I think my advice to upgrade the slurmctld nodes first was wrong. Sorry about that. Please disregard it. Subsequent upgrades I have been performing don't seem to have the same issue. It was probably a false positive from the first test instance I upgraded.

Not rotating keys here and upgrading from munge-0.5.13.



From: Ole Holm Nielsen <Ole.H.Nielsen@fysik.dtu.dk>
Sent: Wednesday 11 February 2026 10:50
To: slurm-users@lists.schedmd.com <slurm-users@lists.schedmd.com>
Cc: Sean Mc Grath <smcgrat@tcd.ie>
Subject: Re: [slurm-users] Re: MUNGE security issue (CVE-2026-25506)
 
[External Email] This email originated outside of Trinity College Dublin. Do not click links or open attachments unless you recognise the sender and know the content is safe.

Hi Sean,

On 2/11/26 11:24, Sean Mc Grath wrote:
> FYI, (which others probably already know). Munge needs to be updated on
> the slurmctld node(s) before being updated on the slurmd nodes in my
> limited testing. Similar to how slurm is updated. Updating munge on a
> slurmd node before the slurmctld caused errors on the slurmd node for the
> one instance I did that.

I'm surprised by this experience.  As long as you stay with the Munge
0.5.XX versions, I would think that Munge's protocols are interoperable
between minor versions - assuming that you don't rotate the Munge key as
explained in Tim's mail.

The Munge Release notes [2] don't seem to mention issues with upgrading,
and Slurm isn't mentioned at all.

Maybe someone can correct me here, and I'd be happy to add a correction to
my Slurm Wiki page on the topic of Munge [1].

I upgraded Munge on-the-fly from 0.5.17 to 0.5.18 yesterday in the order
login-nodes, slurmctld, slurmdbd, slurmd's, and we haven't encountered any
issues.

Best regards,
Ole

[1]
https://wiki.fysik.dtu.dk/Niflheim_system/Slurm_installation/#install-the-latest-munge-version
[2] https://github.com/dun/munge/releases