14.5.5-rc1

What's changed

#6020 [14.5-stable] datastore: fix IsToken68 for base64 tokens by @christoph-zededa (#6020) (backport of #75 #6034)
#6027 [14.5-stable] pkg/pillar: bump eve-libs by @christoph-zededa (#6027) (backport of #6030)
#6043 [14.5-stable] newlog: cache log levels to apply them from boot by @europaul (#6043) (backport of #6031)
#6049 [14.5-stable] vtpm: fix unseal failure when SHA256 PCR bank is disabled by @shjala (#6049) (backport of #5975)

Full Changelog: 14.5.4-lts...14.5.5-rc1

17.0.0-rc2

What's changed

• fix(kube): persist k3s node password across reboots. by @naiming-zededa (#5970)
• vtpm: fix unseal failure when SHA256 PCR bank is disabled. by @shjala (#5975)
• docs: sync CONFIG-PROPERTIES.md with pkg/pillar/types/global.go. by @mvanhorn (#5960)
• mkimage-raw-efi: fix pre-flight size check on real block devices. by @rucoder (#5989)
• assets.yml: improve compression for EVE evaluation artifacts. by @europaul (#5990)
• zedrouter: restart dnsmasq when an app leaves to evict its stale lease. by @milan-zededa (#5995)
• Add omitempty to AssignableAdapters JSON tags to prevent pubsub overflow. by @milan-zededa (#5992)
• kube: align virtctl version with KubeVirt v1.7.3. by @milan-zededa (#5991)
• build(deps): bump github.com/containerd/containerd/v2 from 2.2.1 to 2.2.4 in /tools/dockerfile-from-checker. by @dependabot (#5996)
• build(deps): bump github.com/containerd/containerd from 1.7.29 to 1.7.32 in /pkg/pillar. by @dependabot (#5980)
• build(deps): bump github.com/containerd/containerd from 1.7.29 to 1.7.32 in /pkg/wwan/mmagent. by @dependabot (#5982)
• build(deps): bump github.com/containerd/containerd from 1.7.29 to 1.7.32 in /pkg/newlog. by @dependabot (#5979)
• build(deps): bump github.com/containerd/containerd/v2 from 2.1.5 to 2.2.4 in /tools/get-deps. by @dependabot (#5983)
• build(deps): bump github.com/containerd/containerd/v2 from 2.1.5 to 2.2.4 in /eve-tools/bpftrace-compiler. by @dependabot (#5981)
• pillar, kube: SR-IOV VF passthrough via Multus + sriov-cni for KubeVirt. by @zedi-pramodh (#5908)
• hypervisor: refactor VMM overhead into shared library and use in eve-k. by @zedi-pramodh (#5681)
• monitor: in-tree TUI with a stable Go/Rust IPC contract. by @rucoder (#6003)
• evetest: a new framework for EVE integration testing. by @milan-zededa (#5978)
• docs(nodeagent): add architecture document. by @eriknordmark (#5913)
• mgmtproxy: cost-aware CONNECT kube proxy for containerd & kubectl image/manifest. by @naiming-zededa (#5997)
• datastore: add http(s) auth. by @christoph-zededa (#5999)
• docs: add upgradeconverter architecture doc. by @eriknordmark (#5998)
• docs: add CLAUDE.md guidance file. by @rene (#6001)
• yetus: Replace old --out-format golangci-lint argument. by @rene (#6011)
• kube: add stale-mount-cleanup daemon to kube container. by @andrewd-zededa (#6004)
• Makefile: stop doubling the platform variant in published image tags. by @europaul (#6015)
• hypervisor/kubevirt: attach USB tablet so VNC pointer works. by @zedi-pramodh (#6025)
• Upgrade the Go toolchain to 1.25.11. by @milan-zededa (#6023)
• zedagent: fix docs inaccuracies from review. by @eriknordmark (#5965)
• kube: make longhorn-generate-support-bundle.sh multi-node safe. by @andrewd-zededa (#6010)
• Bump eve-libs to fix nettrace infinite loops. by @milan-zededa (#6012)
• Fix an install regression on some devices. by @zedi-pramodh (#6024)
• newlog: cache log levels to apply them from boot. by @europaul (#6031)
• build: remove EVALUATION platform from the build system. by @rucoder (#6022)
• zedagent: fall back to /config/authorized_keys when GlobalConfig is missing. by @rucoder (#6039)
• mkimage-raw-efi/storage-init: drop leftover evaluation/IMGC support. by @rucoder (#6040)
• pillar/collectinfo: use IsToken* from zedUpload. by @christoph-zededa (#6034)
• pillar: remove evaluation platform Go code. by @rucoder (#6041)
• types: fix /persist/volumes path in diskmetrics test. by @eriknordmark (#6035)

