The Crafter CMS Groovy sandbox has been patched three times. CVE-2021-23259, CVE-2022-40635, CVE-2025-6384.

Our team went back in anyway and found 14 distinct RCE bypass techniques in v5.0.0: AST Transformations, SpelExpressionParser, GroovyShell, Template Engines, XStream, BeanShell, Jakarta EL, Commons Exec, Object Factories, MBeans, and more.

The sandbox wasn't broken in one place. It was porous.

CVE-2026-1770 (PTT-2025-022). Full PoC: https://pentest-tools.com/research

Announcing Incus 7.0 LTS

It’s with great pride and pleasure that the Incus team is announcing the release of Incus 7.0 LTS!

Incus is a modern system container, application container and virtual machine manager. It’s released under the Apache 2.0 license and is run as a community led Open Source project as part of the Linux Containers organization.

Incus provides a cloud-like environment, creating instances from our premade images or any OCI registry and offers a wide variety of features, including the ability to seamlessly cluster servers together.

It supports multiple different local or remote storage options, traditional or fully distributed networking and offers most common cloud features, including a full REST API and integrations with common tooling like Ansible, Terraform/OpenTofu, Packr, Kubernetes Cluster API and more!

This is the second LTS release for Incus with Incus 6.0 LTS now entering its security-only phase for the remaining 3 years of its 5 years lifespan.

Incus 7.0 LTS joins LXC 7.0 LTS and LXCFS 7.0 LTS in wrapping up this round of LTS releases.

Just like its sister projects, Incus 7.0 LTS will be supported until June 2031.

The first 2 years will feature bug and security fixes as well as minor usability improvements, delivered through occasional point releases (7.0.x). After that initial two years, Incus 7.0 LTS will move to security only maintenance for the remaining of its 5 years of support.

A total of 204 individuals contributed to Incus between the 6.0 LTS and 7.0 LTS releases with 45 contributing between the 6.23 and 7.0 LTS releases.

This release fixes the following security issues:

• CVE-2026-35527 (Moderate)
• CVE-2026-40195 (Moderate)
• CVE-2026-40197 (Moderate)
• CVE-2026-40251 (Moderate)
• CVE-2026-41647 (Moderate)
• CVE-2026-41684 (Moderate)
• CVE-2026-41685 (Moderate)
• CVE-2026-40243 (Low)
• CVE-2026-41648 (Low)

Breaking changes:

• New minimum system requirements
• Removal of CGroupV1 support
• Removal of xtables support
• Incus CLI changes, removing handling for older syntax

New features for those coming from Incus 6.23:

• Minio replaced by built-in S3 listener
• Server shutdown action
• Low level backup API
• Storage pool project restriction
• Placement scriptlet call on cluster rebalance
• File transfer commands now aligned with cp
• –reuse flag in incus image copy

New features for those coming from Incus 6.0.6 LTS:

• All of the new features listed above
• Application containers (OCI)
• Dependent storage volumes
• Network address sets
• Linstor storage driver
• TrueNAS storage driver
• CPU baseline definition in cluster groups

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://www.youtube.com/watch?v=Fp0l84fSeP0

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

Announcing Incus 7.0 LTS

It’s with great pride and pleasure that the Incus team is announcing the release of Incus 7.0 LTS!

Incus is a modern system container, application container and virtual machine manager. It’s released under the Apache 2.0 license and is run as a community led Open Source project as part of the Linux Containers organization.

Incus provides a cloud-like environment, creating instances from our premade images or any OCI registry and offers a wide variety of features, including the ability to seamlessly cluster servers together.

It supports multiple different local or remote storage options, traditional or fully distributed networking and offers most common cloud features, including a full REST API and integrations with common tooling like Ansible, Terraform/OpenTofu, Packr, Kubernetes Cluster API and more!

This is the second LTS release for Incus with Incus 6.0 LTS now entering its security-only phase for the remaining 3 years of its 5 years lifespan.

Incus 7.0 LTS joins LXC 7.0 LTS and LXCFS 7.0 LTS in wrapping up this round of LTS releases.

Just like its sister projects, Incus 7.0 LTS will be supported until June 2031.

The first 2 years will feature bug and security fixes as well as minor usability improvements, delivered through occasional point releases (7.0.x). After that initial two years, Incus 7.0 LTS will move to security only maintenance for the remaining of its 5 years of support.

A total of 204 individuals contributed to Incus between the 6.0 LTS and 7.0 LTS releases with 45 contributing between the 6.23 and 7.0 LTS releases.

This release fixes the following security issues:

• CVE-2026-35527 (Moderate)
• CVE-2026-40195 (Moderate)
• CVE-2026-40197 (Moderate)
• CVE-2026-40251 (Moderate)
• CVE-2026-41647 (Moderate)
• CVE-2026-41684 (Moderate)
• CVE-2026-41685 (Moderate)
• CVE-2026-40243 (Low)
• CVE-2026-41648 (Low)

Breaking changes:

• New minimum system requirements
• Removal of CGroupV1 support
• Removal of xtables support
• Incus CLI changes, removing handling for older syntax

New features for those coming from Incus 6.23:

• Minio replaced by built-in S3 listener
• Server shutdown action
• Low level backup API
• Storage pool project restriction
• Placement scriptlet call on cluster rebalance
• File transfer commands now aligned with cp
• –reuse flag in incus image copy

New features for those coming from Incus 6.0.6 LTS:

• All of the new features listed above
• Application containers (OCI)
• Dependent storage volumes
• Network address sets
• Linstor storage driver
• TrueNAS storage driver
• CPU baseline definition in cluster groups

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://www.youtube.com/watch?v=Fp0l84fSeP0

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

Announcing Incus 7.0 LTS

It’s with great pride and pleasure that the Incus team is announcing the release of Incus 7.0 LTS!

Incus is a modern system container, application container and virtual machine manager. It’s released under the Apache 2.0 license and is run as a community led Open Source project as part of the Linux Containers organization.

Incus provides a cloud-like environment, creating instances from our premade images or any OCI registry and offers a wide variety of features, including the ability to seamlessly cluster servers together.

It supports multiple different local or remote storage options, traditional or fully distributed networking and offers most common cloud features, including a full REST API and integrations with common tooling like Ansible, Terraform/OpenTofu, Packr, Kubernetes Cluster API and more!

This is the second LTS release for Incus with Incus 6.0 LTS now entering its security-only phase for the remaining 3 years of its 5 years lifespan.

Incus 7.0 LTS joins LXC 7.0 LTS and LXCFS 7.0 LTS in wrapping up this round of LTS releases.

Just like its sister projects, Incus 7.0 LTS will be supported until June 2031.

The first 2 years will feature bug and security fixes as well as minor usability improvements, delivered through occasional point releases (7.0.x). After that initial two years, Incus 7.0 LTS will move to security only maintenance for the remaining of its 5 years of support.

A total of 204 individuals contributed to Incus between the 6.0 LTS and 7.0 LTS releases with 45 contributing between the 6.23 and 7.0 LTS releases.

This release fixes the following security issues:

• CVE-2026-35527 (Moderate)
• CVE-2026-40195 (Moderate)
• CVE-2026-40197 (Moderate)
• CVE-2026-40251 (Moderate)
• CVE-2026-41647 (Moderate)
• CVE-2026-41684 (Moderate)
• CVE-2026-41685 (Moderate)
• CVE-2026-40243 (Low)
• CVE-2026-41648 (Low)

Breaking changes:

• New minimum system requirements
• Removal of CGroupV1 support
• Removal of xtables support
• Incus CLI changes, removing handling for older syntax

New features for those coming from Incus 6.23:

• Minio replaced by built-in S3 listener
• Server shutdown action
• Low level backup API
• Storage pool project restriction
• Placement scriptlet call on cluster rebalance
• File transfer commands now aligned with cp
• –reuse flag in incus image copy

New features for those coming from Incus 6.0.6 LTS:

• All of the new features listed above
• Application containers (OCI)
• Dependent storage volumes
• Network address sets
• Linstor storage driver
• TrueNAS storage driver
• CPU baseline definition in cluster groups

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://www.youtube.com/watch?v=Fp0l84fSeP0

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

Announcing Incus 7.0 LTS

It’s with great pride and pleasure that the Incus team is announcing the release of Incus 7.0 LTS!

