We pushed the tested packages (of 3 batches) to the xcp-ng-updates repository, check blog post for summary and related advisories:
https://xcp-ng.org/blog/2026/06/23/june-2026-updates-2-for-xcp-ng-8-3-lts/
Thanks everyone for the tests!
Ask me for OS/Platform questions.
We pushed the tested packages (of 3 batches) to the xcp-ng-updates repository, check blog post for summary and related advisories:
https://xcp-ng.org/blog/2026/06/23/june-2026-updates-2-for-xcp-ng-8-3-lts/
Thanks everyone for the tests!
This release batch contains fixes, and a security fix on an optional package,
Note: the two previous batches of updates has not been released yet, so if you haven't tested it, you will see more updates than described here when you'll install the update candidates. Refer to the previous announcements.
kexec-tools: Update to sync with Xen Server:
xapi: Fix the VM revert regression introduced in earlier "testing" version.lldpd: Fix CVE-2026-46433, a buffer over-read when processing the "VLAN tags" from an Ethernet frame.kexec-tools: 2.0.15-20.1.xcp-ng8.3 -> kexec-tools-2.0.15-21.1.xcpng8.3xapi: 26.1.11-1.1.xcpng8.3 -> xapi-26.1.11-1.2.xcpng8.3Optional packages:
lldpd: 1.0.4-1.1.xcpng8.3 -> 1.0.4-1.2.xcpng8.3Warning: XOSTOR users, refer to the instructions in the previous announcement, which apply here if you haven't installed the previous update candidates.
yum clean metadata --enablerepo=xcp-ng-testing,xcp-ng-candidates
yum update --enablerepo=xcp-ng-testing,xcp-ng-candidates
reboot
The usual update rules apply: pool coordinator first, etc.
As usual, normal use and anything else you want to test.
~2 days
We would like to thank users who reported feedback since our last call for testing:
@Andrew, @ScarfAntennae, @XCP-ng-JustGreat, @acebmxer, @bufanda, @flakpyro
I'm seeing 30 updates as well but they're installed and seem to be working fine on my test systems.
I think I only listed sources packages (which contains several binaries sub-packages having the same versions), so that's expected
BTW thank you for reactivity on testing
This release batch contains security fix on kernel, version updates, some bug fixes.
kernel: Update to 4.19.19-8.0.46.3
intel-microcode: Update to 20260416-1
xen: Update to 4.17.6-8.1
xapi: Update to 26.1.4
xo-lite: Update to 0.21.0
gpumon: 24.1.0-83.2.xcpng8.3 -> 24.1.0-84.1.xcpng8.3intel-microcode: 20260115-1.xcpng8.3 -> 20260416-1.xcpng8.3kernel: 4.19.19-8.0.46.2.xcpng8.3 -> 4.19.19-8.0.46.3.xcpng8.3xapi: 26.1.3-1.10.xcpng8.3 -> 26.1.4-3.1.xcpng8.3xcp-featured: 1.1.8-6.xcpng8.3 -> 1.2.1-1.xcpng8.3xen: 4.17.6-6.2.xcpng8.3 -> 4.17.6-8.1.xcpng8.3xo-lite: 0.20.0-1.xcpng8.3 -> 0.21.0-1.xcpng8.3yum clean metadata --enablerepo=xcp-ng-testing,xcp-ng-candidates
yum update --enablerepo=xcp-ng-testing,xcp-ng-candidates
reboot
The usual update rules apply: pool coordinator first, etc.
As usual, normal use and anything else you want to test.
~1 day
We would like to thank users who reported feedback since our last call for testing:
@Andrew, @FritzGerald, @IgorGlock, @bufanda, @flakpyro, @manilx, @marcoi, @ovicz, @ph7.
This release batch contains fixes on the major storage feature previously announced,
read the RC2 announcement for QCOW2 image format support for 2TiB+ images.
The whole platform has been hardened with back-porting security patches from the latest version of OpenSSH.
An additional driver fix is part of this minor package set.
QCOW2 image format support is the major feature of this release batch,
check related announcement in forum.
