Here same problem on my wife pc. It doesn’t boot with kernel 419 anymore, as I experienced on my pc when testing updated to systemd 248, reported here.
I tried many kernel versions and, on my pc, the 419 was the only one affected by this problem,
The issue seems to be not solved, yet.
Hm, I used the mirrors that were picked by pacman-mirrors. I do not remember and did not check if they were all trusted https mirrors.
Yes, it’s been resolved, but is it known if that issue was actually exploited?
I know this is a highly theoretical question, albeit an interesting one, isn’t it?
Can be fixed manually and it actually is not hard to do. Just try it and see for yourself!
My understanding of it is that if you had http mirrors up until the keyring refresh, you were vulnerable. So any package installed/updated from now on is safe. I’m not sure about the ones currently installed that weren’t updated yet. My hunch is they’re unsafe, but this needs to be clarified.
1 Like
I agree, IMHO they should be considered unsafe until proven otherwise.
But that’s up to the Manjaro team to clarify.
I’ve noticed many of you had issues with this update and I wonder if sudo pamac upgrade should resolve most of the issues, then I’d suggest the following tutorial should be updated accordingly, to reflect such important change:
Currently it still recommends using sudo pacman -Syyu.
Thanks for the hint about the systemd version, hopefully they will fix it soon.
I only kept that old kernel , because I tested how that uses swap, compared to 5.x.
I wish the stable branch should have more quality testing before releasing updates.
No way back to Ubuntu for me 
1 Like
sudo pacman -Syyu (here returned errors) has been deemed fool-proof or at least it led me to believe it had always been like that till I read the suggestion:
sudo pamac upgrade - did the magic trick, kudos!
Well even if you use a http mirror, traffic will need to be intercepted and modified by some evil player. Very unlikely that this happened though.
Now as a mirror operator you could easily manipulate the packages though. In this case the method of transportation does not even matter…
Btw. I swear I didn’t tamper with any packages coming from my mirror(s). 
1 Like
Same problem for me. Followed this instruction and i worked without problems.
THANKS!
1 Like
The new 5.11 kernel retrurned a “Cannot Start LightDM” error. Currently running 5.04.
5.11 is not new anymore and reached EOL.
You should upgrade to 5.12 (or use 5.4 / 5.10…)
XFCE user here. I looked through the comments on this post, and found that going through the update was not so good when using pacman. So I used pamac update instead. Apparently, it’s safe to run with kernel > 5.10 and the update removed libcanberra. Successfully updated with no major hiccups so far.
1 Like
Thx. Since we are still on Gnome Shell 3.38 we had to hold back mutter too: [manjaro-packages] [BoxIt] Memo (x64)
2 Likes
Upgrade with pamac upgrade:
Error: Failed to commit transaction:
conflicting files:
- boost: /usr/share/boost-build/src/build-system.jam already exists in filesystem (owned by boost-build)
- boost: /usr/share/boost-build/src/build-system.jam already exists in filesystem (owned by boost-build)
- boost: /usr/share/boost-build/src/build/ac.jam already exists in filesystem (owned by boost-build)
- boost: /usr/share/boost-build/src/build/alias.jam already exists in filesystem (owned by boost-build)
- boost: /usr/share/boost-build/src/build/build-request.jam already exists in filesystem (owned by boost-build)
- boost: /usr/share/boost-build/src/build/config-cache.jam already exists in filesystem (owned by boost-build)
etc
$ pamac info boost
Install Reason : Installed as a dependency for another package
$ pamac remove boost
$ pamac upgrade
Transaction successfully finished
I could not remember why this was installed, probably as a dependency of a IDE/editor I’ve tried and it missed the cleanup fase.
1 Like
First you have to have the Timeshift set up so that backups are made (daily on my maschine).
When you fail to boot or something else goes wrong, you can take a Manjaro bootable USB drive and boot it, then you chroot (see here) into / partition of your system and use Timeshift to restore the system (I do it in terminal, it’s fastest and pretty easy). I takes about 5 mins.
I also use Timeshift if any programs that I need on daily basis stop working in that case I just open up the Timeshift program and do it right on the desktop and reboot.
2 Likes
My update went smoothly on one system, but there was some pamac weirdness on the second. They are both KDE/Plasma.
Pamac stopped doing anything once it downloaded files. I canceled it, clicked on refresh database. It did that, though it was pretty slow, then it did the upgrade, which is not what I expected.
Everything seems to be working for me now.
Upgrade done without any problems (used pamac). Thank you, guys!! 
However, I have a question: @philm mentions a Security Advisory in the opening post of this thread. Are there any further manual steps required here once the latest upgrade has been performed? As far as I can see, manjaro-system is already on version 20210612-1 here, so reinstalling it should not be necessary.
Should the steps described in the workaround still be performed, deleting the /etc/pacman.d/gnupg folder and re-importing the signing keys?
And for those who are upset about Manjaro’s stability (which, by the way, is great on all the computers I have Manjaro installed on), it might be worth mentioning again that it is a rolling release distribution. It is simply impossible to achieve the same stability level of a Debian or similar with a RR distro like Manjaro, or even Arch. The latter would require a much older software version of all installed applications and tools, and also the execution of manual system upgrades for new distribution releases or semi-annual reinstallation.
In my opinion, Manjaro has managed to achieve a good compromise between the stability of an LTS distribution and Arch, for example. I say this as someone who knows “both worlds” well. I run servers on Debian and have several machines running Arch and Manjaro. And Manjaro is and remains my productive system.
I have often experienced that even in LTS distributions problems with upgrades can occur, although comparatively rare, but definitely. Wherever people develop software, bugs can occur - that can’t be avoided 100% anywhere.
Also, I have installed Manjaro for members of my family, friends and customers at their request. Previously, they were using Linux Mint to generally familiarize themselves with Linux when they switched from Windows. Many were annoyed by having to reinstall their system when support was about to end, or when the manual upgrade via terminal (say from Linux Mint 18.3 to 19 or 19.3 to 20) caused problems. These affected people unanimously say, they generally have less hassle with Manjaro’s rolling release concept, and report significant speed gains with the Arch base over the Ubuntu base. And almost all of these people are ordinary users and don’t have much computer knowledge. Both have advantages and disadvantages. You have to weigh for yourself what suits your needs best.
Greetings 
9 Likes
are there official mirrors held by the distribution maintainers/creators?
As far as I know, these two:
https://mirrors.fossho.st/manjaro/
https://mirrors.manjaro.org/repo/
(well, not operated by manjaro I guess. Fosshost and some CDN provider, but they are closest to be considered “trusted” I’d say)
1 Like