Softpedia >Linux >Linux Distributions >Ubuntu >  Changelog

Ubuntu Changelog

What's new in Ubuntu 23.10 (Mantic Minotaur)

Oct 16, 2023
  • New features in 23.10:
  • Updated Packages:
  • add-apt-repository now adds PPAs as deb822 .sources files (Improvements to PPA management in 23.10 214).
  • Linux kernel :penguin:
  • Ubuntu 23.10 includes the new 6.5 Linux kernel that brings many new features.
  • Notable upstream changes:
  • Intel’s “Topology Aware Register and PM Capsule Interface” (interface that provides better power-management features).
  • arm64 permission-indirection extension (technology to set special memory permissions).
  • RISC-V now supports ACPI.
  • The Loongarch architecture now supports simultaneous multi-threading (SMT).
  • Support for unaccepted memory (protocol by which secure guest systems accept memory allocated by the host - Seeking an acceptable unaccepted memory policy 10.
  • The io_uring subsystem can now store the rings and submission queue in user-space memory.
  • Ability to mount a file system underneath an existing mount on the same mount point; useful in container scenarios (Merge tag ‘v6.5/vfs.mount’ of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs 23).
  • New cachestat() system call (query the page-cache state of files and directories).
  • Usual set of changes to support new hardware.
  • Notable Ubuntu-specific changes:
  • zstd compressed modules (LP: #2028568 25) to shorten boot time.
  • New Apparmor/Stacking LSM patch set.
  • Updated shiftfs patch set.
  • Enabled multi-gen LRU page reclaiming by default (LP: #2023629 7).
  • .config tuning of the low-latency kernel for desktop-oriented tasks (LP: #2028568 15).
  • New zfs 2.2.0~rc3.
  • Ceph support for idmapped mounts.
  • systemd v253.5:
  • The init system was updated to systemd v253.5. See the upstream changelog 39 for more information about individual features.
  • Netplan v0.107:
  • The network stack was updated to Netplan v0.107 26, introducing support for dummy and veth devices in addition to providing Python bindings to libnetplan in the python3-netplan package.
  • Toolchain Upgrades:
  • GCC was updated to the 13.2.0 release, binutils to 2.41, and glibc to 2.38.
  • Python :snake: now defaults to version 3.11.6, and 3.12.0 is available in the archive.
  • Perl :camel: at version 5.36.0.
  • LLVM now defaults to version 16, and 17 is available in the archive.
  • Rust :crab: toolchain defaults to version 1.71.
  • OpenJDK:
  • In addition to OpenJDK 17, OpenJDK 21 is now provided (but not used for package builds).
  • .NET:
  • .NET 7 packages were updated to 7.0.110, and .NET 6 packages were updated to 6.0.121
  • golang:
  • Go was updated to version 1.21. See the upstream release notes 14 for all the changes.
  • Security Improvements:
  • The Ubuntu kernel now has the ability to require programs to have an AppArmor profile in order to use unprivileged user namespaces (unprivileged_userns_restriction 29). This restriction is not currently enabled by default but when enabled affects all programs on the system that are unprivileged and unconfined. This affects programs that construct sandboxes (LP: #2017980 6) or work with some styles of container workloads. This is the first step towards trying to mitigate the larger attack surface presented by unprivileged user namespaces.
  • To enable this new restriction:
  • Enable this restriction on the entire system for one boot by executing echo 1 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns. This setting is lost on reboot.
  • Enable this restriction using a persistent setting by adding a new file (/etc/sysctl.d/60-apparmor-namespace.conf) with the following contents:
  • kernel.apparmor_restrict_unprivileged_userns=1
  • Reboot.
  • There are several options if you run into problems:
  • Confine your applications with an AppArmor profile. Because this can be potentially onerous, a new unconfined profile mode/flag has been added to AppArmor. This designates the profile to essentially act like the unconfined mode for AppArmor where an application is not restricted, and it allows additional permissions to be added, such as the userns, permission. Such profile for, e.g. Google Chrome 2, would look like the following, and it would be located within the /etc/apparmor.d/opt.google.chrome.chrome file
  • Alternatively, a complete AppArmor profile for the application can be created (see the AppArmor 14 documentation).
  • Launch your application in a way that doesn’t use unprivileged user namespaces, e.g. google-chrome-stable --no-sandbox. This is not recommended. Use the unconfined profile mode described above instead.
  • Disable this restriction on the entire system for one boot by executing echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns. This setting is lost on reboot. This similar to the previous behaviour, but it does not mitigate against kernel exploits that abuse the unprivileged user-namespaces feature.
