Oracular Oriole Release Notes

Release
, ,
1

Oracular Oriole Release Notes

Table of Contents

Introduction

These release notes for Ubuntu 24.10 (Oracular Oriole) provide an overview of the release and document the known issues with Ubuntu and its flavours.

Support lifespan

Ubuntu 24.10 will be supported for 9 months until July 2025. If you need Long Term Support, we recommend you use Ubuntu 24.04 LTS until 24.04.1 is released.

Upgrades

Users of Ubuntu 23.10 will be offered an automatic upgrade to 24.04 soon after the release.
Users of 22.04 LTS however will be offered the automatic upgrade when 24.04.1 LTS is released, which is scheduled for the 15th of August.

New features in 24.04 LTS

Year 2038 support for the armhf architecture

Ubuntu 24.04 LTS solves the Year 2038 problem that existed on armhf. More than a thousand packages have been updated to handle time using a 64-bit value rather than a 32-bit one, making it possible to handle times up to 292 billion years in the future.

Updated Packages

Linux kernel :penguin:

systemd v255.4

Netplan v1.0 :globe_with_meridians:

Toolchain Upgrades :hammer_and_wrench:

  • GCC :cow: is updated to the 14, binutils to 2.42, and glibc to 2.39.
  • Python :snake: now defaults to version 3.12
  • OpenJDK :coffee: now defaults to LTS version 21
  • LLVM :dragon: now defaults to version 18
  • Rust :crab: toolchain defaults to version 1.75
  • Golang :rat: is updated to 1.22
  • .NET 8 is now default

OpenJDK

.NET

Apport

Security Improvements :lock:

Performance :zap:

Default configuration changes :gear:

As always there are many changes to defaults, mostly by newer versions of
packages. But a few are worth spelling out if your former automation,
configuration and tuning relied on those settings being one or the other way.

deb822 sources management

The sources configuration for Ubuntu has moved from /etc/apt/sources.list to /etc/apt/sources.list.d/ubuntu.sources in the more featureful deb822 format, aligning with PPAs that already migrated to deb822 last year. See the specification for more details.

Services restart on unattended-upgrade

The needrestart package has been modified to systematically restart services
if affected by a library upgrade, including in non-interactive scenarios such
as unattended-upgrade. The reason for this change is that
unattended-upgrade defaults to security updates only, and failing to
restarting services means that those running daemons will still be exposed to
the security issues fixed by the update.

It is possible to exclude specific services from automatic restart by adding
them to the override_rc section of /etc/needrestart/needrestart.conf.

See this Discourse post for more details.

irqbalance no more installed and enabled by default

The irqbalance service is designed to distribute hardware interrupts across
processors on a multiprocessor system to increase performance. This is
particularly useful in server configurations where multiple devices will be
competing for the CPU’s attention. And in doing so it has served Ubuntu well
being default enabled since 14 years based on a discussion and related to
the kernel actively delegating this to userspace.

But evolution of the wider ecosystem has outpaced irqbalance in most situations.
Irqbalance can still be useful, but unless the admin configures it, the policy
it provides is not a discernible improvement over the in-kernel default policy.

At the same time a few cases have been reported where irqbalance causes issues,
hence discussions have been ongoing for quite a while. It does usually not make
as much sense for virtual guests, it might conflict with manual tuning and other
power consumption or latency targets. Furthermore the kernel and in particular many device
drivers evolved since then and often do an equal or better job now.

This change is just not installing it by default, irqbalance will stay available and
anyone that benefits or even just want to experiment with it can use it as
before.

Some specific scenarios, like particular cloud images, already had irqbalance
disabled by default before. In a similar fashion some have been (and more might
be) identified which will keep it enabled by default as there has been evidence
that on this platform it is more helpful.

tzdata package split

The tzdata package was split into tzdata, tzdata-icu, and tzdata-legacy. The tzdata package ships only timezones that follow the current rules of geographical region (continent or ocean) and city name. All legacy timezone symlinks (old or merged timezones mentioned in the upstream backward file) were moved to tzdata-legacy. This includes the US/* timezones.

Please install tzdata-legacy in case you need the legacy timezones or to restore the previous behavior. This might be needed in case the system provides timezone-aware data over the network (e. g. SQL databases).

Ubuntu Desktop

Installer and Upgrades

  • We’ve taken the first steps towards a more general “provisioning” approach that encompasses a “device bootstrap” stage followed by a “first boot initialization” and a “desktop welcome” step.

    • This means the ubuntu-desktop-installer is now part of the larger ubuntu-desktop-provision project and has been renamed to ubuntu-desktop-bootstrap.
    • It comes with an improved UI design that is customizable via a central configuration file. Default image assets automatically follow the customized accent color, or can be swapped out entirely according to the needs of flavors or OEM providers.

  • In order to enable advanced users to benefit from subiuity’s/cloud-init’s autoinstall capabilities, we’ve added a dedicated page that allows side-loading an autoinstall.yaml from a network URL during the installation.

  • We are reintroducing support for ZFS guided installations, enhancing the flexibility and choices available for your storage management needs. This is a new implementation in the Subiquity-based installers, and is without encryption by default. The encrypted ZFS guided option will be developed in a future release.

  • Starting with Ubuntu 23.10, TPM-backed full-disk encryption (FDE) is introduced as an experimental feature, building on years of experience with Ubuntu Core. On supported platforms, you no longer need to enter passphrases at boot manually. Instead, the TPM securely manages the decryption key, providing enhanced security against physical attacks. This new feature streamlines the user experience and offers additional layers of security, especially in enterprise environments. However, the traditional passphrase-backed FDE is still available for those who prefer it. We invite users to experiment with this new feature, although caution is advised as it’s still experimental. More details in the TPM-backed Full Disk Encryption is coming to Ubuntu blog post. Do not hesitate to report bugs in Launchpad against the ubuntu-desktop-provision project.

    Known limitations:

    • Requires TPM 2.0.
    • Only a limited set of hardware is supported.
    • No external kernel-modules support. For example, no support of NVIDIA graphics cards.

  • The configuration file, /etc/netplan/01-network-manager-all.yaml (which specifies Network Manager as the Netplan renderer), has been moved to /lib/netplan/00-network-manager-all.yaml to reflect that it should not be edited. Also, it is now owned by the ubuntu-settings package. For upgraders, the move is be performed automatically and the old file removed if it was unchanged. If it was changed, the move still takes place, but a copy of the old file is left in /etc/netplan/01-network-manager-all.yaml.dpkg-backup (LP: #2020110).

  • NetworkManager now uses Netplan as its default settings-storage backend. On upgrade, all connection profiles from /etc/NetworkManager/system-connections/ are transparently migrated to /etc/netplan/90-NM-*.yaml and become ephemeral, Netplan-rendered connection profiles in /run/NetworkManager/system-connections/. Backups of the original profiles are automatically created in /var/lib/NetworkManager/backups/ (read more at NetworkManager YAML settings backend and LP: #1985994).

  • ADSys Active Directory Certificates auto-enrollment: Windows Server offers a solution for auto-enrolling certificates using Group Policies. This interacts with Certificate Enrollment Services by Microsoft and works seamlessly with Windows clients.

    ADSys introduces AD certificates auto-enrollment to streamline connecting to corporate Wi-Fi and VPN networks. Automated enrollment eliminates the need for manual interactions with the certificate authority, such as pre-creating certificates. This simplifies IT administration and minimises security risks associated with managing sensitive data.

  • The installer is now able to update itself and will prompt the user to update in the very early stages of the installation if a newer version is available.

  • Power Profiles Manager has been improved and optimized to support better newer hardware features (especially AMD), can now support multiple optimization drivers and is now battery-aware to automatically increase the optimization levels when running on battery only.

  • fprintd has been updated and libfprint supports now many other fingerprint drivers and devices.

