Since last week, we have a new team member 
@ronan-a is now part of Vates XCP-ng team, with @stormi and myself.
@r1 and @johnelse are still with us as external contributors.
@ronan-a , feel free to introduce yourself here (and the stuff you are working on)
Hey guys!
Just before the official announcement tomorrow, please double test our latest ISO: https://xcp-ng.org/7.5/xcp-ng-7.5.0.iso
md5sum: 33adb5d92f56fe6cda0df047f2f60895
Nothing really changed since RC1 (except very few stuff).
A bunch of Xen security issues are now public after the usual embargo.
Note: website to check all XSA's is https://xenbits.xen.org/xsa/
The major/most visible flaw (XSA 294)was related to a host crash triggered by a PV guest. Some users (@borzel for example), reported it here: https://xcp-ng.org/forum/topic/1025/host-crash-guest_4-o-sh_page_fault__guest 64 bits PV guests are affected.
Note: boot your host with the "pcid=0" parameter. This will likely have an impact on performance but should avoid the crash.
However, it was before the end of the embargo, so we can't comment and release a patch before it's known publicly.
Patched Xen will be available in the usual update channel as soon we got something tested and validated.
The list of other new XSA's are:
All those vuln will be patched in the next Xen update. Stay tuned!