Oracular Oriole Release Notes

Release
, ,
1

Oracular Oriole Release Notes

Table of Contents

Introduction

These release notes for Ubuntu 24.10 (Oracular Oriole) provide an overview of the release and document the known issues with Ubuntu and its flavours.

Support lifespan

Ubuntu 24.10 will be supported for 9 months until July 2025. If you need long term support, we recommend you use Ubuntu 24.04.1 LTS which is supported until at least 2029.

Upgrades

New features in 24.10

Updated Packages

OpenSSL 3.3

OpenSSL has been updated to version 3.3 with large performance and scalability improvements compared to openssl 3.0.
It is now also loading configuration dropins from /etc/ssl/openssl.conf.d for easier customisation.

Linux kernel :penguin:

systemd v256.5

The init system was updated to systemd v256.5. See the upstream changelog for more information about individual features. To highlight a few things:

  • Support for cgroup v1 (‘legacy’ and ‘hybrid’ hierarchies) is now
    considered obsolete and systemd by default will refuse to boot under
    it. To forcibly reenable cgroup v1 support,
    SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
    line.

  • Support for System V service scripts is deprecated and will be
    removed in a future release. Please make sure to update your software
    now to include a native systemd unit file instead of a legacy
    System V script to retain compatibility with future systemd releases.

  • When sshd is installed on a system, a new systemd generator, systemd-ssh-generator binds a socket-activated SSH server to local AF_VSOCK and AF_UNIX sockets under certain conditions. See the man page for more details. Note that this feature is different and indendent from sshd-socket-generator which is shipped in Ubuntu’s openssh-server package.

  • Ubuntu now ships upstream systemd’s tmp.mount by default. In effect this means that /tmp is now a tmpfs by default.

Netplan v1.1 :globe_with_meridians:

The new version 1.1 of Netplan introduces a custom systemd-networkd-wait-online logic, waiting for link-local addresses and one routable interface, as described in the [Spec] Definition of an "online" system. Besides improvements to the embedded-switch-mode setting for SR-IOV devices, the introduction of parser flag to skip broken configurations and fixes for ProtonVPN and Microsoft Azure Linux.

Toolchain Upgrades :hammer_and_wrench:

  • GCC :cow: is updated to 14.2, binutils to 2.43.1, and glibc to 2.40.
  • LLVM :dragon: now defaults to version 19
  • Rust :crab: toolchain defaults to version 1.80
  • Golang :rat: is updated to 1.23
  • .NET 8 is now default

OpenJDK

.NET

Security Improvements :lock:

Performance :zap:

Default configuration changes :gear:

As always there are many changes to defaults, mostly by newer versions of
packages. But a few are worth spelling out if your former automation,
configuration and tuning relied on those settings being one or the other way.

Ubuntu Desktop

Installer and Upgrades

Store

The App Center now includes improvements to the Manage page including:

  • Installs in progress
  • Improved self-update handling
  • Messaging for running snaps
  • Direct uninstall

Third party deb installation is now also supported.

Security Center

  • A new Security Center is included. It features the ability to easily enable or disable a new experimental permissions prompting feature for Home directory permissions.
  • More features will be added in future Ubuntu releases.
  • Prompting is also supported by an additional seeded snap, prompting-client, for permissions prompt handling.

20th Anniversary Celebration

20 years ago, the first version of Ubuntu was released, Ubuntu 4.10 “Warty Warthog”. We are celebrating this monumental anniversary with several temporary flourishes.

  • The return of the original startup sound, which can be disabled via audio settings
  • A ‘Warty’ brown accent colour
  • An anniversary logo

GNOME :footprints:

  • GNOME has been updated to include new features and fixes from the latest GNOME release, GNOME 47.

  • In GNOME Shell and Mutter, Ubuntu includes additional patches to enhance stability and performance, which have not yet been merged upstream.

  • The Ubuntu dock now visualises snap refreshes and includes better handling for PWAs installed via the Chromium snap.

Default app changes

  • The Sysprof app is installed by default as a new system utility. This makes it easier to discover performance issues in your apps.

Updated Applications

Updated Subsystems

Nvidia Users

Ubuntu 24.10 now defaults to Wayland instead of Xorg on machines using Nvidia graphics. If you require Xorg instead then select ‘Ubuntu on Xorg’ from the session menu on the login screen.

Ubuntu WSL

–

Ubuntu Server

Apache2

Apache2 has been updated from Noble’s 2.4.58 to the current 2.4.62, and some of the more noteworthy changes include:

  • htpasswd: Add support for passwords using SHA-2.
  • core: Allow mod_env to override system environment vars.
  • mod_xml2enc: Update check to accept any text/ media type or any XML media type per RFC 7303, avoiding corruption of Microsoft OOXML formats.
  • mod_ssl: SSLProxyMachineCertificateFile/Path may reference files which include CA certificates; those CA certs are treated as if configured with SSLProxyMachineCertificateChainFile.
  • mod_ssl: Improve compatibility with OpenSSL 3, including handling when OPENSSL_NO_ENGINE is set and support for loading certs/keys from pkcs11.
  • mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch when some dollar substitution (backreference) happens in the hostname or port part of the URL.
  • mod_proxy: Add optional third argument for ProxyRemote, which configures Basic authentication credentials to pass to the remote proxy.
  • mod_md: Certificate renewals are triggerable using OCSP stapling information.

For more details, please see the full set of changes.

Clamav

Clamav is updated from version 1.0.5 to 1.3.1 in Oracular, bringing significant improvements and changes, including:

  • Added support for extracting and scanning attachments found in Microsoft OneNote section files.
  • Added support for extracting Universal Disk Format (UDF) partitions.
  • Added a --cache-size option to customize the size of ClamAV’s clean file cache, which may improve scan performance at the expense of more RAM.
  • Introduced a customizable SystemD timer for running Freshclam updates, without sending Freshclam into the background.
  • Refined limit handling for large files
  • Added ability for Freshclam to use a client certificate PEM file and a private key PEM file for authentication to a private mirror
  • Added the ability to extract images embedded in HTML CSS blocks.
  • Enhancements relating to VBA extraction from office documents
  • Added support for aborting on standup if virus database is older than a configured number of days.

For a comprehensive listing of changes included since Ubuntu Noble, please see the changelogs for 1.1.0, 1.2.0, 1.3.0, and 1.3.1.

Chrony

The chrony package in Oracular was changed to no longer ship the default Ubuntu NTP pools in /etc/chrony/chrony.conf. A new snippet configuration file is created in /etc/chrony/sources.d/ubuntu-ntp-pools.sources defining those servers. The motivation for this change is explained in LP: #2048876.

If you changed your chrony.conf, an upgrade to this version will stop at a dpkg config prompt, showing the differences between the installed file and the new one. If you chose to keep the existing chrony.conf, keep in mind that the Ubuntu NTP pools from /etc/chrony/sources.d/ubuntu-ntp-pools.sources will also be used.

@ankushpathak wrote a great post about this change:

cloud-init v. 24.3.1

Notable features beyond v. 24.1 present in Noble:

  • Bootspeed improvement: support for socket-based shared python process
    across cloud-init boot stages (#5595)
  • NoCloud support for FTP and FTP over TLS (#4834)
  • Add network-config seed support for nocloud datasource (#5566)
  • Network v2 schema validation (#4892)
  • Add support for disk setup of nvme devices (#5263)
  • Support remote URI sources write_files module (#5505)
  • provide option to set empty passwords and fix password unlock when
    lock_passwd: False on Alpine/FreeBSD/OpenBSD/DragonflyBSD (#5355)
  • WSL support multi-part MIME config parts as well as landscape tags for
    provisioning (#5460, #5538)
  • Added support in cloudinit.features.DEPRECATION_INFO_BOUNDARY allowing stable downstream images to pin the original MAJOR.MINOR version of cloud-init released on that image. This avoids introduction of new deprecation messages (and potential exit 2 from cloud-init status) across cloud-init version upgrades.

