Skip to content

Apache CloudStack 4.19.0.2 (LTS Security Release)

Compare
Choose a tag to compare
@shwstppr shwstppr released this 05 Jul 13:32
· 806 commits to main since this release

This is a security release that fixes the following on top of the 4.19.0.1 release:

  • CVE-2024-38346: Unauthenticated cluster service port leads to remote execution
  • CVE-2024-39864: Integration API service uses dynamic port when disabled

Advisory: https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1

Release notes: https://docs.cloudstack.apache.org/en/4.19.0.2/releasenotes
Installation docs: https://docs.cloudstack.apache.org/en/4.19.0.2/installguide
Upgrade docs: https://docs.cloudstack.apache.org/en/4.19.0.2/upgrading
Admin docs: https://docs.cloudstack.apache.org/en/4.19.0.2/adminguide
API docs: https://cloudstack.apache.org/api/apidocs-4.19