* Support for System V service scripts has been removed. Please make
      sure to update your software *now* to include a native systemd unit
      file instead of a legacy System V script.

      The following components have been removed:

      • systemd-rc-local-generator and rc-local.service,
      • systemd-sysv-generator,
      • systemd-sysv-install (hook for systemctl enable/disable/is-enabled).

      The corresponding meson options '-Drc-local=', '-Dsysvinit-path=',
      and '-Dsysvrcnd-path=' are deprecated, and will be dropped in a future
      release.

    * Meson options '-Dintegration-tests=' and '-Dcryptolib=' (deprecated
      in v258) have been removed.

    * Support for libidn has been removed. IDN functionality now requires
      libidn2. The corresponding meson option '-Dlibidn=' is deprecated
      too and will be dropped in a future release.

    * Required versions of various dependencies have been raised:

      • cryptsetup 2.0.1/2.3.0 → 2.4.0,
      • elfutils 158 → 177,
      • libblkid 2.24 → 2.37,
      • libseccomp 2.3.1 → 2.4.0,
      • glibc 2.31 → 2.34,
      • libxcrypt or libcrypt from glibc → libxcrypt 4.4.0 only,
      • OpenSSL 1.1.0 → 3.0.0,
      • Python 3.7.0 → 3.9.0.

    * The Linux kernel version requirements have been updated too:
      baseline 5.4 → 5.10, recommended baseline 5.7 → 5.14, 6.6 for full
      functionality. Code for compatibility with versions older than the
      baseline has been removed.

    * The parsing of RootImageOptions= and the mount image parameters of
      ExtensionImages= and MountImages= has been changed so that the last
      definition for a given partition wins and is applied, rather than the
      first, to keep these options coherent with other unit settings.

    * Support for non-system users and groups in udev rules and
      systemd-networkd configuration has been restored, but is deprecated
      and discouraged. systemd-udevd will emits warnings if a non-system
      user/group is specified in OWNER=/GROUP=. Similarly, systemd-networkd
      will warn about User=/Group= settings with a non-system user/group
      specified in .netdev files for Tun/Tap interfaces. This support will
      be removed in a future release.

      Device nodes should not be owned by a non-system user/group. It is
      recommended to check udev rules files with 'udevadm verify' and/or
      'udevadm test' commands.

    * systemd-repart will now make use of mkfs.xfs's support for
      populating XFS filesystems from a directory. This support was
      added in xfsprogs 6.17.0 released 20 October 2025. As there is no
      proper way to detect whether mkfs.xfs supports populating from a
      directory or not, we make use of it unconditionally and have dropped
      support for the old way using protofiles.

    * The org.systemd.login1.Manager D-Bus interface has a minor API break.
      The CanPowerOff(), CanReboot(), CanSuspend(), etc. family of methods
      have introduced new return values which may break downstream
      consumers such as desktop environments. The new return values more
      precisely communicate the status of inhibitors: 'inhibited',
      'inhibitor-blocked', and 'challenge-inhibitor-blocked'. This allows
      desktops to differentiate between system administrator policy and
      temporary restrictions imposed by inhibitors.

    * In systemd-260-rc1, the sd_varlink_field_type_t enum was extended in
      a way that changed the numerical values of existing fields. This was
      reverted for -rc2. Programs using sd-varlink and compiled with the
      headers from -rc1 must be recompiled.

    * The os-release(5) gained a new field FANCY_NAME= that is similar to
      PRETTY_NAME= but may contain ANSI sequences, and non-ASCII Unicode
      glyphs. The new field is also defined to NOT contain any version
      specification, providing better separation between the OS name and
      version.

      The systemd manager, systemd-hostnamed, and hostnamectl will now
      show FANCY_NAME= in preference to PRETTY_NAME=.

    * The "Portability and Stability" policy has been simplified and
      updated to strengthen the promises of avoiding user-visible
      regressions in public interfaces. See
      https://systemd.io/PORTABILITY_AND_STABILITY/ for details.

