LXD 4.0.11 release notes¶
This is a LTS release and is recommended for production use.
Release notes content
These release notes cover updates in the core LXD repository and the LXD snap package.
Highlights¶
Ubuntu Pro detection¶
LXD now detects whether the host system is attached to Ubuntu Pro and advertises this as a feature in the user agent string. This allows LXD to expose Pro-specific capabilities when running on a Pro-attached host.
Bug fixes¶
The following bug fixes are included in this release.
Arbitrary file write on host via exec-outputsymlink in crafted image (CVE-2026-48750)Arbitrary file read+write on host via templates/ symlink in malicious image (CVE-2026-48752) Arbitrary file read+write on host via rootfs/ symlink in malicious image (CVE-2026-48749) Argument injection in backup compression algorithm leading to AFW and ACE (CVE-2026-48755) Arbitrary file write on client due to trusted image hash (CVE-2026-48769) Panic when importing backup configs that contain nil slices (CVE-2026-40197) Template sandbox escapes and crash risks in pongo2 rendering (CVE-2026-33897) Overly permissive storage pool volume directory permissions expose instance data (CVE-2025-64507) Potential shell expansion in LXC hook arguments due to incorrect quoting Improve validation when editing certificates to reject invalid or inconsistent configurations Fail fast when an unsupported compression algorithm is specified for backup or image operations Fix panics when importing backups with missing or invalid configuration data Fix AppArmor rules for unprivileged containers to allow devpts, procfs, and sysfs mounts
Backwards-incompatible changes¶
These changes are not compatible with older versions of LXD or its clients.
Minimum system requirement changes¶
The minimum supported version of some components has changed:
The minimum required version of Go to build LXD is now 1.18 (see Updated minimum Go version).
Updated minimum Go version¶
If you are building LXD from source instead of using a package manager, the minimum version of Go required to build LXD is now 1.18.
Change log¶
Downloads¶
The source tarballs and binary clients can be found on our download page.
Binary packages are also available for:
Linux:
snap install lxd --channel=4.0/stableMacOS client:
brew install lxcWindows client:
choco install lxc