Full Changelog: 17.0.0-rc1...17.0.0-rc2

16.0.1-lts

What's changed

• [16.0-stable] Fix device config props handling in maybeRetryBoot. by @OhmSpectator (#5536) (backport of #5533)
• [16.0] Add missing Intel AX210 (TY) firmware required by iwlwifi by @jsfakian (#5542) (backport of #5503)
• [16.0-stable] Configure USB priority in VM boot order by @OhmSpectator (#5547) (backport of #5507)
• [16.0-stable] Revert "Add null key verification to detect TPM reset attacks" by @shjala (#5552) (backport of #5214 #5550)
• [16.0-stable] Revert automatic lkt hashes by @christoph-zededa (#5557) (backport of #5554)
• [16.0-stable] Fix QMP flooding on VM restart. by @OhmSpectator (#5562) (backport of #5548)
• [16.0-stable] Fix IPv4-only mode for static IPv4 configuration by @milan-zededa (#5566) (backport of #5565)
• [16.0-stable] usbmanager use ghw by @christoph-zededa (#5577) (backport of #5535 #5568)
• [16.0-stable ] Load TLS root CA directly from /config instead of /persist/certs by @shjala (#5578) (backport of #5553)
• [16.0-stable] pkg/pillar: update zededa/ghw library by @christoph-zededa (#5621) (backport of #5617)
• [16.0-stable] SR-IOV: Fix API logic and add I350 NIC support by @uncleDecart (#5632) (backport of #5604)
• [16.0-stable] pkg/storage-init: Fix CONFIG partition tmpfs size by @rene (#5692) (backport of #5668)
• [16-stable] Bump eve pillar by @shjala (#5701)
• [16.0-stable] readthedocs.yaml: Bump Ubuntu and Python versions by @rene (#5723) (backport of #5718)
• [16.0-stable] Backport CI improvements by @europaul (#5724) (backport of #5534 #5551 #5583 #5657 #5662 #5665 #5700 #5702 #5709 #5713 #5714)
• [16.0-stable] Simplify/remove /persist/status/zedagent/* by @eriknordmark (#5750) (backport of #5584 #5775)
• [16.0-stable] spec.sh: : fix invalid JSON when ioMemberList is empty by @christoph-zededa (#5759) (backport of #5593)
• [16.0-stable] Refactor and fix network tracing integration in controllerconn by @milan-zededa (#5769) (backport of #5648)
• [16.0-stable] mmdbus: improve eSIM detection using EID and handle missing slot paths by @milan-zededa (#5770) (backport of #5697)
• [16.0-stable] Add dynamic PCR policy support for disk key sealing by @shjala (#5794) (backport of #5398 #5591)
• [16.0-stable] Fix an issue of edge-node clustering interface using logical-label by @naiming-zededa (#5795) (backport of #5720)
• [16.0-stable] Backport URL join fixes and SAS token fix by @europaul (#5801) (backport of #5588 #5715)
• [16.0-stable] Fix broken leader election in Kubernetes cluster by @milan-zededa (#5821) (backport of #5773)
• [16.0-stable] Fix a race condition when eve-k app restart app lost IP address by @naiming-zededa (#5825) (backport of #5706)
