EVE-OS 16.0.1 LTS Release Notes

Article Published Date: 6/16/2026

The latest 16.0.1 LTS version is https://github.com/lf-edge/eve/releases/tag/16.0.1-lts 

For a change log between 16.0-lts and 16.0.1-lts, see: https://github.com/lf-edge/eve/compare/16.0.0...16.0.1-lts 
 

Enhancements

Networking

• Local Policy Server (LPS) polling intervals are now configurable via device configuration properties, giving administrators control over how frequently EVE-OS checks for policy updates from an LPS endpoint.
• EVE-OS now publishes per-port runtime network status (NetworkPortStatus) to LPS, enabling LPS endpoints to make more informed policy decisions based on the current state of each network port.
• EVE-OS triggers an LPS network POST whenever the device network configuration or status changes, ensuring LPS endpoints receive timely updates without waiting for the next polling cycle.
• A signal handler has been added to support low-latency LPS configuration notifications, reducing the delay between an LPS policy update and its application on the edge node.
• EVE-OS now reports the local_modifications_allowed flag per port in the NetworkInfo payload sent to LPS, providing LPS endpoints with visibility into which ports allow local configuration overrides.
• MII (Media Independent Interface) link monitoring is now enabled by default for failover bonds, improving detection of physical link failures without requiring ARP probing.
• EVE-OS now publishes bond adapter status and metrics, making bond interface health and performance data available through standard telemetry channels.
• eSIM detection now uses the EID (eUICC Identifier) and handles devices with missing SIM slot paths, improving reliability on hardware with both physical and embedded SIM slots.

Hardware

• Intel AX210 (TY) Wi-Fi firmware versions 72 and 89 are now included, resolving WLAN interface initialization failures on devices equipped with Intel AX210 adapters (for example, Cincoze CL260).
• USB boot priority in the VM boot order is now configurable, giving administrators control over whether USB devices take precedence during VM startup.
• SR-IOV support has been extended to include Intel I350 NICs, with API logic improvements that ensure correct SR-IOV configuration across supported network adapters.

Security

• EVE-OS now supports dynamic PCR (Platform Configuration Register) policy for disk key sealing, allowing the TPM-protected disk encryption key policy to adapt to firmware changes without requiring manual re-sealing.
• TLS root CA certificates are now loaded directly from the /config partition instead of /persist/certs, making certificate handling more consistent across device lifecycle events such as factory resets and upgrades.
• Update dnsmasq to 2.92rel2, fixing CVE-2026-2291, CVE-2026-4890, CVE-2026-4891, CVE-2026-4892, CVE-2026-4893, CVE-2026-5172.

Linux OS & Kernel Updates

• The Linux kernel has been updated to patch CVE-2026-31431, addressing a security vulnerability in the kernel.

Observability

• Network tracing in the controller connection subsystem has been refactored to capture complete trace data for both successful and failed HTTP requests, improving diagnostics when investigating connectivity issues between the edge node and Edge Infrastructure Services.

Resolved Issues & Fixes

• Fixed device configuration properties handling in the VM auto-recovery path (maybeRetryBoot) so that the correct global device configuration is passed to the hypervisor during VM retries. This resolves cases where automatic domain recovery failed after a VM startup error.
• Reverted the null key verification for TPM reset attack detection. This feature was disabled by the upstream kernel TPM maintainer and its presence caused device onboarding issues on TPM-equipped hardware.
• Fixed a race condition in the QMP event handler that caused excessive log flooding during VM stop and restart cycles. This resolves cases where rapid VM reboots degraded overall system performance due to log I/O saturation.
• Fixed IPv4-only mode for static IPv4 network configuration. Previously, dhcpcd would acquire IPv6 addresses even on networks configured as IPv4-only, causing unexpected dual-stack behavior.
• Fixed a crash in the ghw hardware discovery library triggered by /proc/cpuinfo lines that do not contain a colon separator. Edge nodes with non-standard CPU info formatting no longer crash during hardware enumeration.
• Fixed the CONFIG tmpfs mount size to match the real partition size (1MB). 
• Removed legacy /persist/status/zedagent/* status files and replaced them with /run equivalents. Devices upgrading from 16.0.0-LTS will have the legacy directory cleaned up automatically, and device status reporting continues without interruption.
• Fixed spec.sh to produce valid JSON output when the ioMemberList is empty. Previously, an empty I/O member list caused malformed JSON that broke downstream tooling relying on spec.sh output.
• Fixed broken leader election in ZEDEDA Edge Kubernetes Service (ZKS) clusters. Nodes now successfully complete leader election after cluster restarts, restoring normal cluster operation.
• Fixed a race condition where an edge container running on a ZKS cluster would lose its IP address after a restart triggered by an inbound port-map change (for example, adding, removing, or modifying a port mapping). The IP address is now reliably reassigned after the restart.
• Fixed DevicePortConfig.MostlyEqual to correctly detect VLAN and bond (L2) configuration changes. Previously, VLAN or bond updates were not detected as meaningful changes, requiring a reboot to apply them. Changes are now detected and applied immediately.
• Disabled VMX for FML virtualization mode to prevent Windows VBS failures. When using the -cpu host option in QEMU under FML mode, the guest OS inherits the vmx flag. This causes Windows Virtualization-Based Security (VBS) to fail after the guest joins an Active Directory domain, resulting in VM startup failures. 
• Fixed edge node clustering interface resolution when the clustering interface is specified using a logical label instead of a physical interface name. Nodes configured this way now successfully join the cluster.
• Fixed URL construction in HTTP datastore handling by replacing string concatenation with url.JoinPath, and corrected SAS token handling for Azure Blob datastores. Applications using relative URLs or Azure SAS tokens now download successfully.
• Fixed EdgeView excluding the wwan0 cellular interface from the WebSocket interface list. Cellular interface traffic is now included in EdgeView network monitoring.
• Fixed COM port detection in EVE-OS debug tooling so that serial ports are correctly identified and available for diagnostics.