Hi folks,
The 2026.02 tag has been pushed to master on gitlab.com/lava/lava.
.deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and
are available from
https://registry.gitlab.com/
and
https://hub.docker.com/u/lavasoftware
Changes in this release
==================
# Security fixes
Some security issues has been fixed in this release and we advice to
upgrade as soon as possible.
The details will be available later on.
# Device-types
## New device-types
* asus-CX3402CVA-brya
* lenovo-chrome-2in1-14iru10-brox
* mt8196-rauru-navi-sku1
* r9a07g043u11-smarc
* r9a07g044c2-smarc
* sc7180-trogdor-wormdingler-rev1-boe
# Documentation migration
Documentation v3 continues to be updated. All `deploy`, `boot` and `test`
methods are now documented and published at
https://lava.readthedocs.io/en/latest under **Technical references**.
# Debian support
Debian 11 (Bullseye) is being phased out. 2026.02 is the last LAVA release
to support it.
Starting from 2026.02 the oldest supported Debian release will be 12
(Bookworm)
# Docker
* All LAVA base images are now based on Debian 13 (Trixie) `slim`
* Debian 11 (Bullseye) was dropped from all CI jobs
* `wget` tool was added to lava-dispatcher-base image
# Job logs
## Secret filtering
LAVA is now filtering the job logs to remove sensitive data. This is still
a work in progress that will be improved in the following releases.
With this new feature, values of the variables defined in `secrets`
dictionary will be replaced in the job output log with string `[MASKED]`.
# Dispatcher changes
## Downloading artifacts
Set max_retries to 1 by default when downloading an artifacts.
The max_retries value can be set in the job definition using failure_retry
key. Example:
```yaml
- deploy:
failure_retry: 2
images:
image:
url: https://example.com/foo
```
## Deploy character delay
Add support for `deploy_character_delay` to add delay between each
character when interacting with the serial during deployment.
To use it add to the device dictionary (in milliseconds):
```jinja2
{% set deploy_character_delay = 30 %}
```
Defaults to 30ms delay for vexpress devices.
## fastboot
Improve fastboot device detection by making parsing more generic. This
should now work with multiple fastboot versions.
## FVP
Use `find` to locate armlm binary instead of hardcoded path to provide
compatibility with more FVP models.
## multinode
Fix `lava-role list` to properly match the documentation. Also fix
multinode collate function used to replace placeholdeers like `$ipaddr` in
synchronization messages.
## pyocd
Fix flashing with pyocd with latest pycocd versions.
## Transfer overlay
Allow to transfer the overlay using zmodem when network is not available.
In the job definition, add:
```yaml
- boot:
transfer_overlay:
transfer_method: zmodem
unpack_command: tar -C / -xzf
```
The worker and target device **must** have respectively the `sz` and `rz`
utilities installed. This is typically provided by: `lrzsz` package on
Debian-based or Fedora-based systems.
## uuu
Allow to use `uniquify` parameter for uuu deployment action. This is useful
when using `downloads://` urls.
# Server changes
## Restricting callback URLs
By default, notification callbacks can target any URL. Administrators can
restrict which hosts are permitted by setting `CALLBACK_ALLOWED_HOSTS` in
`/etc/lava-server/settings.yaml` or a file in
`/etc/lava-server/settings.d/`:
```yaml
CALLBACK_ALLOWED_HOSTS:
- "example.com"
- "*.example.com"
- "*.ci.example.com"
```
Rgds
--
Rémi Duraffort
Principal Tech Lead
LAVA Tech Lead
Automation Software Team
Linaro
