The oVirt project is excited to announce the general availability of oVirt 4.4.8 , as of August 19th, 2021.

This release unleashes an altogether more powerful and flexible open source virtualization solution that encompasses hundreds of individual changes and a wide range of enhancements across the engine, storage, network, user interface, and analytics, as compared to oVirt 4.3.

Important notes before you install / upgrade

Please note that oVirt 4.4 only supports clusters and data centers with compatibility version 4.2 and above. If clusters or data centers are running with an older compatibility version, you need to upgrade them to at least 4.2 (4.3 is recommended).

Please note that in RHEL 8 / CentOS 8 several devices that worked on EL7 are no longer supported.

For example, the megaraid_sas driver is removed. If you use Enterprise Linux 8 hosts you can try to provide the necessary drivers for the deprecated hardware using the DUD method (See the users’ mailing list thread on this at https://lists.ovirt.org/archives/list/users@ovirt.org/thread/NDSVUZSESOXEFJNPHOXUH4HOOWRIRSB4/ )

Documentation

  • If you want to try oVirt as quickly as possible, follow the instructions on the Download page.
  • For complete installation, administration, and usage instructions, see the oVirt Documentation.
  • For upgrading from a previous version, see the oVirt Upgrade Guide.
  • For a general overview of oVirt, see About oVirt.

What’s new in oVirt 4.4.8 Release?

This update is the eighth in a series of stabilization updates to the 4.4 series.

This release is available now on x86_64 architecture for:

  • Red Hat Enterprise Linux 8.4
  • CentOS Linux (or similar) 8.4
  • CentOS Stream 8

This release supports Hypervisor Hosts on x86_64 and ppc64le architectures for:

  • Red Hat Enterprise Linux 8.4
  • CentOS Linux (or similar) 8.4
  • oVirt Node NG (based on CentOS Stream 8)
  • CentOS Stream 8

Some of the RFEs with high user impact are listed below:

  • Bug 1691696 – [RFE] multipath events notifications
  • Bug 1939286 – [RFE] Expose broken Affinity Groups via API too
  • Bug 1963083 – [RFE] Support storing user data in VM checkpoint entity
  • Bug 1971185 – [RFE] Report zero status in dirty extents response
  • Bug 1981297 – [RFE] Add new backup phases and disable backup/image transfers DB instant cleanup
  • Bug 1971317 – [RFE][API] Import OVA template as a clone
  • Bug 1941507 – [RFE] Implement rotation mechanism for /var/log/ovirt-engine/host-deploy
  • Bug 1962563 – [RFE] Use nmstate for source routing

Some of the Bugs with high user impact are listed below:

  • Bug 1770027 – Live Merge completed on the host, but not on the engine, which just waited for it to complete until the operation was terminated.
  • Bug 1977689 – Download backup disk command failes in sdk/examples/backup_vm.py
  • Bug 1987295 – Setting host to ‘maintenance’ will be blocked when there are image transfers with status different then ‘paused’
  • Bug 1983414 – Disks are locked forever when copying VMs’ disks after snapshot
  • Bug 1982065 – Invalid amount of memory is allowed to be hot plugged
  • Bug 1966535 – NullPointerException when trying to delete uploaded disks with using transfer_url
  • Bug 1985876 – Cannot set 0.0.0.0 as gateway
  • Bug 1932392 – engine-setup fails after ‘engine-backup –mode=restore’ if the backup was taken on a newer version
  • Bug 1989794 – engine still generates duplicate address for hotplug disk

oVirt Node and Appliance have been updated, including:

We also included updates for the following CVEs: 

cockpit-ovirt:

  • CVE-2020-28500 – Moderate – nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions
  • CVE-2021-23337 – Moderate – nodejs-lodash: command injection via template

oVirt Node consumed fixes for:

  • CVE-2021-3621   – Important – sssd: shell command injection in sssctl 
  • CVE-2021-33034 – Important – kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
  • CVE-2021-3501   – Important – kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run
  • CVE-2021-3609  – Important – kernel: race condition in net/can/bcm.c leads to local privilege escalation
  • CVE-2021-25217 – Important –  dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient
  • CVE-2021-3623 – Moderate – libtpms: out-of-bounds access when trying to resume the state of the vTPM
  • CVE-2021-3565 – Moderate tpm2-tools: fixed AES wrapping key in tpm2_import
  • CVE-2021-3580 – Moderate nettle: Remote crash in RSA decryption via manipulated ciphertext
  • CVE-2021-36222 – Moderate krb5: sending a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in null dereference in the KDC which leads to DoS
  • CVE-2020-24504 – Moderate –  kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers
  • CVE-2020-24503 – Moderate – kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers
  • CVE-2020-24502 – Moderate – kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers
  • CVE-2021-35942 – Moderate – glibc: Arbitrary read in wordexp()
  • CVE-2021-3448 – Moderate – dnsmasq: fixed outgoing port used when –server is used with an interface name
  • CVE-2021-20266 – Low – rpm: missing length checks in hdrblobInit()
  • CVE-2020-29368 – Low – kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check

See the release notes for installation instructions and a list of new features and bugs fixed.

Notes:

  • oVirt Appliance is already available for CentOS Stream 8
  • oVirt Node NG is already available for CentOS Stream 8

 

Additional resources: