to their original content
Makefile: tell msgmerge to not use a progress reporter
doc/images: Update VM live migration implementation diagrams
doc/reference: Update VM live migration implementation image reference
lxc/completion: Fix cmpServerAllKeys parameter name and update godoc
lxc/completion: Add cmpServerSetKeys function
lxc/config: Fix godoc typos
lxd/patches: Remove volatile.%.last_state.ip_addresses keys more efficiently
lxd/patches: Strip white space in patchSplitIdentityCertificateEntityTypes
build(deps): bump github.com/minio/minio-go/v7 from 7.0.81 to 7.0.82
build(deps): bump github.com/go-chi/chi/v5 from 5.1.0 to 5.2.0
build(deps): bump tiobe/tics-github-action from 3.2.1 to 3.3.0
build(deps): bump github/codeql-action from 3.27.6 to 3.27.9
build(deps): bump actions/setup-go from 5.1.0 to 5.2.0
shared/cmd: Add ‘sql’ table format.
shared/cmd: Update RenderSlice for SQL format.
lxd: Add format flag to lxd sql command.
lxd: Use fmt.Sprint instead of fmt.Sprintf.
lxd: Fix linter errors (revive: exported).
lxd: Fix linter errors (revive: var-naming).
shared/cmd: Fix linter error (revive: use-any).
test/godeps: Update lists
build(deps): bump github.com/openfga/openfga from 1.8.1 to 1.8.2
github: add setup-microovn action
github: Add OVN environment variables when running test suite.
github: use actions/setup-microovn in system-tests
doc/howto/network_load_balancers: improve instructions and add examples
test/suites: Add initial OVN tests.
test: Run OVN test in standalone suite.
github: Add network_ovn to LXD_REQUIRED_TESTS.
github: Add OVN commands to PATH.
test/suites: Update lxd sql usage in authorization test.
test/suites: Update lxd sql usage in backup test.
test/suites: Update lxd sql usage in clustering membership test.
test/suites: Update lxd sql usage in clustering storage test.
test/suites: Update lxd sql usage in clustering network test.
test/suites: Update lxd sql usage in clustering remove raft node test.
test/suites: Update lxd sql usage in clustering image refresh test.
test/suites: Update lxd sql usage in oidc test.
test/suites: Prefer jq on json to sed on yaml.
test/suites: Clean up OIDC user in oidc test.
test/suites: Add format tests and use csv for direct match in lxd sql test.
doc: Update link prefix for doc/reference/storage_cephfs
lxd-agent: Remove defunct lint exceptions.
lxd/db/cluster: Remove defunct lint exceptions.
lxd: Remove defunct lint exceptions.
test/mini-oidc/storage: Remove defunct lint exceptions.
lxc/completion: Exclude default remote from lxc remote switch|remove completions
golangci: Add prealloc linter
lxd/instance: Move check for container-specific prefixed keys applied to VMs up
lxd: Preserve custom/c1 syntax in devices during volume rename
test: Rename should preserve custom/c1 syntax
github: Disable TICS temporarily
github: modified .jira_sync_config.yaml for the synchronization with Jira
lxc/cluster-enable: improve man page instructions
lxc/info: fix typo in man page
lxc/list: fix possible types in man page
lxc/list: fix typo in man page
lxc/move: fix missing word in man page
lxc/query: fix redundancy in man page
lxc/storage-volume-unset: fix typo in man page
i18n: Update translation templates.
i18n: Update translations.
doc/database: revise title to mention dqlite
doc/explanation/security: remove ‘about’ from title
doc/explanation/projects: revise title
doc/image-handling: revise title
doc/explanation/lxc_show_info: remove ‘about’ from title
doc/explanation/lxd_lxc: remove ‘about’ from title
doc/explanation/networks: revise title
doc/explanation/instances: remove ‘about’ from title
doc/explanation/performance_tuning: remove ‘about’ from title
doc/authentication: use page title as navlink text
doc/explanation/authorization: use page title as navlink text
doc/explanation/storage: remove ‘about’ from title & use as navlink text
doc/explanation/clusters: rename from clustering.md, update links/redirect
doc/cloud-init: add a note that recent cloud-init on older Ubuntu still doesn’t support modern keys
lxd/networks: Removes unused argument in doNetworkUpdate
lxd/project/project: Fix type in comment in NetworkAllowed
lxd/resources/cpu: fix GetCPU() to handle multisockets systems
lxd/resources/cpu: Fix revive linter errors
Revert “lxd/instance/drivers/qemu: Return status Error for remote VM”
Revert “lxd/instance/drivers/lxc: Return status Error for remote container”
lxd/instance/drivers/driver/qemu: Improve comment for size in Render
lxd/instance/drivers/driver/qemu: Only call statusCode for local instances in Render
lxd/instance/drivers/driver/qemu: Populate structs directly in Render
lxd/instance/drivers/driver/lxc: Only call statusCode for local instances in Render
lxd/instance/drivers/driver/lxc: Improve comment for size in Render
lxd/instance/drivers/driver/lxc: Populate structs directly in Render
github: Dont require UI tests to pass to build edge snap
Makefile: install goimports if missing during make update-schema
lxd/db/generate/db/method: move parent string mangling out of the loop
lxd/db/cluster: ran make update-schema
test/lint/test-tests: detect bogus cmd_should_succeed || false construct
test/suites/sql: don’t count lines on expected empty output
test/suites/backup: remove || false on test that should succeed
test/suites/basic: remove || false on tests that should succeed
test/suites/projects: remove || false on test that should succeed
test/suites/container_devices_disk_restricted: remove || false on tests that should succeed
test/suites/clustering: remove || false on tests that should succeed
test/suites/filtering: remove || false on tests that should succeed
test/suites/container_devices_disk: remove || false on tests that should succeed
test/suites/devlxd: remove || false on test that should succeed
test/suites/snapshots: remove || false on test that should succeed
test/suites/snapshots: test lxc config get --property as well
test/suites/container_devices_nic_routed: rework command to fit on one line
test/suites/image_profiles: remove || false on tests that should succeed
test/suites/storage_snapshots: remove || false on test that should succeed
test/suites/storage_snapshots: test property get/set
test/suites/warnings: remove || false on tests that should succeed
test/suites/container_devices_nic_routed: use one liners to avoid confusing shellcheck
test/suites/container_devices_nic_routed: use more precise grep and shell comparison
Revert “github: stop scanning Python through CodeQL”
github: remove extra spaces to please yamllint
github: actions/setup-microceph find and attach loop devices in one go
lxd/resources/cpu: use strings.Cut() where applicable
Makefile: goimports already does gofmt’s job
gomod: Update dependencies
lxc/completion: Fix snapshot shell completions for lxc storage volume show
lxc/storage_volume: Fix lxc storage volume snapshot command description
lxc/completion: Pre-allocate slices where possible
lxd/db/schema/update: Fix to support lxd in non-GOPATH locations
lxd/db/schema: Expect filename and package as arguments.
lxd/db/generate/db: Expect database kind as argument.
lxd/db/generate: Expect schema kind as argument.
lxd/db/cluster: Pass package and filename into schema.DotGo.
lxd/db/node: Pass package and filename into schema.DotGo.
lxd/db: Remove schema generation directive from db package.
lxd/db/cluster: Add schema generation directive to cluster package.
lxd/db/node: Add schema generation directive to node package.
lxd/db/schema: Update DotGo test.
lxd/db: Add freshschema package.
lxd-generate: Remove schema subcommand.
lxd/db/cluster: Immediately run goimports after generating file.
lxd/db/cluster: Update schema generation to use freshschema package.
lxd/db/node: Update schema generation to use freshschema package.
Makefile: Remove goimports from update-schema target.
lxd/db/cluster: Fix linter error (prealloc).
lxc/completion: Fix cmpInstanceSetKeys to return set instance config keys
i18n: Update translation templates.
i18n: Update translations.
lxd: Deep copy device maps
lxd: Add reverter to storagePoolVolumeUpdateUsers
lxd: Use storagePoolVolumeUpdateUsers’ revert hook
test/clustering: Local custom volume rename
lxc/completion: Fix cmpRemotes
build(deps): bump github/codeql-action from 3.27.9 to 3.28.0
build(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0
build(deps): bump github.com/go-acme/lego/v4 from 4.20.4 to 4.21.0
build(deps): bump google.golang.org/protobuf from 1.36.0 to 1.36.1
build(deps): bump golang.org/x/term from 0.27.0 to 0.28.0
build(deps): bump github.com/openfga/openfga from 1.8.2 to 1.8.3
build(deps): bump github.com/zitadel/oidc/v3 from 3.33.1 to 3.34.0
build(deps): bump golang.org/x/oauth2 from 0.24.0 to 0.25.0
build(deps): bump github.com/osrg/gobgp/v3 from 3.32.0 to 3.33.0
test/godeps: Remove github.com/zitadel/oidc/v3/pkg/strings
shared: Add IsMicroOVNUsed utility function
lxd/network/acl: Allow ‘ovnParseLogEntry’ to read a log input using an external timestamp
lxd/network/acl: Read OVN logs from systemd journal
acl: Pass request ctx to acl.GetLog function
doc: Describe how to manually connect the MicroOVN northbound connection to LXD
lxc: Fix format of identities in group edit help text.
lxc: Move note on editable fields to make it more prominent.
i18n: Update translation templates.
i18n: Update translations.
lxc: Fix lint error (prealloc).
shared/entity: Fix handling of project query parameter in entity URL parsing.
lxc/completion: Improve instance and remote names completion
lxc/completion: Improve completions for file push and file pull
lxc/completion: Improve completion for file create
lxc/completion: Improve completion for file delete
lxc/completion: Improve completion for file edit
lxc/completion: Improve completion for file mount
lxc/completion: Fix completion for profile copy
lxc: Add dynamic --project completions to all commands
lxc: Add dynamic --profile completions to lxc init|launch
lxc: Add --mode completions for lxc move
lxc: Remove extraneous space from lxc move completion
lxd/response: Simplify devLxdResponse’s Render
lxd/devlxd: Avoid rendering prematurely The returned response will be rendered using the same ResponseWriter object, resulting on a redundant call to WriteHeader on the second Render call.