Breaking Changes:

Containerd

The Containerd application was updated to version 1.7.19. Some highlights of this update:

  • Remove overlayfs volatile option on temp mounts (#10332)
  • Update AppArmor template to allow confined runc to kill containers (#10129)
  • Update AppArmor template to better support rootlesskit (#10116)

For more information, check the upstream release notes.

Django

Django was updated from Noble’s 4.2.11 to 4.2.15, which brings several bug fixes. For more information, see the upstream changelogs: 4.2.12, 4.2.13, 4.2.14, 4.2.15

Docker

The Docker application was updated to version 26.1.3. Some highlights of this update:

  • apparmor: Allow confined runc to kill containers
  • Removal of AuFS, Legacy “overlay”, and Device mapper storage drivers
  • Removal of support for interacting with V1 registries

Watch out for deprecation or removal of features in this upstream page.

Exim4

The Exim4 update in Oracular to 4.98 includes selected fixes from the upstream GIT repository. This improves handling of new and old format message IDs, fixes certain crashes, refines memory usage for regexes, and avoids recording lookup credentials in the log files. DKIM DNS record parsing is tightened up related to unexpected whitespace.

HAProxy

The HAProxy package was upgraded to version 2.9.9. This new version introduces performance improvements, better integration, more reliability, and a new reverse-http feature. You can learn more about it at https://www.haproxy.com/blog/announcing-haproxy-2-9. A complete list of changes is avalilable at https://www.haproxy.org/download/2.9/src/CHANGELOG.

libvirt

The libvirt package was upgraded to version 10.6.0. Here are the changes since Ubuntu Noble:

  • network: Make virtual domains resolvable from the host.
  • qemu: Support clusters in CPU topology.
  • qemu: Introduce dynamicMemslots attribute for virtio-mem.
  • qemu: Support for driver type mtp in <filesystem/> devices.
  • qemu: Introduce virDomainGraphicsReload API.
  • qemu: Proper support for USB network device.
  • SSH proxy for VM.
  • Introduce pstore device.

For more details, please see the upstream changelog.

Nginx

Version 1.26.0 of NGINX was introduced in Oracular, bringing experimental HTTP/3 support, HTTP/2 on a per-server basis, virtual servers in the stream module, passing stream connections to listen sockets, and more.

OpenLDAP

The OpenLDAP package was updated to version 2.6.8, which brings several bug fixes. For more details, please see the upstream changelog.

Openssh

Starting with 1:9.6p1-3ubuntu17, openssh server no longer reads ~/.pam_environment of the target system upon login.

In Linux-PAM version 1.5.0, the
pam_env.so module has deprecated the user_readenv=1 parameter due to security concerns, and it will be removed by upstream in the future.

Following that change, /etc/pam.d/sshd’s invocation of pam_env.so was changed to remove the user_readenv=1 parameter.

Systems that were relying on that behavior need to adapt, possibly via the openssh AcceptEnv (on the server) and SendEnv (on the client) parameters.

Note that the default configuration in /etc/ssh/sshd_config and /etc/ssh/ssh_config is already set to send and receive locale variables, which is one of the scenarios in which ~/.pam_environment was used in the past.

OpenVmTools

The new version 12.4.5 of open-vm-tools in oracular brings a handful of bug fixes; for details of these and existing known issues, please see the upstream release notes for 12.4.0 and 12.4.5.

Valkey

Valkey version 7.2.5 is available in Oracular. Since this version is a drop-in replacement for Redis (fully compatible), and with the recent changes of Redis’ license, a way to migrate configuration and data from Redis to Valkey is implemented in a form of a new binary package. The valkey-redis-compat binary package will attempt a automatic configuration and data migration from Redis to Valkey. If you did not perform any drastic change to the configuration of your Redis service, it should work straight away. However, if you performed some substantial changes or your setup is more complex, the automation may not work. Due to that, whenever the valkey-redis-compat binary package is installed and the migration is attempted, the file /etc/valkey/REDIS_MIGRATION will be created, and the services will not start automatically. This will avoid breaking the upgrade due to an incomplete migration. After the user has checked if the migration is OK, they need to remove the /etc/valkey/REDIS_MIGRATION file, then the Valkey services will be able to be started again.

