On 23 April 2026, Canonical released Ubuntu 26.04 LTS, codenamed Resolute Raccoon. The release will be supported on the standard LTS track until April 2031, and on the Ubuntu Pro extended-maintenance track for several years beyond that. The accompanying changelog is the kind of document most engineers skim once and ignore; it has the layout and prose density of a parts catalogue. There is a table of version numbers, a short paragraph on each subsystem, a migration checklist, and a closing reminder to test SSSD configuration before pushing the upgrade to production.
I want to take this changelog seriously rather than skim it. It is the most consequential release-notes document Canonical has shipped since 18.04, and the reason is not Linux 7.0 or PostgreSQL 18 or the new GNOME — though it ships all of those. The reason is that this release is, by default, a different operating system at three layers most users will never look at. The default sudo is now a Rust binary. The default SSH key exchange is post-quantum. The legacy resource-control framework that has shipped in every modern Linux for fourteen years has been removed. None of these are individually flashy. Together they are the resolution, in a Tuesday LTS release, of three arguments the Linux community has been having for between ten and fifteen years.
The boring distribution has, this time, carried a thesis.
Memory safety reaches /usr/bin
The headline change is that /usr/bin/sudo is, on a fresh 26.04 install, a binary produced by the sudo-rs project, a memory-safe reimplementation of sudo and su, written in Rust by the Trifecta Tech Foundation. The original sudo, maintained by Todd Miller since 1994, remains available under the package name sudo.ws. It has not been removed. It is, however, not what runs when an administrator types sudo at the prompt.
The funding chain behind sudo-rs is itself worth pausing on. The project was funded primarily through NLnet's NGI0 Core Fund, a programme of the European Commission's Next Generation Internet initiative, with additional support from the Sovereign Tech Fund, the German government's open-source infrastructure investment vehicle. This is not a Big Tech rewrite. It is a piece of public-interest infrastructure, paid for by two European public bodies that decided the world would be better off if the binary every Linux administrator types twenty times a day were memory safe. The Trifecta Tech Foundation has a similar project for the Network Time Protocol called ntpd-rs, and the broader thesis is the same: pick the most security-critical piece of legacy C in the userland, write a careful Rust replacement, and, eventually, ship it as the default in a mainstream distribution.
The reason this thesis exists at all is a famous statistic. In a February 2019 BlueHat IL talk, Microsoft's Matt Miller reported that approximately 70% of the security vulnerabilities Microsoft had assigned a CVE over the previous twelve years were memory-safety issues — heap overflows, use-after-free, type confusion, uninitialized reads. The number has been verified across other large vendors and codebases since then. It is the load-bearing fact under every "rewrite it in Rust" headline of the last seven years. The argument is not that Rust is a fashionable language. The argument is that two-thirds of the security work the industry does could, if the underlying C were replaced with a memory-safe equivalent, simply not exist.
sudo is a particularly sharp case. It is set-uid root. Any memory bug in it is, structurally, a privilege escalation. Qualys disclosed CVE-2021-3156, "Baron Samedit," in January 2021 — a heap-based buffer overflow in sudoedit that had been latent in the codebase for almost ten years and was reachable by any unprivileged user on a Linux system with sudo installed. The patch was straightforward; the fact that the bug had survived a decade of review in a piece of software run by every Linux administrator on Earth was less so. A memory-safe rewrite is not a guarantee against future bugs. It is a guarantee against this particular class of bugs, which happens to be the class that produces the most consequential CVEs.
Canonical has shipped the Rust rewrite of sudo. It has explicitly not shipped the Rust rewrite of cp, mv, and rm, which would have been the natural matching change in coreutils. The release notes attribute the omission to eight unresolved time-of-check-to-time-of-use race conditions in the Rust implementations — the kind of low-level filesystem-API subtlety that GNU coreutils worked out over forty years and the new replacements are still working out. The decision to ship Rust ls and base64 while holding cp, mv, and rm for the next non-LTS release is the strongest signal in the changelog that this migration is real rather than performative. The careful version of "rewrite it in Rust" looks exactly like this — rewrite the CVE-prone parts first, hold the others until the bugs are fixed, and accept that Ubuntu 26.04 will not be the release that finishes the project.
Post-quantum cryptography, by default
The second thesis arriving in the release is post-quantum key exchange in OpenSSH. On a fresh 26.04 install, the default key exchange algorithm an SSH client will negotiate is mlkem768x25519-sha256, a hybrid construction combining ML-KEM-768 — the lattice-based post-quantum KEM specified in NIST's FIPS 203, finalised in August 2024 — with the classical X25519 elliptic-curve Diffie-Hellman. The hybrid runs both key exchanges in parallel and combines the resulting secrets. If the post-quantum half is broken in some unforeseen way, the classical half holds. If the classical half is broken by a sufficiently large quantum computer, the post-quantum half holds. Either failure mode is survivable; both failing simultaneously is the threat model the construction does not cover, which is the threat model nobody has a defence against.