lxd/devlxd: Do not mask Render errors
lxd/api: Do not mask Render errors
shared/util: fix copy-n-pasto
doc/instance-exec: fix typo
lxd/instance_logs: fix typo in swagger comment
lxd/project/project: simplify string concatenation operations
shared/util: simplify string concatenation operations
lxd/instance_logs: simplify string concatenation operations
lxd/storage/drivers/lvm: avoid format specifiers in errors
shared/util_test: simplify if/else (revive)
lxd/db/instances: simplify GetNextInstanceSnapshotIndex()
lxd/db/instances: replace strings.Contains+strings.SplitN by strings.Cut
lxc/completion: replace strings.Contains+strings.Split by strings.Cut
lxd/db/storage_volume_snapshots: use strings.Cut to avoid out of bound access
lxd/db/storage_volumes: use strings.Cut() in RenameStoragePoolVolume()
lxd/db/storage_volumes: simplify GetNextStorageVolumeSnapshotIndex()
lxd/instance/instancetype/instance: simplify ValidName()
lxd/db/instances: use strconv.Itoa() where appropriate
lxd/db/instances: use simpler string concatenation
lxc/file: remove redundant error checking (revive)
lxc/cluster: remove unused argument from command
lxc/completion: only call parseVolume() if needed
lxc/completion: don’t go over all volumes twice just for pre-allocation
shared/util: os.CreateTemp() already returns a file with 0600 mode
lxd/images: make it clear that only gzip should be called with -n for reproducibility
lxd/images: use %w format specifying in fmt.Errorf()
lxd/images: simplify command line arg preparation
lxd/images: don’t report progress with tar2sqfs
lxd/instances_post: petname.Generate() gives all lower case already
lxd/instances_post: prefer Sprint to Sprintf
lxd/instances_post: use simpler string concatenation
lxc/file: pre-allocate files
lxc/file: don’t try to close os.Stdin
lxd/linux/memfd: ignore unix.Close error
test/mini-oidc: remove redundant return
test/mini-oidc: add missing trailing dots
test/mini-oidc: sort imports
lxd/cluster/notify: pre-allocate peers
lxd/storage/drivers/lvm_utils: use named return values
lxd/storage/drivers/lvm_utils: simplify if/else with early return
test/mini-oidc/storage/oidc: use proper casing
test/mini-oidc/storage/oidc: define prompts with 0 length
test/mini-oidc: add comments to exported functions
test/mini-oidc: silence some lint problems
test/mini-oidc: drop unused param
lxd/init: omit unneeded nil checks
lxd/resources/network: simplify if/else with early return
lxd/resources/utils: simplify if/else with early return
shared/api/status_code: pre-allocate statusStrings
shared/api/resource: fix typo in comment
doc/rest-api: Refresh swagger YAML
lxd: lxd cluster show print bytes
lxd/storage: Remove redundant error check
doc: fix malformed ref to cloud-init docs
lxd/linux/discard: Add ClearBlock
lxd/linux/discard: Remove leftover debugging
lxd/linux/discard: Use marker length for buffer
lxd/linux/discard: Add support for offset
lxd/linux/discard: Change marker to LXD in ClearBlock
lxd/linux/discard: Move ClearBlock to lxd/storage/block package
lxc/completion: Add cmpImageFingerprintsFromRemote and completions for image alias create
lxc/completion: Add completions for lxc image alias list|delete|rename
lxc/completion: Fix cmpNetworkLoadBalancers
lxc/completion: Add completions for network forward port target addresses
lxc/completion: Add network completions to lxc network forward create
api: Add network_zones_all_projects extension
shared/api: Add Project field to NetworkZone
lxd/network_zones: Add support for all-projects
lxd/network_zones: Return err and don’t continue over loop when LoadByNameAndProject fails
api: Run make update-api
client: Add GetNetworkZonesAllProjects
lxc/network_zone: Add --all-projects flag to list
tests: Add all-projects network zone tests
tests: Add all-projects network zone test to authorization tests
tests: Replace use of wc -l = 0 in favor of equating to empty string for network zone test
i18n: Update translation templates.
i18n: Update translations.
lxd/storage/block/discard: Check if size and offset are equal in ClearBlock
lxd/storage/drivers/driver/lvm/volumes: Run ClearBlock on all new thick block volumes
lxd/storage/drivers/driver/lvm/volumes: Clear new blocks on thick volume grow
lxd/storage/drivers/generic/vfs: Truncate/Discard ahead of sparse write
lxd/storage/block/utils: Adds DiskBlockSize function
lxd/storage/drivers/driver/lvm/volumes: Require 512-bytes physical block size for VM images
lxd/storage/drivers/driver/lvm/utils: Go linter fixes for thinPoolVolumeUsage
lxd/storage/drivers/driver/lvm/utils: Handle newer LVM
lxd/storage/drivers/driver/lvm/utils: Avoid use of inefficient fmt.Sprintf
lxd/storage/drivers/driver/lvm/utils: Avoid use of inefficient fmt.Sprintf
lxd/storage/backend/lxd: Use the validated volume name from the DB record in RefreshCustomVolume
lxd/storage/backend/lxd: Pre-allocate slice in recoverMinIOKeys
api: Add instance_root_volume_attachment
doc/explanation/storage: Fix wording
lxd/storage: Allow security.shared for virtual-machine volumes
lxd/instance/instancetype: Update instance config key docs
doc: make update-metadata
lxd/storage: Allow parsing virtual-machine/* volumes as disk sources
lxd/device/disk: Use correct storage volume name
lxc: Allow virtual-machine volumes in storage volume attach
lxc/storage_volume: Parse source during detach
lxd/storage: Detect root disk devices when determining if a volume is used
lxd/device/disk: Allow vm root attachments with security.protection.start
lxd/device/disk: Prevent instances attaching their own root volumes
lxd: Correctly report vm volume used-by
lxd/instance/drivers: Prevent removing security.protection.start…
lxd/storage: Refactor security.shared check
lxd/storage: Check disabling security.shared on virtual-machine volumes
lxd/storage: Remove unneeded VolumeDBGet
lxd/instance/drivers: Implement checkRootVolumeNotInUse
lxd/instance/drivers: Ensure root volume not in use before VM delete
lxd/instance/drivers: Ensure root volume not in use before VM rename
doc: Add root volume attachment to storage volume how-to
i18n: Update translations.
github: add actions/reclaim-memory
github: use actions/reclaim-memory in tests job
shared/network: drop support for LXD_INSECURE_TLS
doc/authentication: don’t mention LXD_INSECURE_TLS (no longer supported)
doc/environment: don’t mention LXD_INSECURE_TLS (no longer supported)
test/suites/tls_restrictions: stop testing LXD_INSECURE_TLS (no longer supported)
lxd/devlxd: Adds concurrent safe GetConnUcred function
lxd/devlxd: Use concurrent safe pidMapper.GetConnUcred in hoistReq
build(deps): bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14
build(deps): bump github.com/minio/minio-go/v7 from 7.0.82 to 7.0.83
build(deps): bump github.com/dell/goscaleio from 1.17.1 to 1.18.0
build(deps): bump golang.org/x/crypto from 0.31.0 to 0.32.0
build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.2
build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0
build(deps): bump github/codeql-action from 3.28.0 to 3.28.1
lxd-agent: If the target path of a mount is relative, make it absolute.
Revert “lxd/storage/drivers/generic/vfs: Truncate/Discard ahead of sparse write”
lxd-agent/metrics: ignore fuse.lxcfs FSes
doc: Add file command as requirement for lxd-migrate
lxd/storage: Fix scope of volume.size for storage pools
doc: Update metadata
lxd/instances_get: micro-optimise urlInstanceTypeDetect()
lxd/instances_get: micro-optimise ?recursion=0 case of instancesGet()
client/lxd_instances: avoid fmt.Sprintf (slow) where possible
client/lxd_instances: replace some fmt.Sprintf() by strconv.FormatInt()
client/lxd_containers: avoid fmt.Sprintf (slow) where possible
client/lxd_containers: replace some fmt.Sprintf() by strconv.FormatInt()
client/lxd_containers: mark GetContainerNames as deprecated
client/lxd_containers: mark GetContainers as deprecated
client/lxd_containers: mark GetContainersFull as deprecated
client/lxd_containers: mark GetContainer as deprecated
client/lxd_containers: mark CreateContainerFromBackup as deprecated
client/lxd_containers: mark CreateContainer as deprecated
client/lxd_containers: mark CreateContainerFromImage as deprecated
client/lxd_containers: mark CopyContainer as deprecated
client/lxd_containers: mark UpdateContainer as deprecated
client/lxd_containers: mark RenameContainer as deprecated
client/lxd_containers: mark MigrateContainer as deprecated
client/lxd_containers: mark DeleteContainer as deprecated
client/lxd_containers: mark ExecContainer as deprecated
client/lxd_containers: mark GetContainerFile as deprecated
client/lxd_containers: mark CreateContainerFile as deprecated
client/lxd_containers: mark DeleteContainerFile as deprecated
client/lxd_containers: mark GetContainerSnapshotNames as deprecated
client/lxd_containers: mark GetContainerSnapshots as deprecated
client/lxd_containers: mark GetContainerSnapshot as deprecated
client/lxd_containers: mark CreateContainerSnapshot as deprecated
client/lxd_containers: mark CopyContainerSnapshot as deprecated
client/lxd_containers: mark RenameContainerSnapshot as deprecated
client/lxd_containers: mark MigrateContainerSnapshot as deprecated
client/lxd_containers: mark DeleteContainerSnapshot as deprecated
client/lxd_containers: mark UpdateContainerSnapshot as deprecated
client/lxd_containers: mark GetContainerState as deprecated
client/lxd_containers: mark UpdateContainerState as deprecated
client/lxd_containers: mark GetContainerLogfiles as deprecated
client/lxd_containers: mark GetContainerLogfile as deprecated
client/lxd_containers: mark DeleteContainerLogfile as deprecated
client/lxd_containers: mark GetContainerMetadata as deprecated
client/lxd_containers: mark SetContainerMetadata as deprecated
client/lxd_containers: mark GetContainerTemplateFiles as deprecated
client/lxd_containers: mark GetContainerTemplateFile as deprecated
client/lxd_containers: mark CreateContainerTemplateFile as deprecated
client/lxd_containers: mark DeleteContainerTemplateFile as deprecated
client/lxd_containers: mark ConsoleContainer as deprecated
client/lxd_containers: mark GetContainerConsoleLog as deprecated
client/lxd_containers: mark DeleteContainerConsoleLog as deprecated
client/lxd_containers: mark GetContainerBackupNames as deprecated
client/lxd_containers: mark GetContainerBackups as deprecated
client/lxd_containers: mark GetContainerBackup as deprecated
client/lxd_containers: mark CreateContainerBackup as deprecated
client/lxd_containers: mark RenameContainerBackup as deprecated
client/lxd_containers: mark DeleteContainerBackup as deprecated
client/lxd_containers: mark GetContainerBackupFile as deprecated
lxd/network/acl: Use the journalctl wrapper script introduced in the LXD snap
lxd/storage_volumes: Fix copying storage volumes between cluster nodes when target and project parameters are set
test/suites/clustering: Add test for copying storage volume across cluster nodes with a target project set
lxd/device: Clarify “pool” and “volume” in Disk*RBDFormat
lxd/db/cluster/entities: Ignore linter prealloc
incusd/storage: Make use of qemu-img’s target-is-zero option
lxd/network/driver/ovn: Comment typo fix
lxd/network/driver/ovn: Prevent removal of uplink volatile IP settings when associated network IP address is populated
lxd/network/driver/ovn: Linter prealloc fix
test/suites/network/ovn: Check that volatile uplink IPs cannot be removed when associated network address is populated
lxd/instance/drivers: Align Disk*RBDFormat usage
lxd/device: Align Disk*RBDFormat usage
lxc/completion: Add contextual completions for instance config keys
lxc/completion: Use strings.Cut over strings.Contains + strings.Split in storage pool volume completion functions
lxd/devices: split and simplify deviceTaskBalance() function
lxd/devices: extract getNumaNodeToCpuMap() from deviceTaskBalance()
lxd/devices: extract getNumaCPUs() from deviceTaskBalance()
build(deps): bump github.com/minio/minio-go/v7 from 7.0.83 to 7.0.84
build(deps): bump github.com/openfga/openfga from 1.8.3 to 1.8.4
build(deps): bump github.com/zitadel/oidc/v3 from 3.34.0 to 3.34.1
build(deps): bump golang.org/x/tools from 0.28.0 to 0.29.0
build(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.3
Makefile: don’t change dir to build lxd-generate
client/util: avoid fmt.Sprintf (slow)
client/lxd: simplify websocket() and avoid using fmt.Sprintf (slow)
client/lxd: avoid fmt.Sprintf (slow)
client/lxd_images: avoid fmt.Sprintf (slow)
client/lxd_images: replace fmt.Sprintf (slow) by strconv.FormatInt
client/lxd_network_acls: avoid fmt.Sprintf (slow)
client/lxd_operations: avoid fmt.Sprintf (slow)
client/lxd_operations: replace fmt.Sprintf (slow) by strconv.FormatInt
client/lxd_images: replace fmt.Sprintf (slow) by strconv.FormatInt
client/lxd_server: avoid fmt.Sprintf (slow)
client/lxd_storage_volumes: avoid fmt.Sprintf (slow)
client/lxd_storage_volumes: replace fmt.Sprintf (slow) by strconv.FormatInt
lxc-to-lxd/network: replace fmt.Sprintf (slow) by strconv.FormatInt
lxc/action: avoid fmt.Sprintf (slow)
lxc/auth: avoid fmt.Sprintf (slow) and avoid strings.Join twice for CSV
lxd/db/generate/db/mapping: avoid fmt.Sprintf (slow)
lxd/db/generate/db/mapping: preallocate args list
lxd/db/generate/db/method: avoid fmt.Sprintf (slow)
lxd/db/generate/db/parse: avoid fmt.Sprintf (slow)
lxd/db/generate/db/lex: avoid fmt.Sprintf (slow)
lxd/db/cluster/config.mapper: wip generated
lxd/db/cluster/devices.mapper: wip generated
lxd/db/cluster/entity_type_auth_group: avoid fmt.Sprintf (slow)
lxd/db/cluster/stmt: avoid fmt.Sprintf (slow)
lxd/db/cluster/entity_type_warning: avoid fmt.Sprintf (slow)
lxd/instance: avoid fmt.Sprintf (slow)
lxd/storage_volumes: avoid fmt.Sprintf (slow)
lxd/instance/drivers/qemu: avoid fmt.Sprintf (slow)
lxd/storage/drivers/driver_btrfs_volumes: avoid fmt.Sprintf (slow)
lxd/storage/drivers/driver_zfs_volumes: avoid fmt.Sprintf (slow)
shared/trust/hmac: avoid fmt.Sprintf (slow)
shared/util: micro-optimise IsTrue()
shared/util: micro-optimise IsFalse()
shared/util: simplify TextEditor() tmp YAML file handling
client/lxd_storage_volumes: add missing url.PathEscape() to MoveStoragePoolVolume()
client/lxd_cluster: avoid fmt.Sprintf (slow)
lxc/file: avoid fmt.Sprintf (slow)
lxc/file: replace fmt.Sprintf (slow) by strconv.FormatInt
lxc/query: avoid fmt.Sprintf (slow)
lxd/api_internal: avoid fmt.Sprintf (slow)
lxd/api_internal: replace fmt.Sprintf (slow) by strconv.FormatInt
lxd/images: avoid fmt.Sprintf (slow)
lxd/instance_post: avoid fmt.Sprintf (slow)
lxd/storage_volumes: avoid fmt.Sprintf (slow)
lxd/cluster/gateway_test: avoid fmt.Sprintf (slow)
lxd/cluster/gateway: avoid fmt.Sprintf (slow)
lxd/cluster/gateway: replace fmt.Sprintf (slow) by strconv.FormatInt
lxd/cluster/heartbeat: avoid fmt.Sprintf (slow)
lxd/cluster/upgrade: avoid fmt.Sprintf (slow)
lxd/device/device_utils_disk: avoid fmt.Sprintf (slow)
lxd/db/generate/db/method: avoid fmt.Sprintf (slow)
lxd/device/device_utils_infiniband: avoid fmt.Sprintf (slow)
lxd/device/gpu_physical: avoid fmt.Sprintf (slow)
lxd/firewall/drivers/nftables: avoid fmt.Sprintf (slow)
lxd/firewall/drivers/nftables: pre-allocate dnatRules and snatRules
lxd/instance/drivers/qemu_templates: avoid fmt.Sprintf (slow)
lxd/instance/drivers/qemu_templates: do not redefine max
lxd/instance/drivers/qemu: avoid fmt.Sprintf (slow)
lxd/loki: avoid fmt.Sprintf (slow)
lxd/loki: replace fmt.Sprintf (slow) by strconv.FormatInt
lxd/loki: replace fmt.Sprintf(%v, var) by fmt.Sprint(var)
lxd/response: avoid fmt.Sprintf (slow)
lxd/response: replace fmt.Sprintf (slow) by strconv.FormatInt
lxd/storage/backend_lxd: avoid fmt.Sprintf (slow)
lxd/storage/backend_lxd: replace fmt.Sprintf (slow) by strconv.FormatInt
lxd/instance/drivers/qemu: avoid fmt.Sprintf (slow)
lxd/storage/drivers/volume: avoid fmt.Sprintf (slow)
lxd/seccomp: avoid fmt.Sprintf (slow)
lxd/seccomp: replace fmt.Sprintf (slow) by strconv.FormatInt
lxd/seccomp: replace fmt.Sprintf(%v, var) by fmt.Sprint(var)
lxd/storage/drivers/btrfs_utils: avoid fmt.Sprintf (slow)
lxd/storage/drivers/btrfs_utils: use fmt.Sprint instead of fmt.Sprintf (slower)
lxd/storage/drivers/utils: avoid fmt.Sprintf (slow)
lxd/storage/drivers/utils: replace fmt.Sprintf (slow) by strconv.FormatInt
lxd/storage/drivers/utils: do not ask mkfs.ext4 to skip discarding
lxd/storage/drivers/cephobject_utils: avoid fmt.Sprintf (slow)
lxd/storage/drivers/cephobject_utils: replace fmt.Sprintf (slow) by strconv.FormatInt
lxd/storage/drivers/lvm_utils: avoid fmt.Sprintf (slow)
lxd/storage/drivers/lvm_utils: replace fmt.Sprintf (slow) by strconv.FormatInt
lxd/storage/drivers/lvm_volumes: avoid fmt.Sprintf (slow)
lxd/storage/drivers/lvm_volumes: replace fmt.Sprintf (slow) by strconv.FormatInt
lxd/storage/drivers/powerflex_utils: avoid fmt.Sprintf (slow)
lxd/instances: replace fmt.Sprintf(%v, var) by fmt.Sprint(var)
lxd/instances: replace fmt.Sprintf(%v, var) by fmt.Sprint(var)
lxd/db/cluster/open_test: avoid fmt.Sprintf (slow)
lxc/monitor: replace fmt.Sprintf(%v, var) by fmt.Sprint(var)
lxc/query: replace fmt.Sprintf(%v, var) by fmt.Sprint(var)
lxc/image: avoid fmt.Sprintf (slow)
lxc/image: replace fmt.Sprintf(%v, var) by fmt.Sprint(var)
lxd/api_1.0: replace fmt.Sprintf(%v, var) by fmt.Sprint(var)
lxd/daemon: avoid fmt.Sprintf (slow)
lxd/device/disk: avoid fmt.Sprintf (slow)
lxd/device/nic_bridged: avoid fmt.Sprintf (slow)
lxd/events/logging: replace fmt.Sprintf(%v, var) by fmt.Sprint(var)
lxd/init: replace fmt.Sprintf(%v, var) by fmt.Sprint(var)
Revert “lxc/image: Add GetImagesAllProjects and GetImagesAllProjectsWithFilter client functions and interfaces to simplestreams_images.go”
lxd/devices: fix deviceTaskBalance() to handle cpu pinning on isolated CPUs
lxd/instance/drivers/lxc: avoid fmt.Sprintf (slow)
lxd/instance/drivers/lxc: replace fmt.Sprintf (slow) by strconv.FormatInt
lxd/instance/drivers/lxc: replace fmt.Sprintf(%v, var) by fmt.Sprint(var)
lxd/instance/drivers/load: replace fmt.Sprintf(%v, var) by fmt.Sprint(var)
lxd/main_init_interactive: avoid fmt.Sprintf (slow)
lxd/main_init_interactive: replace fmt.Sprintf(%v, var) by fmt.Sprint(var)
lxd/seccomp: replace fmt.Sprintf(%v, var) by fmt.Sprint(var)
lxd/storage/drivers/zfs_utils: avoid fmt.Sprintf (slow)
lxd/storage/drivers/utils_ceph: avoid fmt.Sprintf (slow)
lxd/storage/s3/miniod: avoid fmt.Sprintf (slow)
shared/logger/format: avoid fmt.Sprintf (slow)
lxd/seccomp: replace fmt.Sprintf (slow) by strconv.FormatInt
lxd/storage/drivers/volume: avoid fmt.Sprintf (slow)
lxd/seccomp: don’t shadow cap builtin
lxd/storage/s3/miniod: remove explicit type definition
lxd/storage/drivers/powerflex_utils: preallocate string array
lxd/storage/drivers/zfs_utils: preallocate string arrays
lxd/storage/drivers/zfs_utils: replace strings.Split by strings.Cut
lxd/storage/drivers/btrfs_utils: preallocate array
lxd/seccomp: tweak comments to please godot
client/lxd_auth: avoid fmt.Sprintf (slow)
client/lxd_certificates: avoid fmt.Sprintf (slow)
client/lxd_network_forwards: avoid fmt.Sprintf (slow)
lxc/main: avoid fmt.Sprintf (slow)
lxc/remote: avoid fmt.Sprintf (slow)
lxc/remote: replace fmt.Sprintf(%d, integer) by fmt.Sprint(integer)
lxc/version: avoid fmt.Sprintf (slow)
lxd-agent/devlxd: avoid fmt.Sprintf (slow)
lxd-agent/devlxd: replace fmt.Sprintf by fmt.Sprint
lxd/response: replace fmt.Sprintf by fmt.Sprint
lxd-agent/events: avoid fmt.Sprintf (slow)
lxd-agent/exec: avoid fmt.Sprintf (slow)
lxd-agent/main: avoid fmt.Sprintf (slow)
lxd-agent/main_agent: avoid fmt.Sprintf (slow)
lxd-agent/server: avoid fmt.Sprintf (slow)
lxd-agent/state: avoid fmt.Sprintf (slow)
lxd-agent/state: ignore addresses missing “/” to avoid out of bound reads
lxd-agent/state: replace fmt.Sprintf (slow) by strconv.FormatInt
lxd-agent/templates: avoid fmt.Sprintf (slow)
lxd/api_cluster: avoid fmt.Sprintf (slow)
lxd/api_project: avoid fmt.Sprintf (slow)
lxd/apparmor: avoid fmt.Sprintf (slow)
lxd/apparmor: use long args for apparmor_parser
lxd/apparmor/feature_check: avoid fmt.Sprintf (slow)
lxd/apparmor/instance: avoid fmt.Sprintf (slow)
lxd/db/node: avoid fmt.Sprintf (slow)
lxd/db/query/config: avoid fmt.Sprintf (slow)
lxd/db/query/config: merge 2 successive appends
lxd/db/query/count: avoid fmt.Sprintf (slow)
lxd/db/query/dump: avoid fmt.Sprintf (slow)
lxd/db/query/expr: avoid fmt.Sprintf (slow)
lxd/db/query/objects: avoid fmt.Sprintf (slow)
lxd/devlxd: avoid fmt.Sprintf (slow)
lxd/main: avoid fmt.Sprintf (slow)
lxd/main_callhook: avoid fmt.Sprintf (slow)
lxd/main_cluster: avoid fmt.Sprintf (slow)
lxd/main_init: avoid fmt.Sprintf (slow)
lxd/main_init_interactive: avoid fmt.Sprintf (slow)
lxd/metrics/metrics: avoid fmt.Sprintf (slow)
lxd/metrics/metrics: preallocate labelNames
lxd/networks: avoid fmt.Sprintf (slow)
lxd/util/net: avoid fmt.Sprintf (slow)
lxd/util/net: replace fmt.Sprintf(%d, integer) by fmt.Sprint(integer)
lxd/util/random: replace fmt.Sprintf(%d, integer) by fmt.Sprint(integer)
shared/version/useragent: avoid fmt.Sprintf (slow)
shared/cert: avoid fmt.Sprintf (slow)
shared/trust/hmac_argon2: avoid fmt.Sprintf (slow)
lxd-agent/exec: add comments to exported funcs
lxd-agent/exec: simplify if/else/return
lxd-agent/exec: drop redundant break in select
lxd/util/config: do not shadow builtin copy()
lxc/image: Add InstanceServer type assertion for --all-projects error handling
test: swtpm is a required command for test_container_devices_tpm
github: add swtpm to LXD runtime deps (needed for test_container_devices_tpm)
test/suites/container_devices_tpm: try to modprobe tpm_vtpm_proxy before running the test
test/suites/container_devices_tpm: s/lxc rm/lxc delete/
client/lxd_containers: deprecation notices need to be on their own paragraph
client/lxd_server: deprecation notices need to be on their own paragraph
lxd/storage/drivers/utils: deprecation notices need to be on their own paragraph
lxd/networks: Move allowedUplinkNetworks to network_utils
lxd/network/network_utils: Check for project restrictions first
lxd/project/limits: Pre-allocate idmaps on parseHostIDMapRange (prealloc)
Revert “github: Disable TICS temporarily”
lxd/device/gpu: Remove any remaining CDI device file before new CDI device files are added
lxd/instance/qemu: Fix bad timeout errors
lxd/instance/qemu: Send two ACPI events on shutdown
lxd/instance: Add progress tracking to export
client: Fall back to verification_uri.
