Skip to content

Apache CloudStack 4.18.1.1 (LTS Security Release)
Compare
Choose a tag to compare
@rohityadavcloud rohityadavcloud released this 04 Apr 05:23
· 1270 commits to main since this release
4.18.1.1
This tag was signed with the committer’s verified signature.
rohityadavcloud Rohit Yadav
GPG key ID: 484248210EE3D884
Learn about vigilant mode.
b28f3cd

This is a security release the fixes the following on top of 4.18.1.0 release:

  • CVE-2024-29006 x-forwarded-for parsed by default
  • CVE-2024-29007 When downloading templates or ISOs, the UI/SSVM follow http redirects with potentially dangerous consequences
  • CVE-2024-29008 The extraconfig feature can be abused to load hypervisor resources on a VM instance

Advisory: https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.1-4.18.1.1

Assets 2
Loading