[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ANNOUNCE][SECURITY] CloudStack Robot TLS attack


On private@ and security@, we discussed and worked on a fix for robot TLS
[1] attack and released CloudStack The issue does not affect the
latest version and does not require any upgrades/fixes/changes in
that regard.

The issue primarily affects installations that are using an older version
of bouncycastle, the only change we did against the release was to
upgrade the bouncycastle dependency version [2] 1.59. Post upgrade to from, users will be required to destroy old CPVMs and SSVMs
(new ones will be patched by a newer systemvm.iso that will have the v1.59
bc dependency jar), and upgrade and restart KVM agent(s) and management

Download page:

Release notes for


Rohit Yadav