That's actually a question for @Team-XAPI-Network

Posts
-
RE: Installation: expecting an rsa key, any plans to support elliptic curve keys?
-
RE: XCP-ng 8.3 updates announcements and testing
@gduperrey said in XCP-ng 8.3 updates announcements and testing:
Since it doesn't indicate that an updated 8.2 is actually 8.2.1, only the major version is displayed.
Not a very good example actually
(but what's true is that for 8.2 we didn't add a "LTS" mention next to the version number in the system either).
But yes, we decided not to increment the version number for XCP-ng 8.3.0. That breaks compatibility with some third party software because they wouldn't recognize a "8.3.1".
However we're working on a secondary version identifier that would allow you to know your precise patch level.
-
RE: XCP-ng 8.3 updates announcements and testing
@gb.123 Yes. If you think it's not clear in the blog post, I'll think how I can word it.
Current wording:
This announcement does not represent a new release. It applies to the existing XCP-ng 8.3.
If you're already running XCP-ng 8.3, you're on the LTS version. There's no need for a full upgrade. Standard package updates will keep your system current.
-
RE: XCP-ng 8.2 updates announcements and testing
New update candidates for you to test!
A new batch of non-urgent updates is ready for user tests before a future collective release.
openssh
: Fix low priority CVE-2025-26465 DoS attack when VerifyHostKeyDNS is "yes" or "ask" (The Default value has not changed: "no")samba
: Fix vulnerabilities which are very unlikely to be exploitable on XCP-ng but are reported by security scanners.xcp-ng-release
: This update adds a certificate to resolve a TLS handshake error, particularly when deploying XOA from CLI usingcurl
.
Test on XCP-ng 8.2
From an up to date host:
yum clean metadata --enablerepo=xcp-ng-testing yum update --enablerepo=xcp-ng-testing reboot
The usual update rules apply: pool coordinator first, etc.
No specific steps for these updates for XOSTOR users.
Versions
openssh
: 7.4p1-23.3.2.xcpng8.2samba
: 4.10.16-25.el7_9xcp-ng-release
: 8.2.1-16
What to test
Normal use and anything else you want to test. The closer to your actual use of XCP-ng, the better.
Test window before official release of the updates
None defined, but early feedback is always better than late feedback, which is in turn better than no feedback
-
RE: XCP-ng 8.3 updates announcements and testing
You probably saw it, but just in case: https://xcp-ng.org/blog/2025/06/16/xcp-ng-8-3-is-now-lts/
Today marks several important updates for XCP-ng 8.3. In a nutshell:
- It officially becomes a Long-Term Support (LTS) release, as previously announced when it was first released on October 7th, 2024.
- We are releasing updated installation images ("ISOs") that include installer improvements and all updates published since the original release.
- XOSTOR, our hyperconverged storage solution powered by LINSTOR, is now officially supported on XCP-ng 8.3.
- A new, dedicated upgrade ISO is available to support upgrading from an 8.2 pool that includes a XOSTOR storage repository.
-
RE: XCP-ng 8.3 updates announcements and testing
The above issue is solved in packages that we haven't released as an update yet, that @Andrew tested.
-
RE: VM migration failure
We do advise to jump to 8.2 from earlier releases, before jumping to 8.3.
-
RE: XCP-ng 8.3 updates announcements and testing
@Andrew Does restarting the toolstack bring the stats back?
Regarding coretemp, @r1's module doesn't work anymore with Xen 4.17. See https://github.com/xcp-ng/xcp/issues/669. A possible workaround is using IPMI readings, when available. For a better solution, there's work needed in Xen.
(CC @Team-Hypervisor-Kernel, FYI)
-
RE: XCP-ng 8.3 updates announcements and testing
said in XCP-ng 8.3 updates announcements and testing:
here are the pre-release ISO images for a refreshed XCP-ng 8.3 installer
Last call
-
RE: XCP-ng 8.3 updates announcements and testing
A few days late because internal tests led to a few fixes, here are the pre-release ISO images for a refreshed XCP-ng 8.3 installer:
$ cat SHA256SUMS 22deae59e7c5cff7d4691c447af9dbf27b29a372748c1844c280bdc212ef2a5f xcp-ng-8.3-20250606-linstor-upgradeonly.pre3.iso 9a5dcc8d98949ee207d28307b8b94320d1ffd24841e34ca74e1c0f0422e5ecab xcp-ng-8.3-20250606-netinstall.pre3.iso 4d6f5a99da0d70920bc313470ad2b14decab66038f0863ca68a2b81126ee2977 xcp-ng-8.3-20250606.pre3.iso
- No need to upgrade XCP-ng 8.3 with these. It is not a new release. It's refreshed installation images, with all updates included.
