The Apache CloudStack project announces security releases 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124 that fixes the bug causing vulnerability over previously released minor versions 4.5.2, 4.6.2, 4.7.1 and 4.8.0 respectively. As a security release, no new features are included but only includes: (a) the fix for CVE-2016-3085, and (b) a minor security fix related to listTemplates API that exposes list of templates to domain admins.
Apache CloudStack is an integrated Infrastructure-as-a-Service (IaaS) software platform that allows users to build feature-rich public and private cloud environments. CloudStack includes an intuitive user interface and rich API for managing the compute, networking, software, and storage resources. The project became an Apache top level project in March 2013.
More information about Apache CloudStack can be found at:http://cloudstack.apache.org/
## Upgrade Notes
Affected users are only required to upgrade their management server(s) to suitable security release version. The upgrade does not require any database or systemvm-template related change.
The official source code release can be downloaded from:http://cloudstack.apache.org/downloads.html
In addition to the official source code release, individual contributors have also made convenience binaries available on the Apache CloudStack download page, and as follows: