Release 2025_024 (2025-07-14)

Impact

25.05

  • Changes in the underlying network configuration will cause a breif loss of connectivity and restart of most network-bound core services.

NixOS 25.05 platform

  • loghost: fix Graylog LDAP login which has been broken since 24.11. Graylog is deprecated, the role is only provided to upgrade existing loghosts (PL-133759).

  • telegraf: enable nstat input to provide network protocol stats

    In preparation of the net input deprecating the report of network protocol metrics, this provides a transitory period of both legacy and future metrics being available.
    Deprecated metrics will be disabled in the next major Flying Circus 25.11 platform release.

  • statshost: now supports OpenID Connect login for Grafana, using our Keycloak instance. Disabled by default for now, OIDC will replace LDAP login in the near future. (PL-133429)

  • Pull upstream NixOS changes, security fixes, and package updates:

    • chromedriver: 138.0.7204.49 -> 138.0.7204.92

    • chromium: 138.0.7204.49 -> 138.0.7204.92

    • curl: 8.13.0 -> 8.14.1

    • element-web: 1.11.104 -> 1.11.105

    • file: 5.46 -> 5.45

    • firefox: 140.0.1 -> 140.0.2

    • go: 1.24.3 -> 1.24.4

    • mastodon: 4.3.8 -> 4.3.9

    • matrix-synapse: 1.132.0 -> 1.133.0

    • nix: 2.28.3 -> 2.28.4

    • nodejs: 22.14.0 -> 22.16.0

    • nodejs_20: 20.19.2 -> 20.19.3

    • nodejs_22: 22.14.0 -> 22.16.0

    • php81: 8.1.32 -> 8.1.33

    • php82: 8.2.28 -> 8.2.29

    • php83: 8.3.22 -> 8.3.23

    • php84: 8.4.8 -> 8.4.10

    • prometheus: 3.1.0 -> 3.4.2

    • python3: 3.12.10 -> 3.12.11

    • python310: 3.10.17 -> 3.10.18

    • python311: 3.11.12 -> 3.11.13

    • python312: 3.12.10 -> 3.12.11

    • redis: 7.2.7 -> 7.2.9

    • strace: 6.14 -> 6.15

    • sudo: 1.9.17 -> 1.9.17p1

    • systemd: 257.5 -> 257.6

    • uv: 0.7.16 -> 0.7.19

Detailed Changes