New in snapd 2.63:

• Support for snap services to show the current status of user services (experimental)
• Refresh app awareness: record snap-run-inhibit notice when starting app from snap that is busy with refresh (experimental)
• Refresh app awareness: use warnings as fallback for desktop notifications (experimental)
• Aspect based configuration: make request fields in the aspect-bundle's rules optional (experimental)
• Aspect based configuration: make map keys conform to the same format as path sub-keys (experimental)
• Aspect based configuration: make unset and set behaviour similar to configuration options (experimental)
• Aspect based configuration: limit nesting level for setting value (experimental)
• Components: use symlinks to point active snap component revisions
• Components: add model assertion support for components
• Components: fix to ensure local component installation always gets a new revision number
• Add basic support for a CIFS remote filesystem-based home directory
• Add support for AppArmor profile kill mode to avoid snap-confine error
• Allow more than one interface to grant access to the same API endpoint or notice type
• Allow all snapd service's control group processes to send systemd notifications to prevent warnings flooding the log
• Enable not preseeded single boot install
• Update secboot to handle new sbatlevel
• Fix to not use cgroup for non-strict confined snaps (devmode, classic)
• Fix two race conditions relating to freedesktop notifications
• Fix missing tunables in snap-update-ns AppArmor template
• Fix rejection of snapd snap udev command line by older host snap-device-helper
• Rework seccomp allow/deny list
• Clean up files removed by gadgets
• Remove non-viable boot chains to avoid secboot failure
• posix_mq interface: add support for missing time64 mqueue syscalls mq_timedreceive_time64 and mq_timedsend_time64
• password-manager-service interface: allow kwalletd version 6
• kubernetes-support interface: allow SOCK_SEQPACKET sockets
• system-observe interface: allow listing systemd units and their properties
• opengl interface: enable use of nvidia container toolkit CDI config generation

New in snapd 2.62:

• Aspects based configuration schema support (experimental)
• Refresh app awareness support for UI (experimental)
• Support for user daemons by introducing new control switches --user/--system/--users for service start/stop/restart (experimental)
• Add AppArmor prompting experimental flag (feature currently unsupported)
• Installation of local snap components of type test
• Packaging of components with snap pack
• Expose experimental features supported/enabled in snapd REST API endpoint /v2/system-info
• Support creating and removing recovery systems for use by factory reset
• Enable API route for creating and removing recovery systems using /v2/systems with action create and /v2/systems/{label} with action remove
• Lift requirements for fde-setup hook for single boot install
• Enable single reboot gadget update for UC20+
• Allow core to be removed on classic systems
• Support for remodeling on hybrid systems
• Install desktop files on Ubuntu Core and update after snapd upgrade
• Upgrade sandbox features to account for cgroup v2 device filtering
• Support snaps to manage their own cgroups
• Add support for AppArmor 4.0 unconfined profile mode
• Add AppArmor based read access to /etc/default/keyboard
• Upgrade to squashfuse 0.5.0
• Support useradd utility to enable removing Perl dependency for UC24+
• Support for recovery-chooser to use console-conf snap
• Add support for --uid/--gid using strace-static
• Add support for notices (from pebble) and expose via the snapd REST API endpoints /v2/notices and /v2/notice
• Add polkit authentication for snapd REST API endpoints /v2/snaps/{snap}/conf and /v2/apps
• Add refresh-inhibit field to snapd REST API endpoint /v2/snaps
• Add refresh-inhibited select query to REST API endpoint /v2/snaps
• Take into account validation sets during remodeling
• Improve offline remodeling to use installed revisions of snaps to fulfill the remodel revision requirement
• Add rpi configuration option sdtv_mode
• When snapd snap is not installed, pin policy ABI to 4.0 or 3.0 if present on host
• Fix gadget zero-sized disk mapping caused by not ignoring zero sized storage traits
• Fix gadget install case where size of existing partition was not correctly taken into account
• Fix trying to unmount early kernel mount if it does not exist
• Fix restarting mount units on snapd start
• Fix call to udev in preseed mode
• Fix to ensure always setting up the device cgroup for base bare and core24+
• Fix not copying data from newly set homedirs on revision change
• Fix leaving behind empty snap home directories after snap is removed (resulting in broken symlink)
• Fix to avoid using libzstd from host by adding to snapd snap
• Fix autorefresh to correctly handle forever refresh hold
• Fix username regex allowed for system-user assertion to not allow '+'
• Fix incorrect application icon for notification after autorefresh completion
• Fix to restart mount units when changed
• Fix to support AppArmor running under incus
• Fix case of snap-update-ns dropping synthetic mounts due to failure to match desired mount dependencies
• Fix parsing of base snap version to enable pre-seeding of Ubuntu Core Desktop
• Fix packaging and tests for various distributions
• Add remoteproc interface to allow developers to interact with Remote Processor Framework which enables snaps to load firmware to ARM Cortex microcontrollers
• Add kernel-control interface to enable controlling the kernel firmware search path
• Add nfs-mount interface to allow mounting of NFS shares
• Add ros-opt-data interface to allow snaps to access the host /opt/ros/ paths
• Add snap-refresh-observe interface that provides refresh-app-awareness clients access to relevant snapd API endpoints
• steam-support interface: generalize Pressure Vessel root paths and allow access to driver information, features and container versions
• steam-support interface: make implicit on Ubuntu Core Desktop
• desktop interface: improved support for Ubuntu Core Desktop and limit autoconnection to implicit slots
• cups-control interface: make autoconnect depend on presence of cupsd on host to ensure it works on classic systems
• opengl interface: allow read access to /usr/share/nvidia
• personal-files interface: extend to support automatic creation of missing parent directories in write paths
• network-control interface: allow creating /run/resolveconf
• network-setup-control and network-setup-observe interfaces: allow busctl bind as required for systemd 254+
• libvirt interface: allow r/w access to /run/libvirt/libvirt-sock-ro and read access to /var/lib/libvirt/dnsmasq/**
• fwupd interface: allow access to IMPI devices (including locking of device nodes), sysfs attributes needed by amdgpu and the COD capsule update directory
• uio interface: allow configuring UIO drivers from userspace libraries
• serial-port interface: add support for NXP Layerscape SoC
• lxd-support interface: add attribute enable-unconfined-mode to require LXD to opt-in to run unconfined
• block-devices interface: add support for ZFS volumes
• system-packages-doc interface: add support for reading jquery and sphinx documentation
• system-packages-doc interface: workaround to prevent autoconnect failure for snaps using base bare
• microceph-support interface: allow more types of block devices to be added as an OSD
• mount-observe interface: allow read access to /proc/{pid}/task/{tid}/mounts and proc/{pid}/task/{tid}/mountinfo
• polkit interface: changed to not be implicit on core because installing policy files is not possible
• upower-observe interface: allow stats refresh
• gpg-public-keys interface: allow creating lock file for certain gpg operations
• shutdown interface: allow access to SetRebootParameter method
• media-control interface: allow device file locking
• u2f-devices interface: support for Trustkey G310H, JaCarta U2F, Kensington VeriMark Guard, RSA DS100, Google Titan v2

New in snapd 2.61.3:

• Install systemd files in correct location for 24.04

New in snapd 2.61.2:

• Fix to enable plug/slot sanitization for prepare-image
• Fix panic when device-service.access=offline
• Support offline remodeling
• Allow offline update only remodels without serial
• Fail early when remodeling to old model revision
• Fix to enable plug/slot sanitization for validate-seed
• Allow removal of core snap on classic systems
• Fix network-control interface denial for file lock on /run/netns
• Add well-known core24 snap-id
• Fix remodel snap installation order
• Prevent remodeling from UC18+ to UC16
• Fix cups auto-connect on classic with cups snap installed
• u2f-devices interface support for GoTrust Idem Key with USB-C
• Fix to restore services after unlink failure
• Add libcudnn.so to Nvidia libraries
• Fix skipping base snap download due to false snapd downgrade conflict

New in snapd 2.61.1:

• Stop requiring default provider snaps on image building and first boot if alternative providers are included and available
• Fix auth.json access for login as non-root group ID
• Fix incorrect remodelling conflict when changing track to older snapd version
• Improved check-rerefresh message
• Fix UC16/18 kernel/gadget update failure due volume mismatch with installed disk
• Stop auto-import of assertions during install modes
• Desktop interface exposes GetIdletime
• Polkit interface support for new polkit versions
• Fix not applying snapd snap changes in tracked channel when remodelling

New in snapd 2.61:

• Fix control of activated services in 'snap start' and 'snap stop'
• Correctly reflect activated services in 'snap services'
• Disabled services are no longer enabled again when snap is refreshed
• interfaces/builtin: added support for Token2 U2F keys
• interfaces/u2f-devices: add Swissbit iShield Key
• interfaces/builtin: update gpio apparmor to match pattern that contains multiple subdirectories under /sys/devices/platform
• interfaces: add a polkit-agent interface
• interfaces: add pcscd interface
• Kernel command-line can now be edited in the gadget.yaml
• Only track validation-sets in run-mode, fixes validation-set issues on first boot.
• Added support for using store.access to disable access to snap store
• Support for fat16 partition in gadget
• Pre-seed authority delegation is now possible
• Support new system-user name daemon
• Several bug fixes and improvements around remodelling
• Offline remodelling support

New in snapd 2.60.4:

• Switch to plug/slot in the "qualcomm-ipc-router" interface
  but keeping backward compatibility
• Fix "custom-device" udev KERNEL values
• Allow firmware-updater snap to install user-daemons
• Allow loopback as a block device

• Fix bug in the "private" plug attribute of the shared-memory
  interface that can result in a crash when upgrading from an
  old version of snapd.
• Fix missing integration of the /etc/apparmor.d/tunables/home.d/
  apparmor to support non-standard home directories

• Performance improvements for apparmor_parser to compensate for the slower -O expr-simplify default used. This should bring the performance back to the 2.60 level and even increase it for many use-cases (when using the snap with the vendored apparmor_parser).
• Bugfixes

• Bugfixes
• Use "aes-cbc-essiv:sha256" in cryptsetup on arm 32bit devices
  to increase speed on devices with CAAM support
• Stop using -O no-expr-simplify in apparmor_parser to avoid
  potential exponential memory use. This can lead to slower
  policy complication in some cases but it is much safer on
  low memory devices.

New in snapd 2.60:

• Support for dynamic snapshot data exclusions
• Apparmor userspace is vendored inside the snapd snap
• Added a default-configure hook that exposes gadget default configuration
  options to snaps during first install before services are started
• Allow install from initrd to speed up the initial installation for
  systems that do not have a install-device hook
• New snap sign --chain flag that appends the account and account-key
  assertions
• Support validation-sets in the model assertion
• Support new "min-size" field in gadget.yaml
• New interface: "userns"
• Moved to go-1.18 for building which results in up to 20% smaller binaries

New in snapd 2.59.5:

• Explicitly disallow the use of ioctl + TIOCLINUX
  This fixes CVE-2023-1523.

Please note that this issue only affects user on Linux consoles, not on virtual terminals like gnome-terminal or xterm.

New in snapd 2.59.4:

• Retry when looking for disk label on non-UEFI systems
• Fix remodel from UC20 to UC22

New in snapd 2.59.3:

• Fix quiet boot
• Ignore case for vfat paritions when validating
• Restart always enabled units

New in snapd 2.59.2:

• Notify users when a user triggered auto refresh finished

New in snapd 2.59.1:

• Add udev rules from steam-devices to steam-support interface
• Bugfixes for layout path checking, dm_crypt permissions,
  mount-control interface parameter checking, kernel commandline
  parsing, docker-support, refresh-app-awareness

For completeness the changes for 2.59 are also included. This
version had a bug in the refresh code so it was never released
beyond the beta version.

New in snapd 2.59:

• Support setting extra kernel command line parameters via snap
  configuration and under a gadget allow-list
• Support for Full-Disk-Encryption using ICE
• Support for arbitrary home dir locations via snap configuration
• New nvidia-drivers-support interface
• Support for udisks2 snap
• Pre-download of snaps ready for refresh and automatic refresh of the
  snap when all apps are closed
• New microovn interface
• Support uboot with CONFIG_SYS_REDUNDAND_ENV=n
• Make "snap-preseed --reset" re-exec when needed
• Update the fwupd interface to support fully confined fwupd
• The memory,cpu,thread quota options are no longer experimental
• Support debugging snap client requests via the SNAPD_CLIENT_DEBUG_HTTP
  environment variable
• Support ssh listen-address via snap configuration
• Support for quotas on single services
• prepare-image now takes into account snapd versions going into the image,
  including in the kernel initrd, to fetch supported assertion formats

New bugfix release:

• interfaces/screen-inhibit-control: Add support for xfce-power- manager
• interfaces/network-manager: do not show ptrace read denials
• interfaces: relax rules for mount-control what for functionfs
• cmd/snap-bootstrap: add support for snapd_system_disk
• interfaces/modem-manager: add net_admin capability
• interfaces/network-manager: add permission for OpenVPN
• httputil: fix checking x509 certification error on go 1.20
• i/b/fwupd: allow reading host os-release
• boot: on classic+modes MarkBootSuccessfull does not need a base
• boot: do not include base= in modeenv for classic+modes installs
• tests: add spread test that validates revert on boot for core does not happen on classic+modes
• snapstate: only take boot participants into account in UpdateBootRevisions
• snapstate: refactor UpdateBootRevisions() to make it easier to check for boot.SnapTypeParticipatesInBoot()

New upstream release:

• bootloader: fix dirty build by hardcoding copyright year

New upstream release, LP: #1998462

• secboot: detect lockout mode in CheckTPMKeySealingSupported
• cmd/snap-update-ns: prevent keeping unneeded mountpoints
• o/snapstate: do not infinitely retry when an update fails during
  seeding
• interfaces/modem-manager: add permissions for NETLINK_ROUTE
• systemd/emulation.go: use systemctl --root to enable/disable
• snap: provide more error context in NotSnapError
• interfaces: add read access to /run for cryptsetup
• boot: avoid reboot loop if there is a bad try kernel
• devicestate: retry serial acquire on time based certificate
  errors
• o/devicestate: run systemctl daemon-reload after install-device
  hook
• cmd/snap,daemon: add 'held' to notes in 'snap list'
• o/snapshotstate: check snapshots are self-contained on import
• cmd/snap: show user+gating hold info in 'snap info'
• daemon: expose user and gating holds at /v2/snaps/{name}

New major 2.58 release.

New security update release

Please ensure to update - this fixes CVE 2022-3328

Fixes

• image: clean snapd mount after preseeding
• wrappers,snap/quota: clear LogsDirectory= in the service unit for journal namespaces
• cmd/snap,daemon: allow zero values from client to daemon fo journal rate-limit
• interfaces: steam-support allow pivot /run/media and /etc/nvidia mount
• o/ifacestate: introduce DebugAutoConnectCheck hook
• release, snapd-apparmor, syscheck: distinguish WSL1 and WSL2
• autopkgtests: fix running autopkgtest on kinetic
• interfaces: add microceph interface
• interfaces: steam-support allow additional mounts
• many: add stub services
• interfaces: add kconfig paths to system-observe
• i/b/system_observe: honour root dir when checking for /boot/config-*
• interfaces: grant access to speech-dispatcher socket
• interfaces: rework logic of unclashMountEntries