I think my advice to upgrade the slurmctld nodes first was wrong. Sorry about that. Please disregard it. Subsequent upgrades I have been performing don't seem to have the same issue. It was probably a false positive from the first test instance I upgraded.
Not rotating keys here and upgrading from munge-0.5.13.
________________________________ From: Ole Holm Nielsen Ole.H.Nielsen@fysik.dtu.dk Sent: Wednesday 11 February 2026 10:50 To: slurm-users@lists.schedmd.com slurm-users@lists.schedmd.com Cc: Sean Mc Grath smcgrat@tcd.ie Subject: Re: [slurm-users] Re: MUNGE security issue (CVE-2026-25506)
[External Email] This email originated outside of Trinity College Dublin. Do not click links or open attachments unless you recognise the sender and know the content is safe.
Hi Sean,
On 2/11/26 11:24, Sean Mc Grath wrote:
FYI, (which others probably already know). Munge needs to be updated on the slurmctld node(s) before being updated on the slurmd nodes in my limited testing. Similar to how slurm is updated. Updating munge on a slurmd node before the slurmctld caused errors on the slurmd node for the one instance I did that.
I'm surprised by this experience. As long as you stay with the Munge 0.5.XX versions, I would think that Munge's protocols are interoperable between minor versions - assuming that you don't rotate the Munge key as explained in Tim's mail.
The Munge Release notes [2] don't seem to mention issues with upgrading, and Slurm isn't mentioned at all.
Maybe someone can correct me here, and I'd be happy to add a correction to my Slurm Wiki page on the topic of Munge [1].
I upgraded Munge on-the-fly from 0.5.17 to 0.5.18 yesterday in the order login-nodes, slurmctld, slurmdbd, slurmd's, and we haven't encountered any issues.
Best regards, Ole
[1] https://wiki.fysik.dtu.dk/Niflheim_system/Slurm_installation/#install-the-la... [2] https://github.com/dun/munge/releases