[PR] Adding --> Add for the object storage [cloudstack-documentation]
andrijapanicsb opened a new pull request, #389: URL: https://github.com/apache/cloudstack-documentation/pull/389 Link inside the ACS UI points to: http://docs.cloudstack.apache.org/en/latest/installguide/configuration.html#add-object-storage i.e. use word "add" not "adding" - easier to fix docs than the UI.  -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Add doc for importing and unmanaging volumes [cloudstack-documentation]
weizhouapache opened a new pull request, #390: URL: https://github.com/apache/cloudstack-documentation/pull/390 this is the document for [apache/cloudstack#8808](https://github.com/apache/cloudstack/pull/8808) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Add doc for importing and unmanaging volumes [cloudstack-documentation]
weizhouapache commented on PR #390: URL: https://github.com/apache/cloudstack-documentation/pull/390#issuecomment-2034520666 https://cloudstack-documentation--390.org.readthedocs.build/en/390/adminguide/storage.html#importing-and-unmanaging-volumes-from-storage-pools -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Participate in the ASF 25th Anniversary Campaign
Hi everyone, As part of The ASF’s 25th anniversary campaign[1], we will be celebrating projects and communities in multiple ways. We invite all projects and contributors to participate in the following ways: * Individuals - submit your first contribution: https://news.apache.org/foundation/entry/the-asf-launches-firstasfcontribution-campaign * Projects - share your public good story: https://docs.google.com/forms/d/1vuN-tUnBwpTgOE5xj3Z5AG1hsOoDNLBmGIqQHwQT6k8/viewform?edit_requested=true * Projects - submit a project spotlight for the blog: https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=278466116 * Projects - contact the Voice of Apache podcast (formerly Feathercast) to be featured: https://feathercast.apache.org/help/ * Projects - use the 25th anniversary template and the #ASF25Years hashtag on social media: https://docs.google.com/presentation/d/1oDbMol3F_XQuCmttPYxBIOIjRuRBksUjDApjd8Ve3L8/edit#slide=id.g26b0919956e_0_13 If you have questions, email the Marketing & Publicity team at mark...@apache.org. Peace, BKP [1] https://apache.org/asf25years/ [NOTE: You are receiving this message because you are a contributor to an Apache Software Foundation project. The ASF will very occasionally send out messages relating to the Foundation to contributors and members, such as this one.] Brian Proffitt VP, Marketing & Publicity VP, Conferences
Community over Code EU 2024: Start planning your trip!
[Note: You're receiving this email because you are subscribed to one or more project dev@ mailing lists at the Apache Software Foundation.] Dear community, We hope you are doing great, are you ready for Community Over Code EU? Check out the featured sessions, get your tickets with special discounts and start planning your trip. Save your spot! Take a look at our lineup of sessions, panelists and featured speakers and make your final choice: * EU policies and regulations affecting open source specialists working in OSPOs The panel will discuss how EU legislation affects the daily work of open source operations. Panelists will cover some recent policy updates, the challenges of staying compliant when managing open source contribution and usage within organizations, and their personal experiences in adapting to the changing European regulatory environment. * Doing for sustainability, what open source did for software In this keynote Asim Hussain will explain the history of Impact Framework, a coalition of hundreds of software practitioners with tangible solutions that directly foster meaningful change by measuring the environmental impacts of a piece of software. Don’t forget that we have special discounts for groups, students and Apache committers. Visit the website to discover more about these rates.[1] It's time for you to start planning your trip. Remember that we have prepared a “How to get there” guide that will be helpful to find out the best transportation, either train, bus, flight or boat to Bratislava from wherever you are coming from. Take a look at the different options and please reach out to us if you have any questions. We have available rooms -with a special rate- at the Radisson Blu Carlton Hotel, where the event will take place and at the Park Inn Hotel which is only 5 minutes walking from the venue. [2] However, you are free to choose any other accommodation options around the city. See you in Bratislava, Community Over Code EU Team [1]: https://eu.communityovercode.org/tickets/ "Register" [2]: https://eu.communityovercode.org/venue/ "Where to stay"
[ADVISORY] Apache CloudStack Security Releases 4.18.1.1 and 4.19.0.1
Apache CloudStack security releases 4.18.1.1 and 4.19.0.1 address the CVEs listed below. Affected users are recommended to upgrade their CloudStack installations. 1. CVE-2024-29006: x-forwarded-for HTTP header parsed by default Severity: moderate Description: By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Affected versions: Apache CloudStack 4.11.0.0 through 4.18.1.0, and 4.19.0.0 Credit: Yuyang Xiao (finder) https://www.cve.org/CVERecord?id=CVE-2024-29006 2. CVE-2024-29007: When downloading templates or ISOs, the management server and SSVM follow HTTP redirects with potentially dangerous consequences Severity: moderate Affected versions: Apache CloudStack 4.9.1.0 through 4.18.1.0, and 4.19.0.0 Description: The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue. Credit: Yuyang Xiao (finder) https://www.cve.org/CVERecord?id=CVE-2024-29007 3. CVE-2024-29008: The extraconfig feature can be abused to load hypervisor resources on a VM instance Severity: critical Affected versions: Apache CloudStack 4.14.0.0 through 4.18.1.0, and 4.19.0.0 Description: A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not explicitly enabled by the administrator. In a KVM based CloudStack environment, an attacker can exploit this issue to attach host devices such as storage disks, and PCI and USB devices such as network adapters and GPUs, in a regular VM instance that can be further exploited to gain access to the underlying network and storage infrastructure resources, and access any VM instance disks on the local storage. Credit: Wei Zhou (finder) https://www.cve.org/CVERecord?id=CVE-2024-29008 --
Re: [VOTE] Release Apache CloudStack Terraform Provider v0.5.0
Hi All, Reminder – terraform 0.5.0 is up for testing and voting. Regards. Kiran From: Rohit Yadav Date: Wednesday, 3 April 2024 at 9:43 AM To: dev@cloudstack.apache.org , us...@cloudstack.apache.org Subject: Re: [VOTE] Release Apache CloudStack Terraform Provider v0.5.0 +1 (binding) Tested vm deployment using 0.5.0-pre. Regards. From: Kiran Chavala Sent: Tuesday, April 2, 2024 2:55:40 PM To: dev@cloudstack.apache.org ; us...@cloudstack.apache.org Subject: [VOTE] Release Apache CloudStack Terraform Provider v0.5.0 Hi ALL I've created a CloudStack Terraform Provider v0.5.0 release, with the following artifacts up for a vote: Git Branch and Commit SH: https://github.com/cloudstack/terraform-provider-cloudstack Commit: 7c682bf17bebf40837a30ebcca811fc7b8785a15 Source release (checksums and signatures are available at the same location): https://dist.apache.org/repos/dist/dev/cloudstack/terraform-provider-0.5.0/ PGP release keys (signed using E03379CB066175FAC2BC9E027B3F1C5E93F97FAB): https://dist.apache.org/repos/dist/release/cloudstack/KEYS Vote will be open for 72 hours. For sanity in tallying the vote, can PMC members please be sure to indicate "(binding)" with their vote? [ ] +1 approve [ ] +0 no opinion [ ] -1 disapprove (and reason why) For users convenience, they can use this 0.5.0-pre build https://registry.terraform.io/providers/cloudstack/cloudstack/0.5.0-pre for testing purposes. The binaries are here: https://github.com/apache/cloudstack-terraform-provider/releases/tag/v0.5.0-pre Regards Kiran Chavala