• [16.0-stable] Fix DevicePortConfig.MostlyEqual ignoring L2 (VLAN/bond) config changes by @milan-zededa (#5828) (backport of #5820)
• [16.0-stable] pkg/pillar: Disable vmx for FML virtualization mode by @rene (#5829) (backport of #5824)
• [16.0-stable] Fix regression causing potential panic in triggerPublishAllInfo by @eriknordmark (#5836) (backport of #5833)
• [16.0-stable] Fix bond link monitoring by @milan-zededa (#5858) (backport of #5809)
• [16.0-stable] Publish bond adapter status and metrics by @milan-zededa (#5859) (backport of #5834)
• [16-0-stable] edgeview: fix wwan0 excluded from websocket interface list by @naiming-zededa (#5884) (backport of #5832)
• [16.0-stable] HW inventory fixes by @christoph-zededa (#5888) (backport of #5861)
• [16.0-stable] pkg/debug: fix COM port detection by @christoph-zededa (#5889) (backport of #5876)
• [16.0-stable] Backport #5906 by @eriknordmark (#5910) (backport of #5906)
• [16.0-stable] kernel: update kernel commits to patch CVE-2026-31431 by @shjala (#5918)
• [16.0-stable] Backport vTPM fixes by @shjala (#5919) (backport of #5838)
• [16.0-stable] Force bonds/vlans re-parsing when lower layer changes by @milan-zededa (#5941) (backport of #5902)
• [16.0-stable] device-steps: disable mdev hotplug by @christoph-zededa (#5943) (backport of #5924)
• [16.0-stable] bond: Enable active ARP validation to prevent cross-node interference by @milan-zededa (#5949) (backport of #5939)
• [16.0-stable] LPS Network Endpoint Enhancements and Signaling by @milan-zededa (#5953) (backport of #5904)
• [16.0-stable] pkg/fw: Add .pnvm firmware file for Intel AX210 by @rene (#5968) (backport of #5945)
• [16.0-stable] Makefile: Build eve-fw generic variant for evaluation platform by @europaul (#5972) (backport of #5785)
• [16.0-stable] upgrade dnsmasq by @christoph-zededa (#5984) (backport of #5948)
• [16.0-stable] newlog: sanitize non-Latin-1 chars in gzip header by @eriknordmark (#5986) (backport of #5977)
• [16.0-stable] vtpm: fix unseal failure when SHA256 PCR bank is disabled by @shjala (#6002) (backport of #5975)
• [16.0-stable] GHA: fix release-asset publishing on 16.0-stable by @europaul (#6005)
• [16.0-stable] bump eve-libs by @christoph-zededa (#6026) (backport of #6030 #6031)
• [16.0-stable] newlog: cache log levels to apply them from boot by @europaul (#6042) (backport of #6031)

Full Changelog: 16.0.0-lts...16.0.1-lts

16.0.1-rc5

What's changed

• [16.0-stable] GHA: fix release-asset publishing on 16.0-stable by @europaul (#6005)
• [16.0-stable] bump eve-libs by @christoph-zededa (#6026) (backport of #6030 #6031)
• [16.0-stable] newlog: cache log levels to apply them from boot by @europaul (#6042) (backport of #6031)

