4.18.1.1-shapeblue1 (LTS Security Release)
·
1282 commits
to main
since this release
Advisories:
- https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.1-4.18.1.1
- https://www.shapeblue.com/apache-cloudstack-security-releases-4-18-1-1-and-4-19-0-1/
This is a ShapeBlue customer patch release that includes the following changes on top of upstream security 4.18.1.1 release:
- CVE-2024-29006 x-forwarded-for parsed by default
- CVE-2024-29007 When downloading templates or ISOs, the UI/SSVM follow http redirects with potentially dangerous consequences
- CVE-2024-29008 The extraconfig feature can be abused to load hypervisor resources on a VM instance
Additional changes:
- KVM volume snapshot backing file fix apache#8041
- KVM VM snapshot support for NFS and local storage apache#8062
- Fix non-admin logouts apache#8065
- Linstor disk offering fix apache#7952
- Linstor template volume fix apache#8082
- Linstor: fix template copy on non hyperconverged setups apache#8114
- 2FA setup fix apache#7972
- Fix VM snapshot size during storage capacity check apache#8101
- Create snapshot from VM snapshot for NFS/Local storage apache#8117
4.18.1.0-shapeblue1 packages repository
EL7: http://packages.shapeblue.com/cloudstack/upstream/el7/4.18/
EL8: http://packages.shapeblue.com/cloudstack/upstream/el8/4.18/
EL9: http://packages.shapeblue.com/cloudstack/upstream/el9/4.18/
Ubuntu/Debian: http://packages.shapeblue.com/cloudstack/upstream/debian/4.18/
Upgrade instructions
- Recommended: Test the patch in your test/validation environment before upgrading to production
- Backup your production DB dump before upgrading to this patch release
- Check and upgrade any installed cloudstack packages (such as cloudstack-management, cloudstack-common, cloudstack-agent) using the above EL7, EL8, EL9 or Debian repositories. On some enviroments, you may also upgrade using downloaded rpms directly using rpm or yum localinstall.
- Post upgrade, restart the upgraded services such as cloudstack-management and cloudstack-agent
- Full Changelog: https://github.com/shapeblue/cloudstack/commits/4.18.1.1-shapeblue1