Fixed
* [#5277](#5277): Fixed a
  bug allowing the block device to starve all other devices when backed by a
  sufficiently slow drive.

Changed
* [#220](firecracker-microvm/private-firecracker-staging#220):
  Made MMDS unwrap a string of JSON and respond a JSON object for IMDS security
  credentials paths so that some clients that requesting with
  `Accept: application/json` is able to parse the response.

Started development of v1.13

Added
* [#5048](#5048): Added
  support for [PVH boot mode](docs/pvh.md). This is used when an x86 kernel
  provides the appropriate ELF Note to indicate that PVH boot mode is supported.
  Linux kernels newer than 5.0 compiled with `CONFIG_PVH=y` set this ELF Note,
  as do FreeBSD kernels.
* [#5065](#5065) Added
  support for Intel AMX (Advanced Matrix Extensions). To be able to take and
  restore a snapshot of Intel AMX state, `Xsave` is used instead of `kvm_xsave`,
  so users need to regenerate snapshots.
* [#4731](#4731): Added
  support for modifying the host TAP device name during snapshot restore.
* [#5146](#5146): Added
  Intel Sapphire Rapids as a supported and tested platform for Firecracker.
* [#5148](#5148): Added
  ARM Graviton4 as a supported and tested platform for Firecracker.
Changed
* [#5118](#5118): Cleared
  WAITPKG CPUID bit in CPUID normalization. The feature enables a guest to put a
  physical processor into an idle state, which is undesirable in a FaaS
  environment since that is what the host wants to decide.
* [#5142](#5142):
  Clarified what CPU models are supported by each existing CPU template.
  Firecracker exits with an error if a CPU template is used on an unsupported
  CPU model.
Deprecated
* [#4948](#4948):
  Deprecated the `page_size_kib` field in the
  [UFFD handshake](docs/snapshotting/handling-page-faults-on-snapshot-resume.md#registering-memory-to-be-handled-via-userfault-file-descriptors),
  and replaced it with a `page_size` field. The `page_size_kib` field is
  misnamed, as the value Firecracker sets it to is actually the page size in
  _bytes_, not KiB. It will be removed in Firecracker 2.0.
Fixed
* [#5074](#5074) Fix the
  `SendCtrlAltDel` command not working for ACPI-enabled guest kernels, by
  dropping the i8042.nopnp argument from the default kernel command line
  Firecracker constructs.
* [#5122](#5122): Keep
  the UFFD Unix domain socket open to prevent the race condition between the
  guest memory mappings message and the shutdown event that was sometimes
  causing arrival of an empty message on the UFFD handler side.
* [#5143](#5143): Fixed
  to report `process_startup_time_us` and `process_startup_time_cpu_us` metrics
  for `api_server` right after the API server starts, while previously reported
  before applying seccomp filter and starting the API server. Users may observe
  a bit longer startup time metrics.

Added
* [#4987](#4987): Reset
  physical counter register (`CNTPCT_EL0`) on VM startup. This avoids VM reading
  the host physical counter value. This is only possible on 6.4 and newer
  kernels. For older kernels physical counter will still be passed to the guest
  unmodified. See more info
  [here](https://github.com/firecracker-microvm/firecracker/blob/main/docs/prod-host-setup.md#arm-only-vm-physical-counter-behaviour)
* [#5088](#5088): Added
  AMD Genoa as a supported and tested platform for Firecracker.
Changed
* [#4913](#4913): Removed
  unnecessary fields (`max_connections` and `max_pending_resets`) from the
  snapshot format, bumping the snapshot version to 5.0.0. Users need to
  regenerate snapshots.
* [#4926](#4926): Replace
  underlying implementation for seccompiler from in house one in favor of
  `libseccomp` which produces smaller and more optimized BPF code.
Deprecated
Removed
Fixed
* [#4921](#4921): Fixed
  swagger `CpuConfig` definition to include missing aarch64-specific fields.
* [#4916](#4916): Fixed
  `IovDeque` implementation to work with any host page size. This fixes
  virtio-net device on non 4K host kernels.
* [#4991](#4991): Fixed
  `mem_size_mib` and `track_dirty_pages` being mandatory for all
  `PATCH /machine-config` requests. Now, they can be omitted which leaves these
  parts of the machine configuration unchanged.
* [#5007](#5007): Fixed
  watchdog softlockup warning on x86_64 guests when a vCPU is paused during GDB
  debugging.
* [#5021](#5021) If a
  balloon device is inflated post UFFD-backed snapshot restore, Firecracker now
  causes `remove` UFFD messages to be sent to the UFFD handler. Previously, no
  such message would be sent.
* [#5034](#5034): Fix an
  integer underflow in the jailer when computing the value it passes to
  Firecracker's `--parent-cpu-time-us` values, which caused development builds
  of Firecracker to crash (but production builds were unaffected as underflows
  do not panic in release mode).
* [#5045](#5045): Fixed
  an issue where firecracker intermittently receives SIGHUP when using jailer
  with `--new-pid-ns` but without `--daemonize`.
* [#4995](#4995):
  Firecracker no longer overwrites CPUID leaf 0x80000000 when running AMD
  hardware, meaning the guest can now discover a greater range of CPUID leaves
  in the extended function range (this range is host kernel dependent).
* [#5046](#5046): Retry
  KVM_CREATE_VM on EINTR that occasionally happen on heavily loaded hosts to
  improve reliability of microVM creation.
* [#5052](#5052): Build
  the empty seccomp policy as default for debug builds to avoid crashes on
  syscalls introduced by debug assertions from Rust 1.80.0.

