Releases · apache/cloudstack

08 May 13:12

4.22.0.1

4a59925

Apache CloudStack 4.22.0.1 (LTS Security Release) Latest

Latest

This is a security release that fixes the following on top of the 4.22.0.1 release:

CVE-2025-66170 Any user can list backups that they should not have access to. (severity 'Low')
CVE-2025-66171 Any user can create a new VM from backups they should not have access to (severity 'Important')
CVE-2025-66172 Any user can attach a volume in their VMs from backups they should not have access to (severity 'Important')
CVE-2025-66467 MinIO policy remains intact on bucket deletion (severity 'Important')
CVE-2025-69233 Domain/account resources limits not honored (severity 'Moderate')
CVE-2026-25077 Unauthenticated Command Injection in Direct Download Templates (severity 'Important')
CVE-2026-25199 Proxmox Extension Allows Unauthorized Cross-Tenant Instance Access(severity 'Moderate')

Advisory: https://cloudstack.apache.org/blog/security-release-advisory-4.20.3.0-4.22.0.1/

Release notes: https://docs.cloudstack.apache.org/en/4.22.0.1/releasenotes
Installation docs: https://docs.cloudstack.apache.org/en/4.22.0.1/installguide
Upgrade docs: https://docs.cloudstack.apache.org/en/4.22.0.1/upgrading
Admin docs: https://docs.cloudstack.apache.org/en/4.22.0.1/adminguide
API docs: https://cloudstack.apache.org/api/apidocs-4.22

Assets 2

17 Apr 08:12

abh1sar

4.20.3.0

c859904

Apache CloudStack 4.20.3.0 (LTS)

Apache CloudStack 4.20 maintenance release

Release notes: https://docs.cloudstack.apache.org/en/4.20.3.0/releasenotes
Installation docs: https://docs.cloudstack.apache.org/en/4.20.3.0/installguide
Upgrade docs: https://docs.cloudstack.apache.org/en/4.20.3.0/upgrading
Admin docs: https://docs.cloudstack.apache.org/en/4.20.3.0/adminguide
API docs: https://cloudstack.apache.org/api/apidocs-4.20

Assets 2

11 Nov 14:25

harikrishna-patnala

4.22.0.0

71f47d6

Apache CloudStack 4.22.0.0 (LTS)

Apache CloudStack 4.22.0.0 LTS release

Release notes: https://docs.cloudstack.apache.org/en/4.22.0.0/releasenotes
Installation docs: https://docs.cloudstack.apache.org/en/4.22.0.0/installguide
Upgrade docs: https://docs.cloudstack.apache.org/en/4.22.0.0/upgrading
Admin docs: https://docs.cloudstack.apache.org/en/4.22.0.0/adminguide
API docs: https://cloudstack.apache.org/api/apidocs-4.22

Assets 2

27 Oct 08:34

weizhouapache

4.20.2.0

4dc3931

Apache CloudStack 4.20.2.0 (LTS)

Apache CloudStack 4.20 maintenance release

Release notes: https://docs.cloudstack.apache.org/en/4.20.2.0/releasenotes
Installation docs: https://docs.cloudstack.apache.org/en/4.20.2.0/installguide
Upgrade docs: https://docs.cloudstack.apache.org/en/4.20.2.0/upgrading
Admin docs: https://docs.cloudstack.apache.org/en/4.20.2.0/adminguide
API docs: https://cloudstack.apache.org/api/apidocs-4.20

Assets 2

29 Aug 04:57

sureshanaparti

4.21.0.0

f9513b4

Apache CloudStack 4.21.0.0 (Regular)

Apache CloudStack Regular Release 4.21.0.0

Release notes: https://docs.cloudstack.apache.org/en/4.21.0.0/releasenotes
Installation docs: https://docs.cloudstack.apache.org/en/4.21.0.0/installguide
Upgrade docs: https://docs.cloudstack.apache.org/en/4.21.0.0/upgrading
Admin docs: https://docs.cloudstack.apache.org/en/4.21.0.0/adminguide
API docs: https://cloudstack.apache.org/api/apidocs-4.21

Assets 2

10 Jun 14:51

Pearl1594

4.20.1.0

c61a5eb

Apache CloudStack 4.20.1.0 (LTS)

Apache CloudStack 4.20 maintenance release

Release notes: https://docs.cloudstack.apache.org/en/4.20.1.0/releasenotes
Installation docs: https://docs.cloudstack.apache.org/en/4.20.1.0/installguide
Upgrade docs: https://docs.cloudstack.apache.org/en/4.20.1.0/upgrading
Admin docs: https://docs.cloudstack.apache.org/en/4.20.1.0/adminguide
API docs: https://cloudstack.apache.org/api/apidocs-4.20

This LTS release includes fixes for the following security issues:

CVE-2025-26521: CKS cluster in project exposes user API keys
CVE-2025-30675: Unauthorised template/ISO list access to the domain/resource admins
CVE-2025-47713: Domain Admin can reset Admin password in Root Domain
CVE-2025-47849: Insecure access of user's API/Secret Keys in the same domain
CVE-2025-22829: Unauthorised access to dedicated resources in Quota plugin

Advisory: https://cloudstack.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0

Assets 2

10 Jun 14:50

Pearl1594

4.19.3.0

0c7d471

Apache CloudStack 4.19.3.0 (LTS)

Apache CloudStack 4.19 maintenance release

Release notes: https://docs.cloudstack.apache.org/en/4.19.3.0/releasenotes
Installation docs: https://docs.cloudstack.apache.org/en/4.19.3.0/installguide
Upgrade docs: https://docs.cloudstack.apache.org/en/4.19.3.0/upgrading
Admin docs: https://docs.cloudstack.apache.org/en/4.19.3.0/adminguide
API docs: https://cloudstack.apache.org/api/apidocs-4.19

This LTS release includes fixes for the following security issues:

CVE-2025-26521: CKS cluster in project exposes user API keys
CVE-2025-30675: Unauthorised template/ISO list access to the domain/resource admins
CVE-2025-47713: Domain Admin can reset Admin password in Root Domain
CVE-2025-47849: Insecure access of user's API/Secret Keys in the same domain

Advisory: https://cloudstack.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0

Assets 2