I'm pleased to announce the release of libnbd 1.24. libnbd is a userspace client library for the Network Block Device protocol, and also a set of useful tools, and bindings in several programming languages. You can read more about Network Block Device and libnbd here: https://libguestfs.org/libnbd.3.html The new version is available here: https://download.libguestfs.org/libnbd/1.24-stable/ The release notes are attached below or you can read them online here: https://libguestfs.org/libnbd-release-notes-1.24.1.html Rich. ---------------------------------------------------------------------- These are the release notes for libnbd stable release 1.24. This describes the major changes since 1.22. libnbd 1.24.0 was released on 16 December 2025. Security In nbd_connect_uri(3), and in several libnbd tools (for example, nbdinfo(1)), when using nbd+ssh:// URIs, the hostname field was not adequately sanitized. A consequence is that an attacker who can control this field in the URI could run commands from libnbd. This issue affected libnbd ≥ 1.22. For more information see: https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/t... If you find a security issue, please read SECURITY in the source (online here: https://gitlab.com/nbdkit/libnbd/blob/master/SECURITY). To find out about previous security issues in libnbd, see libnbd-security(3). New APIs New nbd_get_version_extra(3) returns the string passed to "./configure --with-extra="..."". This is intended to be used by downstream packagers. New nbd_get_handle_size(3) which returns an estimate of the size of the handle in bytes. This is intended for use by garbage collected languages as a hint for when to free the handle. New nbd_get_tls_priority(3) and nbd_set_tls_priority(3) which allow you to temporarily override the system TLS priority string. New nbd_set_uri_allow_tls_priority(3) API which lets you enable the new "?tls-priority=PRIORITY" feature in NBD URIs (this is disabled by default). Enhancements to existing APIs In nbd_connect_uri(3) nbd+ssh:// URIs, extra "nbd-port" and "tls-username" query parameters allow you to separately control the NBD TLS and SSH user/port. The new "compress=true" query parameter lets you enable SSH compression. Also in nbd_connect_uri, the new "tls-priority=PRIORITY" parameter lets you override the TLS priority string (but this is not enabled by default, see previous section). Protocol Post-Quantum Cryptography (PQC) ciphers and certificates for TLS connections are now fully supported. As part of this change multiple client certificates can now be loaded by the library. (Thanks Dan Berrange). Tools New nbddiscard(1) and nbdzero(1) tools which can be used to trim/discard, or zero, part or all of an NBD disk (additional features by Eric Blake). New nbdcopy(1) --blkhash feature. This can calculate the blkhash (similar to a checksum) of the image as it is being copied (Nir Soffer, Vera Wu). nbdcopy now obeys --destination-is-zero and --allocated options when running in synchronous mode (Nir Soffer). Language bindings OCaml bindings now implement "NBD.Buffer.is_zero" OCaml bindings now provide a better estimate of the size of the libnbd handle to the garbage collector, allowing it to — at least in theory — make better decisions on when to free the handle (thanks Kit-ty-kate). Python bindings implement indexing and slicing of "nbd.Buffer" Improve the automatic conversion of POD documentation to Rust documentation. Previously garbled mark-up will now be converted properly. Tests Enhanced tests of the nbdcopy --allocated and --destination-is-zero options. When running libnbd tests on ZFS, several tests would fail. They are now skipped (thanks Arsen Arsenović, Eric Blake). Other improvements and bug fixes nbdcopy now gives a hard error if the Linux system call sync_file_range(2) fails. This can happen for certain device I/O errors (thanks Eric Sandeen, Dave Chinner). On macOS and Linux, set Unix domain socket buffer sizes for improved performance (Nir Soffer). Fix several typos and spelling mistakes in the documentation (Eric Blake). Documentation New libnbd-python(3) page which provides an introduction to the Python API. This information was previously scattered in a few places. Build "./configure --with-extra="..."" can be used by downstream packagers to add extra information to the --version output of tools, such as the version of the downstream package. Colourize and improve the "./configure" output, if using a terminal. Internals Copy new vector and string functions from nbdkit, including "vector_uniq", "vector_append_array", "vector_insert_array", C,vector_remove_range>, "string_append_format". Fix the memory allocation behaviour of the internal vector library, which should reduce memory usage in some situations (Eric Blake). SEE ALSO libnbd(3). AUTHORS Christopher Byrne Eric Blake Nir Soffer Richard W.M. Jones -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org