16.0.1-rc5

Release 16.0.1-rc5

14.5.4-lts

What's changed

• [14.5-stable] Fix device config props handling in maybeRetryBoot. by @OhmSpectator (#5537) (backport of #5533)
• [14.5-stable] Configure USB priority in VM boot order by @OhmSpectator (#5546) (backport of #5507)
• [14.5-stable] Fix QMP flooding on VM restart. by @OhmSpectator (#5563) (backport of #5548)
• [14.5-stable] Fix IPv4-only mode for static IPv4 configuration by @milan-zededa (#5567) (backport of #5565)
• [14.5-stable] Load TLS root CA directly from /config instead of /persist/certs by @shjala (#5579) (backport of #5553)
• [14.5-stable] pillar: make URL joins use url.JoinPath by @europaul (#5595) (backport of #5588)
• [14.5-stable] pkg/grub: get source from git instead of tar.gz by @europaul (#5597) (backport of #5589)
• [14.5-stable] Get go from go.dev instead of alpine's edge/community mirror by @europaul (#5602) (backport of #5184)
• [14.5-stable] Get go from go.dev instead of alpine's edge/community mirror - part 2 by @europaul (#5616)
• [14.5-stable] SR-IOV: Fix API logic and add I350 NIC support by @uncleDecart (#5633) (backport of #5604)
• [14.5-stable] pkg/storage-init: Fix CONFIG partition tmpfs size by @rene (#5674) (backport of #5668)
• [14.5-stable] readthedocs.yaml: Bump Ubuntu and Python versions by @rene (#5722) (backport of #5718)
• [14.5-stable] Backport CI improvements by @europaul (#5726) (backport of #5534 #5551 #5583 #5593 #5657 #5662 #5665 #5700 #5702 #5709 #5713 #5714)
• [14.5-stable] Simplify/remove /persist/status/zedagent/* by @eriknordmark (#5753) (backport of #5584 #5754 #5775)
• [14.5-stable] mmdbus: improve eSIM detection using EID and handle missing slot paths by @milan-zededa (#5771) (backport of #5697)
• [14.5-stable] Backport vTPM fixes by @shjala (#5797) (backport of #5398 #5591 #5838)
• [14.5-stable] downloader: fix SAS token corruption in constructDatastoreContext by @jsfakian (#5802) (backport of #5715)
• [14.5-stable] Fix regression causing potential panic in triggerPublishAllInfo by @eriknordmark (#5837) (backport of #5833)
• [14.5-stable] pkg/debug: fix COM port detection by @christoph-zededa (#5890) (backport of #5876)
• [14.5-stable] backport dockerfile consistency improvements by @christoph-zededa (#5892) (backport of #4876 #5011 #5680)
• [14.5-stable] Backport #5906 by @eriknordmark (#5911) (backport of #5906)
• [14.5-stable] kernel: update kernel commits to patch CVE-2026-31431 by @shjala (#5940)
• [14.5-stable] device-steps: disable mdev hotplug by @christoph-zededa (#5944) (backport of #5924)
• [14.5-stable] upgrade dnsmasq by @christoph-zededa (#5985) (backport of #5948)
• [14.5-stable] newlog: sanitize non-Latin-1 chars in gzip header by @eriknordmark (#5987) (backport of #5977)
• [14.5-stable] assets.yml: harden release-asset publishing by @europaul (#6006)

Full Changelog: 14.5.3-lts...14.5.4-lts

16.0.1-rc4

What's changed

• [16.0-stable] upgrade dnsmasq by @christoph-zededa (#5984) (backport of #5948)
• [16.0-stable] newlog: sanitize non-Latin-1 chars in gzip header by @eriknordmark (#5986) (backport of #5977)
• [16.0-stable] vtpm: fix unseal failure when SHA256 PCR bank is disabled by @shjala (#6002) (backport of #5975)

Full Changelog: 16.0.1-rc3...16.0.1-rc4

14.5.4-rc2

What's changed

• [14.5-stable] upgrade dnsmasq by @christoph-zededa (#5985) (backport of #5948)
• [14.5-stable] newlog: sanitize non-Latin-1 chars in gzip header by @eriknordmark (#5987) (backport of #5977)

