Introduction: A New Era for Fedora
At Red Hat Summit 2026, the open-source community witnessed the launch of Fedora Hummingbird—a groundbreaking rolling release distribution that marries the agility of container images with the full power of an operating system. Unlike traditional Fedora versions, Hummingbird delivers continuous updates straight from upstream, ensuring users always have the latest software with security patches applied as soon as they become available.
The Vision Behind Fedora Hummingbird
Fedora Hummingbird adopts an image-based workflow similar to container deployments but extends that model beyond containers into virtual machines and even bare-metal installations. If you’ve been following Project Hummingbird and Project Bluefin, you’ll recognize the approach: treat the entire operating system as a versioned, immutable image that can be swapped out atomically. Hummingbird applies this philosophy from the kernel up to the last dependency, creating a system that is both up-to-date and remarkably secure.
Project Hummingbird: Zero CVE, Every Image
The cornerstone of Fedora Hummingbird is Project Hummingbird, a container-image initiative that aims for a radical goal: get as close to zero CVE reports as possible in every shipped image—and stay there continuously. To achieve this, the team made every architectural decision in service of reducing attack surface and automating vulnerability management.
Distroless by Design
All Hummingbird images are distroless: they contain no package manager, no shell, and only the absolute essentials needed to run the application. This minimalist approach dramatically reduces the number of vulnerabilities that can creep in. When you pull a third-party container image today, you inherit its CVE list and assume the burden of patching. With Hummingbird, the pipeline has already triaged, patched, and rebuilt every layer—you skip what the team calls “CVE hell.”
A Growing Catalog
Over the past eight months, the team has built a catalog of 49 unique minimal, hardened, distroless images (totaling 157 variants when counting FIPS and multi-architecture builds). These cover popular runtimes and databases: Python, Go, Node.js, Rust, Ruby, OpenJDK, .NET, PostgreSQL, nginx, and dozens more. The current CVE status for all images and variants is published live at the Hummingbird catalog, providing full transparency.
How Fedora Hummingbird Is Built
Under the hood, Fedora Hummingbird relies on a Konflux-based pipeline that orchestrates fully isolated, reproducible builds from pinned package lists. The pipeline uses chunkah, a custom tool from the Hummingbird team, which ensures that incremental updates download only the changed parts of an image—dramatically reducing bandwidth and time. Continuous vulnerability scanning with Syft and Grype identifies issues immediately; when an upstream patch lands, the pipeline rebuilds, tests, and ships the updated image automatically.
Sourcing Packages
More than 95% of packages in every Hummingbird image originate directly from Fedora Rawhide, unmodified. For the remaining packages—either not yet in Rawhide or not sufficiently current—the team pulls from upstream sources. All modifications are contributed back to Fedora, strengthening the ecosystem. This reminds many of Fedora CoreOS, but the use case differs: CoreOS provides a minimal host for orchestrated workloads, while Hummingbird delivers a complete, rolling distribution for general-purpose computing, from development machines to edge devices.
Why Developers and Users Will Love Fedora Hummingbird
- Always Up-to-Date: Because it’s a rolling release, you never wait for a new Fedora version to get the latest software. Updates arrive from upstream within hours of being patched.
- Security First: The distroless design and automated CVE triage mean you inherit fewer vulnerabilities, and those that do appear are fixed before you ever pull the image.
- Image-Based Reliability: Whole-system updates are atomic and reversible. If an update causes issues, you can roll back to a previous image instantly.
- Same Workflow Everywhere: Whether you’re running containers, VMs, or bare metal, the experience is consistent—pulling an image, booting it, and using it.
Getting Started Today
The foundation of Fedora Hummingbird is already available. You can pull the latest host OS image from the Hummingbird containers repository and boot it immediately—on a VM, a cloud instance, or even your own laptop. The rolling release model means you’ll receive continuous updates without ever needing a disruptive upgrade.
Conclusion: The Future of Operating Systems?
Fedora Hummingbird represents a significant step toward making the entire OS as manageable as a container image. By applying the zero-CVE philosophy of Project Hummingbird to the host system, Red Hat and the community have created a distribution that is both cutting-edge and rock-solid. As the ecosystem of distroless images grows, expect Hummingbird to become the go-to choice for developers who demand security without sacrificing speed. The revolution has already begun—pull an image and see for yourself.