Some fixes have been applied to fix issues found during the testing phase. Many thanks go to @Andrew who found a CBT-related bug on file-based SRs!
sm: 3.2.12-17.5
blktap: 3.55.5-6.5
openssh: Update to 9.8p1-1.2.3
More information about drivers and current versions is maintained on the drivers wiki page.
qlogic-fastlinq-alt: 8.74.6.0-1
blktap: 3.55.5-6.4.xcpng8.3 -> 3.55.5-6.5.xcpng8.3openssh: 9.8p1-1.2.2.xcpng8.3 -> 9.8p1-1.2.3.xcpng8.3sm: 3.2.12-17.2.xcpng8.3 -> 3.2.12-17.5.xcpng8.3Optional packages:
qlogic-fastlinq-alt: 8.70.12.0-1.xcpng8.3 -> 8.74.6.0-1.xcpng8.3If you are using XOSTOR, please refer to our documentation for the update method.
yum clean metadata --enablerepo=xcp-ng-testing,xcp-ng-candidates
yum update --enablerepo=xcp-ng-testing,xcp-ng-candidates
reboot
The usual update rules apply: pool coordinator first, etc.
The most important change is related to storage: adding QCOW2 support also affects the codebase managing VHD disks. What matters here is, above all, to detect any regression on VHD support (we tested it deeply, but on this matter there's no such thing as too much testing). Of course, you are also welcome to test the QCOW2 image format support.
See the dedicated thread for more information.
Other significant changes requiring attention:
And, as usual, normal use and anything else you want to test.
~4 days
We would like to thank users who reported feedback on the QCOW RC2 release: @acebmxer, @andrew, @bufanda, @flakpyro, @jeffberntsen, @ph7
The whole platform has been hardened with crypto libraries updates.
We also publish other non-urgent updates which we had in the pipe for the next update release.
️ Xen Orchestra's sdn_controller users should be aware that OpenSSL was updated to major version 3, causing XCP-ng to reject previously generated self-signed certificates for the SDN Controller: they must be updated manually, accordingly to the guide's procedure.
User feedback is valuable to all, feel free to report success or ask for clarification in the related forum thread.
openssl: Update to 3.0.9
sdn_controller, as documented above.openssl-compat-10 has been introduced.openssh: Update to 9.8p1
libssh2: Update to 1.11.0xen: Update to 4.17.6
qemu: Bug fixes
varstored: Update to 1.3.1
xapi: Update to 26.1.3
Host.get_tracked_user_agents.xolite: Update to 0.19.0
sm: Bug fixes
blktap: Bug fix
lvm2: Update to 2.02.180
netsnmp: Update to 5.9.3openvswitch:
gnutls: Remove dane toolxcp-ng-release: UX improvement
createrepo_c: Update to 0.21.1krb5: Synchronized with XenServer 8.4 and rebuilt for OpenSSL 3.ipmitool: Update to 1.8.19libarchive: Update to 3.6.1trousers: Update to 0.3.15 and rebuild for OpenSSL 3.
wget: Update to 1.21.4Note that libraries updates (libopenssl, notably) impacted several other packages which had to be rebuilt (some had to be patched too). Refer to the package list below.
More information about drivers and current versions is maintained on the drivers wiki page.
