16.12.0

What's changed?

• Simplify/remove /persist/status/zedagent/* by @eriknordmark (#5584)
• Update vTPM to work with latest evetpm changes by @shjala (#5591)
• Bump alpine 3.22 by @christoph-zededa (#5650)
• build.yml: fix eve job cache handling by @europaul (#5665)
• Fix: remove stale flannel.1 before restart k3s by @naiming-zededa (#5672)
• hypervisor/kubevirt: implement CPU pinning for HV=k (KubeVirt) by @zedi-pramodh (#5676)
• Improve logging in cpuallocator by @zedi-pramodh (#5677)
• tools: add little helper to bump Dockerfiles by @christoph-zededa (#5680)
• Fix Eden version bump: keep 16.0-stable on 1.0.13 by @europaul (#5682)
• add controller-driven kube-vip load balancer for K3S_BASE clusters by @naiming-zededa (#5683)
• dom0-ztools: bump ZFS to 2.3.6 by @rucoder (#5684)
• build(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 in /pkg/pillar by @dependabot[bot] (#5685)
• build(deps): bump google.golang.org/grpc from 1.73.0 to 1.79.3 in /tools/dockerfile-from-checker by @dependabot[bot] (#5687)
• build(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 in /eve-tools/bpftrace-compiler by @dependabot[bot] (#5688)
• build(deps): bump google.golang.org/grpc from 1.75.1 to 1.79.3 in /tools/get-deps by @dependabot[bot] (#5689)
• build(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 in /pkg/wwan/mmagent by @dependabot[bot] (#5690)
• Provide manual k3s stop and start option by @mrangana (#5694)
• build(deps): bump google.golang.org/grpc from 1.75.0 to 1.79.3 in /pkg/newlog by @dependabot[bot] (#5695)
• build(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 in /pkg/pillar by @dependabot[bot] (#5696)
• mmdbus: improve eSIM detection using EID and handle missing slot paths by @milan-zededa (#5697)
• bump_eve_pillar to update pkg/edgeview, pkg/vtpm, and pkg/wan by @eriknordmark (#5698)
• Makefile: use linuxkit env vars for org and builder config by @europaul (#5700)
• build: add HV=k package build to PR workflow by @europaul (#5702)
• build(deps): bump github.com/moby/buildkit from 0.23.1 to 0.28.1 in /tools/dockerfile-from-checker by @dependabot[bot] (#5704)
• build(deps): bump github.com/moby/buildkit from 0.23.2 to 0.28.1 in /eve-tools/bpftrace-compiler by @dependabot[bot] (#5705)
• Fix a race condition when eve-k app restart app lost IP address by @naiming-zededa (#5706)
• pkg/grub: include EFI status code in "unknown TPM error" message by @rucoder (#5708)
• update linuxkit by @europaul (#5709)
• pkg/grub: migrate to GRUB 2.12 by @rucoder (#5710)
• ci: update GitHub Actions to Node.js 24 compatible versions by @rucoder (#5713)
• build: stop exporting GOOS=linux globally by @rucoder (#5714)
• downloader: fix SAS token corruption in constructDatastoreContext by @jsfakian (#5715)
• ci: reduce unit test CI time by running fuzz tests in a separate job by @shjala (#5716)
• Revert "build(deps): bump github.com/moby/buildkit" by @rene (#5717)
• readthedocs.yaml: Bump Ubuntu and Python versions by @rene (#5718)
• zedagent: report EtcdSnapshot optional capability by @zedi-pramodh (#5719)
• Fix an issue of edge-node clustering interface using logical-label by @naiming-zededa (#5720)
• ci: use Eden workflow from 1.0.15 tag by @europaul (#5727)
• .github: run cvewatch after build by @christoph-zededa (#5729)
• nvidia: Improve CDI and .deb package processing by @rene (#5731)
• mkdocs.yml: Fix broken links in documentation by @rene (#5733)
• eden: Use backport branches instead of tagged releases by @europaul (#5736)
• ci: cancel stale Go Tests runs on force-push by @rucoder (#5738)
• build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in /pkg/pillar by @dependabot[bot] (#5739)
• Update go-jose to v4.1.4 by @eriknordmark (#5740)
• build: add workflow to bootstrap eve-alpine-base on demand by @rucoder (#5741)
• zedmanager: fix purge stuck when app was never activated by @eriknordmark (#5742)
• rust: bump time to 0.3.47 in pkg/installer (fix CVE-2026-25727) and update rustc to 1.93.1 by @eriknordmark (#5744)
• build: use unique hash for alpine-base bootstrap to avoid cache collisions by @rucoder (#5747)
• Update eve-alpine hash by @eriknordmark (#5749)
• build: add musl-cross-make cross-compiler build infrastructure by @rucoder (#5752)
• Avoid issues when upgrading to checkpointed controllercerts by @eriknordmark (#5754)
• Disable github actions to choose jumbo runners / increase build timeout by @christoph-zededa (#5756)
• ci: fix empty with: block in cross-compilers workflow by @rucoder (#5757)
• ci: add actionlint check for workflow files by @rucoder (#5758)
• tests/eden: use EDEN_HOME for config isolation by @shjala (#5760)
• pkg/uefi: enable parallel builds with -j/-n $(nproc) by @rucoder (#5761)
• Fix an issue of cluster loadbalancing using logical-lable by @naiming-zededa (#5763)
• alpine 3.22: Only update hash in pkg/recovertpm/Dockerfile by @eriknordmark (#5764)
• eve-k pillar: upgrade longhorn-manager to v1.9.1 and fix BackupTargetName on failover by @andrewd-zededa (#5765)
• build(deps): bump github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.6.10 to 1.7.8 in /pkg/pillar by @dependabot[bot] (#5766)
• build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.80.0 to 1.97.3 in /pkg/pillar by @dependabot[bot] (#5767)
• Fix and simplify broken leader election in Kubernetes cluster by @milan-zededa (#5773)
• Update more alpine hashes and temporarily increase/jumbo build timeout by @eriknordmark (#5774)
• Fix bootstrap config failing on missing ECDH cert by @milan-zededa (#5775)
• build(deps): bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in /eve-tools/bpftrace-compiler by @dependabot[bot] (#5776)
• build(deps): bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in /tools/get-deps by @dependabot[bot] (#5777)
• Makefile: save QEMU PID to file by @shjala (#5779)
• Makefile: Build eve-fw generic variant for evaluation platform by @europaul (#5785)
• build(deps): bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in /tools/dockerfile-from-checker by @dependabot[bot] (#5787)
• Fix boot measurement on grub 2.12 by @rene (#5789)
• pkg/gpt-tools: fix cgpt static build for riscv64 by @christoph-zededa (#5790)