- When we release them, at the same time, XCP-ng 8.3 will be officially labeled LTS. Again, the existing XCP-ng 8.3 that you already use. Not a new XCP-ng release.
- This is also when XOSTOR becomes officially supported in XCP-ng 8.3
.
- 8.2 to 8.3 upgrade with XOSTOR required a specific treatment, to get a compatible LINSTOR version installed on upgrade. This constraint we had to handle was caused by Linstor not supporting rolling upgrade. For this, we provide a dedicated upgrade ISO (
-linstor-upgradeonly
). After the upgrade, if there are available updates in 8.3 for linstor, then you can follow the usual update process (which also contains specific steps for XOSTOR such as updating linstor-satellite first on all hosts and restarting the services on all of them, still due to linstor not supporting rolling update. That's something that XOA's RPU handles automatically since a few releases, by the way). - Some packages are slightly newer in the ISOs than in 8.3's update repositories. The only reason is because I didn't want to push updates so soon right after the previous batch, so that XOA doesn't tell you that you are outdated and need to update. But of course these updates will also come to existing XCP-ng 8.3 hosts soon. They're not just for the ISOs.
- The netinstall ISO image will pull the original 8.3.0 packages at the moment, so if you want to use it you first need to create a netinstall reposistory somewhere by extracting the full installation ISO, and point at it.
Regarding testing we are interested on all kind of feedback. Installations, upgrades with and without XOSTOR, and everything you want to test that seems pertinent to ensure there are no regressions when compared to the original 8.3.0 installation ISOs.
-
RE: XSA-468: multiple Windows PV driver vulnerabilities - update now!
said in XSA-468: multiple Windows PV driver vulnerabilities - update now!:
- We do plan a way to remove the warning for VMs that you would choose.
That's now done and will be included in the next update to the
latest
update channel for XOA. VMs with theHIDE_XSA468
tag will not be included in the vulnerability detection. -
RE: XSA-468: multiple Windows PV driver vulnerabilities - update now!
@Andrew I've thought about it and I agree on the principle as there's already a section about guest tools there, but we have put enough pressure on the XO team to make them release the helpful features in time to help users detect vulnerable VMs, on XOA's
stable
update channel, so it might be wiser to wait for XO6 for such alert to be in a centralized place about guest tools. -
RE: XSA-468: multiple Windows PV driver vulnerabilities - update now!
Thanks for the feedback. Let's add a notice in the docs, @dinhngtu?
-
RE: XCP-ng 8.3 updates announcements and testing
Just a heads-up to let you know that we'll soon (tonight? Tomorrow?) upload pre-releases of the refreshed installation ISOs for XCP-ng 8.3.
-
RE: XSA-468: multiple Windows PV driver vulnerabilities - update now!
@olivierlambert As soon as I've created the feature request.
-
RE: XSA-468: multiple Windows PV driver vulnerabilities - update now!
- No one said the banner would stay forever. The vulnerability is important enough that for now there's a banner.
- We addressed what is most urgent: patching supported OSes, and making users aware of the vulnerability. The fact that you're annoyed with the banner at least shows it worked.
- We do plan a way to remove the warning for VMs that you would choose.
- @dinhngtu is already evaluating a mitigation script for the bigger vulnerability on unsupported versions of Windows,
-
RE: XSA-468: multiple Windows PV driver vulnerabilities - update now!
@flakpyro There's also a chance this is a XAPI issue. CC @andriy.sultanov
-
RE: XSA-468: multiple Windows PV driver vulnerabilities - update now!
@Forza said in XSA-468: multiple Windows PV driver vulnerabilities - update now!:
Hi,
It is not clear to me if the old XCP-ng PV drivers (8.2.2.200-RC1) are affected or not. How should we proceed if they are?
Do others share this feeling and have this question after re-reading the whole announcement?
-
RE: XCP-ng 8.3 updates announcements and testing
So, we owe a very big thank you to everyone here for your tests and feedback. The numerous updates that were in the
xcp-ng-testing
repository are now officially published to everyone:https://xcp-ng.org/blog/2025/05/26/may-2025-maintenance-update-for-xcp-ng-8-3/
But stay with us, as very soon we'll have a few more updates to test, as well as refreshed installation ISOs!