lxd/network/ovn: Return net.IP on randomExternalAddress
lxd/network/ovn: Create allocateUplinkAddress
lxd/network/ovn: Use allocateUplinkAddress
api: Add projects_limits_uplink_ips extension
lxd/project/limits: Create UplinkAddressQuotasExceeded
lxd/api_project: Add projectName argument to projectValidateConfig
lxd/api_project: Create uplinkIPLimitValidator
lxd/api_project: Introduce limits.networks.uplink_ips.* config keys to projects
lxd/network/common: Create projectUplinkIPQuotaAvailable
lxd/network/ovn: Check uplink IP limits on allocateUplinkAddress
lxd/network/ovn: Check uplink IP limits on allocateUplinkPortIPs
make update-metadata
test/suites: Add tests for project uplink IP limits
build(deps): bump github.com/miekg/dns from 1.1.62 to 1.1.63
build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4
build(deps): bump github.com/NVIDIA/nvidia-container-toolkit
build(deps): bump github/codeql-action from 3.28.1 to 3.28.5
build(deps): bump actions/setup-go from 5.2.0 to 5.3.0
api: Add entities_with_entitlements extension
shared/api: Add FineGrained field to IdentityInfo
doc: Update rest-api.yaml
lxd/identities: Add FineGrained field to the GET /1.0/auth/identities/current endpoint
lxd/identities: lint error fix (identityCacheEntries needs to be pre-allocated)
test/auth: Check that ‘fine_grained’ is rightly set when querying the current identity info
shared/api: Create the AccessEntitlements field embedded into WithEntitlements and add it to the eligible LXD entities
lxd/auth: Introduce the EntitlementReporter interface
shared/util: set the path variable provided to the editor
lxd/devlxd: devlxd /1.0/meta-data is not cloud-config
doc: devlxd /1.0/meta-data is not cloud-config
doc: [user|vendor]-data is not necessarily a cloud-config
doc/cloud-init: cloud-init runs on every boot
lxd/project/limits: Add context field to fetchProject
shared/api: Implement the EntitlementReporter interface for the WithEntitlements embedded type
doc: Update rest-api.yaml
lxd/state: Add identity cache to the daemon state
lxd/daemon: Populate daemon state with identityCache
lxd/daemon: Add reportEntitlements function
doc: Fix typo in cloud-init docs
lxd/daemon: Add extractEntitlementsFromQuery utility function
lxd/instance: Add entitlements for ‘instance’ entities
lxd/project: Add entitlements for ‘project’ entities
lxd/storage-pools: Add entitlements for ‘storage-pool’ entities
lxd/storage-buckets: Add entitlements for ‘storage-bucket’ entities
lxd/storage_buckets: fix linter warning for filreredDBBuckets initialization
lxd/storage-volumes: Add entitlements for ‘storage-volume’ entities
lxd/auth-groups: Add entitlements for ‘auth-group’ entities
lxd/certificates: Add entitlements for ‘certificate’ entities
lxd/identities: Add entitlements for ‘identity’ entities
lxd/identity-provider-groups: Add entitlements for ‘identity-provider-group’ entities
lxd/images: Add entitlements for ‘image’ entities
lxd/network-acls: Add entitlements for ‘network-acl’ entities
lxd/network-zones: Add entitlements for ‘network-zone’ entities
lxd/networks: Add entitlements for ‘network’ entities
lxd/profiles: Add entitlements for ‘profile’ entities
test/auth: Add check for entitlements
test: Check that we can retrieve entities with their correct ‘access_entitlements’ fields
api: Add profiles_all_projects extension
shared/api: Add Project field to Profile struct
lxd/db/cluster: Add Project field to Profile db struct
lxd: Accept context argument on AllowVolumeUpdate
lxd: Accept context argument on AllowProfileUpdate
lxd: Accept context argument on AllowInstanceUpdate
lxd: Accept context argument on AllowVolumeCreation
lxd: Accept context argument on GetImageSpaceBudget
lxd: Accept context argument on AllowInstanceCreation
lxd/project/limits: Use background ctx in AllowInstanceCreation tests
lxd/project/limits: Use ctx on call to fetchProject
lxd: Make context the first parameter (go-lint)
lxd: Use shutdown context on transaction
lxd: Accept context argument on AllowProjectUpdate
doc/how-to/cluster-manage: expand on evacuate/restore and live-migrating
doc/how-to/cluster-manage: add missing command syntax code blocks and examples
doc/how-to/cluster-manage: clarify global/local scope
doc: Add missing swtpm package to installing from source section
doc/explanation/instances: revise as vms no longer less completely implemented than containers
doc/how-to/cluster-manage: add link about cluster member roles
Revert “lxd/storage: Return -1 disk size for containers without size limits”
lxd/storage/backend_lxd: Move on from error from GetVolumeUsage
lxd/storage: Use 0 to represent unsupported usage
shared/api: Document changes to values for disk usage & total
shared/api: Document changes to values for volume usage & total
shared/api: Explicitly report null usage
doc/rest-api: Refresh swagger YAML
lxc/storage_volume: Don’t show Usage if it wasn’t retrievable
test: Expect 0 for unsupported usage
doc/howto/network_forwards: add how to list forwards
doc/howto/network_forwards: revise listen address requirements
lxd: Rename checkRestrictions to checkInstanceRestrictions
lxd/project/limits: Create checkUplinkUse
lxd/project/limits: Restricted project can’t use forbidden uplink
test/suites: Work around newer restricted requirements
test/suites: Cannot restrict a project while uplink is in use
lxd/storage/connectors: Introduce storage connector
lxd/storage/connectors: Helper functions for handling disk device paths
lxd/storage/connectors: Add generic connect func to handle multipath
lxd/storage/connectors: Add NVMe/TCP connector
lxd/storage/connectors: Add SDC connector
lxd/storage/connectors/connector: Get versions for supported connectors
lxd/storage/drivers/utils: Helper function to resolve server name
lxd/storage/drivers/utils: Helper function to acquire storage connector lock
lxd/storage/drivers/powerflex: Prevent changing powerflex.mode
lxd/storage/drivers/powerflex: Use shared function to resolve server name
lxd/storage/drivers/powerflex: Use connector for handling storage subsystem
lxd/storage/drivers/powerflex: Ensure mapVolume returns safe reverter
lxd/storage/drivers/powerflex: Pre-allocate slices (linter)
lxd/storage/drivers/utils: Remove no longer used waitGone function (linter)
shared/api/auth: Add ‘omitempty’ annotation for the access_entitlements field
lxd/auth/oidc: Use proxy enabled HTTP client for relying party remote key set.
lxd/auth: Fix lint error (redefines-builtin-id: revive).
doc/howto/network_forwards: update OVN and bridge forward creation
doc/howto/network_forwards: update port specs info and add examples
doc/howto/network_forwards: add how to view a network forward
doc: fix whitespace issues
doc: remove no longer needed exceptions
client/interfaces: add CheckExtension() to InstanceServer interface
shared/util: properly mark RunCommand() as deprecated
lxd/storage/drivers/utils: drop deprecated btrfsIsSubVolume() func
lxd/storage/drivers/utils: properly mark BTRFSSubVolumeMakeRo() as deprecated
lxd/storage/drivers/utils: properly mark BTRFSSubVolumeMakeRw() as deprecated
lxd/storage/drivers/btrfs_utils: replace HasPrefix + TrimPrefix by CutPrefix
lxd/storage: drop deprecated GetStoragePoolMountPoint() func
shared/api/instance: properly mark ContainerOnly as deprecated
shared/api/certificate: properly mark Password as deprecated
shared/api/cluster: drop now unused and deprecated ClusterPassword field
shared/api/instance_backup: properly mark ContainerOnly as deprecated
shared/api/instance: properly mark ContainerOnly as deprecated
doc/rest-api: Refresh swagger YAML
lxd/devlxd: avoid fmt.Sprintf() as it is slow
lxd/storage: drop unused GetSnapshotMountPoint() func
lxd/storage: drop unused GetImageMountPoint() func
lxd/storage: drop unused GetStoragePoolVolumeSnapshotMountPoint() func
lxd/storage: drop unused InstanceImportingFilePath() func
lxd/storage/drivers/utils: unexport btrfsSubVolumesGet() func
lxd/storage/drivers/utils: drop deprecated BTRFSSubVolumeMakeRo() and BTRFSSubVolumeMakeRw() funcs
lxd/storage/drivers/utils: unexport btrfsSubVolumeIsRo() func
lxd/storage/drivers/utils: replace deprecated RunCommand() by RunCommandContext(context.TODO(), …)
lxd/storage/drivers/btrfs_utils: unexport btrfsSubVolumeIsRo() func
lxd/storage/drivers/btrfs_volumes: unexport btrfsSubVolumeIsRo() func
lxd/storage/drivers/btrfs_utils: replace deprecated RunCommand() by RunCommandContext(context.TODO(), …)
lxd/storage/drivers/btrfs_volumes: replace deprecated RunCommand() by RunCommandContext(context.TODO(), …)
lxd/storage/drivers/btrfs_volumes: replace fmt.Sprintf(%d, int) by fmt.Sprint(int)
lxd/storage/drivers/btrfs_volumes: simplify subvol ID extraction
lxd/storage/drivers/utils: add a comment that the new size also works with btrfs
lxd/storage/drivers/btrfs: replace deprecated RunCommand() by RunCommandContext(context.TODO(), …)
lxd/storage/drivers/btrfs: avoid fmt.Sprintf() as it is slow
lxd/storage/drivers/btrfs: replace fmt.Sprintf() by fmt.Sprint()
lxd/api: avoid fmt.Sprintf() as it is slow
lxc/cluster_group: replace fmt.Sprintf() by fmt.Sprint()
lxc/launch: avoid fmt.Sprintf() as it is slow
lxc/list: avoid fmt.Sprintf() as it is slow
lxc/list: replace fmt.Sprintf() by fmt.Sprint()
lxc/list: micro-optimise typeColumnData
lxc/config: avoid fmt.Sprintf() as it is slow
lxd/daemon: replace fmt.Sprintf() by fmt.Sprint()
lxc/network: replace fmt.Sprintf() by fmt.Sprint()
lxc/network_acl: replace fmt.Sprintf() by fmt.Sprint()
lxc/network_load_balancer: replace fmt.Sprintf() by fmt.Sprint()
lxc/project: replace fmt.Sprintf() by fmt.Sprint()
lxc/project: avoid fmt.Sprintf() as it is slow
lxd/instance_file: replace fmt.Sprintf() by fmt.Sprint()
lxd/firewall/drivers/util: replace fmt.Sprintf() by fmt.Sprint()
lxd/firewall/drivers/util: pre-allocate hexMask
lxd/firewall/drivers/xtables: replace fmt.Sprintf() by fmt.Sprint()
lxd/firewall/drivers/xtables: do not shadow builtin delete keyword
lxd/ip/link: replace deprecated RunCommand() by RunCommandContext(context.TODO(), …)
lxd/ip/link: replace fmt.Sprintf() by fmt.Sprint()
lxd/storage/utils: replace fmt.Sprintf() by fmt.Sprint()
lxd/storage/utils: avoid fmt.Sprintf() as it is slow
lxd-benchmark/util: replace fmt.Sprintf() by fmt.Sprint()
shared/simplestreams/products: avoid fmt.Sprintf() as it is slow
shared/simplestreams/products: replace fmt.Sprintf() by fmt.Sprint()
lxd-user/lxd: replace deprecated RunCommand() by RunCommandContext(context.TODO(), …)
lxd-user/lxd: replace fmt.Sprintf() by fmt.Sprint()
lxd/devices: replace fmt.Sprintf() by fmt.Sprint()
lxd/devices: avoid fmt.Sprintf() as it is slow
lxd/storage/filesystem/fs: replace fmt.Sprintf() by fmt.Sprint()
lxc/warning: replace fmt.Sprintf() by fmt.Sprint()
lxd/archive: replace fmt.Sprintf() by fmt.Sprint()
lxd/device/utils_network: replace fmt.Sprintf() by fmt.Sprint()
lxd/device/utils_network: avoid fmt.Sprintf() as it is slow
lxd/device/disk: replace fmt.Sprintf() by fmt.Sprint()
lxd/device/disk: avoid fmt.Sprintf() as it is slow
lxd/device/disk: replace deprecated RunCommand() by RunCommandContext(context.TODO(), …)
lxd/device/utils_disk: replace deprecated RunCommand() by RunCommandContext(context.TODO(), …)
lxd/firewall/drivers/xtables: replace deprecated RunCommand() by RunCommandContext(context.TODO(), …)
lxd/firewall/drivers/xtables: avoid fmt.Sprintf() as it is slow
lxd/firewall/drivers/xtables: replace deprecated RunCommand() by RunCommandContext(context.TODO(), …)
lxd/storage/connectors/utils: Set context timeout only when no deadline is configured
lxd/storage/connectors/utils: Allow setting custom timeout for connect function
lxd/profiles: Add all-projects support
doc/rest-api: Refresh swagger YAML
client: Add GetProfilesAllProjects function
lxc/profile: Add customizable columns to lxc profile list
lxc/profile: Add all-projects to lxc profile list
i18n: Update translation templates.
