A security update is available for the only currently supported release of XCP-ng: 8.2 LTS.
Several new vulnerabilities related to speculative execution in CPUs have been recently disclosed.
On an up to date XCP-ng, only AMD CPU models are believed to be affected. In today's updates, Xen has been patched to mitigate this hardware issue.
The update also includes updated microcode for some AMD CPU models.
On affected hardware, code running in a guest VM may be able to infer the value of data from memory regions reserved to the host or to other guests.