User avatar
Lix Project @lix_project@chaos.social
11mo
We discovered a critical bug on 2.91.2, 2.92.3, 2.93.1 as part of the CVE fixes that will cause your system to remove certain valid Nix store paths at the end of builds.

We have an ongoing blog post on this incident, including recovery instructions: lix.systems/blog/2025-06-27-lix-critical-bug/
2
0
0
0
User avatar
Lix Project @lix_project@chaos.social
11mo
We have prepared patches for all supported releases to address the critical bug (publicly in our Gerrit instance). However, we have paused the release for now. We are continuing to monitor incoming reports, especially CL (gerrit.lix.systems/c/lix/+/3500), and want to allow more quality assurance time to avoid introducing further regressions or making upgrades unnecessarily disruptive.

We have also fixed the static builds, which enables the mitigation strategy described in the blog post.
1
0
0
0
User avatar
Lix Project @lix_project@chaos.social
11mo
As is often the case in complex, ongoing situations, we prefer to offer clear choices and not do rash decisions, so you remain in control of how and when to act, depending on the trade-offs you are willing to make.
1
0
0
0
User avatar
Lix Project @lix_project@chaos.social
11mo
The Lix team is very sorry for the caused inconveniences and we will go into more details in an upcoming postmortem on how could this have happened and what we plan to do to remediate that in the future.

For more information, please review our latest blog post on the incident at lix.systems/blog/2025-06-27-lix-critical-bug/, which will be continually updated.
3
0
1
0
User avatar
mio @mio@shrimp.mio19.uk
11mo
@lix_project Does it affect the lix version 2.93.0? nix (Lix, like Nix) 2.93.0
System type: aarch64-darwin
Additional system types: x86_64-darwin
Features: gc, signed-caches
System configuration file: /etc/nix/nix.conf
User configuration files: /Users/user/.config/nix/nix.conf:/etc/xdg/nix/nix.conf
Store directory: /nix/store
State directory: /nix/var/nix
Data directory: /nix/store/0vn9444lszwlxrg98krrpyfdl4hgdzy6-lix-2.93.0/share
2
0
0
0
User avatar
Lix Project @lix_project@chaos.social
11mo
@mio no. 2.93.0 doesn't have the security fixes that contained the regression. it's not affected.
0
0
1
0
User avatar
mio @mio@shrimp.mio19.uk
11mo
@lix_project This version is mentioned in neither the affected nor the unaffected versions
0
0
0
0