Back to home

4.7.0

Xen Project 4.7 and 4.6.3 Release
06/23/2016

I’m pleased to announce the release of Xen Project Hypervisor 4.7 and Xen Project Hypervisor 4.6.3. Xen Project Hypervisor 4.7 This new release focuses on improving code quality, security hardening, security features, live migration support, usability improvements and support for new hardware features — this

Mirage OS v2.0: The new features
07/22/2014

The first release of Mirage OS back in December 2013 introduced the prototype of the unikernel concept, which realised the promise of a safe, flexible mechanism to build highly optimized software stacks purpose-built for deployment in the public cloud (see the overview of Mirage OS for some background). Since then,

The Docker exploit and the security of containers
06/23/2014

We normally only cover news and information directly related to Xen in this channel, but we thought it might be useful to briefly expand our scope a bit to mention the recent discussion about the Docker security exploit. What’s the news? Well to begin with, a few weeks ago

Security disclosure process discussion update
12/17/2012

After concluding our poll about changes to the security discussion, we determined that “Pre-disclosure to software vendors and a wide set of users” was probably the best fit for the community. A set of concrete changes to the policy have now been discussed on xen-devel (here and here), and we

Xen.org Security Policy Update: Get Involved
06/28/2012

Xen.org recently released a number of (related) security updates, XSA-7 through to -9. This was done by the Xen.org Security Team who are charged with following the Xen.org Security Problem Response Process. As part of the process of releasing XSA-7..9 several short-comings (a few of which

Security vulnerabilities - the coordinated disclosure sausage mill
06/19/2012

Laws, like sausages, cease to inspire respect in proportion as we know how they are made. – John Godfrey Saxe, 1869. Most open source projects, Xen.org included, do what is called “coordinated disclosure” of security problems. The idea is that we keep security bugs secret until people have had a

2 New Articles on Xen and Virtualization
04/24/2009

Virtualization interview with Simon Crosby – http://virtualization.ulitzer.com/node/554197?page=0,0 Virtualization security discussion – http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1354642,00.html#

Xen security research results presented
08/14/2008

Joana Rutkowska and her team presented very interesting insights on Xen security, as well as attacks against it, at this years Black Hat conference in Las Vegas. In a trilogy of talks(“Xen 0wning trilogy”), they gave information about “Subverting the Xen Hypervisor”, “Detecting and preventing the Xen hypervisor subversions”

New Security Email for Xen.org
05/05/2008

A new email has been established for anyone finding a security issue with any Xen build. Please send a detailed email of the problem to security@xen.org. This email distribution reaches a wide group of Xen community members who can immediately address the problem.