New Store

  • There is a brand new Ubuntu App Center that replaces the previous Snap Store. The application has been written from scratch using the Flutter toolkit.

    • New since 23.10, a Games page has been added to the Ubuntu App Center

  • There is also a new standalone Firmware Updater application available for both amd64 and arm64. This provides the possibility to update firmware without needing to have a full app store running continuously in the background.

GNOME :footprints:

  • GNOME has been updated to include new features and fixes from the latest GNOME release, GNOME 47

Default app changes

  • The default Ubuntu Desktop installation is now minimal. There is still an “extended selection” option for those who prefer to have applications like LibreOffice and Thunderbird installed for the first boot.

  • In the extended install, the webcam app is now provided by GNOME Snapshot instead of Cheese

  • Games are no longer installed by default

Updated Ubuntu font

A more modern slimmer version of the Ubuntu font family is now shipped as standard. Anyone wishing to return to the older Ubuntu font used in 22.04 can do so by installing the fonts-ubuntu-classic package.

Updated Applications

Updated Subsystems

Ubuntu WSL

Cloud-init support

cloud-init is the industry standard multi-distribution method for cross-platform cloud instance initialisation. It is supported across all major public cloud providers, provisioning systems for private cloud infrastructure, and bare-metal installations.

With cloud-init on WSL you can now automatically and reproducibly configure your WSL instances on first boot. Make the first steps with this tutorial.

New documentation

The documentation specific to Ubuntu on WSL is available on Read the Docs. This evolving project is regularly updated with new content about Ubuntu’s specifics on WSL.

Enhancements

  • Reduced footprint
    Experience faster download and installation times with 24.04, with a 200MB reduction in image size.

  • systemd by default everywhere
    systemd is now enabled by default even when the instance is launched directly from a terminal with the wsl.exe command or from an imported root files system.

Ubuntu Server

Apache2

Clamav

Chrony

cloud-init v.24.1.3

Containerd

Django

Docker

Dovecot

Exim4

GlusterFS

HAProxy

Kea

libvirt

LXD

Monitoring Plugins

Net SNMP

Nginx

OpenLDAP

OpenVmTools

PAM

Percona Xtrabackup

PHP

PostgreSQL

QEMU

Ruby 3.2

Runc

Samba

Spamassassin

Squid

SSSD

IntelÂŽ QuickAssist Technology (IntelÂŽ QAT)

IntelÂŽ QAT is a built-in accelerator on 4th Gen and newer IntelÂŽ XeonÂŽ Scalable Processors that offloads critical data compression and decompression, encryption and decryption, and public key data encryption tasks from the CPU cores and accelerates those operations to help improve performance and save valuable compute resources.

The components enabled on Ubuntu 24.04 are:

  • qatlib 24.02.0
    This package provides user space libraries that allow access to IntelÂŽ QAT devices and expose the IntelÂŽ QAT APIs and sample codes.
    For more information, visit the project’s repo.
  • qatengine 1.5.0
    This package provides the IntelÂŽ QAT OpenSSL Engine Plug-in as a shared library that sits between OpenSSL and the QAT library. The engine can be configured to use Intel optimized libraries (ipp-crypto and intel-ipsec-mb) and/or offload those operations to the QAT device.
    For more information, visit the project’s repo.
  • qatzip 1.2.0
    This package provides a user space library offering accelerated compression and decompression services by offloading the work to the Intel QAT device, which uses the deflate* and lz4* algorithms.
    For more information, visit the project’s repo.
  • ipp-crypto 2021.10.0
    IntelÂŽ Integrated Performance Primitives Cryptography (IntelÂŽ IPP Cryptography) is a secure, fast and lightweight library of building blocks for cryptography, highly-optimized for various IntelÂŽ CPUs.
    For more information, visit the project’s repo.
  • intel-ipsec-mb 1.5-1
    IntelÂŽ Multi-Buffer Crypto for IPsec Library provides software crypto acceleration that primarily focuses on symmetric cryptography applications.
    For more information, visit the project’s repo.