i18n: Update translations.
tests: Add lxc profile list --all-projects tests to authorization tests
tests: Add lxc profile list --all-projects tests to projects tests
doc(instance) fix cluster.evacuate doc block to avoid newlines in the generated metadata api response
doc: increase linkcheck rate limit max timeout
doc: increase linkcheck retries
doc/reference/devices_proxy: remove unsupported udp connection types
doc/reference/devices_proxy: improve wording
lxc/completion: Add cluster member configuration option completions
lxd/backup: Add ValidateBackupName function
lxd: Utilize ValidateBackupName for backup name validation
shared/api: Add support for entitlements for remaining API types that can have fine-grained permissions
lxd/storage/drivers/powerflex: Don’t map volume before resize
lxd/storage/drivers/powerflex: Block volume creation if zero-padding is disabled
lxd/storage/drivers/powerflex: Lock the API token
lxd/storage/drivers/powerflex: Copy the API request body
lxd/storage/drivers/powerflex: Use NewStatusError in case of fixed strings
lxd/storage/drivers/powerflex: Always allow the filler to resize in CreateVolume
lxd/storage/block: Add WaitDiskDeviceResize func
lxd/storage/drivers/powerflex: Always wait for volume resizes
lxd/storage/block: Move utility functions from connector package
lxd/storage/drivers/powerflex: Use moved utility functions from block package
doc/rest-api: Refresh swagger YAML
lxd/server: Add entitlement enrichment for api.Server
lxd/image_alias: Add entitlement enrichment for api.ImageAliasEntry
lxd/instance_backup: Add entitlement enrichment for api.InstanceBackup
lxd/instance_snapshot: Add entitlement enrichment for api.InstanceSnapshot
lxd/storage_volumes_backup: Add entitlement enrichment for api.StorageVolumeBackup
lxd/storage_volumes_snapshot: Add entitlement enrichment for api.StorageVolumeSnapshot
lxd/auth_groups: Return a slice of pointer to api.AuthGroup for in-place entitlement enrichment
lxd/certificates: Return a slice of pointer to api.Certificate for in-place entitlement enrichment
lxd/identities: Return a slice of pointer to api.Identity for in-place entitlement enrichment
lxd/network: Return a slice of pointer to api.Network for in-place entitlement enrichment
lxd/storage-pools: Return a slice of pointer to api.StoragePool for in-place entitlement enrichment
test/auth: remove check for access_entitlements: [] since we added omitempty field annotation
lxd/device/gpu_physical: containers with CDI GPU can be restarted even after abrupt host shutdown
lxd/network/driver_physical: replace fmt.Sprintf() by fmt.Sprint()
lxd/network/driver_physical: don’t hardcode HTTP status code
lxc/config/cert: avoid fmt.Sprintf() as it is slow
client/lxd_images: pass ref to image instead of copying it
client/lxd_oidc: avoid fmt.Sprintf() as it is slow
client/lxd_profiles: avoid fmt.Sprintf() as it is slow
client/lxd_projects: avoid fmt.Sprintf() as it is slow
lxc/network_peer: avoid fmt.Sprintf() as it is slow
lxd/instance_console: LXD requires LXC 5.0 or newer
lxd/api_project: Add comment on projectValidateConfig
lxd/api_project: Do not check current uplink IP consumption
Revert “lxd/api_project: Add projectName argument to projectValidateConfig”
Revert “lxd/api_project: Create uplinkIPLimitValidator”
lxd/project/limits: Accept cached networks in UplinkAddressQuotasExceeded
lxd/network: Update UplinkAddressQuotasExceeded usage
lxd/project/limits: Check for uplink IP quotas in checkUplinkUse
lxc/completion: Fix positional completions for lxc config device add
lxd/device/nic: Update default description for physical NIC hwaddr
doc: Update metadata
lxd/instance/utils: LXD requires LXC 5.0 or newer
lxd/instance/drivers/lxc: LXD requires LXC 5.0 or newer
lxd/instance/drivers/lxc: avoid fmt.Sprintf() as it is slow
lxd/instance/drivers/lxc: replace deprecated RunCommand() by RunCommandContext(context.TODO(), …)
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
build(deps): bump github/codeql-action from 3.28.5 to 3.28.8
build(deps): bump github.com/osrg/gobgp/v3 from 3.33.0 to 3.34.0
shared/version: Add storage_driver_powerflex extension
doc: Add storage_driver_powerflex API extension
lxd/api_project: Fix typo in metadata
lxd/storage/drivers/cephfs: Pass context when invoking commands (linter)
lxd/storage/drivers/ceph_object: Pass context when invoking commands (linter)
lxd/storage/drivers/ceph: Pass context when inoking commands (linter)
lxd/storage/drivers/lvm: Pass context when invoking commands (linter)
lxd/storage/drivers/zfs: Pass context when invoking commands (linter)
test/stresstest: Remove duplicate definition of BASE_URL
lxd/device/nic: Retrieve MAC address of parent physical NIC on device start
doc: Update metadata
api: Add Pure Storage driver API extension
lxd/storage/drivers/pure: Initial scaffolding for storage driver pure
lxd/storage/drivers/driver_types: Add driver option PopulateParentVolumeUUID
lxd/storage/backend_lxd: Ensure parent volume UUID is populated when required by driver
lxd/storage/drivers: Configure PopulateParentVolumeUUID for all drivers
lxd/storage/drivers/load: Add pure as storage driver
lxd/storage/drivers/pure: Add basic pool and volume configuration validation
lxd/storage/drivers/pure: Add login and request wrapper
lxd/storage/drivers/pure: Create and delete storage pool
lxd/storage/drivers/pure: Add utils for handling Pure Storage hosts
lxd/storage/drivers/pure: Function to resolve Pure Storage volume name
lxd/storage/drivers/pure: Test volume name generation
lxd/storage/drivers/pure: Add util function to retrieve network interfaces
lxd/storage/connectors: Add iSCSI connector
lxd/storage/drivers/pure: Add iSCSI support and volume mapping utils
lxd/storage/drivers/pure: Ensure multipath device is properly removed
lxd/storage/drivers/pure: Create, mount, and unmount volume
lxd/storage/drivers/pure: Add NVMe/TCP support
lxd/storage/drivers/pure: Delete volume
lxd/storage/drivers/volume: Add util function to get parent volume
lxd/storage/drivers/pure: Create and delete volume snapshots
lxd/storage/drivers/pure: Add utils for retrieving storage arrays
lxd/storage/drivers/pure: Extract storage pool, volume, and array space information
lxd/storage/drivers/pure: Report resource usage of storage pools and volumes
lxd/storage/drivers/pure: Restore volume snapshots
lxd/storage/drivers/pure: Get volume usage from Pure Storage
lxd/storage/drivers/pure: Set or update volume quota
lxd/storage/drivers/pure: Allow volume copy with snapshots and optimized images
lxd/storage/drivers/pure: Volume refresh
lxd/storage/drivers/pure: Mount/unmount volume snapshot
lxd/storage/drivers/pure: Volume migration
lxd/storage/drivers/pure: Handle cluster member volume move
lxd/storage/drivers/pure: Allow changing storage pool quota
lxd/storage/drivers/pure: Delete default protection groups when storage pool is created
lxd/storage/drivers/pure: Wait for desired disk size after resize
lxd/storage/drivers/pure: Allow setting custom target addresses
lxd/storage/backend_lxd: Ensure volatile uuid is set for regenerated optimized image
lxd/storage/utils: Add Pure Storage to common volume rules
test/backends: Helper functions for creating Pure Storage pools
test/includes/storage: Include Pure Storage driver if gateway and api token are set
test/storage_driver_pure: Add basic Pure Storage tests
test/container_move: Use helper function to create Pure Storage pool
test/storage_local_volume_handling: Test Pure Storage with other available storage drivers
test/storage_snapshots: Use helper function to create Pure Storage pool
test/backup: Skip recovery tests for Pure Storage driver
docs: Add Pure Storage driver docs
docs: Add example on how to create Pure Storage storage pool
docs: Add explanation of Pure Storage remote storage
docs: Add Pure Storage and its features to table of supported storage drivers
docs: Update wordlist
docs: Update metadata
lxd/metadata: Update longdesc for agent.nic_config
lxd/device/nic: Add container condition to container specific device options for physical NICs
doc: Update metadata
doc: Fix typo in Pure Storage example
lxd/storage/drivers/pure: Fix typo in comment
lxd/storage/drivers/pure: Improve disk suffix when mapping NVMe volumes
lxd/storage/drivers/pure: Fix pure.target metadata description
doc: Update metadata
lxd/storage/drivers/pure: Fix typo in comment
lxd/device: Add source-type disk device key
lxd/storage: Replace DiskVolumeSourceParse with source-type key
lxc/storage_volume: Use source-type key when add/rm disk devices
lxd: Revert “Preserve custom/c1 syntax in devices during volume rename”
test: Revert “Rename should preserve custom/c1 syntax”
test/storage: Revert “custom/volume syntax”
lxd/device: Eliminate uneeded queries
doc: Update metadata
lxd/storage/connectors/iscsi: Simplify run discovery command invocation
lxd/storage/drivers/pure: Delete potnetially left temporary snapshot volume
lxd/storage/drivers/pure: Replace sprintf with concat
lxd/storage/connectors/iscsi: Replace sprintf with concat
lxd/storage: Revert “Use correct storage volume name in MountVolume”
lxd/storage: Revert “Rename UnmountCustomVolume → UnmountVolume”
lxd/storage: Revert “Rename UnmountCustomStorage → UnmountStorage”
lxd/device: Revert “Rename UmmountCustomVolume → UnmountVolume”
lxd: Revert “Rename UnmountCustomVolume → UnmountVolume”
lxd/storage: Revert “Rename MountCustomVolume → MountVolume”
lxd/storage: Revert “Use correct storage volume name in MountVolume”
lxd/storage: Revert “Rename MountCustomVolume → MountVolume”
lxd/device: Revert “Rename MountCustomVolume → MountVolume”
lxd: Revert “Rename MountCustomVolume → MountVolume”
lxd/device: Use MountInstance for attaching instance volumes
lxd/device/disk: Remove outdated comment
lxd/device: Use MountOwnerShift constant
lxd/device: Update comments
lxd/instance/instancetype: Add longdesc for volatile.last_state.idmap
lxd/instance/instancetype: container condition on idmap volatile keys
lxd/storage: Document volatile.idmap.{last,next} for storage volumes
doc: Update metadata
lxd/metrics: TYPE must not be "" so default to counter
lxd/metrics: simplify TYPE handling
lxd/metrics: write HELP and TYPE messages in one go
lxd/metrics: simplify TYPE suffix handling
lxd/storage/connectors/iscsi: Do not check stderr after successful connection
lxd/storage/connectors/iscsi: Replace iscsi discovery with manual db management
lxd/instance/drivers: Send mount options to lxd-agent
lxd-agent: Parse and use mount options
lxd/instance: Avoid using deprecated RunCommand (static-check)
lxd/loki: Rework use of context
lxd/loki: Add checkLoki function to ensure Loki is ready when creating a new Loki client
doc/images: Add images for Entra ID tutorial.