Incus is a modern system container, application container and virtual machine manager. It’s released under the Apache 2.0 license and is run as a community led Open Source project as part of the Linux Containers organization.

Incus provides a cloud-like environment, creating instances from our premade images or any OCI registry and offers a wide variety of features, including the ability to seamlessly cluster servers together.

It supports multiple different local or remote storage options, traditional or fully distributed networking and offers most common cloud features, including a full REST API and integrations with common tooling like Ansible, Terraform/OpenTofu, Packr, Kubernetes Cluster API and more!

This is the second LTS release for Incus with Incus 6.0 LTS now entering its security-only phase for the remaining 3 years of its 5 years lifespan.

Incus 7.0 LTS joins LXC 7.0 LTS and LXCFS 7.0 LTS in wrapping up this round of LTS releases.

Just like its sister projects, Incus 7.0 LTS will be supported until June 2031.

The first 2 years will feature bug and security fixes as well as minor usability improvements, delivered through occasional point releases (7.0.x). After that initial two years, Incus 7.0 LTS will move to security only maintenance for the remaining of its 5 years of support.

A total of 204 individuals contributed to Incus between the 6.0 LTS and 7.0 LTS releases with 45 contributing between the 6.23 and 7.0 LTS releases.

This release fixes the following security issues:

• CVE-2026-35527 (Moderate)
• CVE-2026-40195 (Moderate)
• CVE-2026-40197 (Moderate)
• CVE-2026-40251 (Moderate)
• CVE-2026-41647 (Moderate)
• CVE-2026-41684 (Moderate)
• CVE-2026-41685 (Moderate)
• CVE-2026-40243 (Low)
• CVE-2026-41648 (Low)

Breaking changes:

• New minimum system requirements
• Removal of CGroupV1 support
• Removal of xtables support
• Incus CLI changes, removing handling for older syntax

New features for those coming from Incus 6.23:

• Minio replaced by built-in S3 listener
• Server shutdown action
• Low level backup API
• Storage pool project restriction
• Placement scriptlet call on cluster rebalance
• File transfer commands now aligned with cp
• –reuse flag in incus image copy

New features for those coming from Incus 6.0.6 LTS:

• All of the new features listed above
• Application containers (OCI)
• Dependent storage volumes
• Network address sets
• Linstor storage driver
• TrueNAS storage driver
• CPU baseline definition in cluster groups

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://www.youtube.com/watch?v=Fp0l84fSeP0

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

Announcing Incus 7.0 LTS

It’s with great pride and pleasure that the Incus team is announcing the release of Incus 7.0 LTS!

Incus is a modern system container, application container and virtual machine manager. It’s released under the Apache 2.0 license and is run as a community led Open Source project as part of the Linux Containers organization.

Incus provides a cloud-like environment, creating instances from our premade images or any OCI registry and offers a wide variety of features, including the ability to seamlessly cluster servers together.

It supports multiple different local or remote storage options, traditional or fully distributed networking and offers most common cloud features, including a full REST API and integrations with common tooling like Ansible, Terraform/OpenTofu, Packr, Kubernetes Cluster API and more!

This is the second LTS release for Incus with Incus 6.0 LTS now entering its security-only phase for the remaining 3 years of its 5 years lifespan.

Incus 7.0 LTS joins LXC 7.0 LTS and LXCFS 7.0 LTS in wrapping up this round of LTS releases.

Just like its sister projects, Incus 7.0 LTS will be supported until June 2031.

