As planned the release is out, it is tagged in git and I have pushed the signed tarball and rpms to the usual place: ftp://libvirt.org/libvirt/ I also made a release of the python bindings 4.5.0 also tagged in git with signed tarball and rpms at: ftp://libvirt.org/libvirt/python This release has a distinct flavour around security, with one added feature and improvement in that direction but also removal of some features which might prove insecure. Beside that a potential crasher was fixed so user are invited to update to this new version: New features: - qemu: Provide TPM emulator support Support QEMU's TPM emulator based on swtpm. Each QEMU guest gets its own virtual TPM. - bhyve: Support specifying guest CPU topology Bhyve's guest CPU topology could be specified using the <cpu><topology ../></cpu> element. - qemu: Add support for extended TSEG size Support specifying extended TSEG size for SMM in QEMU. - qemu: Add support for SEV guests SEV (Secure Encrypted Virtualization) is a feature available on AMD CPUs that encrypts the guest memory and makes it inaccessible even to the host OS. Removed features: - Remove support for qcow/default encrypted volumes Disallow using a qcow encrypted volume for the guest and disallow creation of the qcow or default encrypted volume from the storage driver. Support for qcow encrypted volumes has been phasing out since QEMU 2.3 and by QEMU 2.9 creation of a qcow encrypted volume via qemu-img required usage of secret objects, but that support was never added to libvirt. - Make GnuTLS mandatory Building without GnuTLS is no longer possible. - qemu: Remove allow_disk_format_probing configuration option The option represented a security risk when used with malicious disk images, so users were recommended against enabling it; with this release, it's been removed altogether. Improvements: - capabilities: Provide info about host IOMMU support Capabilities XML now provide information about host IOMMU support. - virsh: Add --all to domblkinfo command Alter the domblkinfo command to add the option --all in order to display the size details of each domain block device from one command in a output table. - qemu: Allow concurrent access to monitor and guest agent Historically libvirt prevented concurrent accesses to the qemu monitor and the guest agent. Therefore two independent calls (one querying the monitor and the other querying guest agent) would serialize which hurts performance. The code was reworked to allow two independent calls run at the same time. - qemu: Allow configuring the page size for HPT pSeries guests For HPT pSeries guests, the size of the host pages used to back guest memory and the usable guest page sizes are connected; the new setting can be used to request that a certain page size is available in the guest. - Add support to use an raw input volume for encryption It is now possible to provide a raw input volume as input for to generate a luks encrypted volume via either virsh vol-create-from or virStorageVolCreateXMLFrom. - qemu: Add support for vsock hot (un)plug and cold (un)plug - qemu: Add support for NBD over TLS NBD volumes can now be accessed securely. - qemu: Implement FD passing for Unix sockets Instead of having QEMU open the socket and then connecting to it, which is inherently racy, starting with QEMU 2.12 we can open the socket ourselves and pass it to QEMU, avoiding race conditions. - virsh: Introduce --nowait option for domstat command When this option is specified, virsh will try to fetch the guest stats but abort instead of stalling if they can't be retrieved right away. Bug fixes: - qemu: Fix a potential libvirtd crash on VM reconnect Initialization of the driver worker pool needs to come before libvirtd trying to reconnect to all machines, since one of the QEMU processes migh have already emitted events which need to be handled prior to us getting to the worker pool initialization. - qemu: Fix domain resume after failed migration Recent versions of QEMU activate block devices before the guest CPU has been started, which makes it impossible to roll back a failed migration. Use the late-block-activate migration capability if supported to avoid the issue. - vmx: Permit guests to have an odd number of vCPUs An odd number of vCPUs greater than 1 was forbidden in the past, but current versions of ESXi have lifted that restriction. Thanks everybody for your contributions to this release, be it with code, ideas, bug reports, patch reviews, documentation, etc... Enjoy the release ! Daniel -- Daniel Veillard | Red Hat Developers Tools http://developer.redhat.com/ veillard@xxxxxxxxxx | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list