Started development of v1.12

Changed
* [#4907](#4907): Bump
  snapshot version to 4.0.0.

Started development of v1.11.0

Added
* [#4834](#4834): Add
  `VIRTIO_NET_F_RX_MRGBUF` support to the `virtio-net` device. When this feature
  is negotiated, guest `virtio-net` driver can perform more efficient memory
  management which in turn improves RX and TX performance.
* [#4460](#4460): Add a
  call to
  [`KVM_KVMCLOCK_CTRL`](https://docs.kernel.org/virt/kvm/api.html#kvm-kvmclock-ctrl)
  after pausing vCPUs on x86_64 architectures. This ioctl sets a flag in the KVM
  state of the vCPU indicating that it has been paused by the host userspace. In
  guests that use kvmclock, the soft lockup watchdog checks this flag. If it is
  set, it won't trigger the lockup condition. Calling the ioctl for guests that
  don't use kvmclock will fail. These failures are not fatal. We log the failure
  and increase the `vcpu.kvmclock_ctrl_fails` metric.
* [#4869](#4869): Added
  support for Aarch64 systems which feature CPU caches with a number of sets
  higher than `u16::MAX`.
* [#4797](#4797),
  [#4854](#4854): Added
  GDB debugging support for a microVM guest kernel. Please see our
  [GDB debugging documentation](docs/gdb-debugging.md) for more information.
Changed
* [#4844](#4844): Upgrade
  `virtio-net` device to use `readv` syscall to avoid unnecessary memory copies
  on RX path, increasing the RX performance.
Deprecated
Removed
* [#4804](#4804): Drop
  Support for guest kernel 4.14. Linux 4.14 reached end-of-life in
  [January 2024](https://lore.kernel.org/lkml/2024011046-ecology-tiptoeing-ce50@gregkh/)
  The minimum supported guest kernel now is 5.10.
Fixed
* [#4796](#4796): Fixed
  Vsock not notifying guest about `TRANSPORT_RESET_EVENT` event after snapshot
  restore. This resulted in guest waiting indefinitely on a connection which was
  reset during snapshot creation.
* [#4790](#4790): v1.9.0
  was missing most of the debugging information in the debuginfo file, due to a
  change in the Cargo defaults. This has been corrected.
* [#4826](#4826): Add
  missing configuration of tap offload features when restoring from a snapshot.
  Setting the features was previously
  [moved](49ed5ea)
  from net device creation to device activation time, but it was not reflected
  in the restore path. This was leading to inability to connect to the restored
  VM if the offload features were used.

Fixed
* [#4824](#4824): Add
  missing configuration of tap offload features when restoring from a snapshot.
  Setting the features was previously
  [moved](49ed5ea)
  from net device creation to device activation time, but it was not reflected
  in the restore path. This was leading to inability to connect to the restored
  VM if the offload features were used.
* [#4829](#4829): v1.9.0
  was missing most of the debugging information in the debuginfo file, due to a
  change in the Cargo defaults. This has been corrected.