Incus 6.23 has been released as the final 6.x series update ahead of the upcoming 7.0 LTS (scheduled for April 30) for this container and virtual machine manager.
The update resolves six security vulnerabilities, including two critical and one high-severity issue. Most were identified during a security audit by 7asecurity. Fixes have been backported to the 6.0 LTS branch, and downstream distributions have been notified, with updates published or in progress.
Incus 6.23 introduces support for “dependent” storage volumes, which are directly linked to an instance’s lifecycle. When an instance is deleted, its dependent volumes are automatically removed. Snapshots and backups now include these volumes, and migrations transfer them with the instance. Direct snapshotting of these volumes is not permitted, as they are managed through the instance.
Virtual machine support now includes running the Incus agent on FreeBSD. This requires a network connection between the instance and host, similar to macOS support. Images for FreeBSD 14 and 15 are available, though some systems may need manual setup until packaging is updated.
The command-line interface has been updated to improve error reporting and add colored output for readability. File transfer commands, including incus file pull, now follow standard cp semantics and support symbolic link handling options such as -L, -H, and -P.
Networking updates allow the DHCP gateway advertisement to be disabled by setting ipv4.dhcp.gateway to none. This applies to both standard and OVN-managed networks, supporting more flexible routing, including environments without a default route. OVN NICs now support io.bus, enabling USB-based network interfaces for virtual machines.
Two new lifecycle events, instance-agent-started and instance-agent-stopped, provide visibility into VM agent state changes. New project-level metrics now report resource usage statistics, including container, VM, image, and storage volume counts.
Finally, a new low-level repair API endpoint has been introduced for instance recovery. The initial implementation includes a rebuild-config-volume action to recover configuration volumes affected by specific storage corruption, especially on QCOW2-backed instances using LVM in clustered environments.
For more information about the Incus 6.23 container and virtual machine manager changes, visit the release announcement or check out the full changelog.
Users are encouraged to try out these new features by visiting the Incus online platform, which provides a hands-on experience with the latest version.
