cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rohit Yadav <>
Subject [ANNOUNCE][SECURITY] CloudStack Robot TLS attack
Date Tue, 03 Apr 2018 16:46:57 GMT

On private@ and security@, we discussed and worked on a fix for robot TLS
[1] attack and released CloudStack The issue does not affect the
latest version and does not require any upgrades/fixes/changes in
that regard.

The issue primarily affects installations that are using an older version
of bouncycastle, the only change we did against the release was to
upgrade the bouncycastle dependency version [2] 1.59. Post upgrade to from, users will be required to destroy old CPVMs and SSVMs
(new ones will be patched by a newer systemvm.iso that will have the v1.59
bc dependency jar), and upgrade and restart KVM agent(s) and management

Download page:

Release notes for


Rohit Yadav

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message