Full Changelog: 16.11.0...16.12.0

16.11.0

What's Changed

• Use Yetus container from lfedge/eve-yetus by @rene (#5397)
• eve-k: Enable local-path storage for CLUSTER_TYPE_K3S_BASE by @andrewd-zededa (#5622)
• eve-k: fix node delete if replicas list encounters crd get error by @andrewd-zededa (#5637)
• github/workflows: Build x86 + arm64 Yetus images at once by @rene (#5646)
• Fix: the issue of kubevirt feature backwards compatibity by @naiming-zededa (#5647)
• Refactor and fix network tracing integration in controllerconn by @milan-zededa (#5648)
• remove deitch from CODEOWNERS by @deitch (#5649)
• pkg/fw: add Intel Wi-Fi 6E AX211 firmware for ASUS-NUC14SRK by @rucoder (#5651)
• build(deps): bump github.com/docker/cli from 28.4.0+incompatible to 29.2.0+incompatible in /tools/get-deps by @dependabot[bot] (#5653)
• build(deps): bump github.com/docker/cli from 28.3.3+incompatible to 29.2.0+incompatible in /eve-tools/bpftrace-compiler by @dependabot[bot] (#5655)
• build(deps): bump github.com/docker/cli from 28.3.0+incompatible to 29.2.0+incompatible in /tools/dockerfile-from-checker by @dependabot[bot] (#5656)
• go-tests.yml: remove pull request target by @europaul (#5657)
• pkg/pillar: remove unsupported linuxkit build.yml fields by @rucoder (#5662)
• Fix: cluster-ip should not be part of the source ip for SendOnIntf by @naiming-zededa (#5663)
• README: update Onlogic FR201 installation and boot configuration by @sultatos (#5664)
• pkg/fw: add Intel Wi-Fi 6E AX1690i/AX211 gf4 firmware for NUC12SNKi7 by @rucoder (#5666)
• Makefile: let docker hash check ignore eden by @christoph-zededa (#5667)
• pkg/storage-init: Fix CONFIG partition tmpfs size by @rene (#5668)
• Update Eden to version 1.0.14 by @eriknordmark (#5671)
• mini-yetus: fix Docker image tag to match CI by @rucoder (#5679)

