* systemd-logind's integration with the UAPI.1 Boot Loader
      Specification (which allows the systemctl reboot --boot-loader-entry=
      switch to work) so far has supported a special directory
      /run/boot-loader-entries/ which allowed defining boot loader entries
      outside of the ESP/XBOOTLDR partition for compatibility with legacy
      systems that do not natively implement UAPI.1. However, it appears
      that (to our knowledge) it is not actually being used by any project
      (quite unlike UAPI.1 itself, which found adoption far beyond
      systemd), and its implementation is incomplete. With the future 262
      release we intend to remove support for /run/boot-loader-entries/ and
      related interfaces, in order to simplify our codebase. Support for
      UAPI.1 is – of course – kept in place.

    * The experimental "systemd-sysupdated" D-Bus API is going to be
      removed in the next release. The plan is that in its place
      clients should directly talk to systemd-sysupdate (i.e. the backend
      of "systemd-sysupdated") via Varlink IPC. The "updatectl" tool will
      be reworked along these lines.

    * systemd-nspawn's --user= option has been renamed to --uid=. The -u
      short option continues to work. The old --user NAME and --user=NAME
      forms (with and without "=") are still accepted but deprecated; a
      warning is emitted suggesting --uid=NAME. The --user option (without
      an argument) has been repurposed as a standalone switch to select
      the user service manager scope, matching --system.

    * Several configuration fields in the io.systemd.Unit varlink interface
      that were previously exposed as plain strings have been converted to
      proper enum types. This adds type safety and IDL-level validation.
      The output wire format now uses underscores instead of dashes and
      plus signs in enum values (e.g. "tty-force" becomes "tty_force",
      "kmsg+console" becomes "kmsg_console"). The previous use of plain
      strings for these well-defined enumerations is considered a bug.
      Affected enum types: ExecInputType, ExecOutputType, ProtectHome,
      CGroupController, CollectMode, EmergencyAction, JobMode.

    * It was discovered that some of the events systemd-stub measures to
      the TPM were not also measured to the hardware CC registers (e.g.
      Intel TDX RTMRs) via EFI_CC_MEASUREMENT_PROTOCOL. In particular,
      devicetree, initrd, ucode addons and the UKI profile were only
      measured to the TPM. The missing measurements for CC have now been
      added; however, this changes the expected register values. This
      may need to be reflected in the attestation environments which use
      hardware CC registers (in place of TPM quotes).

    * systemd-nspawn gained a new --restrict-address-families= option (and
      corresponding RestrictAddressFamilies= setting in .nspawn files) to
      restrict which socket address families may be used in the container.
      This is currently opt-in. In a future version, the default will be
      changed to restrict socket address families to AF_INET, AF_INET6 and
      AF_UNIX.

    * A new service unit "systemd-pcrosseparator.service" will now measure
      a new separator measurement during early userspace into PCRs 0-7, 9,
      12-14, in order to isolate firmware/pre-boot measurements from host
      measurements. This is a safety concept to protect firmware
      measurements on systems where the regular firmware separator
      measurement is missing. It's also useful in environments where a
      software TPM is used, i.e. where TPM functionality is only available
      starting with the OS, but not before. Note that this new measurement
      has an effect on all indicated PCRs, hence might affect relevant TPM
      policies.

    * Support for udev's old database version 0 has been removed. This
      effectively means live upgrades from versions older than v247 are not
      supported anymore.

    * systemd-networkd gained a new sd-dhcp-relay backend for DHCP relay
      agent support. As part of this change, the following [DHCPServer]
      settings are deprecated:
      - BindToInterface=
      - RelayTarget=
      - RelayAgentCircuitId=
      - RelayAgentRemoteId=
      They are replaced by DHCPRelay= in [Network], along with new
      [DHCPRelay] section settings in .network files:
      - AgentAddress=
      - GatewayAddress=
      - CircuitId=
      - VirtualSubnetSelection=
      - ExtraOption=
      - InterfacePriority=
      and in networkd.conf:
      - ServerAddress=
      - OverrideServerIdentifier=
      - RemoteId=
      - ExtraOption=

    * Required version of musl (when built with -Dlibc=musl) has been raised
      from 1.2.5 to 1.2.6.

