croit v2605: Security-Patched Ceph & OS Images + New Guardrails

The v2605 release line is here. It's a smaller, more focused update than a feature-packed major release, and it delivers what production storage operators care about most: refreshed Ceph and OS images with important security fixes, more transparent release notes right inside the UI, and a couple of well-placed guardrails that keep routine maintenance from turning into an incident.

Here's a tour of what changed across v2605.0 and the v2605.1 bugfix release.

Ceph and OS image updates

Every croit release ships refreshed OS images, and the most important part of v2605's images is security patching. v2605 ships general OS updates plus fixes for the AlmaLinux advisories Copy Fail (CVE-2026-31431), Dirty Frag (CVE-2026-43284, CVE-2026-43500), Fragnesia (CVE-2026-46300), and ssh-keysign-pwn (CVE-2026-46333). If you're running an older image, this is the part of the release worth acting on first.

The images also roll out new Ceph point releases, Reef 18.2.8 and Tentacle 20.2.1 along with the usual OS package updates, plus a fix that restores InfiniBand support on the AlmaLinux images.

A changelog you can actually read

Knowing what changed and why shouldn't require digging through external pages, so v2605.1 makes the in-product changelog more useful.

The Images page now has its own dedicated changelog. The new Image Changelog filters the history down to image-specific changes: kernel, Ceph version, OS base, and security updates, so you can review an image on its own terms before rolling it out.

We also taught the changelog to render links. It's a small touch, but when an entry references a CVE or a Ceph release note, you can now jump straight to the source instead of copying version strings into a search bar.

Guardrails for routine maintenance

In v2605.1 croit now warns you before rebooting or shutting down servers if doing so would make PGs inactive, giving you the chance to reconsider before data becomes temporarily unavailable. It's the kind of check that's easy to skip mentally at 2 a.m. and exactly when you most want the software watching your back.

We also added a warning during setup: if the PXE boot IP on the management node sits on a different subnet than the configured DHCP network, croit now flags it. Misaligned boot networking is a classic "why won't this server PXE boot?" time sink, and now you'll catch it before it costs you an afternoon.

Smaller fixes that smooth out the rough edges

A release is also the sum of its quieter fixes. In v2605 we:

• Fixed metrics graph labels that were being cut off.
• Got cephfs-shell working again inside the croit container (it was missing some package dependencies).

Upgrade when you're ready

v2605 brings newer Ceph, security-patched OS images, clearer release notes, and a couple of safety nets that pay for themselves the first time they stop a bad reboot. As always, you can review the full changelog directly in the UI under Maintenance → Changelog before you upgrade.