lwn.net

Security updates have been issued by AlmaLinux (kernel and tomcat9), Debian (iperf3, mupdf, qemu, thunderbird, and unbound), Fedora (glab, kubernetes1.31, kubernetes1.32, kubernetes1.33, and toolbox), Oracle (kernel and tomcat9), Red Hat (firefox, kernel, kernel-rt, and squid), SUSE (abseil-cpp-devel, aide, flake-pilot, gdk-pixbuf, glibc, go-sendxmpp, ImageMagick, jetty-annotations, jupyter-bqplot-jupyterlab, libtiff-devel-32bit, pam, pdns-recursor, ruby3.4-rubygem-activerecord, rust-keylime, terragrunt, and thunderbird), and Ubuntu (linux-azure and linux-azure-fips).

Linus has released 6.17-rc3 (called "3.17-rc3" in the email, but the tag in the repository is correct) for testing. "Anyway, things seem fairly normal for this phase in the release cycle, nothing stands out. Please keep testing,"

The 6.16.3 stable kernel update has been released. It contains a set of ext4 filesystem fixes that are probably a good thing for any 6.16 ext4 user to have.

Version 8.0 of the FFmpeg audio and video toolkit has been released.

Thanks to several delays, and modernization of our entire infrastructure, this release ended up being one of our largest releases to date. In short, its new features are:

• Native decoders: APV, ProRes RAW, RealVideo 6.0, Sanyo LD-ADPCM, G.728
• VVC decoder improvements: IBC, ACT, Palette Mode
• Vulkan compute-based codecs: FFv1 (encode and decode), ProRes RAW (decode only)
• Hardware accelerated decoding: Vulkan VP9, VAAPI VVC, OpenHarmony H264/5
• Hardware accelerated encoding: Vulkan AV1, OpenHarmony H264/5
• Formats: MCC, G.728, Whip, APV
• Filters: colordetect, pad_cuda, scale_d3d11, Whisper, and others

The Microdot web framework is quite small, as its name would imply; it supports both standard CPython and MicroPython, so it can be used on systems ranging from internet-of-things (IoT) devices all the way up to large, cloudy servers. It was developed by Miguel Grinberg, who gave a presentation about it at EuroPython 2025. His name may sound familiar from his well-known Flask Mega-Tutorial, which has introduced many to the Flask lightweight Python-based web framework. It should come as no surprise, then, that Microdot is inspired by its rather larger cousin, so Flask enthusiasts will find much to like in Microdot—and will come up to speed quickly should their needs turn toward smaller systems.

Security updates have been issued by AlmaLinux (tomcat), Debian (squid), Fedora (matrix-synapse, rust-slab, socat, and webkitgtk), SUSE (firefox-esr, gdk-pixbuf, gdk-pixbuf-devel, govulncheck-vulndb, rust-keylime, and wicked2nm), and Ubuntu (linux-nvidia, linux-oracle, linux-oracle-6.8, php7.0, php7.2, php7.4, python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, python3.5, python3.4, and ruby-webrick).

The Arch Linux project has posted an update about recent service outages that have affected its infrastructure:

The Arch Linux Project is currently experiencing an ongoing denial of service attack that primarily impacts our main webpage, the Arch User Repository (AUR), and the Forums.

We are aware of the problems that this creates for our end users and will continue to actively work with our hosting provider to mitigate the attack. We are also evaluating DDoS protection providers while carefully considering factors including cost, security, and ethical standards.

The post contains information on workarounds to use during the service disruption, and notes that Arch is not sharing technical details about the attack or mitigation while the attack is still ongoing.