flexVDI Blog

follow us on

Released flexVDI Manager 3.1.13

Another security release.

  • Includes logback 1.2.9 that fixes the low severity vulnerability CVE-2021-42550. Exploiting this vulnerability requires the attacker being able to write to the logging.xml config file of the flexVDI Manager appliance.
  • We have removed the write permission of logging.xml file even for the file owner, in flexvdi Manager appliances being updated. In 3.1.12 the permission change affected only new installations.

flexVDI Manager is available for update running flexvdi-config command on the host where the current manager is running. Instructions are available here. Also it can be manually downloaded from portal.flexvdi.com, for servers not connected to the internet.

Released flexVDI Manager 3.1.12

This is mainly an security hardening release. The latest release of the flexVDI Manager appliance includes many updated components, including:

  • All available software packages of its base distro, including Linux kernel, openssl, java, and more.
  • Many updated java libraries. Specifically it includes logback 1.2.8, released yesterday. It removes all JDBC code and disables all JNDI code from the base logging framework, before any important vulnerability is found in it.
  • We have set java logging configuration read-only even for the file owner as recommended by security experts.

flexVDI does not use log4j2 logging library but logback, so it is NOT vulnerable to CVE-2021-44228 (aka log4shell). But a new attack family has been discovered, so logback has been hardened removing the functionality that may be vulnerable before some critical vulnerability is found, and we have included this hardened library release. This makes very unlikely that the latest logback and flexVDI are ever affected by something like log4shell.

Also this release fixes a bug: some stopped volatile guests generated by a desktop policy where not being automatically deleted, even with a “stop & delete” action in place. This happened when the guest was already stopped when the “stop” action was requested, so flexVDI Manager decided that the action had failed, and retried forever before deleting it.

flexVDI Manager is available for update running flexvdi-config command on the host where the current manager is running. Instructions are available here. Also it can be manually downloaded from portal.flexvdi.com, for servers not connected to the internet.

flexVDI is not affected by log4shell vulnerability (CVE-2021-44228)

We have been contacted by users worried about the possible impact of the critical CVE-2021-44228 vulnerability in the ubiquitous log4j logging framework.

flexVDI has never used or included Log4j2 in any of its components, so there is no need to update any software distributed by us because of the said vulnerability.

Stay safe.

Released flexVDI Manager 3.1.11

Bug fix release:

99% but not 100% of resources of each host in each pool could be used. Some guests could not be started with a “not enough resources” message, even if there where just enough resources available.

flexVDI manager is available for update running flexvdi-config command on the host where the current manager is running. Instructions are available here. Also it can be manually downloaded from portal.flexvdi.com, for servers not connected to the internet.

Released flexVDI Manager 3.1.10

New resource allocation algorithm, adapted for homogeneous and also heterogeneous host sets.

The new flexVDI Manager distributes load to the physical hosts proportionally to the amount of computing reources (vCPU and vRAM) that they have available. Previous releases gave load to the host with most free available resources, which resulted in the “bigger” machines in a cluster being more loaded than “small” ones.

flexVDI installations where all the hosts have the same amount of RAM and CPUs, will not be affected by this update. flexVDI Manager will behave like always for them.

Notice:
Most flexVDI Manager updates can be performed when users are connected to the platform without being noticed.

If you have flexVDI installed on hosts with the same amounts of vRAM and vCPUS, this update is also completely safe for you. Otherwise, it is recommended that you stop most (>50%) of the guests in every flexVDI pool in your system before updating your flexVDI Manager. Resource allocation will be different with the new flexVDI Manager, which will cause automatic guest migrations, which will temporarily freeze those guests, and can cause some guests to be stopped.

flexVDI manager is available for update running flexvdi-config command on the host where the current manager is running. Instructions are available here. Also it can be manually downloaded from portal.flexvdi.com, for servers not connected to the internet.

Released flexVDI Manager 3.1.9

  • Bug fixed: Due to a race condition, in rare occasions a volatile desktop could be deleted without a good reason, leaving a log line like:
xxxxxxx [WARN ] [/user/DesktopReaper] 1103||An orphaned Desktop was found. Killing it||Orphaned desktop is DESKTOP_NAME-volatile-yyyyyyyy
  • Desktop deletion by “inactivity actions” is faster now: The “stop & delete” action of volatile desktops caused by “inactivity actions”, now tries to be performed in one time, instead of stopping the desktop, then deleting the session 30 seconds later.
  • Improved logging: problems when executing “inactivity actions” are logged with more detail now.

flexVDI manager is available for update running flexvdi-config command on the host where the current manager is running. Instructions are available here. Also it can be manually downloaded from portal.flexvdi.com, for servers not connected to the internet.

Released flexVDI Manager 3.1.8

  • Added more variety of emulated guest CPUs, supporting some new instruction sets to improve performance of software compiled to make use of it.
  • Updated kernel and 30 more packages of the flexVDI Manager appliance.

flexVDI manager is available for update running flexvdi-config command on the host where the current manager is running. Instructions are available here. Also it can be manually downloaded from portal.flexvdi.com, for servers not connected to the internet.

Released flexVDI Manager 3.1.7

Changes since 3.1.6

  • Fixed bug: under some circunstances, rebalancing resources, failed to re-reserve resources that in fact where available, due to a race condition. This could cause flexVDI Manager to abruptly stop guests without need.
  • Fixed bug: when a volume is not accessible by all the hosts that should have access (due to hardware problems or manteinance), make requests only to the hosts that con access the volume.
  • Give a proper error message when ldap server is down when authenticating a user.
  • Improve some log messages.

flexVDI manager is available for update running flexvdi-config command on the host where the current manager is running. Instructions are available here. Also it can be manually downloaded from portal.flexvdi.com, for servers not connected to the internet.

Released flexVDI config 3.1.5

flexvdi-config now starts chronyd as the NTP daemon, instead of ntpd in systems that have none of them enabled.

Until now flexvdi-config enabled ntpd if it was not enabled in the flexVDI Host, as part of the setup. Since 3.1.5, it enables chronyd instead, but only if neither chronyd nor ntpd are enabled and running in the system.

flexVDI Hosts that are currently running ntpd, will not be modified by flexvdi-config.

 

The new release can be updated executing in the flexVDI hosts:

# yum -y update flexvdi-config

Released flexVDI config 3.1.4

  • flexVDI Manager hardware clock and timezone will be the same used by the host. This release copies the timezone used by the flexVDI Host to the flexVDI Manager when installing or updating it. Needs flexVDI-agent >= 3.1.7 to keep the clock right after restarting flexVDI manager.
  • Show more details when flexvdi portal can’t be reached
  • Fix message to user about how to unregister a Host when reinstalling flexVDI Manager

The timezone in flexVDI Manager will be set with the right value the next time flexVDI manager is updated using flexvdi-config >= 3.1.4.

The new release can be updated executing in the flexVDI hosts:

# yum -y update flexvdi-config