A release for Halloween? Get your Proton Pack and don't be scared: this XCP-ng 7.6 release is doing a lot to improve security.
Everything is now signed using GPG:
- Repository containing RPMs
- RPMs themselves
- ISO install CDs
Thanks to this, we are now avoiding the possibility of people tampering with the repository or RPM packages. This also opens official mirror contributions, see below.
You can learn more about it on our official Wiki page.
This security flaw could lead to Xen crashes, then DDoS if triggered on purpose by an attacker having access to an HVM guest. Thanks to very fast work from the Xen team, a patch was available quickly. Citrix also released a fix very quickly for XenServer, so we'd like to thank them for their work.
Note: the fix is available as an update in XCP-ng 7.5, and already included in XCP-ng 7.6!
We did a dedicated blog post with more details if you want dig a bit into it.
Do you want to host an official XCP-ng mirror? Thanks to the new signed repo and packages, this is now doable without fear of any alteration on any mirror.
Please send a request to mirrors at xcp-ng dot org to apply.
Note: we'll need to get your hosting physical location and max bandwidth you can offer.
Software RAID support
It was included between 7.5 and 7.6 release, but if you missed it, here is a quick reminder: you can use a software RAID1 during your XCP-ng install. Read the full blog post on XCP-ng software RAID support for more details.
So ready to upgrade? Please go read our dedicated blog post!
If there's something strange in your XCP-ng, who you gonna call? XCP-ng Pro support!