Apache CloudStack 4.20 maintenance release
Release notes: https://docs.cloudstack.apache.org/en/4.20.1.0/releasenotes
Installation docs: https://docs.cloudstack.apache.org/en/4.20.1.0/installguide
Upgrade docs: https://docs.cloudstack.apache.org/en/4.20.1.0/upgrading
Admin docs: https://docs.cloudstack.apache.org/en/4.20.1.0/adminguide
API docs: https://cloudstack.apache.org/api/apidocs-4.20
This LTS release includes fixes for the following security issues:
- CVE-2025-26521: CKS cluster in project exposes user API keys
- CVE-2025-30675: Unauthorised template/ISO list access to the domain/resource admins
- CVE-2025-47713: Domain Admin can reset Admin password in Root Domain
- CVE-2025-47849: Insecure access of user's API/Secret Keys in the same domain
- CVE-2025-22829: Unauthorised access to dedicated resources in Quota plugin
Advisory: https://cloudstack.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0