Posts for: #2023

XCP-ng December 2023 Security Update Now Available

#2023  #news  #release  #security  #update  #virtual-machines  #virtualization  #vm  #xcp  #xcp-ng  #xen  #xen-server  XCP-ng December 2023 Security Update Now Available

XCP-ng, the popular virtualization platform, has released its latest security update for the month of December. The update is specifically for the 8.2 LTS release, which is currently the only supported version of XCP-ng.

The update includes fixes for vulnerabilities in Xen and linux-firmware in the controller domain. These vulnerabilities have been addressed to ensure the security of the virtual machines running on the platform.

One of the fixed vulnerabilities, labeled XSA-445, addresses a mismatch in IOMMU quarantine page table levels on x86 AMD systems. This vulnerability could potentially allow a device in quarantine mode to access leaked data from previously quarantined pages. Although this feature is not enabled by default in XCP-ng, it can still be enabled at Xen boot time.

The second fixed vulnerability, XSA-446, deals with memory content inference in PV guests. XCP-ng strongly advises against using PV guests and recommends switching to HVM for better security. If you are still using PV guests, it is highly recommended to consider making the switch.

In addition to the security updates, XCP-ng has also released non-security updates to pave the way for upcoming refreshed installation ISOs. These updates include improvements to the linux-firmware, gpumon, tzdata, and vendor-drivers components.

The linux-firmware update includes an update to the AMD microcode, specifically for the family 19h (Zen 3, Zen3+). This update helps mitigate hardware vulnerabilities and bugs. However, it is important to note that updating the hardware’s firmware remains the preferred method for updating microcode, and any newer microcode found in the firmware will take precedence over the microcode provided in XCP-ng.

Other changes include a small change to suppress unnecessary logging in gpumon, updated timezones with the latest CentOS 7 update of the tzdata package, and the integration of new drivers into XCP-ng in preparation for the upcoming refreshed installation ISOs. These new drivers include the igc module for Intel device drivers for I225/I226, the r8125 module for Realtek r8125 device drivers, and the mpi3mr module for Broadcom mpi3mr RAID device drivers.

Overall, the December 2023 security update for XCP-ng brings important security fixes and improvements to the virtualization platform, ensuring the safety and performance of virtual machines. Users are encouraged to update their systems to benefit from these enhancements and to maintain a secure environment for their workloads.

AdGuard Home v0.108.0-b.51 Released, Addressing Go Security Vulnerabilities

#2023  #ad-blocker  #adblocker  #adguard  #adguard-home  #dns  #dns-server  #news  #release  #self-hosted  AdGuard Home v0.108.0-b.51 Released, Addressing Go Security Vulnerabilities

AdGuard Home, the popular ad-blocker, has released its latest version, v0.108.0-b.51. This update brings several improvements and fixes compared to the previous beta, v0.108.0-b.50.

In terms of security, the Go version has been updated to address potential vulnerabilities. This update specifically prevents the exploitation of the CVE-2023-39326, CVE-2023-45283, and CVE-2023-45285 Go vulnerabilities. These vulnerabilities have been fixed in Go 1.20.12, ensuring a more secure experience for users.

One notable addition in this release is the ability to set a client’s custom DNS cache. This feature, requested by users, allows for more personalized DNS caching, enhancing the overall performance and customization options of AdGuard Home.

Furthermore, this update also addresses a memory leak issue when using parallel queries. The fix for this problem, identified as issue #6438, ensures better memory management and stability.

For a complete list of changes and updates in AdGuard Home v0.108.0-b.51, please refer to the CHANGELOG.md file.

Caddy v2.7.6: The Latest Version of the Web Server is Now Available

#2023  #caddy  #devops  #http  #https  #lets-encrypt  #news  #release  #web  #web-server  #zerossl  Caddy v2.7.6: The Latest Version of the Web Server is Now Available

The latest version of the web server Caddy, version v2.7.6, has just been released. This update brings several fixes and enhancements, thanks to the contributions of various contributors. While most of the changes are small, there are a few notable ones worth mentioning.

One significant improvement is the official extensibility of the templates middleware. This experimental feature allows modules to add custom functions and actions for templates to execute, providing more flexibility for developers.

Another important enhancement is the synchronized TLS storage cleaning across the cluster, which is now remembered across restarts. This improvement is particularly beneficial for expensive storage backends, as it significantly reduces costs.

In addition, placeholders are now evaluated in the configuration for certificate loaders, enabling more dynamic and flexible configurations.

The release also includes numerous bug fixes, addressing various issues reported by users and improving the overall stability and reliability of the web server.

To view the complete list of changes and contributions, you can refer to the changelog on the official Caddy GitHub repository.

K3s Unveils New Version: v1.28.4+k3s1

#2023  #devops  #k3s  #k8s  #kubernetes  #news  #rancher  #release  #suse 

K3s, a lightweight and highly available Kubernetes distribution, has released version v1.28.4+k3s1. This certified Kubernetes distribution is specifically designed for production workloads in resource-constrained and unattended environments, such as remote locations or IoT appliances. The new release updates Kubernetes to v1.28.4 and includes several fixes for various issues.

Some of the changes and improvements in this release include:

  • Update channels latest to v1.27.7+k3s2
  • Add etcd status condition for easy monitoring of etcd status from each node
  • Automatic discovery of WebAssembly runtimes
  • Improved dualStack log
  • Optimized Dockerfile for simplified installation and runtime
  • Addition of timezone info in the Docker image, enabling the use of spec.timeZone in CronJobs
  • Bumped kine to v0.11.0, resolving issues with postgres and NATS, improving watch channel performance, and enhancing compatibility
  • QoS-class resource configuration for containerd
  • Addition of agent flag disable-apiserver-lb to disable load balance proxy
  • Various bug fixes and improvements

For a full list of changes, please refer to the Kubernetes release notes.

The embedded component versions in this release are as follows:

  • Kubernetes v1.28.4
  • Kine v0.11.0
  • SQLite 3.42.0
  • Etcd v3.5.9-k3s1
  • Containerd v1.7.7-k3s1
  • Runc v1.1.8
  • Flannel v0.22.2
  • Metrics-server v0.6.3
  • Traefik v2.10.5
  • CoreDNS v1.10.1
  • Helm-controller v0.15.4
  • Local-path-provisioner v0.0.24

For more information and resources on K3s, you can visit the official documentation, join the Slack channel, or contribute to the project on GitHub.

README Highlight Issue #49, 2023: Joplin

#2023  #joplin  #news  #readme  #readme-highlight  #weekly 

In this week’s issue of README Highlight (#49, 2023), we are taking a look at the following project: Joplin.

Joplin is a free, open source note-taking and to-do application that can handle a large number of notes organized into notebooks. It allows users to search, copy, tag, and modify notes either from the application itself or from their own text editor. The notes are stored in Markdown format.

One of the key features of Joplin is its ability to import notes from Evernote, including the formatted content, resources, and metadata. It also supports importing plain Markdown files.

Joplin follows an “offline first” approach, meaning that all your data is stored on your device, ensuring accessibility even without an internet connection. The application provides secure synchronization using end-to-end encryption with various cloud services such as Nextcloud, Dropbox, OneDrive, and Joplin Cloud.

The app offers full-text search functionality across all platforms, making it easy to find the information you need. It also supports customization through plugins and themes, allowing users to tailor the application to their preferences.

Joplin is available for Windows, Linux, macOS, Android, and iOS. In addition, it offers a Web Clipper for saving web pages and screenshots from browsers, which is available for Firefox and Chrome.

For more information about Joplin, you can refer to the full Joplin documentation.

Donations to Joplin support the development of the project, covering expenses such as digital certificates, app store fees, and hosting. To support the development of Joplin, you can visit the donation page.

The Joplin community is active and offers various platforms for discussion and support, including a support forum, Twitter, Mastodon, Patreon, Discord, LinkedIn, and a Lemmy community.

If you’re interested in contributing to the development of Joplin, you can refer to the guide.

Alpine Linux 3.19.0: The Latest Release

#2023  #alpine  #alpine-linux  #linux  #linux-distribution  #news  #release 

Alpine Linux has officially released version 3.19.0, marking the introduction of the v3.19 stable series. This release encompasses various updates and improvements across the system.

Core Component Upgrades

  • Linux Kernel (6.6): The update includes a transition to Linux kernel version 6.6, focusing on stability and compatibility enhancements.

  • Compiler (GCC 13.2): Alpine Linux now incorporates GCC version 13.2, providing developers with the latest compiler features and optimizations for software development.

  • Scripting Language (Perl 5.38): The release adopts Perl version 5.38, introducing bug fixes and improvements for users working with the scripting language.

Virtualization and Database Updates

  • Xen Hypervisor (4.18): Alpine Linux 3.19.0 brings an upgrade to Xen version 4.18, incorporating security, performance, and architectural enhancements.

  • PostgreSQL (16): The PostgreSQL database is updated to version 16, offering users the latest features and improvements in the open-source relational database system.

  • Node.js (LTS 20.10): The LTS version of Node.js is now at 20.10, providing a stable platform for server-side JavaScript applications.

  • Ceph Storage (18.2): Alpine Linux includes Ceph version 18.2, enhancing distributed storage capabilities.

Notable Changes and Upgrade Notes

  • Raspberry Pi 5 Support: Alpine Linux 3.19.0 introduces support for Raspberry Pi 5.

  • Kernel Consolidation: The linux-rpi4 and linux-rpi2 kernels have been replaced by a unified linux-rpi.

  • Routing Scheme Update (Yggdrasil): Yggdrasil, the networking software, has been upgraded to version 0.5, featuring a new routing scheme that may require adjustments for compatibility.

  • Package Management (Python): Python’s package directory is now marked as externally managed, impacting pip installations to system directories managed by apk. Users are advised to consider alternatives such as pipx.

For a comprehensive list of changes, users can refer to the release notes, git log, and bug tracker.

As always, users are recommended to use apk upgrade --available when transitioning between major versions.