    * Services providing a public Varlink interface can be symlinked under
      /run/varlink/registry/, allowing well-known services to be
      enumerated. 'varlinkctl list-registry' can be used to list available
      services. This is particularly useful in context of the Varlink HTTP
      bridge (https://github.com/mvo5/varlink-http-bridge), which may
      expose all services whose sockets are linked in this directory.

    * A new "metrics" or "report" framework has been defined. Any system
      component can hook into the reporting framework by providing a
      Varlink endpoint under /run/systemd/report/.

      systemd-report is a new command line tool which collects the reports
      from all endpoints and combines them in JSON format.

      The details of the structure of the reports should be considered
      EXPERIMENTAL at this point. We reserve the right to make incompatible
      changes to the JSON structure and/or place additional requirements.

      Currently, two components provide metrics this way: systemd-networkd
      and the system service manager.

    * A new "mstack" feature has been introduced, to allowing defining an
      overlayfs and bind mount arrangement by structuring the content of an
      ".mstack/" directory that follows this specification. MStacks are
      useful to invoke services and containers from a directory that fully
      self describes its intended way of use.

    * A new 'verity' TPM NvPCR has been added. Various components measure
      dm-verity images to it upon loading. This includes
      systemd-veritysetup (controllable via the new 'tpm2-measure-nvpcr='
      /etc/veritytab setting), and the DDI dissection logic.

    * A canonical set of hwid files for automated DeviceTree mapping in
      UKIs is now shipped under /usr/lib/systemd/boot/hwids/<efi-arch>/.
      Users and developers are welcome to contribute definitions for
      their specific devices, so that UKIs can automatically find and load
      the appropriate DTB on boot, without requiring per-devices and
      per-kernel images. ukify now uses these definition automatically if
      present on the system at build time. A first set of hwid files for
      arm64 Snapdragon devices has been imported.

    * A new unit setting RootMStack= has been introduced, to support the
      new "mstack" feature for services (see above).

    * The unit setting PrivateUsers= gained a new possible value "managed",
      which automatically assigns a dynamic and transient range of 65536
      UIDs/GIDs to the unit, acquired via systemd-nsresourced.

    * The implementation for PrivateUsers=full has been updated to map the
      full range of IDs. The workaround to allow nested systemd older than
      257 to correctly detect that it is under such a mapping has been
      dropped.

    * systemd now uses the CSI 18 terminal sequence to query terminal
      size. This allows the query to be made without changing the position
      of the cursor. Terminal emulators which do not yet support the
      sequence are encouraged to do so.

    * Service units gained a RefreshOnReload= setting that configures
      whether extensions and credentials are to be refreshed when the unit
      is reloaded.

    * A new unit setting BindNetworkInterface= has been introduced that
      automatically binds all sockets created by the unit to a specific
      network interface. This is generally useful, but in particular for
      VRF setups.

    * Two new unit settings ConditionPathIsSocket= and AssertPathIsSocket=
      can be used to skip or fail the unit if the given path is not a
      socket.

    * For units which specify PrivateTmp=yes and DefaultDependencies=no
      without an explicit requirement for /tmp/, a disconnected /tmp/ will
      be used, as if PrivateTmp=disconnected was specified. Also, if there
      is no explicit ordering for /var/, the private mount for /var/tmp/
      will not be created. Those changes avoid race conditions with
      creation of those private directories during early boot and may
      result in changes to unit ordering.

    * EnqueueMarkedJobs() D-Bus method now has a Varlink counterpart.

    * systemctl gained a new 'enqueue-marked' verb, which calls the
      EnqueueMarkedJobs() D-Bus method. The '--marked' parameter, which was
      previously used for the same purpose, is now deprecated.

    * SetProperties() D-Bus method now has a Varlink counterpart. For now,
      it only supports setting the Markers= property.

    * New 'needs-start' and 'needs-stop' settings are now supported for the
      Markers= property.

    * The CPUSchedulingPolicy= service setting now supports the new value
 ...

