XCP-ng 8.3 updates announcements and testing
-
@stormi Update (to the update) installed and running. Buggy Windows 2025 boots now with QEMU update.
-
Yay \o/ Thanks for the feedback
-
I also take this opportunity to call for more feedback on the previous batch of updates,
Well I updated a few days ago, tough I dont run much of the updated functions on my simple home lab, it all seems to work fine.
i7 gen 4 and NFSNow testing the new updates......
-
The new template for debian 13 is working in
XO-Lite
-
@stormi Updated the usual suspects (HP ProDesk 600 G6, Dell Optiplex 9010, Dell R720) with no problem. Host run as expected.
-
@acebmxer said in XCP-ng 8.3 updates announcements and testing:
@stormi
How to revert changes if needed to? and/or how to switch back to normal repo?The command only enables the testing repositories for the time of the update, so no need to disable them afterwards.
Reverting changes can be done with
yum downgrade, but it's not always doable. XAPI updates can come with an upgrade of the XAPI database. If you downgrade, then XAPI with detect that the database is too recent and will refuse to start.So, you can technically downgrade the files, but not the state.
-
Thanks for the reply back. Update when sucessfull. Windows Server 2025 iso now properly installs.
At work I was not able to install default certs for UEFI due to one failing to download. Run these updates and I was able to successfully install the certs to the host.
-
@stormi My "test/production" system, an HP DL165 is updated and running normally with the updated updates. Not seeing any change with secure boot VMs at all, i.e. working just fine.
-
New update candidates for you to test! (adding to the previous batch again)
New updates join the previous batch of update candidates. They're the last ones.
A new XSA (Xen Security Advisory) was published on the 21th of October, and updates to Xen address the disclosed vulnerabilities. We also reverted a change in XAPI that we deemed risky.
Additionally, we also publish an updated Intel-Ice alternate driver.
-
xen:- XSA-475 - Potential risks include Denial of Service (DoS) impacting the whole host, information exposure, or escalation of privileges. There are two vulnerabilities related to hypercalls in the Viridian code:
- CVE-2025-58147: Out-of-bounds write in vpmask_set() from hypercalls using the HV_VP_SET Sparse format.
- CVE-2025-58148: Out-of-bound read in send_ipi() from hypercalls using any format, that could lead to a wild vCPU pointer.
- XSA-475 - Potential risks include Denial of Service (DoS) impacting the whole host, information exposure, or escalation of privileges. There are two vulnerabilities related to hypercalls in the Viridian code:
-
xapi:- We reverted a change related to how rsyslog configuration is handled. The way XenServer handled the change seemed risky to us, we'll take the time to make it in a safer way.
-
intel-ice-alt: Update driver sources to v1.17.2
Test on XCP-ng 8.3
yum clean metadata --enablerepo=xcp-ng-testing,xcp-ng-candidates yum update --enablerepo=xcp-ng-testing,xcp-ng-candidates rebootThe usual update rules apply: pool coordinator first, etc.
Versions:
intel-ice-alt: 1.17.2-1.xcpng8.3xapi: 25.27.0-2.2.xcpng8.3xen: 4.17.5-20.2.xcpng8.3
What to test
Normal use and anything else you want to test.
Test window before official release of the updates
~2 days.
-
-
@gduperrey Works on my play-/homelab (HP ProDesk 600 G6, Dell Optiplex 9010). Can't update my Dell R720s GPU cluster at the moment, though.
