Release 2025_027 (2025-08-04)

Impact

25.05

  • Machines will reboot to activate an updated kernel.

NixOS 25.05 platform

  • The secret for the communication between coturn & prosody is no longer generated at eval-time (PL-133672).

    This fixes issues where the secret’s store-path is garbage-collected and a new secret is enrolled on an agent run which lead to a subsequent restart of Jitsi mid-day in rare cases.

  • Pull upstream NixOS changes, security fixes, and package updates:

    • chromedriver: 138.0.7204.157 -> 138.0.7204.168

    • chromium: 138.0.7204.157 -> 138.0.7204.168

    • element-web: 1.11.105 -> 1.11.106

    • firefox: 140.0.4 -> 141.0

    • gitaly: 18.1.2 -> 18.2.1

    • gitlab: 18.1.2 -> 18.2.1

    • gitlab-container-registry: 4.24.0 -> 4.25.0

    • gitlab-ee: 18.1.2 -> 18.2.1

    • gitlab-pages: 18.1.2 -> 18.2.1

    • gitlab-runner: 18.1.1 -> 18.1.2

    • gitlab-workhorse: 18.1.2 -> 18.2.1

    • grafana: 12.0.2 -> 12.0.2+security-01

    • k3s_1_30: 1.30.13+k3s1 -> 1.30.14+k3s1

    • linuxKernelStable: 6.12.39 -> 6.12.40

    • linuxKernelVerify: 6.12.39 -> 6.12.40

    • mastodon: 4.3.9 -> 4.3.10

    • matrix-synapse: 1.133.0 -> 1.134.0

    • nodejs_20: 20.19.3 -> 20.19.4

    • nss_latest: 3.113 -> 3.114

    • postfix: 3.10.2 -> 3.10.3

    • tomcat10: 10.1.42 -> 10.1.43

    • tomcat9: 9.0.106 -> 9.0.107

    • uv: 0.7.21 -> 0.7.22

Detailed Changes