XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    XCP-ng 8.2 updates announcements and testing

    Scheduled Pinned Locked Moved News
    712 Posts 67 Posters 1.2m Views 84 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      JeffBerntsen Top contributor
      last edited by JeffBerntsen

      Installed on my test server, not running XOSTOR, everything seems to be working fine so far.

      1 Reply Last reply Reply Quote 2
      • gduperreyG Offline
        gduperrey Vates 🪐 XCP-ng Team
        last edited by

        Update published: https://xcp-ng.org/blog/2025/03/12/march-2025-security-and-maintenance-update-for-xcp-ng-8-2-lts/

        Thank you for the tests!

        1 Reply Last reply Reply Quote 1
        • stormiS Offline
          stormi Vates 🪐 XCP-ng Team
          last edited by

          New security update candidates for you to test!

          Yet more vulnerabilities in Intel hardware, addressed in two complementary ways: patching Xen and updating Intel microcode.

          Together with this security update, will also publish a patched XAPI to fix a minor issue with information reporting from VM to hypervisor.

          Test on XCP-ng 8.2

          From an up-to-date host:

          yum clean metadata --enablerepo=xcp-ng-candidates
          yum update --enablerepo=xcp-ng-candidates
          reboot
          

          The usual update rules apply: pool coordinator first, etc.

          Versions

          • microcode_ctl: 2.1-26.xs29.8.xcpng8.2 (weird identifier for historical reasons, but that's actually Intel microcode published by them yesterday)
          • xen: 4.13.5-9.49.1.xcpng8.2
          • xapi: 1.249.41-1.2.xcpng8.2

          What to test

          Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.

          Test window before official release of the updates

          ~24h. That's an urgent one.

          A 1 Reply Last reply Reply Quote 2
          • J Offline
            JeffBerntsen Top contributor
            last edited by

            Installed and seems to be running fine so far on my test systems.

            1 Reply Last reply Reply Quote 3
            • A Offline
              Andrew Top contributor @stormi
              last edited by

              @stormi I needed an excuse to reboot all my hosts... Upgraded and running on stable pools. I see the Intel 11th gen new microcode. All working normally at this time.

              1 Reply Last reply Reply Quote 2
              • bleaderB Offline
                bleader Vates 🪐 XCP-ng Team
                last edited by

                Update published: https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/

                Thank your for the tests.

                1 Reply Last reply Reply Quote 3
                • olivierlambertO Offline
                  olivierlambert Vates 🪐 Co-Founder CEO
                  last edited by

                  Updated our own prod via XO RPU, everything is working fine 🙂

                  1 Reply Last reply Reply Quote 2
                  • stormiS Offline
                    stormi Vates 🪐 XCP-ng Team
                    last edited by stormi

                    New update candidates for you to test!

                    A new batch of non-urgent updates is ready for user tests before a future collective release.

                    • openssh: Fix low priority CVE-2025-26465 DoS attack when VerifyHostKeyDNS is "yes" or "ask" (The Default value has not changed: "no")
                    • samba: Fix vulnerabilities which are very unlikely to be exploitable on XCP-ng but are reported by security scanners.
                    • xcp-ng-release: This update adds a certificate to resolve a TLS handshake error, particularly when deploying XOA from CLI using curl.

                    Test on XCP-ng 8.2

                    From an up to date host:

                    yum clean metadata --enablerepo=xcp-ng-testing
                    yum update --enablerepo=xcp-ng-testing
                    reboot
                    

                    The usual update rules apply: pool coordinator first, etc.

                    No specific steps for these updates for XOSTOR users.

                    Versions

                    • openssh: 7.4p1-23.3.2.xcpng8.2
                    • samba: 4.10.16-25.el7_9
                    • xcp-ng-release: 8.2.1-16

                    What to test

                    Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.

                    Test window before official release of the updates

                    None defined, but early feedback is always better than late feedback, which is in turn better than no feedback 🙂

                    1 Reply Last reply Reply Quote 3
                    • gduperreyG Offline
                      gduperrey Vates 🪐 XCP-ng Team
                      last edited by

                      New security and maintenance update candidate

                      A new XSA (Xen Security Advisory) was published on the 1st of July, and an update to Xen addresses it. We also publish other non-urgent updates which we had in the pipe for the next release.


                      Security updates

                      • xen-*:
                        • Fix XSA-470 - An unprivileged guest can cause a hypervisor crash, causing a Denial of Service (DoS) of the entire host.

                      Maintenance updates

                      • openssh: fix low priority CVE-2025-26465 DoS attack when VerifyHostKeyDNS is "yes" or "ask" (The Default value has not changed: "no")
                      • samba: fix low priority CVEs on client side.
                      • xcp-ng-release: this update adds a certificate to resolve a TLS handshake error, particularly when deploying xoa.io.

                      Test on XCP-ng 8.2

                      yum clean metadata --enablerepo=xcp-ng-testing
                      yum update --enablerepo=xcp-ng-testing
                      reboot
                      

                      The usual update rules apply: pool coordinator first, etc.

                      Versions:

                      • openssh: 7.4p1-23.3.2.xcpng8.2
                      • samba: 4.10.16-25.el7_9
                      • xcp-ng-release: 8.2.1-16
                      • xen: 4.13.5-9.49.2.xcpng8.2

                      What to test

                      Normal use and anything else you want to test.

                      Test window before official release of the updates

                      ~2 days.

                      A 1 Reply Last reply Reply Quote 1
                      • A Offline
                        Andrew Top contributor @gduperrey
                        last edited by

                        @gduperrey Installed and running on a few pools. Working correctly as expected.

                        1 Reply Last reply Reply Quote 2
                        • gduperreyG Offline
                          gduperrey Vates 🪐 XCP-ng Team
                          last edited by

                          Updates published: https://xcp-ng.org/blog/2025/07/03/july-2025-security-and-maintenance-update-for-xcp-ng-8-2-lts/

                          Thank you for the tests!

                          1 Reply Last reply Reply Quote 1
                          • First post
                            Last post