lxd/api/project: Use s.ShutdownCtx projectValidateConfig
lxd/api/project: Move specific error generation inside transaction in projectValidateConfig
lxd/network/network/utils: Update AllowedUplinkNetworks to accept context and transaction
lxd/api/project: Update network.AllowedUplinkNetworks usage in projectValidateConfig
lxd/network/driver/ovn: Use shutdownCtx in Validate
lxd/network/driver/ovn: Move specific error generation inside transaction
lxd/network/driver/ovn: Update use of AllowedUplinkNetworks by reusing transactions
lxd/network/driver/ovn: Re-use existing transaction for forward and load-balancer validation
lxd/network/driver/ovn: Reduce scope of uplinkRoutes var
lxd/network/driver/ovn: Parse internal and external subnets in one go in Validate
lxd/network/driver/ovn: Use happy path style in subnet parsing loop
lxd/network/driver/ovn: Avoid sprintf
lxd/storage/drivers/powerflex: Allow comma separated list of SDT targets
doc: Update metadata
doc/howto: Add Entra ID how-to.
doc: Add Entra ID how-to to TOC tree.
doc: Add spellcheck exceptions.
lxd/network/driver/ovn: Check volatile uplink IPs are within allowed ranges specified on uplink
lxd: Add methods to extract and verify claims.
test: Check that ovn volatile uplink IPs must be in the allowed ranges specified on the uplink.
lxd/device: Unmount instance disk devices
lxd/instance/drivers/driver/qemu: Fix regenerating nvram vars file when upgrading from LXD 4.0
lxd/instance/drivers/driver/qemu: Improve function comment on nvramPath
github/actions/setup-microceph: force the detection of new partitions
lxd/instance/drivers/driver/qemu: Switch to RunCommandContext
lxd/instance/drivers/driver/qemu: Avoid sprintf
lxd/api_project: add restricted.networks.subnets example in docstring
doc: Update metadata
doc/howto/network_forwards: add note on how to show target ports
doc/howto/network_forwards: note that static IPs are typically used for targets
shared/api/network_forward: update docstrings
doc: Update metadata
doc/howto/network_forwards: add list forwards UI tab/screenshot
doc/howto/network_forwards: add show forward UI tab/screenshot
doc/howto/network_forwards: fix forward show CLI example
doc/howto/network_forwards: add delete forward UI tab/screenshot
doc/howto/network_forwards: add edit forward UI tab/screenshot
doc/howto/network_forwards: add create bridge forward & port config UI tabs/screenshots
doc/howto/network_forwards: fix typo
doc/howto/network_forwards: add create OVN forward UI tab/screenshot
doc/images/UI: minimize network forward screenshot PNGs
doc/howto/move_instances: improve live migration criteria
doc/howto/move_instances: mention evacuate/restore
doc/howto/move_instances: improve move and copy sections
doc: fix looping local sphinx-autobuild
build(deps): bump github/codeql-action from 3.28.8 to 3.28.9
build(deps): bump github.com/go-chi/chi/v5 from 5.2.0 to 5.2.1
build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5
build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0
build(deps): bump github.com/minio/minio-go/v7 from 7.0.84 to 7.0.85
lxd/storage/drivers/powerflex: Add getNVMeTargetQN
lxd/storage/drivers/powerflex: Add getNVMeTargetAddresses
lxd/storage/drivers/powerflex: Add discover
lxd/storage/drivers/powerflex: Use the Connect and Disconnect funcs
lxd/storage/drivers/powerflex: Don’t populate the powerflex.sdt config key
lxd/storage/drivers/powerflex: Move the mode detection to a more fitting place
lxd/storage/connectors/sdc: Implement LoadModules
lxd/storage/drivers/powerflex: Restructure the SDC checks on pool creation
lxd/patches: Add patchUnsetPowerFlexSDTSetting
lxd/patches: Don’t use deprecated RunCommand
lxd/storage/connectors: Remove ConnectAll and DisconnectAll
lxd/storage/connectors: Remove unused SessionID
lxd/storage/connectors/nvme: Don’t use deprecated RunCommand
lxd/storage/drivers/powerflex: Cleanup error messages
doc: Add SDTs to wordlist
build(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0
lxd/instance/drivers/qemu: Fix double-escaped device name
lxd/storage/drivers/pure: Include minimum API token permission in description
lxd/storage/drivers/powerflex: Document minimum required user role
doc: Update metadata
doc: Update metadata
doc: Add SystemAdmin to wordlist
docs: Clarify Pure Storage array usage between LXD installations
lxd/locking: Add TryLock
lxd/storage/connectors: Use TryLock when attempting new connections
lxd/network/zone/reverse: move to shared/dnsutil/reverse
lxd/network/zone/zone: Switch to dnsutil package’s Reverse function
lxd/network/openvswitch/ovn: Add PTR record generation for instance NIC IPs
lxd/network/openvswitch/ovn: Ignore prealloc warnings for complex loop
test: Add tests for ovn DNS
Modified ChassisGroupChassisDelete to convert chassis_name to _uuid to fix later comparison
Linter fixes
lxd/network/openvswitch/ovn: Don’t initialise slices to empty capacity
lxd/network/openvswitch/ovn: Fix escaping of values in ChassisGroupChassisDelete
test: Remove unnecessary sudo from ovn tests
test: Check for ha_chassis removal on lxd shutdown
lxd/instance/logs: Load instance from database to validate name in instanceLogsGet
lxd/instance/logs: Avoid premature load of instance in instanceLogGet
lxd/instance/logs: Avoid premature load of instance in instanceLogDelete
lxd/instance/logs: Avoid premature load of instance in instanceExecOutputsGet
lxd/instance/logs: Avoid premature load of instance in instanceExecOutputGet
lxd/instance/logs: Avoid premature load of instance in instanceExecOutputDelete
lxd/storage/drivers/pure: Copy the API request body
Revert “lxd/storage/drivers/powerflex: Lock the API token”
lxd/storage/drivers/powerflex: Fix error message
lxd/instance/logs: Improve checks in validLogFileName and validExecOutputFileName
lxd/storage/drivers/zfs: improve zfs.export short desc
doc: Update metadata
Makefile: don’t change dir but tell make to look into doc/
api: Add cloud_init_ssh_keys extension
shared/validate: Create IsUserSSHKey
lxd/instance/instancetype: Add cloud-init.ssh-keys. config key for instances
lxd/instance/instancetype: Add cloud-init.ssh-keys. to recognized config key prefixes
lxd/util: Create MergeSSHKeyCloudConfig
lxd/devlxd_test: Add unit tests for mergeSSHKeyCloudConfig
lxd/device/disk: Merge SSH keys into cloud-init seed data
lxd/devlxd: Merge SSH keys into cloud config
lxd/devlxd: Retrieve vendor-data if SSH keys are defined
doc: Extend cloud-init docs with additional SSH key injection
doc: Update metadata
api: Add oidc_scopes API extension.
lxd/cluster/config: Add oidc.scopes config key.
lxd/auth/oidc: Add custom scopes support
doc: Update configs
lxd/cluster/config: Update groups claim description.
doc: Update metadata
lxd/auth/oidc: Return nil if getting IdP groups fails.
lxd/auth/oidc: Send scopes as a header to the client.
lxd: Reload verifier if oidc.scopes is changed.
client: Update client to use X-LXD-OIDC-scopes header.
test/suites: Test validation of scope config.
lxd: Add patch moving oidc.groups.claim to oidc.scopes.
lxd: Add unit test for the group claim patch.
