XCP-ng 8.3 updates announcements and testing

stormi

New security update candidates for you to test!

We're still working on the updates that you started testing (and a few more), but right now there's an emergency: a security update.

Yet more vulnerabilities in Intel hardware, addressed in two complementary ways: patching Xen and updating Intel microcode.

Test on XCP-ng 8.3

From an up-to-date host, or a host on which previous update candidates had been installed. Both fit.

yum clean metadata --enablerepo=xcp-ng-candidates
yum update --enablerepo=xcp-ng-candidates
reboot

The usual update rules apply: pool coordinator first, etc.

Versions

• intel-microcode: 20250501-1.xcpng8.3
• xen: 4.17.5-13.1.xcpng8.3

What to test

Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.

Test window before official release of the updates

~24h. That's an urgent one.

ph7

@stormi
Stats still not good
Only rebooted

After Restart tool stack

andriy.sultanov

@ph7 This update only covers the security issue described above. Fix for the stats issue will roll out later.

flakpyro

@stormi installed on the same test machines i have the other batch of updates installed on. No issues after a reboot.

ph7

@andriy.sultanov
Sorry, if I only could read...
Anyhow, My updated host running on intel seems to work just fine.

Greg_E

@stormi

My lab is down for a few days, so no testing for me. And it is AMD so maybe not useful. I probably won't be back running until Friday.

stormi

@Greg_E Thanks for letting me know. It is useful to make sure that it's still working on any kind of hardware, but your lab won't participate this time

bufanda

Installed the patches on my lab pool and both hosts are up and running and no issues so far.

XCP-ng-JustGreat

Latest urgent updates installed on 3-node Intel pool. Everything is working as before including the pre-production code "no stats" issue, but that still resolves following xe-toolstack-restart command. Since it is currently Microsoft patch Tuesday here, the latest Windows 11-24H2 2025-05 cumulative update was installed to VM along with various Linux VM updates and live VM host migrations. All working well including latest af03c Xen Orchestra from source (XOS).

Andrew

@stormi Upgraded my test 8.3 hosts, several Intel and AMD Zen 3. So far, so good.

bleader

Update published: https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/

Thank your for the tests.

Greg_E

@bleader

I see this for my 8.2 pool this morning, I'll kick it off when we all go into a meeting so it will be done when we finish.

manilx

@Greg_E Updated 3 pools @business (3 Intel hosts, 2 EPYC hosts) all OK with stats. Also 1 pool @home (2 Intel Protectlis) all OK with stats.

archw

I updated the master pool...all went well. I updated one of the other hosts. After it rebooted, I got lots of messages about "Async.VM.clean_shutdown: 8%" on the various VMs.

My bad....XO was a two builds behind and well as XO was not up to date.

I updated to commit 95e72 and updated XOA version to 5.106.2 and all is well.

User error on my part but I hope this helps someone.

Greg_E

@Greg_E

No issues so far with my production system (8.2.x) and this batch of important updates, these are on Intel Silver (v2?) processors.

But my system is so vanilla that I doubt there would be any issues anyway. The only "out of normal" thing I've done today is storage migrate a VM off of one Truenas to another so I can apply some updates to Truenas. Then I'll migrate everything to the updated server so I can update the "main" storage.