github-actions[bot] opened a new issue, #13364: URL: https://github.com/apache/cloudstack/issues/13364
## ๐ Apache CloudStack โ Daily Status Report **Date:** June 6, 2026 --- ## ๐ Recent Releases | Release | Type | Date | |---------|------|------| | [4.22.1.0 (LTS)](https://github.com/apache/cloudstack/releases/tag/4.22.1.0) | Maintenance | May 26, 2026 | | [4.22.0.1 (LTS Security)](https://github.com/apache/cloudstack/releases/tag/4.22.0.1) | Security (7 CVEs fixed) | May 8, 2026 | | [4.20.3.0 (LTS)](https://github.com/apache/cloudstack/releases/tag/4.20.3.0) | Maintenance | Apr 17, 2026 | The security release fixed critical CVEs including unauthenticated command injection in direct download templates and unauthorized cross-tenant access in the Proxmox extension. Great job, security team! ๐ --- ## ๐ฌ Active Pull Requests ### ๐ฅ Hot PRs (updated today) | # | Title | Author | Status | |---|-------|--------|--------| | [`#13363`](https://github.com/apache/cloudstack/pull/13363) | Drain per-host reservation when VM starts on different host | `@Kukunin` | needs review | | [`#13361`](https://github.com/apache/cloudstack/pull/13361) | KVM: apply rbd_default_data_pool for volumes from templates | `@bhouse-nexthop` | needs review | | [`#13022`](https://github.com/apache/cloudstack/pull/13022) | NPE fix in `listProjectRoles` for removed project | `@Tonitzpp` | needs review | | [`#12991`](https://github.com/apache/cloudstack/pull/12991) | Backup: Veeam KVM integration | `@shwstppr` | in testing | | [`#12617`](https://github.com/apache/cloudstack/pull/12617) | CLVM enhancements and fixes | `@Pearl1594` | in testing | ### ๐ฑ Major Features in Progress | # | Feature | Author | |---|---------|--------| | [`#12711`](https://github.com/apache/cloudstack/pull/12711) | ๐ Key Management Service (KMS) | `@vishesh92` | | [`#13032`](https://github.com/apache/cloudstack/pull/13032) | ๐ Network Extension: Orchestrate external network devices | `@weizhouapache` | | [`#13033`](https://github.com/apache/cloudstack/pull/13033) | ๐ Add Keycloak OAuth provider | `@tazouxme` | | [`#13236`](https://github.com/apache/cloudstack/pull/13236) | ๐ Quota resource statement API | `@winterhazel` | | [`#12874`](https://github.com/apache/cloudstack/pull/12874) | Cross-zone template registration for Edge Zones | `@vishesh92` | ### โ Recently Merged - **`#13320`** โ Stop role from auto-changing on manual account creation (June 3) - **`#13210`** โ Convert snapshot command timeouts (June 1) - **`#12053`** โ WebSocket server framework + logs web session (June 2) - **`#11814`** โ Extensions: sync & download functionalities (June 2) --- ## ๐ Issues Spotlight ### ๐ Security Reports (needs triage) A batch of **9 security issues** was filed by `@YLChen-007` on June 5 flagging potential **credential/password exposure in logs and exception traces** across several components (KVM, OVM3, Baremetal, CIFS, SSH). These deserve prompt attention! - [`#13311`](https://github.com/apache/cloudstack/issues/13311) โ ApiServlet logs duplicate sensitive query params - [`#13308`](https://github.com/apache/cloudstack/issues/13308) โ Plaintext password exposure in OVM3 logs - [`#13309`](https://github.com/apache/cloudstack/issues/13309) โ Script.java command sanitization leak - [`#13297`](https://github.com/apache/cloudstack/issues/13297)โ[`#13306`](https://github.com/apache/cloudstack/issues/13306) โ Multiple credential exposure issues ### ๐ Other Recent Issues - [`#13358`](https://github.com/apache/cloudstack/issues/13358) โ UI: VNF NIC mapping network dropdown always disabled (PR fix ready: `#13359`) - [`#13357`](https://github.com/apache/cloudstack/issues/13357) โ Snapshot revert of ROOT encrypted volume makes VM non-bootable - [`#13355`](https://github.com/apache/cloudstack/issues/13355) โ `network_rate` column type too small (needs DB migration) - [`#13313`](https://github.com/apache/cloudstack/issues/13313) โ Show VM name in backup events --- ## ๐ Project Health Snapshot | Area | Activity | |------|----------| | ๐ฅ๏ธ KVM | Active: CLVM, RBD, Veeam backup, VM migration fixes | | ๐ Networking | Network Extension framework, Keycloak OAuth, VNF UI fixes | | ๐พ Storage | KMS feature, read-only storage guard, physical size fix | | ๐งฐ CI/CD | Pre-commit workflow improvements by `@jbampton` | | ๐ฆ Quota | Quota balance refactor merged; resource statement API incoming | | ๐ Security | Credential leak issues need triage โ 9 open reports | --- ## ๐ฏ Recommended Next Steps for Maintainers 1. **๐จ Triage the credential exposure issues** from `@YLChen-007` โ assign severity and owners 2. **๐ Review** [`#13363`](https://github.com/apache/cloudstack/pull/13363) (host reservation drain) and [`#13361`](https://github.com/apache/cloudstack/pull/13361) (RBD pool) โ both look well-scoped and ready 3. **๐งช Help test** [`#12617`](https://github.com/apache/cloudstack/pull/12617) (CLVM) and [`#12991`](https://github.com/apache/cloudstack/pull/12991) (Veeam backup) which are awaiting validation 4. **๐ Advance** [`#12711`](https://github.com/apache/cloudstack/pull/12711) (KMS) โ a high-impact feature that would benefit from more review bandwidth 5. **๐๏ธ Check** [`#13355`](https://github.com/apache/cloudstack/issues/13355) โ the `network_rate` type change needs a DB migration and careful planning --- > ๐ช The community is buzzing with activity! A huge shoutout to everyone contributing features, fixes, and reviews. Every PR merged and issue triaged makes CloudStack better for everyone! _Generated automatically on 2026-06-06_ > Generated by [Repo Status](https://github.com/apache/cloudstack/actions/runs/27072073803) ยท sonnet46 689.8K ยท [โท](https://github.com/search?q=repo%3Aapache%2Fcloudstack+is%3Aissue+%22gh-aw-workflow-call-id%3A+apache%2Fcloudstack%2Fdaily-repo-status%22&type=issues) > <details> <summary>Add this agentic workflows to your repo</summary> To install this agentic workflow, run ``` gh aw add githubnext/agentics/workflows/repo-status.md@main ``` </details> <!-- gh-aw-agentic-workflow: Repo Status, engine: copilot, version: 1.0.52, model: claude-sonnet-4.6, id: 27072073803, workflow_id: daily-repo-status, run: https://github.com/apache/cloudstack/actions/runs/27072073803 --> <!-- gh-aw-workflow-id: daily-repo-status --> <!-- gh-aw-workflow-call-id: apache/cloudstack/daily-repo-status --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
