Folks - in the last week or three we’ve had 2 Jira issues created for security-related issues. In both cases, they seem to be false-positives, luckily.
If you think you have found a security issue in ACS, please email secur...@cloudstack.apache.org. This gives us a chance to investigate and create patches, and give the community the best shot of minimizing malicious groups leveraging vulnerabilities. More info about reporting security issues and our response process can be found at [1] John 1: https://cloudstack.apache.org/security.html
