Questing Quokka Release Notes

Table of Contents

• Introduction
• New features in 25.10
• Known Issues
• Official flavours
• More information

Introduction

These release notes for Ubuntu 25.10 (Questing Quokka) provide an overview of the release and document the known issues with Ubuntu and its flavours.

Support lifespan

Ubuntu 25.10 will be supported for 9 months until July 2026. If you need long term support, we recommend you use Ubuntu 24.04.2 LTS which is supported until at least 2029.

Upgrades

New features in 25.10

Updated Packages

Linux kernel 6.15🐧

This release delivers the latest Linux kernel, following Canonical’s new policy.

Features can be found in the Linux 6.15 upstream changelog.

Ubuntu 25.10 is expected to include Linux 6.17

systemd v257.4

Netplan v1.1.2

Toolchain Upgrades

OpenJDK

.NET

Default configuration changes

Ubuntu Desktop

Installer and Upgrades

Enterprise

Wayland

The Ubuntu session is now provided by Wayland only. The Ubuntu on Xorg session is no longer available since it is no longer possible to use GNOME from an Xorg session.

GNOME

• GNOME has been updated to include new features and fixes from the latest GNOME release, GNOME 48
• We expect to package GNOME 49 Beta before Ubuntu 25.10 Feature Freeze

Security Center

• TPM-backed Full Disk Encryption recovery key management

Default app changes

Updated Applications

• Firefox 140

Updated Subsystems

• Pipewire 1.4.2

Gaming

NVIDIA Dynamic Boost

Support for new Intel® integrated and discrete GPUS

Ubuntu Foundations

Cryptography

Libraries

Package Management: APT 3.0

Ubuntu Server

Apache2

Clamav

Chrony

Chrony was upgraded to version v4.7 and comes pre-installed as the new default time-daemon in Ubuntu 25.10, replacing systemd-timesyncd. It ships with a configuration set to use Ubuntu Network Time Security (NTS) servers by default. In order to migrate upgraded systems to chrony you can execute apt-mark auto systemd-timesyncd && apt install chrony.

See upstream release notes for v4.7.

The two primary changes related to NTS are:

• NTS/KE (“Key Exchange”) uses a separate port (4460/tcp) to negotiate security parameters, which are then used via the normal NTP port (123/udp).

• A new CA is installed in /etc/chrony/nts-bootstrap-ubuntu.crt that is used specifically for the Ubuntu NTS bootstrap server, needed for when the clock is too far off. This is added to certificate set ID “1”, and defined via /etc/chrony/conf.d/ubuntu-nts.conf.

If your network does not allow access to the Ubuntu NTS servers or the required ports, and the new configuration is in place, chrony will not be able to adjust this system’s clock. To revert to NTP, edit the configuration file in /etc/chrony/sources.d/ubuntu-ntp-pools.sources and revert to using the listed NTP servers in favor of the NTS ones.

cloud-init v. 25.1.1

Containerd

Dcmstack

runc

Docker

Dovecot

Upgrading from Dovecot 2.3.x to 2.4 requires several important config file changes. These are explained in detail in the link below. This includes renamed configuration parameters as well as a major change to the syntax. While converting an existing config is possible, it will need careful review to ensure your site customizations are carried through properly.

Additionally, Dovecot 2.4 brings new features including support for the ARGON2 password scheme, SCRAM-SHA-1 and SCRAM-SHA-256 SASL mechanisms, and the X25519 and X448 cryptographic curves for some plugins. A number of features are being removed, changed, or deprecated; for the full list please see:

• https://doc.dovecot.org/main/installation/upgrade/2.3-to-2.4.html

Notably, support for building for 32-bit architectures has ended, so dovecot will no longer be natively installable on i386 and armhf platforms.

Exim4

HAProxy

freeradius

libvirt

The libvirt package was upgraded to version 11.4.0. Here are the important changes since Ubuntu Plucky:

• qemu: ppc64 POWER11 processor support
• All helper programs are now detected from $PATH during runtime - allowing you to modify its behavior more easily
• qemu: Added guest load averages to the output of virDomainGetGuestInfo
• qemu: Add support for multiple iothreads for virtio-scsi controller
• qemu: integrate support for VM shutdown on host shutdown - a new opt-in way to shut down guests on host shutdown
• qemu: Add support for parallel save/restore
• qemu: Support for Block Disk Along with Throttle Filters
• nodedev: Support ccwgroup based qeth devices
• Introduce virtio-mem model for s390 guests

For more details, please see the upstream changelog .

Monitoring Plugins

Nginx

OpenLDAP

Openssh

Valkey

Valkey was updated to version 8.1, starting with 8.1.1. This includes additional significant performance and efficiency improvements, without any backwards-incompatible changes to commands and responses. For more information on the new version, see the Valkey 8.1 blog post . Release notes are available on the Valkey project GitHub .

MySQL

MySQL Shell

Percona Xtrabackup

PHP

PostgreSQL

QEMU

The QEMU package was updated to version 10.0.2. Here are the changes since Ubuntu 25.04.

• Arm is able to emulate Secure EL2 physical and virtual timers as well as architectural features FEAT_AFP, FEAT_RPRES, FEAT_XS
• Arm’s virt board can configuring a larger PCIe MMIO regions via highmem-mmio-size
• RISC-V got various improvements like
  • support for Smdbltrp, Ssdbltrp and Smrnmi extensions
  • Add ‘sha’ support
  • Support of the RVA23 Profile
• s390x added support for generation 17 mainframe CPUs and virtio-mem
• x86 emulation got a performance boost handling string instructions
• x86 furthermore got more recent CPU types like ClearwaterForest
• virtio-scsi has gained true multiqueue support
• 32 bit hosts never could never provide the atomicity requirements of 64-bit guests. From 10.0, QEMU has disabled configuration of 64-bit guests on 32-bit hosts.

For more details, please see related upstream changelogs and the general log on removed features:

• 10.0 Changelog
• Removed Features

Ruby 3.3

Samba

Samba has been updated to the new upstream 4.22 version.

New features:

• SMB3 Directory Leases
• Netlogon Ping over LDAP and LDAPS
• Experimental Himmelblaud Authentication in Samba
• AD DC schema upgrade and provision performance improvements

Removed features:

• nmbd proxy logon
• cldap port
• fruit:posix_rename

Please refer to the upstream release notes for details: https://www.samba.org/samba/history/samba-4.22.0.html

samba on i386

Upgrading an AD/DC from previous Ubuntu releases

Squid

SSSD

Intel® QuickAssist Technology (Intel® QAT)

Subiquity

thin-provisioning-tools

Ubuntu HA/Clustering

fence-agents

resource-agents

sos (sosreport)

Ubuntu WSL

OpenStack

Ceph

Open vSwitch (OVS) and Open Virtual Network (OVN)

GRUB2

Platforms

Public Cloud / Cloud images

How to report any issues resulting from these changes

Raspberry Pi

arm64

IBM Z and LinuxONE (s390x)

IBM POWER (ppc64el)

RISC-V

Ubuntu 25.10 targets the RVA23S64 ISA profile. Systems that don’t satisfy this requirement cannot run Ubuntu 25.10. RVA20 hardware will continue to be supported by Ubuntu 24.04 LTS.

Known Issues

As is to be expected with any release, there are some significant known bugs that users may encounter with this release of Ubuntu. The ones we know about at this point (and some of the workarounds) are documented here, so you don’t need to spend time reporting these bugs again:

General

• TPM FDE installs seem to fail to boot after the installation is complete (LP: #2104316). This is an issue with the beta image, and it is projected to be fixed by the plucky release.
• There is a bug (LP: #2104316) in the beta images that prevents netboot installs in some scenarios.
• It has been reported that cloud-init may fails to upgrade properly in the Oracular to Pluck upgrade path, see LP: #2104316.
• The Live Session of the new Ubuntu Desktop installer is not localized. It is still possible to perform a non-English installation using the new installer, but internet access at install time is required to download the language packs. (LP: #2013329)
• ZFS with Encryption on Ubuntu 24.10 will fail to activate the cryptoswap partition. This affects both new installs and upgrades. We expect to address this post-release with an archive update.
• Some particular hardware (e.g. Thinkpad x201) might have issues (general freeze, desktop-security-center not launching), when booted without nomodeset (Safe graphics). Follow these steps if you encounter such an issue:

1. At the GRUB boot menu, press e (keep Shift pressed during early boot if the menu doesn’t show up).
2. Add nomodeset to linux line, like the example below:

linux /casper/vmlinuz nomodeset ---

3. Press Ctrl-x to continue the boot process
4. After installation is complete, reboot, use nomodeset again, like the example below:

linux /boot/vmlinuz-6.11.0-8-generic nomodeset root=UUID=c5605a23-05ae-4d9d-b65f-e47ba48b7560 ro

5. Add nomodeset to the GRUB config file, /etc/default/grub, like the example below:

GRUB_CMDLINE_LINUX="nomodeset"

6. Finally, run sudo update-grub to make the change take effect.

Linux kernel

• A bug prevents the IO scheduler from being reset to “none” (LP: #2083845): the fix is already in v6.11.2, and will be part of the first SRU kernel.
• Support for FAN networking has been dropped in the 6.11 release kernel. It will be re-introduced in the next 6.11 kernel update shortly.

Ubuntu Desktop

• The login manager GDM is currently unable to log in to any X11 sessions. This functionality will be restored before Ubuntu 25.10 is released.

• Screen reader support is present with the new desktop installer, but is incomplete (LP: #2061015, LP: #2061018, LP: #2036962, LP: #2061021)

• OEM installs are not supported yet (LP: #2048473)

• GTK4 apps (including the desktop wallpaper) do not display correctly with VirtualBox or VMWare with 3D Acceleration (LP: #2061118).

• Incompatibility between TPM-backed Full Disk Encryption and Absolute: TPM-backed Full Disk Encryption (FDE) has been introduced to enhance data security. However, it’s important to note that this feature is incompatible with Absolute (formerly Computrace) security software. If Absolute is enabled on your system, the machine will not boot post-installation when TPM-backed FDE is also enabled. Therefore, disabling Absolute from the BIOS is recommended to avoid booting issues.

• Hardware-Specific Kernel Module Requirements for TPM-backed Full Disk Encryption: TPM-backed Full Disk Encryption (FDE) requires a specific kernel snap which may not include certain kernel modules necessary for some hardware functionalities. A notable example is the vmd module required for NVMe RAID configurations. In scenarios where such specific kernel modules are indispensable, the hardware feature may need to be disabled in the BIOS (such as RAID) to ensure the continued availability of the affected hardware post-installation. If disabling in the BIOS is not an option, the related hardware will not be available post-installation with TPM-backed FDE enabled.

• FDE specific bug reports.

• Resuming from suspend on Nvidia desktops (where Nvidia is the primary GPU so generally not laptops) will exhibit visual corruption and freezes using the default Wayland session (LP#1876632). If you need suspend/resume support then the simplest solution is to select ‘Ubuntu on Xorg’ at the login screen.

• Installing ubuntu-fonts-classic results in a non-Ubuntu font being displayed (LP#2083683). To resolve this, install gnome-tweaks and set ‘Interface Text’ to ‘Ubuntu’.

Ubuntu Server

rabbitmq-server

Certain version hops may be unsupported due to feature flags, raising questions about how Ubuntu will maintain this package moving forward. We are currently exploring the use of snaps as a potential solution to enable smoother upgrades. For more information please read LP: #2074309.

Openstack

Currently, Nova Compute is non-functional because of a python3.13 incompatiblity (LP:#2103413).
The Openstack team and Upstream work on it and it will be resolved via an SRU later.

The Ubuntu Cloud Archive is not affected by this bug.

Installer

On systems booting via U-Boot, U-Boot should be updated to the current Plucky version before installation as subiquity does not run flash-kernel and grub-update during the installation. So for first boot the device-tree from U-Boot will be used.

