Releases · apache/cloudstack · GitHub
November 12, 2024 at 12:00 AMai_discoveryinfo
Product
Grommet
frameworksfrontendjavascript
Update Details
Comprehensive information about this update
Full Content
Release Notes
Apache CloudStack 4.20 maintenance release Release notes: https://docs.cloudstack.apache.org/en/4.20.1.0/releasenotes Installation docs: https://docs.cloudstack.apache.org/en/4.20.1.0/installguide Upgrade docs: https://docs.cloudstack.apache.org/en/4.20.1.0/upgrading Admin docs: https://docs.cloudstack.apache.org/en/4.20.1.0/adminguide API docs: https://cloudstack.apache.org/api/apidocs-4.20 This LTS release includes fixes for the following security issues: CVE-2025-26521: CKS cluster in project exposes user API keys CVE-2025-30675: Unauthorised template/ISO list access to the domain/resource admins CVE-2025-47713: Domain Admin can reset Admin password in Root Domain CVE-2025-47849: Insecure access of user's API/Secret Keys in the same domain CVE-2025-22829: Unauthorised access to dedicated resources in Quota plugin Advisory: https://cloudstack.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0
Published At
Tuesday, November 12, 2024
12:00:00 AM
Discovered At
Monday, August 25, 2025
10:25:56 PM
Confidence
1