broadcom-bnxt-en: Update to v1.10.3_237.1.20.0
intel-i40e : Update to 2.25.11
️ Google for the "intel <model-name> compatibility matrix" and make sure to update the non-volatile memory in NIC with the matching NVM version, after updating the driver.intel-i40e-alt flavour of the driver package.intel-ixgbe: Update to 6.2.5
In addition to the changes in common packages, the following XOSTOR-specific packages received updates:
drbd: Reduce the I/O load and time during resync.drbd-reactor: Misc improvements regarding drbd-reactor and events.linstor:
sm:
ss to obtain the controller IP: it's a significant improvement to avoid relying on DRBD commands or XAPI plugins.python-linstor: updated to version 1.27.1. LINBIT's changelog:
linstor-client: updated to version 1.27.1. LINBIT's changelog:
--drbd-diskless to command r td to mimic the option from r c.encryption status to show the current locked-state of the controller.bind: 32:9.9.4-61.el7_5.1 -> 32:9.9.4-63.1.xcpng8.3blktap: 3.55.5-6.1.xcpng8.3 -> 3.55.5-6.3.xcpng8.3broadcom-bnxt-en: 1.10.3_232.0.155.5-1.xcpng8.3 -> 1.10.3_237.1.20.0-8.1.xcpng8.3coreutils: 8.22-21.el7 -> 8.22-22.xcpng8.3createrepo_c: 0.10.0-6.el7 -> 0.21.1-3.xcpng8.3curl: 8.9.1-5.1.xcpng8.3 -> 8.9.1-5.2.xcpng8.3gnutls: 3.3.29-9.el7_6 -> 3.3.29-10.1.xcpng8.3gpumon: 24.1.0-71.1.xcpng8.3 -> 24.1.0-83.2.xcpng8.3intel-i40e: 2.25.11-2.xcpng8.3 -> 2.25.11-4.xcpng8.3intel-ixgbe: 5.18.6-1.xcpng8.3 -> 6.2.5-1.xcpng8.3intel-microcode: 20251029-1.xcpng8.3 -> 20260115-1.xcpng8.3ipmitool: 1.8.18-7.el7 -> 1.8.19-11.1.xcpng8.3iputils: 20160308-10.el7 -> 20160308-10.1.xcpng8.3krb5: 1.15.1-19.el7 -> 1.15.1-22.1.xcpng8.3libarchive: 3.3.3-1.1.xcpng8.3 -> 3.6.1-4.1.xcpng8.3libevent: 2.0.21-4.el7 -> 2.0.21-4.1.xcpng8.3libssh2: 1.4.3-10.el7_2.1 -> 1.11.0-1.xcpng8.3libtpms: 0.9.6-3.xcpng8.3 -> 0.9.6-3.1.xcpng8.3lvm2: 7:1.02.149-18.2.1.xcpng8.3 -> 7:2.02.180-18.3.1.xcpng8.3mdadm: 4.0-13.el7 -> 4.2-5.xcpng8.3net-snmp: 1:5.7.2-52.1.xcpng8.3 -> 1:5.9.3-8.1.xcpng8.3openssh: 7.4p1-23.3.3.xcpng8.3 -> 9.8p1-1.2.1.xcpng8.3openssl: 1:1.0.2k-26.2.xcpng8.3 -> 1:3.0.9-2.0.1.3.xcpng8.3openvswitch: 2.17.7-2.1.xcpng8.3 -> 2.17.7-4.1.xcpng8.3python: 2.7.5-90.el7 -> 2.7.5-92.1.xcpng8.3python3: 3.6.8-18.el7 -> 3.6.8-20.xcpng8.3python-pycurl: 7.19.0-19.el7 -> 7.19.0-19.1.xcpng8.3qemu: 2:4.2.1-5.2.15.2.xcpng8.3 -> 2:4.2.1-5.2.17.1.xcpng8.3rsync: 3.4.1-1.1.xcpng8.3 -> 3.4.1-1.2.xcpng8.3samba: 4.10.16-25.2.xcpng8.3 -> 4.10.16-25.3.xcpng8.3sm: 3.2.12-16.1.xcpng8.3 -> 3.2.12-17.1.xcpng8.3ssmtp: 2.64-14.el7 -> 2.64-14.1.xcpng8.3stunnel: 5.60-4.xcpng8.3 -> 5.60-5.xcpng8.3sudo: 1.9.15-4.1.xcpng8.3 -> 1.9.15-5.1.xcpng8.3swtpm: 0.7.3-12.xcpng8.3 -> 0.7.3-12.1.xcpng8.3tcpdump: 14:4.9.2-3.el7 -> 14:4.9.2-3.1.xcpng8.3trousers: 0.3.14-2.el7 -> 0.3.15-11.1.xcpng8.3varstored: 1.2.0-3.5.xcpng8.3 -> 1.3.1-2.1.xcpng8.3wget: 1.14-15.el7_4.1 -> 1.21.4-1.1.xcpng8.3xapi: 25.33.1-2.3.xcpng8.3 -> 26.1.3-1.3.xcpng8.3xcp-featured: 1.1.8-3.xcpng8.3 -> 1.1.8-6.xcpng8.3xcp-ng-release: 8.3.0-36 -> 8.3.0-37xen: 4.17.5-23.2.xcpng8.3 -> 4.17.6-2.1.xcpng8.3xo-lite: 0.17.0-1.xcpng8.3 -> 0.19.0-1.xcpng8.3XOSTOR:
linstor: 1.33.1-1.el7_9linstor-client: 1.27.1-1.xcpng8.3python-linstor: 1.27.1-1.xcpng8.3xcp-ng-linstor: 1.2-6.xcpng8.3Optional packages:
iperf3: 3.9-13.1.xcpng8.3ldns: 1.7.0-21.1.xcpng8.3socat: 1.7.4.1-6.1.xcpng8.3If you are using XOSTOR, please refer to our documentation for the update method.
