Juju 4.0.12ΒΆ

πŸ—“οΈ 28 Jun 2026

This is a bug fix release for Juju 4.0, covering changes from 4.0.11 to 4.0.12.

🎯 Highlights¢

  • Migration and upgrade paths are more predictable: fixes cover migration precheck authentication, external controller data, missing subnets, storage directives, ModelUpgrader compatibility, and upgrade-controller workflows.

  • Secret handling is more consistent under hooks: secret create, update, delete, grant, revoke, and track-latest operations are now handled more atomically with hook commits.

  • Kubernetes, LXD, MAAS, and resource lifecycle behavior improves: fixes restore Kubernetes status and constraints, LXD space-aware container NICs, MAAS VM provisioning, OCI registry handling, and network-get output.

  • Controller and agent stability is tighter: fixes address Dqlite client closure, reboot handling, deployer startup ordering, log forwarding during upgrades, transaction retry behavior, and dependency vulnerabilities.

Full list of changes: https://github.com/juju/juju/compare/v4.0.11…v4.0.12

πŸ› οΈ FixesΒΆ

πŸ”’ Security, access, and authenticationΒΆ

This release tightens authentication and credential validation paths, improves SSH support in the snap, and updates dependencies to resolve known vulnerabilities.

πŸ” Migration, upgrade, and CMR correctnessΒΆ

Migration and upgrade fixes make the 4.0 transition path safer. Juju now handles target authentication, unsupported same-version migrations, missing network data, external controller addresses, storage directives, and upgrade facade compatibility more explicitly.

πŸ” Secrets and transaction consistencyΒΆ

Secret operations triggered by hooks are now better aligned with the CommitHookChanges transaction. The fixes reduce partial-update states for secret deletion, grant, revoke, tracking, update, and backend reference handling.

πŸ—ƒοΈ Kubernetes, LXD, MAAS, networking, and resourcesΒΆ

Provider and resource fixes improve day-2 behavior for Kubernetes applications, LXD containers, MAAS-provisioned VMs, OCI-backed charm resources, and hook-tool network output.

🧱 Controller, API, worker, and observability stability¢

Controller and agent paths handle more edge cases without leaking clients, restarting unnecessarily, blocking upgrades, or losing operational visibility. The fixes also improve metrics, status history, schema performance, and workflow reliability.

πŸ“˜ SummaryΒΆ

4.0.12 is a broad reliability patch release. It strengthens migration and upgrade behavior, makes hook-driven secret changes more atomic, improves Kubernetes, LXD, MAAS, networking, and resource workflows, and hardens controller, worker, authentication, and dependency paths found after 4.0.11.