Anyone running Incus as a self-hosted container and VM host has a strong reason to update quickly. Version 7.2 closes eight security holes, six of them rated critical. Most stem from untrusted images: maliciously crafted ones could use rootfs/, templates/, or exec-output symlinks to read and write arbitrary files on the host (CVE-2026-48749, CVE-2026-48752), while another allowed argument injection through the backup compression algorithm to reach command execution (CVE-2026-48755). Two further high-severity bugs let custom volume and instance copies bypass project restrictions across project boundaries.
The headline feature is per-instance SELinux confinement for both containers and virtual machines. Incus now allocates a distinct MCS (Multi-Category Security) level to each instance automatically, isolating co-located workloads from one another on the same host. Four new keys, including security.selinux.domain and security.selinux.label_rootfs, expose manual control over the process domain, file type, and rootfs labeling, and the computed context is persisted in volatile.selinux.context so the allocated range survives restarts. On distributions that ship SELinux in enforcing mode, that brings container isolation closer to parity with the AppArmor confinement Incus already applies elsewhere.
Networking and storage pick up several practical additions. OCI application containers can finally take a static network configuration, with ipv4.address/ipv6.address accepting CIDR values, matching gateway keys, and new oci.dns.* keys to seed resolv.conf. Managed bridge networks gain per-instance BGP route advertisement through bgp.ipv4.instances and bgp.ipv6.instances, advertising a /32 or /128 for each running instance and withdrawing it on stop, which makes routing directly to individual instances straightforward. Proxy devices in NAT mode can now use dynamic addresses and a wildcard listen address rather than hardcoding the instance IP. On the storage side, the btrfs driver gets a btrfs.compression volume key (zstd, lzo, zlib, or none), and a new GET /1.0/instances/{name}/nbd endpoint plus incus debug nbd command expose every disk on a VM over NBD at once, with dirty bitmaps for incremental backups.
The command-line tool also sees quality-of-life work. A new incus default command manages persistent CLI defaults such as list_format, incus info now hides private keys and certificates behind --show-sensitive while collapsing the API extension list to a count, and the client stores its configuration in the correct per-OS path, moving to ~/Library/Application Support/incus/ on macOS and %APPDATA%\incus on Windows. incus remote set-keepalive tunes connection keepalive for faster repeated commands, and incus admin update-certificate replaces the server certificate on standalone hosts.
Incus is the community continuation of LXD, maintained under the Linux Containers project by the original LXD developers and released under Apache 2.0 with no CLA. The 7.2 monthly release is supported only until the next one ships; deployments that prefer fewer changes can stay on the Incus 7.0 LTS line that landed in May 2026. Packages are available across Debian, Fedora, openSUSE, and NixOS, with the client also distributed through Homebrew, and you can read the full release notes or report issues on GitHub.