Percona Xtrabackup

Xtrabackup was updated to the next minor version 8.0.35-31. It provides additional arm64 architecture support along with various bug fixes. For more details, see the upstream release notes.

PHP

PHP was upgraded to version 8.3.9, which is introduces several bug fixes. You can read mothe about those in the upstream changelog at https://www.php.net/ChangeLog-8.php#8.3.9.

PostgreSQL

PostgreSQL was updated to version 16.4. Users running Ubuntu Noble will realize this version was also included there as part of our PostgreSQL upgrade policies. The new version introduces many bug and security fixes. More details on the changes introduced since Noble are available at https://www.postgresql.org/docs/release/16.4/ and https://www.postgresql.org/docs/release/16.3/

QEMU

The QEMU package was updated to version 9.0.2. Here are the changes since Ubuntu Noble.

  • The behaviour of the -serial none option when used together with other -serial options has been corrected. Previously when -serial none was followed by -serial something the -serial none was effectively ignored. Now it controls the existence of the first serial port, and the following -serial option controls the behaviour of the second serial port; this brings it in to line with how all other cases of multiple -serial options work. If you have a command line that was accidentally relying on the old behaviour, you can simply delete the unnecessary -serial none.
  • ARM
    • New raspi4b board type, the Raspberry Pi 4 Model B. Note that QEMU does not yet model PCI or ethernet; this will be implemented on a future QEMU release.
  • RISC-V
    • Add support for Zacas, B, Zaamo, Zalrsc, Ztso extensions.
    • Add amocas.[w,d,q] instructions.
    • RVA22 profiles support.
    • Add RVV CSRs to KVM.
    • Implement optional CSR mcontext of debug Sdtrig extension.
    • Enable xtheadsync under user mode.
    • Use zfa instead of Zfa.
    • Move ratified/frozen extensions to non-experimental.
  • s390x
    • Fix access register handling in the emulation of the LOAD ADDRESS EXTENDED (LAE) instruction.
    • Add emulation of CVDG, CVB, CVBY and CVBG instructions.
  • The virtio-blk device has gained true multiqueue support where different queues of a single disk can be processed by different I/O threads. This can improve scalability in cases where the guest submitted enough I/O to saturate the host CPU running a single I/O thread processing the virtio-blk requests. Multiple I/O threads can be configured using the new iothread-vq-mapping property.
  • usb-storage doesn’t ignore the properties backend_defaults, logical_block_size, physical_block_size, min_io_size, opt_io_size and discard_granularity any more.
  • Fixed vhost-vdpa-device to be compatible with VDUSE block exports again (this was broken in QEMU 8.2.0, in Ubuntu Noble).
  • Introduced an IOMMU interface backend for VFIO devices.
  • Introduced a new IOMMUFD backend for ARM, amd64 and s390x platforms.
  • The sm4 cipher algorithm is now supported and can be used with the luks block driver.
  • QEMU 8.2 accidentally allowed for creation of memory backends with sizes that are not aligned to the (huge) page size. This has been fixed.
  • Fixed migration for SUSPENDED VM, where we used to ignore the SUSPENDED state and kick off the VM even if it was suspended before the migration.
  • New capability called mapped-ram. It allows efficient VM snapshots save/load by providing both (1) constant size of ultimate VM image rather than unlimited, and (2) multi-threading support so that save/load of snapshots can be faster.

For more details, please see related upstream changelogs:

Ruby 3.3

The default Ruby version is now version 3.3. Some compatibility changes may arise from the upgrade from version 3.2, they are:

  • it calls without arguments in a block with no ordinary parameters are deprecated. it will be a reference to the first block parameter in Ruby 3.4. [Feature #18980]
  • Regexp::new now only accepts up to 2 arguments instead of 3. This was deprecated in Ruby 3.2. [Bug #18797]
  • Environment variable RUBY_GC_HEAP_INIT_SLOTS has been deprecated and is a no-op. Please use environment variables RUBY_GC_HEAP_{0,1,2,3,4}_INIT_SLOTS instead. [Feature #19785]

For the complete list of changes in this new version, please check the upstream release notes out.

Samba

Samba was updated to 4.20.4, and major changes in the 4.20.x series are documented in the upstream release notes.

Normally the point releases of samba in a stable series only contain bug fixes, but this time 4.20.3 added a nice new feature which is LDAP TLS/SASL channel binding support. Details are shown in the 4.20.3 release notes.

In terms of packaging, the following changes have been done:

  • samba-vfs-modules: the VFS modules from this package were moved to the samba package, with the exception of the Ceph module, which got its own package: samba-vfs-ceph. The samba-vfs-modules package is now just a transitional package, and it can be safely removed after the release upgrade.
  • samba-vfs-modules-extra: this package used to contain the GlusterFS VFS module. This module was moved to a new package called samba-vfs-glusterfs, and samba-vfs-modules-extra became a transitional package. It can also be safely removed after the release upgrade.

Squid

Squid was upgraded to version 6.10. This new version includes several bug
fixes. A complete set of changes together with a comprehensive changelog
is available at
Comparing SQUID_6_6..SQUID_6_10 ¡ squid-cache/squid ¡ GitHub.

SSSD

The SSSD package was updated to version 2.9.5. Here are the changes since Ubuntu Noble.

  • Added failover_primary_timeout configuration option. This can be used to configure how often SSSD tries to reconnect to a primary server after a successful connection to a backup server. This was previously hardcoded to 31 seconds which is kept as the default value.

For more details, please see the upstream changelog.

Subiquity

A new version of the Subiquity server installer has been released. Please read the full release notes for 24.04.1 on GitHub.

Ubuntu HA/Clustering

multipath-tools

multipath-tools was updated to 0.9.9. Please visit multipath-tools/NEWS.md at master ¡ opensvc/multipath-tools ¡ GitHub for notes on the changes.

kpartx-boot

Starting with the Oracular release, the kpartx-boot package has been discontinued to align with Debian. Originally introduced to support dmraid booting, its functionality is preserved, as the kpartx package now includes everything previously provided by kpartx-boot.

dmraid

The dmraid package has been removed from Oracular. The rationale for its removal is outlined in Bug #2073677 “Remove dmraid from oracular?” : Bugs : dmraid package : Ubuntu, primarily due to its removal from Debian unstable and minimal upstream support. If you require this functionality, consider using alternatives like mdadm.

Corosync

Corosync was upgraded to version 3.1.8. This release contains mostly smaller bugfixes and improvements of Rust bindings. You can learn more about it at Releases ¡ corosync/corosync ¡ GitHub.

pacemaker

Pacemaker was upgraded to version 2.1.8. This release includes a significant number of bug fixes and a few new features. It also deprecates some obscure features and many C APIs in preparation for the next Pacemaker major release which will drop support for them.

fence-agents

fence-agents was upgraded to version 4.15.0. In this release, we are no longer shipping the transitional fence-agents package. You should now use either the fence-agents-base package with the agents available in main or the fence-agents-extra package with the agents in universe (or both, they are split based on the repository components they are available in). A complete list of upstream changes for this version is available at https://lists.clusterlabs.org/pipermail/developers/2024-July/003567.html.

resource-agents

resource-agents was upgraded to version 4.15.1. This new release introduces several bug fixes and enhancements including two new resource agents: outscale and powervs-subnet. Details on all changes introduced in this new version are available at https://lists.clusterlabs.org/pipermail/developers/2024-July/003570.html and https://lists.clusterlabs.org/pipermail/developers/2024-July/003572.html.

OpenStack

OpenStack has been updated to the 2024.1 (Caracal) release. This includes packages for Aodh, Barbican, Ceilometer, Designate, Glance, Heat, Horizon, Ironic, Keystone, Magnum, Manila, Masakari, Mistral, Neutron, Nova, Octavia, Swift, Watcher and Zaqar.

Murano, Senlin, Sahara, Freezer and Solum where all declared inactive as of the 2024.1 cycle and have been removed from Ubuntu.

This release is also provided for Ubuntu 22.04 LTS via the Ubuntu Cloud Archive.

Ceph

Ceph has been updated to a snapshot in preparation for the 19.2.0 (Squid) release which will be provided via a stable release update.

This release is also provided for Ubuntu 22.04 LTS via the Ubuntu Cloud Archive.

Open vSwitch (OVS) and Open Virtual Network (OVN)

Open vSwitch has been updated to the 3.3.0 release.

Open Virtual Network has been updated to the 24.03 release.

These releases are also provided for Ubuntu 22.04 LTS via the Ubuntu Cloud Archive.

GRUB2

The fix for LP: #2078307 is waiting to be released, but likely won’t make beta. This can result in certain versions of Windows failing to chainload from the GRUB2 version contained in the 24.10 archive.

Platforms

Public Cloud / Cloud images

Public Images (cloud-images.ubuntu.com) images

AWS EC2

  • /etc/ec2-version will only show up on EC2 images

Microsoft Azure

  • Canonical introduced a new way of publishing on Azure with Ubuntu 24.04 LTS, which will continue for 24.10. All Ubuntu Images for 24.10 will be available under the same offer: ubuntu-24_10. Derivative images, such as the minimized version of Ubuntu server are available as plans under this main offer.

  • Starting in 24.10 (but also backported to 20.04, 22.04 and 24.04) the values for net.core.rmem_max and net.core.rmem_default have been increased to 1048576 (the Ubuntu default is 212992). This change will apply to all newly published Ubuntu images published on Azure for the given versions. This increase in the socket receive buffer size was made to reduce UDP packet loss for some workloads.

Google

  • Resume/suspend issue from noble LP: #2063315 is resolved
  • TDX support: Ubuntu images now support Confidential VMs with Intel TDX. This capability is advertised by the presence of “TDX_CAPABLE” guest OS feature flag in the image metadata. Intel TDX is now also supported on Ubuntu Jammy and Noble GCE images.
How to report any issues resulting from these changes

If you notice any unexpected changes or bugs in the minimal images, create a new bug in cloud-images.

arm64

The new arm64+largemem ISO includes a kernel with 64k page size. A larger page size can increase throughput, but comes at the cost of increased memory use, making this option more suitable for servers with plenty of memory. Typical use cases for this ISO include: machine learning, databases with many large entries, high performance computing.

IBM Z and LinuxONE image

  • The key package ‘s390-tools’ was step-by-step upgraded to latest version v2.34.1 (LP: #2073786), which incl. lots of updates, new tools and features, especially in the area of ap_tools/ap-check and libap - the skipped v.2.33 brought on top several modification in the Rust code and libutil (LP: #2067355).
  • On top of the usual upgrade of the tool-chain, valgrind was also upgraded to it’s latest v2.23, which includes support for IBM z16 hardware (LP: #1982335).
  • With the upgrade of openCryptoki to latest v3.23 (LP: #2076450), support of protected keys for extractable keys (with EP11 tokens) was introduced (LP: #2050018).
  • And as usual a lot of s390x-specific packages (or package that are of special interest for s390x) got upgraded to it’s latest version, like:
  • Kernel 6.11 move (via 6.10 code) the kernel image into vmalloc space, where random physical pages are used to map virtual pages (LP: #2072661).
    Even if kernel 6.11 is brand new, a patch set from the next kernel for 'Vertical CPU Polarization Support Stage 2" that esp. provides improved ‘cpu capacity’ support for the Linux scheduler (LP: #2072760) was included.

IBM POWER (ppc64el)

  • KVM running in IBM PowerVM LPARs:
    Ubuntu Server 24.04 has the required technology enablement and support for running KVM in a PowerVM LPAR.
    This technology enables expanded open-source based innovations and solutions for Ubuntu Server on the IBM Power platform.
    Below are the firmware and hardware requirements:
    • Firmware: FW1060.10
    • Hardware: IBM Power10
  • KVM virtualization continues to be supported on POWER9 bare-metal / OPAL based systems.
  • Ubuntu 24.10 includes so called ‘Book3S HV nestedv2’ support and fixes.

RISC-V

Ubuntu 24.04 is the first LTS release for the StarFive VisionFive 2 board.
For an overview of supported boards see https://ubuntu.com/download/risc-v.

The RISC-V Ubuntu userland is compatible with all RVA20 hardware.

Known Issues

As is to be expected with any release, there are some significant known bugs that users may encounter with this release of Ubuntu. The ones we know about at this point (and some of the workarounds) are documented here, so you don’t need to spend time reporting these bugs again:

General

  • The Live Session of the new Ubuntu Desktop installer is not localized. It is still possible to perform a non-English installation using the new installer, but internet access at install time is required to download the language packs. (LP: #2013329)

Linux kernel

  • The ipu6 driver shipped with the 24.04 GA kernel (6.8.0-31) has known issues which cause some Intel MIPI cameras to fail to initialize. The Kernel Team is working on providing the fixes as a future kernel SRU update. (LP# 2061747)

Ubuntu Desktop

  • Screen reader support is present with the new desktop installer, but is incomplete (LP: #2061015, LP: #2061018, LP: #2036962, LP: #2061021)

  • Application icons don’t use the correct High Contrast theme when High Contrast is enabled (LP: #2013107)

  • GTK4 apps (including the desktop wallpaper) do not display correctly with VirtualBox or VMWare with 3D Acceleration (LP: #2061118).

  • Netbooting the new desktop installer causes the installer to crash on startup. The issue will be resolved for the 24.04.1 release (or sooner) and at that time the fix will become available via a manual snap refresh in the live environment on the 24.04 ISOs (LP: #2062988).

  • Incompatibility between TPM-backed Full Disk Encryption and Absolute: TPM-backed Full Disk Encryption (FDE) has been introduced to enhance data security. However, it’s important to note that this feature is incompatible with Absolute (formerly Computrace) security software. If Absolute is enabled on your system, the machine will not boot post-installation when TPM-backed FDE is also enabled. Therefore, disabling Absolute from the BIOS is recommended to avoid booting issues.

  • Hardware-Specific Kernel Module Requirements for TPM-backed Full Disk Encryption: TPM-backed Full Disk Encryption (FDE) requires a specific kernel snap which may not include certain kernel modules necessary for some hardware functionalities. A notable example is the vmd module required for NVMe RAID configurations. In scenarios where such specific kernel modules are indispensable, the hardware feature may need to be disabled in the BIOS (such as RAID) to ensure the continued availability of the affected hardware post-installation. If disabling in the BIOS is not an option, the related hardware will not be available post-installation with TPM-backed FDE enabled.

  • FDE specific bug reports.

  • Nvidia hybrid machines that have an external monitor connected to the secondary GPU (usually via the laptop’s HDMI port) may experience lower performance on that monitor in the default Wayland session (LP#2064205). Work to solve this is nearing completion upstream and will be released to Ubuntu as soon as it is ready. To work around the performance issue you may select ‘Ubuntu on Xorg’ from the login screen. Single GPU systems (Nvidia or otherwise) do not have any such issue and will perform best with the default Wayland session.

Ubuntu Server

rabbitmq-server

Certain version hops may be unsupported due to feature flags, raising questions about how Ubuntu will maintain this package moving forward. We are currently exploring the use of snaps as a potential solution to enable smoother upgrades. For more information please read Bug #2074309 “upgrade 22.04 -> 24.04 won't start due to feature ...” : Bugs : rabbitmq-server package : Ubuntu.

Installer

  • In some situations, it is acceptable to proceed with an offline installation when the mirror is inaccessible. In this scenario, it is advised to use:
apt:
  fallback: offline-install
  • Network interfaces left unconfigured at install time are assumed to be configured via dhcp4. If this doesn’t happen (for example, because the interface is physically not connected) the boot process will block and wait for a few minutes (LP: #2063331). This can be fixed by removing the extra interfaces from /etc/netplan/50-cloud-init.conf or by marking them as optional: true. Cloud-init is disabled on systems installed from ISO images, so settings will persist.

samba apparmor profile

Due to bug LP: #2063079, the samba smbd.service unit file is no longer calling out to the helper script to dynamically create apparmor profile snippets according to the existing shares.