If you are using XenOrchestra's SDN controller please apply the OpenSSL upgrade procedure.
yum clean metadata --enablerepo=xcp-ng-testing,xcp-ng-candidates
yum update --enablerepo=xcp-ng-testing,xcp-ng-candidates
reboot
The usual update rules apply: pool coordinator first, etc.
~1 week
Fix has been merged, expect a package in your updates soon.
Meanwhile check this notice about upcoming changes regarding remote syslog.
https://github.com/xcp-ng-rpms/xcp-ng-release/pull/41#issuecomment-3800419449
rzr said:
New security update candidates for XCP-ng 8.3 LTS (kernel)
Test window before official release of the updates
~3 days
The testing window is extended a bit, expect also a next batch (to be tested later this month).
It has been planned to group updates for the convenience of administrators (stay tuned in blog).
Meanwhile If you didn't notice yet, an updated xen-4.17.6-9.2.xcpng8.3 package landed in testing repo, it addresses some low risk vulnerabilities as reported at:
More to come soon
Thank you for this report, I fear this issue appeared when we rebuilt bind with openssl-3
nslookup vates.com 8.8.8.8
I confirm this issue, note that bind-utils is not installed by default, let me investigate.
This release batch contains security fixes on the Linux kernel in dom0, version updates, some bug fixes and a few improvements.
kernel: Update to 4.19.19-8.0.46.5
Fragnesia.ptrace_may_dream.pintheft.qemu: Fix a potential issue in guest memory mapping lookup.
edk2:
dmidecode: Update to 3.6-3
varstored: Update to 1.3.2-2.1
ipxe: PXE boot support of BIOS VMs on a VLAN with 802.1Q priority tags
xapi: Enable USB passthrough of smartcardsblktap: No functional change. Only sync with upstream.openssh: Drop support of insecure clients
ssh-rsa (due to SHA-1 being no longer accepted by the server).ED25519 keys.libtasn1: Update to 4.21.0 (hardening)fuse: Rebuildslang: Rebuildsystemtap: Rebuildlibreswan: Rebuildnetdata: Rebuildblktap: 3.55.5-6.7.xcpng8.3 -> 3.55.5-9.1.xcpng8.3dmidecode: 1:3.0-5.el7 -> 1:3.6-3.xcpng8.3edk2: 20220801-1.7.10.1.xcpng8.3 -> 20220801-1.7.11.1.xcpng8.3fuse: 2.9.2-10.xcpng8.3 -> 2.9.2-10.1.xcpng8.3ipxe: 20121005-1.0.7.xcpng8.3 -> 20121005-1.0.8.xcpng8.3kernel: 4.19.19-8.0.46.3.xcpng8.3 -> 4.19.19-8.0.46.5.xcpng8.3libreswam: 4.12-2.3.1.xcpng8.3 -> 4.12-2.3.2.xcpng8.3libtasn1: 4.10-1.el7 -> 4.21.0-1.xcpng8.3openssh: 9.8p1-1.2.3.xcpng8.3 -> 9.8p1-1.2.4.xcpng8.3netdata: 1.47.5-4.2.xcpng8.3 -> 1.47.5-4.3.xcpng8.3qemu: 2:4.2.1-5.2.17.1.xcpng8.3 -> 2:4.2.1-5.2.18.1.xcpng8.3slang: 2.3.2-11.xcpng8.3 -> 2.3.2-11.1.xcpng8.3systemtap: 4.0-5.2.xcpng8.3 -> 4.0-5.3.xcpng8.3varstored: 1.3.1-2.1.xcpng8.3 -> 1.3.2-2.1.xcpng8.3xapi: 26.1.4-3.1.xcpng8.3 -> 26.1.4-3.2.xcpng8.3yum clean metadata --enablerepo=xcp-ng-testing,xcp-ng-candidates
yum update --enablerepo=xcp-ng-testing,xcp-ng-candidates
reboot
The usual update rules apply: pool coordinator first, etc.
As usual, normal use and anything else you want to test.
~1 day
We would like to thank users who reported feedback since our last call for testing:
@Andrew, @acebmxer, @flakpyro, @greg_e, @jeffberntsen, @marcoi, @ovicz, @ph7, @probain.
The installer ISO has been refreshed with up date packages already published.
The image can be downloaded from:
https://repo.vates.tech/tmp/xcp-ng-8.3.0-20260709.testing.iso
The procedure to install XCP-ng 8.3 remains the same.
The refreshed installer ships updated Xen, Linux kernel and some drivers/firmware, which help with deploying XCP-ng 8.3 on hardware that needs changes introduced by updates not present in previous ISO image releases.
This refreshed ISO has been validated on a subset of supported hardware. Additional testing on any hardware from the community would be greatly appreciated.
As with previous installer releases, it can be used to upgrade XCP-ng from a previous major release (8.0, 8.1 or 8.2). Refer to the Upgrade documentation. For existing XCP-ng 8.3 installations, there’s no need to use this ISO image. Regular yum updates achieve the same results as a fresh installation with that ISO image.
Installer improvements include minor enhancements related to software RAID1 support for the system disks, including support for more than 2 disks in the RAID1 array if anyone really wants that.
This release batch includes a VBD leak regression fix in XAPI and minor changes needed to build the installer ISO.
A regression was introduced to the VM.revert operation in xapi-26.1.4-3.3, which left VBDs attached to the VM when they are not present in the reverted-to snapshot (instead of destroying such VBDs, as was done before).
VMs that were reverted to their snapshots after xapi-26.1.4-3.3 may have such "leftover" VBDs. Advanced users can use the leaked_vbds script to detect possible cases in your pools. Sadly, there is no way to automatically distinguish a VBD that was created after a VM.revert from a VBD that survived the VM.revert, so this script relies on the user to determine if the suspicious VBDs are indeed affected or not.
xapi: Fix non-snapshotted VBDs staying attached after VM.revertxapi: 26.1.11-1.2.xcpng8.3 -> 26.1.11-1.3.xcpng8.3xcp-ng-release: 8.3.0-37 -> 8.3.0-38yum clean metadata --enablerepo=xcp-ng-testing,xcp-ng-candidates
yum update --enablerepo=xcp-ng-testing,xcp-ng-candidates
reboot
The usual update rules apply: pool coordinator first, etc.
As usual, normal use and anything else you want to test.
~5 days
We would like to thank users who shared feedback since our last call for testing: @Andrew, @XCP-ng-JustGreat, @acebmxer, @bufanda, @flakpyro , @marcoi.
Applied the latest pushed updated to production, no major issues.
Thank you for testing
The only thing to note is my backup XCP config failed Sunday, (...) This morning the backup ran without issues.
Glad it has finally to work, if problem occurs again feel free to ask about this feature in this subforum:
We pushed the tested packages (of 3 batches) to the xcp-ng-updates repository, check blog post for summary and related advisories:
https://xcp-ng.org/blog/2026/06/23/june-2026-updates-2-for-xcp-ng-8-3-lts/
Thanks everyone for the tests!
This release batch contains fixes, and a security fix on an optional package,
Note: the two previous batches of updates has not been released yet, so if you haven't tested it, you will see more updates than described here when you'll install the update candidates. Refer to the previous announcements.
kexec-tools: Update to sync with Xen Server:
xapi: Fix the VM revert regression introduced in earlier "testing" version.lldpd: Fix CVE-2026-46433, a buffer over-read when processing the "VLAN tags" from an Ethernet frame.kexec-tools: 2.0.15-20.1.xcp-ng8.3 -> kexec-tools-2.0.15-21.1.xcpng8.3xapi: 26.1.11-1.1.xcpng8.3 -> xapi-26.1.11-1.2.xcpng8.3Optional packages:
lldpd: 1.0.4-1.1.xcpng8.3 -> 1.0.4-1.2.xcpng8.3Warning: XOSTOR users, refer to the instructions in the previous announcement, which apply here if you haven't installed the previous update candidates.
yum clean metadata --enablerepo=xcp-ng-testing,xcp-ng-candidates
yum update --enablerepo=xcp-ng-testing,xcp-ng-candidates
reboot
The usual update rules apply: pool coordinator first, etc.
As usual, normal use and anything else you want to test.
~2 days
We would like to thank users who reported feedback since our last call for testing:
@Andrew, @ScarfAntennae, @XCP-ng-JustGreat, @acebmxer, @bufanda, @flakpyro
As this is my first time installing these update candidates,
Actually we moved first batch of packages that landed in testing to candidates repo, to avoid mix up in the second batch that just landed in testing repo. Since nothing new appeared in candidate you should probably already had them before, home this is clarifying what is actually happening 
Next yum update should just pull the latest stable versions?
Not if you already have installed then from testing (or candidate) repo, because versions are same, it's only the distribution channel that change, no impact for testers.
This release batch contains mostly fixes, tools version update, a some improvements.
Note: the previous batch of updates has not been released yet, so if you haven't tested it, you will see more updates than described here when you'll install the update candidates. Refer to the previous announcements.
xen: Add support for xenpm get-core-temp to query CPU temperature on Intel platforms.
xenpm get-core-temp to get the temperature on Intel's CPU, to fallback unsupported coretemp. Doc update being reviewed.grub: Sync with XenServer 8.4: Fix a rare out-of-memory error.
dracut: Fixes
xapi: Update to 26.1.11, add fixes and improvements.
stunnel: Fixed stunnel only considering one of the self-signed certificates with the same DN.xcp-ng-pv-tools: Update to XCP-ng Windows Guest Tools 9.1.200 (full changelog).mpi3mr-module: Update to version 8.17.1, adding newly supported SAS5116 devices.Optional:
mellanox-mlnxen-alt: Fix build error with kernel 4.19.19-8.0.42.1+.kmod-drbd: Update to 9.2.18 (full changelog)
xcp-ng-release-linstor: Relocate config file to v8.3-linstor repository.
dracut: 033-538.xcpng8.3 -> 033-539.1.xcpng8.3gpumon: 24.1.0-84.1.xcpng8.3 -> 24.1.0-91.1.xcpng8.3grub: 1:2.06-4.0.2.1.xcpng8.3 -> 1:2.06-4.0.5.1.xcpng8.3mpi3mr-module: 8.6.1.0.0-1.xcpng8.3 -> 8.17.1.0.0-1.xcpng8.3stunnel: 5.60-5.xcpng8.3 -> 5.60-6.1.xcpng8.3xapi: 26.1.4-3.2.xcpng8.3 -> 26.1.11-1.1.xcpng8.3xcp-featured: 1.2.1-1.xcpng8.3 -> 1.2.1-2.xcpng8.3xcp-ng-pv-tools: 8.3-17.xcpng8.3 -> 8.3-18.xcpng8.3xen: 4.17.6-9.1.xcpng8.3 -> 4.17.6-9.3.xcpng8.3Optional packages:
mellanox-mlnxen-alt: 5.4_1.0.3.0-2.xcpng8.3 -> 5.4_1.0.3.0-3.xcpng8.3Some XOSTOR packages are provided in separate repository, and should be installed along xcp-ng regular packages, using the following commands:
yum clean metadata --enablerepo=xcp-ng-testing,xcp-ng-candidates,xcp-ng-linstor-testing
yum update --enablerepo=xcp-ng-testing,xcp-ng-candidates,xcp-ng-linstor-testing
reboot
Note: linstor packages themselves have not been updated, only kmod-drbd and xcp-ng-release-linstor. Thus, this time it's not necessary to restart the satellites before rebooting.
The following XOSTOR-specific package received updates (and must be updated in the same transaction, which the above update commands will do):
xcp-ng-release-linstor: 1.4-2.xcpng8.3 -> 1.5-1.xcpng8.3 (from xcp-ng-testing repo)kmod-drbd: 9.2.16-1.0.xcpng8.3 -> 9.2.18-2.0.xcpng8.3 (from xcp-ng-linstor-testing repo)Warning: XOSTOR users should skip this part and follow the instructions of the previous section.
yum clean metadata --enablerepo=xcp-ng-testing,xcp-ng-candidates
yum update --enablerepo=xcp-ng-testing,xcp-ng-candidates
reboot
The usual update rules apply: pool coordinator first, etc.
As usual, normal use and anything else you want to test.
~2 days
We would like to thank users who reported feedback since our last call for testing:
@Andrew, @XCP-ng-JustGreat, @acebmxer, @bufanda, @flakpyro, @jeffberntsen, @majorp93, @manilx, @marcoi, @ph7.
rzr said:
Since it's a lowest priority you can take all the time you need, and If too busy, no problem we can do it for you and then backport the change to XCP-ng.
Or Is there any volunteer interested to learn about how to contribute to xcp-ng ? I can mentor you, pm me.
rzr said:
New security update candidates for XCP-ng 8.3 LTS (kernel)
Test window before official release of the updates
~3 days
The testing window is extended a bit, expect also a next batch (to be tested later this month).
It has been planned to group updates for the convenience of administrators (stay tuned in blog).
Meanwhile If you didn't notice yet, an updated xen-4.17.6-9.2.xcpng8.3 package landed in testing repo, it addresses some low risk vulnerabilities as reported at:
More to come soon
@rzr
No issues to report initially other then nslookup still an issue.
openssl_link.c:132: INSIST(dst__memory_pool != ((void *)0)) failed, back trace
Yes I looked at it, it looks like it's a design isssue that was fixed in later version of bind.
In details If I understand correctly this patched version of nslookup is facing a SIGARBT caused by an assert on previously cleanup resources (dst__memory_pool) which is unexpected in finishing part of the openssl thread (dst__openssl_destroy).
This bind patched version (where ssl support is in progress) is also known to have memory leaks, but those are resolved in later version, so until we catch up you'll probably have to live with this little annoyance on process exit unless we find (and validate) a better fix.
This release batch contains security fix on kernel, version update, some bug fixes and a few improvements.
kernel: Fix Vulnerability: CVE-2026-46243
intel-microcode: Fix a hang on boot on some platforms (Revert Granite Rapids AP/SP ucode back to IPU 2026.1)
intel-ice: Update to 2.4.5
intel-ice: 1.15.5-2.xcpng8.3 -> 2.4.5-8.1.1.xcpng8.3intel-microcode: 20260416-1.xcpng8.3 -> 20260416-2.xcpng8.3kernel: 4.19.19-8.0.46.5.xcpng8.3 -> 4.19.19-8.0.46.6.xcpng8.3yum clean metadata --enablerepo=xcp-ng-testing,xcp-ng-candidates
yum update --enablerepo=xcp-ng-testing,xcp-ng-candidates
reboot
The usual update rules apply: pool coordinator first, etc.
As usual, normal use and anything else you want to test.
~3 days
We would like to thank users who reported feedback since our last call for testing:
@Andrew, @acebmxer, @flakpyro, @jeffberntsen, @majorp93, @marcoi, @ph7, @pilow, @probain.