    * Support for System V service scripts has been removed. Please make
      sure to update your software *now* to include a native systemd unit
      file instead of a legacy System V script.

      The following components have been removed:

      • systemd-rc-local-generator and rc-local.service,
      • systemd-sysv-generator,
      • systemd-sysv-install (hook for systemctl enable/disable/is-enabled).

      The corresponding meson options '-Drc-local=', '-Dsysvinit-path=',
      and '-Dsysvrcnd-path=' are deprecated, and will be dropped in a future
      release.

    * Meson options '-Dintegration-tests=' and '-Dcryptolib=' (deprecated
      in v258) have been removed.

    * Support for libidn has been removed. IDN functionality now requires
      libidn2. The corresponding meson option '-Dlibidn=' is deprecated
      too and will be dropped in a future release.

    * Required versions of various dependencies have been raised:

      • cryptsetup 2.0.1/2.3.0 → 2.4.0,
      • elfutils 158 → 177,
      • libblkid 2.24 → 2.37,
      • libseccomp 2.3.1 → 2.4.0,
      • glibc 2.31 → 2.34,
      • libxcrypt or libcrypt from glibc → libxcrypt 4.4.0 only,
      • OpenSSL 1.1.0 → 3.0.0,
      • Python 3.7.0 → 3.9.0.

    * The Linux kernel version requirements have been updated too:
      baseline 5.4 → 5.10, recommended baseline 5.7 → 5.14, 6.6 for full
      functionality. Code for compatibility with versions older than the
      baseline has been removed.

    * The parsing of RootImageOptions= and the mount image parameters of
      ExtensionImages= and MountImages= has been changed so that the last
      definition for a given partition wins and is applied, rather than the
      first, to keep these options coherent with other unit settings.

    * Support for non-system users and groups in udev rules and
      systemd-networkd configuration has been restored, but is deprecated
      and discouraged. systemd-udevd will emits warnings if a non-system
      user/group is specified in OWNER=/GROUP=. Similarly, systemd-networkd
      will warn about User=/Group= settings with a non-system user/group
      specified in .netdev files for Tun/Tap interfaces. This support will
      be removed in a future release.

      Device nodes should not be owned by a non-system user/group. It is
      recommended to check udev rules files with 'udevadm verify' and/or
      'udevadm test' commands.

    * systemd-repart will now make use of mkfs.xfs's support for
      populating XFS filesystems from a directory. This support was
      added in xfsprogs 6.17.0 released 20 October 2025. As there is no
      proper way to detect whether mkfs.xfs supports populating from a
      directory or not, we make use of it unconditionally and have dropped
      support for the old way using protofiles.

    * The org.systemd.login1.Manager D-Bus interface has a minor API break.
      The CanPowerOff(), CanReboot(), CanSuspend(), etc. family of methods
      have introduced new return values which may break downstream
      consumers such as desktop environments. The new return values more
      precisely communicate the status of inhibitors: 'inhibited',
      'inhibitor-blocked', and 'challenge-inhibitor-blocked'. This allows
      desktops to differentiate between system administrator policy and
      temporary restrictions imposed by inhibitors.

    * In systemd-260-rc1, the sd_varlink_field_type_t enum was extended in
      a way that changed the numerical values of existing fields. This was
      reverted for -rc2. Programs using sd-varlink and compiled with the
      headers from -rc1 must be recompiled.

    * The os-release(5) gained a new field FANCY_NAME= that is similar to
      PRETTY_NAME= but may contain ANSI sequences, and non-ASCII Unicode
      glyphs. The new field is also defined to NOT contain any version
      specification, providing better separation between the OS name and
      version.

      The systemd manager, systemd-hostnamed, and hostnamectl will now
      show FANCY_NAME= in preference to PRETTY_NAME=.

    * The "Portability and Stability" policy has been simplified and
      updated to strengthen the promises of avoiding user-visible
      regressions in public interfaces. See
      https://systemd.io/PORTABILITY_AND_STABILITY/ for details.

    * Services providing a public Varlink interface can be symlinked under
      /run/varlink/registry/, allowing well-known services to be
      enumerated. 'varlinkctl list-registry' can be used to list available
      services. This is particularly useful in context of the Varlink HTTP
      bridge (https://github.com/mvo5/varlink-http-bridge), which may
      expose all services whose sockets are linked in this directory.

    * A new "metrics" or "report" framework has been defined. Any system
      component can hook into the reporting framework by providing a
      Varlink endpoint under /run/systemd/report/.

      systemd-report is a new command line tool which collects the reports
      from all endpoints and combines them in JSON format.

      The details of the structure of the reports should be considered
      EXPERIMENTAL at this point. We reserve the right to make incompatible
      changes to the JSON structure and/or place additional requirements.

      Currently, two components provide metrics this way: systemd-networkd
      and the system service manager.

    * A new "mstack" feature has been introduced, to allowing defining an
      overlayfs and bind mount arrangement by structuring the content of an
      ".mstack/" directory that follows this specification. MStacks are
      useful to invoke services and containers from a directory that fully
      self describes its intended way of use.

    * A new 'verity' TPM NvPCR has been added. Various components measure
      dm-verity images to it upon loading. This includes
      systemd-veritysetup (controllable via the new 'tpm2-measure-nvpcr='
      /etc/veritytab setting), and the DDI dissection logic.

    * A canonical set of hwid files for automated DeviceTree mapping in
      UKIs is now shipped under /usr/lib/systemd/boot/hwids/<efi-arch>/.
      Users and developers are welcome to contribute definitions for
      their specific devices, so that UKIs can automatically find and load
      the appropriate DTB on boot, without requiring per-devices and
      per-kernel images. ukify now uses these definition automatically if
      present on the system at build time. A first set of hwid files for
      arm64 Snapdragon devices has been imported.

    * A new unit setting RootMStack= has been introduced, to support the
      new "mstack" feature for services (see above).

    * The unit setting PrivateUsers= gained a new possible value "managed",
      which automatically assigns a dynamic and transient range of 65536
      UIDs/GIDs to the unit, acquired via systemd-nsresourced.

    * The implementation for PrivateUsers=full has been updated to map the
      full range of IDs. The workaround to allow nested systemd older than
      257 to correctly detect that it is under such a mapping has been
      dropped.

    * systemd now uses the CSI 18 terminal sequence to query terminal
      size. This allows the query to be made without changing the position
      of the cursor. Terminal emulators which do not yet support the
      sequence are encouraged to do so.

    * Service units gained a RefreshOnReload= setting that configures
      whether extensions and credentials are to be refreshed when the unit
      is reloaded.

    * A new unit setting BindNetworkInterface= has been introduced that
      automatically binds all sockets created by the unit to a specific
      network interface. This is generally useful, but in particular for
      VRF setups.

    * Two new unit settings ConditionPathIsSocket= and AssertPathIsSocket=
      can be used to skip or fail the unit if the given path is not a
      socket.

    * For units which specify PrivateTmp=yes and DefaultDependencies=no
      without an explicit requirement for /tmp/, a disconnected /tmp/ will
      be used, as if PrivateTmp=disconnected was specified. Also, if there
      is no explicit ordering for /var/, the private mount for /var/tmp/
      will not be created. Those changes avoid race conditions with
      creation of those private directories during early boot and may
      result in changes to unit ordering.

    * EnqueueMarkedJobs() D-Bus method now has a Varlink counterpart.

    * systemctl gained a new 'enqueue-marked' verb, which calls the
      EnqueueMarkedJobs() D-Bus method. The '--marked' parameter, which was
      previously used for the same purpose, is now deprecated.

    * SetProperties() D-Bus method now has a Varlink counterpart. For now,
      it only supports setting the Markers= property.

    * New 'needs-start' and 'needs-stop' settings are now supported for the
      Markers= property.

    * The CPUSchedulingPolicy= service setting now supports the new value...

    * Support for System V service scripts has been removed. Please make
      sure to update your software *now* to include a native systemd unit
      file instead of a legacy System V script.

      The following components have been removed:

      • systemd-rc-local-generator and rc-local.service,
      • systemd-sysv-generator,
      • systemd-sysv-install (hook for systemctl enable/disable/is-enabled).

      The corresponding meson options '-Drc-local=', '-Dsysvinit-path=',
      and '-Dsysvrcnd-path=' are deprecated, and will be dropped in a future
      release.

    * Meson options '-Dintegration-tests=' and '-Dcryptolib=' (deprecated
      in v258) have been removed.

    * Support for libidn has been removed. IDN functionality now requires
      libidn2. The corresponding meson option '-Dlibidn=' is deprecated
      too and will be dropped in a future release.

    * Required versions of various dependencies have been raised:

      • cryptsetup 2.0.1/2.3.0 → 2.4.0,
      • elfutils 158 → 177,
      • libblkid 2.24 → 2.37,
      • libseccomp 2.3.1 → 2.4.0,
      • glibc 2.31 → 2.34,
      • libxcrypt or libcrypt from glibc → libxcrypt 4.4.0 only,
      • OpenSSL 1.1.0 → 3.0.0,
      • Python 3.7.0 → 3.9.0.

    * The Linux kernel version requirements have been updated too:
      baseline 5.4 → 5.10, recommended baseline 5.7 → 5.14, 6.6 for full
      functionality. Code for compatibility with versions older than the
      baseline has been removed.

    * The parsing of RootImageOptions= and the mount image parameters of
      ExtensionImages= and MountImages= has been changed so that the last
      definition for a given partition wins and is applied, rather than the
      first, to keep these options coherent with other unit settings.

    * Support for non-system users and groups in udev rules and
      systemd-networkd configuration has been restored, but is deprecated
      and discouraged. systemd-udevd will emits warnings if a non-system
      user/group is specified in OWNER=/GROUP=. Similarly, systemd-networkd
      will warn about User=/Group= settings with a non-system user/group
      specified in .netdev files for Tun/Tap interfaces. This support will
      be removed in a future release.

      Device nodes should not be owned by a non-system user/group. It is
      recommended to check udev rules files with 'udevadm verify' and/or
      'udevadm test' commands.

    * systemd-repart will now make use of mkfs.xfs's support for
      populating XFS filesystems from a directory. This support was
      added in xfsprogs 6.17.0 released 20 October 2025. As there is no
      proper way to detect whether mkfs.xfs supports populating from a
      directory or not, we make use of it unconditionally and have dropped
      support for the old way using protofiles.

    * The org.systemd.login1.Manager D-Bus interface has a minor API break.
      The CanPowerOff(), CanReboot(), CanSuspend(), etc. family of methods
      have introduced new return values which may break downstream
      consumers such as desktop environments. The new return values more
      precisely communicate the status of inhibitors: 'inhibited',
      'inhibitor-blocked', and 'challenge-inhibitor-blocked'. This allows
      desktops to differentiate between system administrator policy and
      temporary restrictions imposed by inhibitors.

    * In systemd-260-rc1, the sd_varlink_field_type_t enum was extended in
      a way that changed the numerical values of existing fields. This was
      reverted for -rc2. Programs using sd-varlink and compiled with the
      headers from -rc1 must be recompiled.

    * The os-release(5) gained a new field FANCY_NAME= that is similar to
      PRETTY_NAME= but may contain ANSI sequences, and non-ASCII Unicode
      glyphs. The new field is also defined to NOT contain any version
      specification, providing better separation between the OS name and
      version.

      The systemd manager, systemd-hostnamed, and hostnamectl will now
      show FANCY_NAME= in preference to PRETTY_NAME=.

    * The "Portability and Stability" policy has been simplified and
      updated to strengthen the promises of avoiding user-visible
      regressions in public interfaces. See
      https://systemd.io/PORTABILITY_AND_STABILITY/ for details.