By default, the smbd service from samba is not confined. To be affected by this bug, users have to:

  • install the optional apparmor-profiles package
  • switch the smbd profile confinement from complain to enforce

Therefore, only users who have taken those steps and upgrade to Noble, will be affected by this bug. An SRU to fix it will be done shortly after release.

Platform

Docker

There is a AppArmor related bug where containers cannot be promptly stopped due to the recently added AppArmor profile for runc. The containers are always killed with SIGKILL due to the denials when trying to receive a signal. More details about this bug can be found here, and a workaround is described here.

PPC64EL

  • PMDK sees some hardware-specific failures in its test suite, which may make the software partially or fully inoperable on the ppc64el architecture. (LP: #2061913)

Raspberry Pi

  • During boot on the server image, if your cloud-init configuration (in user-data on the boot partition) relies upon networking (importing SSH keys, installing packages, etc.) you must ensure that at least one network interface is required (optional: false) in network-config on the boot partition. This is due to netplan changes to the wait-online service (LP: #2060311)

  • The startup sound does not play before the initial setup process, hence users cannot currently rely on hearing this sound to determine if the system has booted (LP: #2060693)

  • The seeded totem video player will not prompt users to install missing codecs when attempting to play a video requiring them (LP: #2060730)

  • With some monitors connected to a Raspberry Pi, it is possible that a monitor powers off after a period of inactivity but then powers back on and shows a black screen. Investigation into the types of monitors affected is ongoing in LP: #1998716.

  • With the removal of the crda package in 22.04, the method of setting the wifi regulatory domain (editing /etc/default/crda) no longer operates. On server images, use the regulatory-domain option in the Netplan configuration. On desktop images, append cfg80211.ieee80211_regdom=GB (substituting GB for the relevant country code) to the kernel command line in the cmdline.txt file on the boot partition (LP: #1951586).

  • The power LED on the Raspberry Pi 2B, 3B, 3A+, 3B+, and Zero 2W currently goes off and stays off once the Ubuntu kernel starts booting (LP: #2060942)

  • libcamera support is currently broken; this will be a priority for next cycle and fixes will be SRU’d to noble as and when they become available (LP: #2038669)

  • Colours appear incorrectly in the Ubuntu App Centre (LP: #2076919)

  • On desktop images, changes in the home directory result in log spam from tracker-miner complaining about lack of landlock (LP: #2066885)

  • On server images, re-authentication to WiFi APs when regulatory domain is set result in dmesg spam to the console (LP: #2063365)

ARM64 Systems with NVIDIA GPUs

  • The current versions of the NVIDIA GPU drivers may cause hangs or crashes (LP: #2062380). This will be fixed in a future driver update.

Public Cloud / Cloud Images

Google

Nothing yet.

Microsoft Azure

Nothing yet.

s390X

Nothing yet.

Official flavours

Find the release notes for the official flavours at the following links:

More information

Reporting bugs

Your comments, bug reports, patches and suggestions help fix bugs and improve the quality of future releases. Please report bugs using the tools provided. If you want to help with bugs, the Bug Squad is always looking for help.

What happens if there is a high or critical priority CVE during release day?

Server, Desktop and Cloud plan to release in lockstep on release day, but there are some exceptions.

In the unlikely event that a critical or high-priority CVE is announced on release day, the release team have agreed on the following plan of action:

  • For critical priority CVEs, the release of Server, Desktop and Cloud will be blocked until new images can be built addressing the CVE.

  • For high-priority CVEs, the decision to block release will be made on a per-product (Server, Desktop and Cloud) basis and will depend on the nature of the CVE, which might result in images not being released on the same day.

This was discussed in the ubuntu–release mailing list March/April 2023.

The mailing list thread also confirmed there is no technical or policy reason why a package cannot be pushed to the Updates or Security pocket to address high or critical-priority CVEs prior to the release.

Participate in Ubuntu

If you would like to help shape Ubuntu, look at the list of ways you can participate at community.ubuntu.com/contribute.

More about Ubuntu

You can find out more about Ubuntu on the Ubuntu website.

To sign up for future Ubuntu development announcements, subscribe to Ubuntu’s development announcement list at ubuntu-devel-announce.

7 Likes