[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["缺少我需要的資訊","missingTheInformationINeed","thumb-down"],["過於複雜/步驟過多","tooComplicatedTooManySteps","thumb-down"],["過時","outOfDate","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["示例/程式碼問題","samplesCodeIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-07-27 (世界標準時間)。"],[],[],null,["# Stable kernel releases and updates\n\nThe Linux kernel stable release model started in 2005, when it was determined\nthat the existing kernel development model (a new release every 2-3 months) was\nnot meeting the needs of most users. Users wanted bugfixes made during those 2-3\nmonths, and Linux distributions found it difficult to keep kernels up to date\nwithout feedback from the kernel community. In general, attempts to keep\nindividual kernels secure and with the latest bugfixes was a large and confusing\neffort by lots of different individuals.\n\n\nStable kernel releases are based directly on Linus Torvalds' releases, and are\nreleased every week or so, depending on various external factors (time of year,\navailable patches, maintainer workload, etc.). The numbering of the stable\nreleases starts with the number of the kernel release, and an additional number\nis added to the end of it. For example, the 4.4 kernel is released by Linus, and\nthen the stable kernel releases based on this kernel are numbered 4.4.1, 4.4.2,\n4.4.3, and so on. This sequence is usually shortened with the number 4.4.y when\nreferring to a stable kernel release tree. Each stable kernel release tree is\nmaintained by a single kernel developer, who is responsible for picking the\nneeded patches for the release and managing the review/release process.\n\n\nStable kernels are maintained for the length of the current development cycle.\nAfter Linus releases a new kernel, the previous stable kernel release tree is\nstopped and users must move to the newer released kernel.\n\nLong-term stable kernels\n------------------------\n\n\nAfter a year of this new stable release process, it was determined that many\ndifferent users of Linux wanted a kernel to be supported for longer than just a\nfew months. In response, the Long Term Supported (LTS) kernel release was\ncreated, with the first LTS kernel (2.6.16) released in 2006. Since then, a new\nLTS kernel has been selected once a year and kernel community maintains that\nkernel for a minimum of 2 years.\n\nAt the time of this writing, the LTS kernels are the 4.4.y, 4.9.y, 4.14.y,\n4.19.y, 5.4.y, and 5.10.y releases. A new kernel is released weekly. Due to\nthe needs of some users and distributions, a few additional older kernels are\nmaintained by kernel developers at a slower release cycle. Information about\nall long-term stable kernels, who is in charge of them, and how long they are\nmaintained, can be found on the\n[kernel.org\nreleases](https://www.kernel.org/category/releases.html) page.\n\n\nLTS kernel releases average 6-8 patches accepted per day, while the normal\nstable kernel releases contain 10-15 patches per day. The number of patches\nfluctuates per release given the current time of the corresponding development\nkernel release, and other external variables. The older a LTS kernel is, the\nless patches are applicable to it as many recent bugfixes are not relevant to\nolder kernels. However, the older a kernel is, the harder it is to backport the\nchanges that are needed to be applied, due to the changes in the codebase. So\nwhile there might be a lower number of overall patches being applied, the effort\ninvolved in maintaining a LTS kernel is greater than maintaining the normal\nstable kernel.\n\nStable kernel patch rules\n-------------------------\n\nThe rules for what can be added to a stable kernel release have remained\nalmost identical since its introduction and are summarized below:\n\n- Must be obviously correct and tested.\n- Must not be bigger than 100 lines.\n- Must fix only one thing.\n- Must fix something that has been reported to be an issue.\n- Can be a new device id or quirk for hardware, but not add major new functionality.\n- Must already be merged into Linus Torvalds' tree.\n\n| **Note:** For a full list of the rules for patches to be accepted into a stable kernel release, refer to the [Documentation/process/stable_kernel_rules.rst](https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html) kernel file.\n\nThe last rule, \"Must already be merged into Linus Torvalds' tree\", prevents\nthe kernel community from losing fixes. The community never wants a fix to go\ninto a stable kernel release that is not already in Linus Torvalds' tree, so\nthat anyone who upgrades should never see a regression. This prevents many\nproblems that other projects who maintain a stable and development branch can\nhave.\n\nKernel updates\n--------------\n\nThe Linux kernel community has promised its userbase that no upgrade\never breaks anything that is working in a previous release. That\npromise still holds true today. Regressions do happen, but those are the highest\npriority bugs and are either quickly fixed, or the change that caused the\nregression is quickly reverted from the Linux kernel tree.\n\nThis promise holds true for both the incremental stable kernel updates, as\nwell as the larger major updates that happen every three months. However, the\nkernel community can only make this promise for the code that is merged into the\nLinux kernel tree. Any code that is merged into a device's kernel that is not in\nthe [kernel.org](https://www.kernel.org/) releases is unknown and\ninteractions with it can never be planned for, or even considered.\n\nDevices based on Linux that have large patch sets can have major issues when\nupdating to newer kernels, because of the large number of changes between each\nrelease (10-14 thousand changes per release). SoC patchsets are especially known\nto have issues with updating to newer kernels due to their large size and heavy\nmodification of architecture specific, and sometimes core, kernel code. As a\nresult, most SoC vendors are starting to standardize on using the LTS releases\nfor their devices, enabling those devices to receive bug and security updates\ndirectly from the Linux kernel community.\n\nSecurity\n--------\n\nWhen doing kernel releases, the Linux kernel community almost never declares\nspecific changes as *security fixes*. This is due to the basic problem of\nthe difficulty in determining if a bugfix is a security fix or not at the time\nof creation. Also, many bugfixes are only determined to be security related\nafter much time has passed, so the kernel community strongly recommends always\ntaking all bugfixes that are released.\n| **Note:** For details on Linus Torvalds' statement on security fixes, refer to the relevant [email\n| thread](http://marc.info/?t=121507404600023&r=4&w=2).\n\n\nWhen security problems are reported to the kernel community, they are fixed as\nsoon as possible and pushed out publicly to the development tree and the\nstable releases. As described above, the changes are almost never described as\na \"security fix\", but rather look like any other bugfix for the kernel. This is\ndone to allow affected parties the ability to update their systems before the\nreporter of the problem announces it.\n\nFor details on reporting security bugs to the kernel community to get\nthem resolved and fixed as soon as possible, refer to\nSecurity bugs in *The Linux kernel user's and administrator's guide* at\n[www.kernel.org](https://www.kernel.org).\n\n\nBecause security bugs are not announced to the public by the kernel team, CVE\nnumbers for Linux kernel-related issues are usually released weeks, months, and\nsometimes years after the fix was merged into the stable and development\nbranches.\n\n### Keep a secure system\n\nWhen deploying a device that uses Linux, we strongly recommend that all\nLTS kernel updates be taken by the manufacturer and pushed out to their users\nafter proper testing shows the update works well. This has several advantages:\n\n- Releases have been reviewed by the kernel developers as a whole, not in individual parts.\n- It's difficult to determine which patches fix \"security\" issues and which do not. Almost every LTS release contains at least one known security fix, and many yet \"unknown.\"\n- If testing shows a problem, the kernel developer community reacts quickly to resolve the issue.\n- Attempts to filter out only the changes you run results in a kernel tree that is impossible to merge correctly with future upstream releases."]]
