Release 2026_017 (2026-05-11)

Impact

25.05

  • Machines will reboot to activate a changed kernel.

25.11

  • Machines will reboot to activate a changed kernel

NixOS 25.05 platform

  • linux kernel: fix copy.fail kernel vulnerability (CVE-2026-31431) (PL-135348)

  • nix: fix privilege escalation (GHSA-vh5x-56v6-4368) (PL-135360)

  • Pull upstream NixOS changes, security fixes, and package updates:

    • linuxKernelStable: 6.12.63 -> 6.12.85

    • linuxKernelVerify: 6.12.63 -> 6.12.85

    • nix: 2.28.6 -> 2.28.7

NixOS 25.11 platform

  • slurm: add slurm 25.11 package and make fc-agent compatible with pyslurm 25.11 (PL-135105)

    The default slurm version for the NixOS 25.11 platform is still 25.05. This change allows it, to move customers to slurm 25.11.

  • linux kernel: fix copy.fail kernel vulnerability (CVE-2026-31431) (PL-135348)

  • nix: fix privilege escalation (GHSA-vh5x-56v6-4368) (PL-135360)

  • Pull upstream NixOS changes, security fixes, and package updates:

    • cacert: 3.121 -> 3.123

    • chromedriver: 147.0.7727.116 -> 147.0.7727.137

    • chromium: 147.0.7727.116 -> 147.0.7727.137

    • firefox: 150.0 -> 150.0.1

    • gitaly: 18.10.3 -> 18.11.1

    • gitlab: 18.10.3 -> 18.11.1

    • gitlab-ee: 18.10.3 -> 18.11.1

    • gitlab-pages: 18.10.3 -> 18.11.1

    • gitlab-workhorse: 18.10.3 -> 18.11.1

    • go: 1.25.8 -> 1.25.9

    • imagemagick: 7.1.2-18 -> 7.1.2-19

    • libjpeg: 3.1.2 -> 3.1.4

    • linuxKernelStable: 6.12.83 -> 6.12.85

    • linuxKernelVerify: 6.12.83 -> 6.12.85

    • matrix-synapse: 1.151.0 -> 1.152.0

    • nix: 2.31.4 -> 2.31.5

    • ollama-rocm: (new version missing)

    • openssh: 10.2p1 -> 10.3p1

    • openssl: 3.6.1 -> 3.6.2

    • openssl_3: 3.0.19 -> 3.0.20

    • python3Packages.requests: 2.32.5 -> 2.33.1

    • systemd: 258.5 -> 258.7

    • util-linux: 2.41.3 -> 2.41.4

    • vim: 9.1.2148 -> 9.2.0340

    • xz: 5.8.1 -> 5.8.3

Detailed Changes