oVirt 4.5.0 is now generally available The oVirt project is excited to announce the general availability of oVirt 4.5.0, as of April, 20th 2022. This release unleashes an altogether more powerful and flexible open source virtualization solution that encompasses hundreds of individual changes and a wide range of enhancements across the engine, storage, network, user interface, and analytics on top of oVirt 4.4. Important notes before you install / upgrade Some of the features included in oVirt 4.5.0 require content that will be available in RHEL 8.6 and derivatives which are currently included in CentOS Stream 8. NOTE: If you’re going to install oVirt 4.5.0 on RHEL 8.6 beta please read Installing on RHEL <http://localhost:4000/download/install_on_rhel.html> first. Documentation Be sure to follow instructions for oVirt 4.5! - If you want to try oVirt as quickly as possible, follow the instructions on the Download <https://ovirt.org/download/> page. - For complete installation, administration, and usage instructions, see the oVirt Documentation <https://ovirt.org/documentation/>;. - For upgrading from a previous version, see the oVirt Upgrade Guide <https://ovirt.org/documentation/upgrade_guide/>;. - For a general overview of oVirt, see About oVirt <https://ovirt.org/community/about.html>;. What’s new in oVirt 4.5.0 Release? This release is available now on x86_64 architecture for: - CentOS Stream 8 - RHEL 8.6 (currently in beta) and derivatives This release supports Hypervisor Hosts on x86_64: - oVirt Node NG (based on CentOS Stream 8) - CentOS Stream 8 - RHEL 8.6 (currently in beta) and derivatives Builds are also available for ppc64le and aarch64. Experimental builds for CentOS Stream 9 are also provided for Hypervisor Hosts. CentOS Stream 9 based oVirt Node NG has not been released due to Bug 2063112 <https://bugzilla.redhat.com/show_bug.cgi?id=2063112>;. Security fixes included in oVirt 4.5 compared to latest oVirt 4.4.10: - CVE-2021-33502 <https://access.redhat.com/security/cve/CVE-2021-33502> [moderate] ovirt-web-ui: normalize-url: ReDoS for data URLs - CVE-2022-0207 <https://access.redhat.com/security/cve/CVE-2022-0207> [low] vdsm: disclosure of sensitive values in log files - CVE-2022-24302 <https://access.redhat.com/security/cve/CVE-2022-24302> [moderate] python-paramiko: Race condition in the write_private_key_file function - CVE-2021-41182 <https://access.redhat.com/security/cve/CVE-2021-41182> [moderate] jquery-ui: XSS in the altField option of the datepicker widget [ovirt-engine] - CVE-2021-41183 <https://access.redhat.com/security/cve/CVE-2021-41183> [moderate] jquery-ui: XSS in *Text options of the datepicker widget [ovirt-engine] - CVE-2021-41184 <https://access.redhat.com/security/cve/CVE-2021-41184> [moderate] jquery-ui: XSS in the 'of' option of the .position() util [ovirt-engine] - CVE-2021-33502 <https://access.redhat.com/security/cve/CVE-2021-33502> [moderate] ovirt-engine-ui-extensions: normalize-url: ReDoS for data URLs - CVE-2021-23425 <https://access.redhat.com/security/cve/CVE-2021-23425> [moderate] ovirt-engine-ui-extensions: nodejs-trim-off-newlines: ReDoS via string processing - CVE-2021-3807 <https://access.redhat.com/security/cve/CVE-2021-3807> [moderate] ovirt-engine-ui-extensions: nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes oVirt Node NG (CentOS Stream 8 based) includes updated packages with fixes for: - CVE-2022-25235 <https://access.redhat.com/security/cve/CVE-2022-25235> [important] expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution - CVE-2022-25315 <https://access.redhat.com/security/cve/CVE-2022-25315> [important] expat: Integer overflow in storeRawNames() - CVE-2022-25236 <https://access.redhat.com/security/cve/CVE-2022-25236> [important] expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution - CVE-2021-4083 <https://access.redhat.com/security/cve/CVE-2021-4083> [important] kernel: fget: check that the fd still exists after getting a ref to it - CVE-2022-0847 <https://access.redhat.com/security/cve/CVE-2022-0847> [important] kernel: improper initialization of the "flags" member of the new pipe_buffer - CVE-2022-0778 <https://access.redhat.com/security/cve/CVE-2022-0778> [important] openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates Some of the RFEs with high user impact are listed below: - 1926625 [RFE] How to enable HTTP Strict Transport Security (HSTS) on Apache HTTPD for Red Hat Virtualization Manager - 1922977 [RFE] VM shared disks are not part of the OVF_STORE - 977778 [RFE] - Mechanism for converting disks for non-running VMS - 2029830 [RFE] Hosted engine should accept OpenSCAP profile name instead of bool - 1933555 [RFE] Release python-ovirt-engine-sdk4 package on RHEL 9 - 1782056 [RFE] Integration of built-in ipsec feature in RHV/RHHI-V with OVN - 1849169 [RFE] add virtualCPUs/physicalCPUs ratio property to evenly_distributed policy - 1624015 [RFE] Expose Console Options and Console invocation via API - 2056126 [RFE] Extend time to warn of upcoming certificate expiration - 1987121 [RFE] Support enabling nVidia Unified Memory on mdev vGPU - 1927985 [RFE] Speed up export-to-OVA on NFS by aligning loopback device offset - 1998255 [RFE] [UI] Add search box for vNIC Profiles in RHVM WebUI on the main vNIC profiles tab - 2021217 [RFE] Windows 2022 support - 2058177 [RFE] Include the package nvme-cli on virtualization hosts - 1975720 [RFE] Huge VMs require an additional migration parameter - 1979277 [RFE] Migration - Apply automatic CPU and NUMA pinning based on the migrated host - 1563552 [RFE] Add Virtio-1.1 support in oVirt (depends in CentOS/RHEL 8.5) - 1986775 [RFE] introduce support for CentOS Stream 9 on oVirt releases - 1990462 [RFE] Add user name and password to ELK integration - 1838089 [RFE] Please allow placing domain in maintenance mode with suspended VM Some of the Bugs with high user impact are listed below: - 1986732 ovirt-ha services cannot set the LocalMaintenance mode in the storage metadata and are in a restart loop - 2043146 Expired /etc/pki/vdsm/libvirt-vnc/server-cert.pem certificate is skipped during Enroll Certificate - 2035051 removing nfs-utils cause ovirt-engine removal due to cinderlib dep tree - 2054745 Setting SD to maintenance fails and turns the SD to inactive mode as a result - 1878724 vdsm-tool configure is failing with error "dependency job for libvirtd.service failed" - 2057958 oVirt Node 4.5 el9 iso doesn't boot anymore - 2024698 build failure in copr - 2075435 Hybrid Backup - backup href has changed and causing backups to get stuck in finalizing stage - 2040402 unable to use --log-size=0 option - 1932149 Create hosted_storage with the correct storage_format based on the Data-Center level of the backup - 1986485 otopi uses deprecated API platform.linux_distribution which has been removed in Python 3.7 and later. - 2024161 Penalizing score by 1000 due to cpu load is not canceled after load decreasing to 0 - 1986728 ovirt-log-collector uses deprecated API platform.linux_distribution which has been removed in Python 3.7 and later. - 2066628 [UI] UI exception when updating or enabling number of VFs via the webadmin - 1986731 ovirt-engine uses deprecated API platform.linux_distribution which has been removed in Python 3.7 and later. - 2066285 Copying from an Image domain to a Managed Block Storage domain fails - 1857815 Copying HE-VM's disk to iSCSI storage volume, during deployment of 4.4 HE takes too long. - 2019869 Local disk is not bootable when the VM is imported from OVA - 2065152 Implicit CPU pinning for NUMA VMs destroyed because of invalid CPU policy - 2069658 Unable to deploy HE, couldn't resolve module/action 'firewalld'. oVirt Node has been updated, including: - oVirt 4.5.0: https://www.ovirt.org/release/4.5.0/ - GlusterFS 10.1: https://docs.gluster.org/en/main/release-notes/10.1/ - RDO OpenStack Yoga: https://releases.openstack.org/yoga/index.html - OVS 2.15 - Ansible Core 2.12.2: https://github.com/ansible/ansible/blob/stable-2.12/changelogs/CHANGELOG-... - CentOS Stream 8 latest updates - Full list of changes compared to oVirt Node 4.5.0 Beta: 4.5.0_beta2 4.5.0_ga NetworkManager 1.37.3-1.el8 1.39.0-1.el8 NetworkManager-config-server 1.37.3-1.el8 1.39.0-1.el8 NetworkManager-libnm 1.37.3-1.el8 1.39.0-1.el8 NetworkManager-ovs 1.37.3-1.el8 1.39.0-1.el8 NetworkManager-team 1.37.3-1.el8 1.39.0-1.el8 NetworkManager-tui 1.37.3-1.el8 1.39.0-1.el8 ansible-core 2.12.3-1.el8 2.12.2-2.el8 bash 4.4.20-3.el8 4.4.20-4.el8 centos-release-advanced-virtualization 1.0-4.el8 centos-release-messaging 1-3.el8 centos-release-openstack-xena 1-1.el8 centos-release-ovirt45 8.6-3.el8s 8.6-4.el8s centos-release-rabbitmq-38 1-3.el8 fwupd 1.7.1-1.el8 1.7.4-2.el8 glibc 2.28-196.el8 2.28-197.el8 glibc-common 2.28-196.el8 2.28-197.el8 glibc-langpack-en 2.28-196.el8 2.28-197.el8 ipa-client 4.9.8-6.module_el8.6.0+1104+ba556574 4.9.8-2.module_el8.6.0+1054+cdb51b28 ipa-client-common 4.9.8-6.module_el8.6.0+1104+ba556574 4.9.8-2.module_el8.6.0+1054+cdb51b28 ipa-common 4.9.8-6.module_el8.6.0+1104+ba556574 4.9.8-2.module_el8.6.0+1054+cdb51b28 ipa-selinux 4.9.8-6.module_el8.6.0+1104+ba556574 4.9.8-2.module_el8.6.0+1054+cdb51b28 kmod-kvdo 6.2.6.14-83.el8 6.2.6.14-84.el8 nmstate 1.3.0-0.alpha.20220310.el8 1.2.1-1.el8 nmstate-plugin-ovsdb 1.3.0-0.alpha.20220310.el8 1.2.1-1.el8 ovirt-ansible-collection 2.0.2-1.el8 2.0.3-1.el8 ovirt-host 4.5.0-2.el8 4.5.0-3.el8 ovirt-host-dependencies 4.5.0-2.el8 4.5.0-3.el8 ovn-2021 21.06.0-29.el8s 21.12.0-11.el8s ovn-2021-host 21.06.0-29.el8s 21.12.0-11.el8s python-oslo-concurrency-lang 4.4.1-1.el8 4.5.0-1.el8 python-oslo-log-lang 4.6.0-1.el8 4.7.0-1.el8 python-oslo-privsep-lang 2.6.2-1.el8 2.7.0-1.el8 python-oslo-utils-lang 4.10.1-2.el8 4.12.2-1.el8 python3-debtcollector 2.3.0-2.el8 2.5.0-1.el8 python3-docutils 0.14-12.2.el8 0.14-12.module_el8.5.0+761+faacb0fb python3-extras 1.0.0-10.el8 python3-fixtures 3.0.0-27.el8 python3-ipaclient 4.9.8-6.module_el8.6.0+1104+ba556574 4.9.8-2.module_el8.6.0+1054+cdb51b28 python3-ipalib 4.9.8-6.module_el8.6.0+1104+ba556574 4.9.8-2.module_el8.6.0+1054+cdb51b28 python3-libnmstate 1.3.0-0.alpha.20220310.el8 1.2.1-1.el8 python3-os-brick 5.0.1-1.el8 5.2.0-1.el8 python3-os-win 5.5.0-1.el8 5.6.0-1.el8 python3-oslo-concurrency 4.4.1-1.el8 4.5.0-1.el8 python3-oslo-config 8.7.1-1.el8 8.8.0-1.el8 python3-oslo-context 3.3.2-1.el8 4.1.0-1.el8 python3-oslo-log 4.6.0-1.el8 4.7.0-1.el8 python3-oslo-privsep 2.6.2-1.el8 2.7.0-1.el8 python3-oslo-serialization 4.2.0-1.el8 4.3.0-1.el8 python3-oslo-service 2.6.1-1.el8 2.8.0-1.el8 python3-oslo-utils 4.10.1-2.el8 4.12.2-1.el8 python3-rpm 4.14.3-22.el8 4.14.3-23.el8 python3-sanlock 3.8.4-3.el8 3.8.4-1.el8 python3-stevedore 3.4.0-1.el8 3.5.0-1.el8 python3-testtools 2.5.0-2.el8 rpm 4.14.3-22.el8 4.14.3-23.el8 rpm-build-libs 4.14.3-22.el8 4.14.3-23.el8 rpm-libs 4.14.3-22.el8 4.14.3-23.el8 rpm-plugin-selinux 4.14.3-22.el8 4.14.3-23.el8 rsyslog 8.2102.0-8.el8 8.2102.0-7.el8 rsyslog-elasticsearch 8.2102.0-8.el8 8.2102.0-7.el8 rsyslog-mmjsonparse 8.2102.0-8.el8 8.2102.0-7.el8 rsyslog-mmnormalize 8.2102.0-8.el8 8.2102.0-7.el8 rsyslog-openssl 8.2102.0-8.el8 8.2102.0-7.el8 sanlock 3.8.4-3.el8 3.8.4-1.el8 sanlock-lib 3.8.4-3.el8 3.8.4-1.el8 selinux-policy 3.14.3-95.el8 3.14.3-96.el8 selinux-policy-targeted 3.14.3-95.el8 3.14.3-96.el8 tzdata 2022a-1.el8 2022a-2.el8 vdsm 4.50.0.11-1.el8 4.50.0.13-1.el8 vdsm-api 4.50.0.11-1.el8 4.50.0.13-1.el8 vdsm-client 4.50.0.11-1.el8 4.50.0.13-1.el8 vdsm-common 4.50.0.11-1.el8 4.50.0.13-1.el8 vdsm-gluster 4.50.0.11-1.el8 4.50.0.13-1.el8 vdsm-http 4.50.0.11-1.el8 4.50.0.13-1.el8 vdsm-jsonrpc 4.50.0.11-1.el8 4.50.0.13-1.el8 vdsm-network 4.50.0.11-1.el8 4.50.0.13-1.el8 vdsm-python 4.50.0.11-1.el8 4.50.0.13-1.el8 vdsm-yajsonrpc 4.50.0.11-1.el8 4.50.0.13-1.el8 virt-install 3.2.0-4.el8 3.2.0-3.el8 virt-manager-common 3.2.0-4.el8 3.2.0-3.el8 oVirt Appliance has been updated, including: - oVirt 4.5.0 beta: https://www.ovirt.org/release/4.5.0/ - GlusterFS 10.1: https://docs.gluster.org/en/main/release-notes/10.1/ - RDO OpenStack Yoga: https://releases.openstack.org/yoga/index.html - OVS 2.15 - Ansible Core 2.12.3: https://github.com/ansible/ansible/blob/stable-2.12/changelogs/CHANGELOG-... - CentOS Stream 8 latest updates - Full list of changes compared to oVirt Appliance 4.5.0 Beta: 4.5.0_beta2 4.5.0_GA NetworkManager 1.37.3-1.el8 1.39.0-1.el8 NetworkManager-libnm 1.37.3-1.el8 1.39.0-1.el8 NetworkManager-team 1.37.3-1.el8 1.39.0-1.el8 NetworkManager-tui 1.37.3-1.el8 1.39.0-1.el8 bash 4.4.20-3.el8 4.4.20-4.el8 centos-release-advanced-virtualization 1.0-4.el8 centos-release-messaging 1-3.el8 centos-release-openstack-xena 1-1.el8 centos-release-ovirt45 8.6-3.el8s 8.6-4.el8s centos-release-rabbitmq-38 1-3.el8 glibc 2.28-196.el8 2.28-197.el8 glibc-common 2.28-196.el8 2.28-197.el8 glibc-gconv-extra 2.28-196.el8 2.28-197.el8 glibc-langpack-en 2.28-196.el8 2.28-197.el8 libestr 0.1.10-1.el8 0.1.10-3.el8 ovirt-ansible-collection 2.0.2-1.el8 2.0.3-1.el8 ovirt-engine 4.5.0.1-1.el8 4.5.0.4-1.el8 ovirt-engine-backend 4.5.0.1-1.el8 4.5.0.4-1.el8 ovirt-engine-dbscripts 4.5.0.1-1.el8 4.5.0.4-1.el8 ovirt-engine-extension-aaa-misc 1.1.0-1.el8 1.1.1-1.el8 ovirt-engine-keycloak 15.0.2-1.el8 ovirt-engine-keycloak-setup 15.0.2-2.el8 ovirt-engine-restapi 4.5.0.1-1.el8 4.5.0.4-1.el8 ovirt-engine-setup 4.5.0.1-1.el8 4.5.0.4-1.el8 ovirt-engine-setup-base 4.5.0.1-1.el8 4.5.0.4-1.el8 ovirt-engine-setup-plugin-cinderlib 4.5.0.1-1.el8 4.5.0.4-1.el8 ovirt-engine-setup-plugin-imageio 4.5.0.1-1.el8 4.5.0.4-1.el8 ovirt-engine-setup-plugin-ovirt-engine 4.5.0.1-1.el8 4.5.0.4-1.el8 ovirt-engine-setup-plugin-ovirt-engine-common 4.5.0.1-1.el8 4.5.0.4-1.el8 ovirt-engine-setup-plugin-vmconsole-proxy-helper 4.5.0.1-1.el8 4.5.0.4-1.el8 ovirt-engine-setup-plugin-websocket-proxy 4.5.0.1-1.el8 4.5.0.4-1.el8 ovirt-engine-tools 4.5.0.1-1.el8 4.5.0.4-1.el8 ovirt-engine-tools-backup 4.5.0.1-1.el8 4.5.0.4-1.el8 ovirt-engine-vmconsole-proxy-helper 4.5.0.1-1.el8 4.5.0.4-1.el8 ovirt-engine-webadmin-portal 4.5.0.1-1.el8 4.5.0.4-1.el8 ovirt-engine-websocket-proxy 4.5.0.1-1.el8 4.5.0.4-1.el8 ovn-2021 21.06.0-29.el8s 21.12.0-11.el8s ovn-2021-central 21.06.0-29.el8s 21.12.0-11.el8s protobuf 3.11.2-2.el8 3.19.0-2.el8s python-oslo-concurrency-lang 4.4.1-1.el8 4.5.0-1.el8 python-oslo-db-lang 11.0.0-1.el8 11.2.0-1.el8 python-oslo-log-lang 4.6.0-1.el8 4.7.0-1.el8 python-oslo-middleware-lang 4.4.0-1.el8 4.5.1-1.el8 python-oslo-privsep-lang 2.6.2-1.el8 2.7.0-1.el8 python-oslo-utils-lang 4.10.1-2.el8 4.12.2-1.el8 python-oslo-versionedobjects-lang 2.5.0-1.el8 2.6.0-1.el8 python3-automaton 2.4.0-1.el8 2.5.0-1.el8 python3-cinder-common 19.0.0-2.el8 20.0.0-1.el8 python3-debtcollector 2.3.0-2.el8 2.5.0-1.el8 python3-docutils 0.14-12.2.el8 0.14-12.module_el8.5.0+761+faacb0fb python3-extras 1.0.0-10.el8 python3-fixtures 3.0.0-27.el8 python3-os-brick 5.0.1-1.el8 5.2.0-1.el8 python3-os-win 5.5.0-1.el8 5.6.0-1.el8 python3-oslo-concurrency 4.4.1-1.el8 4.5.0-1.el8 python3-oslo-config 8.7.1-1.el8 8.8.0-1.el8 python3-oslo-context 3.3.2-1.el8 4.1.0-1.el8 python3-oslo-db 11.0.0-1.el8 11.2.0-1.el8 python3-oslo-log 4.6.0-1.el8 4.7.0-1.el8 python3-oslo-messaging 12.9.2-1.el8 12.13.0-1.el8 python3-oslo-metrics 0.3.1-1.el8 0.4.0-1.el8 python3-oslo-middleware 4.4.0-1.el8 4.5.1-1.el8 python3-oslo-privsep 2.6.2-1.el8 2.7.0-1.el8 python3-oslo-serialization 4.2.0-1.el8 4.3.0-1.el8 python3-oslo-service 2.6.1-1.el8 2.8.0-1.el8 python3-oslo-utils 4.10.1-2.el8 4.12.2-1.el8 python3-oslo-versionedobjects 2.5.0-1.el8 2.6.0-1.el8 python3-ovirt-engine-lib 4.5.0.1-1.el8 4.5.0.4-1.el8 python3-ovsdbapp 1.12.0-1.el8 1.15.1-1.el8 python3-rpm 4.14.3-22.el8 4.14.3-23.el8 python3-stevedore 3.4.0-1.el8 3.5.0-1.el8 python3-taskflow 4.6.2-1.el8 4.6.4-1.el8 python3-testtools 2.5.0-2.el8 python3-tooz 2.9.0-1.el8 2.10.1-1.el8 python38-docutils 0.14-12.2.el8 0.14-12.4.el8 rpm 4.14.3-22.el8 4.14.3-23.el8 rpm-build 4.14.3-22.el8 4.14.3-23.el8 rpm-build-libs 4.14.3-22.el8 4.14.3-23.el8 rpm-libs 4.14.3-22.el8 4.14.3-23.el8 rpm-plugin-fapolicyd 4.14.3-22.el8 4.14.3-23.el8 rpm-plugin-selinux 4.14.3-22.el8 4.14.3-23.el8 selinux-policy 3.14.3-95.el8 3.14.3-96.el8 selinux-policy-targeted 3.14.3-95.el8 3.14.3-96.el8 tzdata 2022a-1.el8 2022a-2.el8 tzdata-java 2022a-1.el8 2022a-2.el8 usbguard 1.0.0-9.el8 1.0.0-10.el8 usbguard-selinux 1.0.0-9.el8 1.0.0-10.el8 See the release notes for installation instructions and a list of new features and bugs fixed. Additional resources: - Read more about the oVirt 4.5.0 release highlights: https://www.ovirt.org/release/4.5.0/ - Get more oVirt project updates on Twitter: https://twitter.com/ovirt - Check out the latest project news on the oVirt blog: https://blogs.ovirt.org/ -- Sandro Bonazzola MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV Red Hat EMEA <https://www.redhat.com/> sbonazzo(a)redhat.com <https://www.redhat.com/> *Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours.*