github-actions[bot] opened a new issue, #13350: URL: https://github.com/apache/cloudstack/issues/13350
## ☁️ Apache CloudStack – Daily Status Report **Date:** June 4, 2026 --- ## 🚀 Latest Release **[Apache CloudStack 4.22.1.0 (LTS)](https://github.com/apache/cloudstack/releases/tag/4.22.1.0)** — released May 26, 2026 🎉 Maintenance update with full release notes, install and upgrade guides available at [docs.cloudstack.apache.org]((docs.cloudstack.apache.org/redacted) --- ## 🔀 Recently Merged PRs | PR | Title | Author | |----|-------|--------| | [`#13320`](https://github.com/apache/cloudstack/pull/13320) | Stop role from auto-changing when user manually selects a role during account creation | `@gp-santos` | | [`#13210`](https://github.com/apache/cloudstack/pull/13210) | Fix snapshot command timeout unit conversion (seconds→ms for qemu-img) | `@erikbocks` | | [`#13050`](https://github.com/apache/cloudstack/pull/13050) | FlashArray: fall back to array capacity when pod has no quota | `@genegr` | | [`#13238`](https://github.com/apache/cloudstack/pull/13238) | Docs: note MariaDB support in README | `@robertsilen` | | [`#13078`](https://github.com/apache/cloudstack/pull/13078) | fix(linstor): surface ambiguous template fallbacks and legacy orphan cleanup | `@jmsperu` | | [`#13021`](https://github.com/apache/cloudstack/pull/13021) | Fix validation of CPVM states in multiple zones | `@Tonitzpp` | | [`#12961`](https://github.com/apache/cloudstack/pull/12961) | Refactor Quota balance | `@winterhazel` | --- ## 🔥 Active PRs to Watch (updated today) | PR | Title | Author | |----|-------|--------| | [`#13349`](https://github.com/apache/cloudstack/pull/13349) | Optimize DB updates: bulk UPDATE instead of row-level locks | `@sureshanaparti` | | [`#13345`](https://github.com/apache/cloudstack/pull/13345) | Indirect agent connection improvements | `@sureshanaparti` | | [`#13346`](https://github.com/apache/cloudstack/pull/13346) | systemvm: fix VPC VPN issue when network ID > 1000 on Netris | `@weizhouapache` | | [`#13330`](https://github.com/apache/cloudstack/pull/13330) | Fix VM migration with attached ISO | `@hsato03` | | [`#13032`](https://github.com/apache/cloudstack/pull/13032) | Network Extension: Orchestrate external network devices | `@weizhouapache` | | [`#13074`](https://github.com/apache/cloudstack/pull/13074) | feat(backup): incremental NAS backup support for KVM | `@jmsperu` | | [`#12711`](https://github.com/apache/cloudstack/pull/12711) | Feature: Key Management Service (KMS) | `@vishesh92` | | [`#12124`](https://github.com/apache/cloudstack/pull/12124) | New Dell EMC ECS Object Storage Plugin | `@mhkadhum` | | [`#13293`](https://github.com/apache/cloudstack/pull/13293) | Add draft project security threat-model document | `@potiuk` | | [`#12321`](https://github.com/apache/cloudstack/pull/12321) | Deal with Storage Manager tech debt | `@DaanHoogland` | --- ## 🐛 New Issues This Week (June 1–4) A very active week for issue reporting! Highlights: ### 🔒 Security Hardening Series Contributor **`@davift`** filed a detailed batch of hardening requests: - [`#13343`](https://github.com/apache/cloudstack/issues/13343) – Block abusers by IP (rate limiting/IP banning) - [`#13342`](https://github.com/apache/cloudstack/issues/13342) – Request limits and throttling defaults - [`#13341`](https://github.com/apache/cloudstack/issues/13341) – Weak default passwords & DB encryption key - [`#13340`](https://github.com/apache/cloudstack/issues/13340) – Per-account/user source CIDR allowlist - [`#13339`](https://github.com/apache/cloudstack/issues/13339) – 2FA required before destructive operations - [`#13338`](https://github.com/apache/cloudstack/issues/13338) – Email alerts for security-relevant events - [`#13335`](https://github.com/apache/cloudstack/issues/13335)–[`#13337`](https://github.com/apache/cloudstack/issues/13337) – 2FA configuration improvements Contributor **`@YLChen-007`** filed several sensitive log exposure vulnerability reports: - [`#13311`](https://github.com/apache/cloudstack/issues/13311) – ApiServlet logs duplicate sensitive query params - [`#13309`](https://github.com/apache/cloudstack/issues/13309) – Script.java command sanitization vulnerability - [`#13308`](https://github.com/apache/cloudstack/issues/13308) – Plaintext passwords in OVM3 config - [`#13307`](https://github.com/apache/cloudstack/issues/13307) – Plaintext VM user-data & SSH keys in logs - [`#13306`](https://github.com/apache/cloudstack/issues/13306) – Keystore credentials exposed in logs - [`#13305`](https://github.com/apache/cloudstack/issues/13305) – SSL private key exposure - [`#13304`](https://github.com/apache/cloudstack/issues/13304) – Auth credentials exposed in system logs - [`#13303`](https://github.com/apache/cloudstack/issues/13303) – Credential exposure via param serialization ### 📋 Other Notable Issues - [`#13347`](https://github.com/apache/cloudstack/issues/13347) – Persistent routes on Virtual Router lost after reboot - [`#13331`](https://github.com/apache/cloudstack/issues/13331) – Blank volume snapshots list (bug) - [`#13329`](https://github.com/apache/cloudstack/issues/13329) – Zone wizard: can't re-add host if initial add fails - [`#13328`](https://github.com/apache/cloudstack/issues/13328) – No option to delete the SystemVM template - [`#13326`](https://github.com/apache/cloudstack/issues/13326) – No option to update the Bucket region - [`#13324`](https://github.com/apache/cloudstack/issues/13324) – Missing `ErrorinPrepareForMaintenance` event - [`#13313`](https://github.com/apache/cloudstack/issues/13313) – Show VM name in backup events --- ## 📊 Milestone Progress ### 4.23.0 (Next Major Release) - ✅ Closed: **136** issues/PRs - 🔧 Open: **186** issues/PRs - Keep up the momentum — the pipeline is flowing well! 💪 --- ## ✅ Actionable Next Steps for Maintainers 1. **🔒 Security review needed**: The large batch of security hardening issues (`#13303`–`#13343`) requires triage — many touch sensitive defaults and log exposure. Consider assigning dedicated security-focused reviewers. 2. **👀 Review ready PRs**: [`#13349`](https://github.com/apache/cloudstack/pull/13349) (bulk DB UPDATE optimization), [`#13345`](https://github.com/apache/cloudstack/pull/13345) (agent connection improvements), and [`#13346`](https://github.com/apache/cloudstack/pull/13346) (VPN fix) all need attention. 3. **🗺️ Big features in flight**: KMS (`#12711`), incremental NAS backup (`#13074`), Network Extension (`#13032`), and Dell EMC ECS plugin (`#12124`) are all actively updated — these deserve review bandwidth. 4. **🧹 Tech debt**: PR [`#12321`](https://github.com/apache/cloudstack/pull/12321) (Storage Manager cleanup) has been open a while — worth prioritizing to reduce long-term maintenance cost. 5. **📝 Threat model**: [`#13293`](https://github.com/apache/cloudstack/pull/13293) (draft security threat model) is a great initiative — community input and review is encouraged! --- *Generated automatically on June 4, 2026. Keep building amazing cloud infrastructure! ☁️⚡* > Generated by [Repo Status](https://github.com/apache/cloudstack/actions/runs/26975777189) · sonnet46 833.2K · [◷](https://github.com/search?q=repo%3Aapache%2Fcloudstack+is%3Aissue+%22gh-aw-workflow-call-id%3A+apache%2Fcloudstack%2Fdaily-repo-status%22&type=issues) > <details> <summary>Add this agentic workflows to your repo</summary> To install this agentic workflow, run ``` gh aw add githubnext/agentics/workflows/repo-status.md@main ``` </details> <!-- gh-aw-agentic-workflow: Repo Status, engine: copilot, version: 1.0.52, model: claude-sonnet-4.6, id: 26975777189, workflow_id: daily-repo-status, run: https://github.com/apache/cloudstack/actions/runs/26975777189 --> <!-- gh-aw-workflow-id: daily-repo-status --> <!-- gh-aw-workflow-call-id: apache/cloudstack/daily-repo-status --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