    * libsystemd is no longer guaranteed to be linked against libm. Whether
      the dependency is recorded depends on whether the compiler chooses to
      emit builtins for all calls to libm symbols. Consumers that rely on
      libsystemd transitively pulling in libm should link against it
      themselves. There is at least one known case that is still unsolved:
      rsyslog crashes on launch due to libfastjson using libm without linking
      to it, which was previously masked because libsystemd linked to it. If
      forcing a link against libm is required as a workaround,
      '-Wl,--push-state,--no-as-needed,-lm,--pop-state' can be added to the
      link flags, or passed to systemd's meson build options via
      '-Dc_link_args=-Wl,--push-state,--no-as-needed,-lm,--pop-state'.

    * PID1 now supports the kernel's Live Update Orchestration (LUO) /
      Kexec Handover (KHO) systems when present and enabled. System units'
      FD Stores are now preserved through kexec, and units will get back
      stashed (named) file descriptors after kexec, if the kernel supports
      the FD type (at the time of writing only memfds are supported).
      Units can also create their own LUO Sessions by talking to the kernel
      directly, and store them in their FD Stores, and those will also be
      preserved and passed down to the unit after kexec. Units must set
      'FileDescriptorStorePreserve=yes' in order to enable this feature.

    * User session managers now support persisting user units' FD Stores
      by receiving FDs via the notify socket, and passing them down via
      $LISTEN_FDS when the user session is restarted, if the
      'FileDescriptorStorePreserve=yes' and 'FileDescriptorStoreMax='
      options are set in the [email protected] unit. Combined with the LUO
      support, this lets user units persist state (e.g.: memfds) across
      not only user session restarts, but also kexec reboots.

    * The manager exposes a new ReloadCount property on its D-Bus and
      Varlink interfaces (org.freedesktop.systemd1.Manager and
      io.systemd.Manager respectively). The counter increments after
      each successfully completed daemon-reload, and it is reset on
      daemon-reexec.

    * A new unit setting CPUSetPartition= has been added that allows
      configuring the cpuset cgroup partition type (e.g. "root",
      "isolated", "member") for a service.

    * A new RestrictFileSystemAccess= setting has been added that uses a
      BPF LSM program to restrict execution to only binaries that are
      stored on a signed and verified dm-verity-protected filesystem.

    * The io.systemd.Unit.StartTransient() Varlink method has been added
      for invoking service units transiently.

    * A new set of Varlink methods has been added to the
      io.systemd.Manager interface to request system shutdown:
      PowerOff(), Reboot(), SoftReboot(), Halt() and Kexec(). These
      complement the existing D-Bus interfaces.

    * The io.systemd.Manager.ListUnitsByNames() Varlink method allows
      querying multiple units in one call and supports a result limit.

    * A new DefaultMemoryZSwapWriteback= manager setting has been added
      that provides a system-wide default for the existing
      MemoryZSwapWriteback= per-unit setting.

    * A new io.systemd.Job Varlink interface exposes information about
      pending and running manager jobs.

    * The service manager knows two new global knobs
      EventLoopRateLimitIntervalSec=/EventLoopRateLimitBurst= to configure
      PID1's event loop ratelimit logic. This permits fine-tuning the
      safety logic in PID 1 that slows down operation in case PID 1 starts
      to busy loop.

    * The service manager gained new per-unit settings
      CPUPressureWatch=/CPUPressureThresholdSec=/IOPressureWatch=/IOPressureThresholdSec=
      which enable services to get generic notifications on CPU or IO
      pressure events.

    * A new global service manager knob MinimumUptimeSec= has been added
      that defines a minimum uptime for the system. It defaults to 15s. If
      the system is shut down more quickly than the specified time a delay
      is inserted in the last part of shutdown, in order to avoid tight...