Subiquity

A new version of the Subiquity server installer has been released. Please read the full release notes for 24.04.1 on GitHub.

Ubuntu HA/Clustering

Pacemaker

The Pacemaker package was updated to version 2.1.6. There are several fixes, API changes and new features introduced since jammy. For more details, please see the upstream changelog.

Resource Agents

The Resource Agents package was updated to version 4.13.0.

A noteworthy change is the upstream improvements on PostgreSQL support. The pgsql agent was moved to the resource-agents-base package and is now part of our curated set of resource agents.

Moreover, the transitional resource-agents package was removed. You should now install resource agents through the resource-agents-base package or through the resource-agents-extra package. The agents available in each of these packages are listed in the package descriptions.

For further information, please refer to the upstream changelog.

OpenStack

OpenStack has been updated to the 2024.1 (Caracal) release. This includes packages for Aodh, Barbican, Ceilometer, Designate, Glance, Heat, Horizon, Ironic, Keystone, Magnum, Manila, Masakari, Mistral, Neutron, Nova, Octavia, Swift, Watcher and Zaqar.

Murano, Senlin, Sahara, Freezer and Solum where all declared inactive as of the 2024.1 cycle and have been removed from Ubuntu.

This release is also provided for Ubuntu 22.04 LTS via the Ubuntu Cloud Archive.

Ceph

Ceph has been updated to a snapshot in preparation for the 19.2.0 (Squid) release which will be provided via a stable release update.

This release is also provided for Ubuntu 22.04 LTS via the Ubuntu Cloud Archive.

Open vSwitch (OVS) and Open Virtual Network (OVN)

Open vSwitch has been updated to the 3.3.0 release.

Open Virtual Network has been updated to the 24.03 release.

These releases are also provided for Ubuntu 22.04 LTS via the Ubuntu Cloud Archive.

Platforms

Public Cloud / Cloud images

All

Vagrant

Starting in Ubuntu 24.04, Canonical no longer produces Vagrant images. This is due upstream Debian questions of maintainership and Canonical dropping vagrant from the Ubuntu archives. The code to generate Vagrant images will remain in livecd-rootfs for reference, and for future inclusion when / if Canonical are able to work on a support model. Documentation regarding creating an Ubuntu Base Image from scratch is provided at https://documentation.ubuntu.com/public-images/en/latest/public-images-how-to/build-vagrant-with-bartender/.

Public Images (cloud-images.ubuntu.com) images

  • Release notes/image diff

    • Since 19th April 2024 we have introduced .image_changelog.json files to accompany published images @ https://cloud-images.ubuntu.com/. This is a JSON document listing all the package additions, removals and changes as well as noting the changelog entries for the package changes. It also highlights any CVEs addressed in those package updates. The tool used to generate these diffs is ubuntu-cloud-image-changelog available @ github.com/canonical/ubuntu-cloud-image-changelog
    • Diffs are generated between the image being published and the previous daily image, and also between the image being published and the previous release image.
    • These image diffs have been backported to previous published Ubuntu release too.

  • There are potential issues with OVA images and some versions of Cloud Director related to the attached serial port. In some cases, this may lead to a failure to deploy the OVA image. In the event of a failure, editing the OVF directly in your deployment and removing the serial port stanza should allow successful deployment. VMware has an associated KB article regarding these failures. Cloud Director versions around version 10.4.2.22463311 are potentially effected. This is currently under investigation: LP:2062552.

AWS EC2

  • Noble instances now launch using IMDSv2 by default for the instance metadata service.
  • Auto configuration of multi-NIC instances is now supported with source-routing via cloud-init.

Microsoft Azure

  • Canonical is introducing a new way of publishing on Azure with Ubuntu 24.04 LTS. All Ubuntu Images for 24.04 LTS will be available under the same offer: ubuntu-24_04-lts. Derivative images, such as the minimized version of Ubuntu server or Ubuntu Pro are available as plans under this main offer.

