| <html lang="en" dir="ltr" class="blog-wrapper blog-list-page plugin-blog plugin-id-default" data-has-hydrated="false"> |
| <title data-rh="true">Blog | Apache CloudStack</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://cloudstack.apache.org/blog/page/11"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" property="og:title" content="Blog | Apache CloudStack"><meta data-rh="true" name="description" content="Apache CloudStack Blog"><meta data-rh="true" property="og:description" content="Apache CloudStack Blog"><meta data-rh="true" name="docusaurus_tag" content="blog_posts_list"><meta data-rh="true" name="docsearch:docusaurus_tag" content="blog_posts_list"><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://cloudstack.apache.org/blog/page/11"><link data-rh="true" rel="alternate" href="https://cloudstack.apache.org/blog/page/11" hreflang="en"><link data-rh="true" rel="alternate" href="https://cloudstack.apache.org/blog/page/11" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Apache CloudStack RSS Feed"> |
| <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Apache CloudStack Atom Feed"> |
| <script src="scripts/bootstrap.bundle.min.js" async></script><link rel="stylesheet" href="/assets/css/styles.e12efb83.css"> |
| <link rel="preload" href="/assets/js/runtime~main.60ecdf28.js" as="script"> |
| <link rel="preload" href="/assets/js/main.2d60fa8d.js" as="script"> |
| <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}return t}()||function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script><div id="__docusaurus"> |
| <div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><div class="navbar__logo"><img src="/img/navlogo.png" alt="apache-cloudstack" class="themedImage_ToTc themedImage--light_HNdA"><img src="/img/navlogo.png" alt="apache-cloudstack" class="themedImage_ToTc themedImage--dark_i4oU"></div><b class="navbar__title text--truncate"></b></a></div><div class="navbar__items navbar__items--right"><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">About</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/about">About</a></li><li><a class="dropdown__link" href="/history">History</a></li><li><a class="dropdown__link" href="/features">Features</a></li><li><a class="dropdown__link" href="/who">Who We Are</a></li><li><a class="dropdown__link" href="/bylaws">Community Bylaws</a></li><li><a class="dropdown__link" href="/trademark-guidelines">Trademark Guidelines</a></li><li><a class="dropdown__link" href="/security">Security</a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Community</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/contribute">Get Involved</a></li><li><a class="dropdown__link" href="/developers">Developer Resources</a></li><li><a class="dropdown__link" href="/mailing-lists">Join Mailing Lists</a></li><li><a href="https://github.com/apache/cloudstack/issues" target="_blank" rel="noopener noreferrer" class="dropdown__link">Issues Tracker<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a href="https://join.slack.com/t/apachecloudstack/shared_invite/zt-1u8qwbivp-u16HRI~LWioLmF1G2D3Iyg" target="_blank" rel="noopener noreferrer" class="dropdown__link">Community Slack<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a class="dropdown__link" href="/events">Events and Meetups</a></li><li><a href="https://www.cloudstackcollab.org/" target="_blank" rel="noopener noreferrer" class="dropdown__link">Collab Conference<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Use Cases</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/cloud-builders">Cloud Builders</a></li><li><a class="dropdown__link" href="/kubernetes">Kubernetes</a></li><li><a class="dropdown__link" href="/integrations">Integrations</a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Users</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/users">Known Users</a></li><li><a class="dropdown__link" href="/blog/page/blog/tags/case-studies">Case Studies</a></li><li><a href="https://docs.google.com/forms/d/e/1FAIpQLScPHIRetdt-pxPT62IesXMoQUmhQ8ATGKcYZa507mB9uwzn-Q/viewform" target="_blank" rel="noopener noreferrer" class="dropdown__link">Take Survey<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Documentation</a><ul class="dropdown__menu"><li><a href="https://docs.cloudstack.apache.org" target="_blank" rel="noopener noreferrer" class="dropdown__link">CloudStack Documentation<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a href="https://cwiki.apache.org/confluence/display/CLOUDSTACK/Home" target="_blank" rel="noopener noreferrer" class="dropdown__link">Project Wiki<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a href="https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+Books" target="_blank" rel="noopener noreferrer" class="dropdown__link">CloudStack Books<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a class="dropdown__link" href="/api/">API Documentation</a></li></ul></div><a class="navbar__item navbar__link" href="/downloads">Download</a><a class="navbar__item navbar__link" href="/blog">Blog</a><a href="https://github.com/apache/cloudstack" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link header-github-link" aria-label="GitHub repository"></a><div class="searchBox_ZlJk"><div class="navbar__search searchBarContainer_NW3z"><input placeholder="Search" aria-label="Search" class="navbar__search-input"><div class="loadingRing_RJI3 searchBarLoadingRing_YnHq"><div></div><div></div><div></div><div></div></div><div class="searchHintContainer_Pkmr"><kbd class="searchHint_iIMx">ctrl</kbd><kbd class="searchHint_iIMx">K</kbd></div></div></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">ASF</a><ul class="dropdown__menu"><li><a href="https://www.apache.org/" target="_blank" rel="noopener noreferrer" class="dropdown__link">Foundation</a></li><li><a href="https://www.apache.org/licenses/" target="_blank" rel="noopener noreferrer" class="dropdown__link">License</a></li><li><a href="https://www.apache.org/events/current-event" target="_blank" rel="noopener noreferrer" class="dropdown__link">Events</a></li><li><a href="https://www.apache.org/security/" target="_blank" rel="noopener noreferrer" class="dropdown__link">Security</a></li><li><a href="https://www.apache.org/foundation/sponsorship.html" target="_blank" rel="noopener noreferrer" class="dropdown__link">Sponsorship</a></li><li><a href="https://www.apache.org/foundation/policies/privacy.html" target="_blank" rel="noopener noreferrer" class="dropdown__link">Privacy</a></li><li><a href="https://www.apache.org/foundation/thanks.html" target="_blank" rel="noopener noreferrer" class="dropdown__link">Thanks</a></li></ul></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="main-wrapper mainWrapper_z2l0"><div class="container margin-vert--lg blog-container"><div class="row"><aside class="col col--3"><nav class="sidebar thin-scrollbar"><div class="sidebarItemTitle margin-bottom--md">CloudStack Blog</div><ul class="sidebarItemList clean-list"><li class="sidebarItem"><a class="sidebarItemLink" href="/blog">All Posts</a></li><li class="sidebarItem"><a class="sidebarItemLink" href="/blog/tags/news">News</a></li><li class="sidebarItem"><a class="sidebarItemLink" href="/blog/tags/announcement">Announcements</a></li><li class="sidebarItem"><a class="sidebarItemLink" href="/blog/tags/roundup">Past Events</a></li><li class="sidebarItem"><a class="sidebarItemLink" href="/blog/tags/case-studies">Case Studies & Integrations</a></li><li class="sidebarItem"><a class="sidebarItemLink" href="/blog/tags/community">Meet the Community</a></li></ul></nav></aside><main class="col col--7" itemscope="" itemtype="http://schema.org/Blog"><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="Recently the Apache CloudStack PMC was informed that the realhostip.com Dynamic DNS service that CloudStack currently uses as part of the console proxy will be disbanded this summer. The realhostip service will be shut down June 30th, 2014, meaning users have approximately 3 months to mitigate this."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/realhostip_service_is_being_retired">Realhostip Service is Being Retired</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2014-03-25T00:00:00.000Z" itemprop="datePublished">March 25, 2014</time></div></header><div class="markdown" itemprop="articleBody"><p>Recently the Apache CloudStack PMC was informed that the realhostip.com Dynamic DNS service that CloudStack currently uses as part of the console proxy will be disbanded this summer. The realhostip service will be <b>shut down June 30th, 2014, meaning users have approximately 3 months to mitigate this</b>.</p><p>Prior to version 4.3, CloudStack used the realhostip.com service by default. With the release of CloudStack version 4.3 the default communication method with the console proxy is plaintext HTTP.</p><h3>Who is Affected</h3><p>CloudStack installations prior to version 4.3 that have not been reconfigured to use a DNS domain other than realhostip.com for Console Proxy or Secondary Storage must make changes to continue functioning past June 30th, 2014.</p><h3>Steps You Need to Take</h3><p>If you meet the criteria above, there are several options to prepare for realhostip retirement:</p><ul><li> Set up wildcard SSL certificate and DNS entries: This method is already well supported within prior versions of CloudStack.</li><li> Upgrade to CloudStack 4.3 and disable SSL: This is only recommended for development installations, or private clouds that contain no information of importance.</li><li> Upgrade to CloudStack 4.3, set up static SSL certificate and configure load balancer to point to the correct IP address: While this allows an administrator to skip setting up the DNS entries from the previous option, it is a more advanced option as CloudStack 4.3 does not support automatic load balancer configuration for the Console Proxy. It is hoped this functionality will be available in future releases.</li></ul><p><b>For instructions</b> on how to set up SSL encryption for use with CloudStack console proxy, please read the <a href="http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/latest/systemvm.html#console-proxy" target="_blank" rel="noopener noreferrer">console proxy section of the CloudStack administration guide</a>.</p><p>Additionally, if you will be using an SSL vendor who requires an intermediate CA chain to be installed for proper SSL validation by web browsers, detailed instructions for configuring the intermediate CA chain in CloudStack can be found <a href="http://www.chipchilders.com/blog/2013/1/2/undocumented-feature-using-certificate-chains-in-cloudstack.html" target="_blank" rel="noopener noreferrer">here</a>.</p><p><i>The Apache CloudStack security team does not recommend running a production cloud with either the realhostip.com SSL certificate, or with no SSL encryption at all.</i></p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="The Apache CloudStack project is pleased to announce the 4.2.1 release of the CloudStack cloud orchestration platform. This is a minor release of the 4.2.0 branch which released on Oct 1, 2013. The 4.2.1 release contains more than 150 bug fixes. As a bug fix release, no new features are included in 4.2.1."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/announcing_apache_cloudstack_4_21">Announcing Apache CloudStack 4.2.1</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2014-01-10T00:00:00.000Z" itemprop="datePublished">January 10, 2014</time></div></header><div class="markdown" itemprop="articleBody"><p>The Apache CloudStack project is pleased to announce the 4.2.1 release of the CloudStack cloud orchestration platform. This is a minor release of the 4.2.0 branch which released on Oct 1, 2013. The 4.2.1 release contains more than 150 bug fixes. As a bug fix release, no new features are included in 4.2.1.</p><p>The 4.2.1 release includes fixes for a number of issues; including problems with Xenserver VMSnapshots, UCS, device ID for Xen, configurable option to choose single Vs multipart upload for S3 API, allowing network with public IP Address without needing SourceNAT, and documentation fixes.</p><p>As a minor release it is a simple upgrade from 4.2.0 with no architectural changes. CloudStack Management Servers Services, and all SystemVMs will require a restart.</p><p>This release also addresses two security issues CVE-2013-6398 and CVE-2014-0031</p><p><strong>Documentation</strong></p><p>The 4.2.1 release notes includes full list of corrected issues as well as upgrade instructions from previous versions of Apache CloudStack. Please see the <a href="http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.2.1/html/Release_Notes/index.html" target="_blank" rel="noopener noreferrer">Release Notes</a> for a full list of corrected issues and upgrade instructions.</p><p>The official installation, administration and API documentation for each release are available on our <a href="http://cloudstack.apache.org/docs" target="_blank" rel="noopener noreferrer">Documentation Page</a>.</p><p><strong>Downloads</strong></p><p>The official source code for the 4.2.1 release can be downloaded from our <a href="http://cloudstack.apache.org/downloads.html" target="_blank" rel="noopener noreferrer">Downloads Page</a>.</p><p>In addition to the official source code release, individual contributors have also made convenience binaries in the form or RPM and Deb packages available from the download page. </p><p><strong>About Apache CloudStack</strong></p><p>Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS) software platform that allows users to build feature-rich public and private cloud environments. CloudStack includes an intuitive user interface and rich APIs for managing the compute, networking, software, and storage infrastructure resources. The project became an Apache top level project in March 2013.</p><p>For additional marketing or communications information, please contact the <a href="mailto:marketing@cloudstack.apache.org" target="_blank" rel="noopener noreferrer">marketing mailing list</a>.</p><p>To learn how to join and contribute to the Apache CloudStack community please visit our <a href="http://cloudstack.apache.org" target="_blank" rel="noopener noreferrer">website</a>.</p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="Product: Apache CloudStack"><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/cve_2013_6398_cloudstack_virtual">[CVE-2013-6398] CloudStack Virtual Router stop/start modifies firewall rules allowing additional access</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2014-01-10T00:00:00.000Z" itemprop="datePublished">January 10, 2014</time></div></header><div class="markdown" itemprop="articleBody"><p>Product: Apache CloudStack<br>Vendor: Apache Software Foundation<br>Vulnerability type: Bypass<br>Vulnerable Versions: Apache CloudStack 4.1.0, 4.1.1, 4.2.0<br>CVE References: CVE-2013-2136<br>Risk Level: Low<br>CVSSv2 Base Scores: 2.8 (AV:N/AC:M/Au:M/C:P/I:N/A:N)<br></p><p>Description:</p><p>The Apache CloudStack Security Team was notified of a an issue in the Apache CloudStack virtual router that failed to preserve source restrictions in firewall rules after a virtual router had been stopped and restarted.</p><p>Mitigation:</p><p>Upgrading to CloudStack 4.2.1 or higher will mitigate this issue.</p><p>References:</p><p>https://issues.apache.org/jira/browse/CLOUDSTACK-5263</p><p>Credit:</p><p>This issue was identified by the Cloud team at Schuberg Philis</p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="Product: Apache CloudStack"><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/cve_2014_0031_cloudstack_listnetworkacl">[CVE-2014-0031] CloudStack ListNetworkACL API discloses ACLs for other users</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2014-01-10T00:00:00.000Z" itemprop="datePublished">January 10, 2014</time></div></header><div class="markdown" itemprop="articleBody"><p>Product: Apache CloudStack<br>Vendor: Apache Software Foundation<br>Vulnerability type: Information Disclosure<br>Vulnerable Versions: Apache CloudStack 4.2.0<br>CVE References: CVE-2014-0031<br>Risk Level: Low<br>CVSSv2 Base Scores: 3.5 (AV:N/AC:M/Au:S/C:P/I:N/A:N)<br></p><p>Description:</p><p>The Apache CloudStack Security Team was notified of a an issue in Apache CloudStack which permits an authenticated user to list network ACLs for other users.</p><p>Mitigation:</p><p>Upgrading to CloudStack 4.2.1 or higher will mitigate this issue.</p><p>References:</p><p>https://issues.apache.org/jira/browse/CLOUDSTACK-5145</p><p>Credit:</p><p>This issue was identified by Marcus Sorensen</p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="The Apache CloudStack project is excited to announce the 4.2 feature release of the CloudStack cloud orchestration platform. This is the next feature release of the 4.x line which first released on November 6, 2012 with the 4.1 release on June 5. This is the second major release from Apache CloudStack since its graduation from the Apache Incubator on March 20th."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/announcing_apache_cloudstack_4_2">Announcing Apache CloudStack 4.2.0</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2013-10-01T00:00:00.000Z" itemprop="datePublished">October 1, 2013</time></div></header><div class="markdown" itemprop="articleBody"><p>The <a href="http://cloudstack.apache.org" target="_blank" rel="noopener noreferrer">Apache CloudStack</a> project is excited to announce the 4.2 feature release of the CloudStack cloud orchestration platform. This is the next feature release of the 4.x line which first released on November 6, 2012 with the 4.1 release on June 5. This is the second major release from Apache CloudStack since its graduation from the Apache Incubator on March 20th.</p><p>This release represents over six months of work from the Apache CloudStack community with 57 new and 29 improved features being provided. Many new features incorporate contributions from major corporations and support for industry standards. New integrated support of the Cisco UCS compute chassis, SolidFire storage arrays, and the S3 storage protocol are just a few of the features available in this release.</p><p><strong>Documentation</strong></p><p>The 4.2 release includes over 160 issues from 4.1.0 and 4.1.1 were fixed; including fixes for swift support, fixes to documentation, and more. Please see the <a href="http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.2.0/html/Release_Notes/index.html" target="_blank" rel="noopener noreferrer">Release Notes</a> for a full list of corrected issues and upgrade instructions.</p><p>The official installation, administration and API documentation for each release are available on our <a href="http://cloudstack.apache.org/docs/" target="_blank" rel="noopener noreferrer">Documentation Page</a>.</p><p><strong>Downloads</strong></p><p>The official source code for the 4.2 release can be downloaded from our <a href="http://cloudstack.apache.org/downloads.html" target="_blank" rel="noopener noreferrer">Downloads Page</a>.</p><p>In addition to the official source code release, individual contributors have also made convenience binaries available on the<a href="http://cloudstack.apache.org/downloads.html" target="_blank" rel="noopener noreferrer">Apache CloudStack download page</a>.</p><p><strong>Apache CloudStack</strong></p><p>Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS) software platform that allows users to build feature-rich public and private cloud environments. CloudStack includes an intuitive user interface and rich APIs for managing the compute, networking, software, and storage infrastructure resources. The project became an Apache top level project in March 2013.</p><p>For additional marketing or communications information, please contact the <a href="mailto:marketing@cloudstack.apache.org" target="_blank" rel="noopener noreferrer">marketing mailing list</a>.</p><p>To learn how to join and contribute to the Apache CloudStack community please visit our website at <a href="http://cloudstack.apache.org" target="_blank" rel="noopener noreferrer">http://cloudstack.apache.org</a>.