github-actions[bot] opened a new issue, #13317: URL: https://github.com/apache/cloudstack/issues/13317
## ๐ Apache CloudStack Daily Status โ June 1, 2026 ### ๐ Recent Release **[Apache CloudStack 4.22.1.0 (LTS)](https://github.com/apache/cloudstack/releases/tag/4.22.1.0)** was released on May 26, 2026! ๐ This is the latest maintenance release for the 4.22 LTS line. Users on 4.22.0.1 (the security release from May 8) are encouraged to upgrade. --- ### โ Merged PRs This Week (May 25 โ June 1) | # | Title | Author | |---|-------|--------| | [`#13278`](https://github.com/apache/cloudstack/pull/13278) | Update GitHub AW actions | vishesh92 | | [`#13246`](https://github.com/apache/cloudstack/pull/13246) | Add GaOrtiga to collaborators ๐ | GaOrtiga | | [`#13238`](https://github.com/apache/cloudstack/pull/13238) | docs: Note MariaDB support in README | robertsilen | | [`#13215`](https://github.com/apache/cloudstack/pull/13215) | Bump github-actions-dependencies (dependabot) | dependabot | | [`#13210`](https://github.com/apache/cloudstack/pull/13210) | Convert command timeout for snapshot commands | erikbocks | | [`#13204`](https://github.com/apache/cloudstack/pull/13204) | Fix local upload from browser (SSVM cert not trusted) | abh1sar | | [`#13180`](https://github.com/apache/cloudstack/pull/13180) | Fix Instance Backup related events | abh1sar | | [`#13078`](https://github.com/apache/cloudstack/pull/13078) | fix(linstor): surface ambiguous template fallbacks & legacy orphan cleanup | jmsperu | | [`#13050`](https://github.com/apache/cloudstack/pull/13050) | flasharray: fall back to array capacity when pod has no quota | genegr | | [`#13021`](https://github.com/apache/cloudstack/pull/13021) | Fix validation of CPVM states in multiple zones | Tonitzpp | | [`#12961`](https://github.com/apache/cloudstack/pull/12961) | Refactor Quota balance | winterhazel | | [`#12774`](https://github.com/apache/cloudstack/pull/12774) | Refactor GitHub actions | vishesh92 | Great velocity this week โ **12 PRs merged** covering bug fixes, storage plugins, CI improvements, and docs! ๐ช --- ### ๐ฅ Hot Issues Today (June 1) Several **security-related issues** were filed today by `@YLChen-007`, covering potential log/credential exposure areas: - [`#13311`](https://github.com/apache/cloudstack/issues/13311) โ `ApiServlet` logs duplicate sensitive query parameters - [`#13309`](https://github.com/apache/cloudstack/issues/13309) โ `Script.java` command sanitization - [`#13308`](https://github.com/apache/cloudstack/issues/13308) โ Plaintext password in OVM3 hypervisor config - [`#13307`](https://github.com/apache/cloudstack/issues/13307) โ VM user-data/SSH key log exposure (Baremetal KVM) - [`#13306`](https://github.com/apache/cloudstack/issues/13306) โ Keystore credentials in SSHCmdHelper logs - [`#13305`](https://github.com/apache/cloudstack/issues/13305) โ SSL private key plaintext exposure - [`#13304`](https://github.com/apache/cloudstack/issues/13304) โ Sensitive auth credentials in system logs - [`#13303`](https://github.com/apache/cloudstack/issues/13303) โ Credential exposure via parameter map serialization - [`#13302`](https://github.com/apache/cloudstack/issues/13302) โ VM snapshot VNC password loss leading to unauthenticated console - [`#13301`](https://github.com/apache/cloudstack/issues/13301) โ Password leak in async job status update logging - [`#13300`](https://github.com/apache/cloudstack/issues/13300) โ Plaintext CIFS storage credential leakage in logs โ ๏ธ **Maintainers: These security issues deserve prompt triage.** Please follow [Apache Security Policy]((www.apache.org/redacted) for handling, and consider whether any should be reported privately. Other new issues: - [`#13265`](https://github.com/apache/cloudstack/issues/13265) โ `distutils` warnings when upgrading to 4.22.1.0 - [`#13314`](https://github.com/apache/cloudstack/issues/13314) โ CEPH/Backup mount error: no MDS up - [`#13313`](https://github.com/apache/cloudstack/issues/13313) โ Show VM name in backup events --- ### ๐ Notable Open PRs Needing Review - [`#12403`](https://github.com/apache/cloudstack/pull/12403) โ Fix host metrics on overprovisioning change *(vishesh92)* - [`#12330`](https://github.com/apache/cloudstack/pull/12330) โ Constrained offerings should not have CPU speed of 0 *(DaanHoogland)* - [`#12606`](https://github.com/apache/cloudstack/pull/12606) โ Fix duplicate RUNNING_VM helper record on repeated VM.START events - [`#12425`](https://github.com/apache/cloudstack/pull/12425) โ Add errorprone 2.24.1 static analysis + GitHub Action *(Pearl1594)* - [`#11800`](https://github.com/apache/cloudstack/pull/11800) โ Use `ip` structured data for default route detection --- ### ๐ฏ Recommendations for Maintainers 1. **๐ Triage the security issues** filed today โ assess severity and handle via proper disclosure channels if confirmed. 2. **๐ฆ Help upgrade-path users** โ the 4.22.1.0 upgrade from 4.22.0.1 has a reported `distutils` warning; worth a quick fix. 3. **๐ Review queued PRs** โ several solid bug-fix PRs have been waiting for a second review. 4. **๐ก๏ธ Consider a CI security scan** โ the volume of potential log-exposure issues suggests a systematic log-scrubbing pass could be valuable. --- *Generated automatically on 2026-06-01. Data reflects GitHub activity as of report time.* > Generated by [Repo Status](https://github.com/apache/cloudstack/actions/runs/26780613756) ยท sonnet46 693.2K ยท [โท](https://github.com/search?q=repo%3Aapache%2Fcloudstack+is%3Aissue+%22gh-aw-workflow-call-id%3A+apache%2Fcloudstack%2Fdaily-repo-status%22&type=issues) > <details> <summary>Add this agentic workflows to your repo</summary> To install this agentic workflow, run ``` gh aw add githubnext/agentics/workflows/repo-status.md@main ``` </details> <!-- gh-aw-agentic-workflow: Repo Status, engine: copilot, version: 1.0.52, model: claude-sonnet-4.6, id: 26780613756, workflow_id: daily-repo-status, run: https://github.com/apache/cloudstack/actions/runs/26780613756 --> <!-- gh-aw-workflow-id: daily-repo-status --> <!-- gh-aw-workflow-call-id: apache/cloudstack/daily-repo-status --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
