Skip to content

Apache CloudStack 4.19.1.2 (LTS Security Release)

Compare
Choose a tag to compare
@GutoVeronezi GutoVeronezi released this 15 Oct 18:35
· 536 commits to main since this release
4.19.1.2
18fe422

This is a security release that fixes the following on top of the 4.19.1.1 release:

  • CVE-2024-45219: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure
  • CVE-2024-45461: Access checks not enforced in Quota
  • CVE-2024-45462: Incomplete session invalidation on web interface logout
  • CVE-2024-45693: Request origin validation bypass makes account takeover possible

Advisory: https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2

Release notes: https://docs.cloudstack.apache.org/en/4.19.1.2/releasenotes
Installation docs: https://docs.cloudstack.apache.org/en/4.19.1.2/installguide
Upgrade docs: https://docs.cloudstack.apache.org/en/4.19.1.2/upgrading
Admin docs: https://docs.cloudstack.apache.org/en/4.19.1.2/adminguide
API docs: https://cloudstack.apache.org/api/apidocs-4.19

Assets 2
Loading