  • We have identified an issue with apparmor profiles on Confidential VM images available under the cvm plan of the offer ubuntu-24_04-lts. For example, the rsyslog service will fail to start on VMs launched from this plan. This is being investigated and a new image with a fix will be published shortly.

  • Users with multic-NIC setup on their instances may experience delays in DNS resolution due to mis-configuration of systemd-resolved. We are currently implementing a solution on cloud-init (fix(azure): Avoid non-primary nics from having routes to DNS CPC-4224 by CalvoM ¡ Pull Request #5180 ¡ canonical/cloud-init ¡ GitHub). Before the solution lands in cloud-init, users can remedy the misconfiguration by creating the file /etc/netplan/91-secondary-nics-azure.yaml with the content:

network:
    version: 2
    ethernets:
        ephemeral:
            dhcp4: true
            dhcp4-overrides:
                use-dns: false
            match:
                driver: hv_netvsc
                name: '!eth0'
            optional: true
        hotpluggedeth0:
            dhcp4: true
            match:
                driver: hv_netvsc
                name: 'eth0'

Users should then reboot the instance for the netplan configuration to take effect.

Google

  • GCE: Setting a hostname via cloud-init user-data requires the addition of the create_hostname_file key; see here for more details.
  • Boot speed improvements: the I/O scheduler has been changed to none (from noop) to improve i/o performance for the most common disk types (LP: #2045708)
  • A regression has been discovered with the GCP suspend feature with the linux-gcp 6.8 kernel that is being investigated in LP: #2063315
  • Ubuntu 24.04 has introduced a change in the behaviour of the needrestart package - see notes @ Services restart on unattended-upgrade for more information. This results in any google-guest-agent startup scripts being run again on package upgrade or re-install. This is being investigated but it will only be triggered when the google-guest-agent package is re-installed. It can be worked around by setting NEEDRESTART_SUSPEND=1 prior to any re-install as per the needrestart man pages or by appending to the needrestart configuration echo "\$nrconf{override_rc}{qr(^google-(shutdown|startup)-scripts\.service$)} = 0;" >> /etc/needrestart/conf.d/google-guest-agent.conf which will disable this behaviour for any future google-guest-agent upgrade or reinstall. New GCE images will be built and published shortly after release to disable this behaviour for the google-guest-agent by default.

Oracle

  • The uncomplicated Firewall package ufw is no longer installed in Oracle Cloud Ubuntu 24.04+ images. Upgrading from an earlier version of Ubuntu to 24.04 will uninstall ufw. The ufw tool conflicts with system configuration through iptables-persistent and netfilter-persistent as documented by Oracle here, illustrated further on this blog, and listed as a known issue. If ufw is optionally installed on Ubuntu 24.04+, it will uninstall iptables-persistent and netfilter-persistent, disabling default functionality needed to support iSCSI boot and block devices.
How to report any issues resulting from these changes

If you notice any unexpected changes or bugs in the minimal images, create a new bug in cloud-images.

Raspberry Pi :strawberry:

Pi 5 LTS

24.04 (noble) will be the first LTS release supporting the Raspberry Pi 5 with both arm64 server and desktop images.

Browser Acceleration

The Firefox browser now supports 3D acceleration after mesa 23.2 was backported to 22.04 (jammy) which permitted the necessary content snaps to be regenerated. The classic aquarium sample can be used to test the performance of the new graphics stack, which can achieve a smooth 60fps full-screen on a Pi 5 at a resolution of 1080p.

Power monitoring

On the Pi 5, the pemmican package will now provide monitoring of the power supply.

On server images, the MOTD on login will indicate if the power supply failed to negotiate the 5A expected for unlimited operation, or if brownout was the cause of the last reset. Kernel messages will warn of undervolt or overcurrent situations.

On desktop images, a desktop notification will be displayed for these issues, with options for further information or suppression of future warnings of this type.

No 32-bit (armhf) images

From 24.04 (noble), we will no longer be producing 32-bit (armhf) images for the Raspberry Pi. The only images produced will be 64-bit (arm64). For the avoidance of doubt, this does not mean that armhf is no longer supported as an architecture on Raspberry Pi; it will remain supported as a foreign architecture in noble (see below).

