All, Since this CVE was a severe issue and there are several CloudStack 4.5.x users who may still want a patch, I've went ahead and cherry-picked Marc's CVE fix on top of last release 4.5.2.1 to create a community-backed 4.5.2.2 tag [1] that can be used by anyone to build packages. This was not officially voted and I've added a note on this tag as well. The git history may be viewed to see what exactly was changed.
[1] https://github.com/apache/cloudstack/releases/tag/4.5.2.2 Regards. On Thu, Oct 27, 2016 at 9:37 AM, Rohit Yadav <bhais...@apache.org> wrote: > # Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1 > > The Apache CloudStack project announces security releases 4.8.1.1, 4.9.0.1 > that fixes the bug causing vulnerability over previously released minor > versions 4.8.1 and 4.9.0 respectively. As a security release, no new > features are included but only includes the fix for CVE-2016-6813. > > Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS) > software platform that allows users to build feature-rich public and > private cloud environments. CloudStack includes an intuitive user interface > and rich API for managing the compute, networking, software, and storage > resources. The project became an Apache top level project in March 2013. > > More information about Apache CloudStack can be found at: > > http://cloudstack.apache.org/ > > ## Upgrade Notes > > Affected users are only required to upgrade their management server(s) to > suitable security release version. The upgrade does not require any > database or systemvm-template related change. > > ## Downloads > > The official source code release can be downloaded from: > > http://cloudstack.apache.org/downloads.html > > In addition to the official source code release, individual contributors > have also made convenience binaries available on the Apache CloudStack > download page, and as follows: > > http://www.shapeblue.com/packages/ > http://cloudstack.apt-get.eu/ubuntu/dists/ (packages to be published soon) > http://cloudstack.apt-get.eu/centos/6/ (packages to be published soon) > http://cloudstack.apt-get.eu/centos/7/ (packages to be published soon) > > ### > > Regards, > Rohit Yadav >