Full Changelog: 16.10.0...16.11.0

16.10.0

What's Changed

• build(deps): bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.40.0 in /tools/get-deps by @dependabot[bot] in #5642
• eve: add "app" subcommands for user application management by @rucoder in #5629
• build(deps): bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.40.0 in /eve-tools/bpftrace-compiler by @dependabot[bot] in #5643
• pkg/xen-tools: remove unused firmware by @christoph-zededa in #5645
• Support Remote-console and Edgeview-UI VNC for eve-k by @naiming-zededa in #5598

Full Changelog: 16.9.0...16.10.0

16.9.0

What's Changed

• eve-k: set longhorn node-down-pod-deletion-policy by @andrewd-zededa (#5603)
• SR-IOV: Fix API logic and add I350 NIC support by @uncleDecart (#5604)
• Tune kube-controller-arg and kube-controller-manager-arg for cpu/net availability by @andrewd-zededa (#5605)
• Fix for code scanning alert 1496: Use of a broken or weak cryptographic hashing algorithm on sensitive data by @eriknordmark (#5609)
• edgeview: Fixed appearance of being able to open arbitrary files by @eriknordmark (#5610)
• Fix for code scanning alert no. 75: Clear-text logging of sensitive information by @eriknordmark (#5612)
• Fix 'Incorrect conversion between integer types' from CodeQL by @eriknordmark (#5613)
• Disable LED disk enforcement by @rene (#5614)
• mock all inventory commands in evalmgr tests by @rucoder (#5615)
• pkg/pillar: update zededa/ghw library by @christoph-zededa (#5617)
• zedmanager: drive purge state machine to completion in doUpdate by @rucoder (#5618)
• Redact debug logging in execRawCmd to QMP by @eriknordmark (#5619)
• pillar: nireconciler: fix "already connected" error on app re-activation by @rucoder (#5620)
• Support kvm use virtio-vga device for higher resolution VNC console by @naiming-zededa (#5623) (backport of #5638)
• pillar: NOHYPE direct-attach network interface passthrough by @rucoder (#5624)
• grub: increase kernel ring buffer size to 2MB by @rucoder (#5627)
• gpt-tools: support multiple sector sizes by @rene (#5628)
• update kubevirt api kubevirt.io/api and client-go to v1.6.0 by @naiming-zededa (#5630)
• 010-eve-cgroup: skip soft_limit_in_bytes writes on RT kernels by @rucoder (#5635)
• Fix "Incorrect conversion between integer types" for nCPUs by @eriknordmark (#5636)
• kubevirt: Support kubevirt use virtio device by @naiming-zededa (#5638)
• remove acrn hypervisor support by @christoph-zededa (#5640)
• build(deps): bump go.opentelemetry.io/otel/sdk from 1.37.0 to 1.40.0 in /tools/dockerfile-from-checker by @dependabot[bot] (#5641)

Full Changelog: 16.8.0...16.9.0

16.8.0

What's Changed

• Improve or refine the Error statement in EVE installation logs by @jsfakian (#5585)
• pkg/grub: get source from git instead of tar.gz by @europaul (#5589)
• Makefile: Fail for unsupported hypervisor by @rene (#5592)
• CI: Add automated CVE scanning gate for PRs by @shjala (#5593)
• docs: update supported versions in SECURITY.md by @shjala (#5594)
• newlog: fix ANSI escape code stripping by @europaul (#5596)
• docs: Add comprehensive kernel documentation by @rucoder (#5599)
• pkg/apparmor: bump to v4.1.3 by @christoph-zededa (#5601)
• Fix linter warnings in shell scripts and Dockerfile syntax by @rucoder (#5607)
• Kernel update - [amd64-generic] - Introduce NUMA support by @rucoder (#5608)

