Monthly Archives: February 2016

Xen Project 4.6.1 Maintenance Release is Available

I am pleased to announce the release of Xen 4.6.1. Xen Project Maintenance releases are released in line with our Maintenance Release Policy: this means we make one new point release per stable series every 4 months, which include back-ports of bug-fixes and security issues.

I am pleased to announce the release of Xen 4.6.1. This is available immediately from its git repository

http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.6
(tag RELEASE-4.6.1)

or from the XenProject download page

http://www.xenproject.org/downloads/xen-archives/xen-46-series/xen-461.html
(where a list of changes can also be found).

Note that, as also mentioned on the web page above, due to two oversights the fixes for both XSA-155 and XSA-162 have only been partially applied to this release. (Note further that the same applies to the recently announced 4.4.4 release.)

We recommend all users of the 4.6 stable series to update to this first point release.

Additional note published Feb 17th: We detected the missing patches before the official release, but towards the end of the release process. We then had a discussion whether to make a new release which would have forced us to skip a release number (aka move from 4.6.0 to 4.6.1.1 or 4.6.2) or release 4.6.1 with two security patches which were incomplete, and document what is missing. At this point, we had to decide whether to re-tag (and thus re-number the release) or whether to document any issues. A similar issue happened in 2013, when we released Xen 4.1.6.1 instead of Xen 4.1.6. At that time it became clear that many consumers of Xen have difficulties with a version number that does not fit into the normal version numbering pattern, which led to Xen 4.1.6.1 not being widely used. We cannot re-spin a release without changing the version number if issues are discovered late during the release process. Firstly, making a release involves both extensive testing and also has a security dimension. Normally, after testing succeeds we create a signed tag in the git tree. This means that there is a secure way of accounting for where the tarball came from. We then rebuild and do additional testing, write the release notes, do some more checking and sign the tarballs. The missing patches were discovered on Thursday, before the official release on Monday, but after we created the signed tag. Signed tags cannot be removed, as they have to be tamper proof, which makes everyone more secure.

Future of Xen Project: Video Spotlight Interview with Xen Project’s Chairperson Lars Kurth

Lars Kurth had his first contact with the open source community in 1997 when he worked on various parts of the ARM toolchain. He has since become an open source enthusiasts, worked on several open source communities, and is the chairperson of the Xen Project Advisory Board. He is also the Director of the Xen Project at Citrix.

He recently sat down to discuss why Xen Project software makes sense for the cloud and where the community and technology is heading this year in this short video. Read on for more.

The Xen Project community has flourished and grown throughout the years. The latest release from the Xen Project (Hypervisor 4.6) produced the best quality and quantity of contributors from cloud providers, software vendors, hardware vendors, academic researchers and individuals.

The Xen Project entices new users to join with its high energy and inclusive nature. It periodically hosts hackathons to give developers the opportunity to meet face to face, to discuss development, coordinate, write code, and collaborate with other developers. The Project will have its next hackathon at ARM’s headquarters in Cambridge on April 18 – 19.

Since the Xen Project became a collaborative project under the Linux Foundation tutelage in 2013, the technology has been able to break into a lot of new use cases, most notably automotive and embedded — check out GlobalLogic’s use of Xen on Linux.com if you haven’t read it already. These recent innovations areas have also been very beneficial to traditional Xen Project use cases. For example, Automotive real-time scheduling is not only important for this industry, but server and data centers as they relate to things like online gaming.

From it’s inception, Xen was created for cloud computing — its early work with Amazon AWS allowed the hypervisor to create a great architecture for the cloud. It has since brought on a lot of new members and contributors to help continue to address the current and future needs of cloud computing, and will continue to innovate in new market segments from automotive to Unikernels.