• In some situations, it is acceptable to proceed with an offline installation when the mirror is inaccessible. In this scenario, it is advised to use:

apt:
  fallback: offline-install

• Network interfaces left unconfigured at install time are assumed to be configured via dhcp4. If this doesn’t happen (for example, because the interface is physically not connected) the boot process will block and wait for a few minutes (LP: #2063331). This can be fixed by removing the extra interfaces from /etc/netplan/50-cloud-init.conf or by marking them as optional: true. Cloud-init is disabled on systems installed from ISO images, so settings will persist.

Raspberry Pi

• The new gnome-initial-setup has some teething issues:

  • Time zone input dropdown can “wobble” (LP: #2084611)
  • The localization of the application fails (LP: #2104148)
  • The hostname change is mandatory (LP: #2093132)

• During boot on the server image, if your cloud-init configuration (in user-data on the boot partition) relies upon networking (importing SSH keys, installing packages, etc.) you must ensure that at least one network interface is required (optional: false) in network-config on the boot partition. This is due to netplan changes to the wait-online service (LP: #2060311)

• The seeded totem video player will not prompt users to install missing codecs when attempting to play a video requiring them (LP: #2060730)

• With the removal of the crda package in 22.04, the method of setting the wifi regulatory domain (editing /etc/default/crda) no longer operates. On server images, use the regulatory-domain option in the Netplan configuration. On desktop images, append cfg80211.ieee80211_regdom=GB (substituting GB for the relevant country code) to the kernel command line in the cmdline.txt file on the boot partition (LP: #1951586).

• The power LED on the Raspberry Pi 2B, 3B, 3A+, 3B+, and Zero 2W currently goes off and stays off once the Ubuntu kernel starts booting (LP: #2060942)

• Colours appear incorrectly in the Ubuntu App Centre (LP: #2076919)

• On server images, re-authentication to WiFi APs when regulatory domain is set result in dmesg spam to the console (LP: #2063365)

Google Compute Platform

Nothing yet.

Microsoft Azure

• The current version of walinuxagent relies on python3-legacycrypt for password changing functionality but it cannot be made a dependency due to a component mismatch (LP: #2106484).

AWS

• The hibinit package (responsible for hibernation on spot instances) is no longer installed on the EC2 images and the package got removed from the archive (LP:#2115192). The ec2-hibinit-agent package does handle hibernation on spot instance now and is installed by default on EC2 images.

s390X

Nothing yet.

Official flavours

Find the release notes for the official flavours at the following links:

• Edubuntu Release Notes
• Kubuntu Release Notes
• Lubuntu Release Notes
• Ubuntu Budgie Release Notes
• Ubuntu MATE Release Notes
• Ubuntu Studio Release Notes
• Ubuntu Unity Release Notes
• Xubuntu Release Notes
• Ubuntu Kylin Release Notes
• Ubuntu Cinnamon Release Notes

More information

Reporting bugs

Your comments, bug reports, patches and suggestions help fix bugs and improve the quality of future releases. Please report bugs using the tools provided. If you want to help with bugs, the Bug Squad is always looking for help.

What happens if there is a high or critical priority CVE during release day?

Server, Desktop and Cloud plan to release in lockstep on release day, but there are some exceptions.

In the unlikely event that a critical or high-priority CVE is announced on release day, the release team have agreed on the following plan of action:

• For critical priority CVEs, the release of Server, Desktop and Cloud will be blocked until new images can be built addressing the CVE.

• For high-priority CVEs, the decision to block release will be made on a per-product (Server, Desktop and Cloud) basis and will depend on the nature of the CVE, which might result in images not being released on the same day.

This was discussed in the ubuntu–release mailing list March/April 2023.

The mailing list thread also confirmed there is no technical or policy reason why a package cannot be pushed to the Updates or Security pocket to address high or critical-priority CVEs prior to the release.

Participate in Ubuntu

If you would like to help shape Ubuntu, look at the list of ways you can participate at community.ubuntu.com/contribute.

More about Ubuntu

You can find out more about Ubuntu on the Ubuntu website.

To sign up for future Ubuntu development announcements, subscribe to Ubuntu’s development announcement list at ubuntu-devel-announce.