Backport more XSA-489 fixes, session refresh patches#129
Conversation
Signed-off-by: Andrii Sultanov <andriy.sultanov@vates.tech>
|
Scratch build: https://koji.xcp-ng.org/taskinfo?taskID=104506 |
This change in particular may require particular attention in testing. Are we ready to rely on our CI solely, for this one? |
it's been merged upstream for a long time already, and I expect it to have gone through some XenServer testing. IMO, the worst case is that the change doesn't quite achieve what it wants to, but it shouldn't break anything that's not already broken |
That's the kind of information I went looking for in the PR description, but the lack of details there let me wondering. Thanks for the precisions. |
rzr
left a comment
rzr
left a comment
There was a problem hiding this comment.
Patches are well tracked, this is appreciated :)
|
Build to v8.3-incoming: https://koji.xcp-ng.org/buildinfo?buildID=5578 |
5 participants
Main information
Work Item Reference
XCPNG-3236
Context & Motivation
Backport of xapi-project/xen-api#7034, xapi-project/xen-api#7046, xapi-project/xen-api@8bbfa01
Release Target
Ready for today's release, if we decide to go for it.
Release Notes and Documentation
Explain the change to users
This fixes XSA-489 (CVE-2026-23562, CVE-2026-42486) and fixes an issue where expired sessions would break long migrations
Attention points
None that are known
Documentation update needed
Testing and regression avoidance
What tests have you performed?
None, the build should be run through the CI. XSA backports have been tested by XenServer.
What's covered by the xcp-ng-tests test suite?
We don't use the xapi RBAC roles, we don't use
hvm_serial.We have a lot of VM/VDI migration tests, with the large QCOW2 volumes taking more than 24h to migrate - these should verify the session refresh patches.
Xen Orchestra Impact
Does this affect existing features in Xen Orchestra, or add new features that could be useful?