Joanna Rootkovska ☠️ is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse.
If you don't, you can sign up here.
Qubes Security Bulletin #30 for another critical Xen bug(s) in PV memory virtualization (XSA 213-214): https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-030-2017.txt
The bugs were found by the same researcher who found the previous Xen bug (XSA 212): Jann Horn of Google P0, congrats!
Also, please read our commentary in the bulletin (linked above) about the general defense approaches we've been working on for Qubes 4.x.
@rootkovska is there a Qubes 4.0 roadmap showing any other major changes? I will want to jump ASAP for that improvement requiring (more expensive?) chain attacks, but Qubes is my full time OS, so obviously want to not sacrifice too much stability :)