Full Changelog: 16.7.0...16.8.0

16.7.0

What's Changed

• fix: clean log w/o removing non-standard fields by @europaul in #5574
• docs : update link to security architecture document in CONFIG.md by @shjala in #5576
• Move wpa_supplicant into pillar and remove wlan container by @milan-zededa in #5575
• pillar/usbmanager: use ghw library by @christoph-zededa in #5568
• Fix edgeview encryption change issue from previous PR 5556 by @naiming-zededa in #5573
• Load TLS root CA directly from /config instead of /persist/certs by @shjala in #5553
• Do not download contenttree on all nodes by @zedi-pramodh in #5572
• pkg/pillar: skip TestPciLongExists in unit tests by @shjala in #5583
• eve-k: Handle k3s restarts in k3s components update path. by @andrewd-zededa in #5544
• pkg/kvm-tools: delete by @christoph-zededa in #5586
• eve-k: Accept an override k3s version for upgrades by @andrewd-zededa in #5531
• pillar: make URL joins use url.JoinPath by @europaul in #5588
• Makefile: add eden target for running Eden tests by @shjala in #5587
• Add dynamic PCR policy support for disk key sealing by @shjala in #5398

Full Changelog: 16.6.0...16.7.0

16.6.0

What's Changed

• Fix device config props handling in maybeRetryBoot. by @OhmSpectator in #5533
• CI: Eden status fix by @europaul in #5534
• installer: align rust package by @christoph-zededa in #5524
• migrate message encryption to AEAD (AES‑GCM) + HKDF by @naiming-zededa in #5530
• Support ClusterType EVE-API for modes by @andrewd-zededa in #5522
• installer: use current debug container by @christoph-zededa in #5549
• pr-gate: increase limit for gh tool by @europaul in #5551
• Convert from bytes.Equal into hmac.Equal by @naiming-zededa in #5540
• Add device bound MAC address for Network Instance by @naiming-zededa in #5545
• Configure USB priority in VM boot order by @OhmSpectator in #5507
• Revert automatic lkt hashes by @christoph-zededa in #5554
• Build yetus image on demand by @rene in #5399
• pillar: use current uefi container by @christoph-zededa in #5558
• github/workflows: Fix image name on buildyetusondemand.yml by @rene in #5560
• Fix QMP flooding on VM restart. by @OhmSpectator in #5548
• Do not check for network connection everytime by @zedi-pramodh in #5559
• Revert "Add null key verification to detect TPM reset attacks" by @shjala in #5550
• Fix IPv4-only mode for static IPv4 configuration by @milan-zededa in #5565
• Fix the issue of eve-k VM logging, got five-five-five-five! by @naiming-zededa in #5555
• Send HW inventory by @europaul in #5535
• continue the migrate message encryption to AEAD PR by @naiming-zededa in #5556
• Enable strict node scheduling for cluster app instances. by @andrewd-zededa in #5508
• Remove noisy logging and remove previous external boot images by @naiming-zededa in #5570
• Fix the issue of eve-k shim/container VMI logging by @naiming-zededa in #5571
• Evaluation EVE: Automatic Partition Testing and Onboarding Control by @rucoder in #5351

