Skip to content

Releases: shapeblue/cloudstack

4.18.1.1-shapeblue1 (LTS Security Release)

04 Apr 06:03
Compare
Choose a tag to compare

Advisories:

This is a ShapeBlue customer patch release that includes the following changes on top of upstream security 4.18.1.1 release:

  • CVE-2024-29006 x-forwarded-for parsed by default
  • CVE-2024-29007 When downloading templates or ISOs, the UI/SSVM follow http redirects with potentially dangerous consequences
  • CVE-2024-29008 The extraconfig feature can be abused to load hypervisor resources on a VM instance

Additional changes:

4.18.1.0-shapeblue1 packages repository

EL7: http://packages.shapeblue.com/cloudstack/upstream/el7/4.18/
EL8: http://packages.shapeblue.com/cloudstack/upstream/el8/4.18/
EL9: http://packages.shapeblue.com/cloudstack/upstream/el9/4.18/
Ubuntu/Debian: http://packages.shapeblue.com/cloudstack/upstream/debian/4.18/

Upgrade instructions

  • Recommended: Test the patch in your test/validation environment before upgrading to production
  • Backup your production DB dump before upgrading to this patch release
  • Check and upgrade any installed cloudstack packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8, EL9 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using rpm or yum localinstall.
  • Post upgrade, restart the upgraded services such as cloudstack-management and cloudstack-agent
  • Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.18.1.1-shapeblue1

4.19.0.1-shapeblue0 (LTS Security Release)

09 Apr 10:08
4.19.0.1
Compare
Choose a tag to compare

Advisories:

This is a ShapeBlue customer patch release that is based on upstream security 4.19.0.1 release:

  • CVE-2024-29006 x-forwarded-for parsed by default
  • CVE-2024-29007 When downloading templates or ISOs, the UI/SSVM follow http redirects with potentially dangerous consequences
  • CVE-2024-29008 The extraconfig feature can be abused to load hypervisor resources on a VM instance

4.19 packages repository

EL7: http://packages.shapeblue.com/cloudstack/upstream/el7/4.19/
EL8: http://packages.shapeblue.com/cloudstack/upstream/el8/4.19/
EL9: http://packages.shapeblue.com/cloudstack/upstream/el9/4.19/
Ubuntu/Debian: http://packages.shapeblue.com/cloudstack/upstream/debian/4.19/

Upgrade instructions

  • Recommended: Test the patch in your test/validation environment before upgrading to production
  • Backup your production DB dump before upgrading to this patch release
  • Check and upgrade any installed cloudstack packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8, EL9 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using rpm or yum localinstall.
  • Post upgrade, restart the upgraded services such as cloudstack-management and cloudstack-agent
  • Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.19.0.1

4.18.1.0-shapeblue1

25 Oct 07:27
Compare
Choose a tag to compare

This is a ShapeBlue customer patch release that includes the following changes on top of upstream 4.18.1.0 release:

4.18.1.0-shapeblue1 packages repository

EL7: http://packages.shapeblue.com/cloudstack/upstream/el7/4.18/
EL8: http://packages.shapeblue.com/cloudstack/upstream/el8/4.18/
EL9: http://packages.shapeblue.com/cloudstack/upstream/el9/4.18/
Debian: http://packages.shapeblue.com/cloudstack/upstream/debian/4.18/

Upgrade instructions

  • Applicability: this patch can be applied in an environment that has Apache CloudStack 4.18.1.0 installed
  • Recommended: Test the patch in your test/validation environment before upgrading to production
  • Backup your production DB dump before upgrading to this patch release
  • Check and upgrade any installed cloudstack packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8, EL9 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using rpm or yum localinstall.
  • Post upgrade, restart the upgraded services such as cloudstack-management and cloudstack-agent
  • Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.18.1.0-shapeblue1

4.17.2.0-shapeblue3

18 Oct 07:53
Compare
Choose a tag to compare

This is a ShapeBlue customer patch release that includes the following changes on top of 4.17.2.0-shapeblue2:

  • KVM volume snapshot backing file fix apache#8041
  • KVM VM snapshot support for NFS and local storage apache#8062

