The Fedora Project has announced the release of Fedora Linux 43, with "what's new" articles for Fedora Workstation, Fedora KDE Plasma Desktop, and Fedora Atomic Desktops.

For those of you installing fresh Fedora Linux 43 Spins, you may be greeted with the new Anaconda WebUI. This was the default installer interface for Fedora Workstation 42, and now it's the default installer UI for the Spins as well.

If you are a GNOME desktop user, you'll also notice that the GNOME is now Wayland-only in Fedora Linux 43. GNOME upstream has deprecated X11 support, and has disabled it as a compile time default in GNOME 49. Upstream GNOME plans to fully remove X11 support in GNOME 50.

See the release notes for a full list of changes in Fedora 43.

Security updates have been issued by AlmaLinux (kernel, kernel-rt, libtiff, squid:4, and thunderbird), Debian (strongswan and webkit2gtk), Fedora (pcre2, qt5-qtbase, squid, unbound, and xen), Mageia (icu and libtpms), Oracle (java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, kernel, squid:4, and thunderbird), Red Hat (libtiff, squid, squid:4, and webkit2gtk3), SUSE (cmake, dracut-saltboot, erlang, exim, expat, ffmpeg-4, firefox, golang-github-prometheus-alertmanager, haproxy, java-11-openjdk, kernel, libxslt, multi-linux-manager, openssl-3, podman, rabbitmq-server, spacewalk-web, strongswan, and wireshark), and Ubuntu (gst-plugins-good1.0, linux-aws-5.15, radare2, ruby2.3, ruby2.5, ruby2.7, and strongswan).

Version 0.3.0 of Rust Coreutils, part of the uutils project, has been released. This release adds safe directory traversal for several utilities, better error handling, and performance improvements. The project has upgraded its test suite reference from GNU coreutils 9.7 to 9.8, and added 16 new tests. It includes a fix for the date bug that affected automatic updates in Ubuntu 25.10.

Security updates have been issued by Debian (intel-microcode, openjdk-11, openjdk-17, openjdk-21, python-pip, request-tracker4, thunderbird, and tika), Fedora (cef, chromium, complyctl, cri-o1.31, cri-o1.32, cri-o1.33, cri-o1.34, docker-buildkit, docker-buildx, dovecot, fetchmail, gi-docgen, golang-github-facebook-time, insight, mbedtls, mingw-binutils, mingw-python3, mingw-qt5-qtsvg, mingw-qt6-qtsvg, moodle, openssl, perl-YAML-Syck, podman-tui, python-socketio, python-sqlparse, python3.10, python3.11, python3.12, python3.9, qt5-qtsvg, runc, samba, squid, sssd, suricata, valkey, wireshark, wordpress, and yarnpkg), Red Hat (libssh), SUSE (aaa_base, afterburn, bind, chromedriver, chrony, firefox, git, govulncheck-vulndb, grub2, ImageMagick, java-11-openjdk, java-17-openjdk, kernel, libssh, libunbound8, libxslt, micropython, mozilla-nss, netty, open-vm-tools, openbao, p7zip, podman, poppler, python-python-socketio, python-urllib3, ruby2.5, rust-keylime, vim, wireshark, and xen), and Ubuntu (linux-aws-6.14).

Version 3.26.0 of the Valgrind memory-profiling and debugging framework has been released. Notable changes include updated support for the Linux Test Project (LTP) to version v20250930, many new Linux syscall wrappers, and the license for Valgrind has been changed from GPLv2 to GPLv3.

Open-source foundations and projects that have charity status in the US may want to see if GoFundMe has created a profile for them without permission. The company has operated since 2010 as a self-service fundraising platform; individuals or groups could create pages to raise money for all manner of causes. In June, the company announced that it would expand its offerings to "manage all aspects of charitable giving" for users through its platform. That seems to include creating profiles for nonprofit organizations without their involvement. After pushback, the company said on October 23 that it would be removing the pages. It has not answered more fundamental questions about how it planned to disburse funds to nonprofits that had no awareness of the GoFundMe pages in the first place.

The Ubuntu Project has announced that a bug in the Rust-based uutils version of the date command shipped with Ubuntu 25.10 broke automatic updates:

Some Ubuntu 25.10 systems have been unable to automatically check for available software updates. Affected machines include cloud deployments, container images, Ubuntu Desktop and Ubuntu Server installs.

The announcement includes remediation instructions for those affected by the bug. Systems with the rust-coreutils package version 0.2.2-0ubuntu2 or earlier have the bug, it is fixed in 0.2.2-0ubuntu2.1 or later. It does not impact manual updates using the apt command or other utilities.

Ubuntu embarked on a project to "oxidize" the distribution by switching to uutils and sudo-rs for the 25.10 release, and to see if the Rust-based utilities would be suitable for the long-term-release slated for next April. LWN covered that project in March.

Greg Kroah-Hartman has released the 6.17.5, 6.12.55, and 6.6.114 stable kernels. As usual, each contains important fixes throughout the tree; users are advised to upgrade.

The AlmaLinux project has announced that the upcoming 10.1 release will include support for Btrfs:

Btrfs support encompasses both kernel and userspace enablement, and it is now possible to install AlmaLinux OS with a Btrfs filesystem from the very beginning. Initial enablement was scoped to the installer and storage management stack, and broader support within the AlmaLinux software collection for Btrfs features is forthcoming.

Btrfs support in AlmaLinux OS did not happen in isolation. This was proposed and scoped in RFC 0005, and has been built upon prior efforts by the Fedora Btrfs SIG in Fedora Linux and the CentOS Hyperscale SIG in CentOS Stream.

AlmaLinux OS is designed to be binary compatible with Red Hat Enterprise Linux (RHEL); Btrfs, however, has never been supported in RHEL. A technology preview of Btrfs in RHEL 6 and 7 ended with the filesystem being dropped from RHEL 8 and onward. AlmaLinux OS 10.1 is currently in beta.

Security updates have been issued by AlmaLinux (ipa, kernel, and thunderbird), Debian (gdk-pixbuf, gegl, gimp, intel-microcode, raptor2, request-tracker4, and request-tracker5), Fedora (samba and wireshark), Mageia (haproxy, nginx, openssl, and python-django), Oracle (kernel and thunderbird), Red Hat (redis and redis:7), Slackware (bind), SUSE (aws-cli, local-npm-registry, python-boto3, python- botocore, python-coverage, python-flaky, python-pluggy, python-pytest, python- pytest-cov, python-pytest-html, python-pytest-metada, cargo-audit-advisory-db-20251021, fetchmail, git-bug, ImageMagick, istioctl, kernel, krb5, libsoup, libxslt, python-Authlib, and sccache), and Ubuntu (bind9, linux, linux-aws, linux-azure, linux-azure-6.8, linux-gcp, linux-gkeop, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle, linux-azure, linux-azure-5.15, linux-gcp-5.15, linux-gcp-6.8, linux-gke, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, and linux-realtime, linux-realtime-6.8).

The Fedora Council has approved an AI-assisted contributions policy. This follows several weeks of discussion, some of which was covered by LWN on October 1. The final policy contains substantial differences from the initial proposal, and now requires disclosure of AI tools "when the significant part of the contribution is taken from a tool without changes".

KDE Plasma 6.5 has been released. Notable new features include automatic light-to-dark theme switching based on time of day, support for the experimental Wayland picture-in-picture protocol, as well as a number of usability and accessibility improvements. See the complete changelog for a list of the new features, enhancements, and bug fixes.

OpenBSD 7.8 has been released. As usual, this release includes a long list of changes; see the changelog for all of the details.

Security updates have been issued by Fedora (inih, mingw-exiv2, and mod_http2), SUSE (ffmpeg-4, kernel, libqt5-qtbase, protobuf, python-ldap, and python313), and Ubuntu (erlang, ffmpeg, linux, linux-aws, linux-gcp, linux-oem-6.14, linux-oracle, linux-oracle-6.14, linux-raspi, linux-realtime, linux-aws, linux-azure, linux-azure-6.14, linux-azure-nvidia-6.14, linux-azure-fips, linux-oracle-5.4, and linux-realtime-6.14).

Version 9.0.0 of the Valkey distributed key-value database has been released. Notable features of this release include Multipath TCP (MPTCP) support, new filters for client commands, multi-database support for cluster mode and much more. See the Valkey 9.0.0 RC1 release notes for a full list of new features in this major release.

According to a recent blog post, this release includes major improvements to performance and scaling of Valkey clusters to more than 2,000 nodes and one billion requests per second. Valkey began as a fork of the Redis key-value database in March 2024, but has evolved separately since then.

In September, a group of long-time maintainers of Ruby packaging tools projects had their GitHub privileges revoked by nonprofit corporation Ruby Central in what many people are calling a hostile takeover. Ruby Central and its board members have issued several public statements that have, so far, failed to satisfy many in the Ruby community. In response, some of the former contributors to RubyGems are working on an alternative service called gem.coop. On October 17, ownership of the RubyGems and Bundler repositories was handed over to the Ruby core team, even though those projects had never been part of core Ruby previously. The takeover and subsequent events have raised a number of questions in the Ruby community.

Greg Kroah-Hartman has announced the release of the 6.17.4 6.12.54 6.6.113 6.1.157, and 5.15.195 stable kernels. As usual, each contains important fixes; users of those kernels are advised to upgrade.

The Ruby community has experienced some turbulence of late after Ruby Central took control of the GitHub repositories for a number of projects including RubyGems and Bundler. Those projects have historically been developed separately from Ruby itself. They are now being put under the control of Ruby's core team, according to Ruby creator Yukihiro Matsumoto (a.k.a. "Matz"):

To provide the community with long-term stability and continuity, the Ruby core team, led by Matz, has decided to assume stewardship of these projects from Ruby Central. We will continue their development in close collaboration with Ruby Central and the broader community.

Ruby Central has also issued a statement.

Ruby libraries and applications are distributed via a packaging format called a gem. RubyGems.org has been the central hosting service for gems since about 2010. This article is part one of a two-part series on the RubyGems.org takeover by Ruby Central. Understanding the history of RubyGems.org, and the contributor community behind it, is vital to making sense of the current power struggle between Ruby Central and members of the Ruby community who have maintained those services and tools for many years.

Version 13.0 of the Forgejo software forge has been released. Notable changes in this release include content moderation features, ability to require 2FA for users or administrators, and a migration feature for Pagure repositories. The last will be useful for Fedora's move to Forgejo as its new git forge. See the release notes for all changes in 13.0.