github-actions[bot] opened a new issue, #13360: URL: https://github.com/apache/cloudstack/issues/13360
## ☁️ Apache CloudStack — Daily Status Report *Generated: June 5, 2026* --- ## 🚀 Latest Release **[Apache CloudStack 4.22.1.0 (LTS)](https://github.com/apache/cloudstack/releases/tag/4.22.1.0)** — released May 26, 2026 🎉 The latest 4.22 LTS maintenance release is live, building on the security hardening from 4.22.0.1. Users still on 4.22.0.x are encouraged to upgrade! --- ## 🔀 Recently Merged (May 21 – June 4) A healthy flow of improvements landed on `main`: | PR | Description | Author | |----|-------------|--------| | [`#13028`](https://github.com/apache/cloudstack/pull/13028) | Indirect agent connection improvements | `@sureshanaparti` | | [`#13320`](https://github.com/apache/cloudstack/pull/13320) | Fix role auto-change during account creation | `@gp-santos` | | [`#13247`](https://github.com/apache/cloudstack/pull/13247) | Show network rate for compute/system/network offerings | `@sudo87` | | [`#12053`](https://github.com/apache/cloudstack/pull/12053) | WebSocket server framework + logs web session | `@shwstppr` | | [`#11814`](https://github.com/apache/cloudstack/pull/11814) | Extensions: sync & download functionalities | `@shwstppr` | | [`#13210`](https://github.com/apache/cloudstack/pull/13210) | Convert snapshot command timeouts | `@erikbocks` | | [`#13050`](https://github.com/apache/cloudstack/pull/13050) | FlashArray: fall back to array capacity when pod has no quota | `@genegr` | | [`#13078`](https://github.com/apache/cloudstack/pull/13078) | fix(linstor): surface ambiguous template fallbacks & legacy orphan cleanup | `@jmsperu` | | [`#13021`](https://github.com/apache/cloudstack/pull/13021) | Fix CPVM state validation in multiple zones | `@Tonitzpp` | | [`#12961`](https://github.com/apache/cloudstack/pull/12961) | Refactor Quota balance | `@winterhazel` | | [`#12975`](https://github.com/apache/cloudstack/pull/12975) | Live scaling for VMs with fixed service offerings on KVM | `@bernardodemarco` | | [`#12911`](https://github.com/apache/cloudstack/pull/12911) | Add ROOT CAs to trust store; force-provision certs on hosts & systemVMs | `@vishesh92` | | [`#13238`](https://github.com/apache/cloudstack/pull/13238) | docs: note MariaDB support in README | `@robertsilen` | --- ## 🔍 Open PRs Needing Attention ### Ready for Review / Testing | PR | Description | Labels | |----|-------------|--------| | [`#13359`](https://github.com/apache/cloudstack/pull/13359) | UI: Fix VNF NIC mapping network select always disabled | `component:UI` | | [`#13356`](https://github.com/apache/cloudstack/pull/13356) | Fix public IP ranges form for public traffic type | `component:UI` | | [`#13330`](https://github.com/apache/cloudstack/pull/13330) | Fix VM migration with attached ISO | `needs-testing`, `needs-review` | | [`#13287`](https://github.com/apache/cloudstack/pull/13287) | Remove externalId param when creating networks | `needs-testing`, `needs-review` | | [`#13023`](https://github.com/apache/cloudstack/pull/13023) | Prevent template downloads to read-only secondary storage | `needs-testing` | | [`#13236`](https://github.com/apache/cloudstack/pull/13236) | Introduce Quota resource statement API | `component:api`, `component:quota` | | [`#13033`](https://github.com/apache/cloudstack/pull/13033) | Add Keycloak OAuth provider | `needs-testing` | ### Major In-Progress Features (Draft) | PR | Feature | |----|---------| | [`#12991`](https://github.com/apache/cloudstack/pull/12991) | 🆕 Veeam KVM backup integration | | [`#12711`](https://github.com/apache/cloudstack/pull/12711) | 🔑 Key Management Service (KMS) | | [`#12617`](https://github.com/apache/cloudstack/pull/12617) | 💾 CLVM enhancements and fixes | | [`#13032`](https://github.com/apache/cloudstack/pull/13032) | 🌐 Network Extension: orchestrate external network devices | | [`#12737`](https://github.com/apache/cloudstack/pull/12737) | 🔡 CloudStack DNS framework (PowerDNS integration) | | [`#13354`](https://github.com/apache/cloudstack/pull/13354) / [`#13353`](https://github.com/apache/cloudstack/pull/13353) | ⚡ N+1 query eliminations (networking & storage) | --- ## 🔒 Security Findings — Action Needed A batch of **13 security-related issues** was filed on June 1 covering **plaintext credential exposure in logs and exception messages** across multiple components: - `SSHCmdHelper`, `OvmDiscoverer`, `KVM Host`, `ApiServlet`, `Script.java`, `Baremetal PING PXE`, `CIFS storage`, `IPMI`, `AsyncJob` logging > ⚠️ **Maintainers**: These issues involve sensitive credential and password leakage in log output. Please review, prioritize, and assign accordingly. See issues [`#13296`](https://github.com/apache/cloudstack/issues/13296)–[`#13311`](https://github.com/apache/cloudstack/issues/13311). --- ## 🐛 New Bug Reports | Issue | Title | Status | |-------|-------|--------| | [`#13358`](https://github.com/apache/cloudstack/issues/13358) | VNF NIC Mapping — network select always disabled | ✅ PR#13359 ready | | [`#13357`](https://github.com/apache/cloudstack/issues/13357) | Reverting snapshot of ROOT encrypted volume → non-bootable VM | 🔍 Needs triage | | [`#13355`](https://github.com/apache/cloudstack/issues/13355) | `network_rate` DB column too small (SMALLINT overflow) | 🔍 Needs triage | --- ## 🌟 Highlights & Project Momentum - 👋 **New contributors**: `@jmsperu` and `@GaOrtiga` added to the collaborators list! - 📦 **Release cadence** is healthy: 4.22.1.0 shipped just 18 days after the 4.22.0.1 security release - 🔐 **Security posture**: The community is actively filing issues for log credential leakage — great proactive hygiene! - ⚡ **Performance work**: Draft PRs tackling N+1 query patterns in networking and storage layers - 🔌 **Ecosystem expansion**: WebSocket framework, Veeam backup, Keycloak OAuth, PowerDNS, and KMS all actively progressing --- ## ✅ Recommended Next Steps for Maintainers 1. **Review & triage** the 13 credential-exposure security issues ([`#13296`](https://github.com/apache/cloudstack/issues/13296)–[`#13311`](https://github.com/apache/cloudstack/issues/13311)) — assign owners and target milestones 2. **Merge PR [`#13359`](https://github.com/apache/cloudstack/pull/13359)** — the VNF NIC fix is straightforward with a ready PR 3. **Test PR [`#13330`](https://github.com/apache/cloudstack/pull/13330)** — VM migration with ISO attached 4. **Review PR [`#13033`](https://github.com/apache/cloudstack/pull/13033)** — Keycloak OAuth needs testing attention 5. **Triage** [`#13357`](https://github.com/apache/cloudstack/issues/13357) (encrypted volume snapshot) and [`#13355`](https://github.com/apache/cloudstack/issues/13355) (network_rate type) for target release 6. **Check stale drafts** — some PRs carry `no-pr-activity` or `status:has-conflicts` labels and could use a nudge --- *🤖 Auto-generated by GitHub Copilot | Apache CloudStack repo* > Generated by [Repo Status](https://github.com/apache/cloudstack/actions/runs/27036677657) · sonnet46 1.3M · [◷](https://github.com/search?q=repo%3Aapache%2Fcloudstack+is%3Aissue+%22gh-aw-workflow-call-id%3A+apache%2Fcloudstack%2Fdaily-repo-status%22&type=issues) > <details> <summary>Add this agentic workflows to your repo</summary> To install this agentic workflow, run ``` gh aw add githubnext/agentics/workflows/repo-status.md@main ``` </details> <!-- gh-aw-agentic-workflow: Repo Status, engine: copilot, version: 1.0.52, model: claude-sonnet-4.6, id: 27036677657, workflow_id: daily-repo-status, run: https://github.com/apache/cloudstack/actions/runs/27036677657 --> <!-- gh-aw-workflow-id: daily-repo-status --> <!-- gh-aw-workflow-call-id: apache/cloudstack/daily-repo-status --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