4.17.2.0-shapeblue3 packages repository

EL7: http://packages.shapeblue.com/cloudstack/upstream/el7/4.17/
EL8: http://packages.shapeblue.com/cloudstack/upstream/el8/4.17/
Debian: http://packages.shapeblue.com/cloudstack/upstream/debian/4.17/

Upgrade instructions

  • Applicability: this patch can be applied in an environment that has Apache CloudStack 4.17.2.0-shapeblue2 installed
  • Recommended: Test the patch in your test/validation environment before upgrading to production
  • Backup your production DB dump before upgrading to this patch release
  • Check and upgrade any installed cloudstack packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using rpm or yum localinstall.
  • Post upgrade, restart the upgraded services such as cloudstack-management and cloudstack-agent
  • Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.17.2.0-shapeblue3

4.17.2.0-shapeblue2

28 Aug 07:28
Compare
Choose a tag to compare

This is a ShapeBlue customer patch release that includes the following changes on top of upstream 4.17.2.0 release:

4.17.2.0-shapeblue2 packages repository

EL7: http://packages.shapeblue.com/cloudstack/upstream/el7/4.17/
EL8: http://packages.shapeblue.com/cloudstack/upstream/el8/4.17/
Debian: http://packages.shapeblue.com/cloudstack/upstream/debian/4.17/

Upgrade instructions

  • Applicability: this patch can be applied in an environment that has Apache CloudStack 4.17.2.0 installed
  • Recommended: Test the patch in your test/validation environment before upgrading to production
  • Backup your production DB dump before upgrading to this patch release
  • Check and upgrade any installed cloudstack 4.17.2.0 packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using rpm or yum localinstall.
  • Post upgrade, restart the upgraded services such as cloudstack-management
  • Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.17.2.0-shapeblue2

apache#6748

Steps to validate the fix

1.Create 2 domains
2.Create a network offering and associate with the 2 domains
3.Execute the list network oferring api call and pass both the domainid's
4.It should list the network offering assoicated with both domains

apache#7584

Steps to validate the fix

1.Enable vm.configdrive.force.host.cache.use in Global Configuration.
2.Create a L2 network with config drive
3.Deploy a vm with the L2 network created in previous step
4.Stop the vm and destroy vm (not expunge it)
5.Stop the cloudstack-agent on the KVM's host
6.Expunge the vm
7.The vm should get expunged without any issues

4.18.0.0-shapeblue1

24 Jul 10:18
Compare
Choose a tag to compare

This is a ShapeBlue customer patch release that includes the following changes on top of upstream 4.18.0.0 release:

4.18.0.0-shapeblue1 packages repository

EL7: http://packages.shapeblue.com/cloudstack/upstream/el7/4.18/
EL8: http://packages.shapeblue.com/cloudstack/upstream/el8/4.18/
EL9: http://packages.shapeblue.com/cloudstack/upstream/el9/4.18/
Debian: http://packages.shapeblue.com/cloudstack/upstream/debian/4.18/

Upgrade instructions

  • Applicability: this patch can be applied in an environment that has Apache CloudStack 4.18.0.0 installed
  • Recommended: Test the patch in your test/validation environment before upgrading to production
  • Backup your production DB dump before upgrading to this patch release
  • Check and upgrade any installed cloudstack 4.17.2.0 packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8, EL9 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using rpm or yum localinstall.
  • Post upgrade, restart the upgraded services such as cloudstack-management
  • Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.18.0.0-shapeblue1

apache#7584

Steps to validate the fix

1.Enable vm.configdrive.force.host.cache.use in Global Configuration.
2.Create a L2 network with config drive
3.Deploy a vm with the L2 network created in previous step
4.Stop the vm and destroy vm (not expunge it)
5.Stop the cloudstack-agent on the KVM's host
6.Expunge the vm
7.The vm should get expunged without any issues

4.17.2.0-shapeblue1

24 Jul 10:17
Compare
Choose a tag to compare

This is a ShapeBlue customer patch release that includes the following changes on top of upstream 4.17.2.0 release:

4.17.2.0-shapeblue1 packages repository

EL7: http://packages.shapeblue.com/cloudstack/upstream/el7/4.17/
EL8: http://packages.shapeblue.com/cloudstack/upstream/el8/4.17/
Debian: http://packages.shapeblue.com/cloudstack/upstream/debian/4.17/

Upgrade instructions

  • Applicability: this patch can be applied in an environment that has Apache CloudStack 4.17.2.0 installed
  • Recommended: Test the patch in your test/validation environment before upgrading to production
  • Backup your production DB dump before upgrading to this patch release
  • Check and upgrade any installed cloudstack 4.17.2.0 packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using rpm or yum localinstall.
  • Post upgrade, restart the upgraded services such as cloudstack-management
  • Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.17.2.0-shapeblue1

apache#6748

Steps to validate the fix

1.Create 2 domains
2.Create a network offering and associate with the 2 domains
3.Execute the list network oferring api call and pass both the domainid's
4.It should list the network offering assoicated with both domains

apache#7584

Steps to validate the fix

1.Enable vm.configdrive.force.host.cache.use in Global Configuration.
2.Create a L2 network with config drive
3.Deploy a vm with the L2 network created in previous step
4.Stop the vm and destroy vm (not expunge it)
5.Stop the cloudstack-agent on the KVM's host
6.Expunge the vm
7.The vm should get expunged without any issues

4.15.2.0-shapeblue3

17 Mar 12:53
Compare
Choose a tag to compare

This is a ShapeBlue customer patch release on top of the previous SB customer patch release 4.15.2.0-shapeblue2 and includes the following changes on top of upstream 4.15.2.0 release:

  • Fix storage cleanup corner case preventing VM deletion (apache#5575)
  • saml: Safer DocumentBuilderFactory and ParserPool configuration
  • VR: add rules for traffic between static nat and private gateway (apache#6153)
  • kvm: truncate vnc password to 8 chars (apache#6244)
  • kvm: Fix VM migration error due to VNC password on libvirt limiting versions (apache#6404)
  • Fix export snapshot and template to secondary storage to export only (apache#5510)
  • vmware: fix NPE for volume migration CLUSTER to ZONE-wide pool (apache#5582)

4.15.2.0-shapeblue3 packages repository

Upgrade instructions

  • Applicability: this patch can be applied in an environment that has Apache CloudStack 4.15.2.0 installed or one of the earlier ShapeBlue 4.15 patch releases
  • Recommended: Test the patch in your test/validation environment before upgrading to production
  • Backup your production DB dump before upgrading to this patch release
  • Check and upgrade any installed cloudstack 4.15.2.0 packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using rpm or yum localinstall.
  • Post upgrade, restart the upgraded services such as cloudstack-management and cloudstack-agent

Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.15.2.0-shapeblue3

4.17.0.1

18 Jul 13:27
4.17.0.1
Compare
Choose a tag to compare

This is a ShapeBlue customer patch release on top of the Apache CloudStack 4.17.0.1 release.

Full Changelog: 4.17.0.0...4.17.0.1

4.16.1.1-shapeblue1

18 Jul 13:18
4.16.1.1-shapeblue1
Compare
Choose a tag to compare

This is a ShapeBlue customer patch release on top of the Apache CloudStack 4.16.1.1 release that includes the following changes:

  • kvm: truncate vnc password to 8 chars (apache#6244)
  • kvm: Fix VM migration error due to VNC password on libvirt limiting versions (apache#6404)
  • kvm: Extract the IO_URING configuration into the agent.properties (apache#6253)
  • kvm: Enable IOURING only when it is available on the host (apache#6399)
  • VR: add rules for traffic between static nat and private gateway (apache#6153)
  • VR: Do not add iptables rules for the revoked ip addresses (apache#6189)
  • VR: add '-m ' for tcp or udp protocol (apache#6188)
  • Fix linux native bridge for SUSE in cloudutils (apache#6134)
  • Fix migration of VM with volume on Ubuntu (apache#6116)

Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.16.1.1-shapeblue1