XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    XCP-ng 8.3 updates announcements and testing

    Scheduled Pinned Locked Moved News
    241 Posts 32 Posters 81.0k Views 46 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gduperreyG Offline
      gduperrey Vates 🪐 XCP-ng Team
      last edited by gduperrey

      New update candidate for you to test!

      A new non-urgent update is ready for user testing before a future collective release. Below are the details.

      A bug was found in the Emergency Network Reset due to desynchronisation between xsconsole and XAPI. This issue prevented the Emergency Network Reset from working at all. This update includes the fixes from the upstream xsconsole project to fix it.


      Maintenance updates

      • xsconsole
        • Backport sync of network reset trigger file path with XAPI to fix emergency network reset
        • Backport fix for pool.conf IPv6 to avoid IPv6 truncation

      Test on XCP-ng 8.3

      yum clean metadata --enablerepo=xcp-ng-testing
      yum update --enablerepo=xcp-ng-testing
      reboot
      

      Reboot is not strictly necessary, but the xsconsole instance running on the first virtual terminal of your host won't be restarted otherwise. If you do not reboot, make sure to start xsconsole from another terminal after the update.

      The usual update rules apply: pool coordinator first, etc.

      Versions:

      • xsconsole: 11.0.8-1.2.xcpng8.3

      What to test

      Normal xsconsole usage, is still useful feedback. However, if possible, the most helpful test would be performing an Emergency Network Reset through xsconsole, making actual configuration changes and verifying that they are correctly applied after reboot.

      Test window before official release of the updates

      None defined, but early feedback is always better than late feedback, which is in turn better than no feedback 🙂

      1 Reply Last reply Reply Quote 1
      • gduperreyG Offline
        gduperrey Vates 🪐 XCP-ng Team
        last edited by

        New update candidate for you to test!

        A new non-urgent update is ready for user testing before a future collective release. Below are the details.


        Maintenance updates

        • broadcom-bnxt-en: Update driver to version 1.10.3_232.0.155.5

        Test on XCP-ng 8.3

        yum clean metadata --enablerepo=xcp-ng-testing
        yum update --enablerepo=xcp-ng-testing
        reboot
        

        A reboot is preferable to load the new version of the driver.

        The usual update rules apply: pool coordinator first, etc.

        Versions:

        • broadcom-bnxt-en: 1.10.3_232.0.155.5-1.xcpng8.3

        What to test

        Normal use and anything else you want to test.

        Test window before official release of the updates

        None defined, but early feedback is always better than late feedback, which is in turn better than no feedback 🙂

        1 Reply Last reply Reply Quote 1
        • gduperreyG Offline
          gduperrey Vates 🪐 XCP-ng Team
          last edited by

          Updates published: https://xcp-ng.org/blog/2025/09/01/september-2025-maintenance-update-for-xcp-ng-8-3/

          Thank you for the tests!

          M F 2 Replies Last reply Reply Quote 1
          • M Offline
            manilx @gduperrey
            last edited by

            @gduperrey Installed at HomeLab. No issues.
            Running via
            yum clean metadata ; yum update

            J 1 Reply Last reply Reply Quote 1
            • J Offline
              john.c @manilx
              last edited by

              @manilx said in XCP-ng 8.3 updates announcements and testing:

              @gduperrey Installed at HomeLab. No issues.
              Running via
              yum clean metadata ; yum update

              You must have been looking forward to this improvement for quite a while. Once it reaches the point where it can be rolled into production, your AMD Epyc servers will get to see a boost, the Linux guests any way.

              M 2 Replies Last reply Reply Quote 0
              • M Offline
                manilx @john.c
                last edited by

                @john.c Will apply to business EPYC servers right away 😊

                1 Reply Last reply Reply Quote 2
                • M Offline
                  manilx @john.c
                  last edited by

                  @john.c Updated our 2 production pools, with RPU.

                  RPU emptied the master, rebooted BUT then nothing else.
                  It should have moved all VM's to the other host, patched/rebooted and then migrating the VM's where they were.
                  This did not happen. I had to manually empty the other hosts, patch, reboot and migrate the VM's.

                  G 1 Reply Last reply Reply Quote 0
                  • F Offline
                    flakpyro @gduperrey
                    last edited by

                    @gduperrey Installed on about 50 servers across various pools and remote sites. No issues. Ran a couple backup jobs as well which completed without issue.

                    1 Reply Last reply Reply Quote 2
                    • G Offline
                      Greg_E @manilx
                      last edited by

                      @manilx

                      Once in a while my rpu will do this, then I handle it manually. Been happening more often since the 8.3 upgrade, but not enough to post about it yet since we are only a couple of updates into the LTS. Still watching though and will probably do this patch on wednesday.

                      G 1 Reply Last reply Reply Quote 0
                      • G Offline
                        Greg_E @Greg_E
                        last edited by

                        I got my production system updated yesterday, no issues or oddities with the RPU.

                        I'm still surprised by how much faster the VMs migrate host to host than they did with 8.2.x, it's like a 4:1 or 5:1 change on my production system. Haven't had time to fool with my lab and see what's what.

