Current Series Release Notes¶

3.25.0-18¶

Add the security-groups-default-statefulness API extension definition in neutron_lib.api.definitions.security_groups_default_statefulness. This extension introduces a top-level resource at /security-groups-default-statefulness that allows configuring the default value of the stateful attribute for new security groups, on a per-project or system-wide basis.

Added context_if_transaction and safe_creation helper functions to neutron_lib.db.utils. These were previously in neutron.db._utils and are now available for all networking projects to consume from neutron-lib.

The fip64 API definition and documentation have been removed. This extension was only used by networking-midonet, which is no longer maintained. The API definition module neutron_lib.api.definitions.fip64, its unit test, and the corresponding api-ref documentation have all been deleted.

The logging-resource API definition and documentation have been removed. This extension was only used by networking-midonet, which is no longer maintained. The API definition module neutron_lib.api.definitions.logging_resource, its unit test, and the corresponding api-ref documentation (logging_resource.inc, firewall_log.inc, and related sample files) have all been deleted.

The router-interface-fip API definition and documentation have been removed. This extension was only used by networking-midonet, which is no longer maintained. The API definition module neutron_lib.api.definitions.router_interface_fip, its unit test, and the corresponding api-ref documentation have all been deleted.

In version 3.16.0 of neutron-lib, in the 2025.1 release cycle, the tenant_id argument in the ContextBase class was marked deprecated, and a warning was printed if it was used. That argument is now removed, callers should be using project_id instead when accessing the contents of a context object, for example context.project_id.

Added is_filter and is_sort_key to the attributes of the SFC API definitions for port_pairs, port_pair_groups and port_chains.

neutron_lib.worker.BaseWorker.start now passes self (the worker instance) as the trigger argument when publishing the PROCESS/AFTER_INIT registry event, instead of the start method reference. This allows registry callbacks to identify the concrete worker class that triggered the event (e.g. WorkerService vs MaintenanceWorker) and act accordingly.

Clarified the contract for MechanismDriver.check_vlan_transparency() and MechanismDriver.check_vlan_qinq() in neutron_lib.plugins.ml2.api. Each method may return True (explicit support), False (explicit non-support), or None (abstain / no opinion). Neutron’s ML2 plugin aggregates driver responses and accepts the capability only when at least one driver returns True and none return False. This is a documentation-only clarification; default base behavior remains abstention.

Added the l3-agent-scheduler-ha-chassis-priority API extension definition. This extension adds an ha_chassis_priority attribute to the agent resource in the L3 Agent Scheduler API, exposing the OVN HA_Chassis priority that determines gateway failover ordering. The attribute is readable (GET), optionally settable when scheduling a router to a chassis (POST), and updatable for an existing chassis assignment (PUT).

New extension pvlan: Adds support for Private VLANs (PVLANs), enabling a new way of port isolation within a shared VLAN. With PVLAN, users can define networks that allow selective communication between ports using modes such as promiscuous, isolated, and community. The extension introduces new port and network attributes: pvlan_type, pvlan_community, and pvlan.

Now all service plugins, inheriting from ServicePluginBase class, will have the extension “filter-validation” enabled by default. That enforces the API filter validation in the queries, returning a HTTPBadRequest in case of using an invalid attribute. This extension can be enabled or disabled using the Neutron configuration variable [DEFAULT]filter_validation.

A new method was added to the TypeDriver and ML2TypeDriver API classes called allocate_project_segment. It take the same arguments as allocate_tenant_segment just uses a different name. By default, it calls the allocate_tenant_segment method to avoid any compatibility issues, but callers are expected to change to the new method, after which allocate_tenant_segment will be deprecated.

Fixed API reference documentation for port binding activation and deletion endpoints. The host parameter is now correctly documented as a path parameter instead of a body parameter for the following endpoints:
- PUT /v2.0/ports/{port_id}/bindings/{host}/activate
- DELETE /v2.0/ports/{port_id}/bindings/{host}
This fixes the issue where clients (like openstacksdk) were incorrectly sending the host parameter in both the path and the body, causing a TypeError. For more information see bug 2146294

API policy rules SERVICE, ADMIN, PROJECT_MANAGER, PROJECT_MEMBER, PROJECT_READER, ADMIN_OR_SERVICE, ADMIN_OR_PROJECT_MANAGER, ADMIN_OR_PROJECT_MEMBER, ADMIN_OR_PROJECT_READER, RULE_PARENT_OWNER, PARENT_OWNER_MANAGER, PARENT_OWNER_MEMBER, PARENT_OWNER_READER, ADMIN_OR_PARENT_OWNER_MANAGER, ADMIN_OR_PARENT_OWNER_MEMBER, ADMIN_OR_PARENT_OWNER_READER are moved from neutron.conf.policy.base module to neutron_lib and are now available in neutron_lib.policy.rules module.