Category Archives: LXD

Announcing Incus 7.2

The Incus team is pleased to announce the release of Incus 7.2!

It’s another pretty busy release for us with a varied set of new features across the board as well as the usual set of performance improvements and bugfixes.

This fixes the following security issues:

  • CVE-2026-48749 (critical) – Arbitrary file read+write on host via rootfs/ symlink in malicious image
  • CVE-2026-48750 (critical) – Arbitrary file write on host via exec-output symlink in crafted image
  • CVE-2026-48751 (critical) – Restricted project bypass leading to arbitrary command execution
  • CVE-2026-48752 (critical) – Arbitrary file read+write on host via templates/ symlink in malicious image
  • CVE-2026-48755 (critical) – Argument injection in backup compression algorithm leading to arbitrary file write and command execution
  • CVE-2026-48769 (critical) – Arbitrary file write on client due to trusted image hash
  • CVE-2026-55621 (high) – Project restriction bypass for custom volume copy across projects
  • CVE-2026-55622 (high) – Project restriction bypass in instance copy across projects

On the feature front, the highlights for this release are:

  • Per-instance SELinux integration
  • New incus default CLI command
  • Filtered server info by default
  • Keepalive timeout from the CLI
  • Better OS-specific handling of CLI configuration
  • Standalone server certificate update
  • Static network configuration for OCI containers
  • Per-instance BGP route advertisement
  • Dynamic addresses in proxy NAT mode
  • Expanded NBD access to VMs
  • Btrfs compression for storage volumes
  • InfiniBand SR-IOV GUID configuration
  • Websocket origin restriction

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

Posted in Incus, LXD, Planet Ubuntu, Zabbly | Leave a comment

Announcing Incus 7.1

The Incus team is pleased to announce the release of Incus 7.1!

This is our first monthly feature release since Incus 7.0 LTS and it’s a pretty busy one as we’ve had some time to clear our backlog a bit.

image

This fixes the following security issues:

On the feature front, the highlights for this release are:

  • Rebuilding custom storage volumes
  • Explicit CPU topology for virtual machines
  • Custom TPM platform certificate
  • Volume creation on attach
  • File system creation options for storage
  • Low-level LINSTOR configuration
  • IP ranges in network address sets
  • Multicast snooping control on bridge networks
  • Multiple addresses per remote
  • S3 object storage improvements

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

Posted in Incus, LXD, Planet Ubuntu, Zabbly | Leave a comment

Announcing Incus 7.0 LTS

It’s with great pride and pleasure that the Incus team is announcing the release of Incus 7.0 LTS!

Incus is a modern system container, application container and virtual machine manager. It’s released under the Apache 2.0 license and is run as a community led Open Source project as part of the Linux Containers organization.

Incus provides a cloud-like environment, creating instances from our premade images or any OCI registry and offers a wide variety of features, including the ability to seamlessly cluster servers together.

It supports multiple different local or remote storage options, traditional or fully distributed networking and offers most common cloud features, including a full REST API and integrations with common tooling like Ansible, Terraform/OpenTofu, Packr, Kubernetes Cluster API and more!

This is the second LTS release for Incus with Incus 6.0 LTS now entering its security-only phase for the remaining 3 years of its 5 years lifespan.

Incus 7.0 LTS joins LXC 7.0 LTS and LXCFS 7.0 LTS in wrapping up this round of LTS releases.

Just like its sister projects, Incus 7.0 LTS will be supported until June 2031.

The first 2 years will feature bug and security fixes as well as minor usability improvements, delivered through occasional point releases (7.0.x). After that initial two years, Incus 7.0 LTS will move to security only maintenance for the remaining of its 5 years of support.

A total of 204 individuals contributed to Incus between the 6.0 LTS and 7.0 LTS releases with 45 contributing between the 6.23 and 7.0 LTS releases.

This release fixes the following security issues:

Breaking changes:

  • New minimum system requirements
  • Removal of CGroupV1 support
  • Removal of xtables support
  • Incus CLI changes, removing handling for older syntax

New features for those coming from Incus 6.23:

  • Minio replaced by built-in S3 listener
  • Server shutdown action
  • Low level backup API
  • Storage pool project restriction
  • Placement scriptlet call on cluster rebalance
  • File transfer commands now aligned with cp
  • –reuse flag in incus image copy

New features for those coming from Incus 6.0.6 LTS:

  • All of the new features listed above
  • Application containers (OCI)
  • Dependent storage volumes
  • Network address sets
  • Linstor storage driver
  • TrueNAS storage driver
  • CPU baseline definition in cluster groups

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

Posted in Incus, LXD, Planet Ubuntu, Zabbly | Leave a comment

Announcing Incus 6.23

The Incus team is pleased to announce the release of Incus 6.23!

This release is going to be our last 6.x release before Incus 7.0 LTS which is due out on April 30th.

It’s also quite a busy release with a good mix of security issues (mostly thanks to an ongoing analysis by 7asecurity), bug fixes and performance improvements and then a very good selection of features from expanding our OS support for VMs to adding more flexible instance storage with dependent volumes!

This fixes the following security issues:

On the feature front, the highlights for this release are:

  • Dependent storage volumes
  • FreeBSD VM support
  • Reworked CLI parser
  • Support for disabling DHCP announcement of the gateway
  • Support for ipv4.dhcp.gateway on OVN networks
  • Support for io.bus on OVN NICs
  • VM agent lifecycle events
  • Reworked incus file pull and incus storage volume file pull
  • Project related metrics
  • Instance low-level repair API

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

Posted in Incus, LXD, Planet Ubuntu, Zabbly | 1 Comment

Announcing Incus 6.22

The Incus team is pleased to announce the release of Incus 6.22!

This is quite the busy release with a lot of changes all across the board on top of a large quantities of bugfixes. There should be something for everyone!

On the feature front, the highlights for this release are:

  • vsock support for the WIndows agent
  • Direct backup retrieval
  • Disk-only snapshot restoration
  • Dedicated storage volume for server logs
  • QCOW2 storage improvements
  • lvmcluster storage pool resizing
  • Automatic snapshot removal on restore with lvmcluster
  • Full USB controller passthrough in unix-hotplug
  • Certificate information in the authorization scriptlet
  • VM fast reboot
  • Image server URL restrictions in projects
  • URL based imports in incus-migrate
  • Multi-domain certificates with ACME
  • Control of trusted property on SR-IOV NICs
  • Additional cluster member states to track evacuation
  • Cluster restore without instance migration
  • Instance boot time metrics

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

Posted in Incus, LXD, Planet Ubuntu, Zabbly | Leave a comment