api: Add project_default_network_and_storage extension
doc/rest-api: Refresh swagger YAML
shared/api: Add storage and network options to ProjectsPost
lxc: Add storage and network flags
lxd: Add storage and network to new project default profile
test/suites: Add testing for project storage and network options
test/suites: Fix init_dump test to follow new project config
i18n: Update translation templates
lxd: Use project name isntead of api.Project
doc: SSH keys are merged into cloud-init seed data
lxd/devlxd: Elaborate on merging SSH keys into cloud-init data
doc: lxd to lxc typo in network_forwards.md
github: split documentation job into build and test
lxd/network: Fix OVN LogicalSwitchPortGetDNS to understand DNS records field that contains PTR records
doc: ignore linkcheck for gnu.org per often fails
lxd/instance_exec: simplify environment. handling
client/lxd_network_peer: avoid fmt.Sprintf()
lxc/console: avoid fmt.Sprintf()
lxc/network_zone: avoid fmt.Sprintf()
lxc/network_forward: avoid fmt.Sprintf()
lxc/profile: avoid fmt.Sprintf()
lxc/rename: avoid fmt.Sprintf()
lxc/restore: avoid fmt.Sprintf()
lxd/apparmor/network_dnsmasq: avoid fmt.Sprintf()
lxd-agent/devlxd: avoid fmt.Sprintf()
lxd/auth/oidc: avoid fmt.Sprintf()
lxd/certificates: avoid fmt.Sprintf()
lxd/cgroup/abstraction: avoid fmt.Sprintf()
lxd/cluster/connect: avoid fmt.Sprintf()
lxd/config/safe: avoid fmt.Sprintf()
lxd/db/cluster/permissions: avoid fmt.Sprintf()
lxd/db/images: avoid fmt.Sprintf()
lxd/db/networks: avoid fmt.Sprintf()
lxd/db/node/sqlite: avoid fmt.Sprintf()
lxd/device/device_utils_generic: avoid fmt.Sprintf()
lxd/dnsmasq/dnsmasq: avoid fmt.Sprintf()
lxd/fsmonitor/drivers/errors: avoid fmt.Sprintf()
lxd/instance: avoid fmt.Sprintf()
lxd/instance/drivers/qmp/commands: avoid fmt.Sprintf()
lxd/main_forknet: avoid fmt.Sprintf()
lxd/main_forknet: use shared.RunCommandContext()
lxd/main_forkproxy: avoid fmt.Sprintf()
lxd/main_sql: avoid fmt.Sprintf()
lxd/network/network_load: avoid fmt.Sprintf()
lxd/operations/operations: avoid fmt.Sprintf()
lxd/operations/response: avoid fmt.Sprintf()
lxd/project/limits/state: avoid fmt.Sprintf()
lxd/project/permissions: avoid fmt.Sprintf()
lxd/storage: avoid fmt.Sprintf()
lxd/storage_volumes: avoid fmt.Sprintf()
lxd/template/chroot: avoid fmt.Sprintf()
lxd/util/kernel: avoid fmt.Sprintf()
lxd/util/kernel: use shared.RunCommandContext()
lxd/util/net: avoid fmt.Sprintf()
lxd/warnings: avoid fmt.Sprintf()
shared/api/event: avoid fmt.Sprintf()
shared/simplestreams: avoid fmt.Sprintf()
lxd/dnsmasq/dnsmasq: name return values
lxd/certificates: ignore deprecation of Password (it is used to error out)
lxd/db/images: ignore prealloc
lxd/db/cluster/permissions: ignore prealloc
lxd/main_forkproxy: fix comment
test/suites/basic: use better grep
test/suites/basic: test environment variables with profiles
lxd/device: Replace source-type with source.type
lxd/storage: Replace source-type with source.type
lxc: Replace source-type with source.type
doc: Update metadata
lxd/storage: Fix linter error
lxd/network/driver/ovn: Linter fixes
lxd/daemon/storage: Reworks daemonStorageValidate to return validated target from DB
lxd/api/1.0: Updates usage of daemonStorageValidate to appease codeql
github: Rework documentation tests
test/includes: Don’t spawn mini-oidc if already set up.
test/includes: Delete OIDC files on kill_oidc.
test/suites: Don’t kill mini-oidc in test suites.
test: Kill mini-oidc on cleanup.
lxc/config: Don’t create oidctokens directory unless there are tokens to write.
lxd/db/cluster: Check group names on membership change failure.
test/suites: Test group add error message.
lxd/db/cluster/permissions: preallocate args
lxd/db/images: preallocate addresses
lxd/network/openvswitch/ovn: avoid fmt.Sprintf()
lxd/daemon_storage: extra validation of pool and volume names to daemonStorageValidate()
lxd: Prevent using remote storage pools for (images|backups)_volume
test/suites/serverconfig: Test setting storage.(backups|images)_volume with volumes on remote storage pools
lxc-to-lxd/config: avoid fmt.Sprintf()
lxc/storage: avoid fmt.Sprintf()
lxc/storage_volume: avoid fmt.Sprintf()
lxc/import: avoid fmt.Sprintf()
lxd-agent/events: reject mount path with ..
lxd-agent/events: use filepath.Abs()
lxd/network/driver_bridge: reject known bad names for network bridges
lxd/network/driver_bridge: avoid fmt.Sprintf()
lxc-to-lxd/config: preallocate slice
lxd/network/driver_bridge: preallocate slice
lxd/network/openvswitch/ovn: avoid fmt.Sprintf()
lxd/network/openvswitch/ovn: add comment when fmt.Sprintf(%d) is required to preserve units
lxd-agent/main_agent: avoid fmt.Sprintf()
lxd-agent/main_agent: avoid fmt.Sprintf()
lxd-agent/main_agent: skip mount targets with ..
lxd-agent/main_agent: use shared.RunCommandContext()
lxd/instance/drivers/qemu: simplify virtiofsd socket path extraction
lxd/instance/drivers/qemu: stop looking when the virtiofsd socket path was found
lxd/instance/drivers/qemu: avoid fmt.Sprintf()
lxd-agent/state: check bounds before converting uint64->int64
lxd/network/driver_ovn: avoid fmt.Sprintf()
lxd/network/driver_ovn: bound check mtu before converting uint32->int32
lxd/resources/network: reject known bad chars from network name
Revert “lxd: Prevent using remote storage pools for (images|backups)_volume”
lxd: Restrict usage of non read-write-many volumes for backup and image vols
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
build(deps): bump canonical/has-signed-canonical-cla from 1.2.3 to 2.0.0
build(deps): bump github.com/minio/minio-go/v7 from 7.0.85 to 7.0.86
build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1
github: allow lxc binary size up to 16MiB
lxd/storage/drivers/lvm: don’t abort pvresize during service stop
lxd/storage/drivers/lvm: don’t abort lvresize during service stop
lxd/storage/drivers/lvm: avoid fmt.Sprintf()
lxd/storage/drivers/zfs: don’t abort zpool export during service stop
lxd/storage/drivers/zfs: don’t abort zpool destroy during service stop
lxd/storage/drivers/zfs: don’t abort zfs destroy during service stop
lxd/storage/drivers/zfs: don’t abort zfs rename during service stop
lxd/storage/drivers/zfs: avoid fmt.Sprintf()
build(deps): bump golang.org/x/tools from 0.29.0 to 0.30.0
build(deps): bump golang.org/x/oauth2 from 0.25.0 to 0.26.0
shared/api: instance<snapshot|backup> and volume<snapshot|backup> should not be enriched with entitlements
lxd: disable enrichment with entitlements for instance<snapshot|backup>, volume<snapshot|backup> entities
lxd: resultMap for network zones and network acls should be a slice of pointers
lxd-agent/events: verify that the mount path is anchored at the root
lxd/storage/drivers/generic_vfs: avoid fmt.Sprintf()
shared/util: add IsFileName() helper
lxd/api_internal: defend against path traversal attacks through backup file restore
lxd/instance_metadata: defend against path traversal attacks through template files
test/suites/config: test some illegal template file names
lxd/storage/drivers/btrfs_volumes: defend against path traversal attacks through backup snapshot name
lxd/storage/drivers/generic_vfs: defend against path traversal attacks through backup snapshot name
lxd/storage/drivers/zfs_volumes: defend against path traversal attacks through backup snapshot name
lxd/storage/drivers/zfs_volume: avoid shared.RunCommand()
lxd/storage/drivers/zfs_volume: avoid fmt.Sprintf()
gomod: Update dependencies
lxd/daemon: bound check BGP ASN
lxd/daemon: set BGP ASN only once
lxd/daemon: align int types for voters and standby members
shared/api/network_forward: add how to allocate listen address
shared/api/network_forward: include default target_address in config examples
doc/rest-api: Refresh swagger YAML
lxd/devlxd: use safer strings.Cut()
lxd/devlxd: convert PID to string only once
lxd/devlxd: replace regexp with simpler parsing
lxd/device/cdi/spec: use config search paths option for Ubuntu Core
lxd/device/cdi/spec: use shared.RunCommandContext()
lxd-agent: Fix path check logic
doc: Update outdated MicroCloud info
lxd/network/openvswitch/ovn: Fix DHCPv4 after int formatting regression in LogicalSwitchDHCPv4OptionsSet
test: Adds check for OVN network DHCP options
lxd/device/disk: Include user.* keys on meta-data file
lxd/device: Use d.inst.CloudInitID() for instance ID
gomod: Update dependencies
lxd-agent/state: rework bound checking
lxd/network/openvswitch/ovn: improve time to string conversion of max/min_intervals
lxd/certificates: use constant time comparison of token secrets
lxd/images: use constant time comparison of image secrets
lxd/images: obtain fingerprint URL path only once
lxd/images: fix comment style
lxd/network/openvswitch/ovn: Use strconv.FormatUint rather than fmt.Sprint
lxd/network/openvswitch/ovn: Fix regression LoadBalancerApply
lxd/network/openvswitch/ovn: Don’t allocate dynamic IPs when DHCP is disabled in LogicalSwitchPortAdd
lxd/network/driver/ovn: If DHCPv4 is disabled but DHCPv6 is enabled then specify EUI64 address statically
lxd/network/driver/ovn: Update getDHCPv4Reservations to not include NIC static IPs in reservations
lxd/network/driver/ovn: Remove concept of NIC static IP DHCPv4 reservation
lxd/network/openvswitch/ovn: Remove unused LogicalSwitchDHCPv4RevervationsGet and LogicalSwitchDHCPv4RevervationsSet
lxd/instance/drivers: Applying SSH keys requires resetting instance ID
lxd-agent/state: rework bound checking to avoid skewing memory.Usage
lxd/main_forkconsole: protect against int overflow
lxd/main_forkconsole: add comment to exported funcs
lxd/main_forkproxy: protect against int overflow
lxd: fix warning SA1019: req.ContainerOnly is deprecated: Use InstanceOnly.
doc/rest-api: Refresh swagger YAML
lxd/instance/drivers/lxc: protect against int overflow
lxc/list: protect against int overflow
lxc/list_test: limit column sizes to Int31 (0=>math.MaxInt32)
test/auth: More tests for entity enrichment with entitlements
build(deps): bump actions/cache from 4.2.0 to 4.2.1
build(deps): bump github/codeql-action from 3.28.9 to 3.28.10
build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
build(deps): bump canonical/has-signed-canonical-cla from 2.0.0 to 2.1.0
build(deps): bump github.com/zitadel/oidc/v3 from 3.34.1 to 3.35.0
build(deps): bump golang.org/x/crypto from 0.33.0 to 0.34.0
lxd/project/project: use safer strings.Cut() to split project from volume names
lxd/instance/drivers/common: avoid fmt.Sprintf()
lxd/project: add ValidName() helper
lxd/project: reject \ in project name
lxd/project: group project name checks logically
lxd/api_project: use projecthelpers.ValidName() helper
lxd/storage/backend_lxd: (re)validate new instance name during renames
lxd/db/storage_volumes: avoid fmt.Sprintf()
lxd/storage/utils: reject volume names with backslashes
lxd/instance_metadata: use instance’s TemplatesPath()
lxd/api_vsock: build the trustedCerts map only once
lxd/util/http: avoid fmt.Sprintf()
lxd/util/http: do the quick check first in IsJSONRequest()
lxd/util/http: do constant time comparison in CheckMutualTLS()
lxd/cluster/tls: build maps used with CheckMutualTLS() out of the loop
lxd/instance/instancetype/instance: reject back slashes in snapshot names
lxd/instance/instancetype/instance: add ValidSnapName() helper
lxd/instance/instancetype/instance: use ValidSnapName() in ValidName()
lxd/instance/instancetype/instance: reject empty snapshot name
lxd/instance/instancetype/instance: reject * in snapshot name
lxd/instance_logs: use shared.IsFileName() where applicable
lxd/api_internal: verify the instance ref using instancetype.ValidName()
lxd/storage/drivers/generic_vfs: improve check on snapshot names
lxd/storage/drivers/btrfs_volumes: improve check on snapshot names
lxd/storage/drivers/zfs_volumes: improve check on snapshot names
lxd/api_cluster: reject back slashes in cluster group name
lxd/api_cluster: do direct string comparisons first when validating cluster group name
shared/api/instance: use safer strings.Cut()
shared/cert: use named return values in GenerateMemCert()
lxd/db/cluster: Add fine-grained TLS identities to ID from URL query.
