Virtualizor 2.7.3 Launched


The Virtualizor Team has released Virtualizor 2.7.3
This version has some cool new features and some bug fixes.
The following is a list of changes in this version:

1) [Feature] With this version we would like to announce a new Enduser theme ! It will be in beta for some time and the old theme will be supported for another 6 months from this release.
Our new enduser theme is based on the Single Page Interface concept and uses JSON API calls in Virtualizor to perform actions. For hosting companies this means they need to edit only one HTML file to fully customize the look and feel of this theme into something of their own.

Detailed docs on how to make the new theme will soon be available. We plan to make this new theme stable within a month from now. The new theme is also Mobile Friendly (it uses bootstrap). We will also be porting this to the billing software modules we maintain.

To use the new theme, login to an enduser account and use the following URL to access the new theme :

Here are some screenshots of the new theme :

Image :

Image :

user setting

change password




status log

control panel


2) [Feature] In the Admin Panel, the pagination tool has been improved to set the number of results per page.

3) [Feature] For the enduser panel, we have combined the language files into one single language file. Existing languages have also been updated with the single language file structure. Old language files will be deleted when the old enduser theme is disabled in Virtualizor.

4) [Task] Now virtio can be enabled while editing the VPS. (Note : It cannot be disabled once enabled)

5) [Task] In the Admin Panel, we have added pagination wherever possible.

6) [Task] The Enduser API has been improved and will soon have a detailed documentation done.

7) [Task] The Admin API has also been improved.

8) [Task] Improved the UI of various Logs in the Admin Panel.

9) [Task] There were many functions which were not defined in the SDK. This has been improved.

10) [Task] Added multiple action tool on in the Media Group and DNS wizards.

11) [Task] In the Add and Edit VPS wizard, we have changed the text of kb -> KB for Network Speed and Upload speed. This is to avoid confusion as some users assumed it was kilo bits/second. The unit was and is kilo bytes/second.

12) [Task] The ISO download wizard now supports FTP protocol as well i.e. public FTP mirrors can be used for download of an ISO.

13) [BugFix] For XEN HVM VMs with TAP devices, the default bridge was taken as the xenbr0 which resulted in bandwidth miscalculation. This has been fixed to use the bridge name as per the saved configuration.

14) [BugFix] On XenServer the network speed was written wrong in configuration for upload limit. This is fixed now.

15) [BugFix] In the Rebuild VPS wizard when multi virtualization is enabled on the Node, the OS list was showing OS templates of both virtualization software. This is fixed now.

16) [BugFix] Cloud user was not able to create the VPS if multi virtualization was turned on. This is fixed now.

17) [BugFix] Resizing the file system for QCOW2 was failing on some VPS which had been powered off and the filesystem was not clean. This is fixed now.

18) [BugFix] When multi-virtualization was enabled and if the primary storage was OpenVZ, Virtualizor was not able to create the VPS for KVM. This is fixed now.

19) [BugFix] In the Add and Edit VPS wizard, there was a Javascript bug due to which Network Speed and Upload speed was not set correctly if the drop down was used. This is fixed now.

20) [BugFix] If admin had disabled the API credential for endusers, a user would still able to access the API credential wizard with the direct URL. This is fixed now.

21) [BugFix] In the Admin Panel Backup wizard, the logs were not getting cleared if admin clicked on Clear logs. This is fixed now.

22) [BugFix] If multi virtualization is enabled and the Node was booted into a wrong kernel, the warning for the wrong kernel would have “1” at the end. This is fixed now.

23) [BugFix] There was a bug in detecting the size of a QCOW2 file if it had a decimal in the size. This is fixed now.

24) [BugFix] In the edit template wizard when the admin edited a precreated template, disabled fields would show blank values when the form was submitted. This is fixed now.

Virtualizor supports OpenVZ, Xen, XenServer and Linux-KVM on CentOS and Ubuntu and they all can be managed from the Master. We are adding more features and if you have any suggestions, do let us know. We hope you enjoy this version of Virtualizor.

The Virtualizor Team

Critical QEMU Vulnerability – VENOM – affects Xen, KVM, VirtualBox, XenServer

What is the VENOM vulnerability?

A new vulnerability, dubbed “VENOM” has been discovered, which exploits the virtual floppy drive code in QEMU. This vulnerability potentially allows an attacker to break out of their VM (guest) and gain privileged access to the Host machine, and its guest VMs.

The official website, which contains more, useful information can be found here:

Upstream advisory:

What virtualization/hypervisors are affected?

Any hypervisor that uses QEMU – Xen, KVM, VirtualBox and XenServer are amongst those affected by this exploit.

What can I do to resolve the VENOM vulnerability?

If you have a VM (guest) on a host whose technology is affected by this exploit, you should urgently update your virtualization platform for example, for KVM:

yum clean all && yum update qemu-kvm -y

And for others :

yum clean all && yum update -y

Following the update, the guests (virtual machines) need to be powered off and started up again for the update to take effect. Please note that it is not enough to restart the guests because a restarted guest would continue running using the same (old, not updated) QEMU binary.

NOTE : Please make sure you choose the correct kernel to boot.