🌟 Apache CloudStack Daily Status — June 1, 2026
🚀 Recent Release
Apache CloudStack 4.22.1.0 (LTS) was released on May 26, 2026! 🎉 This is the latest maintenance release for the 4.22 LTS line. Users on 4.22.0.1 (the security release from May 8) are encouraged to upgrade.
✅ Merged PRs This Week (May 25 – June 1)
| # |
Title |
Author |
#13278 |
Update GitHub AW actions |
vishesh92 |
#13246 |
Add GaOrtiga to collaborators 👋 |
GaOrtiga |
#13238 |
docs: Note MariaDB support in README |
robertsilen |
#13215 |
Bump github-actions-dependencies (dependabot) |
dependabot |
#13210 |
Convert command timeout for snapshot commands |
erikbocks |
#13204 |
Fix local upload from browser (SSVM cert not trusted) |
abh1sar |
#13180 |
Fix Instance Backup related events |
abh1sar |
#13078 |
fix(linstor): surface ambiguous template fallbacks & legacy orphan cleanup |
jmsperu |
#13050 |
flasharray: fall back to array capacity when pod has no quota |
genegr |
#13021 |
Fix validation of CPVM states in multiple zones |
Tonitzpp |
#12961 |
Refactor Quota balance |
winterhazel |
#12774 |
Refactor GitHub actions |
vishesh92 |
Great velocity this week — 12 PRs merged covering bug fixes, storage plugins, CI improvements, and docs! 💪
🔥 Hot Issues Today (June 1)
Several security-related issues were filed today by @YLChen-007, covering potential log/credential exposure areas:
#13311 – ApiServlet logs duplicate sensitive query parameters#13309 – Script.java command sanitization#13308 – Plaintext password in OVM3 hypervisor config#13307 – VM user-data/SSH key log exposure (Baremetal KVM)#13306 – Keystore credentials in SSHCmdHelper logs#13305 – SSL private key plaintext exposure#13304 – Sensitive auth credentials in system logs#13303 – Credential exposure via parameter map serialization#13302 – VM snapshot VNC password loss leading to unauthenticated console#13301 – Password leak in async job status update logging#13300 – Plaintext CIFS storage credential leakage in logs
⚠️ Maintainers: These security issues deserve prompt triage. Please follow [Apache Security Policy]((www.apache.org/redacted) for handling, and consider whether any should be reported privately.
Other new issues:
#13265 – distutils warnings when upgrading to 4.22.1.0#13314 – CEPH/Backup mount error: no MDS up#13313 – Show VM name in backup events
📋 Notable Open PRs Needing Review
#12403 – Fix host metrics on overprovisioning change (vishesh92)#12330 – Constrained offerings should not have CPU speed of 0 (DaanHoogland)#12606 – Fix duplicate RUNNING_VM helper record on repeated VM.START events#12425 – Add errorprone 2.24.1 static analysis + GitHub Action (Pearl1594)#11800 – Use ip structured data for default route detection
🎯 Recommendations for Maintainers
- 🔐 Triage the security issues filed today — assess severity and handle via proper disclosure channels if confirmed.
- 📦 Help upgrade-path users — the 4.22.1.0 upgrade from 4.22.0.1 has a reported
distutils warning; worth a quick fix.
- 🔍 Review queued PRs — several solid bug-fix PRs have been waiting for a second review.
- 🛡️ Consider a CI security scan — the volume of potential log-exposure issues suggests a systematic log-scrubbing pass could be valuable.
Generated automatically on 2026-06-01. Data reflects GitHub activity as of report time.
Generated by Repo Status · sonnet46 693.2K · ◷
Add this agentic workflows to your repo
To install this agentic workflow, run
gh aw add githubnext/agentics/workflows/repo-status.md@main
🌟 Apache CloudStack Daily Status — June 1, 2026
🚀 Recent Release
Apache CloudStack 4.22.1.0 (LTS) was released on May 26, 2026! 🎉 This is the latest maintenance release for the 4.22 LTS line. Users on 4.22.0.1 (the security release from May 8) are encouraged to upgrade.
✅ Merged PRs This Week (May 25 – June 1)
#13278#13246#13238#13215#13210#13204#13180#13078#13050#13021#12961#12774Great velocity this week — 12 PRs merged covering bug fixes, storage plugins, CI improvements, and docs! 💪
🔥 Hot Issues Today (June 1)
Several security-related issues were filed today by
@YLChen-007, covering potential log/credential exposure areas:#13311–ApiServletlogs duplicate sensitive query parameters#13309–Script.javacommand sanitization#13308– Plaintext password in OVM3 hypervisor config#13307– VM user-data/SSH key log exposure (Baremetal KVM)#13306– Keystore credentials in SSHCmdHelper logs#13305– SSL private key plaintext exposure#13304– Sensitive auth credentials in system logs#13303– Credential exposure via parameter map serialization#13302– VM snapshot VNC password loss leading to unauthenticated console#13301– Password leak in async job status update logging#13300– Plaintext CIFS storage credential leakage in logsOther new issues:
#13265–distutilswarnings when upgrading to 4.22.1.0#13314– CEPH/Backup mount error: no MDS up#13313– Show VM name in backup events📋 Notable Open PRs Needing Review
#12403– Fix host metrics on overprovisioning change (vishesh92)#12330– Constrained offerings should not have CPU speed of 0 (DaanHoogland)#12606– Fix duplicate RUNNING_VM helper record on repeated VM.START events#12425– Add errorprone 2.24.1 static analysis + GitHub Action (Pearl1594)#11800– Useipstructured data for default route detection🎯 Recommendations for Maintainers
distutilswarning; worth a quick fix.Generated automatically on 2026-06-01. Data reflects GitHub activity as of report time.
Add this agentic workflows to your repo
To install this agentic workflow, run