    * Support for System V service scripts has been removed. Please make
      sure to update your software *now* to include a native systemd unit
      file instead of a legacy System V script.

      The following components have been removed:

      • systemd-rc-local-generator and rc-local.service,
      • systemd-sysv-generator,
      • systemd-sysv-install (hook for systemctl enable/disable/is-enabled).

      The corresponding meson options '-Drc-local=', '-Dsysvinit-path=',
      and '-Dsysvrcnd-path=' are deprecated, and will be dropped in a future
      release.

    * Meson options '-Dintegration-tests=' and '-Dcryptolib=' (deprecated
      in v258) have been removed.

    * Support for libidn has been removed. IDN functionality now requires
      libidn2. The corresponding meson option '-Dlibidn=' is deprecated
      too and will be dropped in a future release.

    * Required versions of various dependencies have been raised:

      • cryptsetup 2.0.1/2.3.0 → 2.4.0,
      • elfutils 158 → 177,
      • libblkid 2.24 → 2.37,
      • libseccomp 2.3.1 → 2.4.0,
      • glibc 2.31 → 2.34,
      • libxcrypt or libcrypt from glibc → libxcrypt 4.4.0 only,
      • OpenSSL 1.1.0 → 3.0.0,
      • Python 3.7.0 → 3.9.0.

    * The Linux kernel version requirements have been updated too:
      baseline 5.4 → 5.10, recommended baseline 5.7 → 5.14, 6.6 for full
      functionality. Code for compatibility with versions older than the
      baseline has been removed.

    * The parsing of RootImageOptions= and the mount image parameters of
      ExtensionImages= and MountImages= has been changed so that the last
      definition for a given partition wins and is applied, rather than the
      first, to keep these options coherent with other unit settings.

    * Support for non-system users and groups in udev rules and
      systemd-networkd configuration has been restored, but is deprecated
      and discouraged. systemd-udevd will emits warnings if a non-system
      user/group is specified in OWNER=/GROUP=. Similarly, systemd-networkd
      will warn about User=/Group= settings with a non-system user/group
      specified in .netdev files for Tun/Tap interfaces. This support will
      be removed in a future release.

      Device nodes should not be owned by a non-system user/group. It is
      recommended to check udev rules files with 'udevadm verify' and/or
      'udevadm test' commands.

    * systemd-repart will now make use of mkfs.xfs's support for
      populating XFS filesystems from a directory. This support was
      added in xfsprogs 6.17.0 released 20 October 2025. As there is no
      proper way to detect whether mkfs.xfs supports populating from a
      directory or not, we make use of it unconditionally and have dropped
      support for the old way using protofiles.

    * The org.systemd.login1.Manager D-Bus interface has a minor API break.
      The CanPowerOff(), CanReboot(), CanSuspend(), etc. family of methods
      have introduced new return values which may break downstream
      consumers such as desktop environments. The new return values more
      precisely communicate the status of inhibitors: 'inhibited',
      'inhibitor-blocked', and 'challenge-inhibitor-blocked'. This allows
      desktops to differentiate between system administrator policy and
      temporary restrictions imposed by inhibitors.

    * In systemd-260-rc1, the sd_varlink_field_type_t enum was extended in
      a way that changed the numerical values of existing fields. This was
      reverted for -rc2. Programs using sd-varlink and compiled with the
      headers from -rc1 must be recompiled.

    * The os-release(5) gained a new field FANCY_NAME= that is similar to
      PRETTY_NAME= but may contain ANSI sequences, and non-ASCII Unicode
      glyphs. The new field is also defined to NOT contain any version
      specification, providing better separation between the OS name and
      version.

      The systemd manager, systemd-hostnamed, and hostnamectl will now
      show FANCY_NAME= in preference to PRETTY_NAME=.

    * The "Portability and Stability" policy has been simplified and
      updated to strengthen the promises of avoiding user-visible
      regressions in public interfaces. See
      https://systemd.io/PORTABILITY_AND_STABILITY/ for details.

    * Services providing a public Varlink interface can be symlinked under
      /run/varlink/registry/, allowing well-known services to be
      enumerated. 'varlinkctl list-registry' can be used to list available
      services. This is particularly useful in context of the Varlink HTTP
      bridge (https://github.com/mvo5/varlink-http-bridge), which may
      expose all services whose sockets are linked in this directory.

    * A new "metrics" or "report" framework has been defined. Any system
      component can hook into the reporting framework by providing a
      Varlink endpoint under /run/systemd/report/.

      systemd-report is a new command line tool which collects the reports
      from all endpoints and combines them in JSON format.

      The details of the structure of the reports should be considered
      EXPERIMENTAL at this point. We reserve the right to make incompatible
      changes to the JSON structure and/or place additional requirements.

      Currently, two components provide metrics this way: systemd-networkd
      and the system service manager.

    * A new "mstack" feature has been introduced, to allowing defining an
      overlayfs and bind mount arrangement by structuring the content of an
      ".mstack/" directory that follows this specification. MStacks are
      useful to invoke services and containers from a directory that fully
      self describes its intended way of use.

    * A new 'verity' TPM NvPCR has been added. Various components measure
      dm-verity images to it upon loading. This includes
      systemd-veritysetup (controllable via the new 'tpm2-measure-nvpcr='
      /etc/veritytab setting), and the DDI dissection logic.

    * A canonical set of hwid files for automated DeviceTree mapping in
      UKIs is now shipped under /usr/lib/systemd/boot/hwids/<efi-arch>/.
      Users and developers are welcome to contribute definitions for
      their specific devices, so that UKIs can automatically find and load
      the appropriate DTB on boot, without requiring per-devices and
      per-kernel images. ukify now uses these definition automatically if
      present on the system at build time. A first set of hwid files for
      arm64 Snapdragon devices has been imported.

    * A new unit setting RootMStack= has been introduced, to support the
      new "mstack" feature for services (see above).

    * The unit setting PrivateUsers= gained a new possible value "managed",
      which automatically assigns a dynamic and transient range of 65536
      UIDs/GIDs to the unit, acquired via systemd-nsresourced.

    * The implementation for PrivateUsers=full has been updated to map the
      full range of IDs. The workaround to allow nested systemd older than
      257 to correctly detect that it is under such a mapping has been
      dropped.

    * systemd now uses the CSI 18 terminal sequence to query terminal
      size. This allows the query to be made without changing the position
      of the cursor. Terminal emulators which do not yet support the
      sequence are encouraged to do so.

    * Service units gained a RefreshOnReload= setting that configures
      whether extensions and credentials are to be refreshed when the unit
      is reloaded.

    * A new unit setting BindNetworkInterface= has been introduced that
      automatically binds all sockets created by the unit to a specific
      network interface. This is generally useful, but in particular for
      VRF setups.

    * Two new unit settings ConditionPathIsSocket= and AssertPathIsSocket=
      can be used to skip or fail the unit if the given path is not a
      socket.

    * For units which specify PrivateTmp=yes and DefaultDependencies=no
      without an explicit requirement for /tmp/, a disconnected /tmp/ will
      be used, as if PrivateTmp=disconnected was specified. Also, if there
      is no explicit ordering for /var/, the private mount for /var/tmp/
      will not be created. Those changes avoid race conditions with
      creation of those private directories during early boot and may
      result in changes to unit ordering.

    * EnqueueMarkedJobs() D-Bus method now has a Varlink counterpart.

    * systemctl gained a new 'enqueue-marked' verb, which calls the
      EnqueueMarkedJobs() D-Bus method. The '--marked' parameter, which was
      previously used for the same purpose, is now deprecated.

    * SetProperties() D-Bus method now has a Varlink counterpart. For now,
      it only supports setting the Markers= property.

    * New 'needs-start' and 'needs-stop' settings are now supported for the
      Markers= property.

    * The CPUSchedulingPolicy= service setting now supports the new value
 ...

    * Support for System V service scripts has been removed. Please make
      sure to update your software *now* to include a native systemd unit
      file instead of a legacy System V script.

      The following components have been removed:

      • systemd-rc-local-generator and rc-local.service,
      • systemd-sysv-generator,
      • systemd-sysv-install (hook for systemctl enable/disable/is-enabled).

      The corresponding meson options '-Drc-local=', '-Dsysvinit-path=',
      and '-Dsysvrcnd-path=' are deprecated, and will be dropped in a future
      release.

    * Meson options '-Dintegration-tests=' and '-Dcryptolib=' (deprecated
      in v258) have been removed.

    * Support for libidn has been removed. IDN functionality now requires
      libidn2. The corresponding meson option '-Dlibidn=' is deprecated
      too and will be dropped in a future release.

    * Required versions of various dependencies have been raised:

      • cryptsetup 2.0.1/2.3.0 → 2.4.0,
      • elfutils 158 → 177,
      • libblkid 2.24 → 2.37,
      • libseccomp 2.3.1 → 2.4.0,
      • glibc 2.31 → 2.34,
      • libxcrypt or libcrypt from glibc → libxcrypt 4.4.0 only,
      • OpenSSL 1.1.0 → 3.0.0,
      • Python 3.7.0 → 3.9.0.

    * The Linux kernel version requirements have been updated too:
      baseline 5.4 → 5.10, recommended baseline 5.7 → 5.14, 6.6 for full
      functionality. Code for compatibility with versions older than the
      baseline has been removed.

    * The parsing of RootImageOptions= and the mount image parameters of
      ExtensionImages= and MountImages= has been changed so that the last
      definition for a given partition wins and is applied, rather than the
      first, to keep these options coherent with other unit settings.

    * Support for non-system users and groups in udev rules and
      systemd-networkd configuration has been restored, but is deprecated
      and discouraged. systemd-udevd will emits warnings if a non-system
      user/group is specified in OWNER=/GROUP=. Similarly, systemd-networkd
      will warn about User=/Group= settings with a non-system user/group
      specified in .netdev files for Tun/Tap interfaces. This support will
      be removed in a future release.

      Device nodes should not be owned by a non-system user/group. It is
      recommended to check udev rules files with 'udevadm verify' and/or
      'udevadm test' commands.

    * systemd-repart will now make use of mkfs.xfs's support for
      populating XFS filesystems from a directory. This support was
      added in xfsprogs 6.17.0 released 20 October 2025. As there is no
      proper way to detect whether mkfs.xfs supports populating from a
      directory or not, we make use of it unconditionally and have dropped
      support for the old way using protofiles.

    * The org.systemd.login1.Manager D-Bus interface has a minor API break.
      The CanPowerOff(), CanReboot(), CanSuspend(), etc. family of methods
      have introduced new return values which may break downstream
      consumers such as desktop environments. The new return values more
      precisely communicate the status of inhibitors: 'inhibited',
      'inhibitor-blocked', and 'challenge-inhibitor-blocked'. This allows
      desktops to differentiate between system administrator policy and
      temporary restrictions imposed by inhibitors.

    * In systemd-260-rc1, the sd_varlink_field_type_t enum was extended in
      a way that changed the numerical values of existing fields. This was
      reverted for -rc2. Programs using sd-varlink and compiled with the
      headers from -rc1 must be recompiled.

    * The os-release(5) gained a new field FANCY_NAME= that is similar to
      PRETTY_NAME= but may contain ANSI sequences, and non-ASCII Unicode
      glyphs. The new field is also defined to NOT contain any version
      specification, providing better separation between the OS name and
      version.

      The systemd manager, systemd-hostnamed, and hostnamectl will now
      show FANCY_NAME= in preference to PRETTY_NAME=.

    * The "Portability and Stability" policy has been simplified and
      updated to strengthen the promises of avoiding user-visible
      regressions in public interfaces. See
      https://systemd.io/PORTABILITY_AND_STABILITY/ for details.

    * Services providing a public Varlink interface can be symlinked under
      /run/varlink/registry/, allowing well-known services to be
      enumerated. 'varlinkctl list-registry' can be used to list available
      services. This is particularly useful in context of the Varlink HTTP
      bridge (https://github.com/mvo5/varlink-http-bridge), which may
      expose all services whose sockets are linked in this directory.

    * A new "metrics" or "report" framework has been defined. Any system
      component can hook into the reporting framework by providing a
      Varlink endpoint under /run/systemd/report/.

      systemd-report is a new command line tool which collects the reports
      from all endpoints and combines them in JSON format.

      The details of the structure of the reports should be considered
      EXPERIMENTAL at this point. We reserve the right to make incompatible
      changes to the JSON structure and/or place additional requirements.

      Currently, two components provide metrics this way: systemd-networkd
      and the system service manager.

    * A new "mstack" feature has been introduced, to allowing defining an
      overlayfs and bind mount arrangement by structuring the content of an
      ".mstack/" directory that follows this specification. MStacks are
      useful to invoke services and containers from a directory that fully
      self describes its intended way of use.

    * A new 'verity' TPM NvPCR has been added. Various components measure
      dm-verity images to it upon loading. This includes
      systemd-veritysetup (controllable via the new 'tpm2-measure-nvpcr='
      /etc/veritytab setting), and the DDI dissection logic.

    * A canonical set of hwid files for automated DeviceTree mapping in
      UKIs is now shipped under /usr/lib/systemd/boot/hwids/<efi-arch>/.
      Users and developers are welcome to contribute definitions for
      their specific devices, so that UKIs can automatically find and load
      the appropriate DTB on boot, without requiring per-devices and
      per-kernel images. ukify now uses these definition automatically if
      present on the system at build time. A first set of hwid files for
      arm64 Snapdragon devices has been imported.

    * A new unit setting RootMStack= has been introduced, to support the
      new "mstack" feature for services (see above).

    * The unit setting PrivateUsers= gained a new possible value "managed",
      which automatically assigns a dynamic and transient range of 65536
      UIDs/GIDs to the unit, acquired via systemd-nsresourced.

    * The implementation for PrivateUsers=full has been updated to map the
      full range of IDs. The workaround to allow nested systemd older than
      257 to correctly detect that it is under such a mapping has been
      dropped.

    * systemd now uses the CSI 18 terminal sequence to query terminal
      size. This allows the query to be made without changing the position
      of the cursor. Terminal emulators which do not yet support the
      sequence are encouraged to do so.

    * Service units gained a RefreshOnReload= setting that configures
      whether extensions and credentials are to be refreshed when the unit
      is reloaded.

    * A new unit setting BindNetworkInterface= has been introduced that
      automatically binds all sockets created by the unit to a specific
      network interface. This is generally useful, but in particular for
      VRF setups.

    * Two new unit settings ConditionPathIsSocket= and AssertPathIsSocket=
      can be used to skip or fail the unit if the given path is not a
      socket.

    * For units which specify PrivateTmp=yes and DefaultDependencies=no
      without an explicit requirement for /tmp/, a disconnected /tmp/ will
      be used, as if PrivateTmp=disconnected was specified. Also, if there
      is no explicit ordering for /var/, the private mount for /var/tmp/
      will not be created. Those changes avoid race conditions with
      creation of those private directories during early boot and may
      result in changes to unit ordering.

    * EnqueueMarkedJobs() D-Bus method now has a Varlink counterpart.

    * systemctl gained a new 'enqueue-marked' verb, which calls the
      EnqueueMarkedJobs() D-Bus method. The '--marked' parameter, which was
      previously used for the same purpose, is now deprecated.

    * SetProperties() D-Bus method now has a Varlink counterpart. For now,
      it only supports setting the Markers= property.

    * New 'needs-start' and 'needs-stop' settings are now supported for the
      Markers= property.

    * The CPUSchedulingPolicy= service setting now supports the new value...