Posts for: #xcp

XCP-ng Unveils Version 8.3 Beta 2 of Virtualization Platform

XCP-ng Unveils Version 8.3 Beta 2 of Virtualization Platform

XCP-ng has announced the launch of the 8.3 Beta 2, marking the culmination of seven months of work on XCP-ng 8.3. This pre-release version is not recommended for production environments but is intended for users interested in testing and providing feedback on the new features. The release faced challenges with UEFI firmware emulation, but with community support, issues were resolved.

Changes in XCP-ng 8.3 Beta 2

Changes from XenServer

  • Completion of vTPM support for Windows 11 compatibility.
  • Various improvements in XAPI, Xen, and Linux kernel.

Changes from XCP-ng

  • Rebased packages on XenServer 8 preview.
  • Various installer enhancements.
  • IPv6 support updates.
  • Addition of XOSTOR and Debian 12 template.
  • Security fixes and new tests.
  • Removal of old experimental EXT4 driver.

Updates Since Beta 2

  • Integration of XenServer 8 advancements.
  • Various updates and fixes for enhanced stability.
  • Known issue with Xen Orchestra statistics, being addressed.

Xen 4.17

  • Opportunity to upgrade from Xen 4.13 to Xen 4.17 for testing.
  • Instructions provided for installation and feedback submission.


XCP-ng Releases Security Update for January 2024

XCP-ng Releases Security Update for January 2024

XCP-ng has released their January 2024 security update for their virtualization platform. The update is specifically for the 8.2 LTS release, which is currently the only supported release of XCP-ng.

The update addresses a security issue in the Linux kernel of XCP-ng’s control domain. This issue allowed a guest with limited privileges to send special network packets that could crash the network system in XCP-ng. While the crash only occurred in specific situations, several users reported the issue and it was discovered that others in the community were experiencing similar problems. This led to collaboration within the community to investigate and resolve the issue.

The vulnerability that was fixed is known as XSA-448 and is identified as CVE-2023-46838. This vulnerability allowed an unprivileged guest to launch a Denial of Service (DoS) attack on the host system by sending certain network packets to the backend, causing it to crash. This vulnerability was particularly observed when using pfSense with WireGuard, resulting in random crashes of the host system.

Xen Orchestra 5.90 Released as the Last Version of the Year

Xen Orchestra 5.90 Released as the Last Version of the Year

XCP-ng has announced the release of Xen Orchestra 5.90, marking the end of the year for the team and community. This release brings several new backup features, including the addition of tasks for NBD enabled backup. This new feature allows users to track the progress of NBD transfers and monitor the status of backups directly from XO Lite or the xe CLI. The release also includes optimizations for backup performance on high latency links, leveraging the ability to download multiple blocks in parallel to mitigate the impact of latency on backup speed.

Xen Orchestra 5.90 also introduces advancements in on-prem immutability, with work being done to provide a direct, on-premises solution for securing S3 backups. The immutability feature aims to establish a Backup Repository (BR) that Xen Orchestra can write to but cannot alter during the predefined immutability period, safeguarding backups against ransomware attacks. The release also includes enhancements to scoped tags, allowing for more nuanced categorization and clearer context-specific labeling.

Other improvements in Xen Orchestra 5.90 include the ability to fetch clients IP addresses from X-Forwarded-* headers for improved logging and security audits, enhancements to SAML integration for added security, a simplified method for changing memory in a running VM, better error messages on the XO CLI, and various changes to the REST API.

In addition, Xen Orchestra 5.90 introduces features tailored for the upcoming XCP-ng 8.3 release, including the ability to configure IPv6 settings on host’s physical interfaces and improved detection of ongoing coalesce tasks.

Lastly, Xen Orchestra 5.90 unveils the first “functional” iteration of XO Lite, with updates such as XOA quick deploy for easy deployment of Xen Orchestra virtual appliances, a number of running VMs indicator in the tree view for a clearer overview of the environment, and a better status panel component for improved readability and aesthetic appeal.

Overall, Xen Orchestra 5.90 brings a range of new features and improvements that enhance backup capabilities, immutability, tagging, and user experience. Users can expect faster backups, better monitoring, and increased security with this latest release.

Rust Guest Tools 0.3.0: Enhancing Virtualization Experience

XCP-ng has released version 0.3.0 of its Rust guest agent for Linux and BSD operating systems. This release includes several new features and bug fixes.

One major change is the addition of APT repositories, allowing for easy installation and updates of the guest agent on Debian-based systems. The Debian package is automatically built on Gitlab and can be accessed via a Debian repository.

The agent now has the ability to collect available and total guest memory inside FreeBSD guests. Additionally, the command line for the agent now includes two extra arguments, --stderr and --loglevel, for troubleshooting assistance. All guest agent logs are now sent to syslog by default on any Unix-like operating system.

Bug fixes include resolving an issue with plugging and unplugging a virtual NIC while the VM is online, thanks to community testing and feedback. Another bug fix removes a requirement on the development symlink, now only requiring the runtime library package.

For more details, the complete changelog can be found here.

New and Improved Installer for XCP-ng 8.2.1

The XCP-ng team has rolled out an updated installer for version 8.2.1, bringing various improvements.

The release includes all security and maintenance updates since the initial launch, enhanced hardware support, and drivers. Notable fixes involve AMD hardware boot failures, display issues on Intel NUC 10 and above, and compatibility with newer CPUs. The installer now supports network chipsets for home labs, includes additional optional drivers, and ensures a smoother installation process.

Users can download the latest ISOs from the official website.

XCP-ng December 2023 Security Update Now Available

XCP-ng December 2023 Security Update Now Available

XCP-ng, the popular virtualization platform, has released its latest security update for the month of December. The update is specifically for the 8.2 LTS release, which is currently the only supported version of XCP-ng.

The update includes fixes for vulnerabilities in Xen and linux-firmware in the controller domain. These vulnerabilities have been addressed to ensure the security of the virtual machines running on the platform.

One of the fixed vulnerabilities, labeled XSA-445, addresses a mismatch in IOMMU quarantine page table levels on x86 AMD systems. This vulnerability could potentially allow a device in quarantine mode to access leaked data from previously quarantined pages. Although this feature is not enabled by default in XCP-ng, it can still be enabled at Xen boot time.

The second fixed vulnerability, XSA-446, deals with memory content inference in PV guests. XCP-ng strongly advises against using PV guests and recommends switching to HVM for better security. If you are still using PV guests, it is highly recommended to consider making the switch.

In addition to the security updates, XCP-ng has also released non-security updates to pave the way for upcoming refreshed installation ISOs. These updates include improvements to the linux-firmware, gpumon, tzdata, and vendor-drivers components.

The linux-firmware update includes an update to the AMD microcode, specifically for the family 19h (Zen 3, Zen3+). This update helps mitigate hardware vulnerabilities and bugs. However, it is important to note that updating the hardware’s firmware remains the preferred method for updating microcode, and any newer microcode found in the firmware will take precedence over the microcode provided in XCP-ng.

Other changes include a small change to suppress unnecessary logging in gpumon, updated timezones with the latest CentOS 7 update of the tzdata package, and the integration of new drivers into XCP-ng in preparation for the upcoming refreshed installation ISOs. These new drivers include the igc module for Intel device drivers for I225/I226, the r8125 module for Realtek r8125 device drivers, and the mpi3mr module for Broadcom mpi3mr RAID device drivers.

Overall, the December 2023 security update for XCP-ng brings important security fixes and improvements to the virtualization platform, ensuring the safety and performance of virtual machines. Users are encouraged to update their systems to benefit from these enhancements and to maintain a secure environment for their workloads.