Release 2026_027 (2026-07-08)

This release is off-cycle to patch the Januscape vulnerability (CVE-2026-53359) on our KVM hosts. The next release will be regularly on Thursday, 2026-07-09.

Impact

26.05

Machines will reboot to activate a changed kernel.

NixOS 26.05 platform

  • linuxKernelVerify: bump to 6.18

    All non-production machines, as well as all machines running in our WHQ and DEV locations, will now use a 6.18 kernel. Production machines in RZOB (our primary data center) remain at kernel 6.12 for now.

  • Fast track kernel update to 6.12.95 and 6.18.38 to fix Januscape (PL-135580, CVE-2026-53359)

  • Pull upstream NixOS changes, security fixes, and package updates:

    • calibre: 9.9.0 -> 9.10.0

    • docker: 29.5.3 -> 29.6.0

    • firefox: 152.0.3 -> 152.0.4

    • linuxKernelStable: 6.12.94 -> 6.12.95

    • linuxKernelVerify: 6.12.94 -> 6.18.38

    • phpPackages.composer: 2.9.8 -> 2.10.1

Detailed Changes