Mature Open Source Enterprise Cloud platform powers billions of dollars in transactions for the world's largest Cloud providers.

Wakefield, MA - 24 Sept 2019. The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today Apache® CloudStack® v4.13, the latest version of the turnkey enterprise Cloud orchestration platform.

The Apache CloudStack project is pleased to announce the release of CloudStack 4.11.3.0 as part of its LTS 4.11.x releases. The CloudStack 4.11.3.0 release contains c. 50 fixes on top of the CloudStack 4.11.2.0 release. CloudStack LTS branches are supported for 20 months and will receive updates for the first 14 months. For the final six months, only security updates are provided.

The Apache^® CloudStack^® project is pleased to announce the release of the CloudStack 4.12.0.0. The CloudStack version 4.12.0.0 is a 4.12 non-LTS release, adding multiple features for those who want to access a fresh CloudStack prior to the next LTS. The release 4.12.0.0 combines 12 months of work and adds +200 commits, with multiple new features and fixes.

The original CloudMonkey was contributed to the Apache CloudStack project on 31 Oct 2012 under the Apache License 2.0. It is written in Python and shipped using the Python CheeseShop, and since its inception has gone through several refactors and rewrites. While this has worked well over the years, the installation and usage have been limited to just a few modern platforms due to the dependency on Python 2.7, meaning it is hard to install on older distributions such as CentOS6.

Announcing Apache CloudStack LTS Maintenance Release 4.11.2.0

The Apache CloudStack project is pleased to announce the release of CloudStack 4.11.2.0 as part of its LTS 4.11.x releases. The CloudStack 4.11.2.0 release contains more than 70 fixes since the CloudStack 4.11.1.0 release. CloudStack LTS branches are supported for 20 months and will receive updates for the first 14 months. For the final six months only security updates are provided.

The Apache CloudStack project is pleased to announce the release of CloudStack 4.11.1.0 as part of its LTS 4.11.x releases. The CloudStack 4.11.1.0 release contains more than 130 fixes since the CloudStack 4.11.0.0 release. CloudStack LTS branches are supported for 20 months and will receive updates for the first 14 months. For the final six months only security updates are provided.

Recently, a number of security flaws were recently found in the DNSMasq tool. This tool is used by many systems to provide DNS and DHCP services, including by the CloudStack System VMs.

According to Google’s investigation into the software, out of seven issues, three — CVE-2017-14491, CVE-2017-14492, and CVE-2017-14493 — are remote code execution flaws caused by heap buffer overflow and stack buffer overflow errors through DHCP and DNS vectors.

The CloudStack security team recently received notice of a significant vulnerability in a CloudStack API call - registerUserKeys. The original intention for this call was for it to only be exposed for integration work - eg not to the public network in general. A weakness in the API call's implementation allows a malicious user to reset the API keys for other users on the system, thus accessing resources and services available to that user. We have released CloudStack versions 4.8.1.1 and 4.9.0.1 with patches for this issue. More details about the release can be read on the official announcement post.

The first Apache CloudStack™ Collab conference of 2016 on June 1-3 2016 in beautiful Montreal, Canada. This conference is aimed at developers, operators and users to discuss and evolve the open source software project, its functionality and real world operability. Part talks, part workshops, part hackathon, this event will present a great opportunity for attendees and sponsors alike. CloudOps is thrilled to host this conference at its event space, Centre cloud.ca in the heart of the city.

Today I sent out two CloudStack-related security advisories: CVE-2015-3251 (related to VM credential exposure) and CVE-2015-3252 (related to VNC authentication). Details about these issues can be found on the CloudStack user and dev mailing lists, as well as on the Full Disclosure and BUGTRAQ security mailing lists.