The first 2 years will feature bug and security fixes as well as minor usability improvements, delivered through occasional point releases (7.0.x). After that initial two years, Incus 7.0 LTS will move to security only maintenance for the remaining of its 5 years of support.

A total of 204 individuals contributed to Incus between the 6.0 LTS and 7.0 LTS releases with 45 contributing between the 6.23 and 7.0 LTS releases.

This release fixes the following security issues:

• CVE-2026-35527 (Moderate)
• CVE-2026-40195 (Moderate)
• CVE-2026-40197 (Moderate)
• CVE-2026-40251 (Moderate)
• CVE-2026-41647 (Moderate)
• CVE-2026-41684 (Moderate)
• CVE-2026-41685 (Moderate)
• CVE-2026-40243 (Low)
• CVE-2026-41648 (Low)

Breaking changes:

• New minimum system requirements
• Removal of CGroupV1 support
• Removal of xtables support
• Incus CLI changes, removing handling for older syntax

New features for those coming from Incus 6.23:

• Minio replaced by built-in S3 listener
• Server shutdown action
• Low level backup API
• Storage pool project restriction
• Placement scriptlet call on cluster rebalance
• File transfer commands now aligned with cp
• –reuse flag in incus image copy

New features for those coming from Incus 6.0.6 LTS:

• All of the new features listed above
• Application containers (OCI)
• Dependent storage volumes
• Network address sets
• Linstor storage driver
• TrueNAS storage driver
• CPU baseline definition in cluster groups

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://www.youtube.com/watch?v=Fp0l84fSeP0

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

Announcing Incus 7.0 LTS

It’s with great pride and pleasure that the Incus team is announcing the release of Incus 7.0 LTS!

Incus is a modern system container, application container and virtual machine manager. It’s released under the Apache 2.0 license and is run as a community led Open Source project as part of the Linux Containers organization.

Incus provides a cloud-like environment, creating instances from our premade images or any OCI registry and offers a wide variety of features, including the ability to seamlessly cluster servers together.

It supports multiple different local or remote storage options, traditional or fully distributed networking and offers most common cloud features, including a full REST API and integrations with common tooling like Ansible, Terraform/OpenTofu, Packr, Kubernetes Cluster API and more!

This is the second LTS release for Incus with Incus 6.0 LTS now entering its security-only phase for the remaining 3 years of its 5 years lifespan.

Incus 7.0 LTS joins LXC 7.0 LTS and LXCFS 7.0 LTS in wrapping up this round of LTS releases.

Just like its sister projects, Incus 7.0 LTS will be supported until June 2031.

The first 2 years will feature bug and security fixes as well as minor usability improvements, delivered through occasional point releases (7.0.x). After that initial two years, Incus 7.0 LTS will move to security only maintenance for the remaining of its 5 years of support.

A total of 204 individuals contributed to Incus between the 6.0 LTS and 7.0 LTS releases with 45 contributing between the 6.23 and 7.0 LTS releases.

This release fixes the following security issues:

• CVE-2026-35527 (Moderate)
• CVE-2026-40195 (Moderate)
• CVE-2026-40197 (Moderate)
• CVE-2026-40251 (Moderate)
• CVE-2026-41647 (Moderate)
• CVE-2026-41684 (Moderate)
• CVE-2026-41685 (Moderate)
• CVE-2026-40243 (Low)
• CVE-2026-41648 (Low)

Breaking changes:

• New minimum system requirements
• Removal of CGroupV1 support
• Removal of xtables support
• Incus CLI changes, removing handling for older syntax

New features for those coming from Incus 6.23:

• Minio replaced by built-in S3 listener
• Server shutdown action
• Low level backup API
• Storage pool project restriction
• Placement scriptlet call on cluster rebalance
• File transfer commands now aligned with cp
• –reuse flag in incus image copy

New features for those coming from Incus 6.0.6 LTS:

• All of the new features listed above
• Application containers (OCI)
• Dependent storage volumes
• Network address sets
• Linstor storage driver
• TrueNAS storage driver
• CPU baseline definition in cluster groups

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://www.youtube.com/watch?v=Fp0l84fSeP0

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

Announcing Incus 7.0 LTS

It’s with great pride and pleasure that the Incus team is announcing the release of Incus 7.0 LTS!

