Version 1.95.0 of the Rust language has been released. Changes include the addition of a cfg_select! macro, the capability to use if let guards to allow conditionals based on pattern matching, and many newly stabilized APIs. See the release notes for a full list of changes.

Version 15.0 of the Forgejo code-collaboration platform has been released. Changes include repository-specific access tokens, a number of improvements to Forgejo Actions, user-interface enhancements, and more. Forgejo 15.0 is considered a long-term-support (LTS) release, and will be supported through July 15, 2027. The previous LTS, version 11.0, will reach end of life on July 16, 2026. See the announcement and release notes for a full list of changes.

Version 26.04 of the KDE Gear collection of applications has been released. Notable changes include improvements in the Merkuro Calendar schedule view and event editor, support for threads in the NeoChat Matrix chat client, as well as the ability to add keyboard shortcuts in the Dolphin file manager "to nearly any option in any menu, plugin or extension". See the changelog for a full list of updates, enhancements, and bug fixes.

OnlyOffice CEO Lev Bannov has recently claimed that the Euro-Office fork of the OnlyOffice suite violates the GNU Affero General Public License version 3 (AGPLv3). Krzysztof Siewicz of the Free Software Foundation (FSF) has published an article on the FSF's position on adding terms to the AGPLv3. In short, Siewicz concludes that OnlyOffice has added restrictions to the license that are not compatible with the AGPLv3, and those restrictions can be removed by recipients of the code.

We urge OnlyOffice to clarify the situation by making it unambiguous that OnlyOffice is licensed under the AGPLv3, and that users who already received copies of the software are allowed to remove any further restrictions. Additionally, if they intend to continue to use the AGPLv3 for future releases, they should state clearly that the program is licensed under the AGPLv3 and make sure they remove any further restrictions from their program documentation and source code. Confusing users by attaching further restrictions to any of the FSF's family of GNU General Public Licenses is not in line with free software.

The Zig project has announced version 0.16.0 of the Zig programming language.

This release features 8 months of work: changes from 244 different contributors, spread among 1183 commits.

Perhaps most notably, this release debuts I/O as an Interface, but don't sleep on the Language Changes or enhancements to the Compiler, Build System, Linker, Fuzzer, and Toolchain which are also included in this release.

LWN last covered Zig in December 2025.

Part of the "fun" that comes with curating a self-hosted music library is tagging music so that it has accurate and uniform metadata, such as the band names, album titles, cover images, and so on. This can be a tedious endeavor, but there are quite a few open-source tools to make this process easier. One of the best, or at least my favorite, is MusicBrainz Picard. It is a cross-platform music-tagging application that pulls information from the well-curated, crowdsourced MusicBrainz database project and writes it to almost any audio file format.

The Servo project has announced the first release of servo as a crate for use as a library.

As you can see from the version number, this release is not a 1.0 release. In fact, we still haven't finished discussing what 1.0 means for Servo. Nevertheless, the increased version number reflects our growing confidence in Servo's embedding API and its ability to meet some users' needs.

In the meantime we also decided to offer a long-term support (LTS) version of Servo, since breaking changes in the regular monthly releases are expected and some embedders might prefer doing major upgrades on a scheduled half-yearly basis while still receiving security updates and (hopefully!) some migration guides. For more details on the LTS release, see the respective section in the Servo book.

The Free Software Foundation has published a short article on relicensing versus license compatibility.

The FSF's Licensing and Compliance Lab receives many questions and license violation reports related to projects that had their license changed by a downstream distributor, or that are combined from two or more programs under different licenses. We collaborated with Yoni Rabkin, an experienced and long time FSF licensing volunteer, on an updated version of his article to provide the free software community with a general explanation on how the GNU General Public License (GNU GPL) is intended to work in such situations.

• Front: TPM attacks; arithmetic overflow protection; Ubuntu GRUB changes; kernel IPC proposals; fre:ac; Scuttlebutt.
• Briefs: Nix vulnerability; OpenSSH 10.3; Sashiko reviews; FreeBSD testing; Gentoo GNU/Hurd; SFC on router ban; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

It has been a little while since LWN last surveyed tools for managing a digital music collection. In the intervening decades, many Linux users have moved on to music streaming services, found them wanting, and are looking to curate their own collection once again. There are plenty of choices when it comes to ripping, managing, and playing digital audio; so many, in fact, that it can be a bit daunting. After years of tinkering, I've found a few tools that work well for managing my digital library: the first I'd like to cover is the fre:ac free audio encoder for ripping music from CDs and converting between audio formats.

The NixOS project has announced a critical vulnerability in many versions of the Nix package manager's daemon. The flaw was introduced as part of a fix for a prior vulnerability in 2024. According to the advisory, all default configurations of NixOS and systems building untrusted derivations are impacted.

A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds (typically the Nix daemon running as root in multi-user installations) by following symlinks during fixed-output derivation output registration. This affects sandboxed Linux builds - sandboxed macOS builds are unaffected. The location of the temporary output used for the output copy was located inside the build chroot. A symlink, pointing to an arbitrary location in the filesystem, could be created by the derivation builder at that path. During output registration, the Nix process (running in the host mount namespace) would follow that symlink and overwrite the destination with the derivation's output contents.

In multi-user installations, this allows all users able to submit builds to the Nix daemon (allowed-users - defaulting to all users) to gain root privileges by modifying sensitive files.