🌟 Apache CloudStack — Daily Status Report
Date: June 6, 2026
🚀 Recent Releases
The security release fixed critical CVEs including unauthenticated command injection in direct download templates and unauthorized cross-tenant access in the Proxmox extension. Great job, security team! 🔐
📬 Active Pull Requests
🔥 Hot PRs (updated today)
| # |
Title |
Author |
Status |
#13363 |
Drain per-host reservation when VM starts on different host |
@Kukunin |
needs review |
#13361 |
KVM: apply rbd_default_data_pool for volumes from templates |
@bhouse-nexthop |
needs review |
#13022 |
NPE fix in listProjectRoles for removed project |
@Tonitzpp |
needs review |
#12991 |
Backup: Veeam KVM integration |
@shwstppr |
in testing |
#12617 |
CLVM enhancements and fixes |
@Pearl1594 |
in testing |
🌱 Major Features in Progress
| # |
Feature |
Author |
#12711 |
🔑 Key Management Service (KMS) |
@vishesh92 |
#13032 |
🌐 Network Extension: Orchestrate external network devices |
@weizhouapache |
#13033 |
🔐 Add Keycloak OAuth provider |
@tazouxme |
#13236 |
📊 Quota resource statement API |
@winterhazel |
#12874 |
Cross-zone template registration for Edge Zones |
@vishesh92 |
✅ Recently Merged
#13320 — Stop role from auto-changing on manual account creation (June 3)#13210 — Convert snapshot command timeouts (June 1)#12053 — WebSocket server framework + logs web session (June 2)#11814 — Extensions: sync & download functionalities (June 2)
🐛 Issues Spotlight
🔒 Security Reports (needs triage)
A batch of 9 security issues was filed by @YLChen-007 on June 5 flagging potential credential/password exposure in logs and exception traces across several components (KVM, OVM3, Baremetal, CIFS, SSH). These deserve prompt attention!
#13311 — ApiServlet logs duplicate sensitive query params#13308 — Plaintext password exposure in OVM3 logs#13309 — Script.java command sanitization leak#13297–#13306 — Multiple credential exposure issues
🐞 Other Recent Issues
#13358 — UI: VNF NIC mapping network dropdown always disabled (PR fix ready: #13359)#13357 — Snapshot revert of ROOT encrypted volume makes VM non-bootable#13355 — network_rate column type too small (needs DB migration)#13313 — Show VM name in backup events
📊 Project Health Snapshot
| Area |
Activity |
| 🖥️ KVM |
Active: CLVM, RBD, Veeam backup, VM migration fixes |
| 🌐 Networking |
Network Extension framework, Keycloak OAuth, VNF UI fixes |
| 💾 Storage |
KMS feature, read-only storage guard, physical size fix |
| 🧰 CI/CD |
Pre-commit workflow improvements by @jbampton |
| 📦 Quota |
Quota balance refactor merged; resource statement API incoming |
| 🔐 Security |
Credential leak issues need triage — 9 open reports |
🎯 Recommended Next Steps for Maintainers
- 🚨 Triage the credential exposure issues from
@YLChen-007 — assign severity and owners
- 👀 Review
#13363 (host reservation drain) and #13361 (RBD pool) — both look well-scoped and ready
- 🧪 Help test
#12617 (CLVM) and #12991 (Veeam backup) which are awaiting validation
- 🔑 Advance
#12711 (KMS) — a high-impact feature that would benefit from more review bandwidth
- 🗂️ Check
#13355 — the network_rate type change needs a DB migration and careful planning
💪 The community is buzzing with activity! A huge shoutout to everyone contributing features, fixes, and reviews. Every PR merged and issue triaged makes CloudStack better for everyone!
Generated automatically on 2026-06-06
Generated by Repo Status · sonnet46 689.8K · ◷
Add this agentic workflows to your repo
To install this agentic workflow, run
gh aw add githubnext/agentics/workflows/repo-status.md@main
🌟 Apache CloudStack — Daily Status Report
Date: June 6, 2026
🚀 Recent Releases
The security release fixed critical CVEs including unauthenticated command injection in direct download templates and unauthorized cross-tenant access in the Proxmox extension. Great job, security team! 🔐
📬 Active Pull Requests
🔥 Hot PRs (updated today)
#13363@Kukunin#13361@bhouse-nexthop#13022listProjectRolesfor removed project@Tonitzpp#12991@shwstppr#12617@Pearl1594🌱 Major Features in Progress
#12711@vishesh92#13032@weizhouapache#13033@tazouxme#13236@winterhazel#12874@vishesh92✅ Recently Merged
#13320— Stop role from auto-changing on manual account creation (June 3)#13210— Convert snapshot command timeouts (June 1)#12053— WebSocket server framework + logs web session (June 2)#11814— Extensions: sync & download functionalities (June 2)🐛 Issues Spotlight
🔒 Security Reports (needs triage)
A batch of 9 security issues was filed by
@YLChen-007on June 5 flagging potential credential/password exposure in logs and exception traces across several components (KVM, OVM3, Baremetal, CIFS, SSH). These deserve prompt attention!#13311— ApiServlet logs duplicate sensitive query params#13308— Plaintext password exposure in OVM3 logs#13309— Script.java command sanitization leak#13297–#13306— Multiple credential exposure issues🐞 Other Recent Issues
#13358— UI: VNF NIC mapping network dropdown always disabled (PR fix ready:#13359)#13357— Snapshot revert of ROOT encrypted volume makes VM non-bootable#13355—network_ratecolumn type too small (needs DB migration)#13313— Show VM name in backup events📊 Project Health Snapshot
@jbampton🎯 Recommended Next Steps for Maintainers
@YLChen-007— assign severity and owners#13363(host reservation drain) and#13361(RBD pool) — both look well-scoped and ready#12617(CLVM) and#12991(Veeam backup) which are awaiting validation#12711(KMS) — a high-impact feature that would benefit from more review bandwidth#13355— thenetwork_ratetype change needs a DB migration and careful planningGenerated automatically on 2026-06-06
Add this agentic workflows to your repo
To install this agentic workflow, run