Incus is a modern system container, application container and virtual machine manager. It’s released under the Apache 2.0 license and is run as a community led Open Source project as part of the Linux Containers organization.

Incus provides a cloud-like environment, creating instances from our premade images or any OCI registry and offers a wide variety of features, including the ability to seamlessly cluster servers together.

It supports multiple different local or remote storage options, traditional or fully distributed networking and offers most common cloud features, including a full REST API and integrations with common tooling like Ansible, Terraform/OpenTofu, Packr, Kubernetes Cluster API and more!

This is the second LTS release for Incus with Incus 6.0 LTS now entering its security-only phase for the remaining 3 years of its 5 years lifespan.

Incus 7.0 LTS joins LXC 7.0 LTS and LXCFS 7.0 LTS in wrapping up this round of LTS releases.

Just like its sister projects, Incus 7.0 LTS will be supported until June 2031.

The first 2 years will feature bug and security fixes as well as minor usability improvements, delivered through occasional point releases (7.0.x). After that initial two years, Incus 7.0 LTS will move to security only maintenance for the remaining of its 5 years of support.

A total of 204 individuals contributed to Incus between the 6.0 LTS and 7.0 LTS releases with 45 contributing between the 6.23 and 7.0 LTS releases.

This release fixes the following security issues:

• CVE-2026-35527 (Moderate)
• CVE-2026-40195 (Moderate)
• CVE-2026-40197 (Moderate)
• CVE-2026-40251 (Moderate)
• CVE-2026-41647 (Moderate)
• CVE-2026-41684 (Moderate)
• CVE-2026-41685 (Moderate)
• CVE-2026-40243 (Low)
• CVE-2026-41648 (Low)

Breaking changes:

• New minimum system requirements
• Removal of CGroupV1 support
• Removal of xtables support
• Incus CLI changes, removing handling for older syntax

New features for those coming from Incus 6.23:

• Minio replaced by built-in S3 listener
• Server shutdown action
• Low level backup API
• Storage pool project restriction
• Placement scriptlet call on cluster rebalance
• File transfer commands now aligned with cp
• –reuse flag in incus image copy

New features for those coming from Incus 6.0.6 LTS:

• All of the new features listed above
• Application containers (OCI)
• Dependent storage volumes
• Network address sets
• Linstor storage driver
• TrueNAS storage driver
• CPU baseline definition in cluster groups

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://www.youtube.com/watch?v=Fp0l84fSeP0

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

Announcing Incus 7.0 LTS

It’s with great pride and pleasure that the Incus team is announcing the release of Incus 7.0 LTS!

Incus is a modern system container, application container and virtual machine manager. It’s released under the Apache 2.0 license and is run as a community led Open Source project as part of the Linux Containers organization.

Incus provides a cloud-like environment, creating instances from our premade images or any OCI registry and offers a wide variety of features, including the ability to seamlessly cluster servers together.

It supports multiple different local or remote storage options, traditional or fully distributed networking and offers most common cloud features, including a full REST API and integrations with common tooling like Ansible, Terraform/OpenTofu, Packr, Kubernetes Cluster API and more!

This is the second LTS release for Incus with Incus 6.0 LTS now entering its security-only phase for the remaining 3 years of its 5 years lifespan.

Incus 7.0 LTS joins LXC 7.0 LTS and LXCFS 7.0 LTS in wrapping up this round of LTS releases.

Just like its sister projects, Incus 7.0 LTS will be supported until June 2031.

The first 2 years will feature bug and security fixes as well as minor usability improvements, delivered through occasional point releases (7.0.x). After that initial two years, Incus 7.0 LTS will move to security only maintenance for the remaining of its 5 years of support.

A total of 204 individuals contributed to Incus between the 6.0 LTS and 7.0 LTS releases with 45 contributing between the 6.23 and 7.0 LTS releases.

This release fixes the following security issues:

• CVE-2026-35527 (Moderate)
• CVE-2026-40195 (Moderate)
• CVE-2026-40197 (Moderate)
• CVE-2026-40251 (Moderate)
• CVE-2026-41647 (Moderate)
• CVE-2026-41684 (Moderate)
• CVE-2026-41685 (Moderate)
• CVE-2026-40243 (Low)
• CVE-2026-41648 (Low)

Breaking changes:

• New minimum system requirements
• Removal of CGroupV1 support
• Removal of xtables support
• Incus CLI changes, removing handling for older syntax

New features for those coming from Incus 6.23:

• Minio replaced by built-in S3 listener
• Server shutdown action
• Low level backup API
• Storage pool project restriction
• Placement scriptlet call on cluster rebalance
• File transfer commands now aligned with cp
• –reuse flag in incus image copy

New features for those coming from Incus 6.0.6 LTS:

• All of the new features listed above
• Application containers (OCI)
• Dependent storage volumes
• Network address sets
• Linstor storage driver
• TrueNAS storage driver
• CPU baseline definition in cluster groups

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://www.youtube.com/watch?v=Fp0l84fSeP0

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

Announcing Incus 7.0 LTS

It’s with great pride and pleasure that the Incus team is announcing the release of Incus 7.0 LTS!

Incus is a modern system container, application container and virtual machine manager. It’s released under the Apache 2.0 license and is run as a community led Open Source project as part of the Linux Containers organization.

Incus provides a cloud-like environment, creating instances from our premade images or any OCI registry and offers a wide variety of features, including the ability to seamlessly cluster servers together.

It supports multiple different local or remote storage options, traditional or fully distributed networking and offers most common cloud features, including a full REST API and integrations with common tooling like Ansible, Terraform/OpenTofu, Packr, Kubernetes Cluster API and more!

This is the second LTS release for Incus with Incus 6.0 LTS now entering its security-only phase for the remaining 3 years of its 5 years lifespan.

Incus 7.0 LTS joins LXC 7.0 LTS and LXCFS 7.0 LTS in wrapping up this round of LTS releases.

Just like its sister projects, Incus 7.0 LTS will be supported until June 2031.

The first 2 years will feature bug and security fixes as well as minor usability improvements, delivered through occasional point releases (7.0.x). After that initial two years, Incus 7.0 LTS will move to security only maintenance for the remaining of its 5 years of support.

A total of 204 individuals contributed to Incus between the 6.0 LTS and 7.0 LTS releases with 45 contributing between the 6.23 and 7.0 LTS releases.

This release fixes the following security issues:

• CVE-2026-35527 (Moderate)
• CVE-2026-40195 (Moderate)
• CVE-2026-40197 (Moderate)
• CVE-2026-40251 (Moderate)
• CVE-2026-41647 (Moderate)
• CVE-2026-41684 (Moderate)
• CVE-2026-41685 (Moderate)
• CVE-2026-40243 (Low)
• CVE-2026-41648 (Low)

Breaking changes:

• New minimum system requirements
• Removal of CGroupV1 support
• Removal of xtables support
• Incus CLI changes, removing handling for older syntax

New features for those coming from Incus 6.23:

• Minio replaced by built-in S3 listener
• Server shutdown action
• Low level backup API
• Storage pool project restriction
• Placement scriptlet call on cluster rebalance
• File transfer commands now aligned with cp
• –reuse flag in incus image copy

New features for those coming from Incus 6.0.6 LTS:

• All of the new features listed above
• Application containers (OCI)
• Dependent storage volumes
• Network address sets
• Linstor storage driver
• TrueNAS storage driver
• CPU baseline definition in cluster groups

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://www.youtube.com/watch?v=Fp0l84fSeP0

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!