This release adds 2 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
ReleasePort's take
Light signalClevis v23 adds TPM 1.2 support and introduces a Meson build option that makes the TPM 1.2 PIN optional.
Why it matters: If you require TPM 1.2 functionality, upgrade to v23; test builds with the new Meson flag if you need optional PIN handling before deploying.
Summary
AI summaryAdded TPM 1.2 support and a Meson build option making TPM 1.2 PIN optional.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Medium |
Adds support for TPM 1.2. Adds support for TPM 1.2. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
Adds Meson build option to make TPM1 pin optional. Adds Meson build option to make TPM1 pin optional. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Dependency | Medium |
Enables Packit CI for continuous integration. Enables Packit CI for continuous integration. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Deprecation | Medium |
Removes CentOS Stream 9 from PKCS11 testing in Packit configuration. Removes CentOS Stream 9 from PKCS11 testing in Packit configuration. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Bugfix | Medium |
Fixes Dracut execution issue with v110 Dracut. Fixes Dracut execution issue with v110 Dracut. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Resolves LUKS2 auto-unlock failure with TPM2 pin in udisks2. Resolves LUKS2 auto-unlock failure with TPM2 pin in udisks2. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Corrects PKCS#11 public key ID parsing. Corrects PKCS#11 public key ID parsing. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Other | Medium |
Releases version v23 of Clevis. Releases version v23 of Clevis. Source: llm_adapter@2026-05-21 Confidence: low |
— |
Full changelog
What's Changed
- dracut: fix running with v110 Dracut (#545) by @oldium in https://github.com/latchset/clevis/pull/549
- Add TPM 1.2 support by @oldium in https://github.com/latchset/clevis/pull/462
- udisks2: fix LUKS2 auto-unlock failure with TPM2 pin by @sergio-correia in https://github.com/latchset/clevis/pull/550
- Fix pkcs11 pubkey id parsing by @sarroutbi in https://github.com/latchset/clevis/pull/552
- Enable Packit CI by @prikryla in https://github.com/latchset/clevis/pull/553
- Remove centos-stream-9 from pkcs11 testing in Packit config by @prikryla in https://github.com/latchset/clevis/pull/558
- Add meson build option to make tpm1 pin optional by @sarroutbi in https://github.com/latchset/clevis/pull/557
- Release version v23 by @sarroutbi in https://github.com/latchset/clevis/pull/559
New Contributors
- @prikryla made their first contribution in https://github.com/latchset/clevis/pull/553
Full Changelog: https://github.com/latchset/clevis/compare/v22...v23
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Clevis
Plugable framework for automated decryption, often used as a Tang client.
Related context
Related tools
Beta — feedback welcome: [email protected]