To add armhf as a foreign architecture to an arm64 image, use the following commands:

$ sudo dpkg --add-architecture armhf
$ sudo apt update

Thereafter, to install an armhf package:

$ sudo apt install SOME-PACKAGE:armhf

Please note, there will be no armhf kernels (primarily because the Pi 5 does not support 32-bit kernels), and users who are currently on armhf images will not be able to upgrade directly to noble.

While armhf will remain a supported architecture for noble within its lifespan, there will be no support for the armhf architecture after noble. In future releases, armhf images will not be provided, and it will not be an available foreign architecture.

Simpler Bluetooth on server

There is no longer a need to install the pi-bluetooth package in order to enable Bluetooth functionality on server images. Simply install the regular bluez package and Bluetooth will be configured by the kernel.

arm64

The new arm64+largemem ISO includes a kernel with 64k page size. A larger page size can increase throughput, but comes at the cost of increased memory use, making this option more suitable for servers with plenty of memory. Typical use cases for this ISO include: machine learning, databases with many large entries, high performance computing.

IBM Z and LinuxONE image

  • The key ‘s390-tools’ package was step-by-step upgraded to latest v2.31.0 (LP: #2049612), which incl. lots of updates, new tools and features, especially a secure guest tool to bind and associate APQNs crypto domains (LP: #2003672).
  • Like on all other architectures, COMPAT_32BIT_TIME was also disabled on s390x (LP: #2038583), and with that 31/32bit legacy support is removed (LP: #2051683).
  • With the upgrade to GDB 15, support for IBM z16 was introduced (LP: #1982336).
  • The Glasgow Haskell Compiler was upgraded to version 9.4.7 that is new enough to enable the LLVM backend to allow performance improvements (LP: #1913302).
  • IBM Z specific improvements also landed in the KVM virtualization stack with the introduction of virtual CPU topology (LP: #1983223) and enhancement of the dynamic CPU topology for KVM guests (LP: #2049703), as well as the implementation for nested guest shadow event counters (LP: #2027926). For more details see the qemu and libvirt sections above.
  • Another big area of s390x improvments is cryptography, with the upgrade to opencryptoki v2.23 (LP: #2050023), there is now support in PKCS #11 3.0 for AES_XTS (LP: #2025924) and EP11 token support for FIPS 2021-session bound EP11 keys (LP: #2050014).
  • Furthermore libica was updated to v4.3.0 (LP: #2050024), the openssl-ibmca package to v2.4.1 and the openssl-pkcs11-sign-provider package was made available in v1.0.1 (LP: 2003668),) including fork support (LP: #2050015).
  • And finally several s390x-specific libraries were bumped to their latest version, like qclib to 2.4.1 (LP: #2050028) and libzpc to v1.2.0 (LP: #2050031).

IBM POWER (ppc64el)

  • KVM native virtualization is supported on POWER9 systems only (where PowerVM is not mandatory).

RISC-V

Ubuntu 24.04 is the first LTS release for the StarFive VisionFive 2 board.
For an overview of supported boards see https://ubuntu.com/download/risc-v.

The RISC-V Ubuntu userland is compatible with all RVA20 hardware.

Known Issues

As is to be expected with any release, there are some significant known bugs that users may encounter with this release of Ubuntu. The ones we know about at this point (and some of the workarounds) are documented here, so you don’t need to spend time reporting these bugs again:

General

  • The Live Session of the new Ubuntu Desktop installer is not localized. It is still possible to perform a non-English installation using the new installer, but internet access at install time is required to download the language packs. (LP: #2013329)

Linux kernel

  • The ipu6 driver shipped with the 24.04 GA kernel (6.8.0-31) has known issues which cause some Intel MIPI cameras to fail to initialize. The Kernel Team is working on providing the fixes as a future kernel SRU update. (LP# 2061747)

Ubuntu Desktop

  • Upgrades from previous Ubuntu releases are not supported yet. Critical bug fixes for upgrades are expected in the coming days (LP: #2063221 is one example of a critical bug that is difficult to recover from. Please be patient here or make a backup and do a clean install instead.)

