I think my advice to upgrade the slurmctld nodes first was wrong. Sorry about that. Please disregard it. Subsequent upgrades I have been performing don't seem to have the same issue. It was probably a false positive from the first test instance I upgraded.
Not rotating keys here and upgrading from munge-0.5.13. ________________________________ From: Ole Holm Nielsen <[email protected]> Sent: Wednesday 11 February 2026 10:50 To: [email protected] <[email protected]> Cc: Sean Mc Grath <[email protected]> Subject: Re: [slurm-users] Re: MUNGE security issue (CVE-2026-25506) [External Email] This email originated outside of Trinity College Dublin. Do not click links or open attachments unless you recognise the sender and know the content is safe. Hi Sean, On 2/11/26 11:24, Sean Mc Grath wrote: > FYI, (which others probably already know). Munge needs to be updated on > the slurmctld node(s) before being updated on the slurmd nodes in my > limited testing. Similar to how slurm is updated. Updating munge on a > slurmd node before the slurmctld caused errors on the slurmd node for the > one instance I did that. I'm surprised by this experience. As long as you stay with the Munge 0.5.XX versions, I would think that Munge's protocols are interoperable between minor versions - assuming that you don't rotate the Munge key as explained in Tim's mail. The Munge Release notes [2] don't seem to mention issues with upgrading, and Slurm isn't mentioned at all. Maybe someone can correct me here, and I'd be happy to add a correction to my Slurm Wiki page on the topic of Munge [1]. I upgraded Munge on-the-fly from 0.5.17 to 0.5.18 yesterday in the order login-nodes, slurmctld, slurmdbd, slurmd's, and we haven't encountered any issues. Best regards, Ole [1] https://wiki.fysik.dtu.dk/Niflheim_system/Slurm_installation/#install-the-latest-munge-version [2] https://github.com/dun/munge/releases
-- slurm-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
