* XenServer 8.4/XCP-ng 8.3: Support vTPM
* fix issue
* add log for windows 11 or other such guests OSs that require vtpm
* remove secure bootmode requirement
* Fix uefi setting on host for xenserver 8.4
The secondary storage selectors allow operators to specify, for instance, that volumes should go to a specific secondary storage A. Thus, when uploading a volume, it will always be downloaded to secondary storage A.
The cold volume migration moves volumes to a secondary storage before moving them to the destination primary storage. This process does not consider the secondary storage selectors. However, some companies want to dedicate specific secondary storages for cold migration.
To address this, this PR makes the cold volume migration process consider the secondary storage selectors.
* Implement SSVM storage network IP to API response and GUI details tab
* remove network mention from attribute name
* remove network from serialized name
* fix parameter name in the UI
* Initialize template status='Processing'
* remove else block and fix the error string
* restructure if-else
* standardize register ISO response
* use enum instead of string
* fix smoke test failures
* Add Download Complete status for template
* 4.22:
fix install path for systemvm templates when introducing new sec storage (#11605)
fix Sensitive Data Exposure Through Exception Logging in OVM Hypervis… (#12032)
Fix snapshot physical size after migration (#12166)
ConfigDrive: use file absolute path instead of canonical path to create ISO (#11623)
Add log for null templateVO (#12406)
snapshot: fix listSnapshots for volume which got delete and whose storage pool got deleted (#12433)
Notify user if template upgrade is not required (#12483)
Fix: proper permissions for systemvm template registrations on hardened systems (#12098)
Allow modification of user vm details if user.vm.readonly.details is empty (#10456)
NPE fix while deleting storage pool when pool has detached volumes (#12451)
* NPE fix while deleting storage pool when pool has detached volumes
* review
* unit tests
* Added log for volumes not attached to any VMs
* update filter, log and test
* updated volume dao method names returning non destroyed volumes
* build fix
---------
Co-authored-by: dahn <daan@onecht.net>
* Add support for dedicating backup offerings to domains
* Add tests and UI support and update response params
* add license header
* exclude backupofferingdetailsvo from sonar
* fix pre-commit checks - missing / extra EOF line
* add test
* EOF
* filter backup offerings by domain id
* add unit tests
* add more unit tests and remove response file from code coverage check
* update checks
* address review comments: extract common code, fix tests
* added bean definition
* address comments
* add unit tests to increase coverage
* pre-commit check failure fix
* address merge issue
* allow updating backup offering when only domain id is modified
This PR introduces several configuration settings using which an operator can mark certain cryptographic algorithms and parameters as excluded or obsolete for VPN Customer Gateway creation for Site-to-Site VPN.
Cloud providers following modern security frameworks (e.g., ISO 27001/27017) are required to enforce and communicate approved cryptographic standards. CloudStack currently accepts several weak or deprecated algorithms without guidance to users. This PR closes that gap by giving operators explicit control over what is disallowed vs discouraged, improving security posture without breaking existing deployments.
These settings are:
1. vpn.customer.gateway.excluded.encryption.algorithms
2. vpn.customer.gateway.excluded.hashing.algorithms
3. vpn.customer.gateway.excluded.ike.versions
4. vpn.customer.gateway.excluded.dh.group
5. vpn.customer.gateway.obsolete.encryption.algorithms
6. vpn.customer.gateway.obsolete.hashing.algorithms
7. vpn.customer.gateway.obsolete.ike.versions
8. vpn.customer.gateway.obsolete.dh.group
dahn
Pearl Dsilva
Abhishek Kumar
Wei Zhou
Fabricio Duarte
Manoj Kumar
Tonitzpp
Daan Hoogland
Lorenzo Tanganelli
Abhisar Sinha
Erik Böck
Nicolas Vazquez
GaOrtiga
Suresh Kumar Anaparti
Vishesh
Henrique Sato