                        1 Reply Last reply Reply Quote 1
                        • gduperreyG Offline
                          gduperrey Vates 🪐 XCP-ng Team
                          last edited by

                          New security update candidates for you to test!

                          News XSAs (Xen Security Advisory) were published on the 9th of September, and updates to Xen & XAPI address them.

                          • xapi:

                            • Fix XSA-474 — A Denial of Service can be caused by buggy or malicious inputs to XAPI (CVE-2025-58146). There are several vulnerabilities identified in XAPI:
                              • Input sanitisation mismatch in notifications — While updates to the XAPI database correctly sanitise input strings, the system generates notifications using the unsanitised version. This flaw causes the database’s event thread to crash, halting further processing.
                              • Inconsistent UTF-8 handling — XAPI’s UTF-8 encoder follows version 3.0 of the Unicode specification, whereas some of the libraries it relies on enforce the stricter version 3.1 standard. As a result, certain strings may be accepted as valid UTF-8 by XAPI but rejected by other components. If such strings are entered into the database, the database can subsequently fail to load.
                              • Lack of sanitisation in Map/Set updates — When updating Map/Set objects in the XAPI database, no sanitisation is applied to the inputs, which introduces additional risks.
                          • xen-*:

                            • Fix XSA-472 — Potential risks include Denial of Service (DoS) impacting the whole host, information exposure, or escalation of privileges. There are several vulnerabilities associated with the way guest memory pages are handled and accessed in the Viridian code:
                              • NULL pointer dereference during reference TSC area update — This issue occurs when the system tries to update the reference TSC area but encounters a NULL pointer. (CVE-2025-27466)
                              • NULL pointer dereference when delivering synthetic timer messages — This happens if the code assumes the SIM page is already mapped when a synthetic timer message must be delivered. (CVE-2025-58142)
                              • Race condition in reference TSC page mapping — A guest system can trigger Xen to release a memory page while it is still referenced in the guest’s physical-to-machine (p2m) page tables. (CVE-2025-58143)

                          Test on XCP-ng 8.3

                          yum clean metadata --enablerepo=xcp-ng-candidates
                          yum update --enablerepo=xcp-ng-candidates
                          reboot
                          

                          The usual update rules apply: pool coordinator first, etc.

                          Versions:

                          • xapi: 25.6.0-1.12.xcpng8.3
                          • xen: 4.17.5-15.3.xcpng8.3

                          What to test

                          Normal use and anything else you want to test.

                          Test window before official release of the updates

                          ~2 days.

                          A F P B 4 Replies Last reply Reply Quote 2
                          • A Online
                            Andrew Top contributor @gduperrey
                            last edited by

                            @gduperrey 8.3 Pools updated and running. RPU worked 99%...failed with a host out of memory error on the last migrations (pool is N+2, so no reason). Single hosts are updated as usual.

                            1 Reply Last reply Reply Quote 2
                            • F Offline
                              flakpyro @gduperrey
                              last edited by

                              @gduperrey Updated my usual test hosts, (Minisforum and Supermicro X11) as well as an two sets of 2 host AMD pools (one pool of HP DL320 Gen10s and another of Asus Epyc servers of some sort, and lastly a Dell R360 without issue.

                              1 Reply Last reply Reply Quote 4
                              • P Offline
                                ph7 @gduperrey
                                last edited by

                                @gduperrey
                                Ran updates on my old hosts
                                i7 gen4 and ryzen5
                                nothing exploded yet after ~10h of "testing"

                                1 Reply Last reply Reply Quote 3
                                • B Offline
                                  bufanda @gduperrey
                                  last edited by

                                  @gduperrey Installed on my Lab-Pool with teo HP EliteDesk 800 G3's no issues during and after upgrade. migration, creating, and deleteing of VMs wihtout issues too.

                                  1 Reply Last reply Reply Quote 1
                                  • gduperreyG Offline
                                    gduperrey Vates 🪐 XCP-ng Team
                                    last edited by

                                    Updates published: https://xcp-ng.org/blog/2025/09/11/september-2025-security-update-for-xcp-ng-8-3-lts/

                                    Thank you for the tests!

                                    M G 2 Replies Last reply Reply Quote 1
                                    • M Offline
                                      manilx @gduperrey
                                      last edited by

                                      @gduperrey Installed @home and @business. RPU had no issues this time.

                                      1 Reply Last reply Reply Quote 2
                                      • marcoiM Offline
                                        marcoi
                                        last edited by

                                        updated on my three servers no issues.

                                        1 Reply Last reply Reply Quote 2
                                        • G Offline
                                          Greg_E @gduperrey
                                          last edited by

                                          @gduperrey

                                          Nothing really to add, my 3 host Intel production pool updated just fine. The load balancer is always a little weird, but I'm sure it is calculated based on CPU and RAM assigned to each VM, where I split things up based on workload.

                                          It's a small system, and the real workload is handled by 3 Windows VMs so I tend to split them up onto one of the three hosts.

                                          I may get to my lab in the next couple of days, but it isn't doing work so testing is kind of pointless right now. The only thing "doing work" is a VM with XO from sources.

                                          1 Reply Last reply Reply Quote 2
                                          • gduperreyG gduperrey referenced this topic
                                          • First post
                                            Last post