Full Changelog: 16.0.1-rc4...16.0.1-rc5

14.5.4-lts

What's changed

• [14.5-stable] Fix device config props handling in maybeRetryBoot. by @OhmSpectator (#5537) (backport of #5533)
• [14.5-stable] Configure USB priority in VM boot order by @OhmSpectator (#5546) (backport of #5507)
• [14.5-stable] Fix QMP flooding on VM restart. by @OhmSpectator (#5563) (backport of #5548)
• [14.5-stable] Fix IPv4-only mode for static IPv4 configuration by @milan-zededa (#5567) (backport of #5565)
• [14.5-stable] Load TLS root CA directly from /config instead of /persist/certs by @shjala (#5579) (backport of #5553)
• [14.5-stable] pillar: make URL joins use url.JoinPath by @europaul (#5595) (backport of #5588)
• [14.5-stable] pkg/grub: get source from git instead of tar.gz by @europaul (#5597) (backport of #5589)
• [14.5-stable] Get go from go.dev instead of alpine's edge/community mirror by @europaul (#5602) (backport of #5184)
• [14.5-stable] Get go from go.dev instead of alpine's edge/community mirror - part 2 by @europaul (#5616)
• [14.5-stable] SR-IOV: Fix API logic and add I350 NIC support by @uncleDecart (#5633) (backport of #5604)
• [14.5-stable] pkg/storage-init: Fix CONFIG partition tmpfs size by @rene (#5674) (backport of #5668)
• [14.5-stable] readthedocs.yaml: Bump Ubuntu and Python versions by @rene (#5722) (backport of #5718)
• [14.5-stable] Backport CI improvements by @europaul (#5726) (backport of #5534 #5551 #5583 #5593 #5657 #5662 #5665 #5700 #5702 #5709 #5713 #5714)
• [14.5-stable] Simplify/remove /persist/status/zedagent/* by @eriknordmark (#5753) (backport of #5584 #5754 #5775)
• [14.5-stable] mmdbus: improve eSIM detection using EID and handle missing slot paths by @milan-zededa (#5771) (backport of #5697)
• [14.5-stable] Backport vTPM fixes by @shjala (#5797) (backport of #5398 #5591 #5838)
• [14.5-stable] downloader: fix SAS token corruption in constructDatastoreContext by @jsfakian (#5802) (backport of #5715)
• [14.5-stable] Fix regression causing potential panic in triggerPublishAllInfo by @eriknordmark (#5837) (backport of #5833)
• [14.5-stable] pkg/debug: fix COM port detection by @christoph-zededa (#5890) (backport of #5876)
• [14.5-stable] backport dockerfile consistency improvements by @christoph-zededa (#5892) (backport of #4876 #5011 #5680)
• [14.5-stable] Backport #5906 by @eriknordmark (#5911) (backport of #5906)
• [14.5-stable] kernel: update kernel commits to patch CVE-2026-31431 by @shjala (#5940)
• [14.5-stable] device-steps: disable mdev hotplug by @christoph-zededa (#5944) (backport of #5924)
• [14.5-stable] upgrade dnsmasq by @christoph-zededa (#5985) (backport of #5948)
• [14.5-stable] newlog: sanitize non-Latin-1 chars in gzip header by @eriknordmark (#5987) (backport of #5977)
• [14.5-stable] assets.yml: harden release-asset publishing by @europaul (#6006)

Full Changelog: 14.5.3-lts...14.5.4-lts

16.0.1-rc4

What's changed

• [16.0-stable] upgrade dnsmasq by @christoph-zededa (#5984) (backport of #5948)
• [16.0-stable] newlog: sanitize non-Latin-1 chars in gzip header by @eriknordmark (#5986) (backport of #5977)
• [16.0-stable] vtpm: fix unseal failure when SHA256 PCR bank is disabled by @shjala (#6002) (backport of #5975)

Full Changelog: 16.0.1-rc3...16.0.1-rc4

14.5.4-rc2

What's changed

• [14.5-stable] upgrade dnsmasq by @christoph-zededa (#5985) (backport of #5948)
• [14.5-stable] newlog: sanitize non-Latin-1 chars in gzip header by @eriknordmark (#5987) (backport of #5977)

Full Changelog: 14.5.4-rc1...14.5.4-rc2

17.0.0-rc1

What's Changed

• build(deps): bump gitpython from 3.1.49 to 3.1.50 in /tools/check-commit-messages by @dependabot[bot] in #5931
• build(deps): bump github.com/in-toto/in-toto-golang from 0.10.0 to 0.11.0 in /tools/dockerfile-from-checker by @dependabot[bot] in #5929
• build(deps): bump github.com/in-toto/in-toto-golang from 0.9.0 to 0.11.0 in /tools/get-deps by @dependabot[bot] in #5930
• build(deps): bump github.com/in-toto/in-toto-golang from 0.9.0 to 0.11.0 in /eve-tools/bpftrace-compiler by @dependabot[bot] in #5928
• kube: clean up stale etcd masterleases after single-to-cluster transition by @naiming-zededa in #5927
• device-steps: disable mdev hotplug by @christoph-zededa in #5924
• LPS Network Endpoint Enhancements and Signaling by @milan-zededa in #5904
• eve-k: fix pillar 'make test' for macOS M-series (ZARCH=arm64 HV=k) by @andrewd-zededa in #5846
• bond: Enable active ARP validation to prevent cross-node interference by @milan-zededa in #5939
• pillar: emit coverage for short-lived agents by @eriknordmark in #5937
• pkg/eve: Fix image sizes for evaluation variant and bump live to 16GB by @rene in #5932
• scepclient: clean up obsolete enrolled certs on boot by @milan-zededa in #5942
• msrv: fix OpenStack metadata routing by @eriknordmark in #5925
• remove uncleDecart from CODEOWNERS by @uncleDecart in #5952
• Intel iGPU passthrough support for KVM with UEFI by @rucoder in #5686
• baseosmgr: clean up orphan BaseOsStatus on ContentTreeStatus delete by @eriknordmark in #5951
• pkg/fw: Add .pnvm firmware file for Intel AX210 by @rene in #5945
• github/workflows: add Claude automated PR review workflow by @rene in #5917
• docs(config-properties): correct debug.enable.{usb,vga,console} defaults by @mvanhorn in #5935
• PNAC: fix DHCP reacquire being lost on concurrent DPC update by @milan-zededa in #5947
• feat(zedkube): configurable VMI descheduler for failback by @andrewd-zededa in #5885
• tests/eden: pin coverage runs to eden master by @eriknordmark in #5959
• client: drop unused /config fallback by @eriknordmark in #5954
• Fix SBOM: Add missing packages by @shjala in #5961
• Bump rootfs partition size from 4GB to 10GB by @rene in #5973
• zedkube: prune stale master nodes from EdgeNodeCluster config by @naiming-zededa in #5974
• GHA: add arm64 kubevirt and nvidia-jp7 build/publish coverage by @europaul in #5907
• dnsmasq: update to use alpine dnsmasq by @christoph-zededa in #5948
• newlog: sanitize non-Latin-1 chars in gzip header by @eriknordmark in #5977
• grub: disable PCIe ACS override for EVE-K boot by @rucoder in #5969
• zedagent: report size of EFI and IMGx partitions by @eriknordmark in #5976
• eve-k: kube/longhorn: tune replica rebuild, add snapshot management, fix replica/PVC size reporting by @andrewd-zededa in #5955

New Contributors

• @mvanhorn made their first contribution in #5935

Full Changelog: 16.14.0...17.0.0-rc1

16.0.1-rc3

What's changed?

