Juju 4.0.12ΒΆ
ποΈ 28 Jun 2026
This is a bug fix release for Juju 4.0, covering changes from 4.0.11 to
4.0.12.
π― HighlightsΒΆ
Migration and upgrade paths are more predictable: fixes cover migration precheck authentication, external controller data, missing subnets, storage directives, ModelUpgrader compatibility, and upgrade-controller workflows.
Secret handling is more consistent under hooks: secret create, update, delete, grant, revoke, and track-latest operations are now handled more atomically with hook commits.
Kubernetes, LXD, MAAS, and resource lifecycle behavior improves: fixes restore Kubernetes status and constraints, LXD space-aware container NICs, MAAS VM provisioning, OCI registry handling, and
network-getoutput.Controller and agent stability is tighter: fixes address Dqlite client closure, reboot handling, deployer startup ordering, log forwarding during upgrades, transaction retry behavior, and dependency vulnerabilities.
Full list of changes: https://github.com/juju/juju/compare/v4.0.11β¦v4.0.12
π οΈ FixesΒΆ
π Security, access, and authenticationΒΆ
This release tightens authentication and credential validation paths, improves SSH support in the snap, and updates dependencies to resolve known vulnerabilities.
π Migration, upgrade, and CMR correctnessΒΆ
Migration and upgrade fixes make the 4.0 transition path safer. Juju now
handles target authentication, unsupported same-version migrations, missing
network data, external controller addresses, storage directives, and upgrade
facade compatibility more explicitly.
feat(migration): exchange admin password for macaroon during prechecks
feat(modelmigration): wire SourceControllerInfo through domain service
refactor: wire the migration master worker with the modelmigration domain
feat(modelmigration): implement source-side domain service and state
feat(modelmigration): implement model migration domain watchers
fix: 3.6 β 4.0 migration fails due to missing subnet (JUJU-9647)
fix: ensure external controller addresses are always migrated
fix: when upgrading, allow for the controller app to be missing
fix(relation): return remote-app units in ApplicationRelationsInfo for non-peer relations
π Secrets and transaction consistencyΒΆ
Secret operations triggered by hooks are now better aligned with the
CommitHookChanges transaction. The fixes reduce partial-update states for
secret deletion, grant, revoke, tracking, update, and backend reference
handling.
feat(uniter): move secret deletions into CommitHookChanges transaction
JUJU-9033: Move secret grant/revoke into CommitHookChanges txn
feat(uniter): move track-latest-secret into CommitHookChanges transaction
feat: move secret updates into CommitHookChanges transaction
fix: correct JOIN condition in secret content deletion queries
fix(unitstate): prevent panic when charm state is empty at commit time
ποΈ Kubernetes, LXD, MAAS, networking, and resourcesΒΆ
Provider and resource fixes improve day-2 behavior for Kubernetes applications, LXD containers, MAAS-provisioned VMs, OCI-backed charm resources, and hook-tool network output.
fix: change how k8s unit churn is detected to avoid incorrect status
fix(lxd): resolve container NIC bridges from ProviderNetworkId so space subnets are attached again
feat(maas): support explicit VM provisioning via virtual-machine virt-type
fix: do not drop root disk constraints when custom networking
π§± Controller, API, worker, and observability stabilityΒΆ
Controller and agent paths handle more edge cases without leaking clients, restarting unnecessarily, blocking upgrades, or losing operational visibility. The fixes also improve metrics, status history, schema performance, and workflow reliability.
fix(deployer): gate deployer on controlleragentconfig socket readiness
fix: use errors.Is to detect reboot/shutdown sentinels in machine agent
fix: guard against cloud init overwriting agent.conf on reboot
fix(externalcontrollerupdater): close watcher client on shutdown race
fix(unmanaged): implement Schema() to satisfy ModelConfigProvider interface
π SummaryΒΆ
4.0.12 is a broad reliability patch release. It strengthens migration and
upgrade behavior, makes hook-driven secret changes more atomic, improves
Kubernetes, LXD, MAAS, networking, and resource workflows, and hardens
controller, worker, authentication, and dependency paths found after 4.0.11.