The Apache CloudStack project announces the LTS release of 4.19.3.0 and 4.20.1.0 that address the following security issues:

• CVE-2025-26521 (severity 'Critical')
• CVE-2025-30675 (severity 'Low')
• CVE-2025-47713 (severity 'Critical')
• CVE-2025-47849 (severity 'Moderate')
• CVE-2025-22829 (severity 'Low')

The Apache CloudStack project is pleased to announce the release of CloudStack 4.19.3.0 and 4.20.1.0.

The CloudStack releases 4.19.3.0 and 4.20.1.0 are maintenance releases as part of their 4.19.x and 4.20.x LTS branches respectively. CloudStack release 4.19.3.0 contains more than 120 fixes and improvements since CloudStack 4.19.2.0 and CloudStack 4.20.1.0 contains more than 150 fixes and improvements since CloudStack 4.20.0.0 release.

The Apache CloudStack project is pleased to announce the release of CloudStack 4.19.2.0.

CVE-2025-22828: Unauthorised access to annotations​

Severity: Low

Affected versions:

• Apache CloudStack 4.16.0 or later

Description:​

CloudStack users can add and read comments (annotations) on resources they are authorised to access.

Apache CloudStack LTS Release 4.20.0.0

The Apache CloudStack project is pleased to announce the release of CloudStack 4.20.0.0.

Apache CloudStack 4.20 is the most recent release of the cloud management platform. It comes as a product of extensive contributions from the development community and is a LTS release, guaranteeing ongoing maintenance and support for a period of 18 months

The Apache CloudStack project announces the release of LTS security releases 4.18.2.5 and 4.19.1.3 that address the following security issues:

• CVE-2024-50386 (severity 'Important')

The Apache CloudStack project announces the release of LTS security releases 4.18.2.4 and 4.19.1.2 that address the following security issues:

• CVE-2024-45219 (severity 'Important')
• CVE-2024-45461 (severity 'Moderate')
• CVE-2024-45462 (severity 'Moderate')
• CVE-2024-45693 (severity 'Important')

Apache CloudStack project announces the release of LTS security releases 4.18.2.3 and 4.19.1.1 that address CVE-2024-42062 and CVE-2024-42222, both of severity rating 'critical', explained below.

The Apache CloudStack project is pleased to announce the release of CloudStack 4.19.1.0.

The CloudStack 4.19.1.0 release is a maintenance release as part of its 4.19.x LTS branch and contains more than 300 fixes and improvements since the CloudStack 4.19.0.0 release. Some of the highlights include:

Apache CloudStack project announces the release of LTS security releases 4.19.1.0 and 4.18.2.2 that addresses CVE-2024-41107 that affects CloudStack SAML users, of severity 'important' explained below.