• [16.0-stable] HW inventory fixes by @christoph-zededa (#5888) (backport of #5861)
• [16.0-stable] pkg/debug: fix COM port detection by @christoph-zededa (#5889) (backport of #5876)
• [16.0-stable] Backport #5906 by @eriknordmark (#5910) (backport of #5906)
• [16.0-stable] kernel: update kernel commits to patch CVE-2026-31431 by @shjala (#5918)
• [16.0-stable] Backport vTPM fixes by @shjala (#5919) (backport of #5838)
• [16.0-stable] Force bonds/vlans re-parsing when lower layer changes by @milan-zededa (#5941) (backport of #5902)
• [16.0-stable] device-steps: disable mdev hotplug by @christoph-zededa (#5943) (backport of #5924)
• [16.0-stable] bond: Enable active ARP validation to prevent cross-node interference by @milan-zededa (#5949) (backport of #5939)
• [16.0-stable] LPS Network Endpoint Enhancements and Signaling by @milan-zededa (#5953) (backport of #5904)
• [16.0-stable] pkg/fw: Add .pnvm firmware file for Intel AX210 by @rene (#5968) (backport of #5945)
• [16.0-stable] Makefile: Build eve-fw generic variant for evaluation platform by @europaul (#5972) (backport of #5785)

Full Changelog: 16.0.1-rc2...16.0.1-rc3

14.5.4-rc1

What's changed?

• [14.5-stable] Fix device config props handling in maybeRetryBoot. by @OhmSpectator (#5537) (backport of #5533)
• [14.5-stable] Configure USB priority in VM boot order by @OhmSpectator (#5546) (backport of #5507)
• [14.5-stable] Fix QMP flooding on VM restart. by @OhmSpectator (#5563) (backport of #5548)
• [14.5-stable] Fix IPv4-only mode for static IPv4 configuration by @milan-zededa (#5567) (backport of #5565)
• [14.5-stable] Load TLS root CA directly from /config instead of /persist/certs by @shjala (#5579) (backport of #5553)
• [14.5-stable] pillar: make URL joins use url.JoinPath by @europaul (#5595) (backport of #5588)
• [14.5-stable] pkg/grub: get source from git instead of tar.gz by @europaul (#5597) (backport of #5589)
• [14.5-stable] Get go from go.dev instead of alpine's edge/community mirror by @europaul (#5602) (backport of #5184)
• [14.5-stable] Get go from go.dev instead of alpine's edge/community mirror - part 2 by @europaul (#5616)
• [14.5-stable] SR-IOV: Fix API logic and add I350 NIC support by @uncleDecart (#5633) (backport of #5604)
• [14.5-stable] pkg/storage-init: Fix CONFIG partition tmpfs size by @rene (#5674) (backport of #5668)
• [14.5-stable] readthedocs.yaml: Bump Ubuntu and Python versions by @rene (#5722) (backport of #5718)
• [14.5-stable] Backport CI improvements by @europaul (#5726) (backport of #5534 #5551 #5583 #5593 #5657 #5662 #5665 #5700 #5702 #5709 #5713 #5714)
• [14.5-stable] Simplify/remove /persist/status/zedagent/* by @eriknordmark (#5753) (backport of #5584 #5754 #5775)
• [14.5-stable] mmdbus: improve eSIM detection using EID and handle missing slot paths by @milan-zededa (#5771) (backport of #5697)
• [14.5-stable] Backport vTPM fixes by @shjala (#5797) (backport of #5398 #5591 #5838)
• [14.5-stable] downloader: fix SAS token corruption in constructDatastoreContext by @jsfakian (#5802) (backport of #5715)
• [14.5-stable] Fix regression causing potential panic in triggerPublishAllInfo by @eriknordmark (#5837) (backport of #5833)
• [14.5-stable] pkg/debug: fix COM port detection by @christoph-zededa (#5890) (backport of #5876)
• [14.5-stable] backport dockerfile consistency improvements by @christoph-zededa (#5892) (backport of #4876 #5011 #5680)
• [14.5-stable] Backport #5906 by @eriknordmark (#5911) (backport of #5906)
• [14.5-stable] kernel: update kernel commits to patch CVE-2026-31431 by @shjala (#5940)
• [14.5-stable] device-steps: disable mdev hotplug by @christoph-zededa (#5944) (backport of #5924)

Full Changelog: 14.5.3-lts...14.5.4-rc1