github-actions[bot] opened a new issue, #13333: URL: https://github.com/apache/cloudstack/issues/13333
## ☁️ Apache CloudStack — Daily Status Report *Generated: June 3, 2026* --- ## 🚀 Latest Release **[Apache CloudStack 4.22.1.0 (LTS)](https://github.com/apache/cloudstack/releases/tag/4.22.1.0)** — released May 26, 2026 🎉 The latest 4.22 LTS maintenance release is live! Users on 4.22.0.1 (the May 8 security release) should plan their upgrade. --- ## 🔥 New Issues Filed Today (June 3) | # | Title | |---|-------| | [`#13331`](https://github.com/apache/cloudstack/issues/13331) | Blank volume snapshots list after VM deletion | | [`#13329`](https://github.com/apache/cloudstack/issues/13329) | Zone wizard — unable to re-add a host after a failed addition | | [`#13328`](https://github.com/apache/cloudstack/issues/13328) | Provide an option to delete the SystemVM template | | [`#13326`](https://github.com/apache/cloudstack/issues/13326) | No option to update the Bucket region | | [`#13324`](https://github.com/apache/cloudstack/issues/13324) | Missing event: `ErrorinPrepareForMaintenance` | Good variety of UX and functionality bug reports — the community is actively testing! 🧪 --- ## ⚠️ Security Issues — Ongoing Triage Needed A batch of **~10 security issues** was filed on June 2 by `@YLChen-007`, covering **plaintext credential/password exposure in log files** across multiple subsystems: - IPMI Tool plaintext passwords ([`#13296`](https://github.com/apache/cloudstack/issues/13296)) - Keystore password & CIFS credentials in SSH logs ([`#13297`](https://github.com/apache/cloudstack/issues/13297)) - Sensitive data in Baremetal PING PXE resources ([`#13298`](https://github.com/apache/cloudstack/issues/13298)) - Plaintext CIFS credential leakage ([`#13300`](https://github.com/apache/cloudstack/issues/13300)) - Password leak in async job status logging ([`#13301`](https://github.com/apache/cloudstack/issues/13301)) - VM Snapshot VNC password loss ([`#13302`](https://github.com/apache/cloudstack/issues/13302)) - Credential exposure via parameter map serialization ([`#13303`](https://github.com/apache/cloudstack/issues/13303)) - Sensitive credentials in system logs ([`#13304`](https://github.com/apache/cloudstack/issues/13304)) - Keystore & SSL private key plaintext exposure ([`#13305`](https://github.com/apache/cloudstack/issues/13305)) > 💡 **Maintainers:** These issues share a common theme — log sanitization. A consolidated tracking issue and coordinated fix pass would be highly efficient. Please follow [Apache Security Policy]((www.apache.org/redacted) for handling confirmed vulnerabilities. --- ## 🔀 Open Pull Requests — Needs Your Eyes 👀 There are **20 open PRs**, several of which have been waiting a while: | # | Title | Author | Last Updated | |---|-------|--------|-------------| | [`#12403`](https://github.com/apache/cloudstack/pull/12403) | Fix host metrics on overprovisioning change | vishesh92 | Feb 16 | | [`#12606`](https://github.com/apache/cloudstack/pull/12606) | Fix duplicate RUNNING_VM helper record on repeated VM.START | SURYAS1306 | Feb 27 | | [`#12425`](https://github.com/apache/cloudstack/pull/12425) | Add errorprone 2.24.1 static analysis + GitHub Action | Pearl1594 | Mar 10 | | [`#12419`](https://github.com/apache/cloudstack/pull/12419) | Fix issues found by Errorprone | Pearl1594 | Mar 12 | | [`#12410`](https://github.com/apache/cloudstack/pull/12410) | Enhance DHCP with lease timeout support | NVShawn | Mar 17 | | [`#12695`](https://github.com/apache/cloudstack/pull/12695) | server: ignore projectid=-1 for finding owner | shwstppr | Mar 16 | | [`#11800`](https://github.com/apache/cloudstack/pull/11800) | Use `ip` structured data for default route detection | mosys0815 | May 11 | Several dependabot dependency bumps are also pending ([`#12684`](https://github.com/apache/cloudstack/pull/12684), [`#12543`](https://github.com/apache/cloudstack/pull/12543), [`#12744`](https://github.com/apache/cloudstack/pull/12744), [`#12746`](https://github.com/apache/cloudstack/pull/12746)). --- ## 📊 Project Health Snapshot | Metric | Status | |--------|--------| | Latest release | ✅ 4.22.1.0 LTS (May 26) | | Open PRs | 20 open, several awaiting first review | | Security issues backlog | ⚠️ ~10 new log-exposure issues need triage | | Dependency hygiene | 🟡 4 dependabot PRs pending merge | | Issue activity | 🟢 Active — 5 new issues today | --- ## 🎯 Recommended Actions for Maintainers 1. **🔴 Security triage** — Assign and review the credential-exposure issues from `@YLChen-007`; consider a unified log-sanitization tracking issue 2. **🟡 Clear the PR queue** — Several PRs from Q1 2026 are still open; a review sprint would clear the backlog 3. **🟢 Merge dependabot PRs** — Four dependency update PRs are ready and low-risk 4. **🔍 Investigate `#13331`** — The blank volume snapshots bug is a regression affecting users on 4.22.1.0 and deserves prompt attention --- *Keep up the excellent work, Apache CloudStack community! ☁️⚡* > Generated by [Repo Status](https://github.com/apache/cloudstack/actions/runs/26910618425) · sonnet46 663.1K · [◷](https://github.com/search?q=repo%3Aapache%2Fcloudstack+is%3Aissue+%22gh-aw-workflow-call-id%3A+apache%2Fcloudstack%2Fdaily-repo-status%22&type=issues) > <details> <summary>Add this agentic workflows to your repo</summary> To install this agentic workflow, run ``` gh aw add githubnext/agentics/workflows/repo-status.md@main ``` </details> <!-- gh-aw-agentic-workflow: Repo Status, engine: copilot, version: 1.0.52, model: claude-sonnet-4.6, id: 26910618425, workflow_id: daily-repo-status, run: https://github.com/apache/cloudstack/actions/runs/26910618425 --> <!-- gh-aw-workflow-id: daily-repo-status --> <!-- gh-aw-workflow-call-id: apache/cloudstack/daily-repo-status --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
