Greg Kroah-Hartman has announced the release of the 5.4.302 stable kernel:
This is the LAST 5.4.y release. It is now end-of-life and should not be used by anyone, anymore. As of this point in time, there are 1539 documented unfixed CVEs for this kernel branch, and that number will only increase over time as more CVEs get assigned for kernel bugs.
For the curious, Kroah-Hartman has also provided a list of the unfixed CVEs for 5.4.302.
Let's Encrypt has announced that it will be reducing the validity period of its certificates from 90 days to 45 days by 2028:
Most users of Let's Encrypt who automatically issue certificates will not have to make any changes. However, you should verify that your automation is compatible with certificates that have shorter validity periods.
To ensure your ACME client renews on time, we recommend using ACME Renewal Information (ARI). ARI is a feature we've introduced to help clients know when they need to renew their certificates. Consult your ACME client's documentation on how to enable ARI, as it differs from client to client. If you are a client developer, check out this integration guide.
If your client doesn't support ARI yet, ensure it runs on a schedule that is compatible with 45-day certificates. For example, renewing at a hardcoded interval of 60 days will no longer be sufficient. Acceptable behavior includes renewing certificates at approximately two thirds of the way through the current certificate's lifetime.
Manually renewing certificates is not recommended, as it will need to be done more frequently with shorter certificate lifetimes.
FreeBSD 15.0 has been released. Notable changes in this release include a new method for installing the base system using the pkg package manager, an update to OpenZFS 2.4.0-rc4, native support for the inotify(2) interface, and the addition of Open Container Initiative (OCI) images to FreeBSD's release artifacts. See the release notes for a full list of changes, hardware notes for supported hardware, and check the errata before installing or upgrading.
The designers of the Zig programming language have been working to find a suitable design for asynchronous code for some time. Zig is a carefully minimalist language, and its initial design for asynchronous I/O did not fit well with its other features. Now, the project has announced (in a Zig SHOWTIME video) a new approach to asynchronous I/O that promises to solve the function coloring problem, and allows writing code that will execute correctly using either synchronous or asynchronous I/O.
So I'll have to admit that I'd have been happier with slightly less bugfixing noise in this last week of the release, but while there's a few more fixes than I would hope for, there was nothing that made me feel like this needs more time to cook. So 6.18 is tagged and pushed out.
Headline changes in this release include the ability to manage namespaces with file handles, support for the AccECN congestion-control protocol, initial support for signing of BPF programs, improved memory management with sheaves, the Rust binder driver, better control over transparent huge pages, and a lot more. This release also saw the removal of the bcachefs filesystem.
See the LWN merge-window summaries (part 1, part 2) and the KernelNewbies 6.18 page for more information.
The 25.11 release was made possible due to the efforts of 2742 contributors, who authored 59430 commits since the previous release". Changes include 7,002 new packages, GNOME 49, LLVM 21, a new COSMIC desktop environment beta, firewalld support, and more; see the release notes for details.
Landlock shines when an application has a predictable set of files or directories it needs. For example, a web server could restrict itself to accessing only /var/www/html and /tmp.Unlike SELinux or AppArmor, Landlock policies don't require administrator involvement or system-wide configuration. Developers can embed policies directly in application code, making sandboxing a natural part of the development process.
KDE's Plasma team has announced that KDE Plasma will drop X11 session support with Plasma 6.8:
The Plasma X11 session will be supported by KDE into early 2027.
We cannot provide a specific date, as we're exploring the possibility of shipping some extra bug-fix releases for Plasma 6.7. The exact timing of the last one will only be known when we get closer to its actual release, which we expect will be sometime in early 2027.
What if I still really need X11?
This is a perfect use case for long term support (LTS) distributions shipping older versions of Plasma. For example, AlmaLinux 9 includes the Plasma X11 session and will be supported until sometime in 2032.
See the blog post for information on running X11 applications (still supported), accessibility, gaming, and more.
AlmaLinux 10.1 has been released. In addition to providing binary compatibility with Red Hat Enterprise Linux (RHEL) 10.1, the most notable feature in AlmaLinux 10.1 is the addition of support for Btrfs, which is not available in RHEL:
Btrfs support encompasses both kernel and userspace enablement, and it is now possible to install AlmaLinux OS on a Btrfs filesystem from the very beginning. Initial enablement was scoped to the installer and storage management stack, and broader support within the AlmaLinux software collection for Btrfs features is forthcoming.
In addition to Btrfs support, AlmaLinux OS 10.1 includes numerous other improvements to serve our community. We have continued to extend hardware support both by adding drivers and by adding a secondary version of AlmaLinux OS and EPEL to extend support of x86_64_v2 processors.
See the release notes for a full list of changes.
It is rarely newsworthy when a project or package picks up a new dependency. However, changes in a core tool like Debian's Advanced Package Tool (APT) can have far-reaching effects. For example, Julian Andres Klode's declaration that APT would require Rust in May 2026 means that a few of Debian's unofficial ports must either acquire a working Rust toolchain or depend on an old version of APT. This has raised several questions within the project, particularly about the ability of a single maintainer to make changes that have widespread impact.
Connexion