test/suites: Test permissions can be applied to pending and activated fine-grained TLS clients.
shared/util_linux: simplify extracting values out of /proc/meminfo
github: require code tests to pass before running client ones
shared/util_linux: use named results
lxd/cgroup/abstraction: have GetOOMKills() return a uint64
lxd/instance/drivers/lxc: GetOOMKills() returns a uint64 now
lxd/instance/drivers/lxc: avoid converting int64 to int
lxd/instance/drivers/lxc: bound check before converting uint64 to int64
lxd/cgroup/abstraction: avoid fmt.Sprintf()
lxd/cgroup/abstraction: add bound check to GetIOStats()
lxd/cgroup/abstraction: skip parsing of direct IO stats in GetIOStats()
lxd/cgroup/abstraction: avoid shared.ValueInSlice() when checking against a slice of 2 members
lxd/cgroup/abstraction: use strings.Cut() to avoid out of bound array accesses
lxd/cgroup/abstraction: CPU set handling is the same in v1/v2
lxd/cgroup/abstraction: avoid fallthrough directive
gomod: Update dependencies
lxd/instance_backup: fix comment
lxd/instance_backup: Save the implicitly validated instance name
doc: Add more info to SSH key injection section
doc: Elaborate on applying configuration on every boot
doc: use golang 1.23 with Read the Docs
doc: use ubuntu-24.04 with Read the Docs
doc/guest-os-compatibility: add subsection for VMs
doc/guest-os-compatibility: document host/guest compat for containers
lxd/instance_metadata: use TemplatesPath() helper
lxd/cgroup/abstraction: fix typo in io.max format
test/deps: Grep for dangling permissions in the panic checker.
lxd/db/cluster: Permissions must be deleted for auth groups.
lxd/db/cluster: Delete certificate permissions on identity deletion.
test/main: define a SMALL_ROOT_DISK var to easily create small instances
test/suites/backup: use shell comparison instead of grep
test/suites/backup: use instances with small root disk
test/suites/backup: rename UUID preservation test and clarify comments
test/main: properly name the backup UUID preservation test
test/suites/backup: don’t start the original instance in backup_export_import_recover
test/suites/backup: use shell comparison for snapshot count in backup_export_import_instance_only
test/suites/backup: use an empty instance in backup_export_import_instance_only
test/suites/backup: use a small volumes
Reapply “api: Add ubuntu_pro_guest_attach API extension.”
Reapply “shared/api: Add guest attachment API responses.”
Reapply “doc: Document devlxd Ubuntu Pro API endpoints.”
Reapply “lxd/ubuntupro: Add ubuntupro package.”
Reapply “lxd/ubuntupro: Return host guest attachment setting if instance setting is unset.”
Reapply “lxd/state: Add ubuntupro.Client to state.State.”
Reapply “lxd/state: Add ubuntupro.Client to Daemon.”
Reapply “lxd/instance/instancetype: Add ubuntu_pro.guest_attach to instance configuration.”
doc: Update metadata
Reapply “lxd: Add Ubuntu Pro handlers to devlxd.”
Reapply “lxd-agent: Add Ubuntu Pro handlers to devlxd.”
lxd/ubuntu-pro: Change Ubuntu Pro directory.
lxd/ubuntupro: Context should always be the first argument.
lxd/ubuntupro: Add missing json tag.
doc: revise and add signature verification requirement
doc/contributing: improve contributing guidelines
lxd/network/openvswitch: Don’t import state.State.
lxd/device: Update devices for openvswitch.NewOVN change.
lxd/network/acl: Update network ACLs for openvswitch.NewOVN change.
lxd/network: Update OVN driver for openvswitch.NewOVN change.
lxd/network/openvswitch/ovn: Update LogicalSwitchPortAdd to allow caller to request dynamic IPs even when DHCP options are not set
lxd/network/driver/ovn: Rework InstanceDevicePortStart to use updated LogicalSwitchPortAdd
lxd/network/driver/ovn: Fix InstanceDevicePortStart to request dynamic IPs when DHCP is disabled but device has routes
lxd/network/openvswitch/ovn: Add DynamicIPs field to OVNSwitchPortOpts and use in LogicalSwitchPortAdd
lxd/network/driver/ovn: Simplify logic in InstanceDevicePortStart wrt to static and dynamic IP allocation
lxd/operations: don’t log whole operation on failure
replace Contributor Code of Conduct
doc: minor fixes
lxc/snapshot: Remove mention of ‘lxc snapshot create …’ to put instead ‘lxc snapshot …’
i18n: Update translation templates.
i18n: Update translations.
github: Switch to use org level TICS secret
lxc: Return descriptive error if image cannot be found
lxc: Minor comment fixes
lxc: Linter fixes
i18n: Update translation templates.
i18n: Update translations.
build(deps): bump github.com/osrg/gobgp/v3 from 3.34.0 to 3.35.0
build(deps): bump actions/cache from 4.2.1 to 4.2.2
build(deps): bump actions/download-artifact from 4.1.8 to 4.1.9
lxd/auth: Fix missing comments from @markylaing
api: Update/rename instance_root_volume_attachment
lxd/device: Attach VM snapshots as disk devices
lxd/device: Mount snapshot disks readonly
lxc: Support attach/detach snapshot disk devices
doc/howto/storage_volumes: VM snapshot disk devices
doc/reference/devices_disk: Storage volume update
lxc/storage_volume: Factor volume attach arg parsing
lxd/storage: Disambiguate snapshots from parent volumes
doc: Update metadata
i18n: Update translation templates.
doc/installing: fix missing words in command syntax
lxd/device/disk: Consider readonly for other volume types
lxd/instance/drivers/lxc: avoid fmt.Sprintf()
lxd/instance/drivers/lxc: sort affinity set only once the instance is confirmed running
lxd/instance/drivers/lxc: avoid fmt.Sprintf() environment.
lxd/instance/drivers/lxc: simplify process limits setup with strings.CutPrefix()
lxd/instance/drivers/lxc: simplify sysctls setup
lxd/instance/drivers/lxc: iterate over expanded config less often
lxd/instance/drivers/lxc: do error handling for setting NVIDIA_DRIVER_CAPABILITIES only once
lxd/instance/drivers/lxc: fix inverted logic for setting NVIDIA_REQUIRE_CUDA/NVIDIA_REQUIRE_DRIVER env
doc/index: update link to code of conduct
remove old code of conduct from repo root
lxd/openvswitch/ovs: Replace deprecated RunCommand with RunCommandContext
lxd/openvswitch: Add Support for more OVS commands
lxd/resources: Allow GetNetworkState() to populate OVS bridge information
docs: add oidc configuration with auth0 and idp groups WD-18947
doc: update broken link in howto/initialize
lxd/ubuntupro: Reduce log verbosity when Pro config directory does not exist.
lxd/device/config: Use DevSource instead of DevPath
lxd/device: Replace RBD format ser/deser with DevSource structs
lxd/device: Produce DevSource structs instead of strings
lxd/instance/drivers/qemu: Consume DevSource structs
lxd/instance/drivers/lxc: Consume DevSource structs
lxd/device: Add snapshot field to DevSourceRBD
lxd/storage/drivers: Return snapshot from RBDImageName
lxd/device: Pass snapshot name to delegated RBD devices
lxd/instance/drivers/qemu: Pass RBD snapshot name to Qemu
lxd/storage/drivers: Fix lint errors
lxd/resources/network: prioritize native bridges over ovs ones
lxd/device: Outer variable for correct logging
lxd: Move MergeSSHKeyCloudConfig to new cloudinit package
lxd: Move tests to cloudinit package
lxd/cloudinit: Refactor SSH key injection logic
lxd/devlxd: Refactor devlxdConfigKeyGetHandler
lxd/device: Use refactored cloudinit package
lxd/cloudinit: Logic to prevent overwriting vendor-data config
lxd/cloudinit: Adapt unit tests to work after refactoring
lxd/util: Check for “#cloud-init”
lxd/cloudinit: Only log warning if additional keys are defined
lxd/devlxd: Rework devlxdConfigGetHandler
doc: hard-code discourse and related links titles
lxd/instance_instance_types: Update instanceRefreshTypes function to use all.yaml instance type file
doc: enable code block line highlighting
doc/howto/network-forwards: add API instructions
lxd/device/proxy: Remove unix socket from host when removing a proxy device
lxd/device/proxy: Improve error message formatting in killProxyProc function
test/suites/container_devices_proxy: Add check for host socket removal upon unix proxy device removal
lxd/device/proxy: Modify the checkProcStarted function to prioritize the ‘Failed to listen on…’ error message
gomod: Update dependencies
test/godeps: Adds go.opentelemetry.io/otel/trace/internal/telemetry
lxd/db/generate/db/parse: Use named return values in FiltersFromStmt and RefFiltersFromStmt
lxd/firewall/drivers/drivers/xtables: Use named return values in aclRuleCriteriaToArgs
lxd/db/openfga: Prealloc tuples slice in ReadStartingWithUser
lxd/db/projects: Prealloc slices in GetProjectInstancesAndProfiles
lxd/device/unix/hotplug: Ignore prealloc linter in loadUnixDevices
lxd/storage/drivers/driver/ceph/volumes: Ignore prealloc linter in VolumeSnapshots
client/lxd/instance: Ignore deprecated linter warnings for ContainerOnly
lxd/instances/post: Ignore deprecated linter warning for ContainerOnly
lxc/image: Switch to RunCommandContext
lxc/remote: Ignore deprecated linter warning for Password field
lxd-migrate/utils: Ignore deprecated linter warning for Password field
lxd/main/init/interactive: Switch to RunCommandContext
lxd/apparmor/apparmor: Switch to RunCommandContext
lxd/devices: Used named return values in deviceNetlinkListener
client/lxd/instances: Ignore linter warning for deprecated ContainerOnly field
lxd/apparmor/apparmor: Switch to RunCommandContext
lxd/cluster/upgrade: Switch to RunCommandContext
lxd/storage/drivers/driver/ceph/volumes: RunCommandContext linter
lxd/firewall/drivers/driver/nftables: RunCommandContext linter
lxd/instance/post: ContainerOnly linter
lxd/storage/drivers/driver/cephfs/utils: RunCommandContext linter
lxd/storage/drivers/driver/common: RunCommandContext linter
lxd/storage/drivers/driver/cephfs/volumes: RunCommandContext linter
lxd/storage/drivers/driver/lvm: RunCommandContext linter
lxd/storage/drivers/driver/zfs/utils: RunCommandContext linter
build(deps): bump github/codeql-action from 3.28.10 to 3.28.11
build(deps): bump github.com/minio/minio-go/v7 from 7.0.87 to 7.0.88
api: add client_cert_presence extension
shared/api: update GET /1.0 to indicate if the current request has a client certificate in it
lxd/resources/network: Fix regression in GetNetworkState
lxd/instance_instance_types: Convert logging to contextual logging in instanceRefreshTypes function
test: Add wait_for_add call during test_container_devices_nic_bridged_filtering

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for:

Linux: snap install lxd
MacOS: brew install lxc
Windows: choco install lxc

tomp · March 13, 2025, 10:33am

LXD 6.3 is currently available in the 6/candidate snap channel for consideration, and will be moved to the 6/stable channel soon.

tomp · March 17, 2025, 9:11am

LXD 6.3 is being rolled out to the 6/stable channel now.