Full Changelog: 14.5.4-rc1...14.5.4-rc2

17.0.0-rc1

What's Changed

• build(deps): bump gitpython from 3.1.49 to 3.1.50 in /tools/check-commit-messages by @dependabot[bot] in #5931
• build(deps): bump github.com/in-toto/in-toto-golang from 0.10.0 to 0.11.0 in /tools/dockerfile-from-checker by @dependabot[bot] in #5929
• build(deps): bump github.com/in-toto/in-toto-golang from 0.9.0 to 0.11.0 in /tools/get-deps by @dependabot[bot] in #5930
• build(deps): bump github.com/in-toto/in-toto-golang from 0.9.0 to 0.11.0 in /eve-tools/bpftrace-compiler by @dependabot[bot] in #5928
• kube: clean up stale etcd masterleases after single-to-cluster transition by @naiming-zededa in #5927
• device-steps: disable mdev hotplug by @christoph-zededa in #5924
• LPS Network Endpoint Enhancements and Signaling by @milan-zededa in #5904
• eve-k: fix pillar 'make test' for macOS M-series (ZARCH=arm64 HV=k) by @andrewd-zededa in #5846
• bond: Enable active ARP validation to prevent cross-node interference by @milan-zededa in #5939
• pillar: emit coverage for short-lived agents by @eriknordmark in #5937
• pkg/eve: Fix image sizes for evaluation variant and bump live to 16GB by @rene in #5932
• scepclient: clean up obsolete enrolled certs on boot by @milan-zededa in #5942
• msrv: fix OpenStack metadata routing by @eriknordmark in #5925
• remove uncleDecart from CODEOWNERS by @uncleDecart in #5952
• Intel iGPU passthrough support for KVM with UEFI by @rucoder in #5686
• baseosmgr: clean up orphan BaseOsStatus on ContentTreeStatus delete by @eriknordmark in #5951
• pkg/fw: Add .pnvm firmware file for Intel AX210 by @rene in #5945
• github/workflows: add Claude automated PR review workflow by @rene in #5917
• docs(config-properties): correct debug.enable.{usb,vga,console} defaults by @mvanhorn in #5935
• PNAC: fix DHCP reacquire being lost on concurrent DPC update by @milan-zededa in #5947
• feat(zedkube): configurable VMI descheduler for failback by @andrewd-zededa in #5885
• tests/eden: pin coverage runs to eden master by @eriknordmark in #5959
• client: drop unused /config fallback by @eriknordmark in #5954
• Fix SBOM: Add missing packages by @shjala in #5961
• Bump rootfs partition size from 4GB to 10GB by @rene in #5973
• zedkube: prune stale master nodes from EdgeNodeCluster config by @naiming-zededa in #5974
• GHA: add arm64 kubevirt and nvidia-jp7 build/publish coverage by @europaul in #5907
• dnsmasq: update to use alpine dnsmasq by @christoph-zededa in #5948
• newlog: sanitize non-Latin-1 chars in gzip header by @eriknordmark in #5977
• grub: disable PCIe ACS override for EVE-K boot by @rucoder in #5969
• zedagent: report size of EFI and IMGx partitions by @eriknordmark in #5976
• eve-k: kube/longhorn: tune replica rebuild, add snapshot management, fix replica/PVC size reporting by @andrewd-zededa in #5955

New Contributors

• @mvanhorn made their first contribution in #5935

Full Changelog: 16.14.0...17.0.0-rc1

16.0.1-rc3

What's changed?

• [16.0-stable] HW inventory fixes by @christoph-zededa (#5888) (backport of #5861)
• [16.0-stable] pkg/debug: fix COM port detection by @christoph-zededa (#5889) (backport of #5876)
• [16.0-stable] Backport #5906 by @eriknordmark (#5910) (backport of #5906)
• [16.0-stable] kernel: update kernel commits to patch CVE-2026-31431 by @shjala (#5918)
• [16.0-stable] Backport vTPM fixes by @shjala (#5919) (backport of #5838)
• [16.0-stable] Force bonds/vlans re-parsing when lower layer changes by @milan-zededa (#5941) (backport of #5902)
• [16.0-stable] device-steps: disable mdev hotplug by @christoph-zededa (#5943) (backport of #5924)
• [16.0-stable] bond: Enable active ARP validation to prevent cross-node interference by @milan-zededa (#5949) (backport of #5939)
• [16.0-stable] LPS Network Endpoint Enhancements and Signaling by @milan-zededa (#5953) (backport of #5904)
• [16.0-stable] pkg/fw: Add .pnvm firmware file for Intel AX210 by @rene (#5968) (backport of #5945)
• [16.0-stable] Makefile: Build eve-fw generic variant for evaluation platform by @europaul (#5972) (backport of #5785)

Full Changelog: 16.0.1-rc2...16.0.1-rc3

14.5.4-rc1

What's changed?