  • Screen reader support is present with the new desktop installer, but is incomplete (LP: #2061015, LP: #2061018, LP: #2036962, LP: #2061021)

  • OEM installs are not supported yet (LP: #2048473)

  • Application icons don’t use the correct High Contrast theme when High Contrast is enabled (LP: #2013107)

  • GTK4 apps (including the desktop wallpaper) do not display correctly with VirtualBox or VMWare with 3D Acceleration (LP: #2061118) or with the older Nvidia 470 driver (LP: #2061079)

  • Fullscreen graphics performance in Xorg sessions (i.e. with the Nvidia driver) has temporarily regressed (LP: #2052913).

  • Netbooting the new desktop installer causes the installer to crash on startup. The issue will be resolved for the 24.04.1 release (or sooner) and at that time the fix will become available via a manual snap refresh in the live environment on the 24.04 ISOs (LP: #2062988).

  • Incompatibility between TPM-backed Full Disk Encryption and Absolute: TPM-backed Full Disk Encryption (FDE) has been introduced to enhance data security. However, it’s important to note that this feature is incompatible with Absolute (formerly Computrace) security software. If Absolute is enabled on your system, the machine will not boot post-installation when TPM-backed FDE is also enabled. Therefore, disabling Absolute from the BIOS is recommended to avoid booting issues.

  • Hardware-Specific Kernel Module Requirements for TPM-backed Full Disk Encryption: TPM-backed Full Disk Encryption (FDE) requires a specific kernel snap which may not include certain kernel modules necessary for some hardware functionalities. A notable example is the vmd module required for NVMe RAID configurations. In scenarios where such specific kernel modules are indispensable, the hardware feature may need to be disabled in the BIOS (such as RAID) to ensure the continued availability of the affected hardware post-installation. If disabling in the BIOS is not an option, the related hardware will not be available post-installation with TPM-backed FDE enabled.

  • FDE specific bug reports.

Ubuntu Server

Installer

  • In some situations, it is acceptable to proceed with an offline installation when the mirror is inaccessible. In this scenario, it is advised to use:
apt:
  fallback: offline-install
  • Network interfaces left unconfigured at install time are assumed to be configured via dhcp4. If this doesn’t happen (for example, because the interface is physically not connected) the boot process will block and wait for a few minutes (LP: #2063331). This can be fixed by removing the extra interfaces from /etc/netplan/50-cloud-init.conf or by marking them as optional: true. Cloud-init is disabled on systems installed from ISO images, so settings will persist.

samba apparmor profile

Due to bug LP: #2063079, the samba smbd.service unit file is no longer calling out to the helper script to dynamically create apparmor profile snippets according to the existing shares.

By default, the smbd service from samba is not confined. To be affected by this bug, users have to:

  • install the optional apparmor-profiles package
  • switch the smbd profile confinement from complain to enforce

Therefore, only users who have taken those steps and upgrade to Noble, will be affected by this bug. An SRU to fix it will be done shortly after release.

Docker

There is a AppArmor related bug where containers cannot be promptly stopped due to the recently added AppArmor profile for runc. The containers are always killed with SIGKILL due to the denials when trying to receive a signal. More details about this bug can be found here, and a workaround is described here.

