Skip to content

Apache CloudStack 4.18.1.1 (LTS Security Release)

Compare
Choose a tag to compare
@rohityadavcloud rohityadavcloud released this 04 Apr 05:23
· 1336 commits to main since this release
4.18.1.1

This is a security release the fixes the following on top of 4.18.1.0 release:

  • CVE-2024-29006 x-forwarded-for parsed by default
  • CVE-2024-29007 When downloading templates or ISOs, the UI/SSVM follow http redirects with potentially dangerous consequences
  • CVE-2024-29008 The extraconfig feature can be abused to load hypervisor resources on a VM instance

Advisory: https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.1-4.18.1.1