Incus 7.2 has been released – News – Linux Containers Forum
21 hours ago
- #Incus
- #Containerization
- #Security
- Incus 7.2 released with new features, performance improvements, and bug fixes.
- Security fixes address 8 critical and high-severity CVEs, including arbitrary file read/write and project bypass issues.
- New per-instance SELinux integration supports containers and VMs with automatic MCS level allocation.
- Added incus default CLI command to manage default options like list_format and console_type.
- incus info now shows filtered server info by default, hiding sensitive data unless --show-sensitive is used.
- incus remote set-keepalive subcommand allows configuring connection keepalive timeouts.
- CLI configuration now uses OS-specific paths (e.g., MacOS uses ~/Library/Application Support/incus/).
- New incus admin update-certificate command for replacing server certificates on standalone systems.
- OCI containers can now have static network configuration including IP addresses, gateways, and DNS settings.
- Managed bridge networks support per-instance BGP route advertisement for IPv4 and IPv6.
- Proxy devices in NAT mode can use dynamic addresses and wildcard listen addresses.
- New NBD endpoint and incus debug nbd command expose all VM disks for concurrent access, aiding backups.
- Btrfs storage volumes now support compression configuration via btrfs.compression key.
- InfiniBand SR-IOV devices support configurable node_guid and port_guid keys.
- Websocket origin restriction via core.https_allowed_websocket_origin server configuration key.
- Deferred function logging added, generating WARNING logs for cleanup errors previously hidden.
- Complete changelog includes translation updates, bug fixes, and documentation improvements.