The oVirt project is excited to announce the general availability of oVirt 4.4.8 , as of August 19th, 2021.
This release unleashes an altogether more powerful and flexible open source virtualization solution that encompasses hundreds of individual changes and a wide range of enhancements across the engine, storage, network, user interface, and analytics, as compared to oVirt 4.3.
Please note that oVirt 4.4 only supports clusters and data centers with compatibility version 4.2 and above. If clusters or data centers are running with an older compatibility version, you need to upgrade them to at least 4.2 (4.3 is recommended).
Please note that in RHEL 8 / CentOS 8 several devices that worked on EL7 are no longer supported.
For example, the megaraid_sas driver is removed. If you use Enterprise Linux 8 hosts you can try to provide the necessary drivers for the deprecated hardware using the DUD method (See the users’ mailing list thread on this at https://lists.ovirt.org/
If you want to try oVirt as quickly as possible, follow the instructions on the Download page.
For complete installation, administration, and usage instructions, see the oVirt Documentation.
For upgrading from a previous version, see the oVirt Upgrade Guide.
For a general overview of oVirt, see About oVirt.
This update is the eighth in a series of stabilization updates to the 4.4 series.
This release is available now on x86_64 architecture for:
Red Hat Enterprise Linux 8.4
CentOS Linux (or similar) 8.4
CentOS Stream 8
This release supports Hypervisor Hosts on x86_64 and ppc64le architectures for:
Red Hat Enterprise Linux 8.4
CentOS Linux (or similar) 8.4
oVirt Node NG (based on CentOS Stream 8)
CentOS Stream 8
Some of the RFEs with high user impact are listed below:
Bug 1691696 - [RFE] multipath events notifications
Bug 1939286 - [RFE] Expose broken Affinity Groups via API too
Bug 1963083 - [RFE] Support storing user data in VM checkpoint entity
Bug 1971185 - [RFE] Report zero status in dirty extents response
Bug 1981297 - [RFE] Add new backup phases and disable backup/image transfers DB instant cleanup
Bug 1971317 - [RFE][API] Import OVA template as a clone
Bug 1941507 - [RFE] Implement rotation mechanism for /var/log/ovirt-engine/host-
Bug 1962563 - [RFE] Use nmstate for source routing
Some of the Bugs with high user impact are listed below:
Bug 1770027 - Live Merge completed on the host, but not on the engine, which just waited for it to complete until the operation was terminated.
Bug 1977689 - Download backup disk command failes in sdk/examples/backup_vm.py
Bug 1987295 - Setting host to 'maintenance' will be blocked when there are image transfers with status different then 'paused'
Bug 1983414 - Disks are locked forever when copying VMs' disks after snapshot
Bug 1982065 - Invalid amount of memory is allowed to be hot plugged
Bug 1966535 - NullPointerException when trying to delete uploaded disks with using transfer_url
Bug 1985876 - Cannot set 0.0.0.0 as gateway
Bug 1932392 - engine-setup fails after 'engine-backup --mode=restore' if the backup was taken on a newer version
Bug 1989794 - engine still generates duplicate address for hotplug disk
oVirt Node and Appliance have been updated, including:
oVirt 4.4.8: https://www.ovirt.org/release/
CentOS Stream 8 latest updates
Ansible 2.9.24: https://github.com/ansible/
We also included updates for the following CVEs:
cockpit-ovirt:
CVE-2020-28500 - Moderate - nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions
CVE-2021-23337 - Moderate - nodejs-lodash: command injection via template
oVirt Node consumed fixes for:
CVE-2021-3621 - Important - sssd: shell command injection in sssctl
CVE-2021-33034 - Important - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
CVE-2021-3501 - Important - kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run
CVE-2021-3609 - Important - kernel: race condition in net/can/bcm.c leads to local privilege escalation
CVE-2021-25217 - Important - dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient
CVE-2021-3623 - Moderate - libtpms: out-of-bounds access when trying to resume the state of the vTPM
CVE-2021-3565 - Moderate - tpm2-tools: fixed AES wrapping key in tpm2_import
CVE-2021-3580 - Moderate - nettle: Remote crash in RSA decryption via manipulated ciphertext
CVE-2021-36222 - Moderate - krb5: sending a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in null dereference in the KDC which leads to DoS
CVE-2020-24504 - Moderate - kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers
CVE-2020-24503 - Moderate - kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers
CVE-2020-24502 - Moderate - kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers
CVE-2021-35942 - Moderate - glibc: Arbitrary read in wordexp()
CVE-2021-3448 - Moderate - dnsmasq: fixed outgoing port used when --server is used with an interface name
CVE-2021-20266 - Low - rpm: missing length checks in hdrblobInit()
CVE-2020-29368 - Low - kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check
See the release notes [1] for installation instructions and a list of new features and bugs fixed.
Notes:
oVirt Appliance is already available for CentOS Stream 8
oVirt Node NG is already available for CentOS Stream 8
Additional resources:
Read more about the oVirt 4.4.8 release highlights: https://www.ovirt.org/release/
Get more oVirt project updates on Twitter: https://twitter.com/ovirt
Check out the latest project news on the oVirt blog: https://blogs.ovirt.org/
[1] https://www.ovirt.org/release/
Sandro Bonazzola
MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
Sandro Bonazzola
MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV