================ libvirt releases ================ This is the list of official releases for libvirt, along with an overview of the changes introduced by each of them. For a more fine-grained view, use the `git log`_. v6.10.0 (unreleased) ==================== * **Security** * qemu: Enable client TLS certificate validation by default for ``chardev``, ``migration``, and ``backup`` servers. The default value if qemu.conf options ``chardev_tls_x509_verify``, ``migrate_tls_x509_verify``, or ``backup_tls_x509_verify`` are not specified explicitly in the config file and also the ``default_tls_x509_verify`` config option is missing are now '1'. This ensures that only legitimate clients access servers, which don't have any additional form of authentication. * **New features** * qemu: Implement OpenSSH authorized key file management APIs New APIs (``virDomainAuthorizedSSHKeysGet()`` and ``virDomainAuthorizedSSHKeysSet()``) and virsh commands (``get-user-sshkeys`` and ``set-user-sshkeys``) are added to manage authorized_keys SSH file for user. * hyperv: implement new APIs The ``virDomainGetMaxMemory()``, ``virDomainSetMaxMemory()``, ``virDomainGetSchedulerType()``, ``virDomainGetSchedulerParameters()``, ``virDomainGetSchedulerParametersFlags()``, ``virDomainGetVcpus()``, ``virDomainGetVcpusFlags()``, ``virDomainGetMaxVcpus()``, ``virDomainSetVcpus()``, and ``virDomainSetVcpusFlags()`` APIs have been implemented in the Hyper-V driver. * **Improvements** * **Bug fixes** * remote: fixed performance regression in SSH tunnelling The ``virt-ssh-helper`` binary introduced in 6.8.0 had very poor scalability which impacted libvirt tunnelled migration and storage volume upload/download in particular. It has been updated and now has performance on par with netcat. * **Removed features** * hyperv: removed support for the Hyper-V V1 WMI API This drops support for Windows Server 2008R2 and 2012. The earliest supported version is now Windows 2012R2. v6.9.0 (2020-11-02) =================== * **New features** * nodedev: Add support for channel subsystem (CSS) devices on S390 A CSS device is represented as a parent device of a CCW device. This support allows to create vfio-ccw mediated devices with ``virNodeDeviceCreateXML()``. * qemu: Implement memory failure event New event is implemented that is emitted whenever a guest encounters a memory failure. * qemu: Implement support for ```` disks VMs based on the QEMU hypervisor now can use ```` option for local file-backed disks to configure a disk which discards changes made to it while the VM was active. * hyperv: implement new APIs The ``virConnectGetCapabilities()``, ``virConnectGetMaxVcpus()``, ``virConnectGetVersion()``, ``virDomainGetAutostart()``, ``virDomainSetAutostart()``, ``virNodeGetFreeMemory()``, ``virDomainReboot()``, ``virDomainReset()``, ``virDomainShutdown()``, and ``virDomainShutdownFlags()`` APIs have been implemented in the Hyper-V driver. * bhyve: implement virtio-9p filesystem support Implement virito-9p shared filesystem using the ```` element. * qemu: Add support for vDPA network devices. VMs using the QEMU hypervisor can now specify vDPA network devices using ````. The node device APIs also now list and provide XML descriptions for vDPA devices. * **Bug fixes** * hyperv: ensure WQL queries work in all locales Relying on the "Description" field caused queries to fail on non-"en-US" systems. The queries have been updated to avoid using localized strings. * rpc: Fix ``virt-ssh-helper`` detection libvirt 6.8.0 failed to correctly detect the availability of the new ``virt-ssh-helper`` command on the remote host, and thus always used the fallback instead; this has now been fixed. v6.8.0 (2020-10-01) =================== * **Security** * qemu: double free in qemuAgentGetInterfaces() in qemu_agent.c Clients connecting to the read-write socket with limited ACL permissions may be able to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. CVE-2020-25637. * **New features** * xen: Add ``writeFiltering`` attribute for PCI devices By default Xen filters guest writes to the PCI configuration space of a PCI hostdev, which may cause problems for some devices. The ``writeFiltering`` attribute of the device's ```` element