Release 2025_037 (2025-10-13)

Impact

25.05

Machines will reboot to activate the changed kernel.

NixOS 24.11 platform

  • Increase DNS resolver timeouts. (PL-129951)

    We’ve seen sporadic but annoying DNS resolution issues which are likely caused by somewhat laggy DNS authoritatives or forwarders. One aspect of our previous combination of low timeouts and high retry count meant that clients a) might not be retrying correctly and b) resolvers might be retrying with different upstream servers that all exhibit the same sluggishness and thus then fail over and over and over.

    Increasing the timeouts will reduce fragility and reducing the number of retries means applications don’t get stuck too long in case resolvers aren’t responding

    Note: we’re also adjusting our resolver setup in the next releases for further reliability improvements that integrate with this change.

NixOS 25.05 platform

  • statshost-global: The Flying Circus infrastructure-wide statshost now stores metrics of the nstat telegraf output (PL-133683)

  • fc-maintenance: detect need for reboot based on kernel package, not only version number (PL-134082)

    This makes the parsing of a system’s used kernel more robust, and introduces reboots for changed kernels within the same version number.

  • fc-agent: Fix automatic maintenance updates that referred to already garbage-collected system paths (PL-133993)

    This avoids breakage of updates even when they have been pending for a while and the current system state already changed, e.g. due to modified configuration.

  • Increase DNS resolver timeouts. (PL-129951)

    We’ve seen sporadic but annoying DNS resolution issues which are likely caused by somewhat laggy DNS authoritatives or forwarders. One aspect of our previous combination of low timeouts and high retry count meant that clients a) might not be retrying correctly and b) resolvers might be retrying with different upstream servers that all exhibit the same sluggishness and thus then fail over and over and over.

    Increasing the timeouts will reduce fragility and reducing the number of retries means applications don’t get stuck too long in case resolvers aren’t responding

    Note: we’re also adjusting our resolver setup in the next releases for further reliability improvements that integrate with this change.

  • Pull upstream NixOS changes, security fixes, and package updates:

    • chromedriver: 140.0.7339.207 -> 141.0.7390.54

    • chromium: 140.0.7339.207 -> 141.0.7390.54

    • element-web: 1.11.112 -> 1.12.0

    • fetchmail: 6.5.1 -> 6.5.6

    • firefox: 143.0.1 -> 143.0.4

    • gitaly: 18.4.0 -> 18.4.1

    • gitlab: 18.4.0 -> 18.4.1

    • gitlab-container-registry: 4.27.0 -> 4.28.0

    • gitlab-ee: 18.4.0 -> 18.4.1

    • gitlab-pages: 18.4.0 -> 18.4.1

    • gitlab-workhorse: 18.4.0 -> 18.4.1

    • grafana: 12.0.4 -> 12.0.5

    • jetty: 12.1.0 -> 12.1.1

    • libressl: 4.0.0 -> 4.1.1

    • linuxKernelStable: 6.12.48 -> 6.12.50

    • linuxKernelVerify: 6.12.48 -> 6.12.50

    • matrix-synapse: 1.138.0 -> 1.139.2

    • php83: 8.3.25 -> 8.3.26

    • php84: 8.4.12 -> 8.4.13

    • redis: 7.2.10 -> 7.2.11

    • tomcat10: 10.1.44 -> 10.1.46

    • tomcat9: 9.0.108 -> 9.0.109

    • webkitgtk: 2.48.6 -> 2.50.0

Detailed Changes