Full Changelog: 16.5.0...16.6.0

14.5.3-lts

What's Changed

• [14.5-stable] Expand USB diag log collection by @andrewd-zededa in #5290
• [14.5-stable] Collect-Info: put after post by @christoph-zededa in #5333
• [14.5-stable] spec.sh -v - print valid json by @christoph-zededa in #5317
• [14.5-stable] dom0-ztools: Replace pre-cooked UEFI settings by @rene in #5321
• [14.5-stable] Fix the issue of missing calling resp.Body.Close by @naiming-zededa in #5255
• [14.5-stable] .golangci.yml: Update config to newer versions of golangci-lint by @rene in #5353
• [14.5-stable] Omit empty fields in dpc.go on JSON serialization by @OhmSpectator in #5371
• [14.5-stable] Enable automatic TCP MSS clamping for forwarded app traffic by @milan-zededa in #5388
• [14.5-stable] Interleave DNS servers across interfaces inside resolv.conf to mitigate resolver limit issues by @milan-zededa in #5387
• [14.5-stable] Fix MMIO overhead calculation for unreserved adapters by @OhmSpectator in #5419
• [14.5-stable] Kernel update - [amd64-generic] by @rene in #5416
• [14.5-stable] "tui: update to release 0.6.2" by @rucoder in #5426
• [14.5-stable] Fix rungetty.sh to strip non-numeric suffix from console speed parameter by @rucoder in #5435
• [14.5-stable] bpftrace compiler increase timeout by @christoph-zededa in #5443
• [14.5-stable] pillar container: set proper root overlayfs by @deitch in #5449
• [14.5-stable] runc containerd CVE by @deitch in #5455
• [14.5-stable] tools/collect-sources.sh: Exclude var/lock from tarball extraction by @rene in #5462
• [14.5-stable] "Add udev to installer and implement cold start" by @rucoder in #5465
• [14.5-stable] Fix flaky GoroutinesMonitor Go test by @OhmSpectator in #5468
• [14.5-stable] Unify spec by @christoph-zededa in #5477
• [14.5-stable] Fix VLAN sub-interface dependencies by @milan-zededa in #5499
• [14.5-stable] Non cancelable context by @europaul in #5502
• [14.5-stable] spec.sh json output fix for pkg/debug build. by @rene in #5510
• [14.5-stable] .github/workflows: Change docker login and remove pull_request_target by @rene in #5513
• [14.5-stable] Add Eden version selection based on PR target branch by @europaul in #5518
• [14.5-stable] fix spec.sh usb by @christoph-zededa in #5527
• [14.5-stable] Force rebuild of pkg/debug and pkg/installer by @eriknordmark in #5539

Full Changelog: 14.5.2-lts...14.5.3-lts

14.5.3-rc5

What's Changed

• [14.5-stable] Force rebuild of pkg/debug and pkg/installer by @eriknordmark in #5539

Full Changelog: 14.5.3-rc4...14.5.3-rc5

16.5.0

What's Changed

• Bump k3s version to v1.34.2+k3s1 by @zedi-pramodh in #5483
• bpftrace-compiler: increase overall test timeout by @christoph-zededa in #5481
• Improve robustness of TestSingleDPC by @milan-zededa in #5484
• Updated runc in installer and rootfs by @deitch in #5486
• Use nvidia-container-runtime to load CDI devices through kubernetes by @zedi-pramodh in #5480
• Bump up KUBE_VERSION by @zedi-pramodh in #5489
• Change the Edgeview script expire to human readable time by @naiming-zededa in #5491
• Fix an issue of zedkube EdgeNodeClusterStatus Miss token by @naiming-zededa in #5492
• fix(agentlog): use proper file permissions when appending logs by @shjala in #5487
• Fix VLAN sub-interface dependencies by @milan-zededa in #5493
• Non cancelable context by @europaul in #5497
• pkg: nvidia: Bump nvidia-container-toolkit to 1.16.2 by @rene in #5490
• Add missing Intel AX210 (TY) firmware required by iwlwifi by @jsfakian in #5503
• eve-k: Enable ext4 vault support by @andrewd-zededa in #5373
• Copy nvidia device plugin only on nvidia platform by @zedi-pramodh in #5504
• spec.sh json output fix for pkg/debug build. by @andrewd-zededa in #5506
• Replace MD5 with a cryptographically secure random IV generation by @naiming-zededa in #5505
• .github/workflows: Change docker login and remove pull_request_target by @rene in #5512
• Add Eden version selection based on PR target branch by @europaul in #5402
• pkg/debug: fix spec.sh to print valid json by @christoph-zededa in #5520
• pkg/installer: bump debug package by @christoph-zededa in #5523
• gh/template: add backport branch by @christoph-zededa in #5525
• Fix cluster join: k3s 1.34.0+k3s1 does not set master label. by @andrewd-zededa in #5521
• Makefile: add canbus for qemu by @christoph-zededa in #5529
• Allow k3s config overrides from config property k3s.config.override by @andrewd-zededa in #5495
• Enable edgeview certificate validation by @naiming-zededa in #5532

Full Changelog: 16.4.0...16.5.0