Release 2026_001 (2026-01-12)

Impact

25.05

  • This is the last 25.05 Platform release including regular NixOS software updates from the upstream distribution. Please consider updating to Platform 25.11. Security updates will only be performed for selected packages with a high impact and an (even indirect) remote vector, for a limited period.

  • Machines will reboot to activate the changed kernel.

25.11

  • stashost-master, statshost-global: if you are using the default URL of <hostname>.fe.<location>.fcio.net/grafana, you need to change flyingcircus.roles.statshost.hostName to the URL you use.

    Almost all instances already use the new URL grafana.<resource group>.fcio.net, so likely you don’t need to change anything.

  • Machines will reboot to activate the changed kernel.

NixOS 25.05 platform

  • Pull upstream NixOS changes, security fixes, and package updates:

    • apacheHttpd: 2.4.65 -> 2.4.66

    • chromedriver: 143.0.7499.40 -> 143.0.7499.169

    • chromium: 143.0.7499.40 -> 143.0.7499.169

    • erlang: 27.3.4.4 -> 27.3.4.6

    • firefox: 145.0.2 -> 146.0.1

    • gitaly: 18.6.1 -> 18.6.2

    • gitlab: 18.6.1 -> 18.6.2

    • gitlab-ee: 18.6.1 -> 18.6.2

    • gitlab-pages: 18.6.1 -> 18.6.2

    • gitlab-workhorse: 18.6.1 -> 18.6.2

    • linuxKernelStable: 6.12.60 -> 6.12.63

    • linuxKernelVerify: 6.12.60 -> 6.12.63

    • mastodon: 4.3.15 -> 4.3.16

    • nginxMainline: 1.29.3 -> 1.29.4

    • nss_latest: 3.118.1 -> 3.119.1

    • php82: 8.2.29 -> 8.2.30

    • php83: 8.3.28 -> 8.3.29

    • php84: 8.4.15 -> 8.4.16

    • roundcube: 1.6.11 -> 1.6.12

    • webkitgtk: 2.50.2 -> 2.50.4

NixOS 25.11 platform

  • statshost-master: change default URL to grafana.<resource group>.fcio.net (PL-134242)

  • add a simple NixOS tests that verifies that loki is running and accepting the syslog

  • Adds a sensu check to check for ollama loading models into CPU memory which degrades performance. (PL-134226)

  • Pull upstream NixOS changes, security fixes, and package updates:

    • apacheHttpd: 2.4.65 -> 2.4.66

    • cacert: 3.115 -> 3.117

    • chromedriver: 143.0.7499.40 -> 143.0.7499.169

    • chromium: 143.0.7499.40 -> 143.0.7499.169

    • containerd: 2.2.0 -> 2.2.1

    • docker: 28.5.1 -> 28.5.2

    • erlang: 28.2 -> 28.3

    • firefox: 145.0.2 -> 146.0.1

    • gitaly: 18.6.1 -> 18.6.2

    • gitlab: 18.6.1 -> 18.6.2

    • gitlab-ee: 18.6.1 -> 18.6.2

    • gitlab-pages: 18.6.1 -> 18.6.2

    • gitlab-workhorse: 18.6.1 -> 18.6.2

    • go: 1.25.4 -> 1.25.5

    • grafana: 12.3.0 -> 12.3.1

    • imagemagick: 7.1.2-8 -> 7.1.2-9

    • jetbrains.jdk: 21.0.8-b1148.57 -> 21.0.9-b1163.86

    • k3s: 1.34.1+k3s1 -> 1.34.2+k3s1

    • k3s_1_31: 1.31.13+k3s1 -> 1.31.14+k3s1

    • k3s_1_32: 1.32.9+k3s1 -> 1.32.10+k3s1

    • k3s_1_33: 1.33.5+k3s1 -> 1.33.6+k3s1

    • linuxKernelStable: 6.12.60 -> 6.12.63

    • linuxKernelVerify: 6.12.60 -> 6.12.63

    • mastodon: 4.5.2 -> 4.5.3

    • matrix-synapse: 1.143.0 -> 1.144.0

    • mongodb: 7.0.26 -> 7.0.28

    • nginxMainline: 1.29.3 -> 1.29.4

    • nss_latest: 3.118.1 -> 3.119.1

    • php82: 8.2.29 -> 8.2.30

    • php83: 8.3.28 -> 8.3.29

    • php84: 8.4.15 -> 8.4.16

    • postfix: 3.10.6 -> 3.10.7

    • promtail: 3.6.2 -> 3.6.3

    • rclone: 1.72.0 -> 1.72.1

    • redis: 8.2.2 -> 8.2.3

    • roundcube: 1.6.11 -> 1.6.12

    • strace: 6.17 -> 6.18

    • strongswan: 6.0.3 -> 6.0.4

    • tmux: 3.5a -> 3.6a

    • tomcat10: 10.1.48 -> 10.1.50

    • tomcat9: 9.0.111 -> 9.0.113

    • uv: 0.9.15 -> 0.9.21

Detailed Changes