PPC64EL

  • PMDK sees some hardware-specific failures in its test suite, which may make the software partially or fully inoperable on the ppc64el architecture. (LP: #2061913)

Raspberry Pi

  • During the installation process on the desktop image, the slides shown during installation appear corrupted. The issue is cosmetic and does not affect the installation itself (LP: #2037015)

  • During boot on the server image, if your cloud-init configuration (in user-data on the boot partition) relies upon networking (importing SSH keys, installing packages, etc.) you must ensure that at least one network interface is required (optional: false) in network-config on the boot partition. This is due to netplan changes to the wait-online service (LP: #2060311)

  • The startup sound does not play before the initial setup process, hence users cannot currently rely on hearing this sound to determine if the system has booted (LP: #2060693)

  • The seeded totem video player will not prompt users to install missing codecs when attempting to play a video requiring them (LP: #2060730)

  • With some monitors connected to a Raspberry Pi, it is possible that a monitor powers off after a period of inactivity but then powers back on and shows a black screen. Investigation into the types of monitors affected is ongoing in LP: #1998716.

  • With the removal of the crda package in 22.04, the method of setting the wifi regulatory domain (editing /etc/default/crda) no longer operates. On server images, use the regulatory-domain option in the Netplan configuration. On desktop images, append cfg80211.ieee80211_regdom=GB (substituting GB for the relevant country code) to the kernel command line in the cmdline.txt file on the boot partition (LP: #1951586).

  • The Raspberry Pi DAC+ HAT (and likely the other DAC HATs in the series) currently fail on the Pi 5 under Ubuntu (LP: #2060240)

  • The power LED on the Raspberry Pi 2B, 3B, 3A+, 3B+, and Zero 2W currently goes off and stays off once the Ubuntu kernel starts booting (LP: #2060942)

  • libcamera support is currently broken; this will be a priority for next cycle and fixes will be SRU’d to noble as and when they become available (LP: #2038669)

ARM64 Systems with NVIDIA GPUs

  • The current versions of the NVIDIA GPU drivers may cause hangs or crashes (LP: #2062380). This will be fixed in a future driver update.

Google Compute Platform

  • A regression has been discovered with the GCP suspend feature with the linux-gcp 6.8 kernel that is being investigated in LP: #2063315
  • Ubuntu 24.04 has introduced a change in the behaviour of the needrestart package - see notes @ Services restart on unattended-upgrade for more information. This results in any google-guest-agent startup scripts being run again on package upgrade or re-install. This is being investigated but it will only be triggered when the google-guest-agent package is re-installed. It can be worked around by setting NEEDRESTART_SUSPEND=1 prior to any re-install as per the needrestart man pages or by appending to the needrestart configuration echo "\$nrconf{override_rc}{qr(^google-(shutdown|startup)-scripts\.service$)} = 0;" >> /etc/needrestart/conf.d/google-guest-agent.conf which will disable this behaviour for any future google-guest-agent upgrade or reinstall.
    New GCE images will be built and published shortly after release to disable this behaviour for the google-guest-agent by default.

Microsoft Azure

s390X

Nothing yet.

Official flavours

Find the release notes for the official flavours at the following links:

More information

Reporting bugs

Your comments, bug reports, patches and suggestions help fix bugs and improve the quality of future releases. Please report bugs using the tools provided. If you want to help with bugs, the Bug Squad is always looking for help.

What happens if there is a high or critical priority CVE during release day?

Server, Desktop and Cloud plan to release in lockstep on release day, but there are some exceptions.

In the unlikely event that a critical or high-priority CVE is announced on release day, the release team have agreed on the following plan of action:

  • For critical priority CVEs, the release of Server, Desktop and Cloud will be blocked until new images can be built addressing the CVE.

  • For high-priority CVEs, the decision to block release will be made on a per-product (Server, Desktop and Cloud) basis and will depend on the nature of the CVE, which might result in images not being released on the same day.

This was discussed in the ubuntu–release mailing list March/April 2023.

The mailing list thread also confirmed there is no technical or policy reason why a package cannot be pushed to the Updates or Security pocket to address high or critical-priority CVEs prior to the release.

Participate in Ubuntu

If you would like to help shape Ubuntu, look at the list of ways you can participate at community.ubuntu.com/contribute.

More about Ubuntu

You can find out more about Ubuntu on the Ubuntu website.

To sign up for future Ubuntu development announcements, subscribe to Ubuntu’s development announcement list at ubuntu-devel-announce.

4 Likes