XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    XCP-ng 8.2 updates announcements and testing

    Scheduled Pinned Locked Moved News
    712 Posts 67 Posters 1.2m Views 84 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gduperreyG Offline
      gduperrey Vates 🪐 XCP-ng Team
      last edited by

      Update published: https://xcp-ng.org/blog/2025/03/12/march-2025-security-and-maintenance-update-for-xcp-ng-8-2-lts/

      Thank you for the tests!

      1 Reply Last reply Reply Quote 1
      • stormiS Offline
        stormi Vates 🪐 XCP-ng Team
        last edited by

        New security update candidates for you to test!

        Yet more vulnerabilities in Intel hardware, addressed in two complementary ways: patching Xen and updating Intel microcode.

        Together with this security update, will also publish a patched XAPI to fix a minor issue with information reporting from VM to hypervisor.

        Test on XCP-ng 8.2

        From an up-to-date host:

        yum clean metadata --enablerepo=xcp-ng-candidates
        yum update --enablerepo=xcp-ng-candidates
        reboot
        

        The usual update rules apply: pool coordinator first, etc.

        Versions

        • microcode_ctl: 2.1-26.xs29.8.xcpng8.2 (weird identifier for historical reasons, but that's actually Intel microcode published by them yesterday)
        • xen: 4.13.5-9.49.1.xcpng8.2
        • xapi: 1.249.41-1.2.xcpng8.2

        What to test

        Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.

        Test window before official release of the updates

        ~24h. That's an urgent one.

        A 1 Reply Last reply Reply Quote 2
        • J Offline
          JeffBerntsen Top contributor
          last edited by

          Installed and seems to be running fine so far on my test systems.

          1 Reply Last reply Reply Quote 3
          • A Offline
            Andrew Top contributor @stormi
            last edited by

            @stormi I needed an excuse to reboot all my hosts... Upgraded and running on stable pools. I see the Intel 11th gen new microcode. All working normally at this time.

            1 Reply Last reply Reply Quote 2
            • bleaderB Offline
              bleader Vates 🪐 XCP-ng Team
              last edited by

              Update published: https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/

              Thank your for the tests.

              1 Reply Last reply Reply Quote 3
              • olivierlambertO Offline
                olivierlambert Vates 🪐 Co-Founder CEO
                last edited by

                Updated our own prod via XO RPU, everything is working fine 🙂

                1 Reply Last reply Reply Quote 2
                • stormiS Offline
                  stormi Vates 🪐 XCP-ng Team
                  last edited by stormi

                  New update candidates for you to test!

                  A new batch of non-urgent updates is ready for user tests before a future collective release.

                  • openssh: Fix low priority CVE-2025-26465 DoS attack when VerifyHostKeyDNS is "yes" or "ask" (The Default value has not changed: "no")
                  • samba: Fix vulnerabilities which are very unlikely to be exploitable on XCP-ng but are reported by security scanners.
                  • xcp-ng-release: This update adds a certificate to resolve a TLS handshake error, particularly when deploying XOA from CLI using curl.

                  Test on XCP-ng 8.2

                  From an up to date host:

                  yum clean metadata --enablerepo=xcp-ng-testing
                  yum update --enablerepo=xcp-ng-testing
                  reboot
                  

                  The usual update rules apply: pool coordinator first, etc.

                  No specific steps for these updates for XOSTOR users.

                  Versions

                  • openssh: 7.4p1-23.3.2.xcpng8.2
                  • samba: 4.10.16-25.el7_9
                  • xcp-ng-release: 8.2.1-16

                  What to test

                  Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.

                  Test window before official release of the updates

                  None defined, but early feedback is always better than late feedback, which is in turn better than no feedback 🙂

                  1 Reply Last reply Reply Quote 3
                  • gduperreyG Offline
                    gduperrey Vates 🪐 XCP-ng Team
                    last edited by

                    New security and maintenance update candidate

                    A new XSA (Xen Security Advisory) was published on the 1st of July, and an update to Xen addresses it. We also publish other non-urgent updates which we had in the pipe for the next release.


                    Security updates

                    • xen-*:
                      • Fix XSA-470 - An unprivileged guest can cause a hypervisor crash, causing a Denial of Service (DoS) of the entire host.

                    Maintenance updates

                    • openssh: fix low priority CVE-2025-26465 DoS attack when VerifyHostKeyDNS is "yes" or "ask" (The Default value has not changed: "no")
                    • samba: fix low priority CVEs on client side.
                    • xcp-ng-release: this update adds a certificate to resolve a TLS handshake error, particularly when deploying xoa.io.

                    Test on XCP-ng 8.2

                    yum clean metadata --enablerepo=xcp-ng-testing
                    yum update --enablerepo=xcp-ng-testing
                    reboot
                    

                    The usual update rules apply: pool coordinator first, etc.

                    Versions:

                    • openssh: 7.4p1-23.3.2.xcpng8.2
                    • samba: 4.10.16-25.el7_9
                    • xcp-ng-release: 8.2.1-16
                    • xen: 4.13.5-9.49.2.xcpng8.2

                    What to test

                    Normal use and anything else you want to test.

                    Test window before official release of the updates

                    ~2 days.

                    A 1 Reply Last reply Reply Quote 1
                    • A Offline
                      Andrew Top contributor @gduperrey
                      last edited by

                      @gduperrey Installed and running on a few pools. Working correctly as expected.

                      1 Reply Last reply Reply Quote 2
                      • gduperreyG Offline
                        gduperrey Vates 🪐 XCP-ng Team
                        last edited by

                        Updates published: https://xcp-ng.org/blog/2025/07/03/july-2025-security-and-maintenance-update-for-xcp-ng-8-2-lts/

                        Thank you for the tests!

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post