  • Disable this restriction using a persistent setting by adding a new file (/etc/sysctl.d/60-apparmor-namespace.conf) with the following contents:
  • kernel.apparmor_restrict_unprivileged_userns=0:
  • Reboot. This is similar to the previous behaviour, but it does not mitigate against kernel exploits that abuse the unprivileged user-namespaces feature.
  • UBUNTU DESKTOP:
  • Installer and Upgrades:
  • The default Ubuntu Desktop installation is now minimal. There is still an “Expanded installation” option for those who prefer to have applications like LibreOffice and Thunderbird installed for the first boot. (The “Full” option is still the default with the legacy Desktop installer.)
  • We are reintroducing support for ZFS guided installations, enhancing the flexibility and choices available for your storage management needs. This is a new implementation in the Subiquity-based installers, and is without encryption by default. The encrypted ZFS guided option will be developed in a future release.
  • Starting with Ubuntu 23.10, TPM-backed full-disk encryption (FDE) is introduced as an experimental feature, building on years of experience with Ubuntu Core. On supported platforms, you no longer need to enter passphrases at boot manually. Instead, the TPM securely manages the decryption key, providing enhanced security against physical attacks. This new feature streamlines the user experience and offers additional layers of security, especially in enterprise environments. However, the traditional passphrase-backed FDE is still available for those who prefer it. We invite users to experiment with this new feature, although caution is advised as it’s still experimental. More details in the TPM-backed Full Disk Encryption is coming to Ubuntu 73 blog post. Do not hesitate to report bugs in Launchpad against the ubuntu-desktop-installer project 21.
  • Known limitations:
  • Requires TPM 2.0.
  • Only a limited set of hardware is supported.
  • No external kernel-modules support. For example, no support of NVIDIA graphics cards.
  • The configuration file, /etc/netplan/01-network-manager-all.yaml (which specifies Network Manager as the Netplan renderer), has been moved to /lib/netplan/00-network-manager-all.yaml to reflect that it should not be edited. Also, it is now owned by the ubuntu-settings package. For upgraders, the move is be performed automatically and the old file removed if it was unchanged. If it was changed, the move still takes place, but a copy of the old file is left in /etc/netplan/01-network-manager-all.yaml.dpkg-backup (LP: #2020110 5).
  • NetworkManager now uses Netplan as its default settings-storage backend. On upgrade, all connection profiles from /etc/NetworkManager/system-connections/ are transparently migrated to /etc/netplan/90-NM-*.yaml and become ephemeral, Netplan-rendered connection profiles in /run/NetworkManager/system-connections/. Backups of the original profiles are automatically created in /var/lib/NetworkManager/backups/ (read more at NetworkManager YAML settings backend 11 and LP: #1985994 7).
  • ADSys Active Directory Certificates auto-enrollment: Windows Server offers a solution for auto-enrolling certificates using Group Policies. This interacts with Certificate Enrollment Services by Microsoft and works seamlessly with Windows clients.
  • ADSys introduces AD certificates auto-enrollment to streamline connecting to corporate Wi-Fi and VPN networks. Automated enrollment eliminates the need for manual interactions with the certificate authority, such as pre-creating certificates. This simplifies IT administration and minimises security risks associated with managing sensitive data.
  • New Store:
  • There is a brand new Ubuntu App Center that replaces the previous Snap Store. The application has been written from scratch using the Flutter toolkit.
  • There is also a new standalone Firmware Updater application. This provides the possibility to update firmware without needing to have a full app store running continuously in the background.
  • GNOME:
  • GNOME has been updated to include new features and fixes from the latest GNOME release, GNOME 45 264.
  • The GNOME Clocks application is installed by default.
  • Updated Ubuntu font:
  • There is now a fonts-ubuntu-classic package. Install it if you prefer the style of the Ubuntu font before Ubuntu 23.04.
  • Updated Applications:
  • Firefox 20 118 :fire::fox_face:
  • Firefox is a native Wayland application 108 for this Ubuntu release.
  • LibreOffice 7.6 26 :books:
  • Thunderbird 115.2 “Supernova” 40 :cloud_with_lightning::bird:
  • Updated Subsystems:
  • BlueZ 5.68 24
  • Cairo 1.18 22
  • NetworkManager 1.44 14
  • Pipewire 0.3.79 36
  • Poppler 23.08 21
  • xdg-desktop-portal 1.18 9