Softpedia >Linux >Linux Distributions >Ubuntu Server >  Changelog

Ubuntu Server Changelog

What's new in Ubuntu Server 22.10

Oct 31, 2022
  • Subiquity 22.10.1:
  • The Ubuntu 22.10 Live Server includes Subiquity 22.10.1, which adds a variety of bugfixes and a few new features including enhancements to autoinstall, cloud-init integration, and keyboard handling. Please see the Subiquity release notes 47 for more details.
  • Socket-activated SSHd
  • In Ubuntu 22.10, openssh now uses systemd socket activation by default. Read more about this new feature here 196.
  • SSSD
  • All SSSD client libraries (nss, pam, etc.) won’t serialize requests anymore by default, i.e. requests from multiple threads can be executed in parallel. The old behavior (serialization) can still be enabled by setting the environment variable SSS_LOCKFREE to NO.
  • Added a new krb5 plugin idp and a new binary oidc_child which performs OAuth2 authentication against FreeIPA. This, however, cannot be tested yet because this feature is still under development on the FreeIPA server side.
  • Support for LDAP Channel Binding and Signing for Windows Integration
  • cyrus-sasl2 2 has been patched 1 to support new requirements 3 for Windows Server: LDAP Channel Binding 2 and LDAP Signing 1.
  • When using GSSAPI/GSS-SPNEGO authentication over an encrypted transport like ldaps://, Microsoft recommends that Channel Binding be enabled. If Windows Server is configured to require this setting, then clients that do not enable Channel Binding over such connections will be rejected.
  • Bind9:
  • Add support for remote TLS certificate verification, both to named and dig, making it possible to implement Strict and Mutual TLS authentication, as described in RFC 9103 3, Section 9.3.
  • Rsync:
  • A new form of argument protection was added that works similarly to the older --protect-args (-s 2) option, but in a way that avoids breaking things like rrsync (the restricted rsync script): rsync now uses backslash escaping for sending “shell-active” characters to the remote shell. This includes spaces, so fetching a remote file via a simple quoted filename value now works by default without any extra quoting:
  • rsync -aiv host:'a simple file.pdf' .
  • Wildcards are not escaped in filename arguments, but they are escaped in options like the --suffix 2 and --usermap 2 values. If your rsync script depends on the old arg-splitting behavior, either run it with the --old-args 2 option or export RSYNC_OLD_ARGS=1 in the script’s environment. See also the ADVANCED USAGE 1 section of rsync's manpage for how to use a more modern argument style.
  • Resource agents 4.11.0:
  • Improvements in many agents such as:
  • IPaddr2: allow to disable Duplicate Address Detection for IPv6; and allow to send IPv6 Neighbor Advertisements in background.
  • LVM-activate: disable VG autoactivation in system_id access_mode.
  • Those are some of the changes added to the resource-agent-base binary package which is in main, to check a full list of the changes see the upstream changelog 4.
  • Fence agents 4.11.0:
  • fence-virtd and fence-virt were introduced as new binary packages in this version.
  • OpenVPN 2.6.0 snapshot:
  • OpenVPN 2.6.0 was not released yet, so Ubuntu Kinetic will ship a git snapshot instead. This new version contains some improvements regarding OpenSSL 3 support. Another important change that might impact users is the drop of the --cipher option in favor of the new --data-ciphers. It is important to note that when --data-ciphers is not specific, the default will be AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305. This can impact users that are using old ciphers, like AES-256-CBC. In this scenario, it is recommended that users migrate their certificates to the ciphers that are supported by default. A workaround is possible by explicitly setting --data-ciphers.
  • For more details on cipher negotiation, please read the upstream documentation 5.
  • Containerd 1.6.4:
  • This contains some major release changes which can all be seen here 11. Now, it has support for shim plugins and added support for absolute path to shim binaries.
  • Runc 1.1.2:
  • This new version contains an important CVE fix and also a bunch of improvements, fixing bugs and improving the upstream CI system. For more detailed information please check the upstream changelog 4.
  • Docker.io 20 20.10.16:
  • This new version contains fixes to avoid potential lock issues and update its dependencies internally. For more detailed information please check the upstream changelog 15.
  • qemu:
  • Qemu was updated to version v7.0.0 which brings many major and minor improvements. Among others this version includes:
  • Added support for Intel AMX
  • Support for various further RISC-V extensions, among them the hypervisor extension is no more marked experimental and now enabled by default
  • Fixes for various emulated s390x instructions
  • User-mode emulation (linux-user, bsd-user) will enforce guest alignment constraints and raise
  • SIGBUS to the guest program as appropriate.
  • The qemu-nbd program has gained a new --tls-hostname parameter to allow TLS validation against a different hostname, such as when setting up TLS through a TCP tunnel, and now supports TLS over Unix sockets.
  • See the upstream changelog for version 7.0 9 for an overview of the many further improvements. These also contain a list of suggested alternatives for removed, deprecated and incompatible features.
  • libvirt:
  • Tracking the releases of libvirt continuously version v8.6.0 is now provided in Ubuntu 22.10 which - among many other fixes, improvements and features - includes:
  • For example there have been many new features for qemu:
  • Support mode option for dirtyrate calculation.
  • Introduce manual disk snapshot mode.
  • Introduce memory allocation threads (handy for guests with large amounts of memory).
  • Introduce support for virtio-iommu.
  • ppc64 Power10 processor support.
  • Introduce absolute clock offset.
  • Add support for post-copy migration recovery.
  • See the upstream changelogs 5 for the many further improvements and fixes since version 8.0.0 that was in Ubuntu 22.04 1.
  • openvswitch:
  • The new version 3.0.0 of openvswitch is in Ubuntu 22.10 and provides a general update including the following changes:
  • Userspace datapath improved multi-thread scalability of the userspace connection tracking.
  • IPsec now has custom per-tunnel options.
  • Extended Flow Monitoring to support more OpenFlow versions.
  • OVSDB compaction was improved to run in a separate process (avoiding blocks) and is enabled by default to return unused memory to the system.
  • libopenvswitch API changes to fix the undefined compiler behavior will need users of libopenvswitch to double-check the use of loop macros like LIST_FOR_EACH.
  • The OVS News 4 page holds more details about the new version.
  • OpenStack:
  • Ubuntu 22.10 includes the latest OpenStack release, Zed, including the following components:
  • OpenStack Identity - Keystone
  • OpenStack Imaging - Glance
  • OpenStack Block Storage - Cinder
  • OpenStack Compute - Nova
  • OpenStack Networking - Neutron
  • OpenStack Telemetry - Ceilometer, Aodh, Gnocchi
  • OpenStack Orchestration - Heat
  • OpenStack Dashboard - Horizon
  • OpenStack Object Storage - Swift
  • OpenStack DNS - Designate
  • OpenStack Bare-metal - Ironic
  • OpenStack Filesystem - Manila
  • OpenStack Key Manager - Barbican
  • OpenStack Load Balancer - Octavia
  • OpenStack Instance HA - Masakari
  • Please refer to the OpenStack Zed release notes 9 for full details of this release of OpenStack.
  • OpenStack Zed is also provided via the Ubuntu Cloud Archive 2 for OpenStack Zed for Ubuntu 22.04 LTS users.
  • Make sure you read the OpenStack Charm Release Notes for more information about how to deploy and operate Ubuntu OpenStack using Juju.