Release 2025_015 (2025-05-19)¶

Impact¶

k3s: version 1.29 is end-of-life and should be considered insecure. Users are encouraged to upgrade their k3s cluster to a more recent version.
the following services will restart: slurm, gitlab, rabbitmq, postgresql

varnish: Listen addresses are filtered by uniqueness. Before that, adding the same listen IP twice would break Varnish on startup.
The default Nix has been upgraded to 2.25.
Slurm nodes will be returned to service after an unexpected reboot.
Pull upstream NixOS changes, security fixes, and package updates:
- chromedriver: 136.0.7103.59 -> 136.0.7103.92
- chromium: 136.0.7103.59 -> 136.0.7103.92
- erlang: 25.3.2.20 -> 25.3.2.21
- gitaly: 17.11.1 -> 17.11.2
- gitlab: 17.11.1 -> 17.11.2
- gitlab-container-registry: 4.20.0 -> 4.21.0
- gitlab-ee: 17.11.1 -> 17.11.2
- gitlab-pages: 17.11.1 -> 17.11.2
- gitlab-workhorse: 17.11.1 -> 17.11.2
- k3s: 1.31.7+k3s1 -> 1.31.8+k3s1
- k3s_1_30: 1.30.11+k3s1 -> 1.30.12+k3s1
- k3s_1_31: 1.31.7+k3s1 -> 1.31.8+k3s1
- mastodon: 4.3.7 -> 4.3.8
- matrix-synapse: 1.128.0 -> 1.129.0
- php83: 8.3.20 -> 8.3.21
- php84: 8.4.6 -> 8.4.7
- postgresql_13: 13.20 -> 13.21
- postgresql_14: 14.17 -> 14.18
- postgresql_15: 15.12 -> 15.13
- postgresql_17: 17.4 -> 17.5