• [14.5-stable] Fix device config props handling in maybeRetryBoot. by @OhmSpectator (#5537) (backport of #5533)
• [14.5-stable] Configure USB priority in VM boot order by @OhmSpectator (#5546) (backport of #5507)
• [14.5-stable] Fix QMP flooding on VM restart. by @OhmSpectator (#5563) (backport of #5548)
• [14.5-stable] Fix IPv4-only mode for static IPv4 configuration by @milan-zededa (#5567) (backport of #5565)
• [14.5-stable] Load TLS root CA directly from /config instead of /persist/certs by @shjala (#5579) (backport of #5553)
• [14.5-stable] pillar: make URL joins use url.JoinPath by @europaul (#5595) (backport of #5588)
• [14.5-stable] pkg/grub: get source from git instead of tar.gz by @europaul (#5597) (backport of #5589)
• [14.5-stable] Get go from go.dev instead of alpine's edge/community mirror by @europaul (#5602) (backport of #5184)
• [14.5-stable] Get go from go.dev instead of alpine's edge/community mirror - part 2 by @europaul (#5616)
• [14.5-stable] SR-IOV: Fix API logic and add I350 NIC support by @uncleDecart (#5633) (backport of #5604)
• [14.5-stable] pkg/storage-init: Fix CONFIG partition tmpfs size by @rene (#5674) (backport of #5668)
• [14.5-stable] readthedocs.yaml: Bump Ubuntu and Python versions by @rene (#5722) (backport of #5718)
• [14.5-stable] Backport CI improvements by @europaul (#5726) (backport of #5534 #5551 #5583 #5593 #5657 #5662 #5665 #5700 #5702 #5709 #5713 #5714)
• [14.5-stable] Simplify/remove /persist/status/zedagent/* by @eriknordmark (#5753) (backport of #5584 #5754 #5775)
• [14.5-stable] mmdbus: improve eSIM detection using EID and handle missing slot paths by @milan-zededa (#5771) (backport of #5697)
• [14.5-stable] Backport vTPM fixes by @shjala (#5797) (backport of #5398 #5591 #5838)
• [14.5-stable] downloader: fix SAS token corruption in constructDatastoreContext by @jsfakian (#5802) (backport of #5715)
• [14.5-stable] Fix regression causing potential panic in triggerPublishAllInfo by @eriknordmark (#5837) (backport of #5833)
• [14.5-stable] pkg/debug: fix COM port detection by @christoph-zededa (#5890) (backport of #5876)
• [14.5-stable] backport dockerfile consistency improvements by @christoph-zededa (#5892) (backport of #4876 #5011 #5680)
• [14.5-stable] Backport #5906 by @eriknordmark (#5911) (backport of #5906)
• [14.5-stable] kernel: update kernel commits to patch CVE-2026-31431 by @shjala (#5940)
• [14.5-stable] device-steps: disable mdev hotplug by @christoph-zededa (#5944) (backport of #5924)

Full Changelog: 14.5.3-lts...14.5.4-rc1

16.14.0

What's changed?

• zedkube/dpcmanager: detect LB CIDR conflicts and fix VIP filtering by @naiming-zededa (#5827)
• kube: restart standalone containerd if it dies by @mrangana (#5864)
• kube: fix cluster-init stuck loop after basek3s conversion by @naiming-zededa (#5869)
• github/workflows: Add codecov to publish workflow by @rene (#5871)
• zedkube/edgeview: fix stale vmiVNC.run blocking new VNC sessions by @naiming-zededa (#5875)
• build(deps): bump go.opentelemetry.io/otel from 1.40.0 to 1.41.0 in /pkg/wwan/mmagent by @dependabot[bot] (#5881)
• pillar: tear down VMIRS on purge and restart in eve-k by @naiming-zededa (#5882)
• Makefile: Signing-Off setting server to prod commit by @rene (#5883)
• pkg/eve: Fix image sizes for the new partition layout by @rene (#5886)
• Pull in newest lf-edge/edge-containers by @eriknordmark (#5887)
• Kernel update - [arm64-nvidia-jp5, arm64-nvidia-jp6, arm64-generic, a… by @rucoder (https://github.com//pull/5893)
• fix(volumemgr): floor deferContentDelete ticker at 1 second by @akaouris (#5894)
• Update CODEOWNERS and MAINTAINERS.md files by @rouming (#5895)
• hypervisor/kubevirt: fix CPU metrics always reporting zero by @naiming-zededa (#5896)
• tests/types: improve unit test coverage to 83% by @eriknordmark (#5897)
• zedagent: extend docs with internals and startup sequence unit tests by @eriknordmark (#5898)
• docs: add microservice classification by @eriknordmark (#5899)
• docs: fix broken links and add inventory_win by @eriknordmark (#5900)
• Force bonds/vlans re-parsing when lower layer changes by @milan-zededa (#5902)
• pillar: bump otel/sdk to v1.41.0 by @eriknordmark (#5903)
• zedmanager: fix ENC app reporting race and ActivateInprogress stuck failback by @naiming-zededa (#5905)
• Make sure SenderStatusCertMiss is not overwritten by @eriknordmark (#5906) (backport of #5584)
• Fix CSR attribute ordering for SCEP enrollment by @milan-zededa (#5909)
• build(deps): bump gitpython from 3.1.47 to 3.1.49 in /tools/check-commit-messages by @dependabot[bot] (#5912)