</p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="The Apache CloudStack project is pleased to announce the immediate availability"><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/announcing_apache_cloudstack_cloudmonkey_5">Announcing Apache CloudStack CloudMonkey 5.0.0!</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2013-09-24T00:00:00.000Z" itemprop="datePublished">September 24, 2013</time></div></header><div class="markdown" itemprop="articleBody"><p>The Apache CloudStack project is pleased to announce the immediate availability of the Apache CloudStack CloudMonkey 5.0.0 release.</p><p>Apache CloudStack's CloudMonkey is a Python-based command line utility for interacting with Apache CloudStack IaaS clouds. The software provides an interactive shell environment that includes command discovery, auto-completion and multiple output formats. CloudMonkey can also be used as a simple command line utility, which can be easily integrated into larger shell scripts.</p><p>This is the first independently released version of CloudMonkey provided by the Apache CloudStack project community. This release includes pre-cached API command syntax for Apache CloudStack versions up to and including CloudStack 4.2.0.</p><p>The release can be obtained from the CloudMonkey section of the Apache CloudStack download page:</p><p><a href="http://cloudstack.apache.org/downloads.html" target="_blank" rel="noopener noreferrer">http://cloudstack.apache.org/downloads.html</a></p><p>Additionally, the 5.0.0 release is available via the Python Package Index (https://pypi.python.org/pypi/cloudmonkey) and may be installed via pip. Further instructions may be found on the Apache CloudStack download page.</p><p>We welcome your help and feedback. For more information on how to report problems, and to get involved, visit the project website at:</p><p><a href="http://cloudstack.apache.org/" target="_blank" rel="noopener noreferrer">http://cloudstack.apache.org/</a></p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="Welcome back to another exciting issue of the Apache CloudStack Weekly News. This week, 4.2.0 enters it's fourth round of voting, we welcome several new committers and look at some of the major discussions on the Apache CloudStack mailing lists, and much more."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/apache_cloudstack_weekly_news_42">Apache CloudStack Weekly News - 4 September 2013</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2013-09-05T00:00:00.000Z" itemprop="datePublished">September 5, 2013</time></div></header><div class="markdown" itemprop="articleBody"><p>Welcome back to another exciting issue of the <a href="http://cloudstack.apache.org" target="_blank" rel="nofollow" class="external-link">Apache CloudStack</a> Weekly News. This week, 4.2.0 enters it's fourth round of voting, we welcome several new committers and look at some of the major discussions on the Apache CloudStack mailing lists, and much more. </p><h3><a name="ApacheCloudStackWeeklyNews-4September2013-MajorDiscussions"></a>Major Discussions</h3><h5><a name="ApacheCloudStackWeeklyNews-4September2013-4.2isNowbeingVotedOn"></a>4.2 is Now being Voted On</h5><p>The fourth round of voting is now <a href="http://markmail.org/message/xxfksrwvabkip2lb" target="_blank" rel="nofollow" class="external-link">open</a> on the 4.2 release. This release is full of new features, fixes and thousands of hours of work from everyone in the community. It's important to test and cast your vote on the release. Remember that all members of the community are <a href="http://cloudstack.apache.org/bylaws.html" target="_blank" rel="nofollow" class="external-link">eligible to cast a vote</a> and note any issues that they have with the current release candidate. </p><h5><a name="ApacheCloudStackWeeklyNews-4September2013-4.2IssuesClosure"></a>4.2 Issues Closure</h5><p>Sudha Ponnaganti has throughout the 4.2 put <a href="http://markmail.org/message/pwmlzcq7nwtcfdg5" target="_blank" rel="nofollow" class="external-link">together a list</a> of the current blocker and critical issues that need to be reviewed. If you have issues that have been resolved please review, test, and close out please. </p><h5><a name="ApacheCloudStackWeeklyNews-4September2013-HighQualityDocumentation"></a>High Quality Documentation</h5><p>For some time now there has been discussion around a possible replacement to our current use DocBook for our primary document editor. Sebastien Goasguen started a <a href="http://markmail.org/message/5z2umxi3whcyqddy" target="_blank" rel="nofollow" class="external-link">discussion</a> to look at <a href="http://daringfireball.net/projects/markdown/" target="_blank" rel="nofollow" class="external-link">Markdown by Daring Fireball</a>. With there being concern about how to create and maintain high quality documentation, this is an important thread to participate in for anyone interested in the release documents. </p><blockquote><p>After seeing lots of frustrated people with folks I decided to try something out with markdown.</p><p>I used pandoc to convert some docbook files to markdown and I used a structure for a book based on 'The little mongodb' book.<br>We can generate epub and pdf using latex.</p><p>See: <a href="https://github.com/runseb/cloudstack-books" target="_blank" rel="nofollow" class="external-link">link</a></p><p>There are two "books" aimed at being step by step recipes. Not long, not convoluted, single OS, etc…simple step by step.</p><p><a href="https://github.com/runseb/cloudstack-books/blob/master/en/clients.markdown" target="_blank" rel="nofollow" class="external-link">link</a><br><a href="https://github.com/runseb/cloudstack-books/blob/master/en/installation.markdown" target="_blank" rel="nofollow" class="external-link">link</a></p><p>I am still sanitizing the installation one based on 4.2 .</p><p>Comments, flames ?</p></blockquote><h3><a name="ApacheCloudStackWeeklyNews-4September2013-CloudStackPlanet"></a>CloudStack Planet</h3><h5><a name="ApacheCloudStackWeeklyNews-4September2013-SpeakinginTechPodcastTheRegister"></a>Speaking in Tech Podcast - The Register</h5><p>Aaron Delp joined in as a part of talking cloud and especially CloudStack as part of an <a href="http://markmail.org/message/ddyi72tzrfhcvycr" target="_blank" rel="nofollow" class="external-link">interview with The Register</a> and their "Speaking in Tech" podcast series. </p><p>Aaron's section on ACS is from 17:45 to 26:00 - <a href="http://www.theregister.co.uk/2013/08/01/speaking_in_tech_episode_69/" target="_blank" rel="nofollow" class="external-link">http://www.theregister.co.uk/2013/08/01/speaking_in_tech_episode_69/</a></p><h5><a name="ApacheCloudStackWeeklyNews-4September2013-CloudStackAppliancesReleased"></a>CloudStack Appliances Released</h5><p>Ilya Musayev a committer of the ACS project and founder of CloudSands project has recently <a href="http://markmail.org/message/cumk7jl2lt2e35jg" target="_blank" rel="nofollow" class="external-link">announced the release</a> of a set of pre-built management server appliances available for open use based off the ACS 4.1.1 code base. There are appliances for VMware, Xen and KVM hypervisors. </p><blockquote><p>Objective: Speed up the Apache CloudStack adoption by abstracting the need of going through install process and using pre-installed package instead. Especially useful for a quick POC.</p><p>vSphere:<br>Short URL: <a href="http://s.apache.org/vapp-acs411-vsphere" target="_blank" rel="nofollow" class="external-link">link</a><br>Long URL: <a href="http://download.cloudsand.com/appliances/cloudstack/centos6.4-x86_64-cloudstack-4.1.1.ova" target="_blank" rel="nofollow" class="external-link">link</a></p><p>KVM:<br>Short URL: <a href="http://s.apache.org/vapp-acs411-kvm" target="_blank" rel="nofollow" class="external-link">link</a><br>Long URL: <a href="http://download.cloudsand.com/appliances/cloudstack/centos6.4-x86_64-cloudstack-4.1.1.qcow2.bz2" target="_blank" rel="nofollow" class="external-link">link</a></p><p>XEN:<br>Short URL: <a href="http://s.apache.org/vapp-acs411-xen" target="_blank" rel="nofollow" class="external-link">link</a><br>Full URL: <a href="http://download.cloudsand.com/appliances/cloudstack/centos6.4-x86_64-cloudstack-4.1.1.vhd.bz2" target="_blank" rel="nofollow" class="external-link">link</a></p><p>Minimum Requirements:<br>1 CPU x 2 GB of RAM</p><p>Testing:</p><p>Please spend few minutes on testing these out, you can import it as a template into your ACS - power on and see the details on initial start.<br>I've tested vSphere and KVM version. I don't have XEN instance to try.</p></blockquote><h3><a name="ApacheCloudStackWeeklyNews-4September2013-Events"></a>Events</h3><ul><li><b><a href="http://lanyrd.com/2013/build-a-cloud-day-london/" target="_blank" rel="nofollow" class="external-link">Build a Cloud Day - London</a></b> being hosted by Sebastien Goasguen, being held on September 5.</li><li><b><a href="http://www.cloudplugfest.org/about-cloud-plugfests" target="_blank" rel="nofollow" class="external-link">Cloud Plug Fest</a></b> offers a variety of Tutorials and sessions, including OpenStack and CloudStack, in Madrid, Spain September 16-20.</li><li><b><a href="http://lanyrd.com/2013/build-a-cloud-day-geneva-switzerland/" target="_blank" rel="nofollow" class="external-link">Build a Cloud Day - Switzerland</a></b> has Sebastien Goasguen teaching you and helping you build clouds across Europe on September 26.</li><li><b><a href="http://lanyrd.com/2013/cloudstack-collaboration-conference/" target="_blank" rel="nofollow" class="external-link">CloudStack Collaboration Conference</a></b> planning is well underway for Amsterdam, Netherlands. Put it on your calendar now for November 20-22.</li></ul><h3><a name="ApacheCloudStackWeeklyNews-4September2013-NewCommittersandPMCMembers"></a>New Committers and PMC Members</h3><ul><li>Ilya Musayev has been invited to join the CloudStack PMC, and <a href="http://markmail.org/message/263fp7wl56lhrwon" target="_blank" rel="nofollow" class="external-link">has accepted</a>.</li><li>Vijay Bhamidipati has been invited by the PMC to become a committer and <a href="http://markmail.org/message/ol43ltkhkwnihgnd" target="_blank" rel="nofollow" class="external-link">has accepted</a>.