It's out ! I tagged it on git and pushed signed tarball and rpms to the usual place: ftp://libvirt.org/libvirt/ I also made a 3.9.0 release of libvirt-python but it's virtually equivalent to 3.8.0 as no commit were made last month in that module. People are strongly encouraged to upgrade, as 3.9.0 includes a security fix, there is also a reasonable amount of user visible new features, improvement and bug fixes as usual: Security: - qemu: Ensure TLS clients always verify the server certificate While it's reasonable to turn off client certificate validation, as setting it up can be non-trivial, clients should always verify the server certificate to avoid MITM attacks. However, libvirt was using the same knob to control both checks, leading to CVE-2017-1000256 / LSN-2017-0002. New features: - Add capability to allow hot (un)plug of a domain watchdog device - Allow users to set device aliases Users can set aliases to domain devices and thus identify them easily. - qemu: Support multiqueue for virtio-blk Multiqueue support for virtio-blk has been available in QEMU ever since 2.7.0, and now libvirt guests can enable it. - Add virDomainSetLifecycleAction API Provided a new API to allow dynamic guest lifecycle control for guest reactions to poweroff, restart, or crash type events related to the domain XML on_poweroff, on_reboot, and on_crash elements. The virsh set-lifecycle-action command was created to control the actions. - qemu: Allow cold(un)plugging and hot(un)plugging input devices - net: Implement QoS for vhostuser Improvements: - Allow a logical volume to be create using LUKS A logical volume may be created using an encryption element using "luks" format. This does require a previously created secret to store the passphrase used to encrypt the volume Adding the volume to a domain can then either provide the secret or allow the consumer in the guest to provide the passphrase in order to decrypt the volume. - net: Ignore auto-generated MAC address when detaching an interface If the MAC address has not been specified by the user, libvirt will try and fill in the gaps by generating one; however, for some error paths that led to some confusing error messages, so when an auto-generated MAC address is specified the error message will not include the auto-generated MAC. - net: Enable MAC address lookup for virDomainInterfaceStats - apparmor: Several improvements Changes include permitting access to data about USB devices and dnsmasq instances, allowing spaces in guest names and many more. - cpu: Use CPU information obtained from QEMU when possible Recent QEMU versions can expose information about which CPU models are available and usable on the host; libvirt will now make use of such information whenever possible. - hyperv: Various improvements The error reported when clients can't connect to Hyper-V has been made more descriptive, and memory limits for guests are now mapped to more appropriate libvirt equivalents. - qemu: Report QEMU error on failed migration Instead of reporting a generic error, ask QEMU for a more detailed and thus hopefully more helpful one. - vbox: Implement autoport for RDP libvirt will now obtain the (dynamically allocated) RDP port number from VirtualBox itself, avoiding conflicts between multiple guests wanting to use RDP at the same time. - qemu: Allow rotation of small logs On a host where numerous unique instances are executed per day, it's quite possible that, even though each of the single log files are fairly small, collectively the quantity and volume may add tens of thousands of log files to the /var/log/libvirt/qemu/ directory. Removing the constraints that log have to be bigger than 100 KiB before they can be rotated solves the issue. Bug fixes: - Fix swapped interface statistics and QoS Due to internal implementation, reported statistics for some types of interfaces were swapped (RX appeared in TX and vice versa). Similarly, QoS was set in reversed way. - Properly resize local LUKS encrypted volume Resizing of a local LUKS encrypted volume will now use qemu-img to resize the volume. This will require configuring a secret for the LUKS encrypted volume. - qemu: Reserve PCI addresses for implicit i440fx devices Failing to do so causes the addresses to be considered usable by libvirt, which means they could be assigned to more than one device resulting in the guest failing to start. - spec: Restart libvirtd only at the end of the upgrade process Use %posttrans to make sure libvirtd is not restarted before all other components, such as the library itself and storage / hypervisor drivers, have already been upgraded. Thanks everybody for your help with this release, be it with patches, bug reports, ideas, reviews, docs, etc... Enjoy ! Daniel -- Daniel Veillard | Red Hat Developers Tools http://developer.redhat.com/ veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/