    * Services providing a public Varlink interface can be symlinked under
      /run/varlink/registry/, allowing well-known services to be
      enumerated. 'varlinkctl list-registry' can be used to list available
      services. This is particularly useful in context of the Varlink HTTP
      bridge (https://github.com/mvo5/varlink-http-bridge), which may
      expose all services whose sockets are linked in this directory.

    * A new "metrics" or "report" framework has been defined. Any system
      component can hook into the reporting framework by providing a
      Varlink endpoint under /run/systemd/report/.

      systemd-report is a new command line tool which collects the reports
      from all endpoints and combines them in JSON format.

      The details of the structure of the reports should be considered
      EXPERIMENTAL at this point. We reserve the right to make incompatible
      changes to the JSON structure and/or place additional requirements.

      Currently, two components provide metrics this way: systemd-networkd
      and the system service manager.

    * A new "mstack" feature has been introduced, to allowing defining an
      overlayfs and bind mount arrangement by structuring the content of an
      ".mstack/" directory that follows this specification. MStacks are
      useful to invoke services and containers from a directory that fully
      self describes its intended way of use.

    * A new 'verity' TPM NvPCR has been added. Various components measure
      dm-verity images to it upon loading. This includes
      systemd-veritysetup (controllable via the new 'tpm2-measure-nvpcr='
      /etc/veritytab setting), and the DDI dissection logic.

    * A canonical set of hwid files for automated DeviceTree mapping in
      UKIs is now shipped under /usr/lib/systemd/boot/hwids/<efi-arch>/.
      Users and developers are welcome to contribute definitions for
      their specific devices, so that UKIs can automatically find and load
      the appropriate DTB on boot, without requiring per-devices and
      per-kernel images. ukify now uses these definition automatically if
      present on the system at build time. A first set of hwid files for
      arm64 Snapdragon devices has been imported.

    * A new unit setting RootMStack= has been introduced, to support the
      new "mstack" feature for services (see above).

    * The unit setting PrivateUsers= gained a new possible value "managed",
      which automatically assigns a dynamic and transient range of 65536
      UIDs/GIDs to the unit, acquired via systemd-nsresourced.

    * The implementation for PrivateUsers=full has been updated to map the
      full range of IDs. The workaround to allow nested systemd older than
      257 to correctly detect that it is under such a mapping has been
      dropped.

    * systemd now uses the CSI 18 terminal sequence to query terminal
      size. This allows the query to be made without changing the position
      of the cursor. Terminal emulators which do not yet support the
      sequence are encouraged to do so.

    * Service units gained a RefreshOnReload= setting that configures
      whether extensions and credentials are to be refreshed when the unit
      is reloaded.

    * A new unit setting BindNetworkInterface= has been introduced that
      automatically binds all sockets created by the unit to a specific
      network interface. This is generally useful, but in particular for
      VRF setups.

    * Two new unit settings ConditionPathIsSocket= and AssertPathIsSocket=
      can be used to skip or fail the unit if the given path is not a
      socket.

    * For units which specify PrivateTmp=yes and DefaultDependencies=no
      without an explicit requirement for /tmp/, a disconnected /tmp/ will
      be used, as if PrivateTmp=disconnected was specified. Also, if there
      is no explicit ordering for /var/, the private mount for /var/tmp/
      will not be created. Those changes avoid race conditions with
      creation of those private directories during early boot and may
      result in changes to unit ordering.

    * EnqueueMarkedJobs() D-Bus method now has a Varlink counterpart.

    * systemctl gained a new 'enqueue-marked' verb, which calls the
      EnqueueMarkedJobs() D-Bus method. The '--marked' parameter, which was
      previously used for the same purpose, is now deprecated.

    * SetProperties() D-Bus method now has a Varlink counterpart. For now,
      it only supports setting the Markers= property.

    * New 'needs-start' and 'needs-stop' settings are now supported for the
      Markers= property.

    * The CPUSchedulingPolicy= service setting now supports the new value...