Skip to content

Apache CloudStack 4.18.2.1 (LTS Security Release)

Compare
Choose a tag to compare
@shwstppr shwstppr released this 05 Jul 13:31
· 1157 commits to main since this release

This is a security release that fixes the following on top of the 4.18.2.0 release:

  • CVE-2024-38346: Unauthenticated cluster service port leads to remote execution
  • CVE-2024-39864: Integration API service uses dynamic port when disabled

Advisory: https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1

Release notes: https://docs.cloudstack.apache.org/en/4.18.2.1/releasenotes
Installation docs: https://docs.cloudstack.apache.org/en/4.18.2.1/installguide
Upgrade docs: https://docs.cloudstack.apache.org/en/4.18.2.1/upgrading
Admin docs: https://docs.cloudstack.apache.org/en/4.18.2.1/adminguide
API docs: https://cloudstack.apache.org/api/apidocs-4.18