can be used to disable the filtering and allow all guest writes to the configuration space. * bhyve: Support setting the framebuffer resolution Libvirt can now set the framebuffer's "w" and "h" parameters using the ``resolution`` element. * bhyve: Support VNC password authentication Libvirt can now probe whether the bhyve binary supports VNC password authentication. In case it does, a VNC password can now be passed using the ``passwd`` attribute on the ```` element. * remote: ``virt-ssh-helper`` replaces ``nc`` for SSH tunnelling Libvirt now provides a ``virt-ssh-helper`` binary on the server side. The libvirt remote client will use this binary for setting up an SSH tunnelled connection to hosts. If not present, it will transparently fallback to the traditional ``nc`` tunnel. The new binary makes it possible for libvirt to transparently connect across hosts even if libvirt is built with a different installation prefix on the client vs server. It also enables remote access to the unprivileged per-user libvirt daemons (e.g. using a URI such as ``qemu+ssh://hostname/session``). The only requirement is that ``virt-ssh-helper`` is present in ``$PATH`` of the remote host. * esx: implement few APIs The ``virConnectListAllNetworks()``, ``virDomainGetHostname()``, and ``virDomainInterfaceAddresses()`` (only for ``VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT`` source) APIs were implemented in the esx driver. * **Improvements** * qemu: Allow migration over UNIX sockets QEMU migration can now be performed completely over UNIX sockets. This is useful for containerised scenarios and can be used in both peer2peer and direct migrations. * dbus: Use GLib implementation instead of libdbus Adopting GLib DBus implementation simplifies our code as libdbus provides low-level APIs where we had to have a lot of helper functions. With this change we also remove dependency on libdbus and possibly fix all the DBus related libvirtd crashes seen over the time. * Re-introduce NVDIMM auto-alignment for pSeries Guests The auto-alignment logic was removed in v6.7.0 in favor of requiring the size provided by the user to be already aligned; however, this had the unintended consequence of breaking some existing guests. v6.8.0 restores the previous behavior with an improvement: it also reflects the auto-aligned value in the domain XML. * qemu: Preserve qcow2 cluster size after external snapshots The new overlay image which is installed on top of the current chain when taking an external snapshot now preserves the cluser size of the original top image to preserve any performance tuning done on the original image. * **Bug fixes** * qemu: Various (i)SCSI backed hostdev fixes (i)SCSI backed hostdevs now work again with an arbitrarily long user-specified device alias and also honor the 'readonly' property after a recent rewrite. * **Removed features** * node_device: Remove HAL node device backend HAL is deprecated on all supported OS so there is no need to keep it in libvirt. udev backend is used on Linux OSes and devd can be eventually implemented as replacement for FreeBSD. v6.7.0 (2020-09-01) =================== * **Packaging changes** * Libvirt switch to Meson build system Libvirt abandoned autotools and switched to Meson build system. * **New features** * qemu: Add support for initiator IQN configuration for iSCSI hostdevs Similarly to iSCSI ```` users can use an ```` element inside ```` with the same format to configure the ``IQN`` value used by the qemu initiator when connecting to an iSCSI target. * xen: Add support for device model command-line passthrough Xen supports passing arbitrary arguments to the QEMU device model using the ``device_model_args`` setting in xl.cfg(5). The libvirt xen driver now supports this using ```` XML extensions. * shmem: Add support for shmem-{plain, doorbell} ``role`` option The ``role`` attribute controls how the domain behaves on migration. With ``role=master``, the guest will copy the shared memory on migration to the destination host. With ``role=peer``, the migration is disabled. * bhyve: Sound device support This feature allows to configure guest sound device using the ```` element, and map it to the host sound device using the ``