LXD 5.21.5 release notes

This is a LTS release and is recommended for production use.

Release notes content

These release notes cover updates in the core LXD repository and the LXD snap package.

This is a maintenance release for the 5.21 LTS series. It backports a number of new features, storage and networking improvements, security hardening, and bug fixes from the main development branch.

Highlights

This section highlights new and improved features in this release.

HPE Alletra storage driver

A new alletra storage driver has been added for the consumption of storage volumes from an HPE Alletra storage array. The driver supports both iSCSI and NVMe/TCP connections, including volume resize and multipath handling.

OVN internal load balancers and network forwards

Support for internal OVN load balancers and network forwards has been introduced. This allows ovn networks to define ports on internal IP addresses that can be forwarded to other internal IPs within their networks, removing the previous limitation that load balancers and network forwards could only forward from external IP addresses.

OVN DHCP ranges

Support for the ipv4.dhcp.ranges configuration key has been added for ovn networks, allowing a list of IPv4 ranges to be reserved for dynamic allocation using DHCP.

OVN NIC acceleration parent

Support has been added for specifying the OVN NIC acceleration physical function interfaces from which to allocate virtual functions. This avoids the need to add physical function interfaces to the OVN integration bridge.

Forced project deletion

Support has been added for force deleting projects together with their entities (instances, profiles, images, networks, network ACLs, network zones, storage volumes, and storage buckets) by setting the force query parameter on DELETE /1.0/projects/{name} requests.

Importing custom volumes from tarballs

A new tar option has been added for the --type parameter in the POST /1.0/storage-pools/{poolName}/volumes/{type} API call.

Persistent VM PCIe bus allocations

Support has been added for persistently recording VM PCIe bus allocations in volatile.<name>.bus configuration keys, improving the stability of device addressing across VM restarts.

Operation requestor information

A new requestor field has been added to operations, which contains information about the caller that initiated the operation.

Disk usage in resources

A used_by field has been added to disks returned by the resources endpoint to indicate their use by any virtual parent device, for example bcache.

Bug fixes

The following bug fixes are included in this release.

Backwards-incompatible changes

These changes are not compatible with older versions of LXD or its clients.

Minimum system requirement changes

The minimum supported version of some components has changed:

Stricter validation and tightened permissions

Several inputs are now validated more strictly, and some permissions have been tightened as part of security hardening backports. Requests that previously succeeded with malformed or unexpected values may now be rejected:

  • Stricter certificate fingerprint validation.

  • Stricter checks for low-level (raw.*) configuration options.

  • Improved certificate edit validation.

  • Tightened storage pool permissions.

  • Validation of struct slices and config during import.

Updated minimum Go version

If you are building LXD from source instead of using a package manager, the minimum version of Go required to build LXD is now 1.26.4 (previously 1.24.5).

Snap packaging changes

  • Transitioned the snap base from core22 to core24.

  • Several bundled components are now staged from the Ubuntu archive or built from Ubuntu source packages instead of being built from upstream Git, reducing build complexity. This includes Open vSwitch, OVN, swtpm, virtiofsd, and squashfs-tools-ng.

  • QEMU is now built from the Ubuntu source package (8.2.2+ds-0ubuntu1.17) instead of upstream Git.

  • EDK2/OVMF is now built from the Ubuntu source package (2024.02-2ubuntu0.8) instead of upstream Git.

  • SPICE is now built from the Ubuntu source package (0.15.1-1build2) instead of upstream Git.

  • Enabled LXCFS per-container process tracking (snap set lxd lxcfs.pidfd=true) by default.

  • dqlite bumped to v1.17.3.

  • LXC bumped to v6.0.6.

  • LXCFS bumped to v6.0.6.

  • LXCFS: Reverted partial backport of PSI functionality that prevented host machine suspend (#17983).

  • libnvidia-container bumped to v1.19.0.

  • NVIDIA container toolkit bumped to v1.19.0.

  • ZFS 2.2 bumped to 2.2.10.

  • ZFS 2.3 bumped to 2.3.8.

  • ZFS 2.4 bumped to 2.4.3.

Change log

View the complete list of all changes in this release.

Downloads

The source tarballs and binary clients can be found on our download page.

Binary packages are also available for:

  • Linux: snap install lxd --channel=5.21/stable

  • MacOS client: brew install lxc

  • Windows client: choco install lxc