Apache CloudStack 4.18.1.1 (LTS Security Release)
rohityadavcloud
released this
04 Apr 05:23
·
1336 commits
to main
since this release
This is a security release the fixes the following on top of 4.18.1.0 release:
- CVE-2024-29006 x-forwarded-for parsed by default
- CVE-2024-29007 When downloading templates or ISOs, the UI/SSVM follow http redirects with potentially dangerous consequences
- CVE-2024-29008 The extraconfig feature can be abused to load hypervisor resources on a VM instance
Advisory: https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.1-4.18.1.1