</li><li>Toshiaki Hatano has been invited by the PMC to become a committer and <a href="http://markmail.org/message/yrduvvabhtkdravy" target="_blank" rel="nofollow" class="external-link">has accepted</a>.</li><li>Kirk Kosinski has been invited by the PMC to become a committer and <a href="http://markmail.org/message/6abmubyyzpgtdzru" target="_blank" rel="nofollow" class="external-link">has accepted</a>.</li><li>Ian Duffy has been invited by the PMC to become a committer and <a href="http://markmail.org/message/jugi22z546nuljgp" target="_blank" rel="nofollow" class="external-link">has accepted</a>.</li></ul></div><footer class="row docusaurus-mt-lg"></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="With two very successful events in the United Stated we know it is time to bring this conference to Europe. This time we’re gathering the community in The Netherlands. More specific, right in the center of Amsterdam in one of its historical landmarks, the Beurs van Berlage."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/announcing_the_cloudstack_collaboration_conference">Announcing the CloudStack Collaboration Conference - Europe</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2013-08-16T00:00:00.000Z" itemprop="datePublished">August 16, 2013</time></div></header><div class="markdown" itemprop="articleBody"><p>With two very successful events in the United Stated we know it is time to bring this conference to Europe. This time we’re gathering the community in The Netherlands. More specific, right in the center of Amsterdam in one of its historical landmarks, the Beurs van Berlage.</p><p>Starting November 20th with a hack day and continuing with a two day conference, this will be your opportunity to dive into all things CloudStack. Meet the community, discuss new ideas and learn about existing and upcoming features. We have setup the conference to provide an exciting environment to participate in workshops, attend presentations or just sit back and have a drink with other CloudStack enthusiasts. </p><p>The Call for Papers is open right now, so send your abstract to <a href="mailto:cfp@cloudstackcollab.org" target="_blank" rel="noopener noreferrer">cfp@cloudstackcollab.org</a>. If it’s relevant to Apache CloudStack development, deployment, and integration, we’re interested in what you might have to say. We can accommodate workshops, hack sessions, presentation and we want to work with you to make sure you can share what you want with the community. Check the website for more details, <a href="http://www.cloudstackcollab.org/call-for-papers" target="_blank" rel="noopener noreferrer">http://www.cloudstackcollab.org/call-for-papers</a></p><p>The conference website http://www.cloudstackcollab.org will be regularly updated with new content to keep you informed about the conference. Please check it regularly to be informed about the latest developments regarding the CloudStack Collaboration Conference Europe. </p><p></p><h2>Important Dates </h2><p></p><p>The Call for Papers will run from today (August 16th) to September 30th. We will send out notifications shortly after closing the Call for Papers.</p><p>The Conference Hack Day will be November 20th</p><p>The Conference talks and planned sessions begin on November 21th </p><p>The Conference ends on November 22th </p><p></p><h2>Registration</h2><p></p><p>We will announce the registration in a short while, please keep an eye on the website <a href="http://www.cloudstackcollab.org/" target="_blank" rel="noopener noreferrer">http://www.cloudstackcollab.org/</a> for more details.</p><p></p><h2>Location</h2><p></p><p>The conference will be at the Beurs van Berlage in Amsterdam, The Netherlands. Located in the city center it is close to quite a number of hotels and hostels in Amsterdam. We are looking at the possibility to make a deal with one of the hotels in the immediate vicinity of the conference location. We will update the conference website when we have the details.</p><p></p><h2>Sponsoring</h2><p></p><p>Sponsoring opportunities are available for the CloudStack Collaboration Conference. At the conference website <a href="http://www.cloudstackcollab.org/sponsors" target="_blank" rel="noopener noreferrer">http://www.cloudstackcollab.org/sponsors</a> some of our sponsors will explain you the benefits in a video message. If you’d like to see the sponsorship prospectus or ask about sponsoring, contact <a href="mailto:sponsors@cloudstackcollab.org" target="_blank" rel="noopener noreferrer">sponsors@cloudstackcollab.org</a>.</p><p>We’re very pleased to invite the community to Amsterdam and we hope you’ll join us! See you in Amsterdam!