Skip to content

Releases: apache/cloudstack

Apache CloudStack 4.19.1.2 (LTS Security Release)

15 Oct 18:35
Compare
Choose a tag to compare

This is a security release that fixes the following on top of the 4.19.1.1 release:

  • CVE-2024-45219: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure
  • CVE-2024-45461: Access checks not enforced in Quota
  • CVE-2024-45462: Incomplete session invalidation on web interface logout
  • CVE-2024-45693: Request origin validation bypass makes account takeover possible

Advisory: https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2

Release notes: https://docs.cloudstack.apache.org/en/4.19.1.2/releasenotes
Installation docs: https://docs.cloudstack.apache.org/en/4.19.1.2/installguide
Upgrade docs: https://docs.cloudstack.apache.org/en/4.19.1.2/upgrading
Admin docs: https://docs.cloudstack.apache.org/en/4.19.1.2/adminguide
API docs: https://cloudstack.apache.org/api/apidocs-4.19

Apache CloudStack 4.18.2.4 (LTS Security Release)

15 Oct 18:37
Compare
Choose a tag to compare

This is a security release that fixes the following on top of the 4.18.2.3 release:

  • CVE-2024-45219: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure
  • CVE-2024-45461: Access checks not enforced in Quota
  • CVE-2024-45462: Incomplete session invalidation on web interface logout
  • CVE-2024-45693: Request origin validation bypass makes account takeover possible

Advisory: https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2

Release notes: https://docs.cloudstack.apache.org/en/4.18.2.4/releasenotes
Installation docs: https://docs.cloudstack.apache.org/en/4.18.2.4/installguide
Upgrade docs: https://docs.cloudstack.apache.org/en/4.18.2.4/upgrading
Admin docs: https://docs.cloudstack.apache.org/en/4.18.2.4/adminguide
API docs: https://cloudstack.apache.org/api/apidocs-4.18

Apache CloudStack 4.19.1.1 (LTS Security Release)

06 Aug 15:17
4.19.1.1
4ea342c
Compare
Choose a tag to compare

Apache CloudStack 4.18.2.3 (LTS Security Release)

06 Aug 15:15
4.18.2.3
be191f5
Compare
Choose a tag to compare

Apache CloudStack 4.19.1.0 (LTS)

19 Jul 10:05
9f4c895
Compare
Choose a tag to compare

Apache CloudStack 4.18.2.2 (LTS Security Release)

19 Jul 10:11
Compare
Choose a tag to compare

Apache CloudStack 4.19.0.2 (LTS Security Release)

05 Jul 13:32
Compare
Choose a tag to compare

This is a security release that fixes the following on top of the 4.19.0.1 release:

  • CVE-2024-38346: Unauthenticated cluster service port leads to remote execution
  • CVE-2024-39864: Integration API service uses dynamic port when disabled

Advisory: https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1

Release notes: https://docs.cloudstack.apache.org/en/4.19.0.2/releasenotes
Installation docs: https://docs.cloudstack.apache.org/en/4.19.0.2/installguide
Upgrade docs: https://docs.cloudstack.apache.org/en/4.19.0.2/upgrading
Admin docs: https://docs.cloudstack.apache.org/en/4.19.0.2/adminguide
API docs: https://cloudstack.apache.org/api/apidocs-4.19

Apache CloudStack 4.18.2.1 (LTS Security Release)

05 Jul 13:31
Compare
Choose a tag to compare

This is a security release that fixes the following on top of the 4.18.2.0 release:

  • CVE-2024-38346: Unauthenticated cluster service port leads to remote execution
  • CVE-2024-39864: Integration API service uses dynamic port when disabled

Advisory: https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1

Release notes: https://docs.cloudstack.apache.org/en/4.18.2.1/releasenotes
Installation docs: https://docs.cloudstack.apache.org/en/4.18.2.1/installguide
Upgrade docs: https://docs.cloudstack.apache.org/en/4.18.2.1/upgrading
Admin docs: https://docs.cloudstack.apache.org/en/4.18.2.1/adminguide
API docs: https://cloudstack.apache.org/api/apidocs-4.18

Apache CloudStack 4.18.2.0 (LTS)

25 Apr 18:05
Compare
Choose a tag to compare

Apache CloudStack 4.18.1.1 (LTS Security Release)

04 Apr 05:23
4.18.1.1
Compare
Choose a tag to compare

This is a security release the fixes the following on top of 4.18.1.0 release:

  • CVE-2024-29006 x-forwarded-for parsed by default
  • CVE-2024-29007 When downloading templates or ISOs, the UI/SSVM follow http redirects with potentially dangerous consequences
  • CVE-2024-29008 The extraconfig feature can be abused to load hypervisor resources on a VM instance

Advisory: https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.1-4.18.1.1