1.27.0

These release notes cover new features and changes in Anbox Cloud 1.27.0.

Anbox Cloud 1.27.0 is a minor release. To understand minor and patch releases, see Release notes.

Please see Component versions for a list of updated components.

Requirements

See the Requirements for details on general and deployment specific requirements to run Anbox Cloud.

New features & improvements

Authentication and authorization

In addition to connection to a remote AMS using mutual TLS, you can now use OIDC based authentication for both web and command line clients. OIDC based authentication offers the ability to store a user identity in Anbox Cloud. See Access AMS remotely for more information.

Important

For command line clients, this feature is an alpha release and still in active development. The interfaces and APIs will undergo changes but will be finalized in the 1.28.0 release.

Dashboard

• System administrators have a new Operations page to monitor all asynchronous, long-running operations. This page provides all information that you can obtain when running amc operation ls.

• A notification center that displays queued notifications is available. These notifications are persistent until dismissed and can be filtered.

Other

• The Android WebView has been updated to 138.0.7204.179.

Deprecations and removed functionality

• Support for Juju 2.9 was deprecated in 1.25.1 and is removed with this release. Instead, upgrade to the latest Juju version, 3.6. See Juju for more information.

• Support for kernels older than 6.8 was deprecated in 1.25.0 and is removed with this release.

Known issues

See our open bugs in Launchpad that are planned to be fixed for the 1.27.1 release, next month.

We assessed the following CVEs from the 2025-08-01 patch level for their severity and impact on how Anbox Cloud works but they are not included with the 1.27.0 release. They are planned to be included in the subsequent releases:

CVE	Affected versions
CVE-2025-22441	Android 13, 14, 15
CVE-2025-48533	Android 13, 14, 15
CVE-2023-40078	AAOS 13
CVE-2023-21111	AAOS 13
CVE-2023-21103	AAOS 13
CVE-2023-35676	AAOS 13
CVE-2023-21019	Android 13
CVE-2022-20124	Android 13
CVE-2023-20917	Android 13
CVE-2022-20483	Android 13

Bug fixes

• LP 2110219 When running an Anbox instance with an NVIDIA GPU and utilizing it for rendering and video encoding, the lxcfs process on the host shows an unusually high CPU consumption (~60% for a single Anbox instance).

• LP 2113943 Easy-RSA does not handle URLs with protocols correctly.

• LP 2116159 At times, setting the AMS config cpu.limit_mode to scheduler prevents instances from starting.

• LP 2117094 For Android 15, trying to access developer options in the Settings app causes an OS-level crash.

• LP 2097514 When using the Android 14 images, trying to reset mobile network settings causes an OS-level crash.

• LP 2112562 A crash in the hardware composer causes the Android system to restart.

• LP 2117082 The /1.0/shares GET endpoint of Stream gateway API supports a session_id query parameter that is currently not documented.

• LP 2101035 Newly created instances are not on the top of the instance list, making it hard to find them.

• LP 2101036 The dashboard UI did not allow few operations to be opened in a separate browser tab.

Upgrade instructions

See How to upgrade Anbox Cloud for instructions on how to update your Anbox Cloud deployment to the 1.27.0 release.