</p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/news">news</a></li></ul></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="Product: Apache CloudStack"><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/cve_2013_2136_apache_cloudstack">[CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2013-08-07T00:00:00.000Z" itemprop="datePublished">August 7, 2013</time></div></header><div class="markdown" itemprop="articleBody"><p>Product: Apache CloudStack<br>Vendor: The Apache Software Foundation<br>Vulnerability Type(s): Cross-site scripting (XSS)<br>Vulnerable version(s): Apache CloudStack versions 4.0.0-incubating, 4.0.1-incubating, 4.0.2 and 4.1.0<br>CVE References: CVE-2013-2136<br>Risk Level: Low<br>CVSSv2 Base Scores: 4 (AV:N/AC:L/Au:S/C:N/I:P/A:N)</p><p>Description:</p><p>The Apache CloudStack Security Team was notified of an issue found in the Apache CloudStack user interface that allows an authenticated user to execute cross-site scripting attack against other users within the system.</p><p>Mitigation:</p><p>Updating to Apache CloudStack versions 4.1.1 or higher will mitigate this vulnerability.</p><p>Please see the 4.1.1 release notes for further information about how to upgrade:</p><p><a href="http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/html/Release_Notes/index.html" target="_blank" rel="noopener noreferrer">http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/html/Release_Notes/index.html</a></p><p>References:</p><p><a href="https://issues.apache.org/jira/browse/CLOUDSTACK-2936" target="_blank" rel="noopener noreferrer">https://issues.apache.org/jira/browse/CLOUDSTACK-2936</a></p><p>Credit:</p><p>This issue was identified by Oleg Boytsev from strongserver.org.</p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="The Apache CloudStack project is pleased to announce the 4.1.1 release"><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/apache_cloudstack_4_1_1">Apache CloudStack 4.1.1 Released</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2013-08-06T00:00:00.000Z" itemprop="datePublished">August 6, 2013</time></div></header><div class="markdown" itemprop="articleBody"><p>The Apache CloudStack project is pleased to announce the 4.1.1 release of the Apache CloudStack cloud orchestration platform.</p><p>This is a minor release of the 4.1.0 branch which released on June 5, 2013. The 4.1.1 release contains more than 45 bug fixes. As a bug-fix only release, no new features are included.</p><p>Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS) software platform that allows users to build feature-rich public and private cloud environments. CloudStack includes an intuitive user interface and rich API for managing the compute, networking, software, and storage resources. The project became an Apache top level project in arch 2013.</p><p>More information about Apache CloudStack can be found at: <a href="http://cloudstack.apache.org/" target="_blank" rel="noopener noreferrer">http://cloudstack.apache.org/</a></p><p><strong>Release Notes</strong></p><p>The 4.1.1 release includes fixes for a number of issues; including problems with snapshots, fixes to documentation, and more. Please see the Release Notes file for a full list of corrected issues in this release and upgrade instructions.</p><p><a href="http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/html/Release_Notes/index.html" target="_blank" rel="noopener noreferrer">http://cloudstack.apache.org/docs/en-US/Apache_CloudStack/4.1.1/html/Release_Notes/index.html</a></p><p>The 4.1.1 release also addresses a cross-site scripting (XSS) vulnerability identified by CVE-2013-2136.</p><p><strong>Downloads</strong></p><p>The official source code release can be downloaded from:</p><p><a href="http://cloudstack.apache.org/downloads.html" target="_blank" rel="noopener noreferrer">http://cloudstack.apache.org/downloads.html</a></p><p>In addition to the official source code release, individual contributors have also made convenience binaries available on the Apache CloudStack download page.</p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div></footer></article><nav class="pagination-nav" aria-label="Blog list page navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/blog/page/10"><div class="pagination-nav__label">Newer Entries</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/blog/page/12"><div class="pagination-nav__label">Older Entries</div></a></nav></main></div></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://cloudstack.apache.org/" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/ACS_logo_slogan.svg" alt="Apache CloudStack logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/ACS_logo_slogan.svg" alt="Apache CloudStack logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright"> |
| <a href="https://join.slack.com/t/apachecloudstack/shared_invite/zt-2aegc22z7-tPCxpptfcebTBtd59qcZSQ"> |
| <a href="https://www.linkedin.com/company/apachecloudstack/posts/"> |
| Software Foundation, Licensed under the Apache License, Version 2.0. |
| “Apache”, “CloudStack”, “Apache CloudStack”, the Apache CloudStack logo, |
| the Apache CloudStack Cloud Monkey logo and the Apache feather logos |
| are registered trademarks or trademarks of The Apache Software |
| <p class="footer-blue"><a href="/trademark-guidelines">Apache CloudStack Trademark Usage</a> - <a href="/bylaws">Apache CloudStack Community ByLaws</a> - <a href="https://github.com/apache/cloudstack-www">Website Source Code</a></p></div> |
