☁️ Apache CloudStack — Daily Status Report
Generated: June 5, 2026
🚀 Latest Release
Apache CloudStack 4.22.1.0 (LTS) — released May 26, 2026 🎉
The latest 4.22 LTS maintenance release is live, building on the security hardening from 4.22.0.1. Users still on 4.22.0.x are encouraged to upgrade!
🔀 Recently Merged (May 21 – June 4)
A healthy flow of improvements landed on main:
| PR |
Description |
Author |
#13028 |
Indirect agent connection improvements |
@sureshanaparti |
#13320 |
Fix role auto-change during account creation |
@gp-santos |
#13247 |
Show network rate for compute/system/network offerings |
@sudo87 |
#12053 |
WebSocket server framework + logs web session |
@shwstppr |
#11814 |
Extensions: sync & download functionalities |
@shwstppr |
#13210 |
Convert snapshot command timeouts |
@erikbocks |
#13050 |
FlashArray: fall back to array capacity when pod has no quota |
@genegr |
#13078 |
fix(linstor): surface ambiguous template fallbacks & legacy orphan cleanup |
@jmsperu |
#13021 |
Fix CPVM state validation in multiple zones |
@Tonitzpp |
#12961 |
Refactor Quota balance |
@winterhazel |
#12975 |
Live scaling for VMs with fixed service offerings on KVM |
@bernardodemarco |
#12911 |
Add ROOT CAs to trust store; force-provision certs on hosts & systemVMs |
@vishesh92 |
#13238 |
docs: note MariaDB support in README |
@robertsilen |
🔍 Open PRs Needing Attention
Ready for Review / Testing
| PR |
Description |
Labels |
#13359 |
UI: Fix VNF NIC mapping network select always disabled |
component:UI |
#13356 |
Fix public IP ranges form for public traffic type |
component:UI |
#13330 |
Fix VM migration with attached ISO |
needs-testing, needs-review |
#13287 |
Remove externalId param when creating networks |
needs-testing, needs-review |
#13023 |
Prevent template downloads to read-only secondary storage |
needs-testing |
#13236 |
Introduce Quota resource statement API |
component:api, component:quota |
#13033 |
Add Keycloak OAuth provider |
needs-testing |
Major In-Progress Features (Draft)
| PR |
Feature |
#12991 |
🆕 Veeam KVM backup integration |
#12711 |
🔑 Key Management Service (KMS) |
#12617 |
💾 CLVM enhancements and fixes |
#13032 |
🌐 Network Extension: orchestrate external network devices |
#12737 |
🔡 CloudStack DNS framework (PowerDNS integration) |
#13354 / #13353 |
⚡ N+1 query eliminations (networking & storage) |
🔒 Security Findings — Action Needed
A batch of 13 security-related issues was filed on June 1 covering plaintext credential exposure in logs and exception messages across multiple components:
SSHCmdHelper, OvmDiscoverer, KVM Host, ApiServlet, Script.java, Baremetal PING PXE, CIFS storage, IPMI, AsyncJob logging
⚠️ Maintainers: These issues involve sensitive credential and password leakage in log output. Please review, prioritize, and assign accordingly. See issues #13296–#13311.
🐛 New Bug Reports
| Issue |
Title |
Status |
#13358 |
VNF NIC Mapping — network select always disabled |
✅ PR#13359 ready |
#13357 |
Reverting snapshot of ROOT encrypted volume → non-bootable VM |
🔍 Needs triage |
#13355 |
network_rate DB column too small (SMALLINT overflow) |
🔍 Needs triage |
🌟 Highlights & Project Momentum
- 👋 New contributors:
@jmsperu and @GaOrtiga added to the collaborators list!
- 📦 Release cadence is healthy: 4.22.1.0 shipped just 18 days after the 4.22.0.1 security release
- 🔐 Security posture: The community is actively filing issues for log credential leakage — great proactive hygiene!
- ⚡ Performance work: Draft PRs tackling N+1 query patterns in networking and storage layers
- 🔌 Ecosystem expansion: WebSocket framework, Veeam backup, Keycloak OAuth, PowerDNS, and KMS all actively progressing
✅ Recommended Next Steps for Maintainers
- Review & triage the 13 credential-exposure security issues (
#13296–#13311) — assign owners and target milestones
- Merge PR
#13359 — the VNF NIC fix is straightforward with a ready PR
- Test PR
#13330 — VM migration with ISO attached
- Review PR
#13033 — Keycloak OAuth needs testing attention
- Triage
#13357 (encrypted volume snapshot) and #13355 (network_rate type) for target release
- Check stale drafts — some PRs carry
no-pr-activity or status:has-conflicts labels and could use a nudge
🤖 Auto-generated by GitHub Copilot | Apache CloudStack repo
Generated by Repo Status · sonnet46 1.3M · ◷
Add this agentic workflows to your repo
To install this agentic workflow, run
gh aw add githubnext/agentics/workflows/repo-status.md@main
☁️ Apache CloudStack — Daily Status Report
Generated: June 5, 2026
🚀 Latest Release
Apache CloudStack 4.22.1.0 (LTS) — released May 26, 2026 🎉
The latest 4.22 LTS maintenance release is live, building on the security hardening from 4.22.0.1. Users still on 4.22.0.x are encouraged to upgrade!
🔀 Recently Merged (May 21 – June 4)
A healthy flow of improvements landed on
main:#13028@sureshanaparti#13320@gp-santos#13247@sudo87#12053@shwstppr#11814@shwstppr#13210@erikbocks#13050@genegr#13078@jmsperu#13021@Tonitzpp#12961@winterhazel#12975@bernardodemarco#12911@vishesh92#13238@robertsilen🔍 Open PRs Needing Attention
Ready for Review / Testing
#13359component:UI#13356component:UI#13330needs-testing,needs-review#13287needs-testing,needs-review#13023needs-testing#13236component:api,component:quota#13033needs-testingMajor In-Progress Features (Draft)
#12991#12711#12617#13032#12737#13354/#13353🔒 Security Findings — Action Needed
A batch of 13 security-related issues was filed on June 1 covering plaintext credential exposure in logs and exception messages across multiple components:
SSHCmdHelper,OvmDiscoverer,KVM Host,ApiServlet,Script.java,Baremetal PING PXE,CIFS storage,IPMI,AsyncJoblogging🐛 New Bug Reports
#13358#13357#13355network_rateDB column too small (SMALLINT overflow)🌟 Highlights & Project Momentum
@jmsperuand@GaOrtigaadded to the collaborators list!✅ Recommended Next Steps for Maintainers
#13296–#13311) — assign owners and target milestones#13359— the VNF NIC fix is straightforward with a ready PR#13330— VM migration with ISO attached#13033— Keycloak OAuth needs testing attention#13357(encrypted volume snapshot) and#13355(network_rate type) for target releaseno-pr-activityorstatus:has-conflictslabels and could use a nudge🤖 Auto-generated by GitHub Copilot | Apache CloudStack repo
Add this agentic workflows to your repo
To install this agentic workflow, run