Releases: shapeblue/cloudstack
4.18.1.1-shapeblue1 (LTS Security Release)
Advisories:
- https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.1-4.18.1.1
- https://www.shapeblue.com/apache-cloudstack-security-releases-4-18-1-1-and-4-19-0-1/
This is a ShapeBlue customer patch release that includes the following changes on top of upstream security 4.18.1.1 release:
- CVE-2024-29006 x-forwarded-for parsed by default
- CVE-2024-29007 When downloading templates or ISOs, the UI/SSVM follow http redirects with potentially dangerous consequences
- CVE-2024-29008 The extraconfig feature can be abused to load hypervisor resources on a VM instance
Additional changes:
- KVM volume snapshot backing file fix apache#8041
- KVM VM snapshot support for NFS and local storage apache#8062
- Fix non-admin logouts apache#8065
- Linstor disk offering fix apache#7952
- Linstor template volume fix apache#8082
- Linstor: fix template copy on non hyperconverged setups apache#8114
- 2FA setup fix apache#7972
- Fix VM snapshot size during storage capacity check apache#8101
- Create snapshot from VM snapshot for NFS/Local storage apache#8117
4.18.1.0-shapeblue1 packages repository
EL7: http://packages.shapeblue.com/cloudstack/upstream/el7/4.18/
EL8: http://packages.shapeblue.com/cloudstack/upstream/el8/4.18/
EL9: http://packages.shapeblue.com/cloudstack/upstream/el9/4.18/
Ubuntu/Debian: http://packages.shapeblue.com/cloudstack/upstream/debian/4.18/
Upgrade instructions
- Recommended: Test the patch in your test/validation environment before upgrading to production
- Backup your production DB dump before upgrading to this patch release
- Check and upgrade any installed cloudstack packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8, EL9 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using rpm or yum localinstall.
- Post upgrade, restart the upgraded services such as cloudstack-management and cloudstack-agent
- Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.18.1.1-shapeblue1
4.19.0.1-shapeblue0 (LTS Security Release)
Advisories:
- https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.1-4.18.1.1
- https://www.shapeblue.com/apache-cloudstack-security-releases-4-18-1-1-and-4-19-0-1/
This is a ShapeBlue customer patch release that is based on upstream security 4.19.0.1 release:
- CVE-2024-29006 x-forwarded-for parsed by default
- CVE-2024-29007 When downloading templates or ISOs, the UI/SSVM follow http redirects with potentially dangerous consequences
- CVE-2024-29008 The extraconfig feature can be abused to load hypervisor resources on a VM instance
4.19 packages repository
EL7: http://packages.shapeblue.com/cloudstack/upstream/el7/4.19/
EL8: http://packages.shapeblue.com/cloudstack/upstream/el8/4.19/
EL9: http://packages.shapeblue.com/cloudstack/upstream/el9/4.19/
Ubuntu/Debian: http://packages.shapeblue.com/cloudstack/upstream/debian/4.19/
Upgrade instructions
- Recommended: Test the patch in your test/validation environment before upgrading to production
- Backup your production DB dump before upgrading to this patch release
- Check and upgrade any installed cloudstack packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8, EL9 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using rpm or yum localinstall.
- Post upgrade, restart the upgraded services such as cloudstack-management and cloudstack-agent
- Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.19.0.1
4.18.1.0-shapeblue1
This is a ShapeBlue customer patch release that includes the following changes on top of upstream 4.18.1.0 release:
- KVM volume snapshot backing file fix apache#8041
- KVM VM snapshot support for NFS and local storage apache#8062
- Fix non-admin logouts apache#8065
- Linstor disk offering fix apache#7952
- Linstor template volume fix apache#8082
- Linstor: fix template copy on non hyperconverged setups apache#8114
- 2FA setup fix apache#7972
- Fix VM snapshot size during storage capacity check apache#8101
- Create snapshot from VM snapshot for NFS/Local storage apache#8117
4.18.1.0-shapeblue1 packages repository
EL7: http://packages.shapeblue.com/cloudstack/upstream/el7/4.18/
EL8: http://packages.shapeblue.com/cloudstack/upstream/el8/4.18/
EL9: http://packages.shapeblue.com/cloudstack/upstream/el9/4.18/
Debian: http://packages.shapeblue.com/cloudstack/upstream/debian/4.18/
Upgrade instructions
- Applicability: this patch can be applied in an environment that has Apache CloudStack 4.18.1.0 installed
- Recommended: Test the patch in your test/validation environment before upgrading to production
- Backup your production DB dump before upgrading to this patch release
- Check and upgrade any installed cloudstack packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8, EL9 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using rpm or yum localinstall.
- Post upgrade, restart the upgraded services such as cloudstack-management and cloudstack-agent
- Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.18.1.0-shapeblue1
4.17.2.0-shapeblue3
This is a ShapeBlue customer patch release that includes the following changes on top of 4.17.2.0-shapeblue2:
- KVM volume snapshot backing file fix apache#8041
- KVM VM snapshot support for NFS and local storage apache#8062
4.17.2.0-shapeblue3 packages repository
EL7: http://packages.shapeblue.com/cloudstack/upstream/el7/4.17/
EL8: http://packages.shapeblue.com/cloudstack/upstream/el8/4.17/
Debian: http://packages.shapeblue.com/cloudstack/upstream/debian/4.17/
Upgrade instructions
- Applicability: this patch can be applied in an environment that has Apache CloudStack 4.17.2.0-shapeblue2 installed
- Recommended: Test the patch in your test/validation environment before upgrading to production
- Backup your production DB dump before upgrading to this patch release
- Check and upgrade any installed cloudstack packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using rpm or yum localinstall.
- Post upgrade, restart the upgraded services such as cloudstack-management and cloudstack-agent
- Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.17.2.0-shapeblue3
4.17.2.0-shapeblue2
This is a ShapeBlue customer patch release that includes the following changes on top of upstream 4.17.2.0 release:
4.17.2.0-shapeblue2 packages repository
EL7: http://packages.shapeblue.com/cloudstack/upstream/el7/4.17/
EL8: http://packages.shapeblue.com/cloudstack/upstream/el8/4.17/
Debian: http://packages.shapeblue.com/cloudstack/upstream/debian/4.17/
Upgrade instructions
- Applicability: this patch can be applied in an environment that has Apache CloudStack 4.17.2.0 installed
- Recommended: Test the patch in your test/validation environment before upgrading to production
- Backup your production DB dump before upgrading to this patch release
- Check and upgrade any installed cloudstack 4.17.2.0 packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using rpm or yum localinstall.
- Post upgrade, restart the upgraded services such as cloudstack-management
- Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.17.2.0-shapeblue2
Steps to validate the fix
1.Create 2 domains
2.Create a network offering and associate with the 2 domains
3.Execute the list network oferring api call and pass both the domainid's
4.It should list the network offering assoicated with both domains
Steps to validate the fix
1.Enable vm.configdrive.force.host.cache.use in Global Configuration.
2.Create a L2 network with config drive
3.Deploy a vm with the L2 network created in previous step
4.Stop the vm and destroy vm (not expunge it)
5.Stop the cloudstack-agent on the KVM's host
6.Expunge the vm
7.The vm should get expunged without any issues
4.18.0.0-shapeblue1
This is a ShapeBlue customer patch release that includes the following changes on top of upstream 4.18.0.0 release:
4.18.0.0-shapeblue1 packages repository
EL7: http://packages.shapeblue.com/cloudstack/upstream/el7/4.18/
EL8: http://packages.shapeblue.com/cloudstack/upstream/el8/4.18/
EL9: http://packages.shapeblue.com/cloudstack/upstream/el9/4.18/
Debian: http://packages.shapeblue.com/cloudstack/upstream/debian/4.18/
Upgrade instructions
- Applicability: this patch can be applied in an environment that has Apache CloudStack 4.18.0.0 installed
- Recommended: Test the patch in your test/validation environment before upgrading to production
- Backup your production DB dump before upgrading to this patch release
- Check and upgrade any installed cloudstack 4.17.2.0 packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8, EL9 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using rpm or yum localinstall.
- Post upgrade, restart the upgraded services such as cloudstack-management
- Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.18.0.0-shapeblue1
Steps to validate the fix
1.Enable vm.configdrive.force.host.cache.use in Global Configuration.
2.Create a L2 network with config drive
3.Deploy a vm with the L2 network created in previous step
4.Stop the vm and destroy vm (not expunge it)
5.Stop the cloudstack-agent on the KVM's host
6.Expunge the vm
7.The vm should get expunged without any issues
4.17.2.0-shapeblue1
This is a ShapeBlue customer patch release that includes the following changes on top of upstream 4.17.2.0 release:
4.17.2.0-shapeblue1 packages repository
EL7: http://packages.shapeblue.com/cloudstack/upstream/el7/4.17/
EL8: http://packages.shapeblue.com/cloudstack/upstream/el8/4.17/
Debian: http://packages.shapeblue.com/cloudstack/upstream/debian/4.17/
Upgrade instructions
- Applicability: this patch can be applied in an environment that has Apache CloudStack 4.17.2.0 installed
- Recommended: Test the patch in your test/validation environment before upgrading to production
- Backup your production DB dump before upgrading to this patch release
- Check and upgrade any installed cloudstack 4.17.2.0 packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using rpm or yum localinstall.
- Post upgrade, restart the upgraded services such as cloudstack-management
- Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.17.2.0-shapeblue1
Steps to validate the fix
1.Create 2 domains
2.Create a network offering and associate with the 2 domains
3.Execute the list network oferring api call and pass both the domainid's
4.It should list the network offering assoicated with both domains
Steps to validate the fix
1.Enable vm.configdrive.force.host.cache.use in Global Configuration.
2.Create a L2 network with config drive
3.Deploy a vm with the L2 network created in previous step
4.Stop the vm and destroy vm (not expunge it)
5.Stop the cloudstack-agent on the KVM's host
6.Expunge the vm
7.The vm should get expunged without any issues
4.15.2.0-shapeblue3
This is a ShapeBlue customer patch release on top of the previous SB customer patch release 4.15.2.0-shapeblue2 and includes the following changes on top of upstream 4.15.2.0 release:
- Fix storage cleanup corner case preventing VM deletion (apache#5575)
- saml: Safer DocumentBuilderFactory and ParserPool configuration
- VR: add rules for traffic between static nat and private gateway (apache#6153)
- kvm: truncate vnc password to 8 chars (apache#6244)
- kvm: Fix VM migration error due to VNC password on libvirt limiting versions (apache#6404)
- Fix export snapshot and template to secondary storage to export only (apache#5510)
- vmware: fix NPE for volume migration CLUSTER to ZONE-wide pool (apache#5582)
4.15.2.0-shapeblue3 packages repository
- EL7: http://packages.shapeblue.com/cloudstack/upstream/el7/4.15/
- EL8: http://packages.shapeblue.com/cloudstack/upstream/el8/4.15/
- Debian: http://packages.shapeblue.com/cloudstack/upstream/debian/4.15/
Upgrade instructions
- Applicability: this patch can be applied in an environment that has Apache CloudStack 4.15.2.0 installed or one of the earlier ShapeBlue 4.15 patch releases
- Recommended: Test the patch in your test/validation environment before upgrading to production
- Backup your production DB dump before upgrading to this patch release
- Check and upgrade any installed cloudstack 4.15.2.0 packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using
rpm
oryum localinstall
. - Post upgrade, restart the upgraded services such as cloudstack-management and cloudstack-agent
Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.15.2.0-shapeblue3
4.17.0.1
This is a ShapeBlue customer patch release on top of the Apache CloudStack 4.17.0.1 release.
Full Changelog: 4.17.0.0...4.17.0.1
4.16.1.1-shapeblue1
This is a ShapeBlue customer patch release on top of the Apache CloudStack 4.16.1.1 release that includes the following changes:
- kvm: truncate vnc password to 8 chars (apache#6244)
- kvm: Fix VM migration error due to VNC password on libvirt limiting versions (apache#6404)
- kvm: Extract the IO_URING configuration into the agent.properties (apache#6253)
- kvm: Enable IOURING only when it is available on the host (apache#6399)
- VR: add rules for traffic between static nat and private gateway (apache#6153)
- VR: Do not add iptables rules for the revoked ip addresses (apache#6189)
- VR: add '-m ' for tcp or udp protocol (apache#6188)
- Fix linux native bridge for SUSE in cloudutils (apache#6134)
- Fix migration of VM with volume on Ubuntu (apache#6116)
Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.16.1.1-shapeblue1