Full Changelog: 16.13.0...16.14.0

16.0.1-rc2

What's changed

• [16.0-stable] Fix bond link monitoring by @milan-zededa (#5858) (backport of #5809)
• [16.0-stable] Publish bond adapter status and metrics by @milan-zededa (#5859) (backport of #5834)
• [16-0-stable] edgeview: fix wwan0 excluded from websocket interface list by @naiming-zededa (#5884) (backport of #5832)

Full Changelog: 16.0.1-rc1...16.0.1-rc2

16.13.0

What's changed?

• Remove /config/v2tlsbaseroot-certificates.pem - use root CAs from rootfs by @eriknordmark (#5561)
• Add SCEP certificate enrollment and 802.1x port-based network access control (PNAC) by @milan-zededa (#5691)
• Add salted HMAC session with AES-128-CFB parameter encryption for TPM seal/unseal by @shjala (#5711)
• installer: create EFI NVRAM boot entry for EVE-OS after installation by @rucoder (#5712)
• pkg: exclude Dockerfile from COPY in all packages by @christoph-zededa (#5732)
• Unify partition layout: 2GB (EFI) + 4GB (rootfs) by @rene (#5735)
• Move kube-save-var-lib under vault by @andrewd-zededa (#5745)
• hypervisor/kubevirt: use purge counter in VMI ReplicaSet name to fix purge collisions by @zedi-pramodh (#5748)
• pkg/pillar: fix arm64→amd64 cross-compilation for Alpine 3.22 / GCC 14 by @zedi-pramodh (#5755)
• Introduces NVIDIA Jetpack 7.1 by @rene (#5768)
• Delete cpu_manager_state file on every reboot by @zedi-pramodh (#5781)
• ci: refactor PR build into two-stage pipeline with reusable workflow by @rucoder (#5782)
• pkg/kube: symlink host-local into PATH for k3s v1.34+ compatibility by @mrangana (#5788)
• pkg/alpine: update zlib to 1.3.2-r0 from Alpine main and add efibootmanager package by @eriknordmark (#5793)
• cross-compilers: ignore pkg hash inconsistencies by @christoph-zededa (#5798)
• refactor(kubeapi): introduce WaitForKubernetesOptions to control optional waits by @andrewd-zededa (#5799)
• eve-k: fix cluster delete regression by @andrewd-zededa (#5800)
• alpine 3.22: fix bpftrace by @christoph-zededa (#5803)
• eve-k: skip pod eviction when cluster-wide simultaneous drain is detected by @andrewd-zededa (#5804)
• Fix SCEPClient after removal of EVE V1 API support by @milan-zededa (#5805)
• ci: replace build-eve reusable workflow with composite action by @eriknordmark (#5807)
• coverage: add Go basic-block coverage support for unit and E2E tests by @eriknordmark (#5808)
• Fix bond link monitoring by @milan-zededa (#5809)
• monitor: bump monitor-rs to v0.6.3 by @rucoder (#5810)
• Fix Go package cross-compilation and add parallel builds by @rucoder (#5811)
• ci: bump guyarb/golang-test-annotations to v0.9.0 by @rucoder (#5812)
• github/workflows: Fix build.yml workflow by @rene (#5813)
• ci: switch actionlint reporter to github-check by @rucoder (#5814)
• build(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1 in /pkg/pillar by @dependabot[bot] (#5815)
• zedkube: bound k8s API calls with context timeout to prevent watchdog by @naiming-zededa (#5816)
• Disable app logs and set Firmware UUID by @zedi-pramodh (#5817)
• Tune iscsid.conf for better performance by @zedi-pramodh (#5818)
• stagger k3s startup using persisted control-plane rank by @naiming-zededa (#5819)
• Fix DevicePortConfig.MostlyEqual ignoring L2 (VLAN/bond) config changes by @milan-zededa (#5820)
• pkg/uefi: upgrade EDK2 to edk2-stable202508.01 by @rucoder (#5822)
• Publish ZInfoKubeCluster for single-node eve-k deployments by @milan-zededa (#5823)
