The Gandi Community

Mitigation of Xen vulnerabilities without customer intervention

A few months ago we announced our plan to upgrade to a more recent version of Xen, a virtualization software used on our hosting platform, in order to be able to better mitigate security vulnerabilities without customer intervention.

In the meantime, we’ve been able to take advantage of recent stop/starts of servers to upgrade most of our platform to Xen 4.8. Thanks to the new features available in this version, the majority of you will not be impacted by a new security vulnerability found in Xen, to be announced in the coming days, which we are able to address by live-patching or -migrating servers without impact to our customers.

In the next few days, only a small number of our customers whose servers aren’t yet running on upgraded nodes will need to stop and start their servers (restarting alone will not be enough) to deal with the new security vulnerability. We have emailed impacted customers directly to ask them to perform this operation themselves at their convenience, to avoid downtime, before the announcement of the vulnerability. We will stop and start any affected servers that have not yet been stopped and started ourselves between 9:00 AM and 02:00 PM CEST (12:00 AM and 3:00 AM PDT) that day.

Otherwise, we have been pleased to see the initial results of our recent efforts to upgrade our platform have been positive. This should hopefully be the last time we need to ask our customers to perform such tasks and we intend to continue working towards improving the customer experience on our hosting platform and we would encourage you to check out our plans for 2017.

Please feel free to contact our Customer Care team if you have any questions or to send us your feedback by emailing feedback@gandi.net.