OpenSSH 10.0, released in April 2025, made mlkem768x25519-sha256 the default for the first time, and Ubuntu 26.04 ships OpenSSH 10.2. The user-visible effect is approximately nothing — handshakes are slightly larger and slightly slower, well within the noise floor of network round-trip time — and the security-visible effect is that traffic captured today and stored for decryption decades from now, a tactic the security community has been calling "harvest now, decrypt later" since the early 2010s, can no longer be decrypted by an adversary who later gets a fault-tolerant quantum computer. The threat model is speculative. The architectural change is permanent.
What "by default" buys is the difference between a security improvement and a security feature. An opt-in algorithm changes the behaviour of the operators who go looking for it. A default changes the behaviour of every system administrator who runs apt install openssh-server, which is a very large fraction of the Internet's hosts. In aggregate, the upgrade from default classical to default post-quantum SSH is the kind of architectural shift that happens once per decade in Internet protocols, and it is happening, in the most populous Linux distribution's LTS branch, this April. The next LTS release, in 2028, will inherit it. The release after that, in 2030, will not remember when SSH was anything else.
The deprecation cycle, finishing
The third pattern in the changelog is the one that makes the LTS model useful in the first place. Several long-running deprecations have, this release, finally completed.
cgroup v1, the original Linux resource-control framework, has been removed. cgroup v2 has been the recommended interface since approximately 2016 and the default in fresh installations for several years; v1 was kept around to support container runtimes and monitoring tooling that had not migrated. After roughly a decade of "v2 is the future, v1 still works," the kernel team and Canonical have made the transition mandatory in this LTS. Container deployments that have been running on legacy v1 for years will not boot on 26.04 without configuration changes.
DSA host keys, deprecated in OpenSSH 7.0 in 2015 because the algorithm's parameter sizes had been understood as inadequate since approximately 2010, have been removed entirely. Any ~/.ssh/known_hosts or authorized_keys entry still using DSA stops working after the upgrade. Eleven years of "please migrate" have ended in the version where it stops being optional.
The release notes describe Ubuntu 26.04 as the last LTS that will carry System V init script support. systemd has been the default since Ubuntu 15.04, eleven years ago. Legacy services that still ship /etc/init.d/ scripts have one more LTS cycle to migrate before they stop working entirely.
The pattern is consistent. Each deprecation is announced, tolerated, supported, eventually removed — across timescales of ten to fifteen years. The boring distribution's job, in that pattern, is to be the layer at which the removal becomes mandatory. The kernel can move every six weeks. The userland migration cycle, as Greg Kroah-Hartman has observed about Linux ecosystems generally, is closer to fifteen years. An LTS release is the inflection point at which the second of those numbers finally catches up to the first.
What the release isn't
This is not an argument that Canonical has done something heroic. The interesting work in this release was done by the upstream projects — the OpenSSH developers, the sudo-rs team at Trifecta Tech, the kernel maintainers who removed cgroup v1, the rust-coreutils contributors. Canonical's contribution is integration: choosing which of those upstream changes to take as default, making the migration paths legible, holding the line on the tools that aren't quite ready yet.
That kind of integration is not glamorous, and Canonical's commercial model is not universally popular, and none of that is the subject of this essay either. The subject is what an LTS distribution actually is, in 2026, after the upstream community has done the loud work of arguing for memory safety and post-quantum cryptography for a decade. An LTS is the layer at which the arguments end. Ubuntu 26.04 is what the end of those particular arguments looks like.
Reading the changelog twice
The 23 April release notes read, on first pass, like a parts catalogue. A version table, a paragraph each on the major server subsystems, a series of small migration notes for operators about config-format changes and long-deprecated defaults that have finally been removed. The skim version of the document is the version most operators read, and the skim version is mostly accurate.
The interesting version of the document is on the second pass, when the reader notices that the Tuesday-release boilerplate is not boilerplate. The default sudo is the resolution of an argument that started in 2019. The default SSH key exchange is the resolution of an argument that started in 2014. The cgroup v1 removal closes an interface that has been deprecated for a decade. Each line item is the end of a story whose middle the rest of us have been living through. The boring distribution did the work the spectacular distributions never quite got around to. It put the receipts in the changelog, and shipped on Tuesday, and the end of three long arguments arrived in /usr/bin and /etc/ssh/sshd_config and /sys/fs/cgroup without anyone ringing a bell.
Top comments (0)