Incus 6.23 Container & Virtual Machine Manager Released

The Incus project has rolled out version 6.23, marking the final update in the 6.x series before the anticipated 7.0 LTS release, expected at the end of April. This update brings important security patches along with several functional improvements for both containers and virtual machines.

Security Updates

This release addresses a total of six security flaws, including:

• Two classified as critical
• One rated as high severity

Most of these vulnerabilities were uncovered during a security review conducted by 7asecurity. The fixes have also been applied to the 6.0 LTS branch, and downstream distributions have already started rolling out updates or are in the process of doing so.

Dependent Storage Volumes

A key addition in Incus 6.23 is support for dependent storage volumes. These volumes are tightly coupled with an instance’s lifecycle:

• Automatically deleted when the instance is removed
• Included in backups and snapshots
• Migrated together with the instance

Direct snapshot operations on these volumes are not allowed, as they are fully managed through the parent instance.

Improved Virtual Machine Support

Virtual machine capabilities have been expanded with support for running the Incus agent on FreeBSD systems. This setup requires network communication between the host and the instance, similar to how macOS environments operate.

Images for FreeBSD 14 and 15 are available, though some users may need to perform manual configuration until packaging updates are finalized.

CLI Enhancements

The command-line interface has received usability improvements, including:

• More detailed error messages
• Colorized output for better readability

Additionally, file transfer commands such as incus file pull now behave more like the standard cp command and support symbolic link handling options like:

• -L (follow links)
• -H (follow command-line links)
• -P (preserve links)

Networking Improvements

Networking features have also been enhanced:

• Option to disable DHCP gateway advertisement using ipv4.dhcp.gateway=none
• Works with both standard and OVN-based networks
• Enables more flexible routing setups, including environments without default gateways

OVN network interfaces now support io.bus, allowing the use of USB-based NICs in virtual machines.

Monitoring and Lifecycle Events

Two new lifecycle events have been introduced:

• instance-agent-started
• instance-agent-stopped

These events provide better visibility into VM agent activity.

In addition, new project-level metrics now track:

• Number of containers and VMs
• Image usage
• Storage volume counts

Recovery and Repair Features

A new low-level repair API endpoint has been added to assist with instance recovery. The first available function, rebuild-config-volume, is designed to restore configuration volumes affected by storage corruption.

This is particularly useful for QCOW2-based instances running on LVM in clustered environments.

Availability and Testing

Incus 6.23 is now available, and users can explore its features through official channels. A hands-on testing platform is also available for those who want to try the latest version in a live environment.

Final Thoughts

With important security fixes and meaningful feature additions, Incus 6.23 serves as a strong final release before the upcoming 7.0 LTS. It improves reliability, expands virtualization support, and introduces better storage and networking flexibility for modern workloads.

For more information about the Incus 6.23 container and virtual machine manager changes, visit the release announcement or check out the full changelog.