Promotes six §14 questions from proposed to maintainer-confirmed per
vishesh92's inline answers (apache/cloudstack#13293):
- Q8 root admin: confirmed trusted operator (direct access anyway) ->
OUT-OF-MODEL: equivalent-harm (§3 item 4, §7).
- Q9 guest/hypervisor: side channels + in-allocation exhaustion out of
scope; one in-model case is CloudStack applying wrong/insecure
hypervisor settings (Daan to confirm boundary).
- Q10 userdata: end-user guest-OS customization, tenant-controlled data
in their own boundary, not a CloudStack injection surface.
- Q17 proxy headers: proxy.header.verify default false; proxy.header.names
read only when Remote_Addr in proxy.cidr.
- Q18 2FA: corrected the stale setting names to the real ones -
enable.user.2fa + mandate.user.2fa (both default false, domain-
configurable); 2FA-off is a deployment choice, not a §10 violation.
- Q19 password encoders: greenfield md5/plaintext hashing is
OUT-OF-MODEL: non-default-build; effective set PBKDF2,SHA256SALT,SAML2.
Clears the pending-Q18/Q19 notes in §10/§11 and updates the tally.
L976 (simulator/tools-appliance scope) and L1007 stay open on Daan.
Generated-by: Claude Opus 4.8 (1M context)
Adds a draft project-level security threat-model document
(draft-THREAT-MODEL.md) at repo root, improving discoverability
for automated security scanners running against this repository.
The file follows the rubric format used by several other ASF
projects piloting security-model discoverability.
The "draft-" prefix signals this is a proposal for the PMC to
review, correct, or reject — not a finalised maintainer-blessed
model. Every claim carries a provenance tag (documented /
inferred / maintainer) so reviewers can see where each claim
originates; §14 collects open questions for the maintainers.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
After disabling 2FA via setupUserTwoFactorAuthentication, the API may
return is2faenabled as null or undefined rather than boolean false.
The strict equality check (=== false) prevented the "Setup 2FA" button
from appearing in those cases, making it impossible to re-enable 2FA.
Change the check to a falsy check (!record.is2faenabled) so the button
is shown whenever 2FA is not enabled, regardless of whether the value
is false, null, or undefined.
Fixes: https://github.com/apache/cloudstack/issues/13233
* 4.22:
VM Deployment using snapshot in new zone (#13178)
Change exception treatment on incremental snapshot wait (#12665)
Move checkRoleEscalation outside DB transaction in createAccount (#13044)
Fix/flasharray delete rename destroy patch conflict (#13049)
Fix VPC network offerings listing in isolated network creation form (#12645)
systemvm: accept ipv6 established/related return traffic (#13173)
update debian change log
Updating pom.xml version numbers for release 4.22.2.0-SNAPSHOT
Updating pom.xml version numbers for release 4.22.1.0
Update suse15 packaging spec, use qemu-ovmf-x86_64 package instead of edk2-ovmf for agent (#13133)
Change disk-only VM snapshot removal message (#11182)
Update mysql java connector version to 8.4.0 (matching version for MySQL 8.4) (#12640)
adaptive: honor user-provided capacityBytes when provider stats are unavailable (#13059)
Flexibilize public IP selection (#11076)
* 4.20:
Fix/flasharray delete rename destroy patch conflict (#13049)
Fix VPC network offerings listing in isolated network creation form (#12645)
Update mysql java connector version to 8.4.0 (matching version for MySQL 8.4) (#12640)
adaptive: honor user-provided capacityBytes when provider stats are unavailable (#13059)
Flexibilize public IP selection (#11076)
* Update qemu-ovmf-x86_64 package in agent for suse instead of edk2-ovmf for agent
* Maintain separate properties file for suse15 (UEFI properties are different for suse15)
* Maintain separate packaging spec for suse15
* Host HA code improvements
* Fix to not cancel VM HA items when Host HA is enabled & inspection in progress, and some code improvements
- When Host HA inspection in progress, the investigor returns the Host Status as Up which cancels the VM HA items
- Don't cancel the VM HA items, instead reschedule them to try again later
* Changes to consider Recovered/Available Host HA state along with the agent connection status to determine the Host HA inspection in progress or not, and some code improvements
* MySQL 8.4 support / update mysql java connector version to 8.4.0
* Remove separate connector version
* Update cloud spec
* Update authentication plugin to caching_sha2_password (mysql_native_password is deprecated)