• pkg/pillar: Disable vmx for FML virtualization mode by @rene (#5824)
• bpftrace-compiler: skip nvidia kernels in tests by @christoph-zededa (#5831)
• edgeview: fix wwan0 excluded from websocket interface list by @naiming-zededa (#5832)
• Fix regression causing potential panic in triggerPublishAllInfo by @eriknordmark (#5833)
• Publish bond adapter status and metrics by @milan-zededa (#5834)
• bpftrace-compiler: Remove full path from qemu command by @rene (#5835)
• Add log rotation for swtpm by @shjala (#5838) (backport of #5796 #5797)
• Introduces the optee-client package by @rene (#5839)
• Increase the size of CONFIG partition from 1MB to 5MB by @rene (#5840)
• eve-k: set Longhorn node disk reserved space via global config by @andrewd-zededa (#5841)
• vtpm,vector: fix cross-compilation and runtime issues by @rucoder (#5842)
• installer: Add option to skip device certificate generation by @rene (#5843)
• pkg/storage-init: Copy fTPM provision data by @rene (#5844)
• Fix SCEP CA trust anchor certs being silently skipped by @milan-zededa (#5845)
• zedkube: fix ECDH cert missed during WaitForKubernetes blocking k3s by @naiming-zededa (#5847)
• fix yetus golangci --out-format by @christoph-zededa (#5848)
• pkg: enable riscv64 builds for vector, monitor, installer by @rucoder (#5849)
• pkg/pillar: Remove lk-build-arg-COVER (fixes broken publish workflow) by @rene (#5850)
• Fix lost NTP telemetry by @OhmSpectator (#5851)
• fix missed LonghornDiskReservedGB in global_test.go by @andrewd-zededa (#5852)
• pillar: trust cluster recovery for kubevirt apps and add stuck-Pending VMI handler by @naiming-zededa (#5853)
• Simplify Longhorn_is_ready log gate flag, tmp file not needed. by @andrewd-zededa (#5854)
• eden-trusted: use eden master for EVE master CI by @eriknordmark (#5855)
• pillar: remove executor, command, execlib, and exectypes by @eriknordmark (#5856)
• kube: move k3s-stop flag to /run/kube so reboot clears it by @mrangana (#5857)
• dpcmanager: increase PNAC DHCP reacquire timeout to avoid flaky tests by @rene (#5860)
• HW inventory fixes by @christoph-zededa (#5861)
• Make DIRSYNC for persist/vault configurable via grub option by @milan-zededa (#5862)
• build(deps): bump go.opentelemetry.io/otel from 1.40.0 to 1.41.0 in /pkg/pillar by @dependabot[bot] (#5863)
• eve-k: update to kubevirt 1.7.3 by @andrewd-zededa (#5865)
• edgeview: fix build after ServerSigningCertFileName removal by @eriknordmark (#5866)
• zedmanager: report app status from DNID when no pod in cluster by @naiming-zededa (#5867)
• build(deps): bump gitpython from 3.1.43 to 3.1.47 in /tools/check-commit-messages by @dependabot[bot] (#5868)
• github/workflows: Fix yetus workflow for large patches by @rene (#5870)
• Enable auto compact of etcd database by @zedi-pramodh (#5872)
• build(deps): bump go.opentelemetry.io/otel from 1.40.0 to 1.41.0 in /pkg/newlog by @dependabot[bot] (#5873)
• Fix the removal of edgeview singing cert file by @naiming-zededa (#5874)
• pkg/debug: fix COM port detection by @christoph-zededa (#5876)
• bpftrace-compiler: add vendoring by @christoph-zededa (#5877)
• github/workflows: Fix yetus when no patch-*-result.txt files are present by @rene (#5878)
• Install kubevirt 1.7.3 with patched env for virt-operator daemonset by @andrewd-zededa (#5879)
• Remove patch file leftover